diff --git a/.style.yapf b/.style.yapf
deleted file mode 100644
index 53ffd067e..000000000
--- a/.style.yapf
+++ /dev/null
@@ -1,10 +0,0 @@
-[style]
-based_on_style = pep8
-spaces_before_comment = 2
-column_limit = 79
-blank_line_before_nested_class_or_def = false
-blank_line_before_module_docstring = true
-split_before_logical_operator = true
-split_before_first_argument = true
-allow_split_before_dict_value = false
-split_before_arithmetic_operator = true
diff --git a/.zuul.yaml b/.zuul.yaml
index 53d8d7bb0..2435e8299 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -11,29 +11,12 @@
 # limitations under the License.
 
 - project:
-    templates:
-      - docs-on-readthedocs
-    vars:
-      rtd_webhook_id: '47687'
-      rtd_project_name: 'airship-treasuremap'
     check:
       jobs:
-        - treasuremap-seaworthy-site-lint
-        - treasuremap-seaworthy-virt-site-lint
-        - treasuremap-airskiff-ubuntu-site-lint
-        - treasuremap-airskiff-suse-site-lint
-        - treasuremap-airsloop-site-lint
-        - treasuremap-aiab-site-lint
-        - treasuremap-airskiff-deployment-ubuntu
-        - treasuremap-airskiff-deployment-suse
+        - noop
     gate:
       jobs:
-        - treasuremap-seaworthy-site-lint
-        - treasuremap-seaworthy-virt-site-lint
-        - treasuremap-airskiff-ubuntu-site-lint
-        - treasuremap-airskiff-suse-site-lint
-        - treasuremap-airsloop-site-lint
-        - treasuremap-aiab-site-lint
+        - noop
     post:
       jobs:
         - treasuremap-upload-git-mirror
@@ -45,156 +28,6 @@
       - name: ubuntu-bionic
         label: ubuntu-bionic
 
-- job:
-    name: treasuremap-site-lint
-    description:
-      Lint a site using Pegleg. Default site is seaworthy.
-    nodeset: treasuremap-single-node
-    timeout: 900
-    pre-run:
-      - tools/gate/playbooks/install-docker.yaml
-      - tools/gate/playbooks/git-config.yaml
-    run: tools/gate/playbooks/site-lint.yaml
-    vars:
-      site: seaworthy
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-
-- job:
-    name: treasuremap-seaworthy-site-lint
-    description: |
-      Lint the seaworthy site using Pegleg.
-    parent: treasuremap-site-lint
-    vars:
-      site: seaworthy
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy-virt/.*$
-      - ^site/airskiff/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-seaworthy-virt-site-lint
-    description: |
-      Lint the seaworthy site using Pegleg.
-    parent: treasuremap-site-lint
-    vars:
-      site: seaworthy-virt
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/airskiff/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-airskiff-ubuntu-site-lint
-    description: |
-      Lint the airskiff site using Pegleg.
-    parent: treasuremap-site-lint
-    vars:
-      site: airskiff
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/seaworthy-virt/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-airskiff-suse-site-lint
-    description: |
-      Lint the airskiff-suse site using Pegleg.
-    parent: treasuremap-site-lint
-    vars:
-      site: airskiff-suse
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/seaworthy-virt/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-airsloop-site-lint
-    description: |
-      Lint the airsloop site using Pegleg.
-    parent: treasuremap-site-lint
-    vars:
-      site: airsloop
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/seaworthy-virt/.*$
-      - ^site/airskiff/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-aiab-site-lint
-    description: |
-      Lint the aiab site using Pegleg.
-    parent: treasuremap-site-lint
-    pre-run:
-      - tools/gate/playbooks/generate-certs.yaml
-    vars:
-      site: aiab
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/seaworthy-virt/.*$
-      - ^site/airskiff/.*$
-      - ^site/airsloop/.*$
-
-- job:
-    name: treasuremap-airskiff-deployment-ubuntu
-    nodeset: treasuremap-single-node
-    description: |
-      Deploy Memcached using Airskiff and latest Treasuremap changes.
-    voting: false
-    timeout: 9600
-    pre-run:
-      - tools/gate/playbooks/git-config.yaml
-      - tools/gate/playbooks/airskiff-reduce-site.yaml
-    run: tools/gate/playbooks/airskiff-deploy-gate.yaml
-    post-run: tools/gate/playbooks/debug-report.yaml
-    vars:
-       site: airskiff
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
-- job:
-    name: treasuremap-airskiff-deployment-suse
-    nodeset: treasuremap-single-node
-    description: |
-      Deploy Memcached using Airskiff-suse and latest Treasuremap changes.
-    voting: false
-    timeout: 9600
-    pre-run:
-      - tools/gate/playbooks/git-config.yaml
-      - tools/gate/playbooks/airskiff-reduce-site.yaml
-    run: tools/gate/playbooks/airskiff-deploy-gate.yaml
-    vars:
-      site: airskiff-suse
-    post-run: tools/gate/playbooks/debug-report.yaml
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^site/seaworthy/.*$
-      - ^site/airsloop/.*$
-      - ^site/aiab/.*$
-
 - secret:
     name: airshipit-github-secret
     data:
diff --git a/doc/requirements.txt b/doc/requirements.txt
deleted file mode 100644
index ce8e6b307..000000000
--- a/doc/requirements.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-sphinx>=1.6.2
-sphinx_rtd_theme>=0.4.3
diff --git a/doc/source/airskiff.rst b/doc/source/airskiff.rst
deleted file mode 100644
index ac767f104..000000000
--- a/doc/source/airskiff.rst
+++ /dev/null
@@ -1,293 +0,0 @@
-Airskiff: Lightweight Airship for Dev
-=====================================
-
-* Skiff (n): a shallow, flat-bottomed, open boat
-* Airskiff (n): a learning development, and gating environment for Airship
-
-What is Airskiff
-----------------
-
-Airskiff is an easy way to get started with the software delivery components
-of Airship:
-
-* `Armada`_
-* `Deckhand`_
-* `Pegleg`_
-* `Shipyard`_
-
-Airskiff is packaged with a set of deployment scripts modeled after the
-`OpenStack-Helm project`_ for seamless developer setup.
-
-These scripts:
-
-* Download, build, and containerize the Airship components above from source.
-* Deploy a Kubernetes cluster using Minikube.
-* Deploy Armada, Deckhand, and Shipyard using the latest `Armada image`_.
-* Deploy OpenStack using the Airskiff site and charts from the
-  `OpenStack-Helm project`_.
-
-.. warning:: Airskiff is not safe for production use. These scripts are
-  only intended to deploy a minimal development environment.
-
-Common Deployment Requirements
-------------------------------
-
-This section covers actions that may be required for some deployment scenarios.
-
-Passwordless sudo
-~~~~~~~~~~~~~~~~~
-Airskiff relies on scripts that utilize the ``sudo`` command. Throughout this
-guide the assumption is that the user is: ``ubuntu``. It is advised to add the
-following lines to ``/etc/sudoers``:
-
-.. code-block:: bash
-
-    root    ALL=(ALL) NOPASSWD: ALL
-    ubuntu  ALL=(ALL) NOPASSWD: ALL
-
-Proxy Configuration
-~~~~~~~~~~~~~~~~~~~
-
-.. note:: This section assumes you have properly defined the standard
-  ``http_proxy``, ``https_proxy``, and ``no_proxy`` environment variables and
-  have followed the `Docker proxy guide`_ to create a systemd drop-in unit.
-
-In order to deploy Airskiff behind proxy servers, define the following
-environment variables:
-
-.. code-block:: shell
-
-  export USE_PROXY=true
-  export PROXY=${http_proxy}
-  export no_proxy=${no_proxy},10.0.2.15,.svc.cluster.local
-  export NO_PROXY=${NO_PROXY},10.0.2.15,.svc.cluster.local
-
-.. note:: The ``.svc.cluster.local`` address is required to allow the OpenStack
-  client to communicate without being routed through proxy servers. The IP
-  address ``10.0.2.15`` is the advertised IP address of the minikube Kubernetes
-  cluster. Replace the addresses if your configuration does not match the one
-  defined above.
-
-Deploy Airskiff
----------------
-
-Deploy Airskiff using the deployment scripts contained in the
-``tools/deployment/airskiff`` directory of the `airship-treasuremap`_
-repository.
-
-.. note:: Scripts should be run from the root of ``treasuremap`` repository.
-
-Clone Dependencies
-~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: ../../tools/deployment/airskiff/developer/000-clone-dependencies.sh
-    :language: shell
-    :lines: 1,18-
-
-Alternatively, this step can be performed by running the script directly:
-
-.. code-block:: shell
-
-  ./tools/deployment/airskiff/developer/000-clone-dependencies.sh
-
-Deploy Kubernetes with Minikube
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: ../../tools/deployment/airskiff/developer/010-deploy-k8s.sh
-    :language: shell
-    :lines: 1,18-
-
-Alternatively, this step can be performed by running the script directly:
-
-.. code-block:: shell
-
-  ./tools/deployment/airskiff/developer/010-deploy-k8s.sh
-
-Restart your shell session
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-At this point, restart your shell session to complete adding ``$USER`` to the
-``docker`` group.
-
-Setup OpenStack Client
-~~~~~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: ../../tools/deployment/airskiff/developer/020-setup-client.sh
-    :language: shell
-    :lines: 1,18-
-
-Alternatively, this step can be performed by running the script directly:
-
-.. code-block:: shell
-
-  ./tools/deployment/airskiff/developer/020-setup-client.sh
-
-Deploy Airship components using Armada
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: ../../tools/deployment/airskiff/developer/030-armada-bootstrap.sh
-    :language: shell
-    :lines: 1,18-
-
-Alternatively, this step can be performed by running the script directly:
-
-.. code-block:: shell
-
-  ./tools/deployment/airskiff/developer/030-armada-bootstrap.sh
-
-Deploy OpenStack using Airship
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: ../../tools/deployment/airskiff/developer/100-deploy-osh.sh
-    :language: shell
-    :lines: 1,18-
-
-Alternatively, this step can be performed by running the script directly:
-
-.. code-block:: shell
-
-  ./tools/deployment/airskiff/developer/100-deploy-osh.sh
-
-Use Airskiff
-------------
-
-The Airskiff deployment scripts install and configure the OpenStack client for
-usage on your host machine.
-
-Airship Examples
-~~~~~~~~~~~~~~~~
-
-To use Airship services, set the ``OS_CLOUD`` environment variable to
-``airship``.
-
-.. code-block:: shell
-
-  export OS_CLOUD=airship
-
-List the Airship service endpoints:
-
-.. code-block:: shell
-
-  openstack endpoint list
-
-.. note:: ``${SHIPYARD}`` is the path to a cloned `Shipyard`_ repository.
-
-Run Helm tests for all deployed releases:
-
-.. code-block:: shell
-
-  ${SHIPYARD}/tools/shipyard.sh create action test_site
-
-List all `Shipyard`_ actions:
-
-.. code-block:: shell
-
-  ${SHIPYARD}/tools/shipyard.sh get actions
-
-For more information about Airship operations, see the
-`Shipyard actions`_ documentation.
-
-OpenStack Examples
-~~~~~~~~~~~~~~~~~~
-
-To use OpenStack services, set the ``OS_CLOUD`` environment variable to
-``openstack``:
-
-.. code-block:: shell
-
-  export OS_CLOUD=openstack
-
-List the OpenStack service endpoints:
-
-.. code-block:: shell
-
-  openstack endpoint list
-
-List ``Glance`` images:
-
-.. code-block:: shell
-
-  openstack image list
-
-Issue a new ``Keystone`` token:
-
-.. code-block:: shell
-
-  openstack token issue
-
-.. note:: Airskiff deploys identity, network, cloudformation, placement,
-  compute, orchestration, and image services. You can deploy more services
-  by adding chart groups to
-  ``site/airskiff/software/manifests/full-site.yaml``. For more information,
-  refer to the `site authoring and deployment guide`_.
-
-Develop with Airskiff
----------------------
-
-Once you have successfully deployed a running cluster, changes to Airship
-and OpenStack components can be deployed using `Shipyard actions`_ or the
-Airskiff deployment scripts.
-
-This example demonstrates deploying `Armada`_ changes using the Airskiff
-deployment scripts.
-
-.. note:: ``${ARMADA}`` is the path to your cloned Armada repository that
-  contains the changes you wish to deploy. ``${TREASUREMAP}`` is the path to
-  your cloned Treasuremap repository.
-
-Build Armada:
-
-.. code-block:: shell
-
-  cd ${ARMADA}
-  make images
-
-Update Airship components:
-
-.. code-block:: shell
-
-  cd ${TREASUREMAP}
-  ./tools/deployment/developer/airskiff/030-armada-bootstrap.sh
-
-Troubleshooting
----------------
-
-This section is intended to help you through the initial troubleshooting
-process. If issues persist after following this guide, please join us on
-`IRC`_: #airshipit (freenode)
-
-``Missing value auth-url required for auth plugin password``
-
-If this error message appears when using the OpenStack client, verify your
-client is configured for authentication:
-
-.. code-block:: shell
-
-  # For Airship services
-  export OS_CLOUD=airship
-
-  # For OpenStack services
-  export OS_CLOUD=openstack
-
-.. _Docker proxy guide: https://docs.docker.com/config/daemon/systemd/
-    #httphttps-proxy
-
-.. _OpenStack-Helm project: https://docs.openstack.org/openstack-helm/latest/
-    install/developer/requirements-and-host-config.html
-
-.. _Armada: https://opendev.org/airship/armada
-.. _Deckhand: https://opendev.org/airship/deckhand
-.. _Pegleg: https://opendev.org/airship/pegleg
-.. _Shipyard: https://opendev.org/airship/shipyard
-
-.. _Armada image: https://quay.io/repository/airshipit/armada?tab=tags
-
-.. _airship-treasuremap: https://opendev.org/airship/treasuremap
-
-.. _Shipyard actions: https://airship-shipyard.readthedocs.io/en/latest/
-    action-commands.html
-
-.. _IRC: irc://chat.freenode.net:6697/airshipit
-
-.. _site authoring and deployment guide: https://
-    airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html
diff --git a/doc/source/airsloop.rst b/doc/source/airsloop.rst
deleted file mode 100644
index f0e027d5a..000000000
--- a/doc/source/airsloop.rst
+++ /dev/null
@@ -1,631 +0,0 @@
-Airsloop: Simple Bare-Metal Airship
-===================================
-
-Airsloop is a two bare-metal server site deployment reference.
-
-The goal of this site is to be used as a reference for simplified Airship
-deployments with one control and one or more compute nodes.
-
-It is recommended to get familiar with the `Site Authoring and Deployment Guide`_
-documentation before deploying Airsloop in the lab. Most steps and concepts
-including setting up the Genesis node are the same.
-
-.. _Site Authoring and Deployment Guide: https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html
-
-
-.. image:: diagrams/airsloop-architecture.png
-
-
-Various resiliency and security features are tuned down via configuration.
-
- * Two bare-metal server setup with 1 control, and 1 compute.
-   Most components are scaled to a single replica and doesn't carry
-   any HA as there is only a single control plane host.
- * No requirements for DNS/certificates.
-   HTTP and internal cluster DNS is used.
- * Ceph set to use the single disk.
-   This generally provides minimalistic no-touch Ceph deployment.
-   No replication of Ceph data (single copy).
- * Simplified networking (no bonding).
-   Two network interfaces are used by default (flat PXE, and DATA network
-   with VLANs for OAM, Calico, Storage, and OpenStack Overlay).
- * Generic hostnames used (airsloop-control-1, airsloop-compute-1) that
-   simplifies generation of k8s certificates.
-
-
-Airsloop site manifests are available at
-`site/airsloop <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop>`__.
-
-
-Hardware
---------
-
-While HW configuration is flexible, Airsloop reference manifests
-reflect a single control and a single compute node. The aim of
-this is to create a minimalistic lab/demo reference environment.
-
-Increasing the number of compute nodes will require site overrides
-to align parts of the system such as Ceph OSDs, etcd, etc.
-
-See host profiles for the servers
-`here <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/profiles/host>`__.
-
-+------------+-------------------------+
-| Node       | Hostnames               |
-+============+=========================+
-| control    | airsloop-control-1      |
-+------------+-------------------------+
-| compute    | airsloop-compute-1      |
-+------------+-------------------------+
-
-
-Network
--------
-
-Physical (underlay) networks are described in Drydock site configuration
-`here <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/networks/physical/networks.yaml>`__.
-
-It defines OOB (iLO/IPMI), untagged PXE, and multiple tagged general use networks.
-Also no bonded interfaces are used in Airsloop deployment.
-
-The networking reference is simplified compared to Airship Seaworthy
-site. There are only two NICs required (excluding oob), one for PXE
-and another one for the rest of the networks separated using VLAN segmentation.
-
-Below is the reference network configuration:
-
-+------------+------------+-----------+---------------+
-| NICs       | VLANs      | Names     |     CIDRs     |
-+============+============+===========+===============+
-| oob        | N/A        | oob       |10.22.104.0/24 |
-+------------+------------+-----------+---------------+
-| pxe        | N/A        | pxe       |10.22.70.0/24  |
-+------------+------------+-----------+---------------+
-|            | 71         | oam       |10.22.71.0/24  |
-|            +------------+-----------+---------------+
-|            | 72         | calico    |10.22.72.0/24  |
-| data       +------------+-----------+---------------+
-|            | 73         | storage   |10.22.73.0/24  |
-|            +------------+-----------+---------------+
-|            | 74         | overlay   |10.22.74.0/24  |
-+------------+------------+-----------+---------------+
-
-Calico overlay for k8s POD networking uses IPIP mesh.
-
-Storage
--------
-
-Because Airsloop is a minimalistic deployment the required number of disks is just
-one per node. That disk is not only used by the OS but also by Ceph Journals and OSDs.
-The way that this is achieved is by using directories and not extra
-disks for Ceph storage. Ceph OSD configuration can be changed in a `Ceph chart override <https://opendev.org/airship/treasuremap/src/branch/master/type/sloop/charts/ucp/ceph/ceph-osd.yaml>`__.
-
-The following Ceph chart configuration is used:
-
-.. code-block:: yaml
-
-    osd:
-      - data:
-          type: directory
-          location: /var/lib/openstack-helm/ceph/osd/osd-one
-        journal:
-          type: directory
-          location: /var/lib/openstack-helm/ceph/osd/journal-one
-
-
-Host Profiles
--------------
-
-Host profiles in Airship are tightly coupled with the hardware profiles.
-That means every disk or interface which is described in host profiles
-should have a corresponding reference to the hardware profile which is
-being used.
-
-Airship always identifies every NIC or disk by its PCI or
-SCSI address and that means that the interfaces and the disks that are
-defined in host and hardware profiles should have the correct PCI and
-SCSI addresses objectively.
-
-Let's give an example by following the host profile of Airsloop site.
-
-In this `Host Profile <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/profiles/host/compute.yaml>`__
-is defined that the slave interface that will be used for the pxe
-boot will be the pxe_nic01. That means a corresponding entry should
-exist in this `Hardware Profile <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/profiles/hardware/dell_r720xd.yaml>`__
-which it does. So when drydock and maas try to deploy the node it will
-identify the interface by the PCI address that is written in the
-Hardware profile.
-
-A simple way to find out which PCI or SCSI address corresponds to which
-NIC or Disk is to use the lshw command. More information about that
-command can be found `Here <https://linux.die.net/man/1/lshw>`__.
-
-Extend Cluster
---------------
-
-This section describes what changes need to be made to the existing
-manifests of Airsloop for the addition of an extra compute node to the
-cluster.
-
-First and foremost the user should go to the `nodes.yaml <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/baremetal/nodes.yaml>`__
-file and add an extra section for the new compute node.
-
-The next step is to add a similar section as the existing
-airsloop-compute-1 section to the `pki-catalog.yaml <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/pki/pki-catalog.yaml>`__.
-This is essential for the correct generation of certificates and the
-correct communication between the nodes in the cluster.
-
-Also every time the user adds an extra compute node to the cluster then the
-number of OSDs that are managed by this manifest `Ceph-client <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/software/charts/osh/ceph/ceph-client.yaml>`__
-should be increased by one.
-
-Last step is to regenerate the certificates which correspond to this
-`certificates.yaml <https://opendev.org/airship/treasuremap/src/branch/master/site/airsloop/secrets/certificates/certificates.yaml>`__
-file so the changes in the pki-catalog.yaml file takes place.
-This can be done through the promenade CLI.
-
-Getting Started
----------------
-
-**Update Site Manifests.**
-
-Carefully review site manifests (site/airsloop) and update the configuration
-to match the hardware, networking setup and other specifics of the lab.
-
-See more details at `Site Authoring and Deployment Guide`_.
-
-.. note:: Many manifest files (YAMLs) contain documentation in comments
-          that instruct what changes are required for specific sections.
-
-1. Build Site Documents
-
-.. code-block:: bash
-
-    tools/airship pegleg site -r /target collect airsloop -s collect
-
-    mkdir certs
-    tools/airship promenade generate-certs -o /target/certs /target/collect/*.yaml
-
-    mkdir bundle
-    tools/airship promenade build-all -o /target/bundle /target/collect/*.yaml /target/certs/*.yaml
-
-See more details at `Building Site documents`_, use site ``airsloop``.
-
-.. _Building Site documents: https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#building-site-documents
-
-
-2. Deploy Genesis
-
-Deploy the Genesis node, see more details at `Genesis node`_.
-
-.. _Genesis node: https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
-
-Genesis is the first node in the cluster and serves as a control node.
-In Airsloop configuration Genesis is the only control node (airsloop-control-1).
-
-Airsloop is using non-bonded network interfaces:
-
-.. code-block:: bash
-
-    auto lo
-    iface lo inet loopback
-
-    auto eno1
-    iface eno1 inet static
-      address 10.22.70.21/24
-
-    auto enp67s0f0
-    iface enp67s0f0 inet manual
-
-    auto enp67s0f0.71
-    iface enp67s0f0.71 inet static
-      address 10.22.71.21/24
-      gateway 10.22.71.1
-      dns-nameservers 8.8.8.8 8.8.4.4
-      vlan-raw-device enp67s0f0
-      vlan_id 71
-
-    auto enp67s0f0.72
-    iface enp67s0f0.72 inet static
-      address 10.22.72.21/24
-      vlan-raw-device enp67s0f0
-      vlan_id 72
-
-    auto enp67s0f0.73
-    iface enp67s0f0.73 inet static
-      address 10.22.73.21/24
-      vlan-raw-device enp67s0f0
-      vlan_id 73
-
-    auto enp67s0f0.74
-    iface enp67s0f0.74 inet static
-      address 10.22.74.21/24
-      vlan-raw-device enp67s0f0
-      vlan_id 74
-
-Execute Genesis bootstrap script on the Genesis server.
-
-.. code-block:: bash
-
-     sudo ./genesis.sh
-
-
-3. Deploy Site
-
-.. code-block:: bash
-
-    tools/airship shipyard create configdocs design --directory=/target/collect
-    tools/airship shipyard commit configdocs
-
-    tools/airship shipyard create action deploy_site
-
-    tools/shipyard get actions
-
-See more details at `Deploy Site with Shipyard`_.
-
-.. _Deploy Site with Shipyard: https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#deploy-site-with-shipyard
-
-
-Deploying Behind a Proxy
-------------------------
-
-The following documents show the main differences you need to make in order to have
-airsloop run behind a proxy.
-
-.. note::
-
-    The "-" sign refers to a line that needs to be omitted (replaced), and the "+" sign refers to a
-    line replacing the omitted line, or simply a line that needs to be added to your yaml.
-
-Under site/airsloop/software/charts/osh/openstack-glance/ create a glance.yaml file as follows:
-
-.. code-block:: yaml
-
-    ---
-    schema: armada/Chart/v1
-    metadata:
-      schema: metadata/Document/v1
-      replacement: true
-      name: glance
-      layeringDefinition:
-        abstract: false
-        layer: site
-        parentSelector:
-          name: glance-type
-        actions:
-          - method: merge
-            path: .
-      storagePolicy: cleartext
-    data:
-      test:
-        enabled: false
-    ...
-
-Under site/airsloop/software/config/ create a versions.yaml file in the following format:
-
-.. code-block:: yaml
-
-    ---
-    data:
-      charts:
-        kubernetes:
-          apiserver:
-            proxy_server: proxy.example.com:8080
-          apiserver-htk:
-            proxy_server: proxy.example.com:8080
-          calico:
-            calico:
-              proxy_server: proxy.example.com:8080
-            calico-htk:
-              proxy_server: proxy.example.com:8080
-            etcd:
-              proxy_server: proxy.example.com:8080
-            etcd-htk:
-              proxy_server: proxy.example.com:8080
-          controller-manager:
-            proxy_server: proxy.example.com:8080
-          controller-manager-htk:
-            proxy_server: proxy.example.com:8080
-          coredns:
-            proxy_server: proxy.example.com:8080
-          coredns-htk:
-            proxy_server: proxy.example.com:8080
-          etcd:
-            proxy_server: proxy.example.com:8080
-          etcd-htk:
-            proxy_server: proxy.example.com:8080
-          haproxy:
-            proxy_server: proxy.example.com:8080
-          haproxy-htk:
-            proxy_server: proxy.example.com:8080
-          ingress:
-            proxy_server: proxy.example.com:8080
-          ingress-htk:
-            proxy_server: proxy.example.com:8080
-          proxy:
-            proxy_server: proxy.example.com:8080
-          proxy-htk:
-            proxy_server: proxy.example.com:8080
-          scheduler:
-            proxy_server: proxy.example.com:8080
-          scheduler-htk:
-            proxy_server: proxy.example.com:8080
-        osh:
-          barbican:
-            proxy_server: proxy.example.com:8080
-          cinder:
-            proxy_server: proxy.example.com:8080
-          cinder-htk:
-            proxy_server: proxy.example.com:8080
-          glance:
-            proxy_server: proxy.example.com:8080
-          glance-htk:
-            proxy_server: proxy.example.com:8080
-          heat:
-            proxy_server: proxy.example.com:8080
-          heat-htk:
-            proxy_server: proxy.example.com:8080
-          helm_toolkit:
-            proxy_server: proxy.example.com:8080
-          horizon:
-            proxy_server: proxy.example.com:8080
-          horizon-htk:
-            proxy_server: proxy.example.com:8080
-          ingress:
-            proxy_server: proxy.example.com:8080
-          ingress-htk:
-            proxy_server: proxy.example.com:8080
-          keystone:
-            proxy_server: proxy.example.com:8080
-          keystone-htk:
-            proxy_server: proxy.example.com:8080
-          libvirt:
-            proxy_server: proxy.example.com:8080
-          libvirt-htk:
-            proxy_server: proxy.example.com:8080
-          mariadb:
-            proxy_server: proxy.example.com:8080
-          mariadb-htk:
-            proxy_server: proxy.example.com:8080
-          memcached:
-            proxy_server: proxy.example.com:8080
-          memcached-htk:
-            proxy_server: proxy.example.com:8080
-          neutron:
-            proxy_server: proxy.example.com:8080
-          neutron-htk:
-            proxy_server: proxy.example.com:8080
-          nova:
-            proxy_server: proxy.example.com:8080
-          nova-htk:
-            proxy_server: proxy.example.com:8080
-          openvswitch:
-            proxy_server: proxy.example.com:8080
-          openvswitch-htk:
-            proxy_server: proxy.example.com:8080
-          rabbitmq:
-            proxy_server: proxy.example.com:8080
-          rabbitmq-htk:
-            proxy_server: proxy.example.com:8080
-          tempest:
-            proxy_server: proxy.example.com:8080
-          tempest-htk:
-            proxy_server: proxy.example.com:8080
-        osh_infra:
-          elasticsearch:
-            proxy_server: proxy.example.com:8080
-          fluentbit:
-            proxy_server: proxy.example.com:8080
-          fluentd:
-            proxy_server: proxy.example.com:8080
-          grafana:
-            proxy_server: proxy.example.com:8080
-          helm_toolkit:
-            proxy_server: proxy.example.com:8080
-          kibana:
-            proxy_server: proxy.example.com:8080
-          nagios:
-            proxy_server: proxy.example.com:8080
-          nfs_provisioner:
-            proxy_server: proxy.example.com:8080
-          podsecuritypolicy:
-            proxy_server: proxy.example.com:8080
-          prometheus:
-            proxy_server: proxy.example.com:8080
-          prometheus_alertmanager:
-            proxy_server: proxy.example.com:8080
-          prometheus_kube_state_metrics:
-            proxy_server: proxy.example.com:8080
-          prometheus_node_exporter:
-            proxy_server: proxy.example.com:8080
-          prometheus_openstack_exporter:
-            proxy_server: proxy.example.com:8080
-          prometheus_process_exporter:
-            proxy_server: proxy.example.com:8080
-        ucp:
-          armada:
-            proxy_server: proxy.example.com:8080
-          armada-htk:
-            proxy_server: proxy.example.com:8080
-          barbican:
-            proxy_server: proxy.example.com:8080
-          barbican-htk:
-            proxy_server: proxy.example.com:8080
-          ceph-client:
-            proxy_server: proxy.example.com:8080
-          ceph-htk:
-            proxy_server: proxy.example.com:8080
-          ceph-mon:
-            proxy_server: proxy.example.com:8080
-          ceph-osd:
-            proxy_server: proxy.example.com:8080
-          ceph-provisioners:
-            proxy_server: proxy.example.com:8080
-          ceph-rgw:
-            proxy_server: proxy.example.com:8080
-          deckhand:
-            proxy_server: proxy.example.com:8080
-          deckhand-htk:
-            proxy_server: proxy.example.com:8080
-          divingbell:
-            proxy_server: proxy.example.com:8080
-          divingbell-htk:
-            proxy_server: proxy.example.com:8080
-          drydock:
-            proxy_server: proxy.example.com:8080
-          drydock-htk:
-            proxy_server: proxy.example.com:8080
-          ingress:
-            proxy_server: proxy.example.com:8080
-          ingress-htk:
-            proxy_server: proxy.example.com:8080
-          keystone:
-            proxy_server: proxy.example.com:8080
-          keystone-htk:
-            proxy_server: proxy.example.com:8080
-          maas:
-            proxy_server: proxy.example.com:8080
-          maas-htk:
-            proxy_server: proxy.example.com:8080
-          mariadb:
-            proxy_server: proxy.example.com:8080
-          mariadb-htk:
-            proxy_server: proxy.example.com:8080
-          memcached:
-            proxy_server: proxy.example.com:8080
-          memcached-htk:
-            proxy_server: proxy.example.com:8080
-          postgresql:
-            proxy_server: proxy.example.com:8080
-          postgresql-htk:
-            proxy_server: proxy.example.com:8080
-          promenade:
-            proxy_server: proxy.example.com:8080
-          promenade-htk:
-            proxy_server: proxy.example.com:8080
-          rabbitmq:
-            proxy_server: proxy.example.com:8080
-          rabbitmq-htk:
-            proxy_server: proxy.example.com:8080
-          shipyard:
-            proxy_server: proxy.example.com:8080
-          shipyard-htk:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-client:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-htk:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-mon:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-osd:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-provisioners:
-            proxy_server: proxy.example.com:8080
-          tenant-ceph-rgw:
-            proxy_server: proxy.example.com:8080
-          tiller:
-            proxy_server: proxy.example.com:8080
-          tiller-htk:
-            proxy_server: proxy.example.com:8080
-    metadata:
-      name: software-versions
-      replacement: true
-      layeringDefinition:
-        abstract: false
-        layer: site
-        parentSelector:
-          name: software-versions-global
-        actions:
-          - method: merge
-            path: .
-      storagePolicy: cleartext
-      schema: metadata/Document/v1
-    schema: pegleg/SoftwareVersions/v1
-    ...
-
-Update site/airsloop/networks/common-addresses.yaml to add the proxy information as follows:
-
-.. code-block:: diff
-
-       # settings are correct and reachable in your environment; otherwise update
-       # them with the correct values for your environment.
-       proxy:
-    -    http: ""
-    -    https: ""
-    -    no_proxy: []
-    +    http: "proxy.example.com:8080"
-    +    https: "proxy.example.com:8080"
-    +    no_proxy:
-    +      - 127.0.0.1
-
-Under site/airsloop/software/charts/ucp/ create the file maas.yaml with the following format:
-
-.. code-block:: yaml
-
-    ---
-    # This file defines site-specific deviations for MaaS.
-    schema: armada/Chart/v1
-    metadata:
-      schema: metadata/Document/v1
-      replacement: true
-      name: ucp-maas
-      layeringDefinition:
-        abstract: false
-        layer: site
-        parentSelector:
-          name: ucp-maas-type
-        actions:
-          - method: merge
-            path: .
-      storagePolicy: cleartext
-    data:
-        values:
-          conf:
-            maas:
-              proxy:
-                proxy_enabled: true
-                peer_proxy_enabled: true
-                proxy_server: 'http://proxy.example.com:8080'
-    ...
-
-Under site/airsloop/software/charts/ucp/ create a promenade.yaml file in the following format:
-
-.. code-block:: yaml
-
-    ---
-    # This file defines site-specific deviations for Promenade.
-    schema: armada/Chart/v1
-    metadata:
-      schema: metadata/Document/v1
-      replacement: true
-      name: ucp-promenade
-      layeringDefinition:
-        abstract: false
-        layer: site
-        parentSelector:
-          name: ucp-promenade-type
-        actions:
-          - method: merge
-            path: .
-      storagePolicy: cleartext
-    data:
-      values:
-        pod:
-          env:
-            promenade_api:
-              - name: http_proxy
-                value: http://proxy.example.com:8080
-              - name: https_proxy
-                value: http://proxy.example.com:8080
-              - name: no_proxy
-                value: "127.0.0.1,localhost,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,.cluster.local"
-              - name: HTTP_PROXY
-                value: http://proxy.example.com:8080
-              - name: HTTP_PROXY
-                value: http://proxy.example.com:8080
-              - name: HTTPS_PROXY
-                value: http://proxy.example.com:8080
-              - name: NO_PROXY
-                value: "127.0.0.1,localhost,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,.cluster.local"
-    ...
-
diff --git a/doc/source/authoring_and_deployment.rst b/doc/source/authoring_and_deployment.rst
deleted file mode 100644
index 34699bf9e..000000000
--- a/doc/source/authoring_and_deployment.rst
+++ /dev/null
@@ -1,770 +0,0 @@
-Site Authoring and Deployment Guide
-===================================
-
-The document contains the instructions for standing up a greenfield
-Airship site. This can be broken down into two high-level pieces:
-
-1. **Site authoring guide(s)**: Describes how to craft site manifests
-   and configs required to perform a deployment. The primary site
-   authoring guide is for deploying Airship sites, where OpenStack
-   is the target platform deployed on top of Airship.
-2. **Deployment guide(s)**: Describes how to apply site manifests for a
-   given site.
-
-This document is an "all in one" site authoring guide + deployment guide
-for a standard Airship deployment. For the most part, the site
-authoring guidance lives within ``seaworthy`` reference site in the
-form of YAML comments.
-
-Support
--------
-
-Bugs may be viewed and reported at the following locations, depending on
-the component:
-
--  OpenStack Helm: `OpenStack Storyboard group
-   <https://storyboard.openstack.org/#!/project_group/64>`__
-
--  Airship: Bugs may be filed using OpenStack Storyboard for specific
-   projects in `Airship
-   group <https://storyboard.openstack.org/#!/project_group/85>`__:
-
-    -  `Airship Armada <https://storyboard.openstack.org/#!/project/1002>`__
-    -  `Airship
-       Deckhand <https://storyboard.openstack.org/#!/project/1004>`__
-    -  `Airship
-       Divingbell <https://storyboard.openstack.org/#!/project/1001>`__
-    -  `Airship
-       Drydock <https://storyboard.openstack.org/#!/project/1005>`__
-    -  `Airship MaaS <https://storyboard.openstack.org/#!/project/1007>`__
-    -  `Airship Pegleg <https://storyboard.openstack.org/#!/project/1008>`__
-    -  `Airship
-       Promenade <https://storyboard.openstack.org/#!/project/1009>`__
-    -  `Airship
-       Shipyard <https://storyboard.openstack.org/#!/project/1010>`__
-    -  `Airship Treasuremap
-       <https://storyboard.openstack.org/#!/project/airship/treasuremap>`__
-
-Terminology
------------
-
-**Cloud**: A platform that provides a standard set of interfaces for
-`IaaS <https://en.wikipedia.org/wiki/Infrastructure_as_a_service>`__
-consumers.
-
-**OSH**: (`OpenStack Helm <https://docs.openstack.org/openstack-helm/latest/>`__) is a
-collection of Helm charts used to deploy OpenStack on Kubernetes.
-
-**Helm**: (`Helm <https://helm.sh/>`__) is a package manager for Kubernetes.
-Helm Charts help you define, install, and upgrade Kubernetes applications.
-
-**Undercloud/Overcloud**: Terms used to distinguish which cloud is
-deployed on top of the other. In Airship sites, OpenStack (overcloud)
-is deployed on top of Kubernetes (undercloud).
-
-**Airship**: A specific implementation of OpenStack Helm charts that deploy
-Kubernetes. This deployment is the primary focus of this document.
-
-**Control Plane**: From the point of view of the cloud service provider,
-the control plane refers to the set of resources (hardware, network,
-storage, etc.) configured to provide cloud services for customers.
-
-**Data Plane**: From the point of view of the cloud service provider,
-the data plane is the set of resources (hardware, network, storage,
-etc.) configured to run consumer workloads. When used in this document,
-"data plane" refers to the data plane of the overcloud (OSH).
-
-**Host Profile**: A host profile is a standard way of configuring a bare
-metal host. It encompasses items such as the number of bonds, bond slaves,
-physical storage mapping and partitioning, and kernel parameters.
-
-Versioning
-----------
-
-Airship reference manifests are delivered monthly as release tags in the
-`Treasuremap <https://github.com/airshipit/treasuremap/releases>`__.
-
-The releases are verified by `Seaworthy
-<https://airship-treasuremap.readthedocs.io/en/latest/seaworthy.html>`__,
-`Airsloop
-<https://airship-treasuremap.readthedocs.io/en/latest/airsloop.html>`__,
-and `Airship-in-a-Bottle
-<https://github.com/airshipit/treasuremap/blob/master/tools/deployment/aiab/README.rst>`__
-pipelines before delivery and are recommended for deployments instead of using
-the master branch directly.
-
-
-Component Overview
-------------------
-
-.. image:: diagrams/component_list.png
-
-
-Node Overview
--------------
-
-This document refers to several types of nodes, which vary in their
-purpose, and to some degree in their orchestration / setup:
-
--  **Build node**: This refers to the environment where configuration
-   documents are built for your environment (e.g., your laptop)
--  **Genesis node**: The "genesis" or "seed node" refers to a node used
-   to get a new deployment off the ground, and is the first node built
-   in a new deployment environment
--  **Control / Master nodes**: The nodes that make up the control
-   plane. (Note that the genesis node will be one of the controller
-   nodes)
--  **Compute / Worker Nodes**: The nodes that make up the data
-   plane
-
-Hardware Preparation
---------------------
-
-The Seaworthy site reference shows a production-worthy deployment that includes
-multiple disks, as well as redundant/bonded network configuration.
-
-Airship hardware requirements are flexible, and the system can be deployed
-with very minimal requirements if needed (e.g., single disk, single network).
-
-For simplified non-bonded, and single disk examples, see
-`Airsloop <https://airship-treasuremap.readthedocs.io/en/latest/airsloop.html>`__.
-
-BIOS and IPMI
-~~~~~~~~~~~~~
-
-1. Virtualization enabled in BIOS
-2. IPMI enabled in server BIOS (e.g., IPMI over LAN option enabled)
-3. IPMI IPs assigned, and routed to the environment you will deploy into
-   Note: Firmware bugs related to IPMI are common. Ensure you are running the
-   latest firmware version for your hardware. Otherwise, it is recommended to
-   perform an iLo/iDrac reset, as IPMI bugs with long-running firmware are not
-   uncommon.
-4. Set PXE as first boot device and ensure the correct NIC is selected for PXE.
-
-Disk
-~~~~
-
-1. For servers that are in the control plane (including genesis):
-
-   - Two-disk RAID-1: Operating System
-   - Two disks JBOD: Ceph Journal/Meta for control plane
-   - Remaining disks JBOD: Ceph OSD for control plane
-
-2. For servers that are in the tenant data plane (compute nodes):
-
-   - Two-disk RAID-1: Operating System
-   - Two disks JBOD: Ceph Journal/Meta for tenant-ceph
-   - Two disks JBOD: Ceph OSD for tenant-ceph
-   - Remaining disks configured according to the host profile target
-     for each given server (e.g., RAID-10 for OpenStack ephemeral).
-
-Network
-~~~~~~~
-
-1. You have a dedicated PXE interface on untagged/native VLAN,
-   1x1G interface (eno1)
-2. You have VLAN segmented networks,
-   2x10G bonded interfaces (enp67s0f0 and enp68s0f1)
-
-    - Management network (routed/OAM)
-    - Calico network (Kubernetes control channel)
-    - Storage network
-    - Overlay network
-    - Public network
-
-See detailed network configuration in the
-``site/${NEW_SITE}/networks/physical/networks.yaml`` configuration file.
-
-Hardware sizing and minimum requirements
-----------------------------------------
-
-+-----------------+----------+----------+----------+
-|  Node           |   Disk   |  Memory  |   CPU    |
-+=================+==========+==========+==========+
-| Build (laptop)  |   10 GB  |  4 GB    |   1      |
-+-----------------+----------+----------+----------+
-| Genesis/Control |   500 GB |  64 GB   |   24     |
-+-----------------+----------+----------+----------+
-| Compute         |   N/A*   |  N/A*    |   N/A*   |
-+-----------------+----------+----------+----------+
-
-* Workload driven (determined by host profile)
-
-See detailed hardware configuration in the
-``site/${NEW_SITE}/networks/profiles`` folder.
-
-Establishing build node environment
------------------------------------
-
-1. On the machine you wish to use to generate deployment files, install required
-   tooling
-
-.. code-block:: bash
-
-    sudo apt -y install docker.io git
-
-2. Clone the ``treasuremap`` git repo as follows
-
-.. code-block:: bash
-
-    git clone https://opendev.org/airship/treasuremap.git
-    cd treasuremap && git checkout <release-tag>
-
-Building site documents
------------------------
-
-This section goes over how to put together site documents according to
-your specific environment and generate the initial Promenade bundle
-needed to start the site deployment.
-
-Preparing deployment documents
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In its current form, Pegleg provides an organized structure for YAML
-elements that separates common site elements (i.e., ``global``
-folder) from unique site elements (i.e., ``site`` folder).
-
-To gain a full understanding of the Pegleg structure, it is highly
-recommended to read the Pegleg documentation on this topic
-`here <https://airship-pegleg.readthedocs.io/>`__.
-
-The ``seaworthy`` site may be used as reference site. It is the
-principal pipeline for integration and continuous deployment testing of Airship.
-
-Change directory to the ``site`` folder and copy the
-``seaworthy`` site as follows:
-
-.. code-block:: bash
-
-    NEW_SITE=mySite # replace with the name of your site
-    cd treasuremap/site
-    cp -r seaworthy $NEW_SITE
-
-Remove ``seaworthy`` specific certificates.
-
-.. code-block:: bash
-
-    rm -f site/${NEW_SITE}/secrets/certificates/certificates.yaml
-
-
-You will then need to manually make changes to these files. These site
-manifests are heavily commented to explain parameters, and more importantly
-identify all of the parameters that need to change when authoring a new
-site.
-
-These areas which must be updated for a new site are flagged with the
-label ``NEWSITE-CHANGEME`` in YAML comments. Search for all instances
-of ``NEWSITE-CHANGEME`` in your new site definition. Then follow the
-instructions that accompany the tag in order to make all needed changes
-to author your new Airship site.
-
-Because some files depend on (or will repeat) information from others,
-the order in which you should build your site files is as follows:
-
-1. site/$NEW\_SITE/networks/physical/networks.yaml
-2. site/$NEW\_SITE/baremetal/nodes.yaml
-3. site/$NEW\_SITE/networks/common-addresses.yaml
-4. site/$NEW\_SITE/pki/pki-catalog.yaml
-5. All other site files
-
-Register DNS names
-~~~~~~~~~~~~~~~~~~
-
-Airship has two virtual IPs.
-
-See ``data.vip`` in section of
-``site/${NEW_SITE}/networks/common-addresses.yaml`` configuration file.
-Both are implemented via Kubernetes ingress controller and require FQDNs/DNS.
-
-Register the following list of DNS names:
-
-::
-
-    +---+---------------------------+-------------+
-    | A |             iam-sw.DOMAIN | ingress-vip |
-    | A |        shipyard-sw.DOMAIN | ingress-vip |
-    +---+---------------------------+-------------+
-    | A |  cloudformation-sw.DOMAIN | ingress-vip |
-    | A |         compute-sw.DOMAIN | ingress-vip |
-    | A |       dashboard-sw.DOMAIN | ingress-vip |
-    | A |         grafana-sw.DOMAIN | ingress-vip |
-    +---+---------------------------+-------------+
-    | A |        identity-sw.DOMAIN | ingress-vip |
-    | A |           image-sw.DOMAIN | ingress-vip |
-    | A |          kibana-sw.DOMAIN | ingress-vip |
-    | A |          nagios-sw.DOMAIN | ingress-vip |
-    | A |         network-sw.DOMAIN | ingress-vip |
-    | A | nova-novncproxy-sw.DOMAIN | ingress-vip |
-    | A |    object-store-sw.DOMAIN | ingress-vip |
-    | A |   orchestration-sw.DOMAIN | ingress-vip |
-    | A |       placement-sw.DOMAIN | ingress-vip |
-    | A |          volume-sw.DOMAIN | ingress-vip |
-    +---+---------------------------+-------------+
-    | A |            maas-sw.DOMAIN | maas-vip    |
-    | A |         drydock-sw.DOMAIN | maas-vip    |
-    +---+---------------------------+-------------+
-
-Here ``DOMAIN`` is a name of ingress domain, you can find it in the
-``data.dns.ingress_domain`` section of
-``site/${NEW_SITE}/secrets/certificates/ingress.yaml`` configuration file.
-
-Run the following command to get an up-to-date list of required DNS names:
-
-.. code-block:: bash
-
-    grep -E 'host: .+DOMAIN' site/${NEW_SITE}/software/config/endpoints.yaml | \
-        sort -u | awk '{print $2}'
-
-Update Secrets
-~~~~~~~~~~~~~~
-
-Replace passphrases under ``site/${NEW_SITE}/secrets/passphrases/``
-with random generated ones:
-
-- Passphrases generation ``openssl rand -hex 10``
-- UUID generation ``uuidgen`` (e.g., for Ceph filesystem ID)
-- Update ``secrets/passphrases/ipmi_admin_password.yaml`` with IPMI password
-- Update ``secrets/passphrases/ubuntu_crypt_password.yaml`` with password hash:
-
-.. code-block:: python
-
-    python3 -c "from crypt import *; print(crypt('<YOUR_PASSWORD>', METHOD_SHA512))"
-
-Configure certificates in ``site/${NEW_SITE}/secrets/certificates/ingress.yaml``,
-they need to be issued for the domains configured in the ``Register DNS names`` section.
-
-.. caution::
-
-    It is required to configure valid certificates. Self-signed certificates
-    are not supported.
-
-Control Plane & Tenant Ceph Cluster Notes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Configuration variables for ceph control plane are located in:
-
-- ``site/${NEW_SITE}/software/charts/ucp/ceph/ceph-osd.yaml``
-- ``site/${NEW_SITE}/software/charts/ucp/ceph/ceph-client.yaml``
-
-Configuration variables for tenant ceph are located in:
-
-- ``site/${NEW_SITE}/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml``
-- ``site/${NEW_SITE}/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml``
-
-Configuration summary:
-
--  data/values/conf/storage/osd[\*]/data/location: The block device that
-   will be formatted by the Ceph chart and used as a Ceph OSD disk
--  data/values/conf/storage/osd[\*]/journal/location: The block device
-   backing the ceph journal used by this OSD. Refer to the journal
-   paradigm below.
--  data/values/conf/pool/target/osd: Number of OSD disks on each node
-
-Assumptions:
-
-1. Ceph OSD disks are not configured for any type of RAID. Instead, they
-   are configured as JBOD when connected through a RAID controller.
-   If the RAID controller does not support JBOD, put each disk in its
-   own RAID-0 and enable RAID cache and write-back cache if the
-   RAID controller supports it.
-2. Ceph disk mapping, disk layout, journal and OSD setup is the same
-   across Ceph nodes, with only their role differing. Out of the 4
-   control plane nodes, we expect to have 3 actively participating in
-   the Ceph quorum, and the remaining 1 node designated as a standby
-   Ceph node which uses a different control plane profile
-   (cp\_*-secondary) than the other three (cp\_*-primary).
-3. If performing a fresh install, disks are unlabeled or not labeled from a
-   previous Ceph install, so that Ceph chart will not fail disk
-   initialization.
-
-.. important::
-
-    It is highly recommended to use SSD devices for Ceph Journal partitions.
-
-If you have an operating system available on the target hardware, you
-can determine HDD and SSD devices with:
-
-
-.. code-block:: bash
-
-    lsblk -d -o name,rota
-
-where a ``rota`` (rotational) value of ``1`` indicates a spinning HDD,
-and where a value of ``0`` indicates non-spinning disk (i.e., SSD). (Note:
-Some SSDs still report a value of ``1``, so it is best to go by your
-server specifications).
-
-For OSDs, pass in the whole block device (e.g., ``/dev/sdd``), and the
-Ceph chart will take care of disk partitioning, formatting, mounting,
-etc.
-
-For Ceph Journals, you can pass in a specific partition (e.g., ``/dev/sdb1``).
-Note that it's not required to pre-create these partitions. The Ceph chart
-will create journal partitions automatically if they don't exist.
-By default the size of every journal partition is 10G. Make sure
-there is enough space available to allocate all journal partitions.
-
-Consider the following example where:
-
--  /dev/sda is an operating system RAID-1 device (SSDs for OS root)
--  /dev/sd[bc] are SSDs for ceph journals
--  /dev/sd[efgh] are HDDs for OSDs
-
-The data section of this file would look like:
-
-.. code-block:: yaml
-
-    data:
-      values:
-        conf:
-          storage:
-            osd:
-              - data:
-                  type: block-logical
-                  location: /dev/sde
-                journal:
-                  type: block-logical
-                  location: /dev/sdb1
-              - data:
-                  type: block-logical
-                  location: /dev/sdf
-                journal:
-                  type: block-logical
-                  location: /dev/sdb2
-              - data:
-                  type: block-logical
-                  location: /dev/sdg
-                journal:
-                  type: block-logical
-                  location: /dev/sdc1
-              - data:
-                  type: block-logical
-                  location: /dev/sdh
-                journal:
-                  type: block-logical
-                  location: /dev/sdc2
-
-Manifest linting and combining layers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-After constituent YAML configurations are finalized, use Pegleg to lint
-your manifests. Resolve any issues that result from linting before
-proceeding:
-
-.. code-block:: bash
-
-    sudo tools/airship pegleg site -r /target lint $NEW_SITE
-
-Note: ``P001`` and ``P005`` linting errors are expected for missing
-certificates, as they are not generated until the next section. You may
-suppress these warnings by appending ``-x P001 -x P005`` to the lint
-command.
-
-Next, use Pegleg to perform the merge that will yield the combined
-global + site type + site YAML:
-
-.. code-block:: bash
-
-    sudo tools/airship pegleg site -r /target collect $NEW_SITE
-
-Perform a visual inspection of the output. If any errors are discovered,
-you may fix your manifests and re-run the ``lint`` and ``collect``
-commands.
-
-Once you have error-free output, save the resulting YAML as follows:
-
-.. code-block:: bash
-
-    sudo tools/airship pegleg site -r /target collect $NEW_SITE \
-        -s ${NEW_SITE}_collected
-
-This output is required for subsequent steps.
-
-Lastly, you should also perform a ``render`` on the documents. The
-resulting render from Pegleg will not be used as input in subsequent
-steps, but is useful for understanding what the document will look like
-once Deckhand has performed all substitutions, replacements, etc. This
-is also useful for troubleshooting and addressing any Deckhand errors
-prior to submitting via Shipyard:
-
-.. code-block:: bash
-
-    sudo tools/airship pegleg site -r /target render $NEW_SITE
-
-Inspect the rendered document for any errors. If there are errors,
-address them in your manifests and re-run this section of the document.
-
-Building the Promenade bundle
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Create an output directory for Promenade certs and run
-
-.. code-block:: bash
-
-    mkdir ${NEW_SITE}_certs
-    sudo tools/airship promenade generate-certs \
-      -o /target/${NEW_SITE}_certs /target/${NEW_SITE}_collected/*.yaml
-
-Estimated runtime: About **1 minute**
-
-After the certificates has been successfully created, copy the generated
-certificates into the security folder. Example:
-
-.. code-block:: bash
-
-    mkdir -p site/${NEW_SITE}/secrets/certificates
-    sudo cp ${NEW_SITE}_certs/certificates.yaml \
-      site/${NEW_SITE}/secrets/certificates/certificates.yaml
-
-Regenerate collected YAML files to include copied certificates:
-
-.. code-block:: bash
-
-    sudo rm -rf ${NEW_SITE}_collected ${NEW_SITE}_certs
-    sudo tools/airship pegleg site -r /target collect $NEW_SITE \
-        -s ${NEW_SITE}_collected
-
-Finally, create the Promenade bundle:
-
-.. code-block:: bash
-
-   mkdir ${NEW_SITE}_bundle
-   sudo tools/airship promenade build-all --validators \
-     -o /target/${NEW_SITE}_bundle /target/${NEW_SITE}_collected/*.yaml
-
-
-Genesis node
-------------
-
-Initial setup
-~~~~~~~~~~~~~
-
-Before starting, ensure that the BIOS and IPMI settings match those
-stated previously in this document. Also ensure that the hardware RAID
-is setup for this node per the control plane disk configuration stated
-previously in this document.
-
-Then, start with a manual install of Ubuntu 16.04 on the genesis node, the node
-you will use to seed the rest of your environment. Use standard `Ubuntu
-ISO <http://releases.ubuntu.com/16.04>`__.
-Ensure to select the following:
-
--  UTC timezone
--  Hostname that matches the genesis hostname given in
-   ``data.genesis.hostname`` in
-   ``site/${NEW_SITE}/networks/common-addresses.yaml``.
--  At the ``Partition Disks`` screen, select ``Manual`` so that you can
-   setup the same disk partitioning scheme used on the other control
-   plane nodes that will be deployed by MaaS. Select the first logical
-   device that corresponds to one of the RAID-1 arrays already setup in
-   the hardware controller. On this device, setup partitions matching
-   those defined for the ``bootdisk`` in your control plane host profile
-   found in ``site/${NEW_SITE}/profiles/host``.
-   (e.g., 30G for /, 1G for /boot, 100G for /var/log, and all remaining
-   storage for /var). Note that the volume size syntax looking like
-   ``>300g`` in Drydock means that all remaining disk space is allocated
-   to this volume, and that volume needs to be at least 300G in
-   size.
--  When you get to the prompt, "How do you want to manage upgrades on
-   this system?", choose "No automatic updates" so that packages are
-   only updated at the time of our choosing (e.g., maintenance windows).
--  Ensure the grub bootloader is also installed to the same logical
-   device as in the previous step (this should be default behavior).
-
-After installation, ensure the host has outbound internet access and can
-resolve public DNS entries (e.g., ``nslookup google.com``,
-``curl https://www.google.com``).
-
-Ensure that the deployed genesis hostname matches the hostname in
-``data.genesis.hostname`` in
-``site/${NEW_SITE}/networks/common-addresses.yaml``.
-If it does not match, then either change the hostname of the node to
-match the configuration documents, or re-generate the configuration with
-the correct hostname.
-
-To change the hostname of the deployed node, you may run the following:
-
-.. code-block:: bash
-
-    sudo hostname $NEW_HOSTNAME
-    sudo sh -c "echo $NEW_HOSTNAME > /etc/hostname"
-    sudo vi /etc/hosts # Anywhere the old hostname appears in the file, replace
-                       # with the new hostname
-
-Or, as an alternative, update the genesis hostname
-in the site definition and then repeat the steps in the previous two sections,
-"Manifest linting and combining layers" and "Building the Promenade bundle".
-
-Installing matching kernel version
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Install the same kernel version on the genesis host that MaaS will use
-to deploy new baremetal nodes.
-
-To do this, first you must determine the kernel version that
-will be deployed to those nodes. Start by looking at the host profile
-definition used to deploy other control plane nodes by searching for
-``control-plane: enabled``. Most likely this will be a file under
-``global/profiles/host``. In this file, find the kernel info. Example:
-
-.. code-block:: bash
-
-  platform:
-    image: 'xenial'
-    kernel: 'hwe-16.04'
-    kernel_params:
-      kernel_package: 'linux-image-4.15.0-46-generic'
-
-It is recommended to install matching (and previously tested) kernel
-
-.. code-block:: bash
-
-    sudo apt-get install linux-image-4.15.0-46-generic
-
-Check the installed packages on the genesis host with ``dpkg --list``.
-If there are any later kernel versions installed, remove them with
-``sudo apt remove``, so that the newly installed kernel is the latest
-available. Boot the genesis node using the installed kernel.
-
-Install ntpdate/ntp
-~~~~~~~~~~~~~~~~~~~
-
-Install and run ntpdate, to ensure a reasonably sane time on genesis
-host before proceeding:
-
-.. code-block:: bash
-
-    sudo apt -y install ntpdate
-    sudo ntpdate ntp.ubuntu.com
-
-If your network policy does not allow time sync with external time
-sources, specify a local NTP server instead of using ``ntp.ubuntu.com``.
-
-Then, install the NTP client:
-
-.. code-block:: bash
-
-    sudo apt -y install ntp
-
-Add the list of NTP servers specified in ``data.ntp.servers_joined`` in
-file
-``site/${NEW_SITE}/networks/common-address.yaml``
-to ``/etc/ntp.conf`` as follows:
-
-::
-
-    pool NTP_SERVER1 iburst
-    pool NTP_SERVER2 iburst
-    (repeat for each NTP server with correct NTP IP or FQDN)
-
-Then, restart the NTP service:
-
-.. code-block:: bash
-
-    sudo service ntp restart
-
-If you cannot get good time to your selected time servers,
-consider using alternate time sources for your deployment.
-
-Disable the apparmor profile for ntpd:
-
-.. code-block:: bash
-
-    sudo ln -s /etc/apparmor.d/usr.sbin.ntpd /etc/apparmor.d/disable/
-    sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.ntpd
-
-This prevents an issue with the MaaS containers, which otherwise get
-permission denied errors from apparmor when the MaaS container tries to
-leverage libc6 for /bin/sh when MaaS container ntpd is forcefully
-disabled.
-
-Promenade bootstrap
-~~~~~~~~~~~~~~~~~~~
-
-Copy the ``${NEW_SITE}_bundle`` directory from the build node to the genesis
-node, into the home directory of the user there (e.g., ``/home/ubuntu``).
-Then, run the following script as sudo on the genesis node:
-
-.. code-block:: bash
-
-    cd ${NEW_SITE}_bundle
-    sudo ./genesis.sh
-
-Estimated runtime: **1h**
-
-Following completion, run the ``validate-genesis.sh`` script to ensure
-correct provisioning of the genesis node:
-
-.. code-block:: bash
-
-    cd ${NEW_SITE}_bundle
-    sudo ./validate-genesis.sh
-
-Estimated runtime: **2m**
-
-Deploy Site with Shipyard
--------------------------
-
-Export valid login credentials for one of the Airship Keystone users defined
-for the site. Currently there are no authorization checks in place, so
-the credentials for any of the site-defined users will work. For
-example, we can use the ``shipyard`` user, with the password that was
-defined in
-``site/${NEW_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml``.
-Example:
-
-.. code-block:: bash
-
-    export OS_AUTH_URL="https://iam-sw.DOMAIN:443/v3"
-
-    export OS_USERNAME=shipyard
-    export OS_PASSWORD=password123
-
-Next, load collected site manifests to Shipyard
-
-.. code-block:: bash
-
-    sudo -E tools/airship shipyard create configdocs ${NEW_SITE} \
-      --directory=/target/${NEW_SITE}_collected
-
-    sudo tools/airship shipyard commit configdocs
-
-Estimated runtime: **3m**
-
-Now deploy the site with shipyard:
-
-.. code-block:: bash
-
-    tools/airship shipyard create action deploy_site
-
-Estimated runtime: **3h**
-
-Check periodically for successful deployment:
-
-.. code-block:: bash
-
-    tools/airship shipyard get actions
-    tools/airship shipyard describe action/<ACTION>
-
-Disable password-based login on genesis
----------------------------------------
-
-Before proceeding, verify that your SSH access to the genesis node is
-working with your SSH key (i.e., not using password-based
-authentication).
-
-Then, disable password-based SSH authentication on genesis in
-``/etc/ssh/sshd_config`` by uncommenting the ``PasswordAuthentication``
-and setting its value to ``no``. Example:
-
-::
-
-    PasswordAuthentication no
-
-Then, restart the ssh service:
-
-::
-
-    sudo systemctl restart ssh
-
-
diff --git a/doc/source/conf.py b/doc/source/conf.py
deleted file mode 100644
index c653975ad..000000000
--- a/doc/source/conf.py
+++ /dev/null
@@ -1,160 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# shipyard documentation build configuration file, created by
-# sphinx-quickstart on Sat Sep 16 03:40:50 2017.
-#
-# This file is execfile()d with the current directory set to its
-# containing dir.
-#
-# Note that not all possible configuration values are present in this
-# autogenerated file.
-#
-# All configuration values have a default; values that are commented out
-# serve to show the default.
-
-# If extensions (or modules to document with autodoc) are in another directory,
-# add these directories to sys.path here. If the directory is relative to the
-# documentation root, use os.path.abspath to make it absolute, like shown here.
-#
-# import os
-# import sys
-# sys.path.insert(0, os.path.abspath('.'))
-import sphinx_rtd_theme
-
-
-# -- General configuration ------------------------------------------------
-
-# If your documentation needs a minimal Sphinx version, state it here.
-#
-# needs_sphinx = '1.0'
-
-# Add any Sphinx extension module names here, as strings. They can be
-# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
-# ones.
-extensions = [
-    'sphinx.ext.autodoc',
-    'sphinx.ext.todo',
-    'sphinx.ext.viewcode',
-]
-
-# Add any paths that contain templates here, relative to this directory.
-# templates_path = []
-
-# The suffix(es) of source filenames.
-# You can specify multiple suffix as a list of string:
-#
-# source_suffix = ['.rst', '.md']
-source_suffix = '.rst'
-
-# The master toctree document.
-master_doc = 'index'
-
-# General information about the project.
-project = u'Airship Integration'
-copyright = u'2018 AT&T Intellectual Property.'
-author = u'Airship Authors'
-
-# The version info for the project you're documenting, acts as replacement for
-# |version| and |release|, also used in various other places throughout the
-# built documents.
-#
-# The short X.Y version.
-version = u'0.1.0'
-# The full version, including alpha/beta/rc tags.
-release = u'0.1.0'
-
-# The language for content autogenerated by Sphinx. Refer to documentation
-# for a list of supported languages.
-#
-# This is also used if you do content translation via gettext catalogs.
-# Usually you set "language" from the command line for these cases.
-language = None
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-# This patterns also effect to html_static_path and html_extra_path
-exclude_patterns = []
-
-# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
-
-# If true, `todo` and `todoList` produce output, else they produce nothing.
-todo_include_todos = False
-
-
-# -- Options for HTML output ----------------------------------------------
-
-# The theme to use for HTML and HTML Help pages.  See the documentation for
-# a list of builtin themes.
-#
-html_theme = "sphinx_rtd_theme"
-html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
-
-# Theme options are theme-specific and customize the look and feel of a theme
-# further.  For a list of options available for each theme, see the
-# documentation.
-#
-# html_theme_options = {}
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = []
-
-
-# -- Options for HTMLHelp output ------------------------------------------
-
-# Output file base name for HTML help builder.
-htmlhelp_basename = 'ucpintdoc'
-
-
-# -- Options for LaTeX output ---------------------------------------------
-
-latex_elements = {
-    # The paper size ('letterpaper' or 'a4paper').
-    #
-    # 'papersize': 'letterpaper',
-
-    # The font size ('10pt', '11pt' or '12pt').
-    #
-    # 'pointsize': '10pt',
-
-    # Additional stuff for the LaTeX preamble.
-    #
-    # 'preamble': '',
-
-    # Latex figure (float) alignment
-    #
-    # 'figure_align': 'htbp',
-}
-
-# Grouping the document tree into LaTeX files. List of tuples
-# (source start file, target name, title,
-#  author, documentclass [howto, manual, or own class]).
-latex_documents = [
-    (master_doc, 'airshipint.tex', u'Airship Integration Documentation',
-     u'Airship Authors', 'manual'),
-]
-
-
-# -- Options for manual page output ---------------------------------------
-
-# One entry per manual page. List of tuples
-# (source start file, name, description, authors, manual section).
-man_pages = [
-    (master_doc, 'AirshipIntegration', u'Airship Integration Documentation',
-     [author], 1)
-]
-
-
-# -- Options for Texinfo output -------------------------------------------
-
-# Grouping the document tree into Texinfo files. List of tuples
-# (source start file, target name, title, author,
-#  dir menu entry, description, category)
-texinfo_documents = [
-    (master_doc, 'Airship Integration', u'Airship Integration Documentation',
-     author, 'Airship Integration',
-     'Airship documentation',
-     'Miscellaneous'),
-]
diff --git a/doc/source/config_update_guide.rst b/doc/source/config_update_guide.rst
deleted file mode 100644
index 69f9aa710..000000000
--- a/doc/source/config_update_guide.rst
+++ /dev/null
@@ -1,187 +0,0 @@
-Configuration Update Guide
-==========================
-
-The guide contains the instructions for updating the configuration of
-a deployed Airship environment. Please refer to
-`Site Authoring and Deployment Guide <https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html>`__
-if you do not have an Airship environment already deployed.
-
-Update of an Airship environment consists of the following stages:
-
-1. **Prepare the configuration**: before deploying any changes, a user
-   should prepare and validate the manifests on a build node using
-   `Airship Pegleg <https://airship-pegleg.readthedocs.io/en/latest/>`__.
-2. **Deploy the changes**: during this stage, a user uploads the
-   configuration to the Airship environment and starts the deployment using
-   `Airship Shipyard <https://airship-shipyard.readthedocs.io/en/latest/>`__.
-
-.. note::
-
-    This guide assumes you have
-    `Airship Pegleg <https://airship-pegleg.readthedocs.io/en/latest/>`__ and
-    `Airship Shipyard <https://airship-shipyard.readthedocs.io/en/latest/>`__
-    tools installed and configured; please refer to
-    `Site Authoring and Deployment Guide <https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html>`__
-    for the details.
-
-Configuring Airship CLI
------------------------
-
-Clone the Airship Treasuremap repository and switch to correct version.
-
-::
-
-    git clone https://opendev.org/airship/treasuremap
-    cd treasuremap/
-    # List available tags.
-    git tag --list
-    # Switch to the version your site is using.
-    git checkout {your-tag}
-    # Go back to a previous directory.
-    cd ..
-
-Configure environment variables with the name of your site, and specify a path
-to the directory where site configuration is stored; for this example, we use
-`Airship Seaworthy <https://airship-treasuremap.readthedocs.io/en/latest/seaworthy.html>`__
-site:
-
-::
-
-    export SITE=seaworthy
-    export SITE_PATH=treasuremap/site/seaworthy
-
-Updating the manifests
-----------------------
-
-Changing the configuration consists of the following steps:
-
-1. Change site manifests.
-2. Lint the manifests.
-3. Collect the manifests.
-4. Copy the manifests to the Airship environment.
-
-Linting and collecting the manifests is done using
-`Airship Pegleg <https://airship-pegleg.readthedocs.io/en/latest/>`__.
-
-For this example, we are going to update a debug level for keystone logs
-in a site layer.
-
-.. note::
-
-    It is also possible to update the configuration in a global layer;
-    for more details on Airship layering mechanism see
-    `Pegleg Definition Artifact Layout <https://airship-pegleg.readthedocs.io/en/latest/artifacts.html>`__
-    documentation.
-
-Create an override file
-``${SITE_PATH}/software/charts/osh/openstack-keystone/keystone.yaml``
-with the following content:
-
-::
-
-    ---
-    schema: armada/Chart/v1
-    metadata:
-      schema: metadata/Document/v1
-      name: keystone
-      replacement: true
-      layeringDefinition:
-        abstract: false
-        layer: site
-        parentSelector:
-          name: keystone-global
-        actions:
-          - method: merge
-            path: .
-      storagePolicy: cleartext
-    data:
-      values:
-        conf:
-          logging:
-            logger_keystone:
-              level: DEBUG
-    ...
-
-Check that the configuration is valid:
-
-::
-
-    sudo ./treasuremap/tools/airship pegleg site -r treasuremap/ \
-      lint ${SITE}
-
-Collect the configuration:
-
-::
-
-    sudo ./treasuremap/tools/airship pegleg site \
-      -r treasuremap/ collect $SITE -s ${SITE}_collected
-
-Copy the configuration to a node that has the access to the site's
-Shipyard API, if the current node does not; this node can be one
-of your controllers:
-
-::
-
-    scp -r ${SITE}_collected {genesis-ip}:/home/{user-name}/${SITE}_collected
-
-
-Deploying the changes
----------------------
-
-After you copied the manifests, there are just a few steps needed to start
-the deployment:
-
-1. Upload the changes to
-   `Airship Deckhand <https://airship-deckhand.readthedocs.io/en/latest/>`__.
-2. Start the deployment using
-   `Airship Shipyard <https://airship-shipyard.readthedocs.io/en/latest/>`__.
-
-Install Airship CLI as described in `Configuring Airship CLI`_ section.
-
-Set the name of your site:
-
-::
-    export SITE=seaworthy
-
-Configure credentials for accessing Shipyard; the password is stored
-in ``ucp_shipyard_keystone_password`` secret, you can find it in
-``site/seaworthy/secrets/passphrases/ucp_shipyard_keystone_password.yaml``
-configuration file of your site.
-
-::
-
-    export OS_USERNAME=shipyard
-    export OS_PASSWORD={shipyard_password}
-
-Upload the changes to `Airship Deckhand <https://airship-deckhand.readthedocs.io/en/latest/>`__:
-
-::
-
-    # Upload the configuration.
-    sudo -E ./treasuremap/tools/airship shipyard \
-        create configdocs ${SITE} --replace --directory=${SITE}_collected
-
-    # Commit the configuration.
-    sudo -E ./treasuremap/tools/airship shipyard commit configdocs
-
-Run the deployment:
-
-::
-
-    sudo -E ./treasuremap/tools/airship shipyard create action update_site
-
-You can also run ``update_software`` instead of ``update_site`` which skips
-hardware configuration and only applies the changes to services that are running
-on top of Kubernetes.
-
-Now you can track the deployment progress using the following commands:
-
-::
-
-    # Get all actions that were executed on you environment.
-    sudo -E ./treasuremap/tools/airship shipyard get actions
-
-    # Show all the steps within the action.
-    sudo -E ./treasuremap/tools/airship shipyard describe action/{action_id}
-
-All steps will have status ``success`` when the update finishes.
diff --git a/doc/source/development_guide.rst b/doc/source/development_guide.rst
deleted file mode 100644
index 95a3b77c6..000000000
--- a/doc/source/development_guide.rst
+++ /dev/null
@@ -1,242 +0,0 @@
-=================
-Development Guide
-=================
-
-Welcome
--------
-
-Thank you for your interest in Airship. Our community is eager to help you
-contribute to the success of our project and welcome you as a member of our
-community!
-
-We invite you to reach out to us at any time via the `Airship mailing list`_ or
-`#airshipit IRC channel`_ on freenode.
-
-Welcome aboard!
-
-.. _Airship mailing list: http://lists.airshipit.org
-
-.. _#airshipit IRC channel: irc://chat.freenode.net:6667
-
-Getting Started
----------------
-
-Airship is a collection of open source tools for automating cloud provisioning
-and management. Airship provides a declarative framework for defining and
-managing the life cycle of open infrastructure tools and the underlying
-hardware. These tools include OpenStack for virtual machines, Kubernetes for
-container orchestration, and MaaS for bare metal, with planned support for
-OpenStack Ironic.
-
-We recommend that new contributors begin by reading the high-level architecture
-overview included in our `treasuremap`_ documentation. The architectural
-overview introduces each Airship component, their core responsibilities, and
-their integration points.
-
-.. _treasuremap: https://airship-treasuremap.readthedocs.io/en/latest
-
-Deep Dive
----------
-
-Each Airship component is accompanied by its own documentation that provides an
-extensive overview of the component. With so many components, it can be
-challenging to find a starting point.
-
-We recommend the following:
-
-Try an Airship environment
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Airship provides two single-node environments for demo and development purpose.
-
-`Airship-in-a-Bottle`_ is a set of reference documents and shell scripts that
-stand up a full Airship environment with the execution of a script.
-
-`Airskiff`_ is a light-weight development environment bundled with a set of
-deployment scripts that provides a single-node Airship environment. Airskiff
-uses minikube to bootstrap Kubernetes, so it does not include Drydock, MaaS, or
-Promenade.
-
-Additionally, we provide a reference architecture for easily deploying a
-smaller, demo site.
-
-`Airsloop`_ is a fully-authored Airship site that can be quickly deployed as a
-baremetal, demo lab.
-
-.. _Airship-in-a-Bottle: https://opendev.org/airship/in-a-bottle
-
-.. _Airskiff: https://airship-treasuremap.readthedocs.io/en/latest/airskiff.html
-
-.. _Airsloop: https://airship-treasuremap.readthedocs.io/en/latest/airsloop.html
-
-Focus on a component
-~~~~~~~~~~~~~~~~~~~~
-
-When starting out, focusing on one Airship component allows you to become
-intricately familiar with the responsibilities of that component and understand
-its function in the Airship integration. Because the components are modeled
-after each other, you will also become familiar with the same patterns and
-conventions that all Airship components use.
-
-Airship source code lives in the `OpenDev Airship namespace`_. To clone an
-Airship project, execute the following, replacing `<component>` with the name
-of the Airship component you want to clone.
-
-.. code-block bash::
-
-  git clone https://opendev.org/airship/<component>.git
-
-Refer to the component's documentation to get started. A list of each
-component's documentation is listed below for reference:
-
-    * `Armada`_
-    * `Deckhand`_
-    * `Divingbell`_
-    * `Drydock`_
-    * `Pegleg`_
-    * `Promenade`_
-    * `Shipyard`_
-
-.. _OpenDev Airship namespace: https://opendev.org/airship
-
-.. _Armada: https://airship-armada.readthedocs.io
-
-.. _Deckhand: https://airship-deckhand.readthedocs.io
-
-.. _Divingbell: https://airship-divingbell.readthedocs.io
-
-.. _Drydock: https://airship-drydock.readthedocs.io
-
-.. _Pegleg: https://airship-pegleg.readthedocs.io
-
-.. _Promenade: https://airship-promenade.readthedocs.io
-
-.. _Shipyard: https://airship-shipyard.readthedocs.io
-
-Find a Storyboard task or story
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Airship work items are tracked using Storyboard. A board of items can be found
-`here`_.
-
-Once you find an item to work on, simply assign the item to yourself or leave a
-comment that you plan to provide implementation for the item.
-
-.. _here: https://storyboard.openstack.org/#!/project_group/85
-
-Testing Changes
----------------
-
-Testing of Airship changes can be accomplished several ways:
-
-    #. Standalone, single component testing
-    #. Integration testing
-    #. Linting, unit, and functional tests/linting
-
-.. note:: Testing changes to charts in Airship repositories is best
-    accomplished using the integration method describe below.
-
-Standalone Testing
-~~~~~~~~~~~~~~~~~~
-
-Standalone testing of Airship components, i.e. using an Airship component as a
-Python project, provides the quickest feedback loop of the three methods and
-allows developers to make changes on the fly. We recommend testing initial code
-changes using this method to see results in real-time.
-
-Each Airship component written in Python has pre-requisites and guides for
-running the project in a standalone capacity. Refer to the documentation listed
-below.
-
-    * `Armada`_
-    * `Deckhand`_
-    * `Drydock`_
-    * `Pegleg`_
-    * `Promenade`_
-    * `Shipyard`_
-
-Integration Testing
-~~~~~~~~~~~~~~~~~~~
-
-While each Airship component supports individual usage, Airship components
-have several integration points that should be exercised after modifying
-functionality.
-
-We maintain several environments that encompass these integration points:
-
-    #. `Airskiff`_: Integration of Armada, Deckhand, Shipyard, and Pegleg
-    #. `Airship-in-a-Bottle Multinode`: Full Airship integration
-
-For changes that merely impact software delivery components, exercising a full
-Airskiff deployment is often sufficient. Otherwise, we recommend using the
-Airship-in-a-Bottle Multinode environment.
-
-Each environment's documentation covers the process required to build and test
-component images.
-
-.. _Airskiff: https://airship-treasuremap.readthedocs.io/en/latest/
-    airskiff.html
-
-.. _Airship-in-a-Bottle Multinode: http://git.openstack.org/cgit/openstack/
-    airship-in-a-bottle/tree/tools/multi_nodes_gate/README.rst
-
-Final Checks
-~~~~~~~~~~~~
-
-Airship projects provide Makefiles to run unit, integration, and functional
-tests as well as lint Python code for PEP8 compliance and Helm charts for
-successful template rendering. All checks are gated by Zuul before a change can
-be merged. For more information on executing these checks, refer to
-project-specific documentation.
-
-Third party CI tools, such as Jenkins, report results on Airship-in-a-Bottle
-patches. These can be exposed using the "Toggle CI" button in the bottom
-left-hand page of any gerrit change.
-
-Pushing code
-------------
-
-Airship uses the `OpenDev gerrit`_ for code review. Refer to the `OpenStack
-Contributing Guide`_ for a tutorial on submitting changes to Gerrit code
-review.
-
-.. _OpenDev gerrit: https://review.opendev.org
-
-.. _OpenStack Contributing Guide: https://docs.openstack.org/horizon/latest/contributor/contributing.html
-
-Next steps
-----------
-
-Upon pushing a change to gerrit, Zuul continuous integration will post job
-results on your patch. Refer to the job output by clicking on the job itself to
-determine if further action is required. If it's not clear why a job failed,
-please reach out to a team member in IRC. We are happy to assist!
-
-Assuming all continuous integration jobs succeed, Airship community members and
-core developers will review your patch and provide feedback. Many patches are
-submitted to Airship projects each day. If your patch does not receive feedback
-for several days, please reach out using IRC or the Airship mailing list.
-
-Merging code
-------------
-
-Like most OpenDev projects, Airship patches require two +2 code review votes
-from core members to merge. Once you have addressed all outstanding feedback,
-your change will be merged.
-
-Beyond
-------
-
-Congratulations! After your first change merges, please keep up-to-date with
-the team. We hold two weekly meetings for project and design discussion:
-
-Our weekly #airshipit IRC meeting provides an opportunity to discuss project
-operations.
-
-Our weekly design call provides an opportunity for in-depth discussion of new
-and existing Airship features.
-
-For more information on the times of each meeting, refer to the `Airship
-wiki`_.
-
-.. _Airship wiki: https://wiki.openstack.org/wiki/Airship
diff --git a/doc/source/diagrams/airsloop-architecture.png b/doc/source/diagrams/airsloop-architecture.png
deleted file mode 100755
index e4e89c56f..000000000
Binary files a/doc/source/diagrams/airsloop-architecture.png and /dev/null differ
diff --git a/doc/source/diagrams/architecture.png b/doc/source/diagrams/architecture.png
deleted file mode 100644
index 54aae8ada..000000000
Binary files a/doc/source/diagrams/architecture.png and /dev/null differ
diff --git a/doc/source/diagrams/component_list.png b/doc/source/diagrams/component_list.png
deleted file mode 100644
index afde9fa25..000000000
Binary files a/doc/source/diagrams/component_list.png and /dev/null differ
diff --git a/doc/source/diagrams/deploy_site.png b/doc/source/diagrams/deploy_site.png
deleted file mode 100644
index 69e1461ef..000000000
Binary files a/doc/source/diagrams/deploy_site.png and /dev/null differ
diff --git a/doc/source/diagrams/genesis.png b/doc/source/diagrams/genesis.png
deleted file mode 100644
index 672deaa8a..000000000
Binary files a/doc/source/diagrams/genesis.png and /dev/null differ
diff --git a/doc/source/index.rst b/doc/source/index.rst
deleted file mode 100644
index dd2581242..000000000
--- a/doc/source/index.rst
+++ /dev/null
@@ -1,210 +0,0 @@
-
-Airship Treasuremap
-===================
-
-Airship is a collection of components that coordinate to form means of
-configuring and deploying and maintaining
-a `Kubernetes <https://kubernetes.io/>`__ environment using a
-declarative set of `yaml <http://yaml.org/>`__ documents.
-
-More specifically, the current focus of this project is the implementation of
-OpenStack on Kubernetes (OOK).
-
-.. image:: diagrams/architecture.png
-
-Component Projects
-==================
-
-Pegleg
-------
-
-`Pegleg <https://opendev.org/airship/pegleg>`_ is a document aggregator
-that provides early linting and validations via Deckhand, a document management
-micro-service within Airship.
-
-Shipyard
---------
-`Shipyard <https://opendev.org/airship/shipyard>`_ is the directed acyclic
-graph controller for Kubernetes and OpenStack control plane life cycle
-management.
-
-Shipyard provides the entrypoint for the following aspects of the control plane:
-
-Designs and Secrets
-^^^^^^^^^^^^^^^^^^^
-Site designs, including the configuration of bare metal host nodes, network
-design, operating systems, Kubernetes nodes, Armada manifests, Helm charts,
-and any other descriptors that define the build out of a group of servers enter
-the Airship via Shipyard. Secrets, such as passwords and certificates, use the same
-mechanism.
-The designs and secrets are stored in Airship's Deckhand, providing for version
-history and secure storage among other document-based conveniences.
-
-Actions
-^^^^^^^
-Interaction with the site's control plane is done via invocation of actions in
-Shipyard. Each action is backed by a workflow implemented as a directed acyclic
-graph (DAG) that runs using Apache Airflow. Shipyard provides a mechanism to
-monitor and control the execution of the workflow.
-
-Drydock
--------
-`Drydock <https://opendev.org/airship/drydock>`_ is a provisioning orchestrator
-for baremetal servers that translates a YAML-based declaritive site topology into a
-physical undercloud that can be used for building out a enterprise Kubernetes cluster.
-It uses plugins to leverage existing provisioning systems to build the servers allowing
-integration with the provisioning system that best fits the goals and environment of a site.
-
-Capabilities
-^^^^^^^^^^^^
-
-* Initial IPMI configuration for PXE booting new servers.
-* Support for Canonical MAAS provisioning.
-* Configuration of complex network topologies including bonding,
-  tagged VLANs and static routes
-* Support for running behind a corporate proxy
-* Extensible boot action system for placing files and SystemD
-  units on nodes for post-deployment execution
-* Supports Keystone-based authentication and authorization
-
-Deckhand
---------
-`Deckhand <https://opendev.org/airship/deckhand>`_ is a document-based
-configuration storage service built with auditability and validation in mind.
-
-Core Responsibilities
-^^^^^^^^^^^^^^^^^^^^^
-
-* layering - helps reduce duplication in configuration by applying the notion
-  of inheritance to documents
-* substitution - provides separation between secret data and other
-  configuration data for security purposes and reduces data duplication by
-  allowing common data to be defined once and substituted elsewhere dynamically
-* revision history - maintains well-defined collections of documents within
-  immutable revisions that are meant to operate together, while providing the
-  ability to rollback to previous revisions
-* validation - allows services to implement and register different kinds of
-  validations and report errors
-* secret management - leverages existing OpenStack APIs -- namely
-  `Barbican`_ -- to reliably and securely store sensitive data
-
-Armada
-------
-`Armada <https://opendev.org/airship/armada>`_ is a tool for managing multiple
-Helm charts with dependencies by centralizing all configurations in a single
-Armada YAML and providing life-cycle hooks for all Helm releases.
-
-Core Responsibilities
-^^^^^^^^^^^^^^^^^^^^^
-
-* Multiple Chart Deployments and Upgrades driven by Armada Manifests
-* Manage multiple chart dependencies using Chart Groups
-* Enhancing base Helm functionality
-* Supports Keystone-based authentication and authorization
-
-Kubernetes
-----------
-`Kubernetes <https://github.com/kubernetes/kubernetes>`_ is an open source
-system for managing containerized applications across multiple hosts, providing
-basic mechanisms for deployment, maintenance, and scaling of applications.
-
-Promenade
----------
-`Promenade <https://opendev.org/airship/promenade>`_ is a tool for
-bootstrapping a resilient, self-hosted Kubernetes cluster and managing its
-life-cycle.
-
-Bootstrapping begins by provisioning a single-node cluster with a complete,
-configurable Airship infrastructure. After hosts are added to the cluster, the
-original bootstrapping node can be re-provisioned to avoid subtle differences
-that could result in future issues.
-
-Promenade provides cluster resiliency against both node failures and full
-cluster restarts.  It does so by leveraging
-`Helm <https://github.com/kubernetes/helm>`_ charts to manage core Kubernetes
-assets directly on each host, to ensure their availability.
-
-Helm
-----
-`Helm <https://github.com/kubernetes/helm>`_ is a package manager for Kubernetes.
-It helps you define, install, and upgrade even the most complex Kubernetes
-applications using Helm charts.
-
-A chart is a collection of files that describe a related set of Kubernetes
-resources. Helm wraps up each chart's deployment into a concrete release,
-a tidy little box that is a collection of all the Kubernetes resources that
-compose that service, and so you can interact with a collection of Kubernetes
-resources that compose a release as a single unit, either to install, upgrade,
-or remove.
-
-At its core, the value that Helm brings to the table -- at least for us -- is
-allowing us to templatize our experience with Kubernetes resources, providing
-a standard interface for operators or high-level software orchestrators to
-control the installation and life cycle of Kubernetes applications.
-
-OpenStack-Helm
---------------
-The `OpenStack-Helm <https://github.com/openstack/openstack-helm>`_ project
-provides a framework to enable the deployment, maintenance, and upgrading of
-loosely coupled OpenStack services and their dependencies individually or as
-part of complex environments.
-
-OpenStack-Helm is essentially a marriage of Kubernetes, Helm, and OpenStack,
-and seeks to create Helm charts for each OpenStack service.  These Helm charts
-provide complete life cycle management for these OpenStack services.
-
-Users of OpenStack-Helm either deploy all or individual OpenStack components
-along with their required dependencies.  It heavily borrows concepts from
-Stackanetes and complex Helm application deployments.  Ideally, at the end of
-the day, this project is meant to be a collaborative project that brings
-OpenStack applications into a cloud-native model.
-
-Divingbell
-----------
-`Divingbell <https://opendev.org/airship/divingbell>`_ is a lightweight
-solution for:
-
-1. Bare metal configuration management for a few very targeted use cases
-2. Bare metal package manager orchestration
-
-What problems does it solve?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The needs identified for Divingbell were:
-
-1. To plug gaps in day 1 tools (e.g., Drydock) for node configuration
-2. To provide a day 2 solution for managing these configurations going forward
-3. [Future] To provide a day 2 solution for system level host patching
-
-Berth
------
-`Berth <https://opendev.org/airship/berth>`_ is a deliberately minimalist VM
-runner for Kubernetes.
-
-
-Process Flows
-=============
-
-.. image:: diagrams/genesis.png
-
-.. image:: diagrams/deploy_site.png
-
-
-.. toctree::
-   :maxdepth: 2
-
-   authoring_and_deployment
-   config_update_guide
-   troubleshooting_guide
-   seaworthy
-   airsloop
-   airskiff
-   development_guide
-
-.. _Barbican: https://docs.openstack.org/barbican/latest/api/
-.. _Helm Homepage: https://helm.sh/
-.. _Kubernetes Homepage: https://kubernetes.io/
-.. _Openstack: https://www.openstack.org/
-.. _Openstack Helm: https://github.com/openstack/openstack-helm
-.. _Treasuremap: https://opendev.org/airship/treasuremap
-.. _yaml: http://yaml.org/
-
diff --git a/doc/source/seaworthy.rst b/doc/source/seaworthy.rst
deleted file mode 100644
index 53bd006c4..000000000
--- a/doc/source/seaworthy.rst
+++ /dev/null
@@ -1,69 +0,0 @@
-Seaworthy: Production-grade Airship
-===================================
-
-Airship Seaworthy is a multi-node site deployment reference
-and continuous integration pipeline.
-
-The site manifests are available at
-`site/seaworthy <https://opendev.org/airship/treasuremap/src/branch/master/site/seaworthy>`__.
-
-
-Pipeline
---------
-
-Airship Seaworthy pipeline automates deployment flow documented in
-`Site Authoring and Deployment Guide <https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html>`__.
-
-The pipeline is implemented as Jenkins Pipeline (Groovy), see code for the pipeline at
-`Jenkinsfile <https://opendev.org/airship/treasuremap/src/branch/master/tools/gate/seaworthy/Jenkinsfile>`__.
-
-Versions
---------
-
-The manifest overrides (`versions.yaml <https://opendev.org/airship/treasuremap/src/branch/master/global/software/config/versions.yaml>`__)
-are setup to deploy OpenStack Ocata.
-
-The versions are kept up to date via `updater.py <https://opendev.org/airship/treasuremap/src/branch/master/tools/updater.py>`__,
-a utility that updates versions.yaml latest charts and (selected) images.
-
-Due to the limited capacity of a test environment, only Ubuntu-based images are used at the moment.
-
-The pipeline attempts to uplift and deploy latest versions on daily bases.
-
-
-Hardware
---------
-
-While HW configuration is flexible, Airship Seaworthy reference manifests
-reflect full HA deployment, similar to what might be expected in production.
-
-Reducing number of control/compute nodes will require site overrides
-to align parts of the system such as Ceph replication, etcd, etc.
-
-Airship Seaworthy site has 6 DELL R720xd bare-metal servers:
-3 control, and 3 compute nodes.
-See host profiles for the servers `here <https://opendev.org/airship/treasuremap/src/branch/master/site/seaworthy/profiles/host>`__.
-
-Control (masters)
- - cab23-r720-11
- - cab23-r720-12
- - cab23-r720-13
-
-Compute (workers)
- - cab23-r720-14
- - cab23-r720-17
- - cab23-r720-19
-
-
-Network
--------
-
-Physical (underlay) networks are described in Drydock site configuration
-`here <https://opendev.org/airship/treasuremap/src/branch/master/site/seaworthy/networks/physical/networks.yaml>`__.
-It defines OOB (iLO/IPMI), untagged PXE, and multiple tagged general use networks.
-
-Calico overlay for k8s POD networking uses IPIP mesh.
-
-BGP peering is supported but not enabled in this setup, see
-`Calico chart <https://github.com/openstack/openstack-helm-infra/blob/master/calico>`__.
-
diff --git a/doc/source/troubleshooting_guide.rst b/doc/source/troubleshooting_guide.rst
deleted file mode 100644
index 072a4897d..000000000
--- a/doc/source/troubleshooting_guide.rst
+++ /dev/null
@@ -1,177 +0,0 @@
-Troubleshooting Guide
-=====================
-
-This guide provides information on troubleshooting of an Airship
-environment. Debugging of any software component starts with gathering
-more information about the failure, so the intention of the document
-is not to describe specific issues that one can encounter, but to provide
-a generic set of instructions that a user can follow to find the
-root cause of the problem.
-
-For additional support you can contact the Airship team via
-`IRC or mailing list <https://www.airshipit.org/community/>`__,
-use `Airship bug tracker <https://storyboard.openstack.org/#!/project_group/Airship>`__
-to search and create issues.
-
-Configuring Airship CLI
------------------------
-
-Many commands from this guide use Airship CLI, this section describes
-how to get it configured on your environment.
-
-::
-
-    git clone https://opendev.org/airship/treasuremap
-    cd treasuremap/
-    # List available tags.
-    git tag --list
-    # Switch to the version your site is using.
-    git checkout {your-tag}
-    # Go back to a previous directory.
-    cd ..
-    # Run it without arguments to get a help message.
-    sudo ./treasuremap/tools/airship
-
-Manifests Preparation
----------------------
-
-When you do any configuration changes to the manifests, there are a few
-commands that you can use to validate the changes without uploading them
-to the Airship environment.
-
-Run ``lint`` command for your site; it helps to catch the errors related
-to documents duplication, broken references, etc.
-
-Example:
-
-::
-
-    sudo ./treasuremap/tools/airship pegleg site -r airship-treasuremap/ \
-        lint {site-name}
-
-If you create configuration overrides or do changes to substitutions,
-it is recommended to run ``render`` command this command merges the layers
-and renders all substitutions. This allows finding what parameters are
-passed to Helm as overrides for Charts' defaults.
-
-Example:
-
-::
-
-    # Saves the result into rendered.txt file.
-    sudo ./treasuremap/tools/airship pegleg site -r treasuremap/ \
-        render -o rendered.txt ${SITE}
-
-Deployment Failure
-------------------
-
-During the deployment, it is important to identify a specific step
-where it fails, there are two major deployment steps:
-
-1. **Drydock build**: deploys Operating System.
-2. **Armada build**: deploys Helm Charts.
-
-After `Configuring Airship CLI`_, setup credentials for accessing
-Shipyard; the password is stored in ``ucp_shipyard_keystone_password``
-secret, you can find it in
-``site/seaworthy/secrets/passphrases/ucp_shipyard_keystone_password.yaml``
-configuration file of your site.
-
-::
-
-    export OS_USERNAME=shipyard
-    export OS_PASSWORD={shipyard_password}
-
-Now you can use the following commands to access Shipyard:
-
-::
-
-    # Get all actions that were executed on you environment.
-    sudo ./treasuremap/tools/airship shipyard get actions
-    # Show all the steps within the action.
-    sudo ./treasuremap/tools/airship shipyard describe action/{action_id}
-    # Get a bit more details on the step.
-    sudo ./treasuremap/tools/airship shipyard describe step/{action_id}/armada_build
-    # Print the logs from the step.
-    sudo ./treasuremap/tools/airship shipyard logs step/{action_id}/armada_build
-
-
-After the failed step is determined, you can access the logs of a specific
-service (e.g., drydock-api/maas or armada-api) to get more information
-on the failure, note that there may be multiple pods of a single service
-running, you need to check all of them to find where the most recent
-logs are available.
-
-Example of accessing Armada API logs:
-
-::
-
-   # Get all pods running on the cluster and find a name of the pod you are
-   # interested in.
-   kubectl get pods -o wide --all-namespaces
-
-   # See the logs of specific pod.
-   kubectl logs -n ucp -f --tail 200 armada-api-d5f757d5-6z6nv
-
-In some cases you want to restart your pod, there is no dedicated command for
-that in Kubernetes. However, you can delete the pod, it will be restarted
-by Kubernetes to satisfy replication factor.
-
-::
-
-    # Restart Armada API service.
-    kubectl delete pod -n ucp armada-api-d5f757d5-6z6nv
-
-Ceph
-----
-
-Many stateful services in Airship rely on Ceph to function correctly.
-For more information on Ceph debugging follow an official
-`Ceph debugging guide <http://docs.ceph.com/docs/mimic/rados/troubleshooting/log-and-debug/>`__.
-
-Although Ceph tolerates failures of multiple OSDs, it is important
-to make sure that your Ceph cluster is healthy.
-
-Example:
-
-::
-
-    # Get a name of Ceph Monitor pod.
-    CEPH_MON=$(sudo kubectl get pods --all-namespaces -o=name | \
-        grep ceph-mon | sed -n 1p | sed 's|pod/||')
-    # Get the status of the Ceph cluster.
-    sudo kubectl exec -it -n ceph ${CEPH_MON} -- ceph -s
-
-Cluster is in a helthy state when ``health`` parameter is set to ``HEALTH_OK``.
-
-When the cluster is unhealthy, and some Placement Groups are reported to be in
-degraded or down states, determine the problem by inspecting the logs of
-Ceph OSD that is down using ``kubectl``.
-
-::
-
-    # Get a name of Ceph Monitor pod.
-    CEPH_MON=$(sudo kubectl get pods --all-namespaces -o=name | \
-        grep ceph-mon | sed -n 1p | sed 's|pod/||')
-    # List a hierarchy of OSDs in the cluster to see what OSDs are down.
-    sudo kubectl exec -it -n ceph ${CEPH_MON} -- ceph osd tree
-
-There are a few other commands that may be useful during the debugging:
-
-::
-
-    # Get a name of Ceph Monitor pod.
-    CEPH_MON=$(sudo kubectl get pods --all-namespaces -o=name | \
-        grep ceph-mon | sed -n 1p | sed 's|pod/||')
-
-    # Get a detailed information on the status of every Placement Group.
-    sudo kubectl exec -it -n ceph ${CEPH_MON} -- ceph pg dump
-
-    # List allocated block devices.
-    sudo kubectl exec -it -n ceph ${CEPH_MON} -- rbd ls
-    # See what client uses the device.
-    sudo kubectl exec -it -n ceph ${CEPH_MON} -- rbd status \
-        kubernetes-dynamic-pvc-e71e65a9-3b99-11e9-bf31-e65b6238af01
-
-    # List all Ceph block devices mounted on a specific host.
-    mount | grep rbd
diff --git a/global/baremetal/bootactions/airship-target.yaml b/global/baremetal/bootactions/airship-target.yaml
deleted file mode 100644
index ae3a17a08..000000000
--- a/global/baremetal/bootactions/airship-target.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: airship-target
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-data:
-  signaling: false
-  assets:
-    - path: /etc/systemd/system/airship.target
-      type: unit
-      permissions: '444'
-      data: |
-        [Unit]
-        Description=Airshipt bootaction target
-        After=multi-user.target cloud-init.target
-
-        [Install]
-        WantedBy=graphical.target
-
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/global/baremetal/bootactions/apparmor-profiles.yaml b/global/baremetal/bootactions/apparmor-profiles.yaml
deleted file mode 100644
index 2ab2bbc8c..000000000
--- a/global/baremetal/bootactions/apparmor-profiles.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: apparmor-profiles
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-  substitutions:
-    - src:
-        schema: pegleg/AppArmorProfile/v1
-        name: airship-default
-        path: .savePath
-      dest:
-        path: .assets[0].path
-    - src:
-        schema: pegleg/AppArmorProfile/v1
-        name: airship-default
-        path: .content
-      dest:
-        path: .assets[0].data
-    - src:
-        schema: pegleg/AppArmorProfile/v1
-        name: airship-apparmor-loader
-        path: .savePath
-      dest:
-        path: .assets[1].path
-    - src:
-        schema: pegleg/AppArmorProfile/v1
-        name: airship-apparmor-loader
-        path: .content
-      dest:
-        path: .assets[1].data
-
-data:
-  signaling: false
-  assets:
-    - type: file
-      permissions: '600'
-      data_pipeline:
-        - utf8_decode
-    - type: file
-      permissions: '600'
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/global/baremetal/bootactions/nested-virt.yaml b/global/baremetal/bootactions/nested-virt.yaml
deleted file mode 100644
index fb6193410..000000000
--- a/global/baremetal/bootactions/nested-virt.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: nested-virt
-  labels:
-    name: nested-virt-global
-    application: 'drydock'
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: 'cleartext'
-data:
-  signaling: false
-  assets:
-    - path: /etc/modprobe.d/nested-virt.conf
-      type: file
-      permissions: '644'
-      data_pipeline:
-        - utf8_decode
-      data: |
-        options kvm-intel nested=y
-...
diff --git a/global/baremetal/bootactions/promjoin.yaml b/global/baremetal/bootactions/promjoin.yaml
deleted file mode 100644
index 5fdd390b1..000000000
--- a/global/baremetal/bootactions/promjoin.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: promjoin-systemd-unit
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: promjoin-systemd-unit
-    application: 'drydock'
-data:
-  signaling: false
-  assets:
-    - path: /etc/systemd/system/promjoin.service
-      type: unit
-      permissions: '444'
-      data: |
-        [Unit]
-        Description=Promenade Initialization Service
-        After=network-online.target local-fs.target cloud-init.target
-        ConditionPathExists=!/var/lib/prom.done
-
-        [Service]
-        Type=oneshot
-        ExecStart=/opt/promjoin.sh
-
-        [Install]
-        WantedBy=airship.target
-
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/global/baremetal/bootactions/seccomp-profiles.yaml b/global/baremetal/bootactions/seccomp-profiles.yaml
deleted file mode 100644
index 70bd78156..000000000
--- a/global/baremetal/bootactions/seccomp-profiles.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: seccomp-profiles
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-  substitutions:
-    - src:
-        schema: pegleg/SeccompProfile/v1
-        name: seccomp-default
-        path: .savePath
-      dest:
-        path: .assets[0].path
-    - src:
-        schema: pegleg/SeccompProfile/v1
-        name: seccomp-default
-        path: .content
-      dest:
-        path: .assets[0].data
-
-data:
-  signaling: false
-  assets:
-    - type: file
-      permissions: '600'
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/global/deployment/deployment-strategy.yaml b/global/deployment/deployment-strategy.yaml
deleted file mode 100644
index 764923282..000000000
--- a/global/deployment/deployment-strategy.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# The global deployment strategy assumes nodes are marked with node_tags
-# of masters and workers.
-schema: shipyard/DeploymentStrategy/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-strategy
-  layeringDefinition:
-      abstract: false
-      layer: global
-  labels:
-    name: deployment-strategy-global
-  storagePolicy: cleartext
-data:
-  groups:
-    - name: masters
-      critical: true
-      depends_on: []
-      selectors:
-        - node_names: []
-          node_labels: []
-          node_tags:
-            - masters
-          rack_names: []
-      success_criteria:
-        percent_successful_nodes: 100
-    - name: workers
-      critical: true
-      depends_on:
-        - masters
-      selectors:
-        - node_names: []
-          node_labels: []
-          node_tags:
-            - workers
-          rack_names: []
-      success_criteria:
-        percent_successful_nodes: 60
-...
diff --git a/global/layering-policy.yaml b/global/layering-policy.yaml
deleted file mode 100644
index df0e8df32..000000000
--- a/global/layering-policy.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/LayeringPolicy/v1
-metadata:
-  schema: metadata/Control/v1
-  name: layering-policy
-data:
-  layerOrder:
-    - global
-    - type
-    - site
-    - cicd  # overrides for pipeline automation
-...
diff --git a/global/profiles/genesis.yaml b/global/profiles/genesis.yaml
deleted file mode 100644
index 9fa2075cf..000000000
--- a/global/profiles/genesis.yaml
+++ /dev/null
@@ -1,150 +0,0 @@
----
-schema: promenade/Genesis/v1
-metadata:
-  schema: metadata/Document/v1
-  name: genesis-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  labels:
-    name: genesis-global
-  storagePolicy: cleartext
-  substitutions:
-    # Software versions for bootstrapping phase
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.armada.api
-      dest:
-        path: .images.armada
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.armada.tiller
-      dest:
-        path: .images.helm.tiller
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.apiserver.apiserver
-      dest:
-        path: .images.kubernetes.apiserver
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.controller-manager.controller_manager
-      dest:
-        path: .images.kubernetes.controller-manager
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.etcd.etcd
-      dest:
-        path: .images.kubernetes.etcd
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.scheduler.scheduler
-      dest:
-        path: .images.kubernetes.scheduler
-
-    # Site-specific configuration
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .hostname
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.ip
-      dest:
-        path: .ip
-
-    # Command prefix
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .apiserver.arguments[2]
-        pattern: SERVICE_CIDR
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_node_port_range
-      dest:
-        path: .apiserver.arguments[3]
-        pattern: SERVICE_NODE_PORT_RANGE
-
-    # Set etcd encryption policy
-    - src:
-        schema: promenade/EncryptionPolicy/v1
-        name: encryption-policy
-        path: .etcd
-      dest:
-        path: .apiserver.encryption
-
-data:
-  apiserver:
-    arguments:
-      - --authorization-mode=Node,RBAC
-      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction,EventRateLimit
-      - --service-cluster-ip-range=SERVICE_CIDR
-      - --service-node-port-range=SERVICE_NODE_PORT_RANGE
-      - --endpoint-reconciler-type=lease
-      - --feature-gates=PodShareProcessNamespace=true
-      - --v=3
-      - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml
-      - --experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml
-      - --requestheader-allowed-names='aggregator'
-  armada:
-    target_manifest: cluster-bootstrap
-  haproxy:
-    run_as_user: 65534
-  labels:
-    dynamic:
-      - beta.kubernetes.io/fluentd-ds-ready=true
-      - calico-etcd=enabled
-      - ceph-mds=enabled
-      - ceph-mon=enabled
-      - ceph-osd=enabled
-      - ceph-rgw=enabled
-      - ceph-mgr=enabled
-      - tenant-ceph-control-plane=enabled
-      - tenant-ceph-mon=enabled
-      - tenant-ceph-rgw=enabled
-      - tenant-ceph-mgr=enabled
-      - kube-dns=enabled
-      - kube-ingress=enabled
-      - kubernetes-apiserver=enabled
-      - kubernetes-controller-manager=enabled
-      - kubernetes-etcd=enabled
-      - kubernetes-scheduler=enabled
-      - promenade-genesis=enabled
-      - ucp-control-plane=enabled
-      - maas-rack=enabled
-      - maas-region=enabled
-      - node-exporter=enabled
-  files:
-    - path: /var/lib/anchor/calico-etcd-bootstrap
-      content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
-      mode: 0644
-    - path: /etc/genesis/apiserver/acconfig.yaml
-      mode: 0444
-      content: |
-        kind: AdmissionConfiguration
-        apiVersion: apiserver.k8s.io/v1alpha1
-        plugins:
-          - name: EventRateLimit
-            path: eventconfig.yaml
-    - path: /etc/genesis/apiserver/eventconfig.yaml
-      mode: 0444
-      content: |
-        kind: Configuration
-        apiVersion: eventratelimit.admission.k8s.io/v1alpha1
-        limits:
-          - type: Server
-            qps: 1000
-            burst: 10000
diff --git a/global/profiles/hardware/generic.yaml b/global/profiles/hardware/generic.yaml
deleted file mode 100644
index e4b96a54e..000000000
--- a/global/profiles/hardware/generic.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: 'drydock/HardwareProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: DELL_HP_Generic
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  vendor: Dell
-  generation: '8'
-  hw_version: '3'
-  bios_version: '2.2.3'
-  boot_mode: bios
-  bootstrap_protocol: pxe
-  pxe_interface: 0
-  device_aliases: {}
-...
diff --git a/global/profiles/host/cp.yaml b/global/profiles/host/cp.yaml
deleted file mode 100644
index 82f1b9713..000000000
--- a/global/profiles/host/cp.yaml
+++ /dev/null
@@ -1,116 +0,0 @@
----
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cp-global
-  storagePolicy: cleartext
-  labels:
-    hosttype: cp-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  substitutions:
-    - dest:
-        path: .oob.credential
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ipmi_admin_password
-        path: .
-data:
-  oob:
-    type: 'ipmi'
-    network: 'oob'
-    account: 'root'
-  storage:
-    physical_devices:
-      sda:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  platform:
-    image: 'xenial'
-    kernel: 'hwe-16.04'
-    kernel_params:
-      kernel_package: 'linux-image-4.15.0-46-generic'
-
-  metadata:
-    owner_data:
-      control-plane: enabled
-      ucp-control-plane: enabled
-      openstack-control-plane: enabled
-      openstack-heat: enabled
-      openstack-keystone: enabled
-      openstack-rabbitmq: enabled
-      openstack-dns-helper: enabled
-      openstack-mariadb: enabled
-      openstack-nova-control: enabled
-      openstack-etcd: enabled
-      openstack-mistral: enabled
-      openstack-memcached: enabled
-      openstack-glance: enabled
-      openstack-horizon: enabled
-      openstack-cinder-control: enabled
-      openstack-cinder-volume: control
-      openstack-neutron: enabled
-      openvswitch: enabled
-      ucp-barbican: enabled
-      ceph-mon: enabled
-      ceph-mgr: enabled
-      ceph-osd: enabled
-      ceph-mds: enabled
-      ceph-rgw: enabled
-      tenant-ceph-control-plane: enabled
-      tenant-ceph-mon: enabled
-      tenant-ceph-rgw: enabled
-      tenant-ceph-mgr: enabled
-      maas-rack: enabled
-      maas-region: enabled
-      kube-dns: enabled
-      kubernetes-apiserver: enabled
-      kubernetes-controller-manager: enabled
-      kubernetes-etcd: enabled
-      kubernetes-scheduler: enabled
-      tiller-helm: enabled
-      kube-etcd: enabled
-      calico-policy: enabled
-      calico-node: enabled
-      calico-etcd: enabled
-      ucp-armada: enabled
-      ucp-drydock: enabled
-      ucp-deckhand: enabled
-      ucp-shipyard: enabled
-      IAM: enabled
-      ucp-promenade: enabled
-      prometheus-server: enabled
-      prometheus-client: enabled
-      fluentd: enabled
-      fluentbit: enabled
-      influxdb: enabled
-      kibana: enabled
-      elasticsearch-client: enabled
-      elasticsearch-master: enabled
-      elasticsearch-data: enabled
-      postgresql: enabled
-      kube-ingress: enabled
-      beta.kubernetes.io/fluentd-ds-ready: 'true'
-      node-exporter: enabled
-...
diff --git a/global/profiles/host/dp.yaml b/global/profiles/host/dp.yaml
deleted file mode 100644
index 9aa056ec3..000000000
--- a/global/profiles/host/dp.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: dp-global
-  labels:
-    hosttype: dp-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - dest:
-        path: .oob.credential
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ipmi_admin_password
-        path: .
-data:
-  oob:
-    type: 'ipmi'
-    network: 'oob'
-    account: 'root'
-  storage:
-    physical_devices:
-      sda:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  platform:
-    image: 'xenial'
-    kernel: 'hwe-16.04'
-    kernel_params:
-      kernel_package: 'linux-image-4.15.0-46-generic'
-
-  metadata:
-    owner_data:
-      openstack-nova-compute: enabled
-      tenant-ceph-osd: enabled
-      openvswitch: enabled
-      contrail-vrouter: kernel
-      openstack-libvirt: kernel
-      beta.kubernetes.io/fluentd-ds-ready: 'true'
-      node-exporter: enabled
-      fluentbit: enabled
-...
diff --git a/global/profiles/kubernetes-host.yaml b/global/profiles/kubernetes-host.yaml
deleted file mode 100644
index d539fc2f4..000000000
--- a/global/profiles/kubernetes-host.yaml
+++ /dev/null
@@ -1,200 +0,0 @@
----
-schema: promenade/HostSystem/v1
-metadata:
-  schema: metadata/Document/v1
-  name: host-system
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.hyperkube
-      dest:
-        path: .files[0].docker_image
-
-    # Initial CoreDNS image (used during node Genesis and node join)
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.coredns.coredns
-      dest:
-        path: .images.coredns
-
-    # Initial CoreDNS image (used during node Genesis and node join)
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.haproxy.haproxy
-      dest:
-        path: .images.haproxy
-
-    # Operational tools
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.armada.helm
-      dest:
-        path: .images.helm.helm
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.hyperkube
-      dest:
-        path: .images.kubernetes.hyperkube
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.promenade.monitoring_image
-      dest:
-        path: .images.monitoring_image
-
-    # System packages
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.named.docker
-      dest:
-        path: .packages.common.required.docker
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.named.socat
-      dest:
-        path: .packages.common.required.socat
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.unnamed
-      dest:
-        path: .packages.common.additional
-
-    # Docker authorization
-    - src:
-        schema: deckhand/Passphrase/v1
-        path: .
-        name: private_docker_key
-      dest:
-        path: .files[4].content
-        pattern: DH_SUB_PRIVATE_DOCKER_KEY
-
-data:
-  files:
-    - path: /opt/kubernetes/bin/hyperkube
-      file_path: /hyperkube
-      mode: 0555
-    - path: /opt/kubernetes/bin/kubelet
-      symlink: /opt/kubernetes/bin/hyperkube
-      mode: 0555
-    - path: /usr/local/bin/kubectl
-      symlink: /opt/kubernetes/bin/hyperkube
-      mode: 0555
-    - path: /etc/logrotate.d/json-logrotate
-      mode: 0444
-      content: |-
-        /var/lib/docker/containers/*/*-json.log
-        {
-            compress
-            copytruncate
-            create 0644 root root
-            weekly
-            dateext
-            dateformat -%Y%m%d-%s
-            maxsize 100M
-            missingok
-            notifempty
-            su root root
-            rotate 1
-        }
-    - path: /var/lib/kubelet/.dockercfg
-      mode: 0400
-      # NOTE: Sample key, this repo does not exist
-      content: |-
-        {
-           "https://private.registry.com": {
-             "auth": "DH_SUB_PRIVATE_DOCKER_KEY"
-           }
-        }
-      # Make sure that promjoin script does not run on every boot,
-      # otherwise it may downgrade current versions of Docker & Kubelet.
-    - path: /var/lib/prom.done
-      mode: 0444
-      content: ""
-    - path: /etc/profile.d/kubeconfig.sh
-      mode: 0744
-      content: |-
-        export KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml
-  packages:
-    common:
-      repositories:
-        - deb https://download.docker.com/linux/ubuntu/ xenial stable
-      keys:
-        - |-
-          -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-          mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
-          lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
-          38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
-          L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
-          UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
-          cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
-          ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
-          vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
-          G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
-          XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
-          q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
-          tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
-          BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
-          v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
-          tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
-          jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
-          6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
-          XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
-          FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
-          g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
-          ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
-          9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
-          G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
-          FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
-          EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
-          M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
-          Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
-          w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
-          z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
-          eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
-          VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
-          1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
-          zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
-          pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
-          ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
-          BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
-          1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
-          YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
-          mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
-          KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
-          JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
-          cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
-          6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
-          U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
-          VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
-          irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
-          SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
-          QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
-          9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
-          24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
-          dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
-          Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
-          H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
-          /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
-          M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
-          xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
-          jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
-          YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
-          =0YYh
-          -----END PGP PUBLIC KEY BLOCK-----
-...
diff --git a/global/profiles/security/apparmor_loader.yaml b/global/profiles/security/apparmor_loader.yaml
deleted file mode 100644
index 9b764f750..000000000
--- a/global/profiles/security/apparmor_loader.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
----
-schema: 'pegleg/AppArmorProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: airship-apparmor-loader
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-data:
-  savePath: /etc/apparmor.d/profile_airship_loader
-  content: |
-    #include <tunables/global>
-
-    profile airship-apparmor-loader flags=(attach_disconnected,mediate_deleted) {
-      #include <abstractions/base>
-
-      network inet tcp,
-      network inet udp,
-      network inet icmp,
-
-      deny network raw,
-
-      deny network packet,
-
-      file,
-      umount,
-
-      deny /bin/** wl,
-      deny /boot/** wl,
-      deny /dev/** wl,
-      deny /etc/** wl,
-      deny /home/** wl,
-      deny /lib/** wl,
-      deny /lib64/** wl,
-      deny /media/** wl,
-      deny /mnt/** wl,
-      deny /opt/** wl,
-      deny /proc/** wl,
-      deny /root/** wl,
-      deny /sbin/** wl,
-      deny /srv/** wl,
-      deny /tmp/** wl,
-      deny /sys/** wl,
-      deny /usr/** wl,
-      audit /etc/apparmor.d/airship_* rwl,
-
-      audit /** w,
-
-      deny /bin/dash mrwklx,
-      deny /bin/sh mrwklx,
-      deny /usr/bin/top mrwklx,
-
-      capability chown,
-      # Allow Apparmor profiles to be loaded
-      capability mac_admin,
-      capability dac_override,
-      capability setuid,
-      capability setgid,
-
-      deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
-      # deny write to files not in /proc/<number>/** or /proc/sys/**
-      deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
-      deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
-      deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
-      deny @{PROC}/sysrq-trigger rwklx,
-      deny @{PROC}/mem rwklx,
-      deny @{PROC}/kmem rwklx,
-      deny @{PROC}/kcore rwklx,
-
-      deny mount,
-
-      deny /sys/[^f]*/** wklx,
-      deny /sys/f[^s]*/** wklx,
-      deny /sys/fs/[^c]*/** wklx,
-      deny /sys/fs/c[^g]*/** wklx,
-      deny /sys/fs/cg[^r]*/** wklx,
-      deny /sys/firmware/** rwklx,
-      deny /sys/kernel/security/** rwklx,
-    }
diff --git a/global/profiles/security/default_apparmor.yaml b/global/profiles/security/default_apparmor.yaml
deleted file mode 100644
index 2b07923eb..000000000
--- a/global/profiles/security/default_apparmor.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-schema: 'pegleg/AppArmorProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: airship-default
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-data:
-  savePath: /etc/apparmor.d/profile_airship_default
-  content: |
-    #include <tunables/global>
-
-    profile airship-default flags=(attach_disconnected,mediate_deleted) {
-      #include <abstractions/base>
-
-      network inet tcp,
-      network inet udp,
-      network inet icmp,
-
-      deny network raw,
-
-      deny network packet,
-
-      file,
-      umount,
-
-      deny /bin/** wl,
-      deny /boot/** wl,
-      deny /dev/** wl,
-      deny /etc/** wl,
-      deny /home/** wl,
-      deny /lib/** wl,
-      deny /lib64/** wl,
-      deny /media/** wl,
-      deny /mnt/** wl,
-      deny /opt/** wl,
-      deny /proc/** wl,
-      deny /root/** wl,
-      deny /sbin/** wl,
-      deny /srv/** wl,
-      deny /tmp/** wl,
-      deny /sys/** wl,
-      deny /usr/** wl,
-
-      audit /** w,
-
-      deny /bin/dash mrwklx,
-      deny /bin/sh mrwklx,
-      deny /usr/bin/top mrwklx,
-
-      capability chown,
-      capability dac_override,
-      capability setuid,
-      capability setgid,
-      capability net_bind_service,
-
-      deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
-      # deny write to files not in /proc/<number>/** or /proc/sys/**
-      deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
-      deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
-      deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
-      deny @{PROC}/sysrq-trigger rwklx,
-      deny @{PROC}/mem rwklx,
-      deny @{PROC}/kmem rwklx,
-      deny @{PROC}/kcore rwklx,
-
-      deny mount,
-
-      deny /sys/[^f]*/** wklx,
-      deny /sys/f[^s]*/** wklx,
-      deny /sys/fs/[^c]*/** wklx,
-      deny /sys/fs/c[^g]*/** wklx,
-      deny /sys/fs/cg[^r]*/** wklx,
-      deny /sys/firmware/** rwklx,
-      deny /sys/kernel/security/** rwklx,
-    }
diff --git a/global/profiles/security/seccomp_default.yaml b/global/profiles/security/seccomp_default.yaml
deleted file mode 100644
index 2ff6a7fd8..000000000
--- a/global/profiles/security/seccomp_default.yaml
+++ /dev/null
@@ -1,787 +0,0 @@
----
-# The data content of this file is referred from the Moby project as
-# mentioned in the link below:
-# https://github.com/moby/moby/blob/master/profiles/seccomp/default.json
-schema: 'pegleg/SeccompProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: seccomp-default
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: global
-data:
-  # Path for seccomp profile root directory.
-  seccompDirPath: /var/lib/kubelet/seccomp
-  # Path to save seccomp profile as file.
-  # This should be same as seccompDirPath with file name.
-  savePath: /var/lib/kubelet/seccomp/seccomp_default
-  # Content of default seccomp profile file.
-  content: |
-    {
-        "defaultAction": "SCMP_ACT_ERRNO",
-        "archMap": [
-            {
-                "architecture": "SCMP_ARCH_X86_64",
-                "subArchitectures": [
-                    "SCMP_ARCH_X86",
-                    "SCMP_ARCH_X32"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_AARCH64",
-                "subArchitectures": [
-                    "SCMP_ARCH_ARM"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_MIPS64",
-                "subArchitectures": [
-                    "SCMP_ARCH_MIPS",
-                    "SCMP_ARCH_MIPS64N32"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_MIPS64N32",
-                "subArchitectures": [
-                    "SCMP_ARCH_MIPS",
-                    "SCMP_ARCH_MIPS64"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_MIPSEL64",
-                "subArchitectures": [
-                    "SCMP_ARCH_MIPSEL",
-                    "SCMP_ARCH_MIPSEL64N32"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_MIPSEL64N32",
-                "subArchitectures": [
-                    "SCMP_ARCH_MIPSEL",
-                    "SCMP_ARCH_MIPSEL64"
-                ]
-            },
-            {
-                "architecture": "SCMP_ARCH_S390X",
-                "subArchitectures": [
-                    "SCMP_ARCH_S390"
-                ]
-            }
-        ],
-        "syscalls": [
-            {
-                "names": [
-                    "accept",
-                    "accept4",
-                    "access",
-                    "adjtimex",
-                    "alarm",
-                    "bind",
-                    "brk",
-                    "capget",
-                    "capset",
-                    "chdir",
-                    "chmod",
-                    "chown",
-                    "chown32",
-                    "clock_getres",
-                    "clock_gettime",
-                    "clock_nanosleep",
-                    "close",
-                    "connect",
-                    "copy_file_range",
-                    "creat",
-                    "dup",
-                    "dup2",
-                    "dup3",
-                    "epoll_create",
-                    "epoll_create1",
-                    "epoll_ctl",
-                    "epoll_ctl_old",
-                    "epoll_pwait",
-                    "epoll_wait",
-                    "epoll_wait_old",
-                    "eventfd",
-                    "eventfd2",
-                    "execve",
-                    "execveat",
-                    "exit",
-                    "exit_group",
-                    "faccessat",
-                    "fadvise64",
-                    "fadvise64_64",
-                    "fallocate",
-                    "fanotify_mark",
-                    "fchdir",
-                    "fchmod",
-                    "fchmodat",
-                    "fchown",
-                    "fchown32",
-                    "fchownat",
-                    "fcntl",
-                    "fcntl64",
-                    "fdatasync",
-                    "fgetxattr",
-                    "flistxattr",
-                    "flock",
-                    "fork",
-                    "fremovexattr",
-                    "fsetxattr",
-                    "fstat",
-                    "fstat64",
-                    "fstatat64",
-                    "fstatfs",
-                    "fstatfs64",
-                    "fsync",
-                    "ftruncate",
-                    "ftruncate64",
-                    "futex",
-                    "futimesat",
-                    "getcpu",
-                    "getcwd",
-                    "getdents",
-                    "getdents64",
-                    "getegid",
-                    "getegid32",
-                    "geteuid",
-                    "geteuid32",
-                    "getgid",
-                    "getgid32",
-                    "getgroups",
-                    "getgroups32",
-                    "getitimer",
-                    "getpeername",
-                    "getpgid",
-                    "getpgrp",
-                    "getpid",
-                    "getppid",
-                    "getpriority",
-                    "getrandom",
-                    "getresgid",
-                    "getresgid32",
-                    "getresuid",
-                    "getresuid32",
-                    "getrlimit",
-                    "get_robust_list",
-                    "getrusage",
-                    "getsid",
-                    "getsockname",
-                    "getsockopt",
-                    "get_thread_area",
-                    "gettid",
-                    "gettimeofday",
-                    "getuid",
-                    "getuid32",
-                    "getxattr",
-                    "inotify_add_watch",
-                    "inotify_init",
-                    "inotify_init1",
-                    "inotify_rm_watch",
-                    "io_cancel",
-                    "ioctl",
-                    "io_destroy",
-                    "io_getevents",
-                    "ioprio_get",
-                    "ioprio_set",
-                    "io_setup",
-                    "io_submit",
-                    "ipc",
-                    "kill",
-                    "lchown",
-                    "lchown32",
-                    "lgetxattr",
-                    "link",
-                    "linkat",
-                    "listen",
-                    "listxattr",
-                    "llistxattr",
-                    "_llseek",
-                    "lremovexattr",
-                    "lseek",
-                    "lsetxattr",
-                    "lstat",
-                    "lstat64",
-                    "madvise",
-                    "memfd_create",
-                    "mincore",
-                    "mkdir",
-                    "mkdirat",
-                    "mknod",
-                    "mknodat",
-                    "mlock",
-                    "mlock2",
-                    "mlockall",
-                    "mmap",
-                    "mmap2",
-                    "mprotect",
-                    "mq_getsetattr",
-                    "mq_notify",
-                    "mq_open",
-                    "mq_timedreceive",
-                    "mq_timedsend",
-                    "mq_unlink",
-                    "mremap",
-                    "msgctl",
-                    "msgget",
-                    "msgrcv",
-                    "msgsnd",
-                    "msync",
-                    "munlock",
-                    "munlockall",
-                    "munmap",
-                    "nanosleep",
-                    "newfstatat",
-                    "_newselect",
-                    "open",
-                    "openat",
-                    "pause",
-                    "pipe",
-                    "pipe2",
-                    "poll",
-                    "ppoll",
-                    "prctl",
-                    "pread64",
-                    "preadv",
-                    "preadv2",
-                    "prlimit64",
-                    "pselect6",
-                    "pwrite64",
-                    "pwritev",
-                    "pwritev2",
-                    "read",
-                    "readahead",
-                    "readlink",
-                    "readlinkat",
-                    "readv",
-                    "recv",
-                    "recvfrom",
-                    "recvmmsg",
-                    "recvmsg",
-                    "remap_file_pages",
-                    "removexattr",
-                    "rename",
-                    "renameat",
-                    "renameat2",
-                    "restart_syscall",
-                    "rmdir",
-                    "rt_sigaction",
-                    "rt_sigpending",
-                    "rt_sigprocmask",
-                    "rt_sigqueueinfo",
-                    "rt_sigreturn",
-                    "rt_sigsuspend",
-                    "rt_sigtimedwait",
-                    "rt_tgsigqueueinfo",
-                    "sched_getaffinity",
-                    "sched_getattr",
-                    "sched_getparam",
-                    "sched_get_priority_max",
-                    "sched_get_priority_min",
-                    "sched_getscheduler",
-                    "sched_rr_get_interval",
-                    "sched_setaffinity",
-                    "sched_setattr",
-                    "sched_setparam",
-                    "sched_setscheduler",
-                    "sched_yield",
-                    "seccomp",
-                    "select",
-                    "semctl",
-                    "semget",
-                    "semop",
-                    "semtimedop",
-                    "send",
-                    "sendfile",
-                    "sendfile64",
-                    "sendmmsg",
-                    "sendmsg",
-                    "sendto",
-                    "setfsgid",
-                    "setfsgid32",
-                    "setfsuid",
-                    "setfsuid32",
-                    "setgid",
-                    "setgid32",
-                    "setgroups",
-                    "setgroups32",
-                    "setitimer",
-                    "setpgid",
-                    "setpriority",
-                    "setregid",
-                    "setregid32",
-                    "setresgid",
-                    "setresgid32",
-                    "setresuid",
-                    "setresuid32",
-                    "setreuid",
-                    "setreuid32",
-                    "setrlimit",
-                    "set_robust_list",
-                    "setsid",
-                    "setsockopt",
-                    "set_thread_area",
-                    "set_tid_address",
-                    "setuid",
-                    "setuid32",
-                    "setxattr",
-                    "shmat",
-                    "shmctl",
-                    "shmdt",
-                    "shmget",
-                    "shutdown",
-                    "sigaltstack",
-                    "signalfd",
-                    "signalfd4",
-                    "sigreturn",
-                    "socket",
-                    "socketcall",
-                    "socketpair",
-                    "splice",
-                    "stat",
-                    "stat64",
-                    "statfs",
-                    "statfs64",
-                    "statx",
-                    "symlink",
-                    "symlinkat",
-                    "sync",
-                    "sync_file_range",
-                    "syncfs",
-                    "sysinfo",
-                    "syslog",
-                    "tee",
-                    "tgkill",
-                    "time",
-                    "timer_create",
-                    "timer_delete",
-                    "timerfd_create",
-                    "timerfd_gettime",
-                    "timerfd_settime",
-                    "timer_getoverrun",
-                    "timer_gettime",
-                    "timer_settime",
-                    "times",
-                    "tkill",
-                    "truncate",
-                    "truncate64",
-                    "ugetrlimit",
-                    "umask",
-                    "uname",
-                    "unlink",
-                    "unlinkat",
-                    "utime",
-                    "utimensat",
-                    "utimes",
-                    "vfork",
-                    "vmsplice",
-                    "wait4",
-                    "waitid",
-                    "waitpid",
-                    "write",
-                    "writev"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "personality"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 0,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "personality"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 8,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "personality"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 131072,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "personality"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 131080,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "personality"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 4294967295,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "sync_file_range2"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "arches": [
-                        "ppc64le"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "arm_fadvise64_64",
-                    "arm_sync_file_range",
-                    "sync_file_range2",
-                    "breakpoint",
-                    "cacheflush",
-                    "set_tls"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "arches": [
-                        "arm",
-                        "arm64"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "arch_prctl"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "arches": [
-                        "amd64",
-                        "x32"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "modify_ldt"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "arches": [
-                        "amd64",
-                        "x32",
-                        "x86"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "s390_pci_mmio_read",
-                    "s390_pci_mmio_write",
-                    "s390_runtime_instr"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "arches": [
-                        "s390",
-                        "s390x"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "open_by_handle_at"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_DAC_READ_SEARCH"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "bpf",
-                    "clone",
-                    "fanotify_init",
-                    "lookup_dcookie",
-                    "mount",
-                    "name_to_handle_at",
-                    "perf_event_open",
-                    "quotactl",
-                    "setdomainname",
-                    "sethostname",
-                    "setns",
-                    "umount",
-                    "umount2",
-                    "unshare"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_ADMIN"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "clone"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 0,
-                        "value": 2080505856,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_MASKED_EQ"
-                    }
-                ],
-                "comment": "",
-                "includes": {},
-                "excludes": {
-                    "caps": [
-                        "CAP_SYS_ADMIN"
-                    ],
-                    "arches": [
-                        "s390",
-                        "s390x"
-                    ]
-                }
-            },
-            {
-                "names": [
-                    "clone"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [
-                    {
-                        "index": 1,
-                        "value": 2080505856,
-                        "valueTwo": 0,
-                        "op": "SCMP_CMP_MASKED_EQ"
-                    }
-                ],
-                "comment": "s390 parameter ordering for clone is different",
-                "includes": {
-                    "arches": [
-                        "s390",
-                        "s390x"
-                    ]
-                },
-                "excludes": {
-                    "caps": [
-                        "CAP_SYS_ADMIN"
-                    ]
-                }
-            },
-            {
-                "names": [
-                    "reboot"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_BOOT"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "chroot"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_CHROOT"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "delete_module",
-                    "init_module",
-                    "finit_module",
-                    "query_module"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_MODULE"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "acct"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_PACCT"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "kcmp",
-                    "process_vm_readv",
-                    "process_vm_writev",
-                    "ptrace"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_PTRACE"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "iopl",
-                    "ioperm"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_RAWIO"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "settimeofday",
-                    "stime",
-                    "clock_settime"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_TIME"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "vhangup"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_TTY_CONFIG"
-                    ]
-                },
-                "excludes": {}
-            },
-            {
-                "names": [
-                    "get_mempolicy",
-                    "mbind",
-                    "set_mempolicy"
-                ],
-                "action": "SCMP_ACT_ALLOW",
-                "args": [],
-                "comment": "",
-                "includes": {
-                    "caps": [
-                        "CAP_SYS_NICE"
-                    ]
-                },
-                "excludes": {}
-            }
-        ]
-    }
\ No newline at end of file
diff --git a/global/schemas/armada/Chart/v1.yaml b/global/schemas/armada/Chart/v1.yaml
deleted file mode 100644
index 86fede8e4..000000000
--- a/global/schemas/armada/Chart/v1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: armada/Chart/v1
-  labels:
-    application: armada
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: true
-...
diff --git a/global/schemas/armada/ChartGroup/v1.yaml b/global/schemas/armada/ChartGroup/v1.yaml
deleted file mode 100644
index 76f21dfc8..000000000
--- a/global/schemas/armada/ChartGroup/v1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: armada/ChartGroup/v1
-  labels:
-    application: armada
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: true
-...
diff --git a/global/schemas/armada/Manifest/v1.yaml b/global/schemas/armada/Manifest/v1.yaml
deleted file mode 100644
index cca2e1008..000000000
--- a/global/schemas/armada/Manifest/v1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: armada/Manifest/v1
-  labels:
-    application: armada
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: true
-...
diff --git a/global/schemas/drydock/BaremetalNode/v1.yaml b/global/schemas/drydock/BaremetalNode/v1.yaml
deleted file mode 100644
index a3b555e49..000000000
--- a/global/schemas/drydock/BaremetalNode/v1.yaml
+++ /dev/null
@@ -1,161 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/BaremetalNode/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    addressing:
-      type: 'array'
-      items:
-        type: 'object'
-        properties:
-          address:
-            type: 'string'
-          network:
-            type: 'string'
-    oob:
-      type: 'object'
-      properties:
-        type:
-          type: 'string'
-        network:
-          type: 'string'
-        account:
-          type: 'string'
-        credetial:
-          type: 'string'
-      additionalProperties: true
-    storage:
-      type: 'object'
-      properties:
-        physical_devices:
-          type: 'object'
-          additionalProperties:
-            type: 'object'
-            properties:
-              labels:
-                type: 'object'
-                additionalProperties:
-                  type: 'string'
-              volume_group:
-                type: 'string'
-              partitions:
-                type: 'array'
-                items:
-                  type: 'object'
-                  properties:
-                    name:
-                      type: 'string'
-                    size:
-                      type: 'string'
-                    part_uuid:
-                      type: 'string'
-                    volume_group:
-                      type: 'string'
-                    labels:
-                      type: 'object'
-                      additionalProperties:
-                        type: 'string'
-                    bootable:
-                      type: 'boolean'
-                    filesystem:
-                      type: 'object'
-                      properties:
-                        mountpoint:
-                          type: 'string'
-                        fstype:
-                          type: 'string'
-                        mount_options:
-                          type: 'string'
-                        fs_uuid:
-                          type: 'string'
-                        fs_label:
-                          type: 'string'
-                      additionalProperties: false
-                  additionalProperties: false
-        volume_groups:
-          type: 'object'
-          additionalProperties:
-            type: 'object'
-            properties:
-              vg_uuid:
-                type: 'string'
-              logical_volumes:
-                type: 'array'
-                items:
-                  type: 'object'
-                  properties:
-                    name:
-                      type: 'string'
-                    lv_uuid:
-                      type: 'string'
-                    size:
-                      type: 'string'
-                    filesystem:
-                      type: 'object'
-                      properties:
-                        mountpoint:
-                          type: 'string'
-                        fstype:
-                          type: 'string'
-                        mount_options:
-                          type: 'string'
-                        fs_uuid:
-                          type: 'string'
-                        fs_label:
-                          type: 'string'
-    platform:
-      type: 'object'
-      properties:
-        image:
-          type: 'string'
-        kernel:
-          type: 'string'
-        kernel_params:
-          type: 'object'
-          additionalProperties: true
-      additionalProperties: false
-    metadata:
-      type: 'object'
-      properties:
-        tags:
-          type: 'array'
-          items:
-            type: 'string'
-        owner_data:
-          type: 'object'
-          additionalProperties:
-            type: 'string'
-        rack:
-          type: 'string'
-        boot_mac:
-          type: 'string'
-      additionalProperties: false
-    host_profile:
-      type: 'string'
-    hardware_profile:
-      type: 'string'
-    primary_network:
-      type: 'string'
-    interfaces:
-      type: 'object'
-      additionalProperties:
-        type: 'object'
-        properties:
-          device_link:
-           type: 'string'
-          slaves:
-            type: 'array'
-            items:
-              type: 'string'
-          networks:
-            type: 'array'
-            items:
-              type: 'string'
-  additionalProperties: false
-...
diff --git a/global/schemas/drydock/BootAction/v1.yaml b/global/schemas/drydock/BootAction/v1.yaml
deleted file mode 100644
index f3e7c2b9d..000000000
--- a/global/schemas/drydock/BootAction/v1.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/BootAction/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: false
-  properties:
-    signaling:
-      type: 'boolean'
-    assets:
-      type: 'array'
-      items:
-        type: 'object'
-        additionalProperties: false
-        properties:
-          path:
-            type: 'string'
-            pattern: '^/.+'
-          location:
-            type: 'string'
-          type:
-            type: 'string'
-            enum:
-              - 'unit'
-              - 'file'
-              - 'pkg_list'
-          data:
-            type: 'string'
-          location_pipeline:
-            type: 'array'
-            items:
-              type: 'string'
-              enum:
-                - 'template'
-          data_pipeline:
-            type: 'array'
-            items:
-              type: 'string'
-              enum:
-                - 'base64_encode'
-                - 'template'
-                - 'base64_decode'
-                - 'utf8_encode'
-                - 'utf8_decode'
-          permissions:
-            type: 'string'
-            pattern: '\d{3}'
-        required:
-          - 'type'
-    node_filter:
-      type: 'object'
-      additionalProperties: false
-      properties:
-        filter_set_type:
-          type: 'string'
-          enum:
-            - 'intersection'
-            - 'union'
-        filter_set:
-          type: 'array'
-          items:
-            type: 'object'
-            additionalProperties: false
-            properties:
-              filter_type:
-                type: 'string'
-                enum:
-                  - 'intersection'
-                  - 'union'
-              node_names:
-                type: 'array'
-                items:
-                  type: 'string'
-              node_tags:
-                type: 'array'
-                items:
-                  type: 'string'
-              node_labels:
-                type: 'object'
-                additionalProperties: true
-              rack_names:
-                type: 'array'
-                items:
-                  type: 'string'
-              rack_labels:
-                type: 'object'
-                additionalProperties: true
-...
diff --git a/global/schemas/drydock/HardwareProfile/v1.yaml b/global/schemas/drydock/HardwareProfile/v1.yaml
deleted file mode 100644
index e51e274ff..000000000
--- a/global/schemas/drydock/HardwareProfile/v1.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/HardwareProfile/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    vendor:
-      type: 'string'
-    generation:
-      type: 'string'
-    hw_version:
-      type: 'string'
-    bios_version:
-      type: 'string'
-    boot_mode:
-      type: 'string'
-      enum:
-        - 'bios'
-        - 'uefi'
-    bootstrap_protocol:
-      type: 'string'
-      enum:
-        - 'pxe'
-        - 'usb'
-        - 'hdd'
-    pxe_interface:
-      type: 'number'
-    device_aliases:
-      type: 'object'
-      additionalProperties: true
-    cpu_sets:
-      type: 'object'
-      additionalProperties:
-        type: 'string'
-    hugepages:
-      type: 'object'
-      additionalProperties:
-        type: 'object'
-        propertes:
-          size:
-            type: 'string'
-          count:
-            type: 'number'
-  additionalProperties: false
diff --git a/global/schemas/drydock/HostProfile/v1.yaml b/global/schemas/drydock/HostProfile/v1.yaml
deleted file mode 100644
index 0a6d11183..000000000
--- a/global/schemas/drydock/HostProfile/v1.yaml
+++ /dev/null
@@ -1,159 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/HostProfile/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    oob:
-      type: 'object'
-      properties:
-        type:
-          type: 'string'
-        network:
-          type: 'string'
-        account:
-          type: 'string'
-        credetial:
-          type: 'string'
-      additionalProperties: true
-    storage:
-      type: 'object'
-      properties:
-        physical_devices:
-          type: 'object'
-          additionalProperties:
-            type: 'object'
-            properties:
-              labels:
-                type: 'object'
-                additionalProperties:
-                  type: 'string'
-              volume_group:
-                type: 'string'
-              partitions:
-                type: 'array'
-                items:
-                  type: 'object'
-                  properties:
-                    name:
-                      type: 'string'
-                    size:
-                      type: 'string'
-                    part_uuid:
-                      type: 'string'
-                    volume_group:
-                      type: 'string'
-                    labels:
-                      type: 'object'
-                      additionalProperties:
-                        type: 'string'
-                    bootable:
-                      type: 'boolean'
-                    filesystem:
-                      type: 'object'
-                      properties:
-                        mountpoint:
-                          type: 'string'
-                        fstype:
-                          type: 'string'
-                        mount_options:
-                          type: 'string'
-                        fs_uuid:
-                          type: 'string'
-                        fs_label:
-                          type: 'string'
-                      additionalProperties: false
-                  additionalProperties: false
-        volume_groups:
-          type: 'object'
-          additionalProperties:
-            type: 'object'
-            properties:
-              vg_uuid:
-                type: 'string'
-              logical_volumes:
-                type: 'array'
-                items:
-                  type: 'object'
-                  properties:
-                    name:
-                      type: 'string'
-                    lv_uuid:
-                      type: 'string'
-                    size:
-                      type: 'string'
-                    filesystem:
-                      type: 'object'
-                      properties:
-                        mountpoint:
-                          type: 'string'
-                        fstype:
-                          type: 'string'
-                        mount_options:
-                          type: 'string'
-                        fs_uuid:
-                          type: 'string'
-                        fs_label:
-                          type: 'string'
-    platform:
-      type: 'object'
-      properties:
-        image:
-          type: 'string'
-        kernel:
-          type: 'string'
-        kernel_params:
-          type: 'object'
-          additionalProperties: true
-      additionalProperties: false
-    metadata:
-      type: 'object'
-      properties:
-        tags:
-          type: 'array'
-          items:
-            type: 'string'
-        owner_data:
-          type: 'object'
-          additionalProperties:
-            type: 'string'
-        rack:
-          type: 'string'
-        boot_mac:
-          type: 'string'
-      additionalProperties: false
-    host_profile:
-      type: 'string'
-    hardware_profile:
-      type: 'string'
-    primary_network:
-      type: 'string'
-    interfaces:
-      type: 'object'
-      additionalProperties:
-        type: 'object'
-        properties:
-          device_link:
-           type: 'string'
-          slaves:
-            type: 'array'
-            items:
-              type: 'string'
-          networks:
-            type: 'array'
-            items:
-              type: 'string'
-          sriov:
-            type: 'object'
-            properties:
-              vf_count:
-                type: 'number'
-              trustmode:
-                type: 'boolean'
-  additionalProperties: false
-...
diff --git a/global/schemas/drydock/Network/v1.yaml b/global/schemas/drydock/Network/v1.yaml
deleted file mode 100644
index 8617f8868..000000000
--- a/global/schemas/drydock/Network/v1.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/Network/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    cidr:
-      type: 'string'
-    ranges:
-      type: 'array'
-      items:
-        type: 'object'
-        properties:
-          type:
-            type: 'string'
-          start:
-            type: 'string'
-            format: 'ipv4'
-          end:
-            type: 'string'
-            format: 'ipv4'
-        additionalProperties: false
-    dns:
-      type: 'object'
-      properties:
-        domain:
-          type: 'string'
-        servers:
-          type: 'string'
-      additionalProperties: false
-    dhcp_relay:
-      type: 'object'
-      properties:
-        self_ip:
-          type: 'string'
-          format: 'ipv4'
-        upstream_target:
-          type: 'string'
-          format: 'ipv4'
-      additionalProperties: false
-    mtu:
-      type: 'number'
-    vlan:
-      type: 'string'
-    routedomain:
-      type: 'string'
-    routes:
-      type: 'array'
-      items:
-        type: 'object'
-        properties:
-          subnet:
-            type: 'string'
-          gateway:
-            type: 'string'
-            format: 'ipv4'
-          metric:
-            type: 'number'
-          routedomain:
-            type: 'string'
-        additionalProperties: false
-    labels:
-      type: 'object'
-      additionalProperties: true
-  additionalProperties: false
diff --git a/global/schemas/drydock/NetworkLink/v1.yaml b/global/schemas/drydock/NetworkLink/v1.yaml
deleted file mode 100644
index 3d0b12b73..000000000
--- a/global/schemas/drydock/NetworkLink/v1.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/NetworkLink/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    bonding:
-      type: 'object'
-      properties:
-        mode:
-          type: 'string'
-        hash:
-          type: 'string'
-        peer_rate:
-          type: 'string'
-        mon_rate:
-          type: 'number'
-        up_delay:
-          type: 'number'
-        down_delay:
-          type: 'number'
-      additionalProperties: false
-    mtu:
-      type: 'number'
-    linkspeed:
-      type: 'string'
-    trunking:
-      type: 'object'
-      properties:
-        mode:
-          type: 'string'
-        default_network:
-          type: 'string'
-      additionalProperties: false
-    allowed_networks:
-      type: 'array'
-      items:
-        type: 'string'
-    labels:
-      type: 'object'
-      additionalProperties: true
-  additionalProperties: false
diff --git a/global/schemas/drydock/Rack/v1.yaml b/global/schemas/drydock/Rack/v1.yaml
deleted file mode 100644
index c987ef1db..000000000
--- a/global/schemas/drydock/Rack/v1.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/Rack/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    tor_switches:
-      type: 'object'
-      properties:
-        mgmt_ip:
-          type: 'string'
-          format: 'ipv4'
-        sdn_api_uri:
-          type: 'string'
-          format: 'uri'
-    location:
-      type: 'object'
-      properties:
-        clli:
-          type: 'string'
-        grid:
-          type: 'string'
-    local_networks:
-      type: 'array'
-      items:
-        type: 'string'
-    labels:
-      type: 'object'
-      additionalProperties: true
-  additionalProperties: false
diff --git a/global/schemas/drydock/Region/v1.yaml b/global/schemas/drydock/Region/v1.yaml
deleted file mode 100644
index 42636dd1d..000000000
--- a/global/schemas/drydock/Region/v1.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: drydock/Region/v1
-  labels:
-    application: drydock
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    tag_definitions:
-      type: 'array'
-      items:
-        type: 'object'
-        properties:
-          tag:
-            type: 'string'
-          definition_type:
-            type: 'string'
-            enum:
-              - 'lshw_xpath'
-          definition:
-            type: 'string'
-        additionalProperties: false
-    authorized_keys:
-      type: 'array'
-      items:
-        type: 'string'
-    repositories:
-      # top level is class (e.g. apt, rpm)
-      type: 'object'
-      properties:
-        remove_unlisted:
-          type: 'boolean'
-      additionalPropties:
-        type: 'object'
-        properties:
-          repo_type:
-            type: 'string'
-            pattern: 'apt|rpm'
-          url:
-            type: 'string'
-          distributions:
-            type: 'array'
-            items:
-              type: 'string'
-          subrepos:
-            type: 'array'
-            items:
-              type: 'string'
-          components:
-            type: 'array'
-            items:
-              type: 'string'
-          gpgkey:
-            type: 'string'
-          arches:
-            type: 'array'
-            items:
-              type: 'string'
-          options:
-            type: 'object'
-            additionalProperties:
-              type: 'string'
-        additionalProperties: false
-        required:
-          - 'repo_type'
-          - 'url'
-          - 'arches'
-  additionalProperties: false
diff --git a/global/schemas/pegleg/AccountCatalogue/v1.yaml b/global/schemas/pegleg/AccountCatalogue/v1.yaml
deleted file mode 100644
index c9505999b..000000000
--- a/global/schemas/pegleg/AccountCatalogue/v1.yaml
+++ /dev/null
@@ -1,645 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/AccountCatalogue/v1
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: object
-  properties:
-    ucp:
-      type: object
-      properties:
-        postgres:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        oslo_db:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        oslo_messaging:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        keystone:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                username:
-                  type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        promenade:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                role:
-                  type: string
-                project_name:
-                  type: string
-                project_domain_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-        drydock:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                role:
-                  type: string
-                project_name:
-                  type: string
-                project_domain_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-            postgres:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        shipyard:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                role:
-                  type: string
-                project_name:
-                  type: string
-                project_domain_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-            postgres:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        airflow:
-          type: object
-          properties:
-            postgres:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                username:
-                  type: string
-        maas:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-                email:
-                  type: string
-            postgres:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        barbican:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                role:
-                  type: string
-                project_name:
-                  type: string
-                project_domain_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                username:
-                  type: string
-        armada:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                project_domain_name:
-                  type: string
-                project_name:
-                  type: string
-                region_name:
-                  type: string
-                role:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-        deckhand:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                role:
-                  type: string
-                project_name:
-                  type: string
-                project_domain_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                username:
-                  type: string
-            postgres:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-    ceph:
-      type: object
-      properties:
-        swift:
-          type: object
-          properties:
-            keystone:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-    osh:
-      type: object
-      properties:
-        keystone:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                keystone:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        cinder:
-          type: object
-          properties:
-            cinder:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                cinder:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        glance:
-          type: object
-          properties:
-            glance:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                glance:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            ceph_object_store:
-              type: object
-              properties:
-                username:
-                  type: string
-        heat:
-          type: object
-          properties:
-            heat:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            heat_trustee:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            heat_stack_user:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                heat:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-        swift:
-          type: object
-          properties:
-            swift:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-        oslo_db:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        neutron:
-          type: object
-          properties:
-            neutron:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                neutron:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        nova:
-          type: object
-          properties:
-            nova:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            placement:
-              type: object
-              properties:
-                role:
-                  type: string
-                region_name:
-                  type: string
-                username:
-                  type: string
-                project_name:
-                  type: string
-                user_domain_name:
-                  type: string
-                project_domain_name:
-                  type: string
-            oslo_messaging:
-              type: object
-              properties:
-                admin:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-                nova:
-                  type: object
-                  properties:
-                    username:
-                      type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_db_api:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_db_cell0:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        horizon:
-          type: object
-          properties:
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-    osh_infra:
-      type: object
-      properties:
-        grafana:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-            oslo_db:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-            oslo_db_session:
-              type: object
-              properties:
-                username:
-                  type: string
-                database:
-                  type: string
-        elasticsearch:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        oslo_db:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-        prometheus_openstack_exporter:
-          type: object
-          properties:
-            user:
-              type: object
-              properties:
-                username:
-                  type: string
-        nagios:
-          type: object
-          properties:
-            admin:
-              type: object
-              properties:
-                username:
-                  type: string
-...
diff --git a/global/schemas/pegleg/AppArmorProfile/v1.yaml b/global/schemas/pegleg/AppArmorProfile/v1.yaml
deleted file mode 100644
index 29fa070c3..000000000
--- a/global/schemas/pegleg/AppArmorProfile/v1.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/AppArmorProfile/v1
-  labels:
-    application: pegleg
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: false
-  properties:
-    savePath:
-      type: 'string'
-    content:
-      type: 'string'
-  required: ['savePath', 'content']
diff --git a/global/schemas/pegleg/CommonAddresses/v1.yaml b/global/schemas/pegleg/CommonAddresses/v1.yaml
deleted file mode 100644
index 339813733..000000000
--- a/global/schemas/pegleg/CommonAddresses/v1.yaml
+++ /dev/null
@@ -1,116 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/CommonAddresses/v1
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: object
-  properties:
-    calico:
-      type: object
-      properties:
-        ip_autodetection_method:
-          type: string
-        etcd:
-          type: object
-          properties:
-            service_ip:
-              type: string
-    dns:
-      type: object
-      properties:
-        cluster_domain:
-          type: string
-        service_ip:
-          type: string
-        upstream_servers:
-          type: array
-          items:
-            type: string
-        upstream_servers_joined:
-          type: string
-    genesis:
-      type: object
-      properties:
-        hostname:
-          type: string
-        ip:
-          type: string
-    bootstrap:
-      type: object
-      properties:
-        ip:
-          type: string
-    kubernetes:
-      type: object
-      properties:
-        api_service_ip:
-          type: string
-        etcd_service_ip:
-          type: string
-        pod_cidr:
-          type: string
-        service_cidr:
-          type: string
-        apiserver_port:
-          type: number
-        haproxy_port:
-          type: number
-        service_node_port_range:
-          type: string
-    etcd:
-      type: object
-      properties:
-        container_port:
-          type: number
-        haproxy_port:
-          type: number
-    masters:
-      type: array
-      items:
-        type: object
-        properties:
-          hostname:
-            type: string
-    node_ports:
-      type: object
-      properties:
-        drydock_api:
-          type: number
-        maas_api:
-          type: number
-        maas_proxy:
-          type: number
-        shipyard_api:
-          type: number
-        airflow_web:
-          type: number
-    ntp:
-      type: object
-      properties:
-        servers_joined:
-          type: string
-    storage:
-      type: object
-      properties:
-        ceph:
-          type: object
-          properties:
-            public_cidr:
-              type: string
-            cluster_cidr:
-              type: string
-    openvswitch:
-      type: object
-      properties:
-        external_iface:
-          type: string
-    neutron:
-      type: object
-      properties:
-        tunnel_device:
-          type: string
-        external_iface:
-          type: string
-...
diff --git a/global/schemas/pegleg/CommonSoftwareConfig/v1.yaml b/global/schemas/pegleg/CommonSoftwareConfig/v1.yaml
deleted file mode 100644
index c02965cf8..000000000
--- a/global/schemas/pegleg/CommonSoftwareConfig/v1.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/CommonSoftwareConfig/v1
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: object
-  properties:
-    osh:
-      type: object
-      properties:
-        region_name:
-          type: string
-...
diff --git a/global/schemas/pegleg/EndpointCatalogue/v1.yaml b/global/schemas/pegleg/EndpointCatalogue/v1.yaml
deleted file mode 100644
index 309989012..000000000
--- a/global/schemas/pegleg/EndpointCatalogue/v1.yaml
+++ /dev/null
@@ -1,169 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/EndpointCatalogue/v1
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  # Namespace the list of endpoints
-  additionalProperties:
-    type: 'object'
-    additionalProperties:
-      type: 'object'
-      properties:
-        namespace:
-          oneOf:
-            - type: string
-            - type: "null"
-        name:
-          type: string
-        statefulset:
-          type: object
-          properties:
-            replicas:
-              type: number
-            name:
-              type: string
-        auth:
-          type: object
-        hosts:
-          type: object
-          properties:
-            data:
-              type: string
-            default:
-              type: string
-            discovery:
-              type: string
-            public:
-              type: string
-            internal:
-              type: string
-          additionalProperties:
-            type: string
-        host_fqdn_override:
-          oneOf:
-            - type: object
-              properties:
-                default:
-                  oneOf:
-                    - type: string
-                    - type: "null"
-                    - type: object
-                      properties:
-                        host:
-                          type: string
-                        tls:
-                          type: object
-                          properties:
-                            crt:
-                              type: string
-                            ca:
-                              type: string
-                            key:
-                              type: string
-                      additionalProperties:
-                        type: string
-                public:
-                  oneOf:
-                    - type: string
-                    - type: "null"
-                    - type: object
-                      properties:
-                        host:
-                          type: string
-                        tls:
-                          type: object
-                          properties:
-                            crt:
-                              type: string
-                            ca:
-                              type: string
-                            key:
-                              type: string
-                      additionalProperties:
-                        type: string
-                admin:
-                  oneOf:
-                    - type: string
-                    - type: "null"
-                    - type: object
-                      properties:
-                        host:
-                          type: string
-                        tls:
-                          type: object
-                          properties:
-                            crt:
-                              type: string
-                            ca:
-                              type: string
-                            key:
-                              type: string
-                      additionalProperties:
-                        type: string
-                internal:
-                  oneOf:
-                    - type: string
-                    - type: "null"
-                    - type: object
-                      properties:
-                        host:
-                          type: string
-                        tls:
-                          type: object
-                          properties:
-                            crt:
-                              type: string
-                            ca:
-                              type: string
-                            key:
-                              type: string
-                      additionalProperties:
-                        type: string
-              additionalProperties:
-                type: string
-            - type: "null"
-        path:
-          oneOf:
-            - type: object
-              properties:
-                default:
-                  oneOf:
-                    - type: string
-                    - type: "null"
-                public:
-                  type: string
-                internal:
-                  type: string
-              additionalProperties:
-                type: string
-            - type: string
-        scheme:
-          oneOf:
-            - type: object
-              properties:
-                default:
-                  type: string
-                public:
-                  type: string
-                internal:
-                  type: string
-              additionalProperties:
-                type: string
-            - type: string
-        port:
-          type: object
-          additionalProperties:
-            type: object
-            properties:
-              default:
-                type: number
-              public:
-                type: number
-              internal:
-                type: number
-            additionalProperties:
-              type: number
-...
diff --git a/global/schemas/pegleg/Script/v1.yaml b/global/schemas/pegleg/Script/v1.yaml
deleted file mode 100644
index 9c90a3028..000000000
--- a/global/schemas/pegleg/Script/v1.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/Script/v1
-data:
-  $schema: http://json-schema.org/schema#
-  type: string
diff --git a/global/schemas/pegleg/SeccompProfile/v1.yaml b/global/schemas/pegleg/SeccompProfile/v1.yaml
deleted file mode 100644
index a2bd8c9ab..000000000
--- a/global/schemas/pegleg/SeccompProfile/v1.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/SeccompProfile/v1
-  labels:
-    application: pegleg
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  additionalProperties: false
-  properties:
-    seccompDirPath:
-      type: 'string'
-    savePath:
-      type: 'string'
-    content:
-      type: 'string'
-  required: ['seccompDirPath', 'savePath', 'content']
diff --git a/global/schemas/pegleg/SiteDefinition/v1.yaml b/global/schemas/pegleg/SiteDefinition/v1.yaml
deleted file mode 100644
index 80e6b69bb..000000000
--- a/global/schemas/pegleg/SiteDefinition/v1.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/SiteDefinition/v1
-data:
-  $schema: http://json-schema.org/schema#
-
-  type: object
-  properties:
-    repositories:
-      type: object
-      additionalProperties:
-        type: object
-        properties:
-          revision:
-            type: string
-          url:
-            type: string
-        required:
-          - revision
-          - url
-
-    site_type:
-      type: string
-  required:
-    - site_type
-  additionalProperties: false
-...
diff --git a/global/schemas/pegleg/SoftwareVersions/v1.yaml b/global/schemas/pegleg/SoftwareVersions/v1.yaml
deleted file mode 100644
index 11f3ae07b..000000000
--- a/global/schemas/pegleg/SoftwareVersions/v1.yaml
+++ /dev/null
@@ -1,1214 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: pegleg/SoftwareVersions/v1
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: object
-  properties:
-    charts:
-      type: object
-      properties:
-        kubernetes:
-          type: object
-          properties:
-            calico:
-              type: object
-              properties:
-                etcd:
-                  type: object
-                  properties:
-                    type:
-                      type: string
-                    location:
-                      type: string
-                    subpath:
-                      type: string
-                    reference:
-                      type: string
-                etcd-htk:
-                  type: object
-                  properties:
-                    type:
-                      type: string
-                    location:
-                      type: string
-                    subpath:
-                      type: string
-                    reference:
-                      type: string
-                calico:
-                  type: object
-                  properties:
-                    type:
-                      type: string
-                    location:
-                      type: string
-                    subpath:
-                      type: string
-                    reference:
-                      type: string
-            apiserver:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            apiserver-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            controller-manager:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            controller-manager-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            coredns:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            coredns-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            haroxy:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-            haroxy-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-            etcd:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            etcd-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ingress:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ingress-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            proxy:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            proxy-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            scheduler:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            scheduler-htk:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-        osh_infra:
-          type: object
-          properties:
-            elasticsearch:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            fluentbit:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            fluentd:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            kibana:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            prometheus:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            prometheus_node_exporter:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            prometheus_kube_state_metrics:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            prometheus_alertmanager:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            grafana:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            prometheus_openstack_exporter:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            nagios:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-        osh:
-          type: object
-          properties:
-            barbican:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            cinder:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            glance:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            heat:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            horizon:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ingress:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            keystone:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            libvirt:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            mariadb:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            memcached:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            neutron:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            nova:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            openvswitch:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            rabbitmq:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-        ucp:
-          type: object
-          properties:
-            armada:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            barbican:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ceph-mon:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ceph-osd:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ceph-client:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ceph-provisioners:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ceph-rgw:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            tenant-ceph-mon:
-              type: object
-              properties:
-                fluentbit:
-                  type: string
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_mon:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_mon_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-            tenant-ceph-osd:
-              type: object
-              properties:
-                fluentbit:
-                  type: string
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_osd:
-                  type: string
-                image_repo_sync:
-                  type: string
-            tenant-ceph-client:
-              type: object
-              properties:
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_mds:
-                  type: string
-                ceph_mgr:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_rbd_pool:
-                  type: string
-                image_repo_sync:
-                  type: string
-            tenant-ceph-provisioners:
-              type: object
-              properties:
-                ceph_bootstrap:
-                  type: string
-                ceph_cephfs_provisioner:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_rbd_provisioner:
-                  type: string
-                dep_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-            tenant-ceph-rgw:
-              type: object
-              properties:
-                ceph_config_helper:
-                  type: string
-                ceph_rgw:
-                  type: string
-                dep_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-                rgw_s3_admin:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-            deckhand:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            drydock:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            ingress:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            postgresql:
-              type: object
-
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            promenade:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            keystone:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            maas:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            mariadb:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            memcached:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            rabbitmq:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            rabbitmq-etcd:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            shipyard:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-            tiller:
-              type: object
-              properties:
-                type:
-                  type: string
-                location:
-                  type: string
-                subpath:
-                  type: string
-                reference:
-                  type: string
-    files:
-      type: object
-      properties:
-        kubelet:
-          type: string
-    images:
-      type: object
-      properties:
-        ucp:
-          type: object
-          properties:
-            armada:
-              type: object
-              properties:
-                api:
-                  type: string
-                dep_check:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-                helm:
-                  type: string
-                tiller:
-                  type: string
-            promenade:
-              type: object
-              properties:
-                dep_check:
-                  type: string
-                promenade:
-                  type: string
-                ks_user:
-                  type: string
-                ks_service:
-                  type: string
-                ks_endpoints:
-                  type: string
-            deckhand:
-              type: object
-              properties:
-                deckhand:
-                  type: string
-                dep_check:
-                  type: string
-                db_init:
-                  type: string
-                db_sync:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-            barbican:
-              type: object
-              properties:
-                bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                scripted_test:
-                  type: string
-                db_init:
-                  type: string
-                barbican_db_sync:
-                  type: string
-                db_drop:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-                barbican_api:
-                  type: string
-            drydock:
-              type: object
-              properties:
-                drydock:
-                  type: string
-                dep_check:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-                drydock_db_init:
-                  type: string
-                drydock_db_sync:
-                  type: string
-            shipyard:
-              type: object
-              properties:
-                airflow:
-                  type: string
-                shipyard:
-                  type: string
-                dep_check:
-                  type: string
-                shipyard_db_init:
-                  type: string
-                shipyard_db_sync:
-                  type: string
-                airflow_db_init:
-                  type: string
-                airflow_db_sync:
-                  type: string
-                ks_user:
-                  type: string
-                ks_service:
-                  type: string
-                ks_endpoints:
-                  type: string
-            maas:
-              type: object
-              properties:
-                db_init:
-                  type: string
-                db_sync:
-                  type: string
-                maas_rack:
-                  type: string
-                maas_region:
-                  type: string
-                bootstrap:
-                  type: string
-                export_api_key:
-                  type: string
-                maas_cache:
-                  type: string
-                dep_check:
-                  type: string
-            keystone:
-              type: object
-              properties:
-                keystone_bootstrap:
-                  type: string
-                test:
-                  type: string
-                db_init:
-                  type: string
-                keystone_db_sync:
-                  type: string
-                db_drop:
-                  type: string
-                keystone_fernet_setup:
-                  type: string
-                keystone_fernet_rotate:
-                  type: string
-                keystone_credential_setup:
-                  type: string
-                keystone_credential_rotate:
-                  type: string
-                keystone_api:
-                  type: string
-                dep_check:
-                  type: string
-            tiller:
-              type: object
-              properties:
-                tiller:
-                  type: string
-            mariadb:
-              type: object
-              properties:
-                mariadb:
-                  type: string
-                dep_check:
-                  type: string
-            postgresql:
-              type: object
-              properties:
-                postgresql:
-                  type: string
-                dep_check:
-                  type: string
-            memcached:
-              type: object
-              properties:
-                memcached:
-                  type: string
-                dep_check:
-                  type: string
-            rabbitmq:
-              type: object
-              properties:
-                rabbitmq:
-                  type: string
-                dep_check:
-                  type: string
-        ceph:
-          type: object
-          properties:
-            ceph-mon:
-              type: object
-              properties:
-                fluentbit:
-                  type: string
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_mon:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_mon_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-            ceph-osd:
-              type: object
-              properties:
-                fluentbit:
-                  type: string
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_osd:
-                  type: string
-                image_repo_sync:
-                  type: string
-            ceph-client:
-              type: object
-              properties:
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-                ceph_bootstrap:
-                  type: string
-                dep_check:
-                  type: string
-                ceph_mds:
-                  type: string
-                ceph_mgr:
-                  type: string
-                ceph_rgw:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_rbd_pool:
-                  type: string
-                ceph_rbd_provisioner:
-                  type: string
-                ceph_cephfs_provisioner:
-                  type: string
-                image_repo_sync:
-                  type: string
-            ceph-provisioners:
-              type: object
-              properties:
-                ceph_bootstrap:
-                  type: string
-                ceph_cephfs_provisioner:
-                  type: string
-                ceph_config_helper:
-                  type: string
-                ceph_rbd_provisioner:
-                  type: string
-                dep_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-            ceph-rgw:
-              type: object
-              properties:
-                ceph_config_helper:
-                  type: string
-                ceph_rgw:
-                  type: string
-                dep_check:
-                  type: string
-                image_repo_sync:
-                  type: string
-                rgw_s3_admin:
-                  type: string
-                ks_endpoints:
-                  type: string
-                ks_service:
-                  type: string
-                ks_user:
-                  type: string
-        kubernetes:
-          type: object
-          properties:
-            apiserver:
-              type: object
-              properties:
-                anchor:
-                  type: string
-                apiserver:
-                  type: string
-                dep_check:
-                  type: string
-            controller-manager:
-              type: object
-              properties:
-                anchor:
-                  type: string
-                controller_manager:
-                  type: string
-                dep_check:
-                  type: string
-            coredns:
-              type: object
-              properties:
-                coredns:
-                  type: string
-            haproxy:
-              type: object
-              properties:
-                haproxy:
-                  type: string
-                anchor:
-                  type: string
-            etcd:
-              type: object
-              properties:
-                etcd:
-                  type: string
-                etcdctl:
-                  type: string
-            kubectl:
-              type: string
-            pause:
-              type: string
-            scheduler:
-              type: object
-              properties:
-                anchor:
-                  type: string
-                scheduler:
-                  type: string
-            proxy:
-              type: object
-              properties:
-                proxy:
-                  type: string
-        calico:
-          type: object
-          properties:
-            etcd:
-              type: object
-              properties:
-                etcd:
-                  type: string
-                etcdctl:
-                  type: string
-            calico:
-              type: object
-              properties:
-                cni:
-                  type: string
-                ctl:
-                  type: string
-                node:
-                  type: string
-                policy_controller:
-                  type: string
-    packages:
-      type: object
-      properties:
-        repositories:
-          type: object
-          additionalProperties:
-            type: object
-            properties:
-              name:
-                type: string
-              url:
-                type: string
-              distributions:
-                type: array
-                items:
-                  type: string
-              components:
-                type: array
-                items:
-                  type: string
-              gpgkey:
-                type: string
-        named:
-          type: object
-          properties:
-            docker:
-              type: string
-            socat:
-              type: string
-        unnamed:
-          type: array
-          items:
-            type: string
-...
diff --git a/global/schemas/promenade/Docker/v1.yaml b/global/schemas/promenade/Docker/v1.yaml
deleted file mode 100644
index f2dc517f3..000000000
--- a/global/schemas/promenade/Docker/v1.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/Docker/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  type: object
-  properties:
-    config:
-      type: object
-  required:
-    - config
-  additionalProperties: false
diff --git a/global/schemas/promenade/EncryptionPolicy/v1.yaml b/global/schemas/promenade/EncryptionPolicy/v1.yaml
deleted file mode 100644
index 03569ab37..000000000
--- a/global/schemas/promenade/EncryptionPolicy/v1.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/EncryptionPolicy/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-
-  definitions:
-    script_encryption:
-      oneof:
-        - { $ref: '#/definitions/encryption_method_gpg' }
-
-    etcd_encryption:
-      type: array
-      items:
-        type: object
-        additionalProperties: false
-        properties:
-          resources:
-            type: array
-            items:
-              type: string
-          providers:
-            type: array
-            items:
-              type: object
-              additionalProperties: true
-    encryption_method_gpg:
-      properties:
-        gpg:
-          type: object
-          additionalProperties: false
-      required:
-        - gpg
-      additionalProperties: false
-
-  properties:
-    etcd:
-      $ref: '#/definitions/etcd_encryption'
-    scripts:
-      properties:
-        genesis:
-          $ref: '#/definitions/script_encryption'
-        join:
-          $ref: '#/definitions/script_encryption'
-      additionalProperties: false
-...
diff --git a/global/schemas/promenade/Genesis/v1.yaml b/global/schemas/promenade/Genesis/v1.yaml
deleted file mode 100644
index 95b50c3f8..000000000
--- a/global/schemas/promenade/Genesis/v1.yaml
+++ /dev/null
@@ -1,165 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/Genesis/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  definitions:
-    abs_path:
-      type: string
-      pattern: '^/.+$'
-    hostname:
-      type: string
-      pattern: '^[a-z][a-z0-9-]+$'
-    file:
-      properties:
-        path:
-          $ref: '#/definitions/abs_path'
-        content:
-          type: string
-        mode:
-          type: integer
-          minimum: 0
-        tar_url:
-          $ref: '#/definitions/url'
-        tar_path:
-          $ref: '#/definitions/rel_path'
-
-      required:
-        - mode
-        - path
-      oneOf:
-        - type: object
-          required:
-            - content
-        - type: object
-          allOf:
-            - type: object
-              required:
-                - tar_url
-                - tar_path
-      additionalProperties: false
-    image:
-      type: string
-      # XXX add regex
-    ip_address:
-      type: string
-      pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
-    kubernetes_label:
-      type: string
-      # XXX add regex
-    rel_path:
-      type: string
-      # XXX add regex
-
-  type: object
-  properties:
-    armada:
-      type: object
-      properties:
-        target_manifest:
-          type: string
-      additionalProperties: false
-
-    apiserver:
-      type: object
-      properties:
-        arguments:
-          type: array
-          items:
-            type: string
-        encryption:
-          type: array
-          items:
-            type: object
-            properties:
-              resources:
-                type: array
-                items:
-                  type: string
-              providers:
-                type: array
-                items:
-                  type: object
-                  additionalProperties: true
-      additionalProperties: false
-
-    files:
-      type: array
-      items:
-        $ref: '#/definitions/file'
-
-    haproxy:
-      type: object
-      properties:
-        run_as_user:
-          type: integer
-      additionalProperties: false
-
-    hostname:
-      $ref: '#/definitions/hostname'
-
-    domain:
-      type: string
-
-    ip:
-      $ref: '#/definitions/ip_address'
-
-    labels:
-      properties:
-        static:
-          type: array
-          items:
-            $ref: '#/definitions/kubernetes_label'
-        dynamic:
-          type: array
-          items:
-            $ref: '#/definitions/kubernetes_label'
-      additionalProperties: false
-
-    images:
-      type: object
-      properties:
-        armada:
-          $ref: '#/definitions/image'
-        helm:
-          type: object
-          properties:
-            tiller:
-              $ref: '#/definitions/image'
-          required:
-            - tiller
-          additionalProperties: false
-        kubernetes:
-          type: object
-          properties:
-            apiserver:
-              $ref: '#/definitions/image'
-            controller-manager:
-              $ref: '#/definitions/image'
-            etcd:
-              $ref: '#/definitions/image'
-            scheduler:
-              $ref: '#/definitions/image'
-          required:
-            - apiserver
-            - controller-manager
-            - etcd
-            - scheduler
-          additionalProperties: false
-      required:
-        - armada
-        - helm
-        - kubernetes
-      additionalProperties: false
-
-  required:
-    - hostname
-    - ip
-    - images
-    - labels
-  additionalProperties: false
-...
diff --git a/global/schemas/promenade/HostSystem/v1.yaml b/global/schemas/promenade/HostSystem/v1.yaml
deleted file mode 100644
index d5d018dcf..000000000
--- a/global/schemas/promenade/HostSystem/v1.yaml
+++ /dev/null
@@ -1,245 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/HostSystem/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  definitions:
-    abs_path:
-      type: string
-      pattern: '^/.+$'
-    systemd_unit:
-      type: object
-      properties:
-        enable:
-          type: boolean
-        disable:
-          type: boolean
-        start:
-          type: boolean
-        stop:
-          type: boolean
-      additionalProperties: false
-    apt_source_line:
-      type: string
-      # XXX add regex
-    file:
-      properties:
-        path:
-          $ref: '#/definitions/abs_path'
-        content:
-          type: string
-        mode:
-          type: integer
-          minimum: 0
-        tar_url:
-          $ref: '#/definitions/url'
-        tar_path:
-          $ref: '#/definitions/rel_path'
-        docker_image:
-          $ref: '#/definitions/url'
-        file_path:
-          $ref: '#/definitions/abs_path'
-        symlink:
-          $ref: '#/definitions/abs_path'
-      required:
-        - mode
-        - path
-      oneOf:
-        - type: object
-          required:
-            - content
-        - type: object
-          required:
-            - symlink
-        - type: object
-          allOf:
-            - type: object
-              required:
-                - tar_url
-                - tar_path
-        - type: object
-          allOf:
-            - type: object
-              required:
-                - docker_image
-                - file_path
-      additionalProperties: false
-
-    image:
-      type: string
-      # XXX add regex
-    package:
-      type: string
-      # XXX add regex
-    public_key:
-      type: string
-      # XXX add regex
-    rel_path:
-      type: string
-      # XXX add regex
-    url:
-      type: string
-      # XXX add regex
-
-  type: object
-
-  properties:
-    files:
-      type: array
-      items:
-        type: object
-        items:
-          $ref: '#/definitions/file'
-    systemd_units:
-      type: object
-      additionalProperties:
-        $ref: '#/definitions/systemd_unit'
-    images:
-      type: object
-      properties:
-        coredns:
-          $ref: '#/definitions/image'
-        haproxy:
-          $ref: '#/definitions/image'
-        helm:
-          type: object
-          properties:
-            helm:
-              $ref: '#/definitions/image'
-          required:
-            - helm
-          additionalProperties: false
-        kubernetes:
-          type: object
-          properties:
-            hyperkube:
-              $ref: '#/definitions/image'
-        monitoring_image:
-          $ref: '#/definitions/image'
-      required:
-        - haproxy
-        - helm
-        - kubernetes
-        - monitoring_image
-      additionalProperties: false
-
-    packages:
-      type: object
-      common:
-        type: object
-        properties:
-          additional:
-            type: array
-            items:
-              $ref: '#/definitions/package'
-          keys:
-            type: array
-            items:
-              $ref: '#/definitions/public_key'
-
-          required:
-            type: object
-            properties:
-              docker:
-                $ref: '#/definitions/package'
-              socat:
-                $ref: '#/definitions/package'
-            required:
-              - docker
-              - socat
-            additionalProperties: false
-
-          repositories:
-            type: array
-            items:
-              $ref: '#/definitions/apt_source_line'
-
-        required:
-          - required
-        additionalProperties: false
-
-      genesis:
-        type: object
-        properties:
-          additional:
-            type: array
-            items:
-              $ref: '#/definitions/package'
-          keys:
-            type: array
-            items:
-              $ref: '#/definitions/public_key'
-
-          required:
-            type: object
-            properties:
-              docker:
-                $ref: '#/definitions/package'
-              socat:
-                $ref: '#/definitions/package'
-            required:
-              - docker
-              - socat
-            additionalProperties: false
-
-          repositories:
-            type: array
-            items:
-              $ref: '#/definitions/apt_source_line'
-
-        required:
-          - required
-        additionalProperties: false
-
-      join:
-        type: object
-        properties:
-          additional:
-            type: array
-            items:
-              $ref: '#/definitions/package'
-          keys:
-            type: array
-            items:
-              $ref: '#/definitions/public_key'
-
-          required:
-            type: object
-            properties:
-              docker:
-                $ref: '#/definitions/package'
-              socat:
-                $ref: '#/definitions/package'
-            required:
-              - docker
-              - socat
-            additionalProperties: false
-
-          repositories:
-            type: array
-            items:
-              $ref: '#/definitions/apt_source_line'
-
-        required:
-          - required
-        additionalProperties: false
-
-    validation:
-      type: object
-      properties:
-        pod_logs:
-          type: object
-          properties:
-            image:
-              type: string
-          additionalProperties: false
-      additionalProperties: false
-
-  required:
-    - images
-    - packages
-  additionalProperties: false
diff --git a/global/schemas/promenade/Kubelet/v1.yaml b/global/schemas/promenade/Kubelet/v1.yaml
deleted file mode 100644
index eb3d6939a..000000000
--- a/global/schemas/promenade/Kubelet/v1.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/Kubelet/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  type: object
-  definitions:
-    image:
-      type: string
-      # XXX add regex
-
-  properties:
-    images:
-      type: object
-      properties:
-        pause:
-          $ref: '#/definitions/image'
-      required:
-        - pause
-      additionalProperties: false
-    arguments:
-      type: array
-      items:
-        type: string
-  required:
-    - images
-  additionalProperties: false
diff --git a/global/schemas/promenade/KubernetesNetwork/v1.yaml b/global/schemas/promenade/KubernetesNetwork/v1.yaml
deleted file mode 100644
index f9fcf43b4..000000000
--- a/global/schemas/promenade/KubernetesNetwork/v1.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/KubernetesNetwork/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  definitions:
-    cidr:
-      type: string
-      pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\/([0-9]|[1-2][0-9]|3[0-2])$'
-    domain_name:
-      type: string
-      format: hostname
-    domain_suffix:
-      type: string
-      pattern: '^\.[a-z0-9][a-z0-9-\.]*$'
-    hostname:
-      type: string
-      format: hostname
-    hostname_or_ip_address:
-      anyOf:
-        - $ref: '#/definitions/hostname'
-        - $ref: '#/definitions/ip_address'
-        - $ref: '#/definitions/domain_suffix'
-    ip_address:
-      type: string
-      format: ipv4
-    url:
-      type: string
-      format: uri
-
-  type: object
-  properties:
-    dns:
-      type: object
-      properties:
-        bootstrap_validation_checks:
-          type: array
-          items:
-            $ref: '#/definitions/domain_name'
-        cluster_domain:
-          $ref: '#/definitions/domain_name'
-        service_ip:
-          $ref: '#/definitions/ip_address'
-        upstream_servers:
-          type: array
-          items:
-            $ref: '#/definitions/ip_address'
-      required:
-        - cluster_domain
-        - service_ip
-      additionalProperties: false
-
-    etcd:
-      type: object
-      properties:
-        container_port:
-          type: integer
-        haproxy_port:
-          type: integer
-        # NOTE(mark-burnett): No longer used.
-        service_ip:
-          $ref: '#/definitions/ip_address'
-      required:
-        - container_port
-        - haproxy_port
-      additionalProperties: false
-
-    kubernetes:
-      type: object
-      properties:
-        pod_cidr:
-          $ref: '#/definitions/cidr'
-        service_ip:
-          $ref: '#/definitions/ip_address'
-        service_cidr:
-          $ref: '#/definitions/cidr'
-        apiserver_port:
-          type: integer
-        haproxy_port:
-          type: integer
-      required:
-        - pod_cidr
-        - service_cidr
-        - service_ip
-        - apiserver_port
-        - haproxy_port
-      additionalProperties: false
-    hosts_entries:
-      type: array
-      items:
-        type: object
-        properties:
-          ip:
-            $ref: '#/definitions/ip_address'
-          names:
-            type: array
-            items:
-              $ref: '#/definitions/hostname'
-
-    proxy:
-      type: object
-      properties:
-        additional_no_proxy:
-          type: array
-          items:
-            $ref: '#/definitions/hostname_or_ip_address'
-        url:
-          $ref: '#/definitions/url'
-      required:
-        - url
-      additionalFields: false
-
-  required:
-    - dns
-    - kubernetes
-  additionalProperties: false
-...
diff --git a/global/schemas/promenade/KubernetesNode/v1.yaml b/global/schemas/promenade/KubernetesNode/v1.yaml
deleted file mode 100644
index 1b7598e21..000000000
--- a/global/schemas/promenade/KubernetesNode/v1.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/KubernetesNode/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  definitions:
-    hostname:
-      type: string
-      pattern: '^[a-z][a-z0-9-]+$'
-    ip_address:
-      type: string
-      pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
-    kubernetes_label:
-      type: string
-      # XXX add regex
-
-  type: object
-  properties:
-    hostname:
-      $ref: '#/definitions/hostname'
-
-    ip:
-      $ref: '#/definitions/ip_address'
-
-    join_ip:
-      $ref: '#/definitions/ip_address'
-
-    labels:
-      properties:
-        static:
-          type: array
-          items:
-            $ref: '#/definitions/kubernetes_label'
-        dynamic:
-          type: array
-          items:
-            $ref: '#/definitions/kubernetes_label'
-      additionalProperties: false
-
-  required:
-    - ip
-    - join_ip
-  additionalProperties: false
diff --git a/global/schemas/promenade/PKICatalog/PKICatalog.yaml b/global/schemas/promenade/PKICatalog/PKICatalog.yaml
deleted file mode 100644
index ae64c54ca..000000000
--- a/global/schemas/promenade/PKICatalog/PKICatalog.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-schema: deckhand/DataSchema/v1
-metadata:
-  schema: metadata/Control/v1
-  name: promenade/PKICatalog/v1
-  labels:
-    application: promenade
-data:
-  $schema: http://json-schema.org/schema#
-  certificate_authorities:
-    type: array
-    items:
-      type: object
-      properties:
-        description:
-          type: string
-        certificates:
-          type: array
-          items:
-            type: object
-            properties:
-              document_name:
-                type: string
-              description:
-                type: string
-              common_name:
-                type: string
-              hosts:
-                type: array
-                items: string
-              groups:
-                type: array
-                items: string
-  keypairs:
-    type: array
-    items:
-      type: object
-      properties:
-        name:
-          type: string
-        description:
-          type: string
-...
diff --git a/global/schemas/shipyard/DeploymentConfiguration/v1.yaml b/global/schemas/shipyard/DeploymentConfiguration/v1.yaml
deleted file mode 100644
index 77da34e3a..000000000
--- a/global/schemas/shipyard/DeploymentConfiguration/v1.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: shipyard/DeploymentConfiguration/v1
-  labels:
-    application: shipyard
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  properties:
-    physical_provisioner:
-      type: 'object'
-      properties:
-        deployment_strategy:
-          type: 'string'
-        deploy_interval:
-          type: 'integer'
-        deploy_timeout:
-          type: 'integer'
-        destroy_interval:
-          type: 'integer'
-        destroy_timeout:
-          type: 'integer'
-        join_wait:
-          type: 'integer'
-        prepare_node_interval:
-          type: 'integer'
-        prepare_node_timeout:
-          type: 'integer'
-        prepare_site_interval:
-          type: 'integer'
-        prepare_site_timeout:
-          type: 'integer'
-        verify_interval:
-          type: 'integer'
-        verify_timeout:
-          type: 'integer'
-      additionalProperties: false
-    kubernetes:
-      type: 'object'
-      properties:
-        node_status_interval:
-          type: 'integer'
-        node_status_timeout:
-          type: 'integer'
-      additionalProperties: false
-    kubernetes_provisioner:
-      type: 'object'
-      properties:
-        drain_timeout:
-          type: 'integer'
-        drain_grace_period:
-          type: 'integer'
-        clear_labels_timeout:
-          type: 'integer'
-        remove_etcd_timeout:
-          type: 'integer'
-        etcd_ready_timeout:
-          type: 'integer'
-      additionalProperties: false
-    armada:
-      type: 'object'
-      properties:
-        get_releases_timeout:
-          type: 'integer'
-        get_status_timeout:
-          type: 'integer'
-        manifest:
-          type: 'string'
-        post_apply_timeout:
-          type: 'integer'
-        validate_design_timeout:
-          type: 'integer'
-      additionalProperties: false
-      required:
-        - manifest
-  additionalProperties: false
-  required:
-    - armada
diff --git a/global/schemas/shipyard/DeploymentStrategy/v1.yaml b/global/schemas/shipyard/DeploymentStrategy/v1.yaml
deleted file mode 100644
index 081bbbc9d..000000000
--- a/global/schemas/shipyard/DeploymentStrategy/v1.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
-  schema: metadata/Control/v1
-  name: shipyard/DeploymentStrategy/v1
-  labels:
-    application: shipyard
-data:
-  $schema: 'http://json-schema.org/schema#'
-  type: 'object'
-  required:
-    - groups
-  properties:
-    groups:
-      type: 'array'
-      minItems: 0
-      items:
-        type: 'object'
-        required:
-          - name
-          - critical
-          - depends_on
-          - selectors
-        properties:
-          name:
-            type: 'string'
-            minLength: 1
-          critical:
-            type: 'boolean'
-          depends_on:
-            type: 'array'
-            minItems: 0
-            items:
-              type: 'string'
-          selectors:
-            type: 'array'
-            minItems: 0
-            items:
-              type: 'object'
-              minProperties: 1
-              properties:
-                node_names:
-                  type: 'array'
-                  items:
-                    type: 'string'
-                node_labels:
-                  type: 'array'
-                  items:
-                    type: 'string'
-                node_tags:
-                  type: 'array'
-                  items:
-                    type: 'string'
-                rack_names:
-                  type: 'array'
-                  items:
-                    type: 'string'
-              additionalProperties: false
-          success_criteria:
-            type: 'object'
-            minProperties: 1
-            properties:
-              percent_successful_nodes:
-                type: 'integer'
-                minimum: 0
-                maximum: 100
-              minimum_successful_nodes:
-                type: 'integer'
-                minimum: 0
-              maximum_failed_nodes:
-                type: 'integer'
-                minimum: 0
-            additionalProperties: false
diff --git a/global/scripts/configure-ip-rules.yaml b/global/scripts/configure-ip-rules.yaml
deleted file mode 100644
index 217d9de11..000000000
--- a/global/scripts/configure-ip-rules.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
----
-schema: pegleg/Script/v1
-metadata:
-  schema: metadata/Document/v1
-  name: configure-ip-rules
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: global
-data: |-
-  #!/bin/bash
-  set -ex
-
-  function usage() {
-      cat <<EOU
-  Options are:
-
-    -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
-    -i INTERFACE    (optional) The interface for internal pod traffic, e.g.
-                    bond0.22.  Used to auto-detect the service gateway.
-                    Exclusive with -g.
-    -g SERVICE_GW   (optional) The service gateway/VRR IP for routing pod
-                    traffic.  Exclusive with -i.
-    -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
-                    INTERFACE.  It is used to provide a work around when
-                    complete Calico routes cannot be received via BGP.
-                    e.g. 10.96.0.0/15.  NOTE: This must include the POD_CIDR.
-    -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
-                    e.g. 10.23.22.192/29
-  EOU
-  }
-
-  SERVICE_CIDR=
-  OVERLAP_CIDR=
-
-  while getopts ":c:g:hi:o:s:" o; do
-      case "${o}" in
-          c)
-              POD_CIDR=${OPTARG}
-              ;;
-          g)
-              SERVICE_GW=${OPTARG}
-              ;;
-          h)
-              usage
-              exit 0
-              ;;
-          i)
-              INTERFACE=${OPTARG}
-              ;;
-          o)
-              OVERLAP_CIDR=${OPTARG}
-              ;;
-          s)
-              SERVICE_CIDR=${OPTARG}
-              ;;
-          \?)
-              echo "Unknown option: -${OPTARG}" >&2
-              exit 1
-              ;;
-          :)
-              echo "Missing argument for option: -${OPTARG}" >&2
-              exit 1
-              ;;
-          *)
-              echo "Unimplemented option: -${OPTARG}" >&2
-              exit 1
-              ;;
-      esac
-  done
-  shift $((OPTIND-1))
-
-  if [ "x$POD_CIDR" == "x" ]; then
-      echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
-      usage
-      exit 1
-  fi
-
-  if [ "x$INTERFACE" != "x" ]; then
-      while ! ip route list dev "${INTERFACE}" > /dev/null; do
-          echo Waiting for device "${INTERFACE}" to be ready. >&2
-          sleep 5
-      done
-  fi
-
-  intra_vrrp_ip=
-  if [ "x${SERVICE_GW}" == "x" ]; then
-      intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
-  else
-      intra_vrrp_ip=${SERVICE_GW}
-  fi
-
-  TABLE="1500"
-
-  if [ "x${intra_vrrp_ip}" == "x" ]; then
-      echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
-      usage
-      exit 1
-  fi
-
-  # Setup a routing table for traffic from service IPs
-  ip route flush table "${TABLE}"
-  ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
-
-  # Setup arp_announce adjustment on interface facing gateway
-  arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
-  echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
-
-
-  if [ "x$OVERLAP_CIDR" != "x" ]; then
-      # NOTE: This is a work-around for nodes not receiving complete
-      # routes via BGP.
-      ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
-  fi
-
-  if [ "x$SERVICE_CIDR" != "x" ]; then
-      # Traffic from the service IPs to pods should use the pod network.
-      ip rule add \
-          from "${SERVICE_CIDR}" \
-          to "${POD_CIDR}" \
-          lookup main \
-          pref 10000
-      # Other traffic from service IPs should only use the VRRP IP
-      ip rule add \
-          from "${SERVICE_CIDR}" \
-          lookup "${TABLE}" \
-          pref 10100
-  fi
diff --git a/global/scripts/hanging-cgroup-release.yaml b/global/scripts/hanging-cgroup-release.yaml
deleted file mode 100644
index e199e1372..000000000
--- a/global/scripts/hanging-cgroup-release.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-schema: pegleg/Script/v1
-metadata:
-  schema: metadata/Document/v1
-  name: hanging-cgroup-release
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: global
-data: |-
-  #!/bin/bash
-  set -ex
-
-  cgroup_count() {
-    echo "Current cgroup count: $(find /sys/fs/cgroup/*/system.slice -name tasks | wc -l)"
-  }
-
-  DATE=$(date)
-  echo "$(cgroup_count)"
-  echo   # Stop systemd mount unit that isn't actually mounted
-  echo "Stopping Kubernetes systemd mount units that are not mounted to the system."
-  systemctl list-units --state=running| \
-    sed -rn '/Kubernetes.transient.mount/s,(run-\S+).+(/var/lib/kubelet/pods/.+),\1 \2,p' | \
-    xargs -r -l1 sh -c 'test -d $2 || echo $1' -- | \
-    xargs -r -tl1 systemctl stop |& wc -l
-  echo "$(cgroup_count)"
diff --git a/global/scripts/rbd-roomba-scanner.yaml b/global/scripts/rbd-roomba-scanner.yaml
deleted file mode 100644
index 3a4be9cdb..000000000
--- a/global/scripts/rbd-roomba-scanner.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-schema: pegleg/Script/v1
-metadata:
-  schema: metadata/Document/v1
-  name: rbd-roomba-scanner
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: global
-data: |-
-  #!/bin/bash
-  set -ex
-
-  # don't put it in /tmp where it can be p0wned (???)
-  lsblk | awk '/^rbd/ {if($7==""){print $0}}' | awk '{ printf "/dev/%s\n",$1 }' > /var/run/rbd_list
-
-  # wait a while, so we don't catch rbd devices the kubelet is working on mounting
-  sleep 60
-
-  # finally, examine rbd devices again and if any were seen previously (60s ago) we will
-  # forcefully unmount them if they have no fs mounts
-  DATE=$(date)
-  for rbd in `lsblk | awk '/^rbd/ {if($7==""){print $0}}' | awk '{ printf "/dev/%s\n",$1 }'`; do
-    if grep -q $rbd /var/run/rbd_list; then
-      echo "[${DATE}] Unmapping stale RBD $rbd"
-      /usr/bin/rbd unmap -o force $rbd
-      # NOTE(supamatt): rbd unmap -o force will only succeed if there are NO pending I/O
-    else
-      echo "[${DATE}] Skipping RBD $rbd as it hasn't been stale for at least 60 seconds"
-    fi
-  done
-  rm -rf /var/run/rbd_list
diff --git a/global/secrets/passphrases/private_docker_key.yaml b/global/secrets/passphrases/private_docker_key.yaml
deleted file mode 100644
index d3a0341e1..000000000
--- a/global/secrets/passphrases/private_docker_key.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: private_docker_key
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-# sample key for potential private docker registry
-# see Docker documentation for info on how to generate the key
-# base64 of password123
-data: cGFzc3dvcmQxMjM=
-...
diff --git a/global/secrets/publickey/airship_ssh_public_key.yaml b/global/secrets/publickey/airship_ssh_public_key.yaml
deleted file mode 100644
index b14a575bd..000000000
--- a/global/secrets/publickey/airship_ssh_public_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/PublicKey/v1
-metadata:
-  schema: metadata/Document/v1
-  name: airship_ssh_public_key
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
-...
diff --git a/global/software/charts/kubernetes/container-networking/calico.yaml b/global/software/charts/kubernetes/container-networking/calico.yaml
deleted file mode 100644
index 1c2e57f97..000000000
--- a/global/software/charts/kubernetes/container-networking/calico.yaml
+++ /dev/null
@@ -1,173 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: kubernetes-calico-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.calico.calico
-      dest:
-        path: .source
-    # Image versions
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.calico.calico
-      dest:
-        path: .values.images.tags
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.etcd.service_ip
-      dest:
-        path: .values.endpoints.etcd.host_fqdn_override.default
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.networking.podSubnet
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .values.conf.controllers.K8S_API
-        pattern: SUB_KUBERNETES_IP
-
-    # Other site-specific configuration
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.ip_autodetection_method
-      dest:
-        path: .values.conf.node.IP_AUTODETECTION_METHOD
-
-    # Certificates
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.ca
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.crt
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.key
-
-data:
-  chart_name: calico
-  release: kubernetes-calico
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-calico
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-calico
-  values:
-    conf:
-      cni_network_config:
-        name: k8s-pod-network
-        cniVersion: 0.3.0
-        plugins:
-          - type: calico
-            etcd_endpoints: __ETCD_ENDPOINTS__
-            etcd_ca_cert_file: /etc/calico/pki/ca
-            etcd_cert_file: /etc/calico/pki/crt
-            etcd_key_file: /etc/calico/pki/key
-            log_level: info
-            ipam:
-              type: calico-ipam
-            policy:
-              type: k8s
-            kubernetes:
-              kubeconfig: __KUBECONFIG_FILEPATH__
-          - type: portmap
-            snat: true
-            capabilities:
-              portMappings: true
-
-      controllers:
-        K8S_API: "https://SUB_KUBERNETES_IP:443"
-
-      node:
-        CALICO_STARTUP_LOGLEVEL: INFO
-        CLUSTER_TYPE: "k8s,bgp"
-        ETCD_CA_CERT_FILE: /etc/calico/pki/ca
-        ETCD_CERT_FILE: /etc/calico/pki/crt
-        ETCD_KEY_FILE: /etc/calico/pki/key
-        WAIT_FOR_STORAGE: "true"
-
-    endpoints:
-      etcd:
-        hosts:
-          default: calico-etcd
-        scheme:
-          default: https
-
-    networking:
-      mtu: 1500
-      settings:
-        mesh: "on"
-        ippool:
-          ipip:
-            enabled: "true"
-            mode: "Always"
-          nat_outgoing: "true"
-          disabled: "false"
-
-    manifests:
-      daemonset_calico_etcd: false
-      job_image_repo_sync: false
-      service_calico_etcd: false
-  dependencies:
-    - calico-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: calico-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.calico.calico-htk
-      dest:
-        path: .source
-data:
-  chart_name: calico-htk
-  release: calico-htk
-  namespace: calico-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/container-networking/chart-group.yaml b/global/software/charts/kubernetes/container-networking/chart-group.yaml
deleted file mode 100644
index 4d1cfbda0..000000000
--- a/global/software/charts/kubernetes/container-networking/chart-group.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-container-networking
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Container networking via Calico
-  sequenced: true
-  chart_group:
-    - kubernetes-calico-etcd
-    - kubernetes-calico
diff --git a/global/software/charts/kubernetes/container-networking/etcd.yaml b/global/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index e1a7561fb..000000000
--- a/global/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,136 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  labels:
-    name: kubernetes-calico-etcd-global
-  storagePolicy: cleartext
-  substitutions:
-
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.calico.etcd
-      dest:
-        path: .source
-
-    # Image versions
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.calico.etcd
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.etcd.service_ip
-      dest:
-        path: .values.service.ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.etcd.service_ip
-      dest:
-        path: .values.anchor.etcdctl_endpoint
-
-    # CAs
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.secrets.tls.client.ca
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: calico-etcd-peer
-        path: .
-      dest:
-        path: .values.secrets.tls.peer.ca
-
-    # Anchor client cert
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-anchor
-        path: .
-      dest:
-        path: .values.secrets.anchor.tls.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-anchor
-        path: .
-      dest:
-        path: .values.secrets.anchor.tls.key
-
-data:
-  chart_name: etcd
-  release: kubernetes-calico-etcd
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-calico-etcd
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-calico-etcd
-  values:
-    labels:
-      anchor:
-        node_selector_key: calico-etcd
-        node_selector_value: enabled
-    etcd:
-      host_data_path: /var/lib/etcd/calico
-      host_etc_path: /etc/etcd/calico
-    bootstrapping:
-      enabled: true
-      host_directory: /var/lib/anchor
-      filename: calico-etcd-bootstrap
-    service:
-      name: calico-etcd
-    network:
-      service_client:
-        name: service_client
-        port: 6666
-        target_port: 6666
-      service_peer:
-        name: service_peer
-        port: 6667
-        target_port: 6667
-  dependencies:
-    - kubernetes-calico-etcd-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.calico.etcd-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-calico-etcd-htk
-  release: kubernetes-calico-etcd-htk
-  namespace: kubernetes-calico-etcd-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/core/apiserver.yaml b/global/software/charts/kubernetes/core/apiserver.yaml
deleted file mode 100644
index 0e8d63a03..000000000
--- a/global/software/charts/kubernetes/core/apiserver.yaml
+++ /dev/null
@@ -1,198 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-apiserver
-  labels:
-    name: kubernetes-apiserver-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.apiserver
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.apiserver
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .values.network.kubernetes_service_ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.network.pod_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .values.apiserver.arguments[1]
-        pattern: SERVICE_CIDR
-
-    # Kubernetes Port Range
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_node_port_range
-      dest:
-        path: .values.apiserver.arguments[2]
-        pattern: SERVICE_NODE_PORT_RANGE
-
-    # CA
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes
-        path: .
-      dest:
-        path: .values.secrets.tls.ca
-
-    # Certificates
-    - src:
-        schema: deckhand/Certificate/v1
-        name: apiserver
-        path: .
-      dest:
-        path: .values.secrets.tls.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: apiserver
-        path: .
-      dest:
-        path: .values.secrets.tls.key
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes-etcd
-        path: .
-      dest:
-        path: .values.secrets.etcd.tls.ca
-    - src:
-        schema: deckhand/Certificate/v1
-        name: apiserver-etcd
-        path: .
-      dest:
-        path: .values.secrets.etcd.tls.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: apiserver-etcd
-        path: .
-      dest:
-        path: .values.secrets.etcd.tls.key
-    - src:
-        schema: deckhand/PublicKey/v1
-        name: service-account
-        path: .
-      dest:
-        path: .values.secrets.service_account.public_key
-
-    # Encryption policy
-    - src:
-        schema: promenade/EncryptionPolicy/v1
-        name: encryption-policy
-        path: .etcd
-      dest:
-        path: .values.conf.encryption_provider.content.resources
-
-data:
-  chart_name: apiserver
-  release: kubernetes-apiserver
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-apiserver
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-apiserver
-  values:
-    apiserver:
-      etcd:
-        endpoints: https://127.0.0.1:2378
-      tls:
-        tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
-        # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
-        # Possible values: VersionTLS10, VersionTLS11, VersionTLS12
-        tls-min-version: 'VersionTLS12'
-      arguments:
-        - --authorization-mode=Node,RBAC
-        - --service-cluster-ip-range=SERVICE_CIDR
-        - --service-node-port-range=SERVICE_NODE_PORT_RANGE
-        - --endpoint-reconciler-type=lease
-        - --feature-gates=PodShareProcessNamespace=true
-        - --v=3
-    conf:
-      encryption_provider:
-        file: encryption_provider.yaml
-        command_options:
-          - '--experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml'
-        content:
-          kind: EncryptionConfig
-          apiVersion: v1
-      eventconfig:
-        file: eventconfig.yaml
-        content:
-          kind: Configuration
-          apiVersion: eventratelimit.admission.k8s.io/v1alpha1
-          limits:
-          - type: Server
-            qps: 100
-            burst: 1000
-      acconfig:
-        file: acconfig.yaml
-        command_options:
-          - '--enable-admission-plugins=PodSecurityPolicy,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction,EventRateLimit'
-          - '--admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml'
-        content:
-          kind: AdmissionConfiguration
-          apiVersion: apiserver.k8s.io/v1alpha1
-          plugins:
-          - name: EventRateLimit
-            path: eventconfig.yaml
-  dependencies:
-    - kubernetes-apiserver-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-apiserver-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.apiserver-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-apiserver-htk
-  release: kubernetes-apiserver-htk
-  namespace: kubernetes-apiserver-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/core/chart-group.yaml b/global/software/charts/kubernetes/core/chart-group.yaml
deleted file mode 100644
index 6e8560d53..000000000
--- a/global/software/charts/kubernetes/core/chart-group.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-core
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Kubernetes components
-  chart_group:
-    - kubernetes-apiserver
-    - kubernetes-controller-manager
-    - kubernetes-scheduler
diff --git a/global/software/charts/kubernetes/core/controller-manager.yaml b/global/software/charts/kubernetes/core/controller-manager.yaml
deleted file mode 100644
index 74a05527a..000000000
--- a/global/software/charts/kubernetes/core/controller-manager.yaml
+++ /dev/null
@@ -1,138 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-controller-manager
-  labels:
-    name: kubernetes-controller-manager-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.controller-manager
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.controller-manager
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.network.pod_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .values.network.service_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.command_prefix[1]
-        pattern: SUB_POD_CIDR
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .values.command_prefix[2]
-        pattern: SUB_SERVICE_CIDR
-
-    # CA
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes
-        path: .
-      dest:
-        path: .values.secrets.tls.ca
-
-    # Certificates
-    - src:
-        schema: deckhand/Certificate/v1
-        name: controller-manager
-        path: .
-      dest:
-        path: .values.secrets.tls.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: controller-manager
-        path: .
-      dest:
-        path: .values.secrets.tls.key
-
-    # Private key for Kubernetes service account token signing
-    - src:
-        schema: deckhand/PrivateKey/v1
-        name: service-account
-        path: .
-      dest:
-        path: .values.secrets.service_account.private_key
-
-data:
-  chart_name: controller-manager
-  release: kubernetes-controller-manager
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-controller-manager
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-controller-manager
-  values:
-    command_prefix:
-      - /controller-manager
-      - --cluster-cidr=SUB_POD_CIDR
-      - --service-cluster-ip-range=SUB_SERVICE_CIDR
-      - --node-monitor-period=5s
-      - --node-monitor-grace-period=20s
-      - --pod-eviction-timeout=60s
-    network:
-      kubernetes_netloc: 127.0.0.1:6553
-  dependencies:
-    - kubernetes-controller-manager-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-controller-manager-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.controller-manager-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-controller-manager-htk
-  release: kubernetes-controller-manager-htk
-  namespace: kubernetes-controller-manager-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/core/scheduler.yaml b/global/software/charts/kubernetes/core/scheduler.yaml
deleted file mode 100644
index d506055aa..000000000
--- a/global/software/charts/kubernetes/core/scheduler.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-scheduler
-  labels:
-    name: kubernetes-scheduler-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.scheduler
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.scheduler
-      dest:
-        path: .values.images.tags
-
-    # CA
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes
-        path: .
-      dest:
-        path: .values.secrets.tls.ca
-
-    # Certificates
-    - src:
-        schema: deckhand/Certificate/v1
-        name: scheduler
-        path: .
-      dest:
-        path: .values.secrets.tls.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: scheduler
-        path: .
-      dest:
-        path: .values.secrets.tls.key
-
-data:
-  chart_name: scheduler
-  release: kubernetes-scheduler
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-scheduler
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-scheduler
-  values:
-    network:
-      kubernetes_netloc: 127.0.0.1:6553
-  dependencies:
-    - kubernetes-scheduler-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-scheduler-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.scheduler-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-scheduler-htk
-  release: kubernetes-scheduler-htk
-  namespace: kubernetes-scheduler-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/dns/chart-group.yaml b/global/software/charts/kubernetes/dns/chart-group.yaml
deleted file mode 100644
index 1c8abf03d..000000000
--- a/global/software/charts/kubernetes/dns/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-dns
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Cluster DNS
-  chart_group:
-    - coredns
diff --git a/global/software/charts/kubernetes/dns/coredns.yaml b/global/software/charts/kubernetes/dns/coredns.yaml
deleted file mode 100644
index 40617b1a0..000000000
--- a/global/software/charts/kubernetes/dns/coredns.yaml
+++ /dev/null
@@ -1,149 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: coredns
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: coredns-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.coredns
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.coredns
-      dest:
-        path: .values.images.tags
-
-    # IP Addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.service_ip
-      dest:
-        path: .values.service.ip
-
-    # Zones
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.cluster_domain
-      dest:
-        path: .values.conf.coredns.corefile
-        pattern: '(CLUSTER_DOMAIN)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .values.conf.coredns.corefile
-        pattern: '(SERVICE_CIDR)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path:  .values.conf.coredns.corefile
-        pattern: '(POD_CIDR)'
-
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.upstream_servers[0]
-      dest:
-        path: .values.conf.coredns.corefile
-        pattern: '(UPSTREAM1)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.upstream_servers[1]
-      dest:
-        path: .values.conf.coredns.corefile
-        pattern: '(UPSTREAM2)'
-data:
-  chart_name: coredns
-  release: coredns
-  namespace: kube-system
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-coredns
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-coredns
-  values:
-    conf:
-      coredns:
-        corefile: |
-          .:53 {
-              errors
-              health
-              autopath @kubernetes
-              kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
-                pods insecure
-                fallthrough in-addr.arpa ip6.arpa
-                upstream UPSTREAM1
-                upstream UPSTREAM2
-              }
-              prometheus :9153
-              forward . UPSTREAM1 UPSTREAM2
-              cache 30
-          }
-
-    labels:
-      coredns:
-        node_selector_key: kube-dns
-        node_selector_value: enabled
-
-  dependencies:
-    - coredns-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: coredns-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.coredns-htk
-      dest:
-        path: .source
-data:
-  chart_name: coredns-htk
-  release: coredns-htk
-  namespace: coredns-htk
-  values:
-    pod:
-      # TODO: replicas can be removed once we switch coredns to
-      # DaemonSet-only.  It will be deployed with both DaemonSet
-      # and Deployment-managed pods as we transition to DaemonSet.
-      replicas:
-        coredns: 2
-    manifests:
-      daemonset: true
-      # TODO: `deployment` can be set to false once we switch coredns to
-      # DaemonSet-only.  It will be deployed with both DaemonSet
-      # and Deployment-managed pods as we transition to DaemonSet.
-      deployment: true
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/etcd/chart-group.yaml b/global/software/charts/kubernetes/etcd/chart-group.yaml
deleted file mode 100644
index 5a951d136..000000000
--- a/global/software/charts/kubernetes/etcd/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Kubernetes etcd
-  chart_group:
-    - kubernetes-etcd
diff --git a/global/software/charts/kubernetes/etcd/etcd.yaml b/global/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index ec3fa72d4..000000000
--- a/global/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,137 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  labels:
-    name: kubernetes-etcd-global
-  storagePolicy: cleartext
-  substitutions:
-
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.etcd
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.etcd
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.etcd_service_ip
-      dest:
-        path: .values.service.ip
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.etcd_service_ip
-      dest:
-        path: .values.anchor.etcdctl_endpoint
-
-    # CAs
-    -
-      src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes-etcd
-        path: .
-      dest:
-        path: .values.secrets.tls.client.ca
-    -
-      src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes-etcd-peer
-        path: .
-      dest:
-        path: .values.secrets.tls.peer.ca
-
-    -
-      src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-anchor
-        path: .
-      dest:
-        path: .values.secrets.anchor.tls.cert
-    -
-      src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-anchor
-        path: .
-      dest:
-        path: .values.secrets.anchor.tls.key
-
-data:
-  chart_name: etcd
-  release: kubernetes-etcd
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-etcd
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-etcd
-  values:
-    labels:
-      anchor:
-        node_selector_key: kubernetes-etcd
-        node_selector_value: enabled
-    etcd:
-      host_data_path: /var/lib/etcd/kubernetes
-      host_etc_path: /etc/etcd/kubernetes
-    service:
-      name: kubernetes-etcd
-    network:
-      service_client:
-        name: service_client
-        port: 2379
-        target_port: 2379
-      service_peer:
-        name: service_peer
-        port: 2380
-        target_port: 2380
-  dependencies:
-    - kubernetes-etcd-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.etcd-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-etcd-htk
-  release: kubernetes-etcd-htk
-  namespace: kubernetes-etcd-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/haproxy/chart-group.yaml b/global/software/charts/kubernetes/haproxy/chart-group.yaml
deleted file mode 100644
index 63a24f5f2..000000000
--- a/global/software/charts/kubernetes/haproxy/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-haproxy
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: HAProxy for Kubernetes
-  chart_group:
-    - haproxy
diff --git a/global/software/charts/kubernetes/haproxy/haproxy.yaml b/global/software/charts/kubernetes/haproxy/haproxy.yaml
deleted file mode 100644
index 9f458446f..000000000
--- a/global/software/charts/kubernetes/haproxy/haproxy.yaml
+++ /dev/null
@@ -1,111 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: haproxy
-  labels:
-    name: haproxy-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.haproxy
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.haproxy
-      dest:
-        path: .values.images.tags
-
-    # Kubernetes configuration
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .values.conf.anchor.kubernetes_url
-        pattern: KUBERNETES_IP
-
-data:
-  chart_name: haproxy
-  release: haproxy
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-haproxy
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-haproxy
-  values:
-    conf:
-      anchor:
-        kubernetes_url: https://KUBERNETES_IP:443
-        services:
-          default:
-            kubernetes:
-              server_opts: "check port 6443"
-              conf_parts:
-                frontend:
-                  - mode tcp
-                  - option tcpka
-                  - bind *:6553
-                backend:
-                  - mode tcp
-                  - option tcpka
-                  - option tcp-check
-                  - option redispatch
-          kube-system:
-            kubernetes-etcd:
-              server_opts: "check port 2379"
-              conf_parts:
-                frontend:
-                  - mode tcp
-                  - option tcpka
-                  - bind *:2378
-                backend:
-                  - mode tcp
-                  - option tcpka
-                  - option tcp-check
-                  - option redispatch
-  dependencies:
-    - haproxy-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: haproxy-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.haproxy-htk
-      dest:
-        path: .source
-data:
-  chart_name: haproxy-htk
-  release: haproxy-htk
-  namespace: haproxy-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/kubernetes/ingress/chart-group.yaml b/global/software/charts/kubernetes/ingress/chart-group.yaml
deleted file mode 100644
index 11197f694..000000000
--- a/global/software/charts/kubernetes/ingress/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-kube-system
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ingress for the site
-  chart_group:
-    - ingress-kube-system
diff --git a/global/software/charts/kubernetes/ingress/ingress.yaml b/global/software/charts/kubernetes/ingress/ingress.yaml
deleted file mode 100644
index 66e7bf05b..000000000
--- a/global/software/charts/kubernetes/ingress/ingress.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: global-ingress-kube-system
-  labels:
-    ingress: kube-system
-    name: ingress-kube-system-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: ingress-kube-system
-  release: ingress-kube-system
-  namespace: kube-system
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ingress-kube-system
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ingress-kube-system
-  values:
-    labels:
-      server:
-        node_selector_key: kube-ingress
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: kube-ingress
-        node_selector_value: enabled
-    deployment:
-      mode: cluster
-      type: Deployment
-    network:
-      host_namespace: true
-      ingress:
-        annotations:
-          nginx.ingress.kubernetes.io/proxy-read-timeout: "603"
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-  dependencies:
-    - ingress-kube-system-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-kube-system-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.ingress-htk
-      dest:
-        path: .source
-data:
-  chart_name: ingress-kube-system-htk
-  release: ingress-kube-system-htk
-  namespace: ingress-kube-system-htk
-  values: {}
-  dependencies: []
diff --git a/global/software/charts/kubernetes/proxy/chart-group.yaml b/global/software/charts/kubernetes/proxy/chart-group.yaml
deleted file mode 100644
index a083dd3d7..000000000
--- a/global/software/charts/kubernetes/proxy/chart-group.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-proxy
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Kubernetes proxy
-  sequenced: true
-  chart_group:
-    - kubernetes-proxy
diff --git a/global/software/charts/kubernetes/proxy/kubernetes-proxy.yaml b/global/software/charts/kubernetes/proxy/kubernetes-proxy.yaml
deleted file mode 100644
index 3ba13e3a8..000000000
--- a/global/software/charts/kubernetes/proxy/kubernetes-proxy.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-proxy
-  labels:
-    name: kubernetes-proxy-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.proxy
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.proxy
-      dest:
-        path: .values.images.tags
-
-    # IP Addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.command_prefix[1]
-        pattern: POD_CIDR
-
-    # Secrets
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: kubernetes
-        path: .
-      dest:
-        path: .values.secrets.tls.ca
-data:
-  chart_name: proxy
-  release: kubernetes-proxy
-  namespace: kube-system
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-kubernetes-proxy
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-proxy
-  values:
-    command_prefix:
-      - /proxy
-      - --cluster-cidr=POD_CIDR
-      - --proxy-mode=iptables
-    kube_service:
-      host: 127.0.0.1
-      port: 6553
-    livenessProbe:
-      whitelist:
-        - tiller-deploy
-  dependencies:
-    - kubernetes-proxy-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-proxy-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.proxy-htk
-      dest:
-        path: .source
-data:
-  chart_name: kubernetes-proxy-htk
-  release: kubernetes-proxy-htk
-  namespace: kubernetes-proxy-htk
-  dependencies: []
-...
diff --git a/global/software/charts/osh-infra/dependencies.yaml b/global/software/charts/osh-infra/dependencies.yaml
deleted file mode 100644
index cd730ba47..000000000
--- a/global/software/charts/osh-infra/dependencies.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-helm-toolkit
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.helm_toolkit
-      dest:
-        path: .source
-data:
-  chart_name: helm-toolkit
-  release: osh-infra-helm-toolkit
-  namespace: osh-infra-helm-toolkit
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-osh-infra-helm-toolkit
-  upgrade:
-    no_hooks: true
-  values: {}
-  dependencies: []
diff --git a/global/software/charts/osh-infra/osh-infra-ceph-config/ceph-config.yaml b/global/software/charts/osh-infra/osh-infra-ceph-config/ceph-config.yaml
deleted file mode 100644
index 7aa62cdfd..000000000
--- a/global/software/charts/osh-infra/osh-infra-ceph-config/ceph-config.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-ceph-config
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-provisioners
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-provisioners
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-
-data:
-  chart_name: osh-infra-ceph-config
-  release: osh-infra-ceph-config
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-osh-infra-ceph-config
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-osh-infra-ceph-config
-  values:
-    labels:
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      provisioner:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    deployment:
-      ceph: false
-      client_secrets: true
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    storageclass:
-      rbd:
-        ceph_configmap_name: ceph-etc
-        parameters:
-          userSecretName: pvc-ceph-client-key
-      cephfs:
-        provision_storage_class: false
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/osh-infra/osh-infra-ceph-config/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-ceph-config/chart-group.yaml
deleted file mode 100644
index 4ab41ec20..000000000
--- a/global/software/charts/osh-infra/osh-infra-ceph-config/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-ceph-config
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph config for OpenStack-Infra namespace(s)
-  chart_group:
-    - osh-infra-ceph-config
diff --git a/global/software/charts/osh-infra/osh-infra-dashboards/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-dashboards/chart-group.yaml
deleted file mode 100644
index c9c8cf522..000000000
--- a/global/software/charts/osh-infra/osh-infra-dashboards/chart-group.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-dashboards
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OSH Infra Dashboards
-  chart_group:
-    - kibana
-    - grafana
diff --git a/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml b/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml
deleted file mode 100644
index 4c6d68645..000000000
--- a/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml
+++ /dev/null
@@ -1,269 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: grafana
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: grafana-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.grafana
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.grafana
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db_session
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.grafana
-      dest:
-        path: .values.endpoints.grafana
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.monitoring
-      dest:
-        path: .values.endpoints.monitoring
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ldap
-      dest:
-        path: .values.endpoints.ldap
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.grafana.admin
-      dest:
-        path: .values.endpoints.grafana.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.grafana.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.grafana.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.grafana.oslo_db_session
-      dest:
-        path: .values.endpoints.oslo_db_session.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.grafana.oslo_db_session.database
-      dest:
-        path: .values.endpoints.oslo_db_session.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.prometheus.admin
-      dest:
-        path: .values.endpoints.monitoring.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.grafana.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_grafana_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_grafana_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_session.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_grafana_oslo_db_session_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_session.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.monitoring.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_prometheus_admin_password
-        path: .
-
-    # LDAP Configuration Details
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ldap.admin.bind
-      dest:
-        path: .values.endpoints.ldap.auth.admin.bind_dn
-    - dest:
-        path: .values.endpoints.ldap.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_ldap_password
-        path: .
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.subdomain
-      dest:
-        path:  .values.conf.ldap.config.base_dns.search
-        pattern: SUBDOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.domain
-      dest:
-        path:  .values.conf.ldap.config.base_dns.search
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.subdomain
-      dest:
-        path:  .values.conf.ldap.config.base_dns.group_search
-        pattern: SUBDOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.domain
-      dest:
-        path:  .values.conf.ldap.config.base_dns.group_search
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.common_name
-      dest:
-        path:  .values.conf.ldap.config.filters.group_search
-        pattern: COMMON_NAME
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.subdomain
-      dest:
-        path:  .values.conf.ldap.config.filters.group_search
-        pattern: SUBDOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.domain
-      dest:
-        path:  .values.conf.ldap.config.filters.group_search
-        pattern: DOMAIN
-data:
-  chart_name: grafana
-  release: grafana
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-grafana
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-grafana
-    post:
-      create: []
-  values:
-    labels:
-      grafana:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    conf:
-      provisioning:
-        datasources:
-          monitoring:
-            url: http://prom-metrics.osh-infra.svc.cluster.local:80/
-      ldap:
-        config:
-          base_dns:
-            search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
-            group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
-          filters:
-            search: "(sAMAccountName=%s)"
-            group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
-        template: |
-          verbose_logging = true
-          [[servers]]
-          host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
-          port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-          use_ssl = false
-          start_tls = false
-          ssl_skip_verify = false
-          bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
-          bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
-          search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
-          search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
-          group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
-          [servers.attributes]
-          username = "sAMAccountName"
-          surname = "sn"
-          member_of = "memberof"
-          email = "mail"
-          [[servers.group_mappings]]
-          group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
-          org_role = "Admin"
-          [[servers.group_mappings]]
-          group_dn = "*"
-          org_role = "Viewer"
-    pod:
-      replicas:
-        grafana: 2
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-dashboards/kibana.yaml b/global/software/charts/osh-infra/osh-infra-dashboards/kibana.yaml
deleted file mode 100644
index 4685f72aa..000000000
--- a/global/software/charts/osh-infra/osh-infra-dashboards/kibana.yaml
+++ /dev/null
@@ -1,126 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kibana
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.kibana
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.kibana
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.elasticsearch
-      dest:
-        path: .values.endpoints.elasticsearch
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.kibana
-      dest:
-        path: .values.endpoints.kibana
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ldap
-      dest:
-        path: .values.endpoints.ldap
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.elasticsearch.admin
-      dest:
-        path: .values.endpoints.elasticsearch.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.elasticsearch.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_elasticsearch_admin_password
-        path: .
-
-    # LDAP Details
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ldap.admin
-      dest:
-        path: .values.endpoints.ldap.auth.admin
-    - dest:
-        path: .values.endpoints.ldap.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_ldap_password
-        path: .
-data:
-  chart_name: kibana
-  release: kibana
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-kibana
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kibana
-      create: []
-    post:
-      create: []
-  values:
-    conf:
-      apache:
-        host: |
-          <VirtualHost *:80>
-            ProxyRequests off
-            ProxyPreserveHost On
-            <Location />
-                ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-                ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-            </Location>
-            <Proxy *>
-                AuthName "Kibana"
-                AuthType Basic
-                AuthBasicProvider file ldap
-                AuthUserFile /usr/local/apache2/conf/.htpasswd
-                AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
-                AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
-                AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-                Require valid-user
-            </Proxy>
-          </VirtualHost>
-    labels:
-      kibana:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-ingress-controller/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-ingress-controller/chart-group.yaml
deleted file mode 100644
index a6dc3988c..000000000
--- a/global/software/charts/osh-infra/osh-infra-ingress-controller/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-ingress-controller
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OpenStack Namespace Ingress
-  chart_group:
-    - osh-infra-ingress-controller
diff --git a/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml b/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml
deleted file mode 100644
index c66d9ce3c..000000000
--- a/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-ingress-controller
-  labels:
-    name: osh-infra-ingress-controller-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: osh-infra-ingress-controller
-  release: osh-infra-ingress-controller
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-osh-infra-ingress-controller
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-osh-infra-ingress-controller
-  values:
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        ingress: 2
-        error_page: 2
-  dependencies:
-    - osh-helm-toolkit
diff --git a/global/software/charts/osh-infra/osh-infra-logging/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-logging/chart-group.yaml
deleted file mode 100644
index 7a8a5f509..000000000
--- a/global/software/charts/osh-infra/osh-infra-logging/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-logging
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OSH Infra Logging
-  sequenced: True
-  chart_group:
-    - elasticsearch
-    - fluentbit
-    - fluentd
diff --git a/global/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml b/global/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
deleted file mode 100644
index 897a20382..000000000
--- a/global/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
+++ /dev/null
@@ -1,364 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: elasticsearch-global
-  labels:
-    hosttype: elasticsearch-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.elasticsearch
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.elasticsearch
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.elasticsearch
-      dest:
-        path: .values.endpoints.elasticsearch
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.prometheus_elasticsearch_exporter
-      dest:
-        path: .values.endpoints.prometheus_elasticsearch_exporter
-
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ldap
-      dest:
-        path: .values.endpoints.ldap
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.elasticsearch.admin
-      dest:
-        path: .values.endpoints.elasticsearch.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ceph_object_store.admin
-      dest:
-        path: .values.endpoints.ceph_object_store.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ceph_object_store.elasticsearch
-      dest:
-        path: .values.endpoints.ceph_object_store.auth.elasticsearch
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.elasticsearch.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_elasticsearch_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.admin.access_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_admin_access_key
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.admin.secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_admin_secret_key
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.elasticsearch.access_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_elasticsearch_access_key
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.elasticsearch.secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_elasticsearch_secret_key
-        path: .
-
-    # LDAP Details
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ldap.admin
-      dest:
-        path: .values.endpoints.ldap.auth.admin
-    - dest:
-        path: .values.endpoints.ldap.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_ldap_password
-        path: .
-data:
-  chart_name: elasticsearch
-  release: elasticsearch
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-elasticsearch
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-elasticsearch
-      create: []
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        client: 5
-      resources:
-        enabled: true
-        apache_proxy:
-          limits:
-            memory: "1024Mi"
-            cpu: "2000m"
-          requests:
-            memory: "0"
-            cpu: "0"
-        client:
-          requests:
-            memory: "8Gi"
-            cpu: "1000m"
-          limits:
-            memory: "16Gi"
-            cpu: "2000m"
-        master:
-          requests:
-            memory: "8Gi"
-            cpu: "1000m"
-          limits:
-            memory: "16Gi"
-            cpu: "2000m"
-        data:
-          requests:
-            memory: "8Gi"
-            cpu: "1000m"
-          limits:
-            memory: "16Gi"
-            cpu: "2000m"
-        prometheus_elasticsearch_exporter:
-          requests:
-            memory: "0"
-            cpu: "0"
-          limits:
-            memory: "1024Mi"
-            cpu: "2000m"
-        jobs:
-          curator:
-            requests:
-              memory: "0"
-              cpu: "0"
-            limits:
-              memory: "1024Mi"
-              cpu: "2000m"
-          image_repo_sync:
-            requests:
-              memory: "0"
-              cpu: "0"
-            limits:
-              memory: "1024Mi"
-              cpu: "2000m"
-          snapshot_repository:
-            requests:
-              memory: "0"
-              cpu: "0"
-            limits:
-              memory: "1024Mi"
-              cpu: "2000m"
-          tests:
-            requests:
-              memory: "0"
-              cpu: "0"
-            limits:
-              memory: "1024Mi"
-              cpu: "2000m"
-    labels:
-      elasticsearch:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      test:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    monitoring:
-      prometheus:
-        enabled: true
-    conf:
-      httpd: |
-        ServerRoot "/usr/local/apache2"
-        Listen 80
-        LoadModule mpm_event_module modules/mod_mpm_event.so
-        LoadModule authn_file_module modules/mod_authn_file.so
-        LoadModule authn_core_module modules/mod_authn_core.so
-        LoadModule authz_host_module modules/mod_authz_host.so
-        LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-        LoadModule authz_user_module modules/mod_authz_user.so
-        LoadModule authz_core_module modules/mod_authz_core.so
-        LoadModule access_compat_module modules/mod_access_compat.so
-        LoadModule auth_basic_module modules/mod_auth_basic.so
-        LoadModule ldap_module modules/mod_ldap.so
-        LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-        LoadModule reqtimeout_module modules/mod_reqtimeout.so
-        LoadModule filter_module modules/mod_filter.so
-        LoadModule proxy_html_module modules/mod_proxy_html.so
-        LoadModule log_config_module modules/mod_log_config.so
-        LoadModule env_module modules/mod_env.so
-        LoadModule headers_module modules/mod_headers.so
-        LoadModule setenvif_module modules/mod_setenvif.so
-        LoadModule version_module modules/mod_version.so
-        LoadModule proxy_module modules/mod_proxy.so
-        LoadModule proxy_connect_module modules/mod_proxy_connect.so
-        LoadModule proxy_http_module modules/mod_proxy_http.so
-        LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-        LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-        LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-        LoadModule unixd_module modules/mod_unixd.so
-        LoadModule status_module modules/mod_status.so
-        LoadModule autoindex_module modules/mod_autoindex.so
-        <IfModule unixd_module>
-        User daemon
-        Group daemon
-        </IfModule>
-        <Directory />
-            AllowOverride none
-            Require all denied
-        </Directory>
-        <Files ".ht*">
-            Require all denied
-        </Files>
-        ErrorLog /dev/stderr
-        LogLevel warn
-        <IfModule log_config_module>
-            LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-            LogFormat "%h %l %u %t \"%r\" %>s %b" common
-            <IfModule logio_module>
-              LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-            </IfModule>
-            CustomLog /dev/stdout common
-            CustomLog /dev/stdout combined
-        </IfModule>
-        <Directory "/usr/local/apache2/cgi-bin">
-            AllowOverride None
-            Options None
-            Require all granted
-        </Directory>
-        <IfModule headers_module>
-            RequestHeader unset Proxy early
-        </IfModule>
-        <IfModule proxy_html_module>
-        Include conf/extra/proxy-html.conf
-        </IfModule>
-        <VirtualHost *:80>
-          <Location />
-              ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-              ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-          </Location>
-          <Proxy *>
-              AuthName "Elasticsearch"
-              AuthType Basic
-              AuthBasicProvider file ldap
-              AuthUserFile /usr/local/apache2/conf/.htpasswd
-              AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
-              AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
-              AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
-              Require valid-user
-          </Proxy>
-        </VirtualHost>
-      elasticsearch:
-        config:
-          http:
-            max_content_length: 2gb
-            pipelining: false
-        env:
-          java_opts:
-            client: "-Xms8g -Xmx8g"
-            data: "-Xms8g -Xmx8g"
-            master: "-Xms8g -Xmx8g"
-        snapshots:
-          enabled: true
-      curator:
-        #run every 6th hour
-        schedule:  "0 */6 * * *"
-        action_file:
-          # Remember, leave a key empty if there is no value.  None will be a string,
-          # not a Python "NoneType"
-          #
-          # Also remember that all examples have 'disable_action' set to True.  If you
-          # want to use this action as a template, be sure to set this to False after
-          # copying it.
-          actions:
-            1:
-              action: delete_indices
-              description: >-
-                "Delete indices older than 7 days"
-              options:
-                timeout_override:
-                continue_if_exception: False
-                ignore_empty_list: True
-                disable_action: False
-              filters:
-              - filtertype: pattern
-                kind: prefix
-                value: logstash-
-              - filtertype: age
-                source: name
-                direction: older
-                timestring: '%Y.%m.%d'
-                unit: days
-                unit_count: 7
-            2:
-              action: delete_indices
-              description: >-
-                "Delete indices by age if available disk space is
-                 less than 80% total disk"
-              options:
-                timeout_override: 600
-                continue_if_exception: False
-                ignore_empty_list: True
-                disable_action: False
-              filters:
-              - filtertype: pattern
-                kind: prefix
-                value: logstash-
-              - filtertype: space
-                source: creation_date
-                use_age: True
-                disk_space: 1200
-    storage:
-      requests:
-        storage: 500Gi
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml b/global/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml
deleted file mode 100644
index f2e3617b9..000000000
--- a/global/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml
+++ /dev/null
@@ -1,255 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentbit-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  labels:
-    hosttype: fluentbit-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.fluentbit
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.fluentbit
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd # TODO change it in OSH repo
-      dest:
-        path: .values.endpoints.fluentbit
-
-data:
-  chart_name: fluentbit
-  release: fluentbit
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-fluentbit
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-fluentbit
-      create: []
-    post:
-      create: []
-  values:
-    monitoring:
-      prometheus:
-        enabled: true
-    pod:
-      resources:
-        enabled: true
-        fluentbit:
-          limits:
-            memory: '4Gi'
-            cpu: '2000m'
-          requests:
-            memory: '2Gi'
-            cpu: '1000m'
-        jobs:
-          image_repo_sync:
-            requests:
-              memory: '0'
-              cpu: '0'
-            limits:
-              memory: '1024Mi'
-              cpu: '2000m'
-          tests:
-            requests:
-              memory: '0'
-              cpu: '0'
-            limits:
-              memory: '1024Mi'
-              cpu: '2000m'
-    labels:
-      fluentbit:
-        node_selector_key: fluentbit
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    conf:
-      fluentbit:
-        template: |
-          [SERVICE]
-              Daemon false
-              Flush 5
-              Log_Level info
-              Parsers_File parsers.conf
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Path /var/log/kern.log
-              Tag kernel
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Parser docker
-              Path /var/log/containers/*.log
-              Tag kube.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Path /var/log/libvirt/libvirtd.log
-              Tag libvirt
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Path /var/log/libvirt/qemu/*.log
-              Tag qemu
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name systemd
-              Path ${JOURNAL_PATH}
-              Systemd_Filter _SYSTEMD_UNIT=kubelet.service
-              Tag journal.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name systemd
-              Path ${JOURNAL_PATH}
-              Systemd_Filter _SYSTEMD_UNIT=docker.service
-              Tag journal.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Parsers syslog
-              Path /var/log/ceph/airship-ucp-ceph-mon/ceph.log
-              Tag ceph.cluster.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Parsers syslog
-              Path /var/log/ceph/airship-ucp-ceph-mon/ceph.audit.log
-              Tag ceph.audit.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Parsers syslog
-              Path /var/log/ceph/airship-ucp-ceph-mon/ceph-mon**.log
-              Tag ceph.mon.*
-
-          [INPUT]
-              Buffer_Chunk_Size 1M
-              Buffer_Max_Size 1M
-              Mem_Buf_Limit 5MB
-              Name tail
-              Parsers syslog
-              Path /var/log/ceph/airship-ucp-ceph-osd/ceph-osd**.log
-              Tag ceph.osd.*
-
-          [FILTER]
-              Interval 1s
-              Match **
-              Name throttle
-              Rate 1000
-              Window 300
-
-          [FILTER]
-              Match libvirt
-              Name record_modifier
-              Record hostname ${HOSTNAME}
-
-          [FILTER]
-              Match qemu
-              Name record_modifier
-              Record hostname ${HOSTNAME}
-
-          [FILTER]
-              Match kernel
-              Name record_modifier
-              Record hostname ${HOSTNAME}
-
-          [FILTER]
-              Match journal.**
-              Name modify
-              Rename _BOOT_ID BOOT_ID
-              Rename _CAP_EFFECTIVE CAP_EFFECTIVE
-              Rename _CMDLINE CMDLINE
-              Rename _COMM COMM
-              Rename _EXE EXE
-              Rename _GID GID
-              Rename _HOSTNAME HOSTNAME
-              Rename _MACHINE_ID MACHINE_ID
-              Rename _PID PID
-              Rename _SYSTEMD_CGROUP SYSTEMD_CGROUP
-              Rename _SYSTEMD_SLICE SYSTEMD_SLICE
-              Rename _SYSTEMD_UNIT SYSTEMD_UNIT
-              Rename _TRANSPORT TRANSPORT
-              Rename _UID UID
-
-          [OUTPUT]
-              Match **.fluentd**
-              Name null
-
-          [FILTER]
-              Match kube.*
-              Merge_JSON_Log true
-              Name kubernetes
-
-          [OUTPUT]
-              Host ${FLUENTD_HOST}
-              Match *
-              Name forward
-              Port ${FLUENTD_PORT}
-      parsers:
-        template: |
-          [PARSER]
-            Name syslog
-            Format regex
-            Regex '^(?<time>.*[0-9]{2}:[0-9]{2}:[0-9]{2}) (?<host>[^ ]*) (?<app>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? (?<log>.+)$'
-            Time_Key time
-            Time_Format "%Y-%m-%dT%H:%M:%S.%L"
-            Time_Keep On
-            Types "pid:integer"
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-logging/fluentd.yaml b/global/software/charts/osh-infra/osh-infra-logging/fluentd.yaml
deleted file mode 100644
index f0ee09b6a..000000000
--- a/global/software/charts/osh-infra/osh-infra-logging/fluentd.yaml
+++ /dev/null
@@ -1,375 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentd-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  labels:
-    hosttype: fluentd-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.fluentd
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.fluentd
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.prometheus_fluentd_exporter
-      dest:
-        path: .values.endpoints.prometheus_fluentd_exporter
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.elasticsearch.admin
-      dest:
-        path: .values.endpoints.elasticsearch.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.elasticsearch.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_elasticsearch_admin_password
-        path: .
-
-data:
-  chart_name: fluentd
-  release: fluentd
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-fluentd
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-fluentd
-      create: []
-    post:
-      create: []
-  values:
-    monitoring:
-      prometheus:
-        enabled: true
-    pod:
-      resources:
-        enabled: true
-        fluentd:
-          limits:
-            memory: '4Gi'
-            cpu: '2000m'
-          requests:
-            memory: '2Gi'
-            cpu: '1000m'
-        prometheus_fluentd_exporter:
-          limits:
-            memory: '1024Mi'
-            cpu: '2000m'
-          requests:
-            memory: '0'
-            cpu: '0'
-        jobs:
-          image_repo_sync:
-            requests:
-              memory: '0'
-              cpu: '0'
-            limits:
-              memory: '1024Mi'
-              cpu: '2000m'
-          tests:
-            requests:
-              memory: '0'
-              cpu: '0'
-            limits:
-              memory: '1024Mi'
-              cpu: '2000m'
-    labels:
-      fluentd:
-        node_selector_key: fluentd
-        node_selector_value: enabled
-      prometheus_fluentd_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    conf:
-      fluentd:
-        template: |
-          <source>
-            bind 0.0.0.0
-            port 24220
-            @type monitor_agent
-          </source>
-
-          <source>
-            bind 0.0.0.0
-            port "#{ENV['FLUENTD_PORT']}"
-            @type forward
-          </source>
-
-          <match fluent.**>
-            @type null
-          </match>
-
-          <match kube.var.log.containers.**.log>
-            <rule>
-              key log
-              pattern /info/i
-              tag info.${tag}
-            </rule>
-            <rule>
-              key log
-              pattern /warn/i
-              tag warn.${tag}
-            </rule>
-            <rule>
-              key log
-              pattern /error/i
-              tag error.${tag}
-            </rule>
-            <rule>
-              key log
-              pattern /critical/i
-              tag critical.${tag}
-            </rule>
-            <rule>
-              key log
-              pattern (.+)
-              tag info.${tag}
-            </rule>
-            @type rewrite_tag_filter
-          </match>
-
-          <filter **.kube.var.log.containers.**.log>
-            enable_ruby true
-            <record>
-              application ${record["kubernetes"]["labels"]["application"]}
-              level ${tag_parts[0]}
-            </record>
-            @type record_transformer
-          </filter>
-
-          <filter openstack.**>
-            <record>
-              application ${tag_parts[1]}
-            </record>
-            @type record_transformer
-          </filter>
-
-          <match openstack.**>
-            <rule>
-              key level
-              pattern INFO
-              tag info.${tag}
-            </rule>
-            <rule>
-              key level
-              pattern WARN
-              tag warn.${tag}
-            </rule>
-            <rule>
-              key level
-              pattern ERROR
-              tag error.${tag}
-            </rule>
-            <rule>
-              key level
-              pattern CRITICAL
-              tag critical.${tag}
-            </rule>
-            @type rewrite_tag_filter
-          </match>
-
-          <match *.openstack.**>
-            <rule>
-              key application
-              pattern keystone
-              tag auth.${tag}
-            </rule>
-            <rule>
-              key application
-              pattern horizon
-              tag auth.${tag}
-            </rule>
-            <rule>
-              key application
-              pattern mariadb
-              tag auth.${tag}
-            </rule>
-            <rule>
-              key application
-              pattern memcached
-              tag auth.${tag}
-            </rule>
-            <rule>
-              key application
-              pattern rabbitmq
-              tag auth.${tag}
-            </rule>
-            @type rewrite_tag_filter
-          </match>
-
-          <match libvirt>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            logstash_prefix libvirt
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-
-          <match qemu>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            logstash_prefix qemu
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-
-          <match journal.**>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            logstash_prefix journal
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-
-          <match kernel>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            logstash_prefix kernel
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-
-          <match **>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            type_name fluent
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-
-          <match *ceph-**.log>
-            <buffer>
-              chunk_limit_size 8MB
-              flush_interval 15s
-              flush_thread_count 8
-              queue_limit_length 256
-              retry_forever false
-              retry_max_interval 30
-            </buffer>
-            host "#{ENV['ELASTICSEARCH_HOST']}"
-            reload_connections false
-            reconnect_on_error true
-            reload_on_failure true
-            include_tag_key true
-            logstash_format true
-            logstash_prefix ceph
-            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
-            port "#{ENV['ELASTICSEARCH_PORT']}"
-            @type elasticsearch
-            user "#{ENV['ELASTICSEARCH_USERNAME']}"
-          </match>
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-mariadb/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-mariadb/chart-group.yaml
deleted file mode 100644
index 5aa0c0035..000000000
--- a/global/software/charts/osh-infra/osh-infra-mariadb/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-mariadb
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OpenStack-Infra MariaDB
-  chart_group:
-    - osh-infra-mariadb
diff --git a/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml b/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml
deleted file mode 100644
index dff8f531b..000000000
--- a/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-mariadb
-  labels:
-    name: osh-infra-mariadb-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.mariadb
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.mariadb
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.prometheus_mysql_exporter
-      dest:
-        path: .values.endpoints.prometheus_mysql_exporter
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.oslo_db.admin
-      dest:
-        path: .values.endpoints.oslo_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.prometheus_mysql_exporter.user
-      dest:
-        path: .values.endpoints.prometheus_mysql_exporter.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.exporter.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_oslo_db_exporter_password
-        path: .
-data:
-  chart_name: osh-infra-mariadb
-  release: osh-infra-mariadb
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-osh-infra-mariadb
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-osh-infra-mariadb
-  values:
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      prometheus_mysql_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    monitoring:
-      prometheus:
-        enabled: true
-  dependencies:
-    - osh-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/chart-group.yaml
deleted file mode 100644
index a67810c5a..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-monitoring
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OSH Infra Monitoring
-  chart_group:
-    - prometheus
-    - prometheus-alertmanager
-    - prometheus-node-exporter
-    - prometheus-process-exporter
-    - prometheus-kube-state-metrics
-    - nagios
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/nagios.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/nagios.yaml
deleted file mode 100644
index ee7122e8e..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/nagios.yaml
+++ /dev/null
@@ -1,159 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nagios
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.nagios
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.nagios
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.nagios
-      dest:
-        path: .values.endpoints.nagios
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.monitoring
-      dest:
-        path: .values.endpoints.monitoring
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.elasticsearch
-      dest:
-        path: .values.endpoints.elasticsearch
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ldap
-      dest:
-        path: .values.endpoints.ldap
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.nagios.admin
-      dest:
-        path: .values.endpoints.nagios.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.prometheus.admin
-      dest:
-        path: .values.endpoints.monitoring.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.elasticsearch.admin
-      dest:
-        path: .values.endpoints.elasticsearch.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.nagios.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_nagios_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.elasticsearch.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_elasticsearch_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.monitoring.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_prometheus_admin_password
-        path: .
-
-    # LDAP Details
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ldap.admin
-      dest:
-        path: .values.endpoints.ldap.auth.admin
-    - dest:
-        path: .values.endpoints.ldap.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_ldap_password
-        path: .
-
-data:
-  chart_name: nagios
-  release: nagios
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-nagios
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-nagios
-      create: []
-    post:
-      create: []
-  values:
-    conf:
-      apache:
-        host: |
-          <VirtualHost *:80>
-            <Location />
-                ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-                ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
-            </Location>
-            <Proxy *>
-                AuthName "Nagios"
-                AuthType Basic
-                AuthBasicProvider file ldap
-                AuthUserFile /usr/local/apache2/conf/.htpasswd
-                AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
-                AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
-                AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-                Require valid-user
-            </Proxy>
-          </VirtualHost>
-    labels:
-      nagios:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        nagios: 3
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-alertmanager.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-alertmanager.yaml
deleted file mode 100644
index f69411258..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-alertmanager.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus-alertmanager
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_alertmanager
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_alertmanager
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.alerts
-      dest:
-        path: .values.endpoints.alerts
-
-data:
-  chart_name: prometheus-alertmanager
-  release: prometheus-alertmanager
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus-alertmanager
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus-alertmanager
-      create: []
-    post:
-      create: []
-  values:
-    manifests:
-      ingress: false
-      service_ingress: false
-    labels:
-      alertmanager:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-kube-state-metrics.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-kube-state-metrics.yaml
deleted file mode 100644
index 4fe639a40..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-kube-state-metrics.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus-kube-state-metrics
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_kube_state_metrics
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_kube_state_metrics
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.kube_state_metrics
-      dest:
-        path: .values.endpoints.kube_state_metrics
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.kube_scheduler
-      dest:
-        path: .values.endpoints.kube_scheduler
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.kube_controller_manager
-      dest:
-        path: .values.endpoints.kube_controller_manager
-
-data:
-  chart_name: prometheus-kube-state-metrics
-  release: prometheus-kube-state-metrics
-  namespace: kube-system
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus-kube-state-metrics
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus-kube-state-metrics
-      create: []
-    post:
-      create: []
-  values:
-    labels:
-      kube_state_metrics:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-node-exporter.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-node-exporter.yaml
deleted file mode 100644
index 73d21b464..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-node-exporter.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus-node-exporter
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_node_exporter
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_node_exporter
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.node_metrics
-      dest:
-        path: .values.endpoints.node_metrics
-
-data:
-  chart_name: prometheus-node-exporter
-  release: prometheus-node-exporter
-  namespace: kube-system
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus-node-exporter
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus-node-exporter
-      create: []
-    post:
-      create: []
-  values:
-    labels:
-      node_exporter:
-        node_selector_key: node-exporter
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-process-exporter.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-process-exporter.yaml
deleted file mode 100644
index d64e8564e..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus-process-exporter.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus-process-exporter
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_process_exporter
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_process_exporter
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.process_exporter_metrics
-      dest:
-        path: .values.endpoints.process_exporter_metrics
-
-data:
-  chart_name: prometheus-process-exporter
-  release: prometheus-process-exporter
-  namespace: kube-system
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus-process-exporter
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus-process-exporter
-      create: []
-    post:
-      create: []
-  values:
-    labels:
-      node_exporter:
-        node_selector_key: node-exporter
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml
deleted file mode 100644
index 6c3cd97e6..000000000
--- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml
+++ /dev/null
@@ -1,1654 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus
-  labels:
-    name: prometheus-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.monitoring
-      dest:
-        path: .values.endpoints.monitoring
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.alerts
-      dest:
-        path: .values.endpoints.alerts
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ldap
-      dest:
-        path: .values.endpoints.ldap
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.prometheus.admin
-      dest:
-        path: .values.endpoints.monitoring.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.monitoring.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_prometheus_admin_password
-        path: .
-
-    # LDAP Details
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ldap.admin
-      dest:
-        path: .values.endpoints.ldap.auth.admin
-    - dest:
-        path: .values.endpoints.ldap.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_ldap_password
-        path: .
-
-data:
-  chart_name: prometheus
-  release: prometheus
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus
-      create: []
-    post:
-      create: []
-  values:
-    manifests:
-      ingress: false
-      service_ingress: false
-    labels:
-      prometheus:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        prometheus: 3
-      resources:
-        enabled: true
-        prometheus:
-          limits:
-            memory: "64Gi"
-            cpu: "4000m"
-          requests:
-            memory: "16Gi"
-            cpu: "2000m"
-    storage:
-      requests:
-        storage: 500Gi
-    conf:
-      prometheus:
-        command_line_flags:
-          storage.tsdb.max_block_duration: 17h
-        scrape_configs:
-          global:
-            scrape_interval: 60s
-            evaluation_interval: 60s
-          scrape_configs:
-            # NOTE(srwilkers): The job definition for Prometheus should always be
-            # listed first, so we can inject the basic auth username and password
-            # via the endpoints section
-            - job_name: 'prometheus-metrics'
-              kubernetes_sd_configs:
-              - role: endpoints
-              scrape_interval: 60s
-              relabel_configs:
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: keep
-                regex: "prom-metrics"
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scrape
-                action: keep
-                regex: true
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scheme
-                action: replace
-                target_label: __scheme__
-                regex: (https?)
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_path
-                action: replace
-                target_label: __metrics_path__
-                regex: (.+)
-              - source_labels:
-                  - __address__
-                  - __meta_kubernetes_service_annotation_prometheus_io_port
-                action: replace
-                target_label: __address__
-                regex: ([^:]+)(?::\d+)?;(\d+)
-                replacement: $1:$2
-              - action: labelmap
-                regex: __meta_kubernetes_service_label_(.+)
-              - source_labels:
-                  - __meta_kubernetes_namespace
-                action: replace
-                target_label: kubernetes_namespace
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: replace
-                target_label: instance
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: replace
-                target_label: kubernetes_name
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                target_label: job
-                replacement: ${1}
-            - job_name: kubelet
-              scheme: https
-              # This TLS & bearer token file config is used to connect to the actual scrape
-              # endpoints for cluster components. This is separate to discovery auth
-              # configuration because discovery & scraping are two separate concerns in
-              # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-              # the cluster. Otherwise, more config options have to be provided within the
-              # <kubernetes_sd_config>.
-              tls_config:
-                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-              kubernetes_sd_configs:
-              - role: node
-              scrape_interval: 45s
-              relabel_configs:
-              - action: labelmap
-                regex: __meta_kubernetes_node_label_(.+)
-              - target_label: __address__
-                replacement: kubernetes.default.svc:443
-              - source_labels:
-                  - __meta_kubernetes_node_name
-                regex: (.+)
-                target_label: __metrics_path__
-                replacement: /api/v1/nodes/${1}/proxy/metrics
-              - source_labels:
-                  - __meta_kubernetes_node_name
-                action: replace
-                target_label: kubernetes_io_hostname
-              # Scrape config for Kubelet cAdvisor.
-              #
-              # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics
-              # (those whose names begin with 'container_') have been removed from the
-              # Kubelet metrics endpoint.  This job scrapes the cAdvisor endpoint to
-              # retrieve those metrics.
-              #
-              # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor
-              # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics"
-              # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with
-              # the --cadvisor-port=0 Kubelet flag).
-              #
-              # This job is not necessary and should be removed in Kubernetes 1.6 and
-              # earlier versions, or it will cause the metrics to be scraped twice.
-            - job_name: 'kubernetes-cadvisor'
-
-              # Default to scraping over https. If required, just disable this or change to
-              # `http`.
-              scheme: https
-
-              # This TLS & bearer token file config is used to connect to the actual scrape
-              # endpoints for cluster components. This is separate to discovery auth
-              # configuration because discovery & scraping are two separate concerns in
-              # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-              # the cluster. Otherwise, more config options have to be provided within the
-              # <kubernetes_sd_config>.
-              tls_config:
-                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-
-              kubernetes_sd_configs:
-              - role: node
-
-              relabel_configs:
-              - action: labelmap
-                regex: __meta_kubernetes_node_label_(.+)
-              - target_label: __address__
-                replacement: kubernetes.default.svc:443
-              - source_labels:
-                  - __meta_kubernetes_node_name
-                regex: (.+)
-                target_label: __metrics_path__
-                replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
-              metric_relabel_configs:
-              - source_labels:
-                  - __name__
-                regex: 'container_network_tcp_usage_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_tasks_state'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_udp_usage_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_failures_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_cpu_load_average_10s'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_cpu_system_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_cpu_user_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_inodes_free'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_inodes_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_io_current'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_io_time_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_io_time_weighted_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_read_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_reads_merged_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_reads_merged_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_reads_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_sector_reads_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_sector_writes_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_write_seconds_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_writes_bytes_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_writes_merged_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_fs_writes_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_last_seen'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_cache'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_failcnt'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_max_usage_bytes'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_rss'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_swap'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_memory_usage_bytes'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_receive_errors_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_receive_packets_dropped_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_receive_packets_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_transmit_errors_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_transmit_packets_dropped_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_network_transmit_packets_total'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_spec_cpu_period'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_spec_cpu_shares'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_spec_memory_limit_bytes'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_spec_memory_reservation_limit_bytes'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_spec_memory_swap_limit_bytes'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'container_start_time_seconds'
-                action: drop
-              # Scrape config for API servers.
-              #
-              # Kubernetes exposes API servers as endpoints to the default/kubernetes
-              # service so this uses `endpoints` role and uses relabelling to only keep
-              # the endpoints associated with the default/kubernetes service using the
-              # default named port `https`. This works for single API server deployments as
-              # well as HA API server deployments.
-            - job_name: 'apiserver'
-              kubernetes_sd_configs:
-              - role: endpoints
-              scrape_interval: 45s
-              # Default to scraping over https. If required, just disable this or change to
-              # `http`.
-              scheme: https
-              # This TLS & bearer token file config is used to connect to the actual scrape
-              # endpoints for cluster components. This is separate to discovery auth
-              # configuration because discovery & scraping are two separate concerns in
-              # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-              # the cluster. Otherwise, more config options have to be provided within the
-              # <kubernetes_sd_config>.
-              tls_config:
-                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-                # If your node certificates are self-signed or use a different CA to the
-                # master CA, then disable certificate verification below. Note that
-                # certificate verification is an integral part of a secure infrastructure
-                # so this should only be disabled in a controlled environment. You can
-                # disable certificate verification by uncommenting the line below.
-                #
-                # insecure_skip_verify: true
-              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-              # Keep only the default/kubernetes service endpoints for the https port. This
-              # will add targets for each API server which Kubernetes adds an endpoint to
-              # the default/kubernetes service.
-              relabel_configs:
-              - source_labels:
-                  - __meta_kubernetes_namespace
-                  - __meta_kubernetes_service_name
-                  - __meta_kubernetes_endpoint_port_name
-                action: keep
-                regex: default;kubernetes;https
-              metric_relabel_configs:
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_admission_controller_admission_latencies_seconds_bucket'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'rest_client_request_latency_seconds_bucket'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_response_sizes_bucket'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_admission_step_admission_latencies_seconds_bucket'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_admission_controller_admission_latencies_seconds_count'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_admission_controller_admission_latencies_seconds_sum'
-                action: drop
-              - source_labels:
-                  - __name__
-                regex: 'apiserver_request_latencies_summary'
-                action: drop
-            # Scrape config for service endpoints.
-            #
-            # The relabeling allows the actual service scrape endpoint to be configured
-            # via the following annotations:
-            #
-            # * `prometheus.io/scrape`: Only scrape services that have a value of `true`
-            # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
-            # to set this to `https` & most likely set the `tls_config` of the scrape config.
-            # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
-            # * `prometheus.io/port`: If the metrics are exposed on a different port to the
-            # service then set this appropriately.
-            - job_name: 'openstack-exporter'
-              kubernetes_sd_configs:
-              - role: endpoints
-              scrape_interval: 60s
-              relabel_configs:
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: keep
-                regex: "openstack-metrics"
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scrape
-                action: keep
-                regex: true
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scheme
-                action: replace
-                target_label: __scheme__
-                regex: (https?)
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_path
-                action: replace
-                target_label: __metrics_path__
-                regex: (.+)
-              - source_labels:
-                  - __address__
-                  - __meta_kubernetes_service_annotation_prometheus_io_port
-                action: replace
-                target_label: __address__
-                regex: ([^:]+)(?::\d+)?;(\d+)
-                replacement: $1:$2
-              - action: labelmap
-                regex: __meta_kubernetes_service_label_(.+)
-              - source_labels:
-                  - __meta_kubernetes_namespace
-                action: replace
-                target_label: kubernetes_namespace
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: replace
-                target_label: instance
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: replace
-                target_label: kubernetes_name
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                target_label: job
-                replacement: ${1}
-            - job_name: 'kubernetes-service-endpoints'
-              kubernetes_sd_configs:
-              - role: endpoints
-              scrape_interval: 60s
-              relabel_configs:
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: drop
-                regex: '(openstack-metrics|prom-metrics)'
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scrape
-                action: keep
-                regex: true
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_scheme
-                action: replace
-                target_label: __scheme__
-                regex: (https?)
-              - source_labels:
-                  - __meta_kubernetes_service_annotation_prometheus_io_path
-                action: replace
-                target_label: __metrics_path__
-                regex: (.+)
-              - source_labels:
-                  - __address__
-                  - __meta_kubernetes_service_annotation_prometheus_io_port
-                action: replace
-                target_label: __address__
-                regex: ([^:]+)(?::\d+)?;(\d+)
-                replacement: $1:$2
-              - action: labelmap
-                regex: __meta_kubernetes_service_label_(.+)
-              - source_labels:
-                  - __meta_kubernetes_namespace
-                action: replace
-                target_label: kubernetes_namespace
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                action: replace
-                target_label: kubernetes_name
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                target_label: job
-                replacement: ${1}
-            # Example scrape config for pods
-            #
-            # The relabeling allows the actual pod scrape endpoint to be configured via the
-            # following annotations:
-            #
-            # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
-            # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
-            # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the
-            # pod's declared ports (default is a port-free target if none are declared).
-            - job_name: 'kubernetes-pods'
-              kubernetes_sd_configs:
-              - role: pod
-              relabel_configs:
-              - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-                action: keep
-                regex: true
-              - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-                action: replace
-                target_label: __metrics_path__
-                regex: (.+)
-              - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-                action: replace
-                regex: ([^:]+)(?::\d+)?;(\d+)
-                replacement: $1:$2
-                target_label: __address__
-              - action: labelmap
-                regex: __meta_kubernetes_pod_label_(.+)
-              - source_labels: [__meta_kubernetes_namespace]
-                action: replace
-                target_label: kubernetes_namespace
-              - source_labels: [__meta_kubernetes_pod_name]
-                action: replace
-                target_label: kubernetes_pod_name
-            - job_name: calico-etcd
-              kubernetes_sd_configs:
-              - role: service
-              scrape_interval: 20s
-              relabel_configs:
-              - action: labelmap
-                regex: __meta_kubernetes_service_label_(.+)
-              - action: keep
-                source_labels:
-                  - __meta_kubernetes_service_name
-                regex: "calico-etcd"
-              - action: keep
-                source_labels:
-                  - __meta_kubernetes_namespace
-                regex: kube-system
-                target_label: namespace
-              - source_labels:
-                  - __meta_kubernetes_pod_name
-                target_label: pod
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                target_label: service
-              - source_labels:
-                  - __meta_kubernetes_service_name
-                target_label: job
-                replacement: ${1}
-              - source_labels:
-                  - __meta_kubernetes_service_label
-                target_label: job
-                regex: calico-etcd
-                replacement: ${1}
-              - target_label: endpoint
-                replacement: "calico-etcd"
-          alerting:
-            alertmanagers:
-            - kubernetes_sd_configs:
-                - role: pod
-              tls_config:
-                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-              relabel_configs:
-              - source_labels: [__meta_kubernetes_pod_label_application]
-                regex: alertmanager
-                action: keep
-              - source_labels: [__meta_kubernetes_pod_container_port_name]
-                regex: alerts-api
-                action: keep
-              - source_labels: [__meta_kubernetes_pod_container_port_name]
-                regex: peer-mesh
-                action: drop
-        rules:
-          alertmanager:
-            groups:
-            - name: alertmanager.rules
-              rules:
-              - alert: AlertmanagerConfigInconsistent
-                expr: count_values("config_hash", alertmanager_config_hash) BY (service) / ON(service) GROUP_LEFT() label_replace(prometheus_operator_alertmanager_spec_replicas, "service", "alertmanager-$1", "alertmanager", "(.*)") != 1
-                for: 5m
-                labels:
-                  severity: critical
-                annotations:
-                  description: The configuration of the instances of the Alertmanager cluster `{{$labels.service}}` are out of sync.
-                  summary: Alertmanager configurations are inconsistent
-              - alert: AlertmanagerDownOrMissing
-                expr: label_replace(prometheus_operator_alertmanager_spec_replicas, "job", "alertmanager-$1", "alertmanager", "(.*)") / ON(job) GROUP_RIGHT() sum(up) BY (job) != 1
-                for: 5m
-                labels:
-                  severity: warning
-                annotations:
-                  description: An unexpected number of Alertmanagers are scraped or Alertmanagers disappeared from discovery.
-                  summary: Alertmanager down or not discovered
-              - alert: FailedReload
-                expr: alertmanager_config_last_reload_successful == 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}.
-                  summary: Alertmanager configuration reload has failed
-          etcd3:
-            groups:
-            - name: etcd3.rules
-              rules:
-              - alert: etcd_InsufficientMembers
-                expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
-                for: 3m
-                labels:
-                  severity: critical
-                annotations:
-                  description: If one more etcd member goes down the cluster will be unavailable
-                  summary: etcd cluster insufficient members
-              - alert: etcd_NoLeader
-                expr: etcd_server_has_leader{job="etcd"} == 0
-                for: 1m
-                labels:
-                  severity: critical
-                annotations:
-                  description: etcd member {{ $labels.instance }} has no leader
-                  summary: etcd member has no leader
-              - alert: etcd_HighNumberOfLeaderChanges
-                expr: increase(etcd_server_leader_changes_seen_total{job="etcd"}[1h]) > 3
-                labels:
-                  severity: warning
-                annotations:
-                  description: etcd instance {{ $labels.instance }} has seen {{ $value }} leader changes within the last hour
-                  summary: a high number of leader changes within the etcd cluster are happening
-              - alert: etcd_HighNumberOfFailedGRPCRequests
-                expr: sum(rate(etcd_grpc_requests_failed_total{job="etcd"}[5m])) BY (grpc_method) / sum(rate(etcd_grpc_total{job="etcd"}[5m])) BY (grpc_method) > 0.01
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{ $value }}% of requests for {{ $labels.grpc_method }} failed on etcd instance {{ $labels.instance }}'
-                  summary: a high number of gRPC requests are failing
-              - alert: etcd_HighNumberOfFailedGRPCRequests
-                expr: sum(rate(etcd_grpc_requests_failed_total{job="etcd"}[5m])) BY (grpc_method) / sum(rate(etcd_grpc_total{job="etcd"}[5m])) BY (grpc_method) > 0.05
-                for: 5m
-                labels:
-                  severity: critical
-                annotations:
-                  description: '{{ $value }}% of requests for {{ $labels.grpc_method }} failed on etcd instance {{ $labels.instance }}'
-                  summary: a high number of gRPC requests are failing
-              - alert: etcd_GRPCRequestsSlow
-                expr: histogram_quantile(0.99, rate(etcd_grpc_unary_requests_duration_seconds_bucket[5m])) > 0.15
-                for: 10m
-                labels:
-                  severity: critical
-                annotations:
-                  description: on etcd instance {{ $labels.instance }} gRPC requests to {{ $labels.grpc_method }} are slow
-                  summary: slow gRPC requests
-              - alert: etcd_HighNumberOfFailedHTTPRequests
-                expr: sum(rate(etcd_http_failed_total{job="etcd"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job="etcd"}[5m])) BY (method) > 0.01
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd instance {{ $labels.instance }}'
-                  summary: a high number of HTTP requests are failing
-              - alert: etcd_HighNumberOfFailedHTTPRequests
-                expr: sum(rate(etcd_http_failed_total{job="etcd"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job="etcd"}[5m])) BY (method) > 0.05
-                for: 5m
-                labels:
-                  severity: critical
-                annotations:
-                  description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd instance {{ $labels.instance }}'
-                  summary: a high number of HTTP requests are failing
-              - alert: etcd_HTTPRequestsSlow
-                expr: histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) > 0.15
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: on etcd instance {{ $labels.instance }} HTTP requests to {{ $labels.method }} are slow
-                  summary: slow HTTP requests
-              - alert: etcd_EtcdMemberCommunicationSlow
-                expr: histogram_quantile(0.99, rate(etcd_network_member_round_trip_time_seconds_bucket[5m])) > 0.15
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: etcd instance {{ $labels.instance }} member communication with {{ $labels.To }} is slow
-                  summary: etcd member communication is slow
-              - alert: etcd_HighNumberOfFailedProposals
-                expr: increase(etcd_server_proposals_failed_total{job="etcd"}[1h]) > 5
-                labels:
-                  severity: warning
-                annotations:
-                  description: etcd instance {{ $labels.instance }} has seen {{ $value }} proposal failures within the last hour
-                  summary: a high number of proposals within the etcd cluster are failing
-              - alert: etcd_HighFsyncDurations
-                expr: histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m])) > 0.5
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: etcd instance {{ $labels.instance }} fync durations are high
-                  summary: high fsync durations
-              - alert: etcd_HighCommitDurations
-                expr: histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket[5m])) > 0.25
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: etcd instance {{ $labels.instance }} commit durations are high
-                  summary: high commit durations
-          kube_apiserver:
-            groups:
-            - name: kube-apiserver.rules
-              rules:
-              - alert: K8SApiserverDown
-                expr: absent(up{job="apiserver"} == 1)
-                for: 5m
-                labels:
-                  severity: critical
-                annotations:
-                  description: Prometheus failed to scrape API server(s), or all API servers have disappeared from service discovery.
-                  summary: API server unreachable
-              - alert: K8SApiServerLatency
-                expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket{verb!~"CONNECT|WATCHLIST|WATCH|PROXY"}) WITHOUT (instance, resource)) / 1e+06 > 1
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 99th percentile Latency for {{ $labels.verb }} requests to the kube-apiserver is higher than 1s.
-                  summary: Kubernetes apiserver latency is high
-          kube_controller_manager:
-            groups:
-            - name: kube-controller-manager.rules
-              rules:
-              - alert: K8SControllerManagerDown
-                expr: absent(up{job="kube-controller-manager-discovery"} == 1)
-                for: 5m
-                labels:
-                  severity: critical
-                annotations:
-                  description: There is no running K8S controller manager. Deployments and replication controllers are not making progress.
-                  runbook: https://coreos.com/tectonic/docs/latest/troubleshooting/controller-recovery.html#recovering-a-controller-manager
-                  summary: Controller manager is down
-          kubelet:
-            groups:
-            - name: kubelet.rules
-              rules:
-              - alert: K8SNodeNotReady
-                expr: kube_node_status_ready{condition="true"} == 0
-                for: 1h
-                labels:
-                  severity: warning
-                annotations:
-                  description: The Kubelet on {{ $labels.node }} has not checked in with the API, or has set itself to NotReady, for more than an hour
-                  summary: Node status is NotReady
-              - alert: K8SManyNodesNotReady
-                expr: count(kube_node_status_ready{condition="true"} == 0) > 1 and (count(kube_node_status_ready{condition="true"} == 0) / count(kube_node_status_ready{condition="true"})) > 0.2
-                for: 1m
-                labels:
-                  severity: critical
-                annotations:
-                  description: '{{ $value }} Kubernetes nodes (more than 10% are in the NotReady state).'
-                  summary: Many Kubernetes nodes are Not Ready
-              - alert: K8SKubeletDown
-                expr: count(up{job="kubelet"} == 0) / count(up{job="kubelet"}) > 0.03
-                for: 1h
-                labels:
-                  severity: warning
-                annotations:
-                  description: Prometheus failed to scrape {{ $value }}% of kubelets.
-                  summary: Many Kubelets cannot be scraped
-              - alert: K8SKubeletDown
-                expr: absent(up{job="kubelet"} == 1) or count(up{job="kubelet"} == 0) / count(up{job="kubelet"}) > 0.1
-                for: 1h
-                labels:
-                  severity: critical
-                annotations:
-                  description: Prometheus failed to scrape {{ $value }}% of kubelets, or all Kubelets have disappeared from service discovery.
-                  summary: Many Kubelets cannot be scraped
-              - alert: K8SKubeletTooManyPods
-                expr: kubelet_running_pod_count > 100
-                labels:
-                  severity: warning
-                annotations:
-                  description: Kubelet {{$labels.instance}} is running {{$value}} pods, close to the limit of 110
-                  summary: Kubelet is close to pod limit
-          kubernetes:
-            groups:
-            - name: kubernetes.rules
-              rules:
-              - record: cluster_namespace_controller_pod_container:spec_memory_limit_bytes
-                expr: sum(label_replace(container_spec_memory_limit_bytes{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:spec_cpu_shares
-                expr: sum(label_replace(container_spec_cpu_shares{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:cpu_usage:rate
-                expr: sum(label_replace(irate(container_cpu_usage_seconds_total{container_name!=""}[5m]), "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:memory_usage:bytes
-                expr: sum(label_replace(container_memory_usage_bytes{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:memory_working_set:bytes
-                expr: sum(label_replace(container_memory_working_set_bytes{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:memory_rss:bytes
-                expr: sum(label_replace(container_memory_rss{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:memory_cache:bytes
-                expr: sum(label_replace(container_memory_cache{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:disk_usage:bytes
-                expr: sum(label_replace(container_disk_usage_bytes{container_name!=""}, "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name)
-              - record: cluster_namespace_controller_pod_container:memory_pagefaults:rate
-                expr: sum(label_replace(irate(container_memory_failures_total{container_name!=""}[5m]), "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name, scope, type)
-              - record: cluster_namespace_controller_pod_container:memory_oom:rate
-                expr: sum(label_replace(irate(container_memory_failcnt{container_name!=""}[5m]), "controller", "$1", "pod_name", "^(.*)-[a-z0-9]+")) BY (cluster, namespace, controller, pod_name, container_name, scope, type)
-              - record: cluster:memory_allocation:percent
-                expr: 100 * sum(container_spec_memory_limit_bytes{pod_name!=""}) BY (cluster) / sum(machine_memory_bytes) BY (cluster)
-              - record: cluster:memory_used:percent
-                expr: 100 * sum(container_memory_usage_bytes{pod_name!=""}) BY (cluster) / sum(machine_memory_bytes) BY (cluster)
-              - record: cluster:cpu_allocation:percent
-                expr: 100 * sum(container_spec_cpu_shares{pod_name!=""}) BY (cluster) / sum(container_spec_cpu_shares{id="/"} * ON(cluster, instance) machine_cpu_cores) BY (cluster)
-              - record: cluster:node_cpu_use:percent
-                expr: 100 * sum(rate(node_cpu{mode!="idle"}[5m])) BY (cluster) / sum(machine_cpu_cores) BY (cluster)
-              - record: cluster_resource_verb:apiserver_latency:quantile_seconds
-                expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket) BY (le, cluster, job, resource, verb)) / 1e+06
-                labels:
-                  quantile: "0.99"
-              - record: cluster_resource_verb:apiserver_latency:quantile_seconds
-                expr: histogram_quantile(0.9, sum(apiserver_request_latencies_bucket) BY (le, cluster, job, resource, verb)) / 1e+06
-                labels:
-                  quantile: "0.9"
-              - record: cluster_resource_verb:apiserver_latency:quantile_seconds
-                expr: histogram_quantile(0.5, sum(apiserver_request_latencies_bucket) BY (le, cluster, job, resource, verb)) / 1e+06
-                labels:
-                  quantile: "0.5"
-              - record: cluster:scheduler_e2e_scheduling_latency:quantile_seconds
-                expr: histogram_quantile(0.99, sum(scheduler_e2e_scheduling_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.99"
-              - record: cluster:scheduler_e2e_scheduling_latency:quantile_seconds
-                expr: histogram_quantile(0.9, sum(scheduler_e2e_scheduling_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.9"
-              - record: cluster:scheduler_e2e_scheduling_latency:quantile_seconds
-                expr: histogram_quantile(0.5, sum(scheduler_e2e_scheduling_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.5"
-              - record: cluster:scheduler_scheduling_algorithm_latency:quantile_seconds
-                expr: histogram_quantile(0.99, sum(scheduler_scheduling_algorithm_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.99"
-              - record: cluster:scheduler_scheduling_algorithm_latency:quantile_seconds
-                expr: histogram_quantile(0.9, sum(scheduler_scheduling_algorithm_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.9"
-              - record: cluster:scheduler_scheduling_algorithm_latency:quantile_seconds
-                expr: histogram_quantile(0.5, sum(scheduler_scheduling_algorithm_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.5"
-              - record: cluster:scheduler_binding_latency:quantile_seconds
-                expr: histogram_quantile(0.99, sum(scheduler_binding_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.99"
-              - record: cluster:scheduler_binding_latency:quantile_seconds
-                expr: histogram_quantile(0.9, sum(scheduler_binding_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.9"
-              - record: cluster:scheduler_binding_latency:quantile_seconds
-                expr: histogram_quantile(0.5, sum(scheduler_binding_latency_microseconds_bucket) BY (le, cluster)) / 1e+06
-                labels:
-                  quantile: "0.5"
-              - alert: kube_statefulset_replicas_unavailable
-                expr: kube_statefulset_status_replicas < kube_statefulset_replicas
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'statefulset {{$labels.statefulset}} has {{$value}} replicas, which is less than desired'
-                  summary: '{{$labels.statefulset}}: has inssuficient replicas.'
-              - alert: kube_daemonsets_misscheduled
-                expr: kube_daemonset_status_number_misscheduled > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Daemonset {{$labels.daemonset}} is running where it is not supposed to run'
-                  summary: 'Daemonsets not scheduled correctly'
-              - alert: kube_daemonsets_not_scheduled
-                expr: kube_daemonset_status_desired_number_scheduled - kube_daemonset_status_current_number_scheduled > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{ $value }} of Daemonset {{$labels.daemonset}} scheduled which is less than desired number'
-                  summary: 'Less than desired number of daemonsets scheduled'
-              - alert: kube_deployment_replicas_unavailable
-                expr: kube_deployment_status_replicas_unavailable > 0
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'deployment {{$labels.deployment}} has {{$value}} replicas unavailable'
-                  summary: '{{$labels.deployment}}: has inssuficient replicas.'
-              - alert: kube_rollingupdate_deployment_replica_less_than_spec_max_unavailable
-                expr: kube_deployment_status_replicas_available - kube_deployment_spec_strategy_rollingupdate_max_unavailable < 0
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'deployment {{$labels.deployment}} has {{$value}} replicas available which is less than specified as max unavailable during a rolling update'
-                  summary: '{{$labels.deployment}}: has inssuficient replicas during a rolling update.'
-              - alert: kube_job_status_failed
-                expr: kube_job_status_failed > 0
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Job {{$labels.exported_job}} is in failed status'
-                  summary: '{{$labels.exported_job}} has failed status'
-              - alert: kube_pod_status_pending
-                expr: kube_pod_status_phase{phase="Pending"} == 1
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} has been in pending status for more than 10 minutes'
-                  summary: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} in pending status'
-              - alert: kube_pod_error_image_pull
-                expr: kube_pod_container_status_waiting_reason {reason="ErrImagePull"} == 1
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} has an Image pull error for more than 10 minutes'
-                  summary: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} in error status'
-              - alert: kube_pod_status_error_image_pull
-                expr: kube_pod_container_status_waiting_reason {reason="ErrImagePull"} == 1
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} has an Image pull error for more than 10 minutes'
-                  summary: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} in error status'
-              - alert: kube_replicaset_missing_replicas
-                expr:  kube_replicaset_spec_replicas -  kube_replicaset_status_ready_replicas > 0
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Replicaset {{$labels.replicaset}} is missing desired number of replicas for more than 10 minutes'
-                  summary: 'Replicaset {{$labels.replicaset}} is missing replicas'
-              - alert: kube_pod_container_terminated
-                expr: kube_pod_container_status_terminated_reason{reason=~"OOMKilled|Error|ContainerCannotRun"} > 0
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} has a container terminated for more than 10 minutes'
-                  summary: 'Pod {{$labels.pod}} in namespace {{$labels.namespace}} in error status'
-              - alert: volume_claim_capacity_high_utilization
-                expr: (kubelet_volume_stats_available_bytes / kubelet_volume_stats_capacity_bytes) > 0.80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'volume claim {{$labels.persistentvolumeclaim}} usage has exceeded 80% of total capacity'
-                  summary: '{{$labels.persistentvolumeclaim}} usage has exceeded 80% of total capacity.'
-          basic_linux:
-            groups:
-            - name: basic_linux.rules
-              rules:
-              - alert: node_filesystem_full_80percent
-                expr: sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"}
-                  * 0.2) / 1024 ^ 3
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}}
-                    got less than 10% space left on its filesystem.'
-                  summary: '{{$labels.alias}}: Filesystem is running out of space soon.'
-              - alert: node_filesystem_full_in_4h
-                expr: predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4 * 3600) <= 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}}
-                    is running out of space of in approx. 4 hours'
-                  summary: '{{$labels.alias}}: Filesystem is running out of space in 4 hours.'
-              - alert: node_filedescriptors_full_in_3h
-                expr: predict_linear(node_filefd_allocated[1h], 3 * 3600) >= node_filefd_maximum
-                for: 20m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} is running out of available file descriptors
-                    in approx. 3 hours'
-                  summary: '{{$labels.alias}} is running out of available file descriptors in
-                    3 hours.'
-              - alert: node_load1_90percent
-                expr: node_load1 / ON(alias) count(node_cpu{mode="system"}) BY (alias) >= 0.9
-                for: 1h
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} is running with > 90% total load for at least
-                    1h.'
-                  summary: '{{$labels.alias}}: Running on high load.'
-              - alert: node_cpu_util_90percent
-                expr: 100 - (avg(irate(node_cpu{mode="idle"}[5m])) BY (alias) * 100) >= 90
-                for: 1h
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} has total CPU utilization over 90% for at least
-                    1h.'
-                  summary: '{{$labels.alias}}: High CPU utilization.'
-              - alert: node_ram_using_90percent
-                expr: node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal
-                  * 0.1
-                for: 30m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} is using at least 90% of its RAM for at least
-                    30 minutes now.'
-                  summary: '{{$labels.alias}}: Using lots of RAM.'
-              - alert: node_swap_using_80percent
-                expr: node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached)
-                  > node_memory_SwapTotal * 0.8
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} is using 80% of its swap space for at least
-                    10 minutes now.'
-                  summary: '{{$labels.alias}}: Running out of swap soon.'
-              - alert: node_high_cpu_load
-                expr: node_load15 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0
-                for: 1m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}'
-                  summary: '{{$labels.alias}}: Running on high load: {{$value}}'
-              - alert: node_high_memory_load
-                expr: (sum(node_memory_MemTotal) - sum(node_memory_MemFree + node_memory_Buffers
-                  + node_memory_Cached)) / sum(node_memory_MemTotal) * 100 > 85
-                for: 1m
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host memory usage is {{ humanize $value }}%. Reported by
-                    instance {{ $labels.instance }} of job {{ $labels.job }}.
-                  summary: Server memory is almost full
-              - alert: node_high_storage_load
-                expr: (node_filesystem_size{mountpoint="/"} - node_filesystem_free{mountpoint="/"})
-                  / node_filesystem_size{mountpoint="/"} * 100 > 85
-                for: 30s
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host storage usage is {{ humanize $value }}%. Reported by
-                    instance {{ $labels.instance }} of job {{ $labels.job }}.
-                  summary: Server storage is almost full
-              - alert: node_high_swap
-                expr: (node_memory_SwapTotal - node_memory_SwapFree) < (node_memory_SwapTotal
-                  * 0.4)
-                for: 1m
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host system has a high swap usage of {{ humanize $value }}. Reported
-                    by instance {{ $labels.instance }} of job {{ $labels.job }}.
-                  summary: Server has a high swap usage
-              - alert: node_high_network_drop_rcv
-                expr: node_network_receive_drop{device!="lo"} > 3000
-                for: 30s
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host system has an unusally high drop in network reception ({{
-                    humanize $value }}). Reported by instance {{ $labels.instance }} of job {{
-                    $labels.job }}
-                  summary: Server has a high receive drop
-              - alert: node_high_network_drop_send
-                expr: node_network_transmit_drop{device!="lo"} > 3000
-                for: 30s
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host system has an unusally high drop in network transmission ({{
-                    humanize $value }}). Reported by instance {{ $labels.instance }} of job {{
-                    $labels.job }}
-                  summary: Server has a high transmit drop
-              - alert: node_high_network_errs_rcv
-                expr: node_network_receive_errs{device!="lo"} > 3000
-                for: 30s
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host system has an unusally high error rate in network reception
-                    ({{ humanize $value }}). Reported by instance {{ $labels.instance }} of job
-                    {{ $labels.job }}
-                  summary: Server has unusual high reception errors
-              - alert: node_high_network_errs_send
-                expr: node_network_transmit_errs{device!="lo"} > 3000
-                for: 30s
-                labels:
-                  severity: warning
-                annotations:
-                  description: Host system has an unusally high error rate in network transmission
-                    ({{ humanize $value }}). Reported by instance {{ $labels.instance }} of job
-                    {{ $labels.job }}
-                  summary: Server has unusual high transmission errors
-              - alert: node_network_conntrack_usage_80percent
-                expr: sort(node_nf_conntrack_entries{job="node-exporter"} > node_nf_conntrack_entries_limit{job="node-exporter"}  * 0.8)
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.instance}} has network conntrack entries of {{ $value }} which is more than 80% of maximum limit'
-                  summary: '{{$labels.instance}}: available network conntrack entries are low.'
-              - alert: node_entropy_available_low
-                expr: node_entropy_available_bits < 300
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.instance}} has available entropy bits of {{ $value }} which is less than required of 300'
-                  summary: '{{$labels.instance}}: is low on entropy bits.'
-              - alert: node_hwmon_high_cpu_temp
-                expr: node_hwmon_temp_crit_celsius*0.9 - node_hwmon_temp_celsius < 0 OR node_hwmon_temp_max_celsius*0.95 - node_hwmon_temp_celsius < 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}'
-                  summary: '{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}}'
-              - alert: node_vmstat_paging_rate_high
-                expr: irate(node_vmstat_pgpgin[5m]) > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} has a memory paging rate of change higher than 80%: {{$value}}'
-                  summary: '{{$labels.alias}}: memory paging rate is high: {{$value}}'
-              - alert: node_xfs_block_allocation_high
-                expr: 100*(node_xfs_extent_allocation_blocks_allocated_total{job="node-exporter", instance=~"172.17.0.1.*"} / (node_xfs_extent_allocation_blocks_freed_total{job="node-exporter", instance=~"172.17.0.1.*"} + node_xfs_extent_allocation_blocks_allocated_total{job="node-exporter", instance=~"172.17.0.1.*"})) > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} has xfs allocation blocks higher than 80%: {{$value}}'
-                  summary: '{{$labels.alias}}: xfs block allocation high: {{$value}}'
-              - alert: node_network_bond_slaves_down
-                expr: node_net_bonding_slaves - node_net_bonding_slaves_active > 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{ $labels.master }} is missing {{ $value }} slave interface(s).'
-                  summary: 'Instance {{ $labels.instance }}: {{ $labels.master }} missing {{ $value }} slave interface(s)'
-              - alert: node_numa_memory_used
-                expr: 100*node_memory_numa_MemUsed / node_memory_numa_MemTotal > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} has more than 80% NUMA memory usage: {{ $value }}'
-                  summary: '{{$labels.alias}}: has high NUMA memory usage: {{$value}}'
-              - alert: node_ntp_clock_skew_high
-                expr: abs(node_ntp_drift_seconds) > 2
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.alias}} has time difference of more than 2 seconds compared to NTP server: {{ $value }}'
-                  summary: '{{$labels.alias}}: time is skewed by : {{$value}} seconds'
-              - alert: node_disk_read_latency
-                expr: (rate(node_disk_read_time_ms[5m]) / rate(node_disk_reads_completed[5m])) > 10
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.device}} has a high read latency of {{ $value }}'
-                  summary: 'High read latency observed for device {{ $labels.device }}'
-              - alert: node_disk_write_latency
-                expr: (rate(node_disk_write_time_ms[5m]) / rate(node_disk_writes_completed[5m])) > 10
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: '{{$labels.device}} has a high write latency of {{ $value }}'
-                  summary: 'High write latency observed for device {{ $labels.device }}'
-          openstack:
-            groups:
-            - name: openstack.rules
-              rules:
-              - alert: os_glance_api_availability
-                expr:  check_glance_api != 1
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Glance API is not available at {{$labels.url}} for more than 5 minutes'
-                  summary: 'Glance API is not available at {{$labels.url}}'
-              - alert: os_nova_api_availability
-                expr:  check_nova_api != 1
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Nova API is not available at {{$labels.url}} for more than 5 minutes'
-                  summary: 'Nova API is not available at {{$labels.url}}'
-              - alert: os_keystone_api_availability
-                expr:  check_keystone_api != 1
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Keystone API is not available at {{$labels.url}} for more than 5 minutes'
-                  summary: 'Keystone API is not available at {{$labels.url}}'
-              - alert: os_neutron_api_availability
-                expr:  check_neutron_api != 1
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Neutron API is not available at {{$labels.url}} for more than 5 minutes'
-                  summary: 'Neutron API is not available at {{$labels.url}}'
-              - alert: os_swift_api_availability
-                expr:  check_swift_api != 1
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Swift API is not available at {{$labels.url}} for more than 5 minutes'
-                  summary: 'Swift API is not available at {{$labels.url}}'
-              - alert: os_nova_compute_disabled
-                expr:  services_nova_compute_disabled_total > 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'nova-compute is disabled on certain hosts for more than 5 minutes'
-                  summary: 'Openstack compute service nova-compute is disabled on some hosts'
-              - alert: os_nova_conductor_disabled
-                expr:  services_nova_conductor_disabled_total > 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'nova-conductor is disabled on certain hosts for more than 5 minutes'
-                  summary: 'Openstack compute service nova-conductor is disabled on some hosts'
-              - alert: os_nova_consoleauth_disabled
-                expr:  services_nova_consoleauth_disabled_total > 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'nova-consoleauth is disabled on certain hosts for more than 5 minutes'
-                  summary: 'Openstack compute service nova-consoleauth is disabled on some hosts'
-              - alert: os_nova_scheduler_disabled
-                expr:  services_nova_scheduler_disabled_total > 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'nova-scheduler is disabled on certain hosts for more than 5 minutes'
-                  summary: 'Openstack compute service nova-scheduler is disabled on some hosts'
-          ceph:
-            groups:
-            - name: ceph.rules
-              rules:
-              - alert: ceph_monitor_quorum_low
-                expr:  ceph_monitor_quorum_count < 3
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'ceph monitor quorum has been less than 3 for more than 5 minutes'
-                  summary: 'ceph high availability is at risk'
-              - alert: ceph_cluster_usage_high
-                expr:  100* ceph_cluster_used_bytes/ceph_cluster_capacity_bytes > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'ceph cluster capacity usage more than 80 percent'
-                  summary: 'ceph cluster usage is more than 80 percent'
-              - alert: ceph_placement_group_degrade_pct_high
-                expr:  100*ceph_degraded_pgs/ceph_total_pgs > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'ceph placement group degradation is more than 80 percent'
-                  summary: 'ceph placement groups degraded'
-              - alert: ceph_osd_down_pct_high
-                expr:  100* ceph_osds_down/(ceph_osds_down+ceph_osds_up) > 80
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'ceph OSDs down percent is more than 80 percent'
-                  summary: 'ceph OSDs down percent is high'
-              - alert: ceph_monitor_clock_skew_high
-                expr:  ceph_monitor_clock_skew_seconds > 2
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'ceph monitors clock skew on {{$labels.instance}} is more than 2 seconds'
-                  summary: 'ceph monitor clock skew high'
-          fluentd:
-            groups:
-            - name: fluentd.rules
-              rules:
-              - alert: fluentd_not_running
-                expr:  fluentd_up == 0
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'fluentd is down on {{$labels.instance}} for more than 5 minutes'
-                  summary: 'Fluentd is down'
-          calico:
-            groups:
-            - name: calico.rules
-              rules:
-              - alert: calico_datapane_failures_high_1h
-                expr: absent(felix_int_dataplane_failures) OR increase(felix_int_dataplane_failures[1h]) > 5
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen {{ $value }} dataplane failures within the last hour'
-                  summary: 'A high number of dataplane failures within Felix are happening'
-              - alert: calico_datapane_address_msg_batch_size_high_5m
-                expr: absent(felix_int_dataplane_addr_msg_batch_size_sum) OR absent(felix_int_dataplane_addr_msg_batch_size_count) OR (felix_int_dataplane_addr_msg_batch_size_sum/felix_int_dataplane_addr_msg_batch_size_count) > 5
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen a high value of {{ $value }} dataplane address message batch size'
-                  summary: 'Felix address message batch size is higher'
-              - alert: calico_datapane_iface_msg_batch_size_high_5m
-                expr: absent(felix_int_dataplane_iface_msg_batch_size_sum) OR absent(felix_int_dataplane_iface_msg_batch_size_count) OR (felix_int_dataplane_iface_msg_batch_size_sum/felix_int_dataplane_iface_msg_batch_size_count) > 5
-                for: 5m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen a high value of {{ $value }} dataplane interface message batch size'
-                  summary: 'Felix interface message batch size is higher'
-              - alert: calico_ipset_errors_high_1h
-                expr: absent(felix_ipset_errors) OR increase(felix_ipset_errors[1h]) > 5
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen {{ $value }} ipset errors within the last hour'
-                  summary: 'A high number of ipset errors within Felix are happening'
-              - alert: calico_iptable_save_errors_high_1h
-                expr: absent(felix_iptables_save_errors) OR increase(felix_iptables_save_errors[1h]) > 5
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen {{ $value }} iptable save errors within the last hour'
-                  summary: 'A high number of iptable save errors within Felix are happening'
-              - alert: calico_iptable_restore_errors_high_1h
-                expr: absent(felix_iptables_restore_errors) OR increase(felix_iptables_restore_errors[1h]) > 5
-                labels:
-                  severity: page
-                annotations:
-                  description: 'Felix instance {{ $labels.instance }} has seen {{ $value }} iptable restore errors within the last hour'
-                  summary: 'A high number of iptable restore errors within Felix are happening'
-          rabbitmq:
-            groups:
-            - name: rabbitmq.rules
-              rules:
-              - alert: rabbitmq_network_pratitions_detected
-                expr: min(partitions) by(instance) > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ at {{ $labels.instance }} has {{ $value }} partitions'
-                  summary: 'RabbitMQ Network partitions detected'
-              - alert: rabbitmq_down
-                expr:  min(rabbitmq_up) by(instance) != 1
-                for: 10m
-                labels:
-                  severity: page
-                annotations:
-                  description: 'RabbitMQ Server instance {{ $labels.instance }} is down'
-                  summary: 'The RabbitMQ Server instance at {{ $labels.instance }} has been down the last 10 mins'
-              - alert: rabbitmq_file_descriptor_usage_high
-                expr:  fd_used * 100 /fd_total > 80
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ Server instance {{ $labels.instance }} has high file descriptor usage of {{ $value }} percent.'
-                  summary: 'RabbitMQ file descriptors usage is high for last 10 mins'
-              - alert: rabbitmq_node_disk_free_alarm
-                expr:  node_disk_free_alarm > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ Server instance {{ $labels.instance }} has low disk free space available.'
-                  summary: 'RabbitMQ disk space usage is high'
-              - alert: rabbitmq_node_memory_alarm
-                expr:  node_mem_alarm > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ Server instance {{ $labels.instance }} has low free memory.'
-                  summary: 'RabbitMQ memory usage is high'
-              - alert: rabbitmq_less_than_3_nodes
-                expr:  running < 3
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ Server has less than 3 nodes running.'
-                  summary: 'RabbitMQ server is at risk of loosing data'
-              - alert: rabbitmq_queue_messages_returned_high
-                expr:  queue_messages_returned_total/queue_messages_published_total * 100 > 50
-                for: 5m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ Server is returing more than 50 percent of messages received.'
-                  summary: 'RabbitMQ server is returning more than 50 percent of messages received.'
-              - alert: rabbitmq_consumers_low_utilization
-                expr:  queue_consumer_utilisation < .4
-                for: 5m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ consumers message consumption speed is low'
-                  summary: 'RabbitMQ consumers message consumption speed is low'
-              - alert: rabbitmq_high_message_load
-                expr:  queue_messages_total > 17000 or increase(queue_messages_total[5m]) > 4000
-                for: 5m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'RabbitMQ has high message load. Total Queue depth > 17000 or growth more than 4000 messages.'
-                  summary: 'RabbitMQ has high message load'
-          elasticsearch:
-            groups:
-            - name: elasticsearch.rules
-              rules:
-              - alert: es_high_process_open_files_count
-                expr: sum(elasticsearch_process_open_files_count) by (host) > 64000
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch at {{ $labels.host }} has more than 64000 process open file count.'
-                  summary: 'Elasticsearch has a very high process open file count.'
-              - alert: es_high_process_cpu_percent
-                expr: elasticsearch_process_cpu_percent > 95
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch at {{ $labels.instance }} has high process cpu percent of {{ $value }}.'
-                  summary: 'Elasticsearch process cpu usage is more than 95 percent.'
-              - alert: es_fs_usage_high
-                expr: (100 * (elasticsearch_filesystem_data_size_bytes - elasticsearch_filesystem_data_free_bytes) / elasticsearch_filesystem_data_size_bytes) > 80
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch at {{ $labels.instance }} has filesystem usage of {{ $value }}.'
-                  summary: 'Elasticsearch filesystem usage is high.'
-              - alert: es_unassigned_shards
-                expr: elasticsearch_cluster_health_unassigned_shards > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch has {{ $value }} unassigned shards.'
-                  summary: 'Elasticsearch has unassigned shards and hence a unhealthy cluster state.'
-              - alert: es_cluster_health_timed_out
-                expr: elasticsearch_cluster_health_timed_out > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch cluster health status call timedout {{ $value }} times.'
-                  summary: 'Elasticsearch cluster health status calls are timing out.'
-              - alert: es_cluster_health_status_alert
-                expr: elasticsearch_cluster_health_status > 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Elasticsearch cluster health status is not green. One or more shards or replicas are unallocated.'
-                  summary: 'Elasticsearch cluster health status is not green.'
-              - alert: es_cluster_health_too_few_nodes_running
-                expr: elasticsearch_cluster_health_number_of_nodes < 3
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'There are only {{$value}} < 3 ElasticSearch nodes running'
-                  summary: 'ElasticSearch running on less than 3 nodes'
-              - alert: es_cluster_health_too_few_data_nodes_running
-                expr: elasticsearch_cluster_health_number_of_data_nodes < 3
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'There are only {{$value}} < 3 ElasticSearch data nodes running'
-                  summary: 'ElasticSearch running on less than 3 data nodes'
-          mariadb:
-            groups:
-            - name: mariadb.rules
-              rules:
-              - alert: mariadb_table_lock_wait_high
-                expr: 100 * mysql_global_status_table_locks_waited/(mysql_global_status_table_locks_waited + mysql_global_status_table_locks_immediate) > 30
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'Mariadb has high table lock waits of {{ $value }} percentage'
-                  summary: 'Mariadb table lock waits are high'
-              - alert: mariadb_node_not_ready
-                expr:  mysql_global_status_wsrep_ready != 1
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{$labels.job}} on {{$labels.instance}} is not ready.'
-                  summary: 'Galera cluster node not ready'
-              - alert: mariadb_galera_node_out_of_sync
-                expr:  mysql_global_status_wsrep_local_state != 4 AND mysql_global_variables_wsrep_desync == 0
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: '{{$labels.job}} on {{$labels.instance}} is not in sync ({{$value}} != 4)'
-                  summary: 'Galera cluster node out of sync'
-              - alert: mariadb_innodb_replication_fallen_behind
-                expr:  (mysql_global_variables_innodb_replication_delay > 30) AND on (instance) (predict_linear(mysql_global_variables_innodb_replication_delay[5m], 60*2) > 0)
-                for: 10m
-                labels:
-                  severity: warning
-                annotations:
-                  description: 'The mysql innodb replication has fallen behind and is not recovering'
-                  summary: 'MySQL innodb replication is lagging'
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-nfs-provisioner/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-nfs-provisioner/chart-group.yaml
deleted file mode 100644
index cf5e08ab9..000000000
--- a/global/software/charts/osh-infra/osh-infra-nfs-provisioner/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-nfs-provisioner
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OSH Infra NFS Provisioner
-  chart_group:
-    - nfs-provisioner
diff --git a/global/software/charts/osh-infra/osh-infra-nfs-provisioner/nfs-provisioner.yaml b/global/software/charts/osh-infra/osh-infra-nfs-provisioner/nfs-provisioner.yaml
deleted file mode 100644
index 516ac3ccb..000000000
--- a/global/software/charts/osh-infra/osh-infra-nfs-provisioner/nfs-provisioner.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nfs-provisioner
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.nfs_provisioner
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.nfs_provisioner
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: nfs-provisioner
-  release: nfs-provisioner
-  namespace: nfs
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-nfs-provisioner
-  values:
-    storageclass:
-      name: general
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-openstack-exporter/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-openstack-exporter/chart-group.yaml
deleted file mode 100644
index 020a347a8..000000000
--- a/global/software/charts/osh-infra/osh-infra-openstack-exporter/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-prometheus-openstack-exporter
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Prometheus OpenStack Exporter
-  chart_group:
-    - prometheus-openstack-exporter
diff --git a/global/software/charts/osh-infra/osh-infra-openstack-exporter/prometheus-openstack-exporter.yaml b/global/software/charts/osh-infra/osh-infra-openstack-exporter/prometheus-openstack-exporter.yaml
deleted file mode 100644
index 40781c684..000000000
--- a/global/software/charts/osh-infra/osh-infra-openstack-exporter/prometheus-openstack-exporter.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: prometheus-openstack-exporter
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_openstack_exporter
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_openstack_exporter
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.prometheus_openstack_exporter
-      dest:
-        path: .values.endpoints.prometheus_openstack_exporter
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.prometheus_openstack_exporter.user
-      dest:
-        path: .values.endpoints.identity.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_openstack_exporter_password
-        path: .
-data:
-  chart_name: prometheus-openstack-exporter
-  release: prometheus-openstack-exporter
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-prometheus-openstack-exporter
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-prometheus-openstack-exporter
-  values:
-    labels:
-      openstack_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh-infra/osh-infra-radosgw/chart-group.yaml b/global/software/charts/osh-infra/osh-infra-radosgw/chart-group.yaml
deleted file mode 100644
index 07d160819..000000000
--- a/global/software/charts/osh-infra/osh-infra-radosgw/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-radosgw
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Radosgw for OSH-Infra
-  chart_group:
-    - osh-infra-radosgw
diff --git a/global/software/charts/osh-infra/osh-infra-radosgw/radosgw.yaml b/global/software/charts/osh-infra/osh-infra-radosgw/radosgw.yaml
deleted file mode 100644
index a535afa37..000000000
--- a/global/software/charts/osh-infra/osh-infra-radosgw/radosgw.yaml
+++ /dev/null
@@ -1,118 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-infra-radosgw
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-rgw
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-rgw
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.ceph_object_store
-      dest:
-        path: .values.endpoints.ceph_object_store
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_infra_service_accounts
-        path: .osh_infra.ceph_object_store.admin
-      dest:
-        path: .values.endpoints.ceph_object_store.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.admin.access_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_admin_access_key
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.admin.secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_infra_rgw_s3_admin_secret_key
-        path: .
-
-data:
-  chart_name: osh-infra-radosgw
-  release: osh-infra-radosgw
-  namespace: osh-infra
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-osh-infra-radosgw
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-osh-infra-radosgw
-  values:
-    labels:
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      rgw:
-        node_selector_key: ceph-rgw
-        node_selector_value: enabled
-    deployment:
-      storage_secrets: false
-      ceph: true
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      client_secrets: false
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    conf:
-      rgw_s3:
-        enabled: true
-    ceph_client:
-      configmap: ceph-etc
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/osh/dependencies.yaml b/global/software/charts/osh/dependencies.yaml
deleted file mode 100644
index cf07b707b..000000000
--- a/global/software/charts/osh/dependencies.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh-helm-toolkit
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.helm_toolkit
-      dest:
-        path: .source
-data:
-  chart_name: helm-toolkit
-  release: osh-helm-toolkit
-  namespace: osh-helm-toolkit
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-osh-helm-toolkit
-  upgrade:
-    no_hooks: true
-  values: {}
-  dependencies: []
diff --git a/global/software/charts/osh/openstack-ceph-config/ceph-config.yaml b/global/software/charts/osh/openstack-ceph-config/ceph-config.yaml
deleted file mode 100644
index e3952240a..000000000
--- a/global/software/charts/osh/openstack-ceph-config/ceph-config.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-ceph-config
-  labels:
-    name: openstack-ceph-config-global
-    component: ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-provisioners
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-provisioners
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-data:
-  chart_name: openstack-ceph-config
-  release: openstack-ceph-config
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openstack-ceph-config
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openstack-ceph-config
-  values:
-    labels:
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      provisioner:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    deployment:
-      ceph: false
-      client_secrets: true
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    storageclass:
-      rbd:
-        ceph_configmap_name: ceph-etc
-        parameters:
-          userSecretName: pvc-ceph-client-key
-      cephfs:
-        provision_storage_class: false
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-ceph-config/chart-group.yaml b/global/software/charts/osh/openstack-ceph-config/chart-group.yaml
deleted file mode 100644
index 8120ed0ab..000000000
--- a/global/software/charts/osh/openstack-ceph-config/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-ceph-config
-  labels:
-    name: openstack-ceph-config-chart-group-global
-    component: ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph config for OpenStack namespace(s)
-  chart_group:
-    - openstack-ceph-config
diff --git a/global/software/charts/osh/openstack-cinder/chart-group.yaml b/global/software/charts/osh/openstack-cinder/chart-group.yaml
deleted file mode 100644
index 478061ff0..000000000
--- a/global/software/charts/osh/openstack-cinder/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-cinder
-  labels:
-    name: openstack-cinder-chart-group-global
-    component: cinder
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Cinder
-  chart_group:
-    - cinder
diff --git a/global/software/charts/osh/openstack-cinder/cinder.yaml b/global/software/charts/osh/openstack-cinder/cinder.yaml
deleted file mode 100644
index f47fa02cb..000000000
--- a/global/software/charts/osh/openstack-cinder/cinder.yaml
+++ /dev/null
@@ -1,320 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cinder
-  labels:
-    name: cinder-global
-    component: cinder
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.cinder
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.cinder
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image
-      dest:
-        path: .values.endpoints.image
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image_registry
-      dest:
-        path: .values.endpoints.image_registry
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.volume
-      dest:
-        path: .values.endpoints.volume
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.volumev2
-      dest:
-        path: .values.endpoints.volumev2
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.volumev3
-      dest:
-        path: .values.endpoints.volumev3
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.cinder.cinder
-      dest:
-        path: .values.endpoints.identity.auth.cinder
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.cinder.oslo_messaging.cinder
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.cinder
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.cinder.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.cinder
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.cinder.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.volume.name
-      dest:
-        path: .values.endpoints.oslo_messaging.path
-        pattern: VHOST_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.cinder.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_cinder_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.cinder.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.cinder.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_cinder_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-data:
-  chart_name: cinder
-  release: cinder
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-cinder
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-cinder
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        api: 2
-        volume: 2
-        scheduler: 2
-        backup: 2
-    labels:
-      api:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      backup:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      scheduler:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      test:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      volume:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    ceph_client:
-      configmap: tenant-ceph-etc
-      user_secret_name: pvc-tceph-client-key
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - cinder
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_cinder:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: cinder
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.cinder', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-  dependencies:
-    - cinder-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cinder-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.cinder-htk
-      dest:
-        path: .source
-data:
-  chart_name: cinder-htk
-  release: cinder-htk
-  namespace: cinder-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-compute-kit/chart-group.yaml b/global/software/charts/osh/openstack-compute-kit/chart-group.yaml
deleted file mode 100644
index 6fd239081..000000000
--- a/global/software/charts/osh/openstack-compute-kit/chart-group.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-compute-kit
-  labels:
-    name: openstack-compute-kit-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Nova, Neutron, Openvswitch, and Libvirt
-  chart_group:
-    - libvirt
-    - openvswitch
-    - neutron
-    - nova
diff --git a/global/software/charts/osh/openstack-compute-kit/libvirt.yaml b/global/software/charts/osh/openstack-compute-kit/libvirt.yaml
deleted file mode 100644
index 5eb93f77b..000000000
--- a/global/software/charts/osh/openstack-compute-kit/libvirt.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: libvirt
-  labels:
-    name: libvirt-global
-    component: libvirt
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.libvirt
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.libvirt
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: libvirt
-  release: libvirt
-  namespace: openstack
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-libvirt
-  values:
-    labels:
-      agent:
-        libvirt:
-          node_selector_key: openstack-libvirt
-          node_selector_value: kernel
-    ceph_client:
-      configmap: tenant-ceph-etc
-      user_secret_name: pvc-tceph-client-key
-  dependencies:
-    - libvirt-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: libvirt-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.libvirt-htk
-      dest:
-        path: .source
-data:
-  chart_name: libvirt-htk
-  release: libvirt-htk
-  namespace: libvirt-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-compute-kit/neutron.yaml b/global/software/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644
index 46e0a5760..000000000
--- a/global/software/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,369 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron-global
-  labels:
-    name: neutron-global
-    component: neutron
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.neutron
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.neutron
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute
-      dest:
-        path: .values.endpoints.compute
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute_metadata
-      dest:
-        path: .values.endpoints.image_registry
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.network
-      dest:
-        path: .values.endpoints.network
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.neutron.neutron
-      dest:
-        path: .values.endpoints.identity.auth.neutron
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.nova
-      dest:
-        path: .values.endpoints.identity.auth.nova
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.neutron.oslo_messaging.neutron
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.neutron
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.neutron.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.neutron
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.neutron.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.network.name
-      dest:
-        path: .values.endpoints.oslo_messaging.path
-        pattern: VHOST_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.neutron.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_neutron_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.neutron.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.neutron.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_neutron_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-    - dest:
-        path: .values.conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_metadata_proxy_shared_secret
-        path: .
-
-    # Interfaces for neutron configuration
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .neutron.tunnel_device
-      dest:
-        path: .values.network.interface.tunnel
-        pattern: 'TUNNEL_DEVICE'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .neutron.external_iface
-      dest:
-        path: .values.conf.auto_bridge_add.br-ex
-        pattern: 'EXTERNAL_INTERFACE'
-
-data:
-  chart_name: neutron
-  release: neutron
-  namespace: openstack
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-neutron
-    post:
-      create: []
-  test:
-    timeout: 500
-  wait:
-    labels:
-      release_group: airship-neutron
-  values:
-    pod:
-      replicas:
-        server: 2
-    labels:
-      agent:
-        dhcp:
-          node_selector_key: openstack-control-plane
-          node_selector_value: enabled
-        l3:
-          # To enable the forcing of routers onto controllers that have
-          # a public cidr so that tenant floating IPs can route properly
-          node_selector_key: openstack-l3-agent
-          node_selector_value: enabled
-        metadata:
-          node_selector_key: openstack-control-plane
-          node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      lb:
-        node_selector_key: linuxbridge
-        node_selector_value: enabled
-      ovs:
-        node_selector_key: openvswitch
-        node_selector_value: enabled
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      test:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    network:
-      interface:
-        tunnel: 'TUNNEL_DEVICE'
-    conf:
-      auto_bridge_add:
-        br-ex: 'EXTERNAL_INTERFACE'
-      logging:
-        loggers:
-          keys:
-            - root
-            - neutron
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_neutron:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: neutron
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.neutron', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-      neutron:
-        DEFAULT:
-          l3_ha: True
-          max_l3_agents_per_router: 3
-          l3_ha_network_type: vxlan
-          dhcp_agents_per_network: 2
-        oslo_messaging_rabbit:
-          heartbeat_timeout_threshold: 0
-      plugins:
-        ml2_conf:
-          ml2:
-            extension_drivers: port_security
-            mechanism_drivers: l2population,openvswitch
-            type_drivers: vlan,flat,vxlan
-            tenant_network_types: vxlan
-          ml2_type_vlan:
-            network_vlan_ranges: external
-  dependencies:
-    - neutron-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.neutron-htk
-      dest:
-        path: .source
-data:
-  chart_name: neutron-htk
-  release: neutron-htk
-  namespace: neutron-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-compute-kit/nova.yaml b/global/software/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644
index d5f16c141..000000000
--- a/global/software/charts/osh/openstack-compute-kit/nova.yaml
+++ /dev/null
@@ -1,453 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova-global
-  labels:
-    name: nova-global
-    component: nova
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.nova
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.nova
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db_api
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db_cell0
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image
-      dest:
-        path: .values.endpoints.image
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute
-      dest:
-        path: .values.endpoints.compute
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute_metadata
-      dest:
-        path: .values.endpoints.compute_metadata
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute_novnc_proxy
-      dest:
-        path: .values.endpoints.compute_novnc_proxy
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute_spice_proxy
-      dest:
-        path: .values.endpoints.compute_spice_proxy
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.placement
-      dest:
-        path: .values.endpoints.placement
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.network
-      dest:
-        path: .values.endpoints.network
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-
-    # Service Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.nova
-      dest:
-        path: .values.endpoints.identity.auth.nova
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.neutron.neutron
-      dest:
-        path: .values.endpoints.identity.auth.neutron
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.placement
-      dest:
-        path: .values.endpoints.identity.auth.placement
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_messaging.nova
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.nova
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db.username
-      dest:
-        path: .values.endpoints.oslo_db.auth.nova.username
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db_api
-      dest:
-        path: .values.endpoints.oslo_db_api.auth.nova
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db_api.database
-      dest:
-        path: .values.endpoints.oslo_db_api.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db_cell0
-      dest:
-        path: .values.endpoints.oslo_db_cell0.auth.nova
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.nova.oslo_db_cell0.database
-      dest:
-        path: .values.endpoints.oslo_db_cell0.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.compute.name
-      dest:
-        path: .values.endpoints.oslo_messaging.path
-        pattern: VHOST_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.neutron.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_neutron_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.placement.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_placement_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_api.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_cell0.auth.nova.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_api.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db_cell0.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-    - dest:
-        path: .values.conf.nova.neutron.metadata_proxy_shared_secret
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_nova_metadata_proxy_shared_secret
-        path: .
-data:
-  chart_name: nova
-  release: nova
-  namespace: openstack
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-nova
-    post:
-      create: []
-  wait:
-    timeout: 2700
-    labels:
-      release_group: airship-nova
-  values:
-    labels:
-      agent:
-        compute:
-          node_selector_key: openstack-nova-compute
-          node_selector_value: enabled
-      api_metadata:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      conductor:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      consoleauth:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      novncproxy:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      osapi:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      placement:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      scheduler:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      spiceproxy:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      test:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        api_metadata: 4
-        placement: 2
-        osapi: 4
-        conductor: 4
-        consoleauth: 2
-        scheduler: 2
-        novncproxy: 2
-    ceph_client:
-      configmap: tenant-ceph-etc
-      user_secret_name: pvc-tceph-client-key
-    conf:
-      nova:
-        libvirt:
-          cpu_mode: 'host-passthrough'
-          virt_type: kvm
-        database:
-          max_pool_size: 30
-          max_retries: -1
-          max_overflow: 60
-      logging:
-        loggers:
-          keys:
-            - root
-            - nova
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_nova:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: nova
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.nova', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-  dependencies:
-    - nova-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.nova-htk
-      dest:
-        path: .source
-data:
-  chart_name: nova-htk
-  release: nova-htk
-  namespace: nova-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-compute-kit/openvswitch.yaml b/global/software/charts/osh/openstack-compute-kit/openvswitch.yaml
deleted file mode 100644
index 89a803316..000000000
--- a/global/software/charts/osh/openstack-compute-kit/openvswitch.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openvswitch
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: openvswitch-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.openvswitch
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.openvswitch
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: openvswitch
-  release: openvswitch
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openvswitch
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openvswitch
-  values:
-    labels:
-      ovs:
-        node_selector_key: openvswitch
-        node_selector_value: enabled
-  dependencies:
-    - openvswitch-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openvswitch-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.openvswitch-htk
-      dest:
-        path: .source
-data:
-  chart_name: openvswitch-htk
-  release: openvswitch-htk
-  namespace: openvswitch-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-glance/chart-group.yaml b/global/software/charts/osh/openstack-glance/chart-group.yaml
deleted file mode 100644
index 115d55322..000000000
--- a/global/software/charts/osh/openstack-glance/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-glance
-  labels:
-    name: openstack-glance-chart-group-global
-    component: glance
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Glance
-  chart_group:
-    - glance
diff --git a/global/software/charts/osh/openstack-glance/glance.yaml b/global/software/charts/osh/openstack-glance/glance.yaml
deleted file mode 100644
index 59f3f1b36..000000000
--- a/global/software/charts/osh/openstack-glance/glance.yaml
+++ /dev/null
@@ -1,327 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: glance
-  labels:
-    name: glance-global
-    component: glance
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.glance
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.glance
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image
-      dest:
-        path: .values.endpoints.image
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image_registry
-      dest:
-        path: .values.endpoints.image_registry
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.ceph_object_store
-      dest:
-        path: .values.endpoints.ceph_object_store
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.object_store
-      dest:
-        path: .values.endpoints.object_store
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.glance.glance
-      dest:
-        path: .values.endpoints.identity.auth.glance
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.glance.oslo_messaging.glance
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.glance
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.glance.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.glance
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.glance.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.glance.ceph_object_store
-      dest:
-        path: .values.endpoints.ceph_object_store.auth.glance
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.image.name
-      dest:
-        path: .values.endpoints.oslo_messaging.path
-        pattern: VHOST_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.glance.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_glance_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.glance.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.glance.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_glance_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-    - dest:
-        path: .values.endpoints.object_store.auth.glance.tmpurlkey
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_swift_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.glance.tmpurlkey
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_swift_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.ceph_object_store.auth.glance.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_glance_password
-        path: .
-data:
-  chart_name: glance
-  release: glance
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-glance
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-glance
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        api: 2
-        registry: 2
-    labels:
-      api:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      registry:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    ceph_client:
-      configmap: tenant-ceph-etc
-      user_secret_name: pvc-tceph-client-key
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - glance
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_glance:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: glance
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.glance', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-  dependencies:
-    - glance-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: glance-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.glance-htk
-      dest:
-        path: .source
-data:
-  chart_name: glance-htk
-  release: glance-htk
-  namespace: glance-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-heat/chart-group.yaml b/global/software/charts/osh/openstack-heat/chart-group.yaml
deleted file mode 100644
index 94d8f7e32..000000000
--- a/global/software/charts/osh/openstack-heat/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-heat
-  labels:
-    name: openstack-heat-chart-group-global
-    component: heat
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Heat
-  chart_group:
-    - heat
diff --git a/global/software/charts/osh/openstack-heat/heat.yaml b/global/software/charts/osh/openstack-heat/heat.yaml
deleted file mode 100644
index 4a8eecc62..000000000
--- a/global/software/charts/osh/openstack-heat/heat.yaml
+++ /dev/null
@@ -1,326 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: heat
-  labels:
-    name: heat-global
-    component: heat
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.heat
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.heat
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.orchestration
-      dest:
-        path: .values.endpoints.orchestration
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.cloudformation
-      dest:
-        path: .values.endpoints.cloudformation
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.cloudwatch
-      dest:
-        path: .values.endpoints.cloudwatch
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.heat
-      dest:
-        path: .values.endpoints.identity.auth.heat
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.heat_trustee
-      dest:
-        path: .values.endpoints.identity.auth.heat_trustee
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.heat_stack_user
-      dest:
-        path: .values.endpoints.identity.auth.heat_stack_user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.oslo_messaging.heat
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.heat
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.heat
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.heat.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.orchestration.name
-      dest:
-        path: .values.endpoints.oslo_messaging.path
-        pattern: VHOST_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.heat.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_heat_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.heat_trustee.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_heat_trustee_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.heat_stack_user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_heat_stack_user_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.heat.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.heat.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_heat_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-data:
-  chart_name: heat
-  release: heat
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-heat
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-heat
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        api: 2
-        cfn: 2
-        cloudwatch: 2
-        engine: 4
-    labels:
-      api:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      cfn:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      cloudwatch:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      engine:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - heat
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_heat:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: heat
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.heat', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-  dependencies:
-    - heat-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: heat-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.heat-htk
-      dest:
-        path: .source
-data:
-  chart_name: heat-htk
-  release: heat-htk
-  namespace: heat-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-horizon/chart-group.yaml b/global/software/charts/osh/openstack-horizon/chart-group.yaml
deleted file mode 100644
index 3ab0deda4..000000000
--- a/global/software/charts/osh/openstack-horizon/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-horizon
-  labels:
-    name: openstack-horizon-chart-group-global
-    component: horizon
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Horizon
-  chart_group:
-    - horizon
diff --git a/global/software/charts/osh/openstack-horizon/horizon.yaml b/global/software/charts/osh/openstack-horizon/horizon.yaml
deleted file mode 100644
index f9685b237..000000000
--- a/global/software/charts/osh/openstack-horizon/horizon.yaml
+++ /dev/null
@@ -1,147 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: horizon
-  labels:
-    name: horizon-global
-    component: horizon
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.horizon
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.horizon
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.dashboard
-      dest:
-        path: .values.endpoints.dashboard
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-
-    # Service Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.horizon.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.horizon
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.horizon.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.keystone.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_horizon_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-data:
-  chart_name: horizon
-  release: horizon
-  namespace: openstack
-  install:
-    no_hooks: false
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-horizon
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-horizon
-    post:
-      create: []
-  values:
-    labels:
-      node_selector_key: openstack-control-plane
-      node_selector_value: enabled
-    pod:
-      replicas:
-        server: 2
-  dependencies:
-    - horizon-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: horizon-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.horizon-htk
-      dest:
-        path: .source
-data:
-  chart_name: horizon-htk
-  release: horizon-htk
-  namespace: horizon-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-ingress-controller/chart-group.yaml b/global/software/charts/osh/openstack-ingress-controller/chart-group.yaml
deleted file mode 100644
index 2fa34840a..000000000
--- a/global/software/charts/osh/openstack-ingress-controller/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-ingress-controller
-  labels:
-    name: openstack-ingress-controller-chart-group-global
-    component: ingress
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: OpenStack Namespace Ingress
-  chart_group:
-    - openstack-ingress-controller
diff --git a/global/software/charts/osh/openstack-ingress-controller/ingress.yaml b/global/software/charts/osh/openstack-ingress-controller/ingress.yaml
deleted file mode 100644
index 6683d97c2..000000000
--- a/global/software/charts/osh/openstack-ingress-controller/ingress.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-ingress-controller
-  labels:
-    name: openstack-ingress-controller-global
-    component: ingress
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: openstack-ingress-controller
-  release: openstack-ingress-controller
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openstack-ingress-controller
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openstack-ingress-controller
-  values:
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        ingress: 2
-        error_page: 2
-  dependencies:
-    - ingress-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.ingress-htk
-      dest:
-        path: .source
-data:
-  chart_name: ingress-htk
-  release: ingress-htk
-  namespace: ingress-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-keystone/chart-group.yaml b/global/software/charts/osh/openstack-keystone/chart-group.yaml
deleted file mode 100644
index fb286780f..000000000
--- a/global/software/charts/osh/openstack-keystone/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-keystone
-  labels:
-    name: openstack-keystone-chart-group-global
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Keystone
-  chart_group:
-    - keystone
diff --git a/global/software/charts/osh/openstack-keystone/keystone.yaml b/global/software/charts/osh/openstack-keystone/keystone.yaml
deleted file mode 100644
index 4884f50df..000000000
--- a/global/software/charts/osh/openstack-keystone/keystone.yaml
+++ /dev/null
@@ -1,290 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: keystone
-  labels:
-    name: keystone-global
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.keystone
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.keystone
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-
-    # Service Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.oslo_messaging.keystone
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.keystone
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.keystone
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.keystone.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.keystone.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_cache.auth.memcache_secret_key
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_cache_secret_key
-        path: .
-
-data:
-  chart_name: keystone
-  release: keystone
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-keystone
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-keystone
-    post:
-      create: []
-  values:
-    dependencies:
-      static:
-        api:
-          jobs:
-            - keystone-db-sync
-            - keystone-credential-setup
-            - keystone-fernet-setup
-        db_sync:
-          jobs:
-            - keystone-db-init
-            - keystone-credential-setup
-            - keystone-fernet-setup
-    bootstrap:
-      script: |
-        openstack role create --or-show _member_
-        openstack role add \
-              --user="${OS_USERNAME}" \
-              --user-domain="${OS_USER_DOMAIN_NAME}" \
-              --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
-              --project="${OS_PROJECT_NAME}" \
-              "_member_"
-
-        #NOTE(portdirect): required for all users who operate heat stacks
-        openstack role create --or-show heat_stack_owner
-        openstack role add \
-              --user="${OS_USERNAME}" \
-              --user-domain="${OS_USER_DOMAIN_NAME}" \
-              --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
-              --project="${OS_PROJECT_NAME}" \
-              "heat_stack_owner"
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - keystone
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_keystone:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: keystone
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-      keystone:
-        DEFAULT:
-          transport_url: localhost
-        identity:
-          driver: sql
-          default_domain_id: default
-          domain_specific_drivers_enabled: True
-          domain_configurations_from_database: True
-          domain_config_dir: /etc/keystonedomains
-    pod:
-      replicas:
-        api: 2
-    labels:
-      api:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    manifests:
-      job_rabbit_init: false
-      secret_rabbitmq: false
-  dependencies:
-    - keystone-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: keystone-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.keystone-htk
-      dest:
-        path: .source
-data:
-  chart_name: keystone-htk
-  release: keystone-htk
-  namespace: keystone-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-mariadb/chart-group.yaml b/global/software/charts/osh/openstack-mariadb/chart-group.yaml
deleted file mode 100644
index 994d022d2..000000000
--- a/global/software/charts/osh/openstack-mariadb/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-mariadb
-  labels:
-    name: openstack-mariadb-chart-group-global
-    component: mariadb
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy MariaDB
-  chart_group:
-    - openstack-mariadb
diff --git a/global/software/charts/osh/openstack-mariadb/mariadb.yaml b/global/software/charts/osh/openstack-mariadb/mariadb.yaml
deleted file mode 100644
index b4aade25b..000000000
--- a/global/software/charts/osh/openstack-mariadb/mariadb.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-mariadb
-  labels:
-    name: openstack-mariadb-global
-    component: mariadb
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.mariadb
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.mariadb
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.prometheus_mysql_exporter
-      dest:
-        path: .values.endpoints.prometheus_mysql_exporter
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_db.admin
-      dest:
-        path: .values.endpoints.oslo_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.prometheus_mysql_exporter.user
-      dest:
-        path: .values.endpoints.prometheus_mysql_exporter.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.exporter.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_db_exporter_password
-        path: .
-
-data:
-  chart_name: openstack-mariadb
-  release: openstack-mariadb
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openstack-mariadb
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openstack-mariadb
-  values:
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      prometheus_mysql_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    monitoring:
-      prometheus:
-        enabled: true
-  dependencies:
-    - openstack-mariadb-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-mariadb-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.mariadb-htk
-      dest:
-        path: .source
-data:
-  chart_name: openstack-mariadb-htk
-  release: openstack-mariadb-htk
-  namespace: openstack-mariadb-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-memcached/chart-group.yaml b/global/software/charts/osh/openstack-memcached/chart-group.yaml
deleted file mode 100644
index 7b3c28aec..000000000
--- a/global/software/charts/osh/openstack-memcached/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-memcached
-  labels:
-    name: openstack-memcached-chart-group-global
-    component: memcached
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Memcached
-  chart_group:
-    - openstack-memcached
diff --git a/global/software/charts/osh/openstack-memcached/memcached.yaml b/global/software/charts/osh/openstack-memcached/memcached.yaml
deleted file mode 100644
index 6b2fac9d9..000000000
--- a/global/software/charts/osh/openstack-memcached/memcached.yaml
+++ /dev/null
@@ -1,83 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-memcached
-  labels:
-    name: openstack-memcached-global
-    component: memcached
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.memcached
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.memcached
-      dest:
-        path: .values.images.tags
-
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-data:
-  chart_name: openstack-memcached
-  release: openstack-memcached
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openstack-memcached
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openstack-memcached
-  values:
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - memcached-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: memcached-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.memcached-htk
-      dest:
-        path: .source
-data:
-  chart_name: memcached-htk
-  release: memcached-htk
-  namespace: memcached-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-rabbitmq/chart-group.yaml b/global/software/charts/osh/openstack-rabbitmq/chart-group.yaml
deleted file mode 100644
index b31286578..000000000
--- a/global/software/charts/osh/openstack-rabbitmq/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-rabbitmq
-  labels:
-    name: openstack-rabbitmq-chart-group-global
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Keystone
-  chart_group:
-    - openstack-rabbitmq
diff --git a/global/software/charts/osh/openstack-rabbitmq/rabbitmq.yaml b/global/software/charts/osh/openstack-rabbitmq/rabbitmq.yaml
deleted file mode 100644
index 8e1c94264..000000000
--- a/global/software/charts/osh/openstack-rabbitmq/rabbitmq.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-rabbitmq
-  labels:
-    name: openstack-rabbitmq-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.rabbitmq
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.rabbitmq
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.openstack_rabbitmq_exporter
-      dest:
-        path: .values.endpoints.prometheus_rabbitmq_exporter
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user
-
-    # Secrets
-
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: osh_rabbitmq_erlang_cookie
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.erlang_cookie
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: osh_oslo_messaging_admin_password
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user.password
-data:
-  chart_name: openstack-rabbitmq
-  release: openstack-rabbitmq
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-openstack-rabbitmq
-    resources:
-      - type: statefulset
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-openstack-rabbitmq
-  values:
-    pod:
-      replicas:
-        server: 2
-    labels:
-      server:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      prometheus_rabbitmq_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    monitoring:
-      prometheus:
-        enabled: true
-  dependencies:
-    - openstack-rabbitmq-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-rabbitmq-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.rabbitmq-htk
-      dest:
-        path: .source
-data:
-  chart_name: openstack-rabbitmq-htk
-  release: openstack-rabbitmq-htk
-  namespace: openstack-rabbitmq-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-radosgw/chart-group.yaml b/global/software/charts/osh/openstack-radosgw/chart-group.yaml
deleted file mode 100644
index 6ecad9d4d..000000000
--- a/global/software/charts/osh/openstack-radosgw/chart-group.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-radosgw
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Radosgw
-  chart_group:
-    - tenant-ceph-rgw
-...
diff --git a/global/software/charts/osh/openstack-radosgw/radosgw.yaml b/global/software/charts/osh/openstack-radosgw/radosgw.yaml
deleted file mode 100644
index 74ff79950..000000000
--- a/global/software/charts/osh/openstack-radosgw/radosgw.yaml
+++ /dev/null
@@ -1,145 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-rgw
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-rgw
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.tenant-ceph-rgw
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.object_store
-      dest:
-        path: .values.endpoints.object_store
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.swift.keystone
-      dest:
-        path: .values.endpoints.identity.auth.swift
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.swift.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_swift_keystone_password
-        path: .
-
-data:
-  chart_name: tenant-ceph-rgw
-  release: tenant-ceph-rgw
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-tenant-ceph-rgw
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tenant-ceph-rgw
-  values:
-    labels:
-      job:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-      rgw:
-        node_selector_key: tenant-ceph-rgw
-        node_selector_value: enabled
-    endpoints:
-      identity:
-        namespace: openstack
-      object_store:
-        namespace: openstack
-      ceph_mon:
-        namespace: tenant-ceph
-    deployment:
-      ceph: true
-      client_secrets: false
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      rgw_keystone_user_and_endpoints: true
-    bootstrap:
-      enabled: false
-    pod:
-      replicas:
-        rgw: 2
-    conf:
-      rgw_ks:
-        enabled: true
-      config:
-          #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
-          rgw_keystone_token_cache_size: '0'
-    ceph_client:
-      configmap: tenant-ceph-etc
-    secrets:
-      keyrings:
-        admin: pvc-tceph-client-key
-  dependencies:
-    - tenant-ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-tempest/chart-group.yaml b/global/software/charts/osh/openstack-tempest/chart-group.yaml
deleted file mode 100644
index 953c078cd..000000000
--- a/global/software/charts/osh/openstack-tempest/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-tempest
-  labels:
-    name: openstack-tempest-chart-group-global
-    component: tempest
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deploy Tempest
-  chart_group:
-    - tempest
diff --git a/global/software/charts/osh/openstack-tempest/tempest.yaml b/global/software/charts/osh/openstack-tempest/tempest.yaml
deleted file mode 100644
index 70f9e2861..000000000
--- a/global/software/charts/osh/openstack-tempest/tempest.yaml
+++ /dev/null
@@ -1,117 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tempest
-  labels:
-    name: tempest-global
-    component: tempest
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.tempest
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh.tempest
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-
-    # Service Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.tempest.tempest
-      dest:
-        path: .values.endpoints.identity.auth.tempest
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.tempest.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_tempest_password
-        path: .
-data:
-  chart_name: tempest
-  release: tempest
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-tempest
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tempest
-    post:
-      create: []
-  values:
-    labels:
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-    ceph_client:
-      configmap: tenant-ceph-etc
-      user_secret_name: pvc-tceph-client-key
-  dependencies:
-    - tempest-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tempest-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh.tempest-htk
-      dest:
-        path: .source
-data:
-  chart_name: tempest-htk
-  release: tempest-htk
-  namespace: tempest-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
deleted file mode 100644
index e7eb84227..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
+++ /dev/null
@@ -1,213 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-client-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: tenant-ceph-client-global
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-client
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.tenant-ceph-client
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mgr
-      dest:
-        path: .values.endpoints.ceph_mgr
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: tenant_ceph_fsid
-        path: .
-
-data:
-  chart_name: tenant-ceph-client
-  release: tenant-ceph-client
-  namespace: tenant-ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-tenant-ceph-client
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tenant-ceph-client
-  values:
-    labels:
-      job:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-      mds:
-        node_selector_key: tenant-ceph-mds
-        node_selector_value: enabled
-      mgr:
-        node_selector_key: tenant-ceph-mgr
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: tenant-ceph
-      ceph_mgr:
-        namespace: tenant-ceph
-    monitoring:
-      prometheus:
-        ceph_mgr:
-          port: 9284
-    ceph_mgr_modules_config:
-      prometheus:
-        server_port: 9284
-    deployment:
-      ceph: true
-    bootstrap:
-      enabled: true
-    manifests:
-      deployment_mds: false
-    conf:
-      features:
-        mds: false
-      pool:
-        spec:
-          # RBD pool
-          - name: rbd
-            application: rbd
-            replication: 3
-            percent_total_data: 10
-          # Cinder volumes  pool
-          - name: cinder.volumes
-            application: cinder-volume
-            replication: 3
-            percent_total_data: 40
-          # RadosGW pools
-          - name: .rgw.root
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.control
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.data.root
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.gc
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.log
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.intent-log
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.meta
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.usage
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.users.keys
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.users.email
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.users.swift
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.users.uid
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.extra
-            application: rgw
-            replication: 3
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.index
-            application: rgw
-            replication: 3
-            percent_total_data: 3
-          - name: default.rgw.buckets.data
-            application: rgw
-            replication: 3
-            percent_total_data: 30
-        # NOTE(alanmeadowS) spport 4.x 16.04 kernels (non-HWE)
-        crush:
-          tunables: 'hammer'
-
-        # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-        target:
-          osd: 1
-          pg_per_osd: 100
-          protected: true
-
-        default:
-          # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-          # cluster with only one OSD.  Depending on OSD targeting & site
-          # configuration this can be changed.
-          crush_rule: replicated_rule
-
-      ceph:
-        global:
-        # NOTE(mb874d): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-          osd_pool_default_size: 1
-
-  dependencies:
-    - tenant-ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-config.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-config.yaml
deleted file mode 100644
index 52ae13c59..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-config.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-config
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-provisioners
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.tenant-ceph-provisioners
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-data:
-  chart_name: tenant-ceph-config
-  release: tenant-ceph-config
-  namespace: openstack
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-tenant-ceph-config
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tenant-ceph-config
-  values:
-    labels:
-      job:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-      mds:
-        node_selector_key: tenant-ceph-mds
-        node_selector_value: enabled
-      mgr:
-        node_selector_key: tenant-ceph-mgr
-        node_selector_value: enabled
-    deployment:
-      ceph: false
-      client_secrets: true
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    storageclass:
-      rbd:
-        ceph_configmap_name: tenant-ceph-etc
-        parameters:
-          userSecretName: pvc-tceph-client-key
-          adminSecretNamespace: tenant-ceph
-      cephfs:
-        provision_storage_class: false
-    manifests:
-      helm_tests: false
-  dependencies:
-    - tenant-ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-htk.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-htk.yaml
deleted file mode 100644
index f3b88c448..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-htk.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-htk
-      dest:
-        path: .source
-data:
-  chart_name: tenant-ceph-htk
-  release: tenant-ceph-htk
-  namespace: tenant-ceph-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml
deleted file mode 100644
index 7fd8ddaf0..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-ingress
-  labels:
-    name: tenant-ceph-ingress-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: tenant-ceph-ingress
-  release: tenant-ceph-ingress
-  namespace: tenant-ceph
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-tenant-ceph-ingress
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tenant-ceph-ingress
-  values:
-    conf:
-      ingress:
-        proxy-body-size: 20m
-    labels:
-      server:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        ingress: 2
-        error_page: 2
-    network:
-      ingress:
-        annotations:
-          nginx.ingress.kubernetes.io/proxy-body-size: 20m
-          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-  dependencies:
-    - ucp-ingress-htk
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-mon.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-mon.yaml
deleted file mode 100644
index ea4fb160b..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-mon.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-mon
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: tenant-ceph-mon
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-mon
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.tenant-ceph-mon
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: tenant_ceph_fsid
-        path: .
-
-data:
-  chart_name: tenant-ceph-mon
-  release: tenant-ceph-mon
-  namespace: tenant-ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 1800
-    labels:
-      release_group: airship-tenant-ceph-mon
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-tenant-ceph-mon
-  values:
-    labels:
-      job:
-        node_selector_key: tenant-ceph-control-plane
-        node_selector_value: enabled
-      mon:
-        node_selector_key: tenant-ceph-mon
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: tenant-ceph
-      ceph_mgr:
-        namespace: tenant-ceph
-      fluentd:
-        namespace: osh-infra
-    monitoring:
-      ceph_mgr:
-        port: 9284
-    conf:
-      storage:
-        mon:
-          directory: /var/lib/openstack-helm/tenant-ceph/mon
-          log_directory: /var/log/tenant-ceph
-    storageclass:
-      rbd:
-        parameters:
-          adminSecretNamespace: tenant-ceph
-    deployment:
-      ceph: true
-      storage_secrets: true
-    bootstrap:
-      enabled: true
-  dependencies:
-    - tenant-ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
deleted file mode 100644
index c72655d8a..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,111 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-osd-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: tenant-ceph-osd-global
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tenant-ceph-osd
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.tenant-ceph-osd
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.tenant_ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: tenant_ceph_fsid
-        path: .
-
-data:
-  chart_name: tenant-ceph-osd
-  release: tenant-ceph-osd
-  namespace: tenant-ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-tenant-ceph-osd
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-  values:
-    labels:
-      osd:
-        node_selector_key: tenant-ceph-osd
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: tenant-ceph
-      ceph_mgr:
-        namespace: tenant-ceph
-      fluentd:
-        namespace: osh-infra
-    monitoring:
-      ceph_mgr:
-        port: 9284
-    bootstrap:
-      enabled: true
-    conf:
-      storage:
-        osd_log_directory: /var/log/tenant-ceph
-        mon:
-          directory: /var/lib/openstack-helm/tenant-ceph/mon
-        osd:
-          - data:
-              type: directory
-              location: /var/lib/openstack-helm/tenant-ceph/osd/osd-one
-            journal:
-              type: directory
-              location: /var/lib/openstack-helm/tenant-ceph/osd/journal-one
-      osd:
-        # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-        osd_crush_chooseleaf_type: 0
-      ceph:
-        osd:
-          osd_op_num_threads_per_hdd: 2
-          osd_op_num_threads_per_ssd: 4
-  dependencies:
-    - tenant-ceph-htk
-...
diff --git a/global/software/charts/osh/openstack-tenant-ceph/chart-group.yaml b/global/software/charts/osh/openstack-tenant-ceph/chart-group.yaml
deleted file mode 100644
index 6d395d57c..000000000
--- a/global/software/charts/osh/openstack-tenant-ceph/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-tenant-ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph Storage
-  sequenced: true
-  chart_group:
-    - tenant-ceph-ingress
-    - tenant-ceph-mon
-    - tenant-ceph-osd
-    - tenant-ceph-client
-    - tenant-ceph-config
-...
diff --git a/global/software/charts/ucp/armada/armada.yaml b/global/software/charts/ucp/armada/armada.yaml
deleted file mode 100644
index fdde5b00d..000000000
--- a/global/software/charts/ucp/armada/armada.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-armada
-  labels:
-    name: ucp-armada-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.armada
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.armada
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.armada
-      dest:
-        path: .values.endpoints.armada
-
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.armada.keystone
-      dest:
-        path: .values.endpoints.identity.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_armada_keystone_password
-        path: .
-data:
-  chart_name: armada
-  release: ucp-armada
-  namespace: ucp
-  wait:
-    timeout: 100
-    labels:
-      release_group: airship-ucp-armada
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-armada
-  values:
-    pod:
-      replicas:
-        api: 2
-      env:
-        armada_api:
-          - name: ARMADA_UWSGI_TIMEOUT
-            value: 14400
-    conf:
-      armada:
-        DEFAULT:
-          debug: true
-          tiller_namespace: kube-system
-    manifests:
-      deployment_tiller: false
-      service_tiller_deploy: false
-  dependencies:
-    - armada-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: armada-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.armada-htk
-      dest:
-        path: .source
-data:
-  chart_name: armada-htk
-  release: armada-htk
-  namespace: armada-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/armada/chart-group.yaml b/global/software/charts/ucp/armada/chart-group.yaml
deleted file mode 100644
index 4b6a71a74..000000000
--- a/global/software/charts/ucp/armada/chart-group.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-armada
-  labels:
-    name: ucp-armada-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Armada
-  sequenced: true
-  chart_group:
-    - ucp-tiller
-    - ucp-armada
diff --git a/global/software/charts/ucp/armada/tiller.yaml b/global/software/charts/ucp/armada/tiller.yaml
deleted file mode 100644
index 77f5c1474..000000000
--- a/global/software/charts/ucp/armada/tiller.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-tiller
-  labels:
-    name: ucp-tiller-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tiller
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.armada.tiller
-      dest:
-        path: .values.images.tags.tiller
-
-data:
-  chart_name: tiller
-  release: ucp-tiller
-  namespace: kube-system
-  wait:
-    timeout: 100
-    labels:
-      release_group: airship-ucp-tiller
-    native:
-      # Allows tiller to update its own release's status to DEPLOYED before it
-      # goes away during an upgrade, otherwise it can get stuck in
-      # PENDING_UPGRADE status.
-      enabled: false
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-tiller
-  values: {}
-  dependencies:
-    - tiller-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tiller-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.tiller-htk
-      dest:
-        path: .source
-data:
-  chart_name: tiller-htk
-  release: tiller-htk
-  namespace: tiller-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/ceph-config/ceph-config.yaml b/global/software/charts/ucp/ceph-config/ceph-config.yaml
deleted file mode 100644
index 4d2200756..000000000
--- a/global/software/charts/ucp/ceph-config/ceph-config.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-config
-  labels:
-    name: ucp-ceph-config-global
-    components: ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-provisioners
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-provisioners
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-
-data:
-  chart_name: ucp-ceph-config
-  release: ucp-ceph-config
-  namespace: ucp
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-config
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-config
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      provisioner:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    deployment:
-      ceph: false
-      client_secrets: true
-      rbd_provisioner: false
-      cephfs_provisioner: false
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    conf:
-      rgw_ks:
-        enabled: true
-    storageclass:
-      rbd:
-        ceph_configmap_name: ceph-etc
-        parameters:
-          userSecretName: pvc-ceph-client-key
-      cephfs:
-        provision_storage_class: false
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph-config/chart-group.yaml b/global/software/charts/ucp/ceph-config/chart-group.yaml
deleted file mode 100644
index aad648b3f..000000000
--- a/global/software/charts/ucp/ceph-config/chart-group.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-config
-  labels:
-    name: ucp-ceph-config-chart-group-global
-    component: ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph config for Airship namespace(s)
-  chart_group:
-    # NOTE: This will probably expand into one config per Airship namespace
-    # that requires ceph access.
-    - ucp-ceph-config
diff --git a/global/software/charts/ucp/ceph/ceph-client-update.yaml b/global/software/charts/ucp/ceph/ceph-client-update.yaml
deleted file mode 100644
index ccefcd075..000000000
--- a/global/software/charts/ucp/ceph/ceph-client-update.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client-update-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: ucp-ceph-client-update-global
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-client
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-client
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_fsid
-        path: .
-
-data:
-  chart_name: ucp-ceph-client
-  release: ucp-ceph-client
-  namespace: ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-client
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-client
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      mds:
-        node_selector_key: ceph-mds
-        node_selector_value: enabled
-      mgr:
-        node_selector_key: ceph-mgr
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: ceph
-    deployment:
-      ceph: true
-    bootstrap:
-      enabled: true
-    pod:
-      replicas:
-        mds: 2
-        mgr: 2
-
-    conf:
-      pool:
-
-        # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
-        crush:
-          tunables: 'hammer'
-
-        # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-        target:
-          osd: 1
-          pg_per_osd: 100
-          protected: true
-
-        default:
-          # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-          # cluster with only one OSD.  Depending on OSD targeting & site
-          # configuration this can be changed.
-          crush_rule: replicated_rule
-
-      ceph:
-        global:
-        # NOTE: This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-          osd_pool_default_size: 1
-
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-client.yaml b/global/software/charts/ucp/ceph/ceph-client.yaml
deleted file mode 100644
index 01e1af8a4..000000000
--- a/global/software/charts/ucp/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,134 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: ucp-ceph-client-global
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-client
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-client
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mgr
-      dest:
-        path: .values.endpoints.ceph_mgr
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_fsid
-        path: .
-
-data:
-  chart_name: ucp-ceph-client
-  release: ucp-ceph-client
-  namespace: ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-client
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-client
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      mds:
-        node_selector_key: ceph-mds
-        node_selector_value: enabled
-      mgr:
-        node_selector_key: ceph-mgr
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: ceph
-    deployment:
-      ceph: true
-    bootstrap:
-      enabled: true
-    pod:
-      replicas:
-        mds: 1
-        mgr: 1
-
-    conf:
-      pool:
-
-        # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
-        crush:
-          tunables: 'hammer'
-
-        # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-        target:
-          osd: 1
-          pg_per_osd: 100
-          protected: true
-
-        default:
-          # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-          # cluster with only one OSD.  Depending on OSD targeting & site
-          # configuration this can be changed.
-          crush_rule: same_host
-
-      ceph:
-        global:
-          # NOTE: This is required ATM for bootstrapping a Ceph
-          # cluster with only one OSD.  Depending on OSD targeting & site
-          # configuration this can be changed.
-          osd_pool_default_size: 1
-
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-htk.yaml b/global/software/charts/ucp/ceph/ceph-htk.yaml
deleted file mode 100644
index ebaac07b1..000000000
--- a/global/software/charts/ucp/ceph/ceph-htk.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-htk
-      dest:
-        path: .source
-data:
-  chart_name: ceph-htk
-  release: ceph-htk
-  namespace: ceph-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/ceph/ceph-ingress.yaml b/global/software/charts/ucp/ceph/ceph-ingress.yaml
deleted file mode 100644
index 96025f590..000000000
--- a/global/software/charts/ucp/ceph/ceph-ingress.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-ingress
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: ucp-ceph-ingress-global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: ucp-ceph-ingress
-  release: ucp-ceph-ingress
-  namespace: ceph
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ucp-ceph-ingress
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-ingress
-  values:
-    conf:
-      ingress:
-        proxy-body-size: 20m
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        ingress: 2
-        error_page: 2
-    network:
-      ingress:
-        annotations:
-          nginx.ingress.kubernetes.io/proxy-body-size: 20m
-          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-  dependencies:
-    - ucp-ingress-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-mon.yaml b/global/software/charts/ucp/ceph/ceph-mon.yaml
deleted file mode 100644
index 87eb15fb6..000000000
--- a/global/software/charts/ucp/ceph/ceph-mon.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-mon
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: ucp-ceph-mon
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-mon
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-mon
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_fsid
-        path: .
-
-data:
-  chart_name: ucp-ceph-mon
-  release: ucp-ceph-mon
-  namespace: ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 1800
-    labels:
-      release_group: airship-ucp-ceph-mon
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-mon
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      mon:
-        node_selector_key: ceph-mon
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: ceph
-    deployment:
-      ceph: true
-      storage_secrets: true
-    bootstrap:
-      enabled: true
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-osd.yaml b/global/software/charts/ucp/ceph/ceph-osd.yaml
deleted file mode 100644
index 1a350dc0c..000000000
--- a/global/software/charts/ucp/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-osd-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: ucp-ceph-osd-global
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-osd
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-osd
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_fsid
-        path: .
-
-data:
-  chart_name: ucp-ceph-osd
-  release: ucp-ceph-osd
-  namespace: ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-osd
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-  values:
-    labels:
-      osd:
-        node_selector_key: ceph-osd
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: ceph
-    bootstrap:
-      enabled: true
-    conf:
-      storage:
-        osd:
-          - data:
-              type: directory
-              location: /var/lib/openstack-helm/ceph/osd/osd-one
-            journal:
-              type: directory
-              location: /var/lib/openstack-helm/ceph/osd/journal-one
-      osd:
-        # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
-        # cluster with only one OSD.  Depending on OSD targeting & site
-        # configuration this can be changed.
-        osd_crush_chooseleaf_type: 0
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-provisioners.yaml b/global/software/charts/ucp/ceph/ceph-provisioners.yaml
deleted file mode 100644
index c4b8795e7..000000000
--- a/global/software/charts/ucp/ceph/ceph-provisioners.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-provisioners
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  labels:
-    name: ucp-ceph-provisioners
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-provisioners
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-provisioners
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Secrets
-    - dest:
-       path: .values.conf.ceph.global.fsid
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_fsid
-        path: .
-
-data:
-  chart_name: ucp-ceph-provisioners
-  release: ucp-ceph-provisioners
-  namespace: ceph
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-provisioners
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-provisioners
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      provisioner:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    endpoints:
-      ceph_mon:
-        namespace: ceph
-    deployment:
-      ceph: true
-      client_secrets: false
-      rbd_provisioner: true
-      cephfs_provisioner: true
-    bootstrap:
-      enabled: true
-    pod:
-      replicas:
-        cephfs_provisioner: 2
-        rbd_provisioner: 2
-
-    conf:
-      ceph:
-        global:
-          osd_mkfs_type: xfs
-    storageclass:
-      rbd:
-        ceph_configmap_name: ceph-client-keys-etc
-        parameters:
-          userSecretName: pvc-ceph-client-key
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/ceph-rgw.yaml b/global/software/charts/ucp/ceph/ceph-rgw.yaml
deleted file mode 100644
index 7dd30ca12..000000000
--- a/global/software/charts/ucp/ceph/ceph-rgw.yaml
+++ /dev/null
@@ -1,139 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-rgw
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ceph-rgw
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ceph.ceph-rgw
-      dest:
-        path: .values.images.tags
-
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.public_cidr
-      dest:
-        path: .values.network.public
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .storage.ceph.cluster_cidr
-      dest:
-        path: .values.network.cluster
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_endpoints
-        path: .osh.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.object_store
-      dest:
-        path: .values.endpoints.object_store
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ceph.ceph_mon
-      dest:
-        path: .values.endpoints.ceph_mon
-
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: osh_service_accounts
-        path: .osh.swift.keystone
-      dest:
-        path: .values.endpoints.identity.auth.swift
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: osh_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.swift.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ceph_swift_keystone_password
-        path: .
-
-data:
-  chart_name: ucp-ceph-rgw
-  release: ucp-ceph-rgw
-  namespace: ceph
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-ceph-rgw
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-ceph-rgw
-  values:
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      rgw:
-        node_selector_key: ceph-rgw
-        node_selector_value: enabled
-    endpoints:
-      identity:
-        namespace: openstack
-      object_store:
-        namespace: ceph
-      ceph_mon:
-        namespace: ceph
-    deployment:
-      ceph: true
-      rgw_keystone_user_and_endpoints: false
-    bootstrap:
-      enabled: false
-    pod:
-      replicas:
-        rgw: 2
-    conf:
-      rgw_ks:
-        enabled: true
-      config:
-          #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
-          rgw_keystone_token_cache_size: '0'
-    ceph_client:
-      configmap: ceph-client-keys-etc
-  dependencies:
-    - ceph-htk
-...
diff --git a/global/software/charts/ucp/ceph/chart-group-update.yaml b/global/software/charts/ucp/ceph/chart-group-update.yaml
deleted file mode 100644
index aca1845b4..000000000
--- a/global/software/charts/ucp/ceph/chart-group-update.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-update
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph post-install update
-  sequenced: true
-  chart_group:
-    - ucp-ceph-ingress
-    - ucp-ceph-mon
-    - ucp-ceph-osd
-    - ucp-ceph-client-update
-    - ucp-ceph-provisioners
-...
diff --git a/global/software/charts/ucp/ceph/chart-group.yaml b/global/software/charts/ucp/ceph/chart-group.yaml
deleted file mode 100644
index bc6fc50f9..000000000
--- a/global/software/charts/ucp/ceph/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Ceph Storage
-  sequenced: true
-  chart_group:
-    - ucp-ceph-ingress
-    - ucp-ceph-mon
-    - ucp-ceph-osd
-    - ucp-ceph-client
-    - ucp-ceph-provisioners
-...
diff --git a/global/software/charts/ucp/core/chart-group.yaml b/global/software/charts/ucp/core/chart-group.yaml
deleted file mode 100644
index c995346ed..000000000
--- a/global/software/charts/ucp/core/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-core
-  labels:
-    name: ucp-core-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Common Airship Components
-  chart_group:
-    - ucp-ingress
-    - ucp-mariadb
-    - ucp-postgresql
-    - ucp-rabbitmq
-...
diff --git a/global/software/charts/ucp/core/ingress.yaml b/global/software/charts/ucp/core/ingress.yaml
deleted file mode 100644
index 8818c305d..000000000
--- a/global/software/charts/ucp/core/ingress.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ingress
-  labels:
-    name: ucp-ingress-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ingress
-      dest:
-        path: .source
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.ingress
-      dest:
-        path: .values.images.tags
-data:
-  chart_name: ingress
-  release: ingress
-  namespace: ucp
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ingress
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ingress
-  values:
-    conf:
-      ingress:
-        proxy-body-size: 20m
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        ingress: 2
-        error_page: 2
-    network:
-      ingress:
-        annotations:
-          nginx.ingress.kubernetes.io/proxy-body-size: 20m
-          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-  dependencies:
-    - ucp-ingress-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ingress-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.ingress-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-ingress-htk
-  release: ucp-ingress-htk
-  namespace: ucp-ingress-htk
-  values: {}
-  dependencies: []
diff --git a/global/software/charts/ucp/core/mariadb.yaml b/global/software/charts/ucp/core/mariadb.yaml
deleted file mode 100644
index 400a99e43..000000000
--- a/global/software/charts/ucp/core/mariadb.yaml
+++ /dev/null
@@ -1,108 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-mariadb
-  labels:
-    name: ucp-mariadb-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.mariadb
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.mariadb
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.oslo_db.admin
-      dest:
-        path: .values.endpoints.oslo_db.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_db_admin_password
-        path: .
-
-data:
-  chart_name: ucp-mariadb
-  release: ucp-mariadb
-  namespace: ucp
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ucp-mariadb
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-mariadb
-  values:
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      prometheus_mysql_exporter:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      ingress:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      error_server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - mariadb-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: mariadb-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.mariadb-htk
-      dest:
-        path: .source
-data:
-  chart_name: mariadb-htk
-  release: mariadb-htk
-  namespace: mariadb-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/core/postgresql.yaml b/global/software/charts/ucp/core/postgresql.yaml
deleted file mode 100644
index 6a25b6534..000000000
--- a/global/software/charts/ucp/core/postgresql.yaml
+++ /dev/null
@@ -1,136 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-postgresql
-  labels:
-    name: ucp-postgresql-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.postgresql
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.postgresql
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.postgresql
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.replica
-      dest:
-        path: .values.endpoints.postgresql.auth.replica
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.exporter
-      dest:
-        path: .values.endpoints.postgresql.auth.exporter
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.postgresql.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.replica.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_replication_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.exporter.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_exporter_password
-        path: .
-data:
-  chart_name: ucp-postgresql
-  release: ucp-postgresql
-  namespace: ucp
-  wait:
-    timeout: 1800
-    labels:
-      release_group: airship-ucp-postgresql
-  install:
-    no_hooks: false
-  upgrade:
-    options:
-      force: true
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-postgresql
-      create: []
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        server: 3
-    conf:
-      postgresql:
-        max_connections: 1000
-        shared_buffers: 2GB
-    development:
-      enabled: false
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - postgres-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: postgres-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.postgresql-htk
-      dest:
-        path: .source
-data:
-  chart_name: postgres-htk
-  release: postgres-htk
-  namespace: postgres-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/core/rabbitmq.yaml b/global/software/charts/ucp/core/rabbitmq.yaml
deleted file mode 100644
index ec5da2fa7..000000000
--- a/global/software/charts/ucp/core/rabbitmq.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-rabbitmq
-  labels:
-    name: ucp-rabbitmq-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.rabbitmq
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.rabbitmq
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user
-
-    # Secrets
-
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_rabbitmq_erlang_cookie
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.erlang_cookie
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user.password
-data:
-  chart_name: ucp-rabbitmq
-  release: ucp-rabbitmq
-  namespace: ucp
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ucp-rabbitmq
-    resources:
-      - type: statefulset
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-rabbitmq
-  values:
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      prometheus_rabbitmq_exporter:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    monitoring:
-      prometheus:
-        enabled: true
-  dependencies:
-    - ucp-rabbitmq-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-rabbitmq-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.rabbitmq-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-rabbitmq-htk
-  release: ucp-rabbitmq-htk
-  namespace: ucp-rabbitmq-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/deckhand/barbican.yaml b/global/software/charts/ucp/deckhand/barbican.yaml
deleted file mode 100644
index 707f5446e..000000000
--- a/global/software/charts/ucp/deckhand/barbican.yaml
+++ /dev/null
@@ -1,262 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-barbican
-  labels:
-    name: ucp-barbican-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.barbican
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.barbican
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.key_manager
-      dest:
-        path: .values.endpoints.key_manager
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.barbican.keystone
-      dest:
-        path: .values.endpoints.identity.auth.barbican
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.barbican.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.barbican
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.barbican.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.barbican.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging.auth
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_db_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.barbican.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_barbican_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.barbican.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_barbican_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.barbican.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-data:
-  chart_name: ucp-barbican
-  release: ucp-barbican
-  namespace: ucp
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ucp-barbican
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-barbican
-    post:
-      create: []
-  values:
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - barbican
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_barbican:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: barbican
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('ucp.barbican', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-    labels:
-      api:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      test:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    pod:
-      replicas:
-        api: 2
-  dependencies:
-    - ucp-barbican-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-barbican-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.barbican-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-barbican-htk
-  release: ucp-barbican-htk
-  namespace: ucp-barbican-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/deckhand/chart-group.yaml b/global/software/charts/ucp/deckhand/chart-group.yaml
deleted file mode 100644
index cba361fee..000000000
--- a/global/software/charts/ucp/deckhand/chart-group.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-deckhand
-  labels:
-    name: ucp-deckhand-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Deckhand
-  chart_group:
-    # NOTE: Find and add the dogtag chart
-    # - ucp-dogtag
-    - ucp-barbican
-    - ucp-deckhand
diff --git a/global/software/charts/ucp/deckhand/deckhand.yaml b/global/software/charts/ucp/deckhand/deckhand.yaml
deleted file mode 100644
index 553b2b3bc..000000000
--- a/global/software/charts/ucp/deckhand/deckhand.yaml
+++ /dev/null
@@ -1,175 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-deckhand
-  labels:
-    name: ucp-deckhand-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.deckhand
-      dest:
-        path: .source
-
-    # Images
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.deckhand
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.postgresql
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.deckhand
-      dest:
-        path: .values.endpoints.deckhand
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.key_manager
-      dest:
-        path: .values.endpoints.key_manager
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.deckhand.postgres
-      dest:
-        path: .values.endpoints.postgresql.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.deckhand.postgres.database
-      dest:
-        path: .values.endpoints.postgresql.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.deckhand.keystone
-      dest:
-        path: .values.endpoints.identity.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_deckhand_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_deckhand_postgres_password
-        path: .
-data:
-  chart_name: ucp-deckhand
-  release: ucp-deckhand
-  namespace: ucp
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-ucp-deckhand
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-deckhand
-    post:
-      create: []
-  values:
-    pod:
-      replicas:
-        deckhand: 2
-    conf:
-      deckhand:
-        DEFAULT:
-          debug: true
-          use_stderr: true
-          use_syslog: true
-        keystone_authtoken:
-          memcache_security_strategy: None
-  dependencies:
-    - deckhand-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deckhand-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.deckhand-htk
-      dest:
-        path: .source
-data:
-  chart_name: deckhand-htk
-  release: deckhand-htk
-  namespace: deckhand-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/divingbell/chart-group.yaml b/global/software/charts/ucp/divingbell/chart-group.yaml
deleted file mode 100644
index e67a6e201..000000000
--- a/global/software/charts/ucp/divingbell/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Divingbell
-  chart_group:
-    - ucp-divingbell
diff --git a/global/software/charts/ucp/divingbell/divingbell.yaml b/global/software/charts/ucp/divingbell/divingbell.yaml
deleted file mode 100644
index deeba6920..000000000
--- a/global/software/charts/ucp/divingbell/divingbell.yaml
+++ /dev/null
@@ -1,129 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell-global
-  labels:
-    name: ucp-divingbell-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.divingbell
-      dest:
-        path: .source
-    # Image Source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.divingbell
-      dest:
-        path: .values.images
-
-    - src:
-        schema: pegleg/Script/v1
-        name: rbd-roomba-scanner
-        path: .
-      dest:
-        path: .values.conf.exec.X005-rbd-roomba-scanner.data
-    - src:
-        schema: pegleg/Script/v1
-        name: hanging-cgroup-release
-        path: .
-      dest:
-        path: .values.conf.exec.X005-hanging-cgroup-release.data
-data:
-  chart_name: ucp-divingbell
-  release: ucp-divingbell
-  namespace: ucp
-  wait:
-    timeout: 300
-    labels:
-      release_group: airship-ucp-divingbell
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-divingbell
-  values:
-    conf:
-      sysctl:
-        # Larger connection tracking table
-        net.nf_conntrack_max: '1048576'
-        # Reboot the node 60 seconds after a kernel panic, instead of default
-        # value of 0 (i.e. never reboot)
-        kernel.panic: '60'
-        # Randomize stack space to prevent buffer overflow exploits
-        kernel.randomize_va_space: '2'
-        # Accept gratuitous ARP to support failover scenarios
-        # https://bugs.launchpad.net/fuel/+bug/1456272
-        net.ipv4.conf.default.arp_accept: '1'
-        net.ipv4.conf.all.arp_accept: '1'
-        # Increased network backlog to optimize performance on fast networks
-        net.core.netdev_max_backlog: '261144'
-        # Optimizations for RabbitMQ failover
-        # https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
-        net.ipv4.tcp_keepalive_intvl: '3'
-        net.ipv4.tcp_keepalive_time: '30'
-        net.ipv4.tcp_keepalive_probes: '8'
-        net.ipv4.tcp_retries2: '5'
-        # Larger thresholds
-        # "Neighbour table overflow" errors that filled kernel logs
-        net.ipv4.neigh.default.gc_thresh1: '4096'
-        net.ipv4.neigh.default.gc_thresh2: '8192'
-        net.ipv4.neigh.default.gc_thresh3: '16384'
-        # It was necessary to set rp_filter to zero to support certain
-        # multi-homed storage backends
-        net.ipv4.conf.default.rp_filter: '0'
-        # Enable byte/packet count for new connections to enable creation of
-        # rules for the connbytes netfilter module
-        net.netfilter.nf_conntrack_acct: '1'
-        # Added in response to error messages seen on genesis host when services
-        # were restarted. "Failed to add /run/systemd/ask-password to directory
-        # watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
-        fs.inotify.max_user_watches: '1048576'
-      exec:
-        X005-rbd-roomba-scanner:
-          rerun_policy: always
-          # 300 = 5 minutes
-          rerun_interval: 300
-          timeout: 300
-        X005-hanging-cgroup-release:
-          rerun_policy: always
-          # 300 = 5 minutes
-          rerun_interval: 3600
-          timeout: 600
-  dependencies:
-    - ucp-divingbell-htk
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.divingbell-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-divingbell-htk
-  release: ucp-divingbell-htk
-  namespace: ucp-divingbell-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/drydock/chart-group.yaml b/global/software/charts/ucp/drydock/chart-group.yaml
deleted file mode 100644
index 498e5e310..000000000
--- a/global/software/charts/ucp/drydock/chart-group.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-drydock
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Drydock
-  chart_group:
-    - ucp-maas
-    - ucp-drydock
diff --git a/global/software/charts/ucp/drydock/drydock.yaml b/global/software/charts/ucp/drydock/drydock.yaml
deleted file mode 100644
index 9822c5a9c..000000000
--- a/global/software/charts/ucp/drydock/drydock.yaml
+++ /dev/null
@@ -1,187 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-drydock
-  labels:
-    name: ucp-drydock-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.drydock
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.drydock
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.postgresql
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.physicalprovisioner
-      dest:
-        path: .values.endpoints.physicalprovisioner
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.maas_region
-      dest:
-        path: .values.endpoints.maas_region
-
-    # Drydock IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.drydock_api
-      dest:
-        path: .values.network.drydock.node_port.port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.drydock_api
-      dest:
-        path: .values.endpoints.physicalprovisioner.port.api.nodeport
-
-    # Credentials
-
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.drydock.postgres
-      dest:
-        path: .values.endpoints.postgresql.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.drydock.postgres.database
-      dest:
-        path: .values.endpoints.postgresql.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.drydock.keystone
-      dest:
-        path: .values.endpoints.identity.auth.drydock
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.drydock.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_drydock_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_drydock_postgres_password
-        path: .
-
-data:
-  chart_name: drydock
-  release: drydock
-  namespace: ucp
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-drydock
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-drydock
-  values:
-    labels:
-      node_selector_key: ucp-control-plane
-      node_selector_value: enabled
-    network:
-      api:
-        nodeport:
-          enabled: false
-    conf:
-      drydock:
-        database:
-          pool_size: 200
-        plugins:
-          ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester
-  dependencies:
-    - drydock-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: drydock-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.drydock-htk
-      dest:
-        path: .source
-data:
-  chart_name: drydock-htk
-  release: drydock-htk
-  namespace: drydock-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/drydock/maas.yaml b/global/software/charts/ucp/drydock/maas.yaml
deleted file mode 100644
index 9c6f6e954..000000000
--- a/global/software/charts/ucp/drydock/maas.yaml
+++ /dev/null
@@ -1,207 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-maas-global
-  labels:
-    name: ucp-maas-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.maas
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.maas
-      dest:
-        path: .values.images.tags
-
-    # MaaS Config
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.upstream_servers_joined
-      dest:
-        path: .values.conf.maas.dns.dns_servers
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ntp.servers_joined
-      dest:
-        path: .values.conf.maas.ntp.ntp_servers
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: maas-region-key
-        path: .
-      dest:
-        path: .values.secrets.maas_region.value
-
-    # Endpoint substitutions
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.maas_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.maas_region
-      dest:
-        path: .values.endpoints.maas_region
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.maas_ingress
-      dest:
-        path: .values.endpoints.maas_ingress
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.physicalprovisioner
-      dest:
-        path: .values.endpoints.physicalprovisioner
-    # Account and credential substitutions
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.maas_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.maas.postgres
-      dest:
-        path: .values.endpoints.maas_db.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.maas.postgres.database
-      dest:
-        path: .values.endpoints.maas_db.path
-        pattern: DB_NAME
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.maas.admin
-      dest:
-        path: .values.endpoints.maas_region.auth.admin
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.maas_region.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_maas_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.maas_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.maas_db.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_maas_postgres_password
-        path: .
-data:
-  chart_name: maas
-  release: maas
-  namespace: ucp
-  wait:
-    timeout: 1800
-    labels:
-      release_group: airship-maas
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-maas
-  values:
-    pod:
-      replicas:
-        region: 1
-        rack: 1
-      security_context:
-        ingress:
-          container:
-            maas_ingress:
-              runAsUser: 0
-            maas_ingress_vip:
-              runAsUser: 0
-    labels:
-      rack:
-        node_selector_key: maas-rack
-        node_selector_value: enabled
-      region:
-        node_selector_key: maas-region
-        node_selector_value: enabled
-    jobs:
-      import_boot_resources:
-        timeout: 1800
-
-    conf:
-      cache:
-        enabled: true
-      maas:
-        images:
-          default_os: 'ubuntu'
-          default_image: 'xenial'
-          default_kernel: 'hwe-16.04'
-        credentials:
-          secret:
-            namespace: ucp
-        proxy:
-          # Use MAAS Built-in proxy. This supports environments where
-          # the PXE interface can not reach the internet.
-          # Also improves efficiency due to caching via MAAS.
-          proxy_enabled: 'true'
-        ntp:
-          use_external_only: 'true'
-          disable_ntpd_region: true
-          disable_ntpd_rack: true
-        dns:
-          require_dnssec: 'no'
-  dependencies:
-    - maas-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.maas-htk
-      dest:
-        path: .source
-data:
-  chart_name: maas-htk
-  release: maas-htk
-  namespace: maas-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/keystone/chart-group.yaml b/global/software/charts/ucp/keystone/chart-group.yaml
deleted file mode 100644
index 48aea95ca..000000000
--- a/global/software/charts/ucp/keystone/chart-group.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone
-  labels:
-    name: ucp-keystone-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Airship Keystone components
-  chart_group:
-    - ucp-keystone-memcached
-    - ucp-keystone
diff --git a/global/software/charts/ucp/keystone/keystone.yaml b/global/software/charts/ucp/keystone/keystone.yaml
deleted file mode 100644
index 0aa710d09..000000000
--- a/global/software/charts/ucp/keystone/keystone.yaml
+++ /dev/null
@@ -1,245 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone
-  labels:
-    name: ucp-keystone-global
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.keystone
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.keystone
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: osh_infra_endpoints
-        path: .osh_infra.fluentd
-      dest:
-        path: .values.endpoints.fluentd
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging.auth
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.oslo_db
-      dest:
-        path: .values.endpoints.oslo_db.auth.keystone
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.oslo_db.database
-      dest:
-        path: .values.endpoints.oslo_db.path
-        pattern: DB_NAME
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.keystone.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.keystone.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_oslo_db_password
-        path: .
-    - dest:
-        path: .values.endpoints.oslo_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_db_admin_password
-        path: .
-data:
-  chart_name: ucp-keystone
-  release: ucp-keystone
-  namespace: ucp
-  test:
-    timeout: 600
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-ucp-keystone
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-keystone
-    post:
-      create: []
-  values:
-    conf:
-      logging:
-        loggers:
-          keys:
-            - root
-            - keystone
-        handlers:
-          keys:
-            - stdout
-            - stderr
-            - 'null'
-            - fluent
-        formatters:
-          keys:
-            - context
-            - default
-            - fluent
-        logger_root:
-          level: WARNING
-          handlers: stdout
-        logger_keystone:
-          level: INFO
-          handlers:
-            - stdout
-            - fluent
-          qualname: keystone
-        logger_amqp:
-          level: WARNING
-          handlers: stderr
-          qualname: amqp
-        logger_amqplib:
-          level: WARNING
-          handlers: stderr
-          qualname: amqplib
-        logger_eventletwsgi:
-          level: WARNING
-          handlers: stderr
-          qualname: eventlet.wsgi.server
-        logger_sqlalchemy:
-          level: WARNING
-          handlers: stderr
-          qualname: sqlalchemy
-        logger_boto:
-          level: WARNING
-          handlers: stderr
-          qualname: boto
-        handler_null:
-          class: logging.NullHandler
-          formatter: default
-          args: ()
-        handler_stdout:
-          class: StreamHandler
-          args: (sys.stdout,)
-          formatter: context
-        handler_stderr:
-          class: StreamHandler
-          args: (sys.stderr,)
-          formatter: context
-        handler_fluent:
-          class: fluent.handler.FluentHandler
-          args: ('ucp.keystone', 'fluentd-logging.osh-infra', 24224)
-          formatter: fluent
-        formatter_fluent:
-          class: oslo_log.formatters.FluentFormatter
-        formatter_context:
-          class: oslo_log.formatters.ContextFormatter
-        formatter_default:
-          format: "%(message)s"
-    pod:
-      replicas:
-        api: 2
-    labels:
-      api:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-
-
-  dependencies:
-    - ucp-keystone-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name:  ucp-keystone-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.keystone-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-keystone-htk
-  release: ucp-keystone-htk
-  namespace: ucp-keystone-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/keystone/memcached.yaml b/global/software/charts/ucp/keystone/memcached.yaml
deleted file mode 100644
index 0ee000580..000000000
--- a/global/software/charts/ucp/keystone/memcached.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone-memcached
-  labels:
-    name: ucp-keystone-memcached-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.memcached
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.memcached
-      dest:
-        path: .values.images.tags
-
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-data:
-  chart_name: ucp-keystone-memcached
-  release: ucp-keystone-memcached
-  namespace: ucp
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-ucp-keystone-memcached
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-          - type: job
-            labels:
-              release_group: airship-ucp-keystone-memcached
-  values:
-    labels:
-      server:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - ucp-memcached-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-memcached-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.memcached-htk
-      dest:
-        path: .source
-data:
-  chart_name: ucp-memcached-htk
-  release: ucp-memcached-htk
-  namespace: ucp-memcached-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/podsecuritypolicy/chart-group.yaml b/global/software/charts/ucp/podsecuritypolicy/chart-group.yaml
deleted file mode 100644
index d06749c2e..000000000
--- a/global/software/charts/ucp/podsecuritypolicy/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: podsecuritypolicy
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Cluster Pod Security Policy definitions
-  chart_group:
-    - podsecuritypolicy
diff --git a/global/software/charts/ucp/podsecuritypolicy/podsecuritypolicy.yaml b/global/software/charts/ucp/podsecuritypolicy/podsecuritypolicy.yaml
deleted file mode 100644
index 4b26388a3..000000000
--- a/global/software/charts/ucp/podsecuritypolicy/podsecuritypolicy.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: podsecuritypolicy
-  labels:
-    name: podsecuritypolicy-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.podsecuritypolicy
-      dest:
-        path: .source
-data:
-  chart_name: podsecuritypolicy
-  release: podsecuritypolicy
-  namespace: ucp
-  wait:
-    resources: []
-  install:
-    no_hooks: true
-  upgrade:
-    no_hooks: true
-  values:
-    conf:
-      # This defines creation of ClusterRoleBindings that configure
-      # default PodSecurityPolicies for the subjects below.
-      # `nil` avoids creation of a default binding for the subject.
-      #
-      defaults:
-        serviceaccounts: psp-default
-        authenticated: psp-default
-        unauthenticated: nil
-    data:
-      # Each of these corresponds to the `spec` of a PodSecurityPolicy object.
-      # Note that this default PodSecurityPolicy is incredibly permissive.  It is
-      # intended to be tuned over time as a default, and to be overridden by
-      # operators as appropriate.
-      #
-      # A ClusterRole will be created for the PSP, with the same `metadata.name`.
-      #
-      # Note: you can define as many PSPs here as you need.
-      #
-      psp-default:  # This will be the `metadata.name` of the PodSecurityPolicy
-        privileged: true
-        allowPrivilegeEscalation: true
-        hostNetwork: true
-        hostPID: true
-        hostIPC: true
-        seLinux:
-          rule: RunAsAny
-        supplementalGroups:
-          rule: RunAsAny
-        runAsUser:
-          rule: RunAsAny
-        fsGroup:
-          rule: RunAsAny
-        volumes:
-        - '*'
-        allowedCapabilities:
-        - '*'
-        hostPorts:
-        - min: 1
-          max: 65536
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/charts/ucp/promenade/chart-group.yaml b/global/software/charts/ucp/promenade/chart-group.yaml
deleted file mode 100644
index dcea4468b..000000000
--- a/global/software/charts/ucp/promenade/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Promenade
-  chart_group:
-    - ucp-promenade
diff --git a/global/software/charts/ucp/promenade/promenade.yaml b/global/software/charts/ucp/promenade/promenade.yaml
deleted file mode 100644
index 93c7f65be..000000000
--- a/global/software/charts/ucp/promenade/promenade.yaml
+++ /dev/null
@@ -1,157 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade-global
-  labels:
-    name: ucp-promenade-global
-  layeringDefinition:
-    abstract: true
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.promenade
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.promenade
-      dest:
-        path: .values.images.tags
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.promenade.monitoring_image
-      dest:
-        path: .values.images.tags.monitoring_image
-
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.hyperkube
-      dest:
-        path: .values.images.tags.hyperkube
-
-    # Files
-    - src:
-        schema: promenade/HostSystem/v1
-        name: host-system
-        path: .files[0].path
-      dest:
-        path: .values.pod.mount_path
-
-    # Endpoints
-
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.kubernetesprovisioner
-      dest:
-        path: .values.endpoints.kubernetesprovisioner
-
-    # Credentials
-
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.promenade.keystone
-      dest:
-        path: .values.endpoints.identity.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_promenade_keystone_password
-        path: .
-
-data:
-  chart_name: promenade
-  release: ucp-promenade
-  namespace: ucp
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-ucp-promenade
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-promenade
-  values:
-    pod:
-      replicas:
-        api: 2
-      env:
-        promenade_api:
-         # this aligns with drydocks timeouts and allows alow responses to
-         # download the external kubernetes client .tgz to still succeed
-         - name: UWSGI_TIMEOUT
-           value: "900"
-    conf:
-      paste:
-        filter:authtoken:
-          paste.filter_factory: keystonemiddleware.auth_token:filter_factory
-          admin_tenant_name: service
-          admin_user: promenade
-          delay_auth_decision: true
-          identity_uri: http://keystone-api.ucp.svc.cluster.local/
-          service_token_roles_required: true
-  dependencies:
-    - promenade-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: promenade-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.promenade-htk
-      dest:
-        path: .source
-data:
-  chart_name: promenade-htk
-  release: promenade-htk
-  namespace: promenade-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/shipyard/chart-group.yaml b/global/software/charts/ucp/shipyard/chart-group.yaml
deleted file mode 100644
index f4cc1f865..000000000
--- a/global/software/charts/ucp/shipyard/chart-group.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-shipyard
-  labels:
-    name: ucp-shipyard-chart-group-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Shipyard
-  chart_group:
-    - ucp-shipyard
diff --git a/global/software/charts/ucp/shipyard/shipyard.yaml b/global/software/charts/ucp/shipyard/shipyard.yaml
deleted file mode 100644
index f07c1bf93..000000000
--- a/global/software/charts/ucp/shipyard/shipyard.yaml
+++ /dev/null
@@ -1,304 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-shipyard
-  labels:
-    name: ucp-shipyard-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.shipyard
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.ucp.shipyard
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.postgresql_shipyard_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql
-      dest:
-        path: .values.endpoints.postgresql_airflow_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.postgresql_airflow_celery
-      dest:
-        path: .values.endpoints.postgresql_airflow_celery_db
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.shipyard
-      dest:
-        path: .values.endpoints.shipyard
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.airflow_oslo_messaging
-      dest:
-        path: .values.endpoints.oslo_messaging
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.oslo_cache
-      dest:
-        path: .values.endpoints.oslo_cache
-
-    # Database path
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.shipyard.postgres.database
-      dest:
-        path: .values.endpoints.postgresql_shipyard_db.path
-        pattern: 'DB_NAME'
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.postgres.database
-      dest:
-        path: .values.endpoints.postgresql_airflow_db.path
-        pattern: 'DB_NAME'
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.postgres.database
-      dest:
-        path: .values.endpoints.postgresql_airflow_celery_db.path
-        pattern: 'DB_NAME'
-    # Credentials
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql_shipyard_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql_airflow_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.postgres.admin
-      dest:
-        path: .values.endpoints.postgresql_airflow_celery_db.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.shipyard.postgres
-      dest:
-        path: .values.endpoints.postgresql_shipyard_db.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.postgres
-      dest:
-        path: .values.endpoints.postgresql_airflow_db.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.postgres
-      dest:
-        path: .values.endpoints.postgresql_airflow_celery_db.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.oslo_messaging.user
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.airflow.oslo_messaging.admin
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.shipyard.keystone
-      dest:
-        path: .values.endpoints.identity.auth.shipyard
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_shipyard_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_airflow_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_airflow_celery_db.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_postgres_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.shipyard.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_shipyard_keystone_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_shipyard_db.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_shipyard_postgres_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_airflow_db.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_airflow_postgres_password
-        path: .
-    - dest:
-        path: .values.endpoints.postgresql_airflow_celery_db.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_airflow_postgres_password
-        path: .
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_airflow_oslo_messaging_password
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.user.password
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_oslo_messaging_password
-        path: .
-      dest:
-        path: .values.endpoints.oslo_messaging.auth.admin.password
-
-data:
-  chart_name: shipyard
-  release: ucp-shipyard
-  namespace: ucp
-  wait:
-    timeout: 600
-    labels:
-      release_group: airship-ucp-shipyard
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-shipyard
-  values:
-    endpoints:
-      postgresql_airflow_db:
-        name: postgresql
-        hosts:
-          default: postgresql
-        path: /DB_NAME
-        scheme: postgresql+psycopg2
-        port:
-          postgresql:
-            default: 5432
-        host_fqdn_override:
-          default: null
-      postgresql_shipyard_db:
-        name: postgresql
-        hosts:
-          default: postgresql
-        path: /DB_NAME
-        scheme: postgresql+psycopg2
-        port:
-          postgresql:
-            default: 5432
-        host_fqdn_override:
-          default: null
-    prod_environment: true
-    pod:
-      replicas:
-        shipyard:
-          api: 2
-        airflow:
-          worker: 2
-          # TODO: Scheduler can be set to 0 with a future version - here to
-          # accommodate the upgrade to the current configuration with the
-          # Scheduler being a sidecar with the Worker.
-          scheduler: 1
-    labels:
-      job:
-        node_selector_key: ucp-control-plane
-        node_selector_value: enabled
-    conf:
-      shipyard:
-        keystone_authtoken:
-          memcache_security_strategy: None
-  dependencies:
-    - shipyard-htk
-...
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: shipyard-htk
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.ucp.shipyard-htk
-      dest:
-        path: .source
-data:
-  chart_name: shipyard-htk
-  release: shipyard-htk
-  namespace: shipyard-htk
-  values: {}
-  dependencies: []
-...
diff --git a/global/software/charts/ucp/ucp-openstack-exporter/chart-group.yaml b/global/software/charts/ucp/ucp-openstack-exporter/chart-group.yaml
deleted file mode 100644
index 3d9407ea1..000000000
--- a/global/software/charts/ucp/ucp-openstack-exporter/chart-group.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-prometheus-openstack-exporter
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  description: Prometheus OpenStack Exporter for UCP Components
-  chart_group:
-    - ucp-prometheus-openstack-exporter
diff --git a/global/software/charts/ucp/ucp-openstack-exporter/prometheus-openstack-exporter.yaml b/global/software/charts/ucp/ucp-openstack-exporter/prometheus-openstack-exporter.yaml
deleted file mode 100644
index b0fb0b0bb..000000000
--- a/global/software/charts/ucp/ucp-openstack-exporter/prometheus-openstack-exporter.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-prometheus-openstack-exporter
-  labels:
-    name: ucp-prometheus-openstack-exporter-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.osh_infra.prometheus_openstack_exporter
-      dest:
-        path: .source
-
-    # Images
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.osh_infra.prometheus_openstack_exporter
-      dest:
-        path: .values.images.tags
-
-    # Endpoints
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.prometheus_openstack_exporter
-      dest:
-        path: .values.endpoints.prometheus_openstack_exporter
-    - src:
-        schema: pegleg/EndpointCatalogue/v1
-        name: ucp_endpoints
-        path: .ucp.identity
-      dest:
-        path: .values.endpoints.identity
-
-    # Accounts
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.keystone.admin
-      dest:
-        path: .values.endpoints.identity.auth.admin
-    - src:
-        schema: pegleg/AccountCatalogue/v1
-        name: ucp_service_accounts
-        path: .ucp.prometheus_openstack_exporter.user
-      dest:
-        path: .values.endpoints.identity.auth.user
-
-    # Secrets
-    - dest:
-        path: .values.endpoints.identity.auth.admin.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_keystone_admin_password
-        path: .
-    - dest:
-        path: .values.endpoints.identity.auth.user.password
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ucp_openstack_exporter_keystone_password
-        path: .
-data:
-  chart_name: ucp-prometheus-openstack-exporter
-  release: ucp-prometheus-openstack-exporter
-  namespace: ucp
-  wait:
-    timeout: 900
-    labels:
-      release_group: airship-ucp-prometheus-openstack-exporter
-  install:
-    no_hooks: false
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-ucp-prometheus-openstack-exporter
-  values:
-    labels:
-      openstack_exporter:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-      job:
-        node_selector_key: openstack-control-plane
-        node_selector_value: enabled
-  dependencies:
-    - osh-infra-helm-toolkit
-...
diff --git a/global/software/config/Docker.yaml b/global/software/config/Docker.yaml
deleted file mode 100644
index e0bf29c9f..000000000
--- a/global/software/config/Docker.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: promenade/Docker/v1
-metadata:
-  schema: metadata/Document/v1
-  name: docker-global
-  labels:
-    promenade: enabled
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-data:
-  config:
-    live-restore: true
-    storage-driver: overlay2
-...
diff --git a/global/software/config/Kubelet.yaml b/global/software/config/Kubelet.yaml
deleted file mode 100644
index 3dd35b6f7..000000000
--- a/global/software/config/Kubelet.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-schema: promenade/Kubelet/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubelet
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.kubernetes.pause
-      dest:
-        path: .images.pause
-    - src:
-        schema: pegleg/SeccompProfile/v1
-        name: seccomp-default
-        path: .seccompDirPath
-      dest:
-        path: .arguments[9]
-        pattern: SECCOMP_PROFILE_ROOT
-data:
-  arguments:
-    - --cni-bin-dir=/opt/cni/bin
-    - --cni-conf-dir=/etc/cni/net.d
-    - --eviction-max-pod-grace-period=-1
-    - --network-plugin=cni
-    - --node-status-update-frequency=5s
-    - --max-pods=200
-    - --kube-api-burst=40
-    - --kube-api-qps=20
-    - --seccomp-profile-root=SECCOMP_PROFILE_ROOT
-    - --feature-gates=PodShareProcessNamespace=true
diff --git a/global/software/config/encryption.yaml b/global/software/config/encryption.yaml
deleted file mode 100644
index 5ed0db054..000000000
--- a/global/software/config/encryption.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-schema: promenade/EncryptionPolicy/v1
-metadata:
-  schema: metadata/Document/v1
-  name: encryption-policy
-  layeringDefinition:
-    abstract: false
-    layer: global
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: deckhand/Passphrase/v1
-        name: apiserver-encryption-key-key1
-        path: .
-      dest:
-        path: .etcd[0].providers[0].secretbox.keys[0].secret
-data:
-  etcd:
-    - resources:
-        - 'secrets'
-      providers:
-        - secretbox:
-            keys:
-             - name: key1
-               secret: null
-        - identity: {}
-...
diff --git a/global/software/config/versions.yaml b/global/software/config/versions.yaml
deleted file mode 100644
index 9ff827a5b..000000000
--- a/global/software/config/versions.yaml
+++ /dev/null
@@ -1,749 +0,0 @@
----
-data:
-  charts:
-    kubernetes:
-      apiserver:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/apiserver
-        type: git
-      apiserver-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      calico:
-        calico:
-          location: https://opendev.org/openstack/openstack-helm-infra
-          reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-          subpath: calico
-          type: git
-        calico-htk:
-          location: https://opendev.org/openstack/openstack-helm-infra
-          reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-          subpath: helm-toolkit
-          type: git
-        etcd:
-          location: https://opendev.org/airship/promenade
-          reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-          subpath: charts/etcd
-          type: git
-        etcd-htk:
-          location: https://opendev.org/openstack/openstack-helm-infra
-          reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-          subpath: helm-toolkit
-          type: git
-      controller-manager:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/controller_manager
-        type: git
-      controller-manager-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      coredns:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/coredns
-        type: git
-      coredns-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      etcd:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/etcd
-        type: git
-      etcd-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      haproxy:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/haproxy
-        type: git
-      haproxy-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      ingress:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ingress
-        type: git
-      ingress-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      proxy:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/proxy
-        type: git
-      proxy-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      scheduler:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/scheduler
-        type: git
-      scheduler-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-    osh:
-      barbican:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: barbican
-        type: git
-      cinder:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: cinder
-        type: git
-      cinder-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      glance:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: glance
-        type: git
-      glance-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      heat:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: heat
-        type: git
-      heat-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      helm_toolkit:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      horizon:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: horizon
-        type: git
-      horizon-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      ingress:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ingress
-        type: git
-      ingress-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      keystone:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: keystone
-        type: git
-      keystone-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      libvirt:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: libvirt
-        type: git
-      libvirt-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      mariadb:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: mariadb
-        type: git
-      mariadb-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      memcached:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: memcached
-        type: git
-      memcached-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      neutron:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: neutron
-        type: git
-      neutron-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      nova:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: nova
-        type: git
-      nova-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      openvswitch:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: openvswitch
-        type: git
-      openvswitch-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      rabbitmq:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: rabbitmq
-        type: git
-      rabbitmq-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      tempest:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: tempest
-        type: git
-      tempest-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-    osh_infra:
-      elasticsearch:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: elasticsearch
-        type: git
-      fluentbit:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: fluentbit
-        type: git
-      fluentd:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: fluentd
-        type: git
-      grafana:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: grafana
-        type: git
-      helm_toolkit:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      kibana:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: kibana
-        type: git
-      nagios:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: nagios
-        type: git
-      nfs_provisioner:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: nfs-provisioner
-        type: git
-      podsecuritypolicy:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: podsecuritypolicy
-        type: git
-      prometheus:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus
-        type: git
-      prometheus_alertmanager:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus-alertmanager
-        type: git
-      prometheus_kube_state_metrics:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus-kube-state-metrics
-        type: git
-      prometheus_node_exporter:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus-node-exporter
-        type: git
-      prometheus_openstack_exporter:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus-openstack-exporter
-        type: git
-      prometheus_process_exporter:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: prometheus-process-exporter
-        type: git
-    ucp:
-      armada:
-        location: https://opendev.org/airship/armada
-        reference: 027b4a0832bfeaecef9b5a07d51f78b4e3221ec8
-        subpath: charts/armada
-        type: git
-      armada-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      barbican:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: barbican
-        type: git
-      barbican-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      ceph-client:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-client
-        type: git
-      ceph-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      ceph-mon:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-mon
-        type: git
-      ceph-osd:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-osd
-        type: git
-      ceph-provisioners:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-provisioners
-        type: git
-      ceph-rgw:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-rgw
-        type: git
-      deckhand:
-        location: https://opendev.org/airship/deckhand
-        reference: 070124b578ee95ed1da5cae0a82b825bceb373e0
-        subpath: charts/deckhand
-        type: git
-      deckhand-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      divingbell:
-        location: https://opendev.org/airship/divingbell
-        reference: 2e5ffaccca1f8824384569f8add5bead28fddcdc
-        subpath: divingbell
-        type: git
-      divingbell-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      drydock:
-        location: https://opendev.org/airship/drydock
-        reference: 2e97bd5b72cd4cf13b3a993d6e083b25ca292587
-        subpath: charts/drydock
-        type: git
-      drydock-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      ingress:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ingress
-        type: git
-      ingress-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      keystone:
-        location: https://opendev.org/openstack/openstack-helm
-        reference: d2abe39d498f48c4721e26aca19e81189bc8891b
-        subpath: keystone
-        type: git
-      keystone-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      maas:
-        location: https://opendev.org/airship/maas
-        reference: a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        subpath: charts/maas
-        type: git
-      maas-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      mariadb:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: mariadb
-        type: git
-      mariadb-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      memcached:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: memcached
-        type: git
-      memcached-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      postgresql:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: postgresql
-        type: git
-      postgresql-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      promenade:
-        location: https://opendev.org/airship/promenade
-        reference: 1f502d84ad9058a0856bad59a5c6827ada8b23eb
-        subpath: charts/promenade
-        type: git
-      promenade-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      rabbitmq:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: rabbitmq
-        type: git
-      rabbitmq-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      shipyard:
-        location: https://opendev.org/airship/shipyard
-        reference: f42e85d7cedb0a22c2f90f53ad4902cc4a62d9a9
-        subpath: charts/shipyard
-        type: git
-      shipyard-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      tenant-ceph-client:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-client
-        type: git
-      tenant-ceph-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-      tenant-ceph-mon:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-mon
-        type: git
-      tenant-ceph-osd:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-osd
-        type: git
-      tenant-ceph-provisioners:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-provisioners
-        type: git
-      tenant-ceph-rgw:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: ceph-rgw
-        type: git
-      tiller:
-        location: https://opendev.org/airship/armada
-        reference: 027b4a0832bfeaecef9b5a07d51f78b4e3221ec8
-        subpath: charts/tiller
-        type: git
-      tiller-htk:
-        location: https://opendev.org/openstack/openstack-helm-infra
-        reference: d0b32ed88ad652d9c2226466a13bac8b28038399
-        subpath: helm-toolkit
-        type: git
-  images:
-    calico:
-      calico: {}
-      etcd: {}
-    ceph:
-      ceph-client: {}
-      ceph-mon: {}
-      ceph-osd: {}
-      ceph-provisioners: {}
-      ceph-rgw: {}
-      tenant-ceph-client: {}
-      tenant-ceph-mon: {}
-      tenant-ceph-osd: {}
-      tenant-ceph-provisioners: {}
-      tenant-ceph-rgw: {}
-    kubernetes:
-      apiserver:
-        anchor: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-        apiserver: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-      controller-manager:
-        anchor: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-        controller_manager: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-      coredns:
-        coredns: docker.io/coredns/coredns:1.1.3
-      etcd:
-        etcd: quay.io/coreos/etcd:v3.3.12
-        etcdctl: quay.io/coreos/etcd:v3.3.12
-      haproxy:
-        anchor: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-        haproxy: docker.io/haproxy:1.8.19
-      hyperkube: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-      ingress: {}
-      pause: gcr.io/google-containers/pause-amd64:3.1
-      proxy:
-        proxy: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-      scheduler:
-        anchor: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-        scheduler: gcr.io/google-containers/hyperkube-amd64:v1.12.9
-    osh:
-      barbican: {}
-      cinder: {}
-      glance: {}
-      heat: {}
-      horizon: {}
-      ingress: {}
-      keystone: {}
-      libvirt: {}
-      mariadb: {}
-      memcached: {}
-      neutron: {}
-      nova: {}
-      openvswitch: {}
-      rabbitmq: {}
-      tempest: {}
-    osh_infra:
-      elasticsearch: {}
-      fluentbit: {}
-      fluentd: {}
-      grafana: {}
-      kibana: {}
-      nagios: {}
-      nfs_provisioner:
-        nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v2.1.0-k8s1.11
-      prometheus: {}
-      prometheus_alertmanager: {}
-      prometheus_kube_state_metrics: {}
-      prometheus_node_exporter: {}
-      prometheus_openstack_exporter: {}
-      prometheus_process_exporter: {}
-    ucp:
-      armada:
-        api: quay.io/airshipit/armada:027b4a0832bfeaecef9b5a07d51f78b4e3221ec8-ubuntu_xenial
-        helm: docker.io/lachlanevenson/k8s-helm:v2.14.1
-        tiller: gcr.io/kubernetes-helm/tiller:v2.14.1
-      barbican: {}
-      deckhand:
-        db_sync: quay.io/airshipit/deckhand:070124b578ee95ed1da5cae0a82b825bceb373e0-ubuntu_xenial
-        deckhand: quay.io/airshipit/deckhand:070124b578ee95ed1da5cae0a82b825bceb373e0-ubuntu_xenial
-      divingbell:
-        divingbell: docker.io/ubuntu:16.04
-      drydock:
-        drydock: quay.io/airshipit/drydock:2e97bd5b72cd4cf13b3a993d6e083b25ca292587
-        drydock_db_sync: quay.io/airshipit/drydock:2e97bd5b72cd4cf13b3a993d6e083b25ca292587
-      ingress: {}
-      keystone: {}
-      maas:
-        bootstrap: quay.io/airshipit/maas-region-controller:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        db_sync: quay.io/airshipit/maas-region-controller:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        export_api_key: quay.io/airshipit/maas-region-controller:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        maas_cache: quay.io/airshipit/sstream-cache:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        maas_rack: quay.io/airshipit/maas-rack-controller:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-        maas_region: quay.io/airshipit/maas-region-controller:a8887a93b4fea102aeaa8aa17bfaa648126049a9
-      mariadb: {}
-      memcached: {}
-      pegleg:
-        pegleg: quay.io/airshipit/pegleg:438db81d27ff43fc2e8f653faf324315c9b38751-ubuntu_xenial
-      postgresql: {}
-      promenade:
-        monitoring_image: busybox:1.28.3
-        promenade: quay.io/airshipit/promenade:1f502d84ad9058a0856bad59a5c6827ada8b23eb
-      rabbitmq: {}
-      shipyard:
-        airflow: quay.io/airshipit/airflow:f42e85d7cedb0a22c2f90f53ad4902cc4a62d9a9-ubuntu_xenial
-        airflow_db_sync: quay.io/airshipit/airflow:f42e85d7cedb0a22c2f90f53ad4902cc4a62d9a9-ubuntu_xenial
-        shipyard: quay.io/airshipit/shipyard:f42e85d7cedb0a22c2f90f53ad4902cc4a62d9a9-ubuntu_xenial
-        shipyard_db_sync: quay.io/airshipit/shipyard:f42e85d7cedb0a22c2f90f53ad4902cc4a62d9a9-ubuntu_xenial
-  packages:
-    gpgkey: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-      mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
-      lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
-      38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
-      L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
-      UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
-      cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
-      ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
-      vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
-      G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
-      XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
-      q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
-      tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
-      BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
-      v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
-      tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
-      jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
-      6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
-      XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
-      FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
-      g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
-      ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
-      9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
-      G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
-      FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
-      EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
-      M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
-      Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
-      w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
-      z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
-      eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
-      VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
-      1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
-      zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
-      pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
-      ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
-      BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
-      1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
-      YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
-      mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
-      KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
-      JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
-      cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
-      6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
-      U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
-      VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
-      irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
-      SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
-      QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
-      9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
-      24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
-      dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
-      Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
-      H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
-      /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
-      M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
-      xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
-      jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
-      YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
-      =0YYh
-      -----END PGP PUBLIC KEY BLOCK-----
-    named:
-      docker: docker-ce=18.06.3~ce~3-0~ubuntu
-      socat: socat=1.7.3.1-1
-    repositories:
-      docker:
-        components:
-        - stable
-        distributions:
-        - xenial
-        repo_type: apt
-        url: https://download.docker.com/linux/ubuntu/
-      main_archive:
-        components:
-        - main
-        - universe
-        - multiverse
-        distributions:
-        - xenial
-        repo_type: apt
-        subrepos:
-        - security
-        - updates
-        - backports
-        url: http://us.archive.ubuntu.com/ubuntu
-    unnamed:
-    - ceph-common
-metadata:
-  labels:
-    name: software-versions-global
-  layeringDefinition:
-    abstract: false
-    layer: global
-  name: software-versions
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: pegleg/SoftwareVersions/v1
-...
diff --git a/global/software/manifests/bootstrap.yaml b/global/software/manifests/bootstrap.yaml
deleted file mode 100644
index 3db2fa542..000000000
--- a/global/software/manifests/bootstrap.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-bootstrap
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: cluster-bootstrap-global
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-...
diff --git a/global/software/manifests/full-site.yaml b/global/software/manifests/full-site.yaml
deleted file mode 100644
index bc64638b8..000000000
--- a/global/software/manifests/full-site.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: full-site
-  layeringDefinition:
-    abstract: false
-    layer: global
-  labels:
-    name: full-site-global
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph-update
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock-scaled
-    - ucp-promenade
-    - ucp-shipyard
-    - ucp-prometheus-openstack-exporter
-    - osh-infra-ingress-controller
-    - osh-infra-ceph-config
-    - osh-infra-radosgw
-    - osh-infra-logging
-    - osh-infra-monitoring
-    - osh-infra-mariadb
-    - osh-infra-dashboards
-    - openstack-ingress-controller
-    - openstack-ceph-config
-    - openstack-tenant-ceph
-    - openstack-mariadb
-    - openstack-rabbitmq
-    - openstack-memcached
-    - openstack-keystone
-    - openstack-radosgw
-    - openstack-glance
-    - openstack-cinder
-    - openstack-compute-kit
-    - openstack-heat
-    - osh-infra-prometheus-openstack-exporter
-    - openstack-horizon
-...
diff --git a/site/aiab/deployment/deployment-configuration.yaml b/site/aiab/deployment/deployment-configuration.yaml
deleted file mode 100644
index d58494512..000000000
--- a/site/aiab/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# The purpose of this file is to provide shipyard related deployment config
-# parameters. This should not require modification for a new site. However,
-# shipyard deployment strategies can be very useful in getting around certain
-# failures, like misbehaving nodes that hold up the deployment. See more at
-# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  physical_provisioner:
-    deployment_strategy: deployment-strategy
-    deploy_interval: 30
-    deploy_timeout: 3600
-    destroy_interval: 30
-    destroy_timeout: 900
-    join_wait: 0
-    prepare_node_interval: 30
-    prepare_node_timeout: 1800
-    prepare_site_interval: 10
-    prepare_site_timeout: 300
-    verify_interval: 10
-    verify_timeout: 60
-  kubernetes_provisioner:
-    drain_timeout: 3600
-    drain_grace_period: 1800
-    clear_labels_timeout: 1800
-    remove_etcd_timeout: 1800
-    etcd_ready_timeout: 600
-  armada:
-    get_releases_timeout: 300
-    get_status_timeout: 300
-    manifest: 'full-site-aiab'
-    post_apply_timeout: 7200
-    validate_design_timeout: 600
-...
diff --git a/site/aiab/deployment/dev-configurables.yaml b/site/aiab/deployment/dev-configurables.yaml
deleted file mode 100644
index 91ecc8c22..000000000
--- a/site/aiab/deployment/dev-configurables.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# These parameters are environment specific, they are
-# overridden with scripts during the installation.
-schema: dev/Configurables/v1
-metadata:
-  schema: metadata/Document/v1
-  name: dev-configurables
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-
-# This is just an example of configuration parameters.
-data:
-  # Hostname of the node.
-  hostname: aiab
-  # IP address for external network.
-  hostip: 10.0.2.14
-  # IP address range for external neetwork.
-  hostcidr: 10.0.2.0/24
-  # Name of interface.
-  interface: ens3
-  # IP address for MaaS VIP address.
-  maas-ingress: '192.169.1.5/32'
diff --git a/site/aiab/manifests/bootstrap.yaml b/site/aiab/manifests/bootstrap.yaml
deleted file mode 100644
index 2f9a8f825..000000000
--- a/site/aiab/manifests/bootstrap.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-bootstrap-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: cluster-bootstrap-global
-    actions:
-      - method: replace
-        path: .chart_groups
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - osh-infra-nfs-provisioner
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-...
diff --git a/site/aiab/networks/common-addresses.yaml b/site/aiab/networks/common-addresses.yaml
deleted file mode 100644
index 31bd61ac2..000000000
--- a/site/aiab/networks/common-addresses.yaml
+++ /dev/null
@@ -1,126 +0,0 @@
----
-# The purpose of this file is to define network related paramters that are
-# referenced elsewhere in the manifests for this site.
-schema: pegleg/CommonAddresses/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-addresses
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .interface
-      dest:
-        path: .calico.ip_autodetection_method
-        pattern: REPLACEME
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .genesis.hostname
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .genesis.ip
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .bootstrap.ip
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostcidr
-      dest:
-        path: .storage.ceph.public_cidr
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostcidr
-      dest:
-        path: .storage.ceph.cluster_cidr
-
-data:
-  calico:
-    ip_autodetection_method: 'interface=REPLACEME'
-    etcd:
-      service_ip: 10.96.232.136
-
-  dns:
-    cluster_domain: cluster.local
-    service_ip: 10.96.0.10
-    upstream_servers:
-      - 8.8.8.8
-      - 8.8.4.4
-    upstream_servers_joined: 8.8.8.8,8.8.4.4
-
-  genesis:
-    hostname: REPLACEME
-    ip: REPLACEME
-
-  bootstrap:
-    ip: REPLACEME
-
-  kubernetes:
-    # K8s API service IP
-    api_service_ip: 10.96.0.1
-    # etcd service IP
-    etcd_service_ip: 10.96.0.2
-    # k8s pod CIDR (network which pod traffic will traverse)
-    pod_cidr: 10.97.0.0/16
-    # k8s service CIDR (network which k8s API traffic will traverse)
-    service_cidr: 10.96.0.0/16
-    # misc k8s port settings
-    apiserver_port: 6443
-    haproxy_port: 6553
-    service_node_port_range: 30000-32767
-
-  # etcd port settings
-  etcd:
-    container_port: 2379
-    haproxy_port: 2378
-
-  proxy:
-    http: ""
-    https: ""
-    no_proxy: []
-
-  node_ports:
-    drydock_api: 30000
-    maas_api: 30001
-    maas_proxy: 31800  # hardcoded in MAAS
-
-  ntp:
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
-
-  # NOTE(eli): this is not needed for Airship in a bottle, this is here
-  # only to satisfy substitutions in globals.
-  storage:
-    ceph:
-      public_cidr: REPLACEME
-      cluster_cidr: REPLACEME
-
-  # NOTE: This is not used and is needed only to satisfy global substitutions.
-  ldap:
-    base_url: 'ldap.example.com'
-    url: 'ldap://ldap.example.com'
-    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
-    common_name: test
-    subdomain: test
-    domain: example
-
-  neutron:
-    tunnel_device: docker0
-    external_iface: docker0
-
-  openvswitch:
-    external_iface: docker0
-...
diff --git a/site/aiab/pki/pki-catalog.yaml b/site/aiab/pki/pki-catalog.yaml
deleted file mode 100644
index 053799d78..000000000
--- a/site/aiab/pki/pki-catalog.yaml
+++ /dev/null
@@ -1,183 +0,0 @@
----
-# The purpose of this file is to define the PKI certificates for the environment
-#
-# NOTE: When deploying a new site, this file should not be configured until
-# baremetal/nodes.yaml is complete.
-#
-schema: promenade/PKICatalog/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-certificates
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.kubernetes.certificates[1].hosts[0]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .certificate_authorities.kubernetes.certificates[1].hosts[1]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.kubernetes.certificates[1].common_name
-        pattern: HOSTNAME
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.calico-etcd.certificates[1].hosts[0]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .certificate_authorities.calico-etcd.certificates[1].hosts[1]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostname
-      dest:
-        path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[0]
-    - src:
-        schema: dev/Configurables/v1
-        name: dev-configurables
-        path: .hostip
-      dest:
-        path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[1]
-
-data:
-  certificate_authorities:
-    kubernetes:
-      description: CA for Kubernetes components
-      certificates:
-        - document_name: apiserver
-          description: Service certificate for Kubernetes apiserver
-          common_name: apiserver
-          hosts:
-            - localhost
-            - 127.0.0.1
-            - 10.96.0.1
-          kubernetes_service_names:
-            - kubernetes.default.svc.cluster.local
-        - document_name: kubelet-genesis
-          common_name: system:node:HOSTNAME
-          hosts:
-            - REPLACEME_HOST_NAME
-            - REPLACEME_HOST_IP
-          groups:
-            - system:nodes
-        - document_name: scheduler
-          description: Service certificate for Kubernetes scheduler
-          common_name: system:kube-scheduler
-        - document_name: controller-manager
-          description: certificate for controller-manager
-          common_name: system:kube-controller-manager
-        - document_name: admin
-          common_name: admin
-          groups:
-            - system:masters
-        - document_name: armada
-          common_name: armada
-          groups:
-            - system:masters
-    kubernetes-etcd:
-      description: Certificates for Kubernetes's etcd servers
-      certificates:
-        - document_name: apiserver-etcd
-          description: etcd client certificate for use by Kubernetes apiserver
-          common_name: apiserver
-        - document_name: kubernetes-etcd-anchor
-          description: anchor
-          common_name: anchor
-        - document_name: kubernetes-etcd-genesis
-          common_name: kubernetes-etcd-genesis
-          hosts:
-            - REPLACEME_HOST_NAME
-            - REPLACEME_HOST_IP
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-    kubernetes-etcd-peer:
-      certificates:
-        - document_name: kubernetes-etcd-genesis-peer
-          common_name: kubernetes-etcd-genesis-peer
-          hosts:
-            - REPLACEME_HOST_NAME
-            - REPLACEME_HOST_IP
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-    calico-etcd:
-      description: Certificates for Calico etcd client traffic
-      certificates:
-        - document_name: calico-etcd-anchor
-          description: anchor
-          common_name: anchor
-        - document_name: calico-etcd
-          common_name: calico-etcd
-          hosts:
-            - REPLACEME_HOST_NAME
-            - REPLACEME_HOST_IP
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node
-          common_name: calcico-node
-        # End node list
-    calico-etcd-peer:
-      description: Certificates for Calico etcd clients
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: calico-etcd-peer
-          common_name: calico-etcd-peer
-          hosts:
-            - REPLACEME_HOST_NAME
-            - REPLACEME_HOST_IP
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node-peer
-          common_name: calcico-node-peer
-  keypairs:
-    - name: service-account
-      description: Service account signing key for use by Kubernetes controller-manager.
-...
diff --git a/site/aiab/profiles/genesis.yaml b/site/aiab/profiles/genesis.yaml
deleted file mode 100644
index 253b48602..000000000
--- a/site/aiab/profiles/genesis.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-# The purpose of this file is to apply proper labels to Genesis node so the
-# proper services are installed and proper configuration applied. This should
-# not need to be changed for a new site.
-schema: promenade/Genesis/v1
-metadata:
-  schema: metadata/Document/v1
-  name: genesis-site
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: genesis-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  armada:
-    target_manifest: cluster-bootstrap-aiab
-  labels:
-    dynamic:
-      - beta.kubernetes.io/fluentd-ds-ready=true
-      - calico-etcd=enabled
-      - kube-dns=enabled
-      - kube-ingress=enabled
-      - kubernetes-apiserver=enabled
-      - kubernetes-controller-manager=enabled
-      - kubernetes-etcd=enabled
-      - kubernetes-scheduler=enabled
-      - promenade-genesis=enabled
-      - ucp-control-plane=enabled
-      - maas-rack=enabled
-      - maas-region=enabled
-      - openstack-control-plane=enabled
-      - openvswitch=enabled
-      - openstack-l3-agent=enabled
-      - node-exporter=enabled
-      - fluentd=enabled
-      - openstack-control-plane=enabled
-      - openstack-nova-compute=enabled
-      - openstack-libvirt=kernel
-...
diff --git a/site/aiab/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/aiab/secrets/passphrases/apiserver-encryption-key-key1.yaml
deleted file mode 100644
index effb0f28e..000000000
--- a/site/aiab/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: apiserver-encryption-key-key1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# head -c 32 /dev/urandom | base64
-data: /Y8HgBo/rZywuyF3yE3c1mi4bOWanR6FeC+7f6fS8IE=
-...
diff --git a/site/aiab/secrets/passphrases/ceph_fsid.yaml b/site/aiab/secrets/passphrases/ceph_fsid.yaml
deleted file mode 100644
index d3722c607..000000000
--- a/site/aiab/secrets/passphrases/ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: d52a9d00-64b9-45f0-b564-08dffe95f847
-...
diff --git a/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml
deleted file mode 100644
index 9a9af1f2c..000000000
--- a/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_swift_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ipmi_admin_password.yaml b/site/aiab/secrets/passphrases/ipmi_admin_password.yaml
deleted file mode 100644
index 6ab430ed8..000000000
--- a/site/aiab/secrets/passphrases/ipmi_admin_password.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    name: ipmi-admin-password-site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/maas-region-key.yaml b/site/aiab/secrets/passphrases/maas-region-key.yaml
deleted file mode 100644
index b60aba3c9..000000000
--- a/site/aiab/secrets/passphrases/maas-region-key.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-region-key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# openssl rand -hex 10
-data: e12330cfe038735aee32
-...
diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml
deleted file mode 100644
index c5f866c85..000000000
--- a/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
deleted file mode 100644
index bb19957a1..000000000
--- a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
deleted file mode 100644
index 9bf0217bf..000000000
--- a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_barbican_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_password.yaml
deleted file mode 100644
index 51221924c..000000000
--- a/site/aiab/secrets/passphrases/osh_barbican_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 32f8dae0f..000000000
--- a/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml
deleted file mode 100644
index b22f898b6..000000000
--- a/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 040e65769..000000000
--- a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
deleted file mode 100644
index 5d76ba793..000000000
--- a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_cinder_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_password.yaml
deleted file mode 100644
index 26565dbe3..000000000
--- a/site/aiab/secrets/passphrases/osh_cinder_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index b1ac8ffdc..000000000
--- a/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml
deleted file mode 100644
index 073906900..000000000
--- a/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 57db7521f..000000000
--- a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
deleted file mode 100644
index d103c2780..000000000
--- a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_glance_password.yaml b/site/aiab/secrets/passphrases/osh_glance_password.yaml
deleted file mode 100644
index 93ae0f24b..000000000
--- a/site/aiab/secrets/passphrases/osh_glance_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 496fae3f6..000000000
--- a/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml
deleted file mode 100644
index 3352d4ce9..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 074e688f5..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
deleted file mode 100644
index 39f132713..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_password.yaml b/site/aiab/secrets/passphrases/osh_heat_password.yaml
deleted file mode 100644
index 5777ebbf8..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 74e2a9906..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml
deleted file mode 100644
index 36db28bc2..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_stack_user_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml b/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml
deleted file mode 100644
index 58129ef5d..000000000
--- a/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_trustee_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml
deleted file mode 100644
index 7c78d4572..000000000
--- a/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_horizon_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
deleted file mode 100644
index 78c265edc..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_elasticsearch_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml
deleted file mode 100644
index 9232de761..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
deleted file mode 100644
index 6d5f49e5b..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
deleted file mode 100644
index bd4e57399..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_session_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml
deleted file mode 100644
index 52dbe16a0..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_nagios_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
deleted file mode 100644
index 64f78e1a4..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_openstack_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
deleted file mode 100644
index 9c68e9d5c..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
deleted file mode 100644
index f134f46a9..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
deleted file mode 100644
index b3df5f659..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_prometheus_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
deleted file mode 100644
index 9f64719a0..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_access_key
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
deleted file mode 100644
index 3e06f913a..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_secret_key
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
deleted file mode 100644
index 97c7d2312..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_access_key
-...
diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
deleted file mode 100644
index 60f0134e0..000000000
--- a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_secret_key
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml
deleted file mode 100644
index 6c3f44695..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml
deleted file mode 100644
index 2edf0f22c..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml
deleted file mode 100644
index 07b2206ab..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
deleted file mode 100644
index aec85c07c..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
deleted file mode 100644
index be716f432..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index ee7e4bd25..000000000
--- a/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml
deleted file mode 100644
index 4d0b15749..000000000
--- a/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 4ac42c9b0..000000000
--- a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
deleted file mode 100644
index 6be02b9ce..000000000
--- a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_neutron_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_password.yaml
deleted file mode 100644
index dd0b2b68b..000000000
--- a/site/aiab/secrets/passphrases/osh_neutron_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 9e8ff8deb..000000000
--- a/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
deleted file mode 100644
index 37d5c627c..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_metadata_proxy_shared_secret
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml
deleted file mode 100644
index 2cd60f567..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 487bcc57f..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
deleted file mode 100644
index 13569ba02..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_password.yaml b/site/aiab/secrets/passphrases/osh_nova_password.yaml
deleted file mode 100644
index 4c2223d36..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 7a885e683..000000000
--- a/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml
deleted file mode 100644
index 11747a726..000000000
--- a/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_cache_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml
deleted file mode 100644
index 48df9ee54..000000000
--- a/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml
deleted file mode 100644
index 61b4144ad..000000000
--- a/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
deleted file mode 100644
index e7d97e27c..000000000
--- a/site/aiab/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_placement_password.yaml b/site/aiab/secrets/passphrases/osh_placement_password.yaml
deleted file mode 100644
index c72b59ac0..000000000
--- a/site/aiab/secrets/passphrases/osh_placement_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_placement_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index a3b5a2b69..000000000
--- a/site/aiab/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/osh_tempest_password.yaml b/site/aiab/secrets/passphrases/osh_tempest_password.yaml
deleted file mode 100644
index af90ec05b..000000000
--- a/site/aiab/secrets/passphrases/osh_tempest_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_tempest_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml b/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml
deleted file mode 100644
index 138e2e7c5..000000000
--- a/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant_ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1
-...
diff --git a/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
deleted file mode 100644
index 33c4125ef..000000000
--- a/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml
deleted file mode 100644
index 8a1d64884..000000000
--- a/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml
deleted file mode 100644
index 866efcce2..000000000
--- a/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_armada_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml
deleted file mode 100644
index cb2da2244..000000000
--- a/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
deleted file mode 100644
index 95a76ed17..000000000
--- a/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml
deleted file mode 100644
index 5ee27f2a8..000000000
--- a/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml
deleted file mode 100644
index e63319b71..000000000
--- a/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml
deleted file mode 100644
index b8083b519..000000000
--- a/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml
deleted file mode 100644
index 2eff5255c..000000000
--- a/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml
deleted file mode 100644
index 91f74fdc0..000000000
--- a/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
deleted file mode 100644
index a9cb15317..000000000
--- a/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml
deleted file mode 100644
index 402c1299b..000000000
--- a/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml
deleted file mode 100644
index 96ec5745c..000000000
--- a/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
deleted file mode 100644
index b513af431..000000000
--- a/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_openstack_exporter_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml
deleted file mode 100644
index b3c132542..000000000
--- a/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml
deleted file mode 100644
index 95d6c0e3c..000000000
--- a/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml
deleted file mode 100644
index 546de05ba..000000000
--- a/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/aiab/secrets/passphrases/ucp_postgres_exporter_password.yaml
deleted file mode 100644
index abdaa5bc4..000000000
--- a/site/aiab/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/aiab/secrets/passphrases/ucp_postgres_replication_password.yaml
deleted file mode 100644
index 2176e714f..000000000
--- a/site/aiab/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml
deleted file mode 100644
index ac40d1ec5..000000000
--- a/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_promenade_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 6a2aef93e..000000000
--- a/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml
deleted file mode 100644
index 181a52a84..000000000
--- a/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml
deleted file mode 100644
index de0eed714..000000000
--- a/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/aiab/site-definition.yaml b/site/aiab/site-definition.yaml
deleted file mode 100644
index 3e845e404..000000000
--- a/site/aiab/site-definition.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# High-level pegleg site definition file
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: aiab
-  storagePolicy: cleartext
-data:
-  # The type layer this site will delpoy with. Type layer is found in the
-  # type folder.
-  site_type: sloop
-...
diff --git a/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml b/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index 3c2d6e435..000000000
--- a/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-data: {}
-...
diff --git a/site/aiab/software/charts/kubernetes/etcd/etcd.yaml b/site/aiab/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index e7451bae6..000000000
--- a/site/aiab/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-data: {}
-...
diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml
deleted file mode 100644
index bba3996c6..000000000
--- a/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: libvirt
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: libvirt-global
-      component: libvirt
-    actions:
-      - method: merge
-        path: .values
-      - method: delete
-        path: .values.ceph_client
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      ceph:
-        enabled: false
-...
diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644
index f30151c5d..000000000
--- a/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: neutron-type
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-
-data:
-  test:
-    # Neutron test for virtual Airship in a bottle installation
-    # usually take much more time to finish than for baremetal one.
-    timeout: 2700
-
-  values:
-    conf:
-      neutron:
-        DEFAULT:
-          l3_ha: False
-          max_l3_agents_per_router: 1
-          dhcp_agents_per_network: 1
-
-      plugins:
-        ml2_conf:
-          ml2_type_vlan:
-            network_vlan_ranges: null
-        openvswitch_agent:
-          ovs:
-            bridge_mappings: public:br-ex
-        linuxbridge_agent:
-          linux_bridge:
-            bridge_mappings: public:br-ex
diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644
index fa3cfe16e..000000000
--- a/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: nova-type
-    actions:
-      - method: merge
-        path: .values.conf
-      - method: delete
-        path: .values.ceph_client
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      ceph:
-        enabled: false
-      nova:
-        libvirt:
-          virt_type: qemu
-          cpu_mode: host-model
-...
diff --git a/site/aiab/software/charts/osh/openstack-glance/chart-group.yaml b/site/aiab/software/charts/osh/openstack-glance/chart-group.yaml
deleted file mode 100644
index 987bcd54b..000000000
--- a/site/aiab/software/charts/osh/openstack-glance/chart-group.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-glance-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: openstack-glance-chart-group-global
-      component: glance
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  chart_group:
-    - glance-aiab
diff --git a/site/aiab/software/charts/osh/openstack-glance/glance.yaml b/site/aiab/software/charts/osh/openstack-glance/glance.yaml
deleted file mode 100644
index 4777ba4ee..000000000
--- a/site/aiab/software/charts/osh/openstack-glance/glance.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: glance-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: glance-type
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-
-data:
-  values:
-    storage: pvc
-...
diff --git a/site/aiab/software/charts/osh/openstack-heat/chart-group.yaml b/site/aiab/software/charts/osh/openstack-heat/chart-group.yaml
deleted file mode 100644
index 0317b8724..000000000
--- a/site/aiab/software/charts/osh/openstack-heat/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-heat-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: openstack-heat-chart-group-global
-      component: heat
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  sequenced: true
-  chart_group:
-    - heat-aiab
diff --git a/site/aiab/software/charts/osh/openstack-heat/heat.yaml b/site/aiab/software/charts/osh/openstack-heat/heat.yaml
deleted file mode 100644
index bfdf5a257..000000000
--- a/site/aiab/software/charts/osh/openstack-heat/heat.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: heat-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: heat-type
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-
-data:
-  test:
-    # Heat test for virtual Airship in a bottle installation
-    # usually takes much more time to finish than for baremetal one.
-    timeout: 1200
diff --git a/site/aiab/software/charts/ucp/divingbell.yaml b/site/aiab/software/charts/ucp/divingbell.yaml
deleted file mode 100644
index bbf54d69b..000000000
--- a/site/aiab/software/charts/ucp/divingbell.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-divingbell-global
-    actions:
-      - method: merge
-        path: .
-  labels:
-    name: ucp-divingbell-site
-  storagePolicy: cleartext
-data:
-  values:
-    manifests:
-      daemonset_ethtool: false
-      daemonset_mounts: false
-      daemonset_uamlite: false
-      daemonset_sysctl: false
-      daemonset_limits: false
-      daemonset_apt: true
-      daemonset_perm: false
-      daemonset_exec: true
-      daemonset_apparmor: false
-...
diff --git a/site/aiab/software/config/common-software-config.yaml b/site/aiab/software/config/common-software-config.yaml
deleted file mode 100644
index 720424c1c..000000000
--- a/site/aiab/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    region_name: RegionOne
-...
diff --git a/site/aiab/software/full-site.yaml b/site/aiab/software/full-site.yaml
deleted file mode 100644
index 0a6df5e0d..000000000
--- a/site/aiab/software/full-site.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: full-site-aiab
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: full-site-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - osh-infra-nfs-provisioner
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-    - openstack-ingress-controller
-    - openstack-mariadb
-    - openstack-rabbitmq
-    - openstack-memcached
-    - openstack-keystone
-    - openstack-glance-aiab
-    - openstack-compute-kit
-    - openstack-heat-aiab
-    - openstack-horizon
-...
diff --git a/site/airskiff-suse/deployment/deployment-configuration.yaml b/site/airskiff-suse/deployment/deployment-configuration.yaml
deleted file mode 100644
index ab3ede156..000000000
--- a/site/airskiff-suse/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  armada:
-    manifest: full-site
-...
diff --git a/site/airskiff-suse/site-definition.yaml b/site/airskiff-suse/site-definition.yaml
deleted file mode 100644
index 7b0b52239..000000000
--- a/site/airskiff-suse/site-definition.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: airskiff-suse
-  storagePolicy: cleartext
-data:
-  site_type: skiff
-...
diff --git a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/chart-group.yaml b/site/airskiff-suse/software/charts/osh/openstack-compute-kit/chart-group.yaml
deleted file mode 100644
index fdb53a724..000000000
--- a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/chart-group.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-compute-kit
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: openstack-compute-kit-chart-group-global
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  chart_group:
-    - libvirt
-    - openvswitch
-    - neutron-suse
-    - nova-suse
diff --git a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/airskiff-suse/software/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644
index a816d3da4..000000000
--- a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: neutron-type
-      component: neutron
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    # Required for Rocky, the version openSUSE neutron image used here is based on.
-    conf:
-      paste:
-        app:neutronversions:
-          paste.app_factory: neutron.pecan_wsgi.app:versions_factory
-...
diff --git a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/nova.yaml b/site/airskiff-suse/software/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644
index 0724ed516..000000000
--- a/site/airskiff-suse/software/charts/osh/openstack-compute-kit/nova.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: nova-type
-      component: nova
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      software:
-        apache2:
-          binary: apache2ctl
-          start_parameters: -DFOREGROUND -k start
-          site_dir: /etc/apache2/vhosts.d
-          conf_dir: /etc/apache2/conf.d
-          a2enmod:
-            - version
-      security: |
-        <Directory "/var/www">
-          Options Indexes FollowSymLinks
-          AllowOverride All
-          <IfModule !mod_access_compat.c>
-            Require all granted
-          </IfModule>
-          <IfModule mod_access_compat.c>
-            Order allow,deny
-            Allow from all
-          </IfModule>
-        </Directory>
-      nova:
-        libvirt:
-          virt_type: qemu
-          cpu_mode: host-model
-        DEFAULT:
-          mkisofs_cmd: mkisofs
-...
diff --git a/site/airskiff-suse/software/charts/osh/openstack-keystone/chart-group.yaml b/site/airskiff-suse/software/charts/osh/openstack-keystone/chart-group.yaml
deleted file mode 100644
index ec1aeac89..000000000
--- a/site/airskiff-suse/software/charts/osh/openstack-keystone/chart-group.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-keystone
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: openstack-keystone-chart-group-global
-      component: keystone
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  chart_group:
-    - keystone-suse
diff --git a/site/airskiff-suse/software/charts/osh/openstack-keystone/keystone.yaml b/site/airskiff-suse/software/charts/osh/openstack-keystone/keystone.yaml
deleted file mode 100644
index 59972c628..000000000
--- a/site/airskiff-suse/software/charts/osh/openstack-keystone/keystone.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: keystone-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: keystone-global
-      component: keystone
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      security_context:
-        keystone:
-          pod:
-            runAsUser: 0
-          container:
-            keystone_api:
-              readOnlyRootFilesystem: false
-    conf:
-      software:
-        apache2:
-          binary: apache2ctl
-          start_parameters: -DFOREGROUND -k start
-          site_dir: /etc/apache2/vhosts.d
-          conf_dir: /etc/apache2/conf.d
-          a2enmod:
-            - version
-      security: |
-        <Directory "/var/www">
-          Options Indexes FollowSymLinks
-          AllowOverride All
-          <IfModule !mod_access_compat.c>
-            Require all granted
-          </IfModule>
-          <IfModule mod_access_compat.c>
-            Order allow,deny
-            Allow from all
-          </IfModule>
-        </Directory>
-...
diff --git a/site/airskiff-suse/software/charts/ucp/keystone/chart-group.yaml b/site/airskiff-suse/software/charts/ucp/keystone/chart-group.yaml
deleted file mode 100644
index e10a7c697..000000000
--- a/site/airskiff-suse/software/charts/ucp/keystone/chart-group.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone
-  replacement: true
-  labels:
-    name: ucp-keystone-chart-group-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-keystone-chart-group-global
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  chart_group:
-    - ucp-keystone-memcached
-    - ucp-keystone-suse
diff --git a/site/airskiff-suse/software/charts/ucp/keystone/keystone.yaml b/site/airskiff-suse/software/charts/ucp/keystone/keystone.yaml
deleted file mode 100644
index 10bcc229c..000000000
--- a/site/airskiff-suse/software/charts/ucp/keystone/keystone.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-keystone-type
-      component: keystone
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 600
-  test:
-    timeout: 600
-  values:
-    pod:
-      security_context:
-        keystone:
-          pod:
-            runAsUser: 0
-          container:
-            keystone_api:
-              readOnlyRootFilesystem: false
-    conf:
-      software:
-        apache2:
-          binary: apache2ctl
-          start_parameters: -DFOREGROUND -k start
-          site_dir: /etc/apache2/vhosts.d
-          conf_dir: /etc/apache2/conf.d
-          a2enmod:
-            - version
-      security: |
-        <Directory "/var/www">
-          Options Indexes FollowSymLinks
-          AllowOverride All
-          <IfModule !mod_access_compat.c>
-            Require all granted
-          </IfModule>
-          <IfModule mod_access_compat.c>
-            Order allow,deny
-            Allow from all
-          </IfModule>
-        </Directory>
-...
diff --git a/site/airskiff-suse/software/config/common-software-config.yaml b/site/airskiff-suse/software/config/common-software-config.yaml
deleted file mode 100644
index 720424c1c..000000000
--- a/site/airskiff-suse/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    region_name: RegionOne
-...
diff --git a/site/airskiff-suse/software/config/versions.yaml b/site/airskiff-suse/software/config/versions.yaml
deleted file mode 100644
index 416f37c9f..000000000
--- a/site/airskiff-suse/software/config/versions.yaml
+++ /dev/null
@@ -1,159 +0,0 @@
----
-schema: pegleg/SoftwareVersions/v1
-metadata:
-  labels:
-    name: software-versions-airskiff-suse
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: software-versions-global
-    actions:
-      - method: merge
-        path: .
-  name: software-versions
-  replacement: true
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-data:
-  images:
-    osh:
-      glance:
-        glance_db_sync: "docker.io/openstackhelm/glance:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        glance_api: "docker.io/openstackhelm/glance:rocky-opensuse_15-20190819"
-        glance_registry: "docker.io/openstackhelm/glance:rocky-opensuse_15-20190819"
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-opensuse_15"
-      keystone:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        keystone_db_sync: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        keystone_fernet_setup: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_fernet_rotate: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_credential_setup: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_credential_rotate: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_api: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_domain_manage: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-      heat:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_db_sync: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_api: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_cfn: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_cloudwatch: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_engine: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_engine_cleaner: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        heat_purge_deleted: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      ingress:
-        ingress_module_init: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        ingress_routed_vip: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-      libvirt:
-        libvirt: "docker.io/openstackhelm/libvirt:latest-opensuse_15"
-      mariadb:
-        prometheus_mysql_exporter_helm_tests: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      neutron:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_l3: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_metadata: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_server: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        neutron_sriov_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819-sriov-1804"
-        neutron_sriov_agent_init: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819-sriov-1804"
-      nova:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        nova_api: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_cell_setup: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_cell_setup_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        nova_compute: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_compute_ssh: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_conductor: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_consoleauth: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_db_sync: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_novncproxy: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_novncproxy_assets: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_placement: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_scheduler: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_spiceproxy: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_spiceproxy_assets: "docker.io/openstackhelm/nova:rocky-opensuse_15-20190819"
-        nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-opensuse_15"
-      openvswitch:
-        openvswitch_db_server: "docker.io/openstackhelm/openvswitch:latest-opensuse_15"
-        openvswitch_vswitchd: "docker.io/openstackhelm/openvswitch:latest-opensuse_15"
-      rabbitmq:
-        prometheus_rabbitmq_exporter_helm_tests: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        rabbitmq_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-    ucp:
-      armada:
-        api: "quay.io/airshipit/armada:master-opensuse_15"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      barbican:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        scripted_test: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        barbican_db_sync: "docker.io/openstackhelm/barbican:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        barbican_api: "docker.io/openstackhelm/barbican:rocky-opensuse_15-20190819"
-      deckhand:
-        deckhand: "quay.io/airshipit/deckhand:master-opensuse_15"
-        db_sync: "quay.io/airshipit/deckhand:master-opensuse_15"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      ingress:
-        ingress_module_init: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-        ingress_routed_vip: "docker.io/openstackhelm/neutron:rocky-opensuse_15-20190819"
-      keystone:
-        bootstrap: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        db_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        keystone_db_sync: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        db_drop: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        keystone_fernet_setup: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_fernet_rotate: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_credential_setup: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_credential_rotate: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_api: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-        keystone_domain_manage: "docker.io/openstackhelm/keystone:rocky-opensuse_15-20190819"
-      mariadb:
-        prometheus_mysql_exporter_helm_tests: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      rabbitmq:
-        prometheus_rabbitmq_exporter_helm_tests: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        rabbitmq_init: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-      shipyard:
-        shipyard: "quay.io/airshipit/shipyard:master-opensuse_15"
-        shipyard_db_sync: "quay.io/airshipit/shipyard:master-opensuse_15"
-        airflow: "quay.io/airshipit/airflow:master-opensuse_15"
-        airflow_db_sync: "quay.io/airshipit/airflow:master-opensuse_15"
-        ks_user: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_service: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-        ks_endpoints: "docker.io/openstackhelm/heat:rocky-opensuse_15-20190819"
-...
diff --git a/site/airskiff/deployment/deployment-configuration.yaml b/site/airskiff/deployment/deployment-configuration.yaml
deleted file mode 100644
index ab3ede156..000000000
--- a/site/airskiff/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  armada:
-    manifest: full-site
-...
diff --git a/site/airskiff/site-definition.yaml b/site/airskiff/site-definition.yaml
deleted file mode 100644
index 2545796aa..000000000
--- a/site/airskiff/site-definition.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: airskiff
-  storagePolicy: cleartext
-data:
-  site_type: skiff
-...
diff --git a/site/airskiff/software/config/common-software-config.yaml b/site/airskiff/software/config/common-software-config.yaml
deleted file mode 100644
index 720424c1c..000000000
--- a/site/airskiff/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    region_name: RegionOne
-...
diff --git a/site/airskiff/software/config/versions.yaml b/site/airskiff/software/config/versions.yaml
deleted file mode 100644
index 0b5f02801..000000000
--- a/site/airskiff/software/config/versions.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-schema: pegleg/SoftwareVersions/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: software-versions
-  labels:
-    name: software-versions-airskiff
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: software-versions-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  images:
-    ucp:
-      armada:
-        api: "quay.io/airshipit/armada:latest-ubuntu_xenial"
-      deckhand:
-        deckhand: "quay.io/airshipit/deckhand:latest-ubuntu_xenial"
-      shipyard:
-        shipyard: "quay.io/airshipit/shipyard:latest-ubuntu_xenial"
-        shipyard_db_sync: "quay.io/airshipit/shipyard:latest-ubuntu_xenial"
-        airflow: "quay.io/airshipit/airflow:latest-ubuntu_xenial"
-        airflow_db_sync: "quay.io/airshipit/airflow:latest-ubuntu_xenial"
-...
diff --git a/site/airsloop/baremetal/bootactions/promjoin.yaml b/site/airsloop/baremetal/bootactions/promjoin.yaml
deleted file mode 100644
index 1042934a5..000000000
--- a/site/airsloop/baremetal/bootactions/promjoin.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-# This file defines a boot action which is responsible for fetching the node's
-# promjoin script from the promenade API. This is the script responsible for
-# installing kubernetes on the node and joining the kubernetes cluster.
-# #GLOBAL-CANDIDATE#
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: promjoin
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    application: 'drydock'
-data:
-  signaling: false
-  # TODO(alanmeadows) move what is global about this document
-  assets:
-    - path: /opt/promjoin.sh
-      type: file
-      permissions: '555'
-      # The ip= parameter must match the MaaS network name of the network used
-      # to contact kubernetes. With a standard, reference Airship deployment where
-      # L2 networks are shared between all racks, the network name (i.e. calico)
-      # should be correct.
-      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
-      location_pipeline:
-        - template
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/site/airsloop/baremetal/nodes.yaml b/site/airsloop/baremetal/nodes.yaml
deleted file mode 100644
index b360b6a6a..000000000
--- a/site/airsloop/baremetal/nodes.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-# Drydock BaremetalNode resources for a specific rack are stored in this file.
-#
-# NOTE: For new sites, you should complete the networks/physical/networks.yaml
-# file before working on this file.
-#
-# In this file, you should make the number of `drydock/BaremetalNode/v1`
-# resources equal the number of bare metal nodes you have, either by deleting
-# excess BaremetalNode definitions (if there are too many), or by copying and
-# pasting the last BaremetalNode in the file until you have the correct number
-# of baremetal nodes (if there are too few).
-#
-# Then in each file, address all additional NEWSITE-CHANGEME markers to update
-# the data in these files with the right values for your new site.
-#
-# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
-# that the Genesis node does not appear on this bare metal list, because the
-# procedure to reprovision the Genesis host with MaaS has not yet been
-# implemented. Therefore there will be only three bare metal nodes in this file
-# with the 'masters' tag, as the genesis roles are assigned in a difference
-# place (profiles/genesis.yaml).
-# NOTE: The host profiles for the control plane are further divided into two
-# variants: primary and secondary. The only significance this has is that the
-# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
-# standby nodes. For Ceph quorum, this means that the control plane split will
-# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
-# of the 3 primary profiles. Other control plane services are not affected by
-# primary vs secondary designation.
-#
-# TODO: Include the hostname naming convention
-#
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: The next node's hostname
-  name: airsloop-compute-1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The next node's IPv4 addressing
-  addressing:
-    - network: oob
-      address: 10.22.104.22
-    - network: pxe
-      address: 10.22.70.22
-    - network: oam
-      address: 10.22.71.22
-    - network: calico
-      address: 10.22.72.22
-    - network: storage
-      address: 10.22.73.22
-    - network: overlay
-      address: 10.22.74.22
-  # NEWSITE-CHANGEME: The next node's host profile
-  # This is the third "primary" control plane profile after genesis
-  host_profile: compute_r720xd
-  metadata:
-    # NEWSITE-CHANGEME: The next node's rack designation
-    rack: cab22
-    # NEWSITE-CHANGEME: The next node's role desigatnion
-    tags:
-      - 'workers'
-...
diff --git a/site/airsloop/deployment/deployment-configuration.yaml b/site/airsloop/deployment/deployment-configuration.yaml
deleted file mode 100644
index bfc6c0cbb..000000000
--- a/site/airsloop/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# The purpose of this file is to provide shipyard related deployment config
-# parameters. This should not require modification for a new site. However,
-# shipyard deployment strategies can be very useful in getting around certain
-# failures, like misbehaving nodes that hold up the deployment. See more at
-# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  physical_provisioner:
-    deployment_strategy: deployment-strategy
-    deploy_interval: 30
-    deploy_timeout: 3600
-    destroy_interval: 30
-    destroy_timeout: 900
-    join_wait: 0
-    prepare_node_interval: 30
-    prepare_node_timeout: 1800
-    prepare_site_interval: 10
-    prepare_site_timeout: 300
-    verify_interval: 10
-    verify_timeout: 60
-  kubernetes_provisioner:
-    drain_timeout: 3600
-    drain_grace_period: 1800
-    clear_labels_timeout: 1800
-    remove_etcd_timeout: 1800
-    etcd_ready_timeout: 600
-  armada:
-    get_releases_timeout: 300
-    get_status_timeout: 300
-    manifest: 'full-site'
-    post_apply_timeout: 7200
-    validate_design_timeout: 600
-...
diff --git a/site/airsloop/networks/common-addresses.yaml b/site/airsloop/networks/common-addresses.yaml
deleted file mode 100644
index 9667a9b7a..000000000
--- a/site/airsloop/networks/common-addresses.yaml
+++ /dev/null
@@ -1,153 +0,0 @@
----
-# The purpose of this file is to define network related paramters that are
-# referenced elsewhere in the manifests for this site.
-#
-# TODO: Include bare metal host FQDN naming standards
-# TODO: Include ingress FQDN naming standards
-schema: pegleg/CommonAddresses/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-addresses
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  calico:
-    # NEWSITE-CHANGEME: The interface that calico will use. Update if your
-    # logical bond interface name or calico VLAN have changed from the reference
-    # site design.
-    # This should be whichever
-    # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
-    # network. E.g. VLAN 22 for the calico network as a member of bond0, you
-    # would set "interface=bond0.22" as shown here.
-    ip_autodetection_method: interface=enp67s0f0.72
-    etcd:
-      # etcd service IP address
-      service_ip: 10.96.232.136
-
-  dns:
-    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
-    cluster_domain: cluster.local
-    # DNS service ip
-    service_ip: 10.96.0.10
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    upstream_servers:
-      - 8.8.8.8
-      - 8.8.4.4
-    # Repeat the same values as above, but formatted as a common separated
-    # string
-    upstream_servers_joined: 8.8.8.8,8.8.4.4
-    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
-    # Choose FQDN according to the ingress/public FQDN naming conventions at
-    # the top of this document.
-    ingress_domain: atlantafoundry.com
-
-  genesis:
-    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
-    # the Genesis role. Refer to the hostname naming stardards in
-    # networks/physical/networks.yaml
-    # NOTE: Ensure that the genesis node is manually configured with this
-    # hostname before running `genesis.sh` on the node.
-    hostname: airsloop-control-1
-    # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
-    # the calico network defined in networks/physical/networks.yaml for this IP.
-    ip: 10.22.72.21
-
-  bootstrap:
-    # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
-    # defined for the pxe network in networks/physical/networks.yaml
-    ip: 10.22.70.21
-
-  kubernetes:
-    # K8s API service IP
-    api_service_ip: 10.96.0.1
-    # etcd service IP
-    etcd_service_ip: 10.96.0.2
-    # k8s pod CIDR (network which pod traffic will traverse)
-    pod_cidr: 10.97.0.0/16
-    # k8s service CIDR (network which k8s API traffic will traverse)
-    service_cidr: 10.96.0.0/16
-    # misc k8s port settings
-    apiserver_port: 6443
-    haproxy_port: 6553
-    service_node_port_range: 30000-32767
-
-  # etcd port settings
-  etcd:
-    container_port: 2379
-    haproxy_port: 2378
-
-  # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
-  # control plane servers. Ensure that this matches the nodes with the 'masters'
-  # tags applied in baremetal/nodes.yaml
-  masters:
-    - hostname: airsloop-control-2
-    - hostname: airsloop-control-3
-
-  # NEWSITE-CHANGEME: Environment proxy information.
-  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
-  # should be commented out.
-  # However if you are in a lab that requires proxy, ensure that these proxy
-  # settings are correct and reachable in your environment; otherwise update
-  # them with the correct values for your environment.
-  proxy:
-    http: ""
-    https: ""
-    no_proxy: []
-
-  node_ports:
-    drydock_api: 30000
-    maas_api: 30001
-    maas_proxy: 31800  # hardcoded in MAAS
-
-  ntp:
-    # comma separated NTP server list. Verify that these upstream NTP servers are
-    # reachable in your environment; otherwise update them with the correct
-    # values for your environment.
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
-
-  # NOTE: This will be updated soon
-  ldap:
-    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
-    # relevant for your type of deployment (test vs prod values, etc).
-    base_url: 'ldap.example.com'
-    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
-    url: 'ldap://ldap.example.com'
-    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
-    # deployment (test vs prod values, etc)
-    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
-    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
-    # relevant for this deployment (test users vs prod users/values, etc)
-    common_name: test
-    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
-    # deployment (test vs prod values, etc)
-    subdomain: test
-    # NEWSITE-CHANGEME: Update to the correct domain for your type of
-    # deployment (test vs prod values, etc)
-    domain: example
-
-  storage:
-    ceph:
-      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
-      # used for the `storage` network in networks/physical/networks.yaml
-      public_cidr: '10.22.73.0/24'
-      cluster_cidr: '10.22.73.0/24'
-
-  neutron:
-    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
-    # VLAN number are consistent with what's defined for the bond and the overlay
-    # network in networks/physical/networks.yaml
-    tunnel_device: 'enp67s0f0.74'
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'enp67s0f0'
-
-  openvswitch:
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'enp67s0f0'
-...
diff --git a/site/airsloop/networks/physical/networks.yaml b/site/airsloop/networks/physical/networks.yaml
deleted file mode 100644
index e63d92356..000000000
--- a/site/airsloop/networks/physical/networks.yaml
+++ /dev/null
@@ -1,290 +0,0 @@
----
-# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
-# devices) and Networks (i.e. layer 3 configurations). The following is standard
-# for the logical networks in Airship:
-#
-# +----------+-----------------------------------+----------------+--------------+-----------------+
-# | Network  |                                   | Per-rack or    |              |   VLAN tagged   |
-# |   Name   |             Purpose               | per-site CIDR? | Has gateway? |  or untagged?   |
-# +----------+-----------------------------------+----------------+--------------+-----------------+
-# |   oob    | Out of Band devices (iDrac/iLo)   | per-site CIDR  | Has gateway  | Untagged/Native |
-# |   pxe    | PXE boot network                  | per-site CIDR  | No gateway   | Untagged/Native |
-# |   oam    | management network                | per-site CIDR  | Has gateway  |     tagged      |
-# | storage  | storage network                   | per-site CIDR  | No gateway   |     tagged      |
-# |  calico  | underlay calico net; k8s traffic  | per-site CIDR  | No gateway   |     tagged      |
-# | overlay  | overlay network for openstack SDN | per-site CIDR  | No gateway   |     tagged      |
-# +----------+-----------------------------------+----------------+--------------+-----------------+
-#
-# For standard Airship deployments, you should not need to modify the number of
-# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
-# need editing.
-#
-# TODO: Given that we expect all network broadcast domains to span all racks in
-# Airship, we should choose network names that do not include the rack number.
-#
-# TODO: FQDN naming standards for hosts
-#
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # MaaS doesnt own this network like it does the others, so the noconfig label
-  # is specified.
-  labels:
-    noconfig: enabled
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: oob
-  allowed_networks:
-    - oob
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
-  cidr: 10.22.104.0/24
-  routes:
-    # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
-    - subnet: '0.0.0.0/0'
-      gateway: 10.22.104.1
-      metric: 100
-  # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
-  # FIXME: Is this IP range actually used/allocated for anything? The HW already
-  # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
-  # network either, as they should be routable via the default gw on OAM network
-  ranges:
-    - type: static
-      start: 10.22.104.21
-      end: 10.22.104.22
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: pxe
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: pxe
-  allowed_networks:
-    - pxe
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: pxe
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
-  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
-  cidr: 10.22.70.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
-      gateway: 10.22.70.1
-      metric: 100
-  # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
-  # The remainder of the range is divided between two subnets of equal size:
-  # one static, and one DHCP.
-  # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
-  # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
-  # its IP address). However, when MaaS installs the operating system
-  # ("Deploying/Deployed" states), it will write a static IP assignment to
-  # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.22.70.1
-      end: 10.22.70.10
-    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
-    # excluding the 10 reserved IPs.
-    - type: static
-      start: 10.22.70.21
-      end: 10.22.70.31
-    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
-    # excluding the 10 reserved IPs.
-    - type: dhcp
-      start: 10.22.70.40
-      end: 10.22.70.80
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: atlantafoundry.com
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    # TODO: This should be populated via substitution from common-addresses
-    servers: '8.8.8.8,8.8.4.4,208.67.222.222'
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: data
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: 802.1q
-  allowed_networks:
-    - oam
-    - storage
-    - overlay
-    - calico
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oam
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
-  vlan: '71'
-  mtu: 1500
-  # NEWSITE-CHANGEME: Set the CIDR for the OAM network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.22.71.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
-      gateway: 10.22.71.1
-      metric: 100
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.22.71.1
-      end: 10.22.71.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.22.71.21
-      end: 10.22.71.31
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: atlantafoundry.com
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    # TODO: This should be populated via substitution from common-addresses
-    servers: '8.8.8.8,8.8.4.4'
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: calico
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on
-  vlan: '72'
-  mtu: 1500
-  # NEWSITE-CHANGEME: Set the CIDR for the calico network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.22.72.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.22.72.1
-      end: 10.22.72.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.22.72.21
-      end: 10.22.72.31
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: storage
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
-  vlan: '73'
-  mtu: 1500
-  # NEWSITE-CHANGEME: Set the CIDR for the storage network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.22.73.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.22.73.1
-      end: 10.22.73.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.22.73.21
-      end: 10.22.73.31
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: overlay
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on
-  vlan: '74'
-  mtu: 1500
-  # NEWSITE-CHANGEME: Set the CIDR for the overlay network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.22.74.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.22.74.1
-      end: 10.22.74.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.22.74.21
-      end: 10.22.74.31
-...
diff --git a/site/airsloop/pki/pki-catalog.yaml b/site/airsloop/pki/pki-catalog.yaml
deleted file mode 100644
index 08328c9c6..000000000
--- a/site/airsloop/pki/pki-catalog.yaml
+++ /dev/null
@@ -1,285 +0,0 @@
----
-# The purpose of this file is to define the PKI certificates for the environment
-#
-# NOTE: When deploying a new site, this file should not be configured until
-# baremetal/nodes.yaml is complete.
-#
-schema: promenade/PKICatalog/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-certificates
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  certificate_authorities:
-    kubernetes:
-      description: CA for Kubernetes components
-      certificates:
-        - document_name: apiserver
-          description: Service certificate for Kubernetes apiserver
-          common_name: apiserver
-          hosts:
-            - localhost
-            - 127.0.0.1
-            # FIXME: Repetition of api_service_ip in common-addresses; use
-            # substitution
-            - 10.96.0.1
-          kubernetes_service_names:
-            - kubernetes.default.svc.cluster.local
-
-        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
-        # the environment (genesis, control plane, data plane, everything).
-        # Add/delete from this list as necessary until all nodes are listed.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        # NOTE: The genesis node needs to be defined twice (the first two entries
-        # on this list) with all of the same paramters except the document_name.
-        # In the first case the document_name is `kubelet-genesis`, and in the
-        # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
-        - document_name: kubelet-genesis
-          common_name: system:node:airsloop-control-1
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-          groups:
-            - system:nodes
-        - document_name: kubelet-airsloop-control-1
-          common_name: system:node:airsloop-control-1
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-          groups:
-            - system:nodes
-        - document_name: kubelet-airsloop-control-2
-          common_name: system:node:airsloop-control-2
-          hosts:
-            - airsloop-control-2
-            - 10.23.22.12
-          groups:
-            - system:nodes
-        - document_name: kubelet-airsloop-control-3
-          common_name: system:node:airsloop-control-3
-          hosts:
-            - airsloop-control-3
-            - 10.23.22.13
-          groups:
-            - system:nodes
-        - document_name: kubelet-airsloop-compute-1
-          common_name: system:node:airsloop-compute-1
-          hosts:
-            - airsloop-compute-1
-            - 10.22.72.22
-          groups:
-            - system:nodes
-        # End node list
-        - document_name: scheduler
-          description: Service certificate for Kubernetes scheduler
-          common_name: system:kube-scheduler
-        - document_name: controller-manager
-          description: certificate for controller-manager
-          common_name: system:kube-controller-manager
-        - document_name: admin
-          common_name: admin
-          groups:
-            - system:masters
-        - document_name: armada
-          common_name: armada
-          groups:
-            - system:masters
-    kubernetes-etcd:
-      description: Certificates for Kubernetes's etcd servers
-      certificates:
-        - document_name: apiserver-etcd
-          description: etcd client certificate for use by Kubernetes apiserver
-          common_name: apiserver
-        # NOTE(mark-burnett): hosts not required for client certificates
-        - document_name: kubernetes-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   4. 127.0.0.1
-        #   5. localhost
-        #   6. kubernetes-etcd.kube-system.svc.cluster.local
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml, except for the kubernetes
-        # service_cidr where it should start with the second IP in the range.
-        # NOTE: The genesis node is defined twice with the same `hosts` data:
-        # Once with its hostname in the common/document name, and once with
-        # `genesis` defined instead of the host. For now, this duplicated
-        # genesis definition is required. FIXME: Remove duplicate definition
-        # after Promenade addresses this issue.
-        - document_name: kubernetes-etcd-genesis
-          common_name: kubernetes-etcd-genesis
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-1
-          common_name: kubernetes-etcd-airsloop-control-1
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-2
-          common_name: kubernetes-etcd-airsloop-control-2
-          hosts:
-            - airsloop-control-2
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-3
-          common_name: kubernetes-etcd-airsloop-control-3
-          hosts:
-            - airsloop-control-3
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    kubernetes-etcd-peer:
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: kubernetes-etcd-genesis-peer
-          common_name: kubernetes-etcd-genesis-peer
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-1-peer
-          common_name: kubernetes-etcd-airsloop-control-1-peer
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-2-peer
-          common_name: kubernetes-etcd-airsloop-control-2-peer
-          hosts:
-            - airsloop-control-2
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-airsloop-control-3-peer
-          common_name: kubernetes-etcd-airsloop-control-3-peer
-          hosts:
-            - airsloop-control-3
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    calico-etcd:
-      description: Certificates for Calico etcd client traffic
-      certificates:
-        - document_name: calico-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   4. 127.0.0.1
-        #   5. localhost
-        #   6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        - document_name: calico-etcd-airsloop-control-1
-          common_name: calico-etcd-airsloop-control-1
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-airsloop-control-2
-          common_name: calico-etcd-airsloop-control-2
-          hosts:
-            - airsloop-control-2
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-airsloop-control-3
-          common_name: calico-etcd-airsloop-control-3
-          hosts:
-            - airsloop-control-3
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node
-          common_name: calcico-node
-        # End node list
-    calico-etcd-peer:
-      description: Certificates for Calico etcd clients
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: calico-etcd-airsloop-control-1-peer
-          common_name: calico-etcd-airsloop-control-1-peer
-          hosts:
-            - airsloop-control-1
-            - 10.22.72.21
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-airsloop-control-2-peer
-          common_name: calico-etcd-airsloop-control-2-peer
-          hosts:
-            - airsloop-control-2
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-airsloop-control-3-peer
-          common_name: calico-etcd-airsloop-control-3-peer
-          hosts:
-            - airsloop-control-3
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node-peer
-          common_name: calcico-node-peer
-        # End node list
-  keypairs:
-    - name: service-account
-      description: Service account signing key for use by Kubernetes controller-manager.
-...
diff --git a/site/airsloop/profiles/genesis.yaml b/site/airsloop/profiles/genesis.yaml
deleted file mode 100644
index 5947feb92..000000000
--- a/site/airsloop/profiles/genesis.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-# The purpose of this file is to apply proper labels to Genesis node so the
-# proper services are installed and proper configuration applied. This should
-# not need to be changed for a new site.
-# #GLOBAL-CANDIDATE#
-schema: promenade/Genesis/v1
-metadata:
-  schema: metadata/Document/v1
-  name: genesis-site
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: genesis-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  labels:
-    dynamic:
-      - beta.kubernetes.io/fluentd-ds-ready=true
-      - calico-etcd=enabled
-      - ceph-mds=enabled
-      - ceph-mon=enabled
-      - ceph-osd=enabled
-      - ceph-rgw=enabled
-      - ceph-mgr=enabled
-      - ceph-bootstrap=enabled
-      - tenant-ceph-control-plane=enabled
-      - tenant-ceph-mon=enabled
-      - tenant-ceph-rgw=enabled
-      - tenant-ceph-mgr=enabled
-      - kube-dns=enabled
-      - kube-ingress=enabled
-      - kubernetes-apiserver=enabled
-      - kubernetes-controller-manager=enabled
-      - kubernetes-etcd=enabled
-      - kubernetes-scheduler=enabled
-      - promenade-genesis=enabled
-      - ucp-control-plane=enabled
-      - maas-rack=enabled
-      - maas-region=enabled
-      - ceph-osd-bootstrap=enabled
-      - openstack-control-plane=enabled
-      - openvswitch=enabled
-      - openstack-l3-agent=enabled
-      - node-exporter=enabled
-      - fluentd=enabled
-...
diff --git a/site/airsloop/profiles/hardware/dell_r720xd.yaml b/site/airsloop/profiles/hardware/dell_r720xd.yaml
deleted file mode 100644
index 6455d99eb..000000000
--- a/site/airsloop/profiles/hardware/dell_r720xd.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-schema: 'drydock/HardwareProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: dell_r720xd
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # Vendor of the server chassis
-  vendor: DELL
-  # Generation of the chassis model
-  generation: '8'
-  # Version of the chassis model within its generation - not version of the hardware definition
-  hw_version: '3'
-  # The certified version of the chassis BIOS
-  bios_version: '2.2.3'
-  # Mode of the default boot of hardware - bios, uefi
-  boot_mode: bios
-  # Protocol of boot of the hardware - pxe, usb, hdd
-  bootstrap_protocol: pxe
-  # Which interface to use for network booting within the OOB manager, not OS device
-  pxe_interface: 0
-  # Map hardware addresses to aliases/roles to allow a mix of hardware configs
-  # in a site to result in a consistent configuration
-  device_aliases:
-
-    ## network
-    # eno1
-    pxe_nic01:
-      address: '0000:01:00.0'
-      # type could identify expected hardware - used for hardware manifest validation
-      dev_type: 'I350 Gigabit Network Connection'
-      bus_type: 'pci'
-    # enp67s0f0
-    data_nic01:
-      address: '0000:43:00.0'
-      dev_type: 'Ethernet 10G 2P X520 Adapter'
-      bus_type: 'pci'
-    # enp67s0f1
-
-    ## storage
-    # /dev/sda
-    bootdisk:
-      address: '0:2.0.0'
-      dev_type: 'PERC H710P'
-      bus_type: 'scsi'
-...
diff --git a/site/airsloop/profiles/host/compute.yaml b/site/airsloop/profiles/host/compute.yaml
deleted file mode 100644
index 2496d06d9..000000000
--- a/site/airsloop/profiles/host/compute.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
----
-# The data plane host profile for Airship for DELL R720s, and should
-# not need to be altered if you are using matching HW. The host profile is setup
-# for cpu isolation (for nova pinning), hugepages, and sr-iov.
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: compute_r720xd
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: dp-global
-    actions:
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .storage
-      - method: merge
-        path: .
-data:
-  hardware_profile: dell_r720xd
-
-  primary_network: oam
-  interfaces:
-    pxe:
-      device_link: pxe
-      slaves:
-        - pxe_nic01
-      networks:
-        - pxe
-    data:
-      device_link: data
-      slaves:
-        - data_nic01
-      networks:
-        - oam
-        - storage
-        - overlay
-        - calico
-
-  storage:
-    physical_devices:
-      bootdisk:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var_log'
-            size: '100g'
-            filesystem:
-              mountpoint: '/var/log'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-...
diff --git a/site/airsloop/profiles/region.yaml b/site/airsloop/profiles/region.yaml
deleted file mode 100644
index cff4734c4..000000000
--- a/site/airsloop/profiles/region.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# The purpose of this file is to define the drydock Region, which in turn drives
-# the MaaS region.
-schema: 'drydock/Region/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: Replace with the site name
-  name: airsloop
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
-    # list of authorized keys which MaaS will register for the build-in "ubuntu"
-    # account during the PXE process. Create a substitution rule for each SSH
-    # key that should have access to the "ubuntu" account (useful for trouble-
-    # shooting problems before UAM or UAM-lite is operational). SSH keys are
-    # stored as secrets in site/airsloop/secrets.
-    - dest:
-        # Add/replace the first item in the list
-        path: .authorized_keys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        # This should match the "name" metadata of the SSH key which will be
-        # substituted, located in site/airsloop/secrets folder.
-        name: airsloop_ssh_public_key
-        path: .
-    - dest:
-        path: .repositories.main_archive
-      src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.repositories.main_archive
-    # Second key example
-    #- dest:
-    #    # Increment the list index
-    #    path: .authorized_keys[1]
-    #  src:
-    #    schema: deckhand/PublicKey/v1
-    #    # your ssh key
-    #    name: MY_USER_ssh_public_key
-    #    path: .
-data:
-  tag_definitions: []
-  # This is the list of SSH keys which MaaS will register for the built-in
-  # "ubuntu" account during the PXE process. This list is populated by
-  # substitution, so the same SSH keys do not need to be repeated in multiple
-  # manifests.
-  authorized_keys: []
-  repositories:
-    remove_unlisted: true
-...
diff --git a/site/airsloop/secrets/certificates/certificates.yaml b/site/airsloop/secrets/certificates/certificates.yaml
deleted file mode 100644
index aea41a96e..000000000
--- a/site/airsloop/secrets/certificates/certificates.yaml
+++ /dev/null
@@ -1,2387 +0,0 @@
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSDCCAjCgAwIBAgIUaAjhb47nDilYQacmkdtprW42gHowDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yNDA3MDkyMjQ4MDBaMCoxEzARBgNVBAoTCkt1YmVy
-  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDVi4YbTvjC+txSiclIJpJGE7YQe9t2nOfEyBykIwbi70GgcVyR
-  vNVN4bXQglG5EOVOv/A6DPQ3VIB4OsidPigwR7p8CCNl9yzVDSnhFtdcDv/Xw0z2
-  aBjvOMS1cBj9QzJIE04vct1sH1BQQ2l3PyOXtOalj1URFm+RLm2Lj+JiCnaxIV3g
-  Rp+CtiyYWwwfW+3GbDJGuXjIlch6zHa3BynoqvZBbWvMQ1hUn/iBKUtxtfHNDtoz
-  Xn5S6Cxzz2l7XaHtotKtlHwkH+U701nvj8vLev0EgDcESbl6yGqgHJIL6UieQlXL
-  4uKm8r9ThIhUuGBnDieydZNuVNpIPRVFeb0jAgMBAAGjZjBkMA4GA1UdDwEB/wQE
-  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS7TMynvzvifS00ysY9
-  TGwjdejl3DAfBgNVHSMEGDAWgBS7TMynvzvifS00ysY9TGwjdejl3DANBgkqhkiG
-  9w0BAQsFAAOCAQEAglQGmrNz+BDq2CKq68JSGXhi5PCZ1NwmJmQekI+8jdV8Hd7g
-  urnoZGoMk1i7ZiL8YiOkiZNNWolKSF5whH/COBVBtTkYaPhCKfMDOi2sIVftv0q8
-  jkCIajudTCdf2ZcxB6/T+5wVUipjHtYzylTEaBhg171jc9P9vinSK6WSI6Q8wPCA
-  oPNHlBNg/YAErDuKsfeoBudpRakbHuucDEL9BLwOAoC1bBBQgOP6/j1A+5hVZ9bl
-  d1YXxkDR6odHEndfMTYHAtdiuYY6D2F3c6tESgnuksuAIuHRLnptIKrbC4HzBZG7
-  A8glSdSPBaCjMV8jnl2ge0XnIWbKYWXrWBaLIQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUjCCAjqgAwIBAgIUPlhj9lCVl02UF6dGo5UirI0IKmowDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTI0MDcwOTIyNDgwMFowLzETMBEGA1UEChMK
-  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpWu1EPEVBBQNzTqjtHIIUOVFJj7AnTkgQ5W
-  BwR63agAgWyQyBr7vGgSLdTjaUH9GeTbHoJEH4ay9asyynCy13DZz6z2F6g/21rb
-  pJ9b4nD4A+y0lS0iKE2TjcqSwP72inHYfkEtmjXtQWFQVjw4uBo/yt92fvOqsDzK
-  VpV0kkai51WlmsnvPct5ppX+G5rbctw6oXFqmWZ6z2mnBfD+awBntFAEMUhSLTpF
-  Ioo3w/RGq+HQPmvweIb8F3jsaOSJSQiay/WrpOhLx5jtPaSCl59YljfB4zM3lFa4
-  8W7Y7WO0uz5szGljAYodbU+I5a3MbyghGl8RlZYdgkLZkSBd0wIDAQABo2YwZDAO
-  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUzIwe
-  BXMpP5gvhv4pNiMnVest6fMwHwYDVR0jBBgwFoAUzIweBXMpP5gvhv4pNiMnVest
-  6fMwDQYJKoZIhvcNAQELBQADggEBAI/A7VJ0qOsEl3XGiZptbnrDs0kNdOGNBS6V
-  uYThyrjE7Hy9AUAc5C3Ymw23R7EoZgD01vDnkziYEQtbJ4Fszf7s0j6l/uF5H9fP
-  8sg3RUxUSSx10VIanzzGZ6oIldBA6adJaqHY61g5kZ/Gqq/ON60VHRzfNXf4yOnh
-  bHe9u48aicTn8rBMntTnr3ZtNdMbfnmKqkXTdKMko2lnXRU9n1RMxZdpPCGoBvmJ
-  2Iac2SSiASljiGYVc9se6/kIA5UVfcd52MNB/ZV7oDjm3n4JULJ+3OCWNV9rGBBK
-  +GtCuuC8j/D1ZMn1Tl3tksWbgUSNaCq1A5GPkR02dfuaFHRo7b4=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDWzCCAkOgAwIBAgITFWt2WK+qTdUnA6zxhcAqu0BWRDANBgkqhkiG9w0BAQsF
-  ADA0MRMwEQYDVQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0
-  Y2QtcGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yNDA3MDkyMjQ4MDBaMDQxEzARBgNV
-  BAoTCkt1YmVybmV0ZXMxHTAbBgNVBAMTFGt1YmVybmV0ZXMtZXRjZC1wZWVyMIIB
-  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQFUk7YvSZnWHzkZLrvYyvQ6
-  sHZhhjdkbVv95p1+sryeycuo5ouRfC4kyHppx6mDr4oGCtb9Hm9EojWKJ36nY+bf
-  AL5TqtraBtcRCifNYYTOlA4nEvgUI925D4I3GgCtz72aKsihdSQRNs0c5kBE3RVq
-  iqKtG5mmrVC/wxnQBrezq0RdBSHFv7kJdN8dJKA6L8rEUhQ2fdPl8IPkjrbOgqIz
-  Y9syFkWnoyCxmsRpzcF78JQpjj1OlKZnWYVmQtbaPJQdZ2nbVNJ3X0/zllipNCXi
-  uazQX0LxkvWQTwaXqCEKVHVm8zPdw84T+wstEWoQ/djrAbxJi6zzgbk+U8UHBQID
-  AQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNV
-  HQ4EFgQU4n+ZcOGQc+YVOuado6wyr0ZZB6gwHwYDVR0jBBgwFoAU4n+ZcOGQc+YV
-  Ouado6wyr0ZZB6gwDQYJKoZIhvcNAQELBQADggEBAE0DWHHNg7Lz/QGvM7ZbYCJp
-  EKd52hMofzK5RSX0ooBEDgSMebOvNMBBHv/E2K7uRRxpbn3AoclYhT6Drh0Y/1EH
-  B4ZSmKRGJGIV2AjxI8JoBTMT/0W7CdxkME3WoBbm9x7obatR+ke/Ki11kqf7WXG7
-  19xZtU7ZU2c2FqJoIz2VgFFuwQS/11Dzu6aB5disWVD9c19gFpkdORj/htxa2ZZ1
-  SpemKQI7Hh8HAgxytsJLZsaUi4LDWWjyeW5KoO+rYOM2verlECdDS8zziPVxpfcY
-  ytG3EPvHPTEeGIoQ0jMBN8wI/LHt0dmx5KpOoglc6MOdHH5GMM5HnIMs4o4J4rA=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSjCCAjKgAwIBAgIUL4l27rUvW8DAYcz1UPqOAdYAWuIwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjQwNzA5MjI0ODAwWjArMRMwEQYDVQQKEwpLdWJl
-  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAMgsRIsj1UXFXMGJP0sa7MKj42XIbcnas50G1lfei1HlM88p
-  y9i0RSsC5hWxbHA3aYGjczrW7/nkWC5WE2U/N1Fd9c8P4VCeoRQDmFUZBranoq0M
-  0MNL67tCkp2iCiOE/ubSt6Jy2XWi/oP4jLnQ4JxVEJthNJUUB2pyWwOxvVzgVsSN
-  71wPTD7t2Qs8zCsHAfECWIzSLqC/+WcvredkQjc8tf6reB4t/ATyCrhRVK84YsCd
-  1S6Kc4nJrCeLWGpgdwq3OsCGyRmtX2hzfBMrCHGOKB9xJsnjUSoXyrO8sTQD37PS
-  FCTAhBflWmdPtfo37MSIe1jnSMOnaQd0LiHP6lUCAwEAAaNmMGQwDgYDVR0PAQH/
-  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFEByD+dCbjjTcEoV
-  uL68BGmFCpiOMB8GA1UdIwQYMBaAFEByD+dCbjjTcEoVuL68BGmFCpiOMA0GCSqG
-  SIb3DQEBCwUAA4IBAQB3O34m7Q9WA4M1RGE0eXgHhhnIyxu2lPX2Pzf/jceVKkj/
-  xMbcqtLh89CGMhOSO/9t5RXrxrBBiyjwM6UGDdzIhPtQ1c5AVIhx6zBFR2aWIg0l
-  cns87Bgf+CnGPNRayFTWpJ8AbVd9Fk1pUnyMdfxs0UWrCQMKGE6/bduxDIze9Y/5
-  UKucdiMgHUf0nvMRyTIPW5rSQzqA0I0xf5W1F8kSAVg4N6/cCjJ7oIWOQWaaZsTU
-  P91BDZIvelYzFA0bk8eXyE6NvRscrAbio50b7I/ThjoUXRUcsk0mVEuqAEKjFDOd
-  6oaKa/pT1xpBD0DZefH3DAhKttCyptYyjbCa4Wxf
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVDCCAjygAwIBAgIUHaOPEB7kx/1lShvSsFcx5N+K4n8wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yNDA3MDkyMjQ4MDBaMDAxEzARBgNVBAoT
-  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
-  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBAY04VMcG8M54gz0kWVmRYCG0+IcoMt4
-  qL36h4iU24xWSiZAfj62ExKMWgabal14SXHOiJx5+I9aaH9ZAi3N2/iWDFPNC8do
-  tYvAidA6aLGAruBHzwdoYRrPN0jPcdgJQtYLLn+ptvyNuBU9gwNkddVNYYcKlwVp
-  dsyxUEvSCdXQoQ83gY841uV3fwgs2lUQuk/ffb7cra3X9SNqE5dKb17JuxK4HpJZ
-  6JKAYW3FVgF7PYyfejmCJVI9eEyJmI82Z48DSf08GpKa4ZJPar8xfof3Q3mchjE1
-  ii1YWtDROggVFBjaUMxaMR1oHitBE+Hq2rNLK2EWcboKIpQawA03AgMBAAGjZjBk
-  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQg
-  VrjDhzywnyP5l+KuXeAac5DycDAfBgNVHSMEGDAWgBQgVrjDhzywnyP5l+KuXeAa
-  c5DycDANBgkqhkiG9w0BAQsFAAOCAQEAeKutGx0WbYLIhr7DM0/83LSYv2mJ4Csv
-  hBd+dRYYl8ohBXGO2zWQ4Ywep+Zgo+T87NYWasZM+nsK4oFAjHgY3U9YU3fpNEc/
-  bLRrtwcMGYXOQLz0ARrqAoG7/3wcOeF3X7RNpCWHmupv6Mg07xUvEFTb24eYxIYs
-  pzY7MPkudhp3VLzkOOdEH1rdYgkdgviysYhu8owvrgI3sXl2PdoKzJVUjDixHiwP
-  h4yxijsz1ymd3a5ycJLdE21DTSdCba8YZY7SmhtkNrg6aBHUn6hjLMUvFZjO39nZ
-  JJZ1RgRS0AvXihIRHy89AqjUTG+HjM+94XJXJTGAJKwWO8vr60u3Nw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA1YuGG074wvrcUonJSCaSRhO2EHvbdpznxMgcpCMG4u9BoHFc
-  kbzVTeG10IJRuRDlTr/wOgz0N1SAeDrInT4oMEe6fAgjZfcs1Q0p4RbXXA7/18NM
-  9mgY7zjEtXAY/UMySBNOL3LdbB9QUENpdz8jl7TmpY9VERZvkS5ti4/iYgp2sSFd
-  4EafgrYsmFsMH1vtxmwyRrl4yJXIesx2twcp6Kr2QW1rzENYVJ/4gSlLcbXxzQ7a
-  M15+Uugsc89pe12h7aLSrZR8JB/lO9NZ74/Ly3r9BIA3BEm5eshqoBySC+lInkJV
-  y+LipvK/U4SIVLhgZw4nsnWTblTaSD0VRXm9IwIDAQABAoIBAQDApvhc6LkqhtGA
-  MUiDLDEowZ2ub19GOjYqZPLZ7bPHxlwpmDwQSxERC0FRFFEQKjsF+cmLRaaJyFWC
-  ol3c5nexXvTR8zGkSwOKTi7rIAU4y1trV4m2f6GHKGrm2XPiAN57Ade2nOVAJ1v4
-  nWinqTG+KvkuggoXuWr7yqwPjcaJ9QnjQ8CesDSD4LEqkhMutjYluEsQrv0Sm7uN
-  73arydz41kAtO9YA+t8KqSVevrotAbQL6YUM1YF200Tn15iBpBGv9ey3iA5/53x1
-  cnDpem3UAWPoZpA5ZWMTAy3lEJX38JOSuWfFRThSvSWihWnjFk5QGM/mBxMjRn6K
-  wXB5NLQhAoGBAPnaeq3kEUb30pAoA3/CZivYryyklchzs+4U1ICZabDpOD7LS6mF
-  zuqO3dchlkJU+S3R+FnXASj6ZkDaaHMC8EilIGiBtsU/jx04qQVnxmQ+VDyv+o1j
-  kF4JDTzNN244/rqxS2KSZbIIeOUtcGYVUPl1kaCuZPcduhKk5lSqs7UzAoGBANrM
-  YeMj1ecqhiJ3ipomcQ/9uNyrS/YfBkrGj+9huZz1TWpPkPKHBGLfP0HlH2HkTrbs
-  fD5SLa/WWsV2N0tdLVpOEPZNvTkwobfLDke262jUw/Z1QOGBEyfJtAFBipGfCvGI
-  F9mlPINSqup6V0Lp9oN6tebYCzgicRfdL2pAnPhRAoGBAJ0DiK74sUbY/JEtJC3I
-  m+6YCFXUxHApDfzjSDvcrQfJOFh154GMHmFXEOBeMhBTWBhMaHcE36zB1zqQRq1o
-  PlpYswoZ4iMI80YY0lccRRe/963/pUPvOs1tgM0h5eC1npbyTf6PI6uDGX5kVMtC
-  QBXUpYTFs5t8KfAHgtvYPoDzAoGAFaumilOzTOkGTgWfAbOLATV1CM4igOcDvYY7
-  HU+Fjckx+LSWu56pzY0k+8bQu+Zb8XwsthN3mPHXHbWetmUtJ8ORpIOAmVh6u/Rt
-  nqa8XC6ulgt4+JzLI+azYGh4bAHfmJqNGi5mdu9KJF0npWX813rg51NAkTfAEcgD
-  eTebFHECgYEAreFd9K+o9egoORElk7jvye617CmXktqdo1NoTv/0cS/W8xDhvEyY
-  1FjqajA+YxZby0xdg2UvvITZ7zcgvDOyHjHSo40dPV5ku5L4ubT3fI+w96BXuyA2
-  JBS6kY8Cf36NghG2qQKb1ZuiBQXtATo1B3WGxRDtpyYfzyFoddtmeuA=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtpWu1EPEVBBQNzTqjtHIIUOVFJj7AnTkgQ5WBwR63agAgWyQ
-  yBr7vGgSLdTjaUH9GeTbHoJEH4ay9asyynCy13DZz6z2F6g/21rbpJ9b4nD4A+y0
-  lS0iKE2TjcqSwP72inHYfkEtmjXtQWFQVjw4uBo/yt92fvOqsDzKVpV0kkai51Wl
-  msnvPct5ppX+G5rbctw6oXFqmWZ6z2mnBfD+awBntFAEMUhSLTpFIoo3w/RGq+HQ
-  PmvweIb8F3jsaOSJSQiay/WrpOhLx5jtPaSCl59YljfB4zM3lFa48W7Y7WO0uz5s
-  zGljAYodbU+I5a3MbyghGl8RlZYdgkLZkSBd0wIDAQABAoIBAQCsrBRiBBC5G5Bx
-  FWc6WCT3aG2lxCOmqBut/XvYOSFlXMvVmnG1/ObTwGxo0aub0N9nTKr5SGLamc3H
-  TffDwh8wZjZnFADMUL7LWTrdjiQcm4/CTmpdpghmqy7/anOtd7J7Lb17cXKKI7PU
-  IA8U7vEJEzH/T6RF3XUwJN2KUt+isPfMtK9K0uzb6rfmEIoLovZ0xFCDSCBvOYoQ
-  C98PqzSZWTXbgMvpoW0Q7jLc6QXyCdaah0MJ9oH+5FxXGCk/Rv97f/wuLhU3KCNX
-  R+LX/bevYwMdId3FikkoLdWgmKM08WNzf5UNPllfINU1XdMaNQttVYlNGtQj3WnY
-  FFXmlqxBAoGBANXHKCd5Kj0bcoU/GJIp7PzlLfxoGmQIk7KPa+MI9p7vMmMCWxTV
-  AwhoAIsEEptniLobqrqj30HJFgXBfC5aRN9cotzk/uvUfreIAn0dZ7waWlobTW6Q
-  44FePsKEZTEjUwM91oliVK9ALtXQ+9JD6pB//HDPT2mB2dHhMXwthsthAoGBANql
-  XIjAsa9nlFJ4uoGTC/016w3jIH8ymJAHOy0nrnNOsWbgbgAXTr1mfjKywAv4GeEp
-  TDrXvmaJlIuCN85g94ooiejAKEm8ihmdOT0JgVzMp0zmYHkErw5GORTJdYsI9PKU
-  8N0SHQjrL0GWcOWoHmcKwPr/Z0yVzf3MI6Rc0cmzAoGBAIvFX+KXHN/BL1ohS85c
-  7R7YNP3fjsmytea8UPyq4pw9pkMHykdPkmEPprM9oXDL+6A68KCA/jqD4As5Wxjv
-  WjJz3ePxMR892u/iVEY7UJSy4johubm9r5Ho7b2+VG8ROnhXGQrQKLBAlZ6kudDb
-  KOT7WTDkynYgOSs5QmJ/Xa9hAoGAWcw4aOHbGBMOU6DJ2JWwAtq2Iwn5OsRo7B5M
-  K4t0ll7ndT0PcHIiIJ+LjP7k6QWIe3Uenbwlsq8mlvVwPg6NG+zyVuk0orQQc9yi
-  uXLB8n8K5wZm8Mz/qHkm0Ga9I9EV6NtK4UCjNBqDWgiTbX7SnbdI8s0ae9W6uFWy
-  /boxXwkCgYA+PlzC9eZJQL/jbtSpyHjZzkO7na+NRPCJ5GBFOOD1N/h15PBvDCi8
-  z+CTAq01K+DeJ3/+iZSr55V3M8ZZUZ9i05m52vQRwkWh+fJ5tlRZWpWYPtaLs6ux
-  xfNsIxEEpRSgnYgaskIcTwksA/Y5/d6hb/sk6cbPvcsEPrLHH3iuAQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAoQFUk7YvSZnWHzkZLrvYyvQ6sHZhhjdkbVv95p1+sryeycuo
-  5ouRfC4kyHppx6mDr4oGCtb9Hm9EojWKJ36nY+bfAL5TqtraBtcRCifNYYTOlA4n
-  EvgUI925D4I3GgCtz72aKsihdSQRNs0c5kBE3RVqiqKtG5mmrVC/wxnQBrezq0Rd
-  BSHFv7kJdN8dJKA6L8rEUhQ2fdPl8IPkjrbOgqIzY9syFkWnoyCxmsRpzcF78JQp
-  jj1OlKZnWYVmQtbaPJQdZ2nbVNJ3X0/zllipNCXiuazQX0LxkvWQTwaXqCEKVHVm
-  8zPdw84T+wstEWoQ/djrAbxJi6zzgbk+U8UHBQIDAQABAoIBAEo+f87hqyqoetnJ
-  DbjEPLNSLiIjZNNsha38Rrfqlns7iYmKladCYuM9sA6WjGLa43O2FRU4kF5RdvfJ
-  8pxFxlDGLL1+Brz50KJo2F2zfvziLhSN9izEIx1q6CSjql8eQwhR6V6jR/jpmdqI
-  eTQgHOFKN+gYHfVlRDwVyWfhZlFB96U9n4V68uv3koo0gvgQ15VCmho8qGIVLTQW
-  D+zGirsST3wwGSm6mi/8rYuPxJ8jZ6U8oQLMyCIqKw9N7yLchqsvJKcP+AUBlRs/
-  5PMUoiRy0lOH+GQsQ1QArYN2sPzrl3B4lkFoBNKfxSc5+vHkb19GK/r6tgpNg5nd
-  wiX0cP0CgYEAyjHvOlynJ6y6HO0UrJviw9CY0/rs4Y2hRiijXrYQm2SHe+TaDMeJ
-  LHPrwwlFTVfNoJsczJKPEYs/hamDvqK8B612ppqhVS2vxaWjS6OiqKHxjksk1P1W
-  u+NOrxOaL5fa8fOQK0heR3qxpIMuY+nsHDwwOGlrm+ju82g8aPkGuHMCgYEAy9lu
-  2L+VbLB7sCBIttrb4EHzrKaNv6HAj4XYCO1FoHSGQk4WoAKtgVrOyxtkZG46EvuA
-  rdwlJTvef2mJbn2fWqwjWk1Othtl738qbBnmqElP9sHZRzRgnxideQNYGzf0iLgu
-  AC0QaEHwjKaNlu5i4Xh7gvQD/aKTmIFdFZEJfKcCgYB+V5trdW/Be83Du2TawoF8
-  6ABHHRkdi3lFtKj4yn0wDC4YfZS+vYP6cejUsxtJy96iR6pELiQVy1QC+jxnR5qE
-  laB5VFARQH3/25Ng9TvzcVXWGyBFspOazdthzLbgnFvkKdRhJ1Q6B/GuoYXASvAN
-  aJKc/UqPXorJL83nrgvD/wKBgF57oU0FP5TpF+tCi3F1b4Q6DV9wszKnHkFnoAJD
-  N4pvd+szlnkDxLe4BzFMuPNzw6cYu0PaTb08Spxzpid4QmwcbSZlvp3ZhR3Eqzz/
-  pFFL6axNnQ/Lzxzuo857JlM3VDgqZefe+0PXjE8kw2u5gktPNLA1ucPNnuuIykQ8
-  vVDxAoGBAI2wpjbqfucci/3c+HQpNJ1Ft4Nr/nZfqq8Vuj3wiZP8X5W6I62+KojL
-  BtxY+AoLgU0CUNTNd7i8LGnnBUKuB5pCuDHQ/XHVtmzsxNmQe+Uvol9MR4IMLNJf
-  Yvnwpef6oZznUe3PGd68ni0vmh7jTYeZjqJ1kV6U0pUkvH+FGquq
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAyCxEiyPVRcVcwYk/SxrswqPjZchtydqznQbWV96LUeUzzynL
-  2LRFKwLmFbFscDdpgaNzOtbv+eRYLlYTZT83UV31zw/hUJ6hFAOYVRkGtqeirQzQ
-  w0vru0KSnaIKI4T+5tK3onLZdaL+g/iMudDgnFUQm2E0lRQHanJbA7G9XOBWxI3v
-  XA9MPu3ZCzzMKwcB8QJYjNIuoL/5Zy+t52RCNzy1/qt4Hi38BPIKuFFUrzhiwJ3V
-  LopzicmsJ4tYamB3Crc6wIbJGa1faHN8EysIcY4oH3EmyeNRKhfKs7yxNAPfs9IU
-  JMCEF+VaZ0+1+jfsxIh7WOdIw6dpB3QuIc/qVQIDAQABAoIBAQCAoxIZaJmyELcf
-  GJg4J8FnA/MqgbcsNQOgMbilFzrpEiZNR0rcpFye22oJHs/U/Ycr7GIsudvV90xD
-  2sT0F7/w5jUFL+tX59kUB4tphH+v+eKs2sN9/dgrqwiVjIB/ewRkSZ4BI1VkJ67w
-  GFY3Q2hUjsXxVHJ6Kzjoyzx6D0rl15FhJjm4ZN9+2lcdG1VrdEUbDC+d+dyXjJpj
-  RKnRszKrnWpnINHQK8pYcGiaHObinoBekoBDkrj94kapsft932Er6xrzKQTeNuoF
-  5uNqp1rZXSRf6wXZ5aRM6tiJuethdOgOCmnm1sQjPkks2IN3qkHdvcWbT3SU6mBP
-  awWja5KBAoGBAM+f58U7mAjxv+WjqVfuoX/CWH2bgOG6EJU/6kkGFxCeWSGJmXQp
-  s6C0BnUWRuk64U60JXqzMaGDMwc5/xWPpmZgVYk3DsuFDXJZ9ABv2h0U8PATh+FP
-  Gv/ezJHuYZYW1xLWpfaBvJtE7hlrGpq46KDucw3zbkgjlzNoIUDrdNcdAoGBAPbP
-  5MFRg+5ZyYXZl8Q8Vm45jFiuM9c88XbgNSVVcT+02W3FT4YNV1qV1UhMvR6/UMNL
-  ykYR53dOqLTBohyuwADj4c9OwEZ6XfxL4oFLL5/pZB6bnAQFcnn62Dui79ncCV2o
-  tmOBzG59OHw4CI/KQkdve05dijee7UmStYl2V6KZAoGAPDi0YCft7EI6l+AFoWSs
-  4UK8qgotsstmPfQg/3dNv1s+nRStNt1Vpbox2UpR3Rpf+ZUU/eb18VP9vA3daCKX
-  cEBm7vrSRsPb55whwvKugBrv26K+meJ5AVhdW8KZ+Y+8aFFsJ/jvfNXcffDr8Y7K
-  ossnAhfml/QCyj1cz9i7th0CgYEAkvup2qrl6+tSxUCZTkc0nb3t494Sh2sGzemm
-  HM6ue+cC2Yl423dUf2DdvIne0tHSkguvsVz2QKn6dHMgTP6Q37bWgnP+s7oqAJdc
-  k+0nto7yjfvTxN1NmHEXlyRovJB6j2lq/QWOrnoqSmfASYmFQS+V+kxghNFDtN4G
-  +I8ej3kCgYB0UJcJB5TAuxNiyPneSzpEkGTPToDA2kCKDgL0+V0mPLbM0Qaeq/6M
-  KeJeXbP5TOAnQoc4hcBjbMlyIaAVVX/Jgh8ZMA1b5jh94nAe3LuoFaXy1Ee/y5RW
-  tQNYyaaSy70rHpEvw4qkl7pFJdaCg+7EcuxlXQVkoc9Nx46AD39fCg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA0gQGNOFTHBvDOeIM9JFlZkWAhtPiHKDLeKi9+oeIlNuMVkom
-  QH4+thMSjFoGm2pdeElxzoicefiPWmh/WQItzdv4lgxTzQvHaLWLwInQOmixgK7g
-  R88HaGEazzdIz3HYCULWCy5/qbb8jbgVPYMDZHXVTWGHCpcFaXbMsVBL0gnV0KEP
-  N4GPONbld38ILNpVELpP332+3K2t1/UjahOXSm9eybsSuB6SWeiSgGFtxVYBez2M
-  n3o5giVSPXhMiZiPNmePA0n9PBqSmuGST2q/MX6H90N5nIYxNYotWFrQ0ToIFRQY
-  2lDMWjEdaB4rQRPh6tqzSythFnG6CiKUGsANNwIDAQABAoIBADPg1JupcXtHDGG3
-  ClY7uF2cG5SysG879Sc4H73MTxveY/tI08woo1scuP88mdc4XiCBnABV1Ll4ggjm
-  OVcGZ8Qra2u9XdIP79FYz03ffTWAeSB9kl+Kr5zEJ/g6At1jlOcswG0Arn6A+kAT
-  0gNg4qylQuybg91E0wxrUUMXv7MBUgRLtzoh3lO2U/opqTgUq7AOPIHhoM90QWZi
-  u93pY4ExJmDdWrhbiIknnIS3FItD5cPgK5xh3oq8KNHA6Y8+gjYCYHS66ddTuIet
-  QELAJX1IFBJOPeeYC+FsvFcKSKq+tT94/3a7LVd58huZz3B1CtC66z4gHl1Lmkg1
-  5eP/kWECgYEA1aHoMNVAnrOCNyoAswnBUmqNjUngkB7EojkdEzIL419ZjrxuaUMe
-  TYQjwyk5zT6ro7tZQzq/ZBueQRnJWIUl2rsSJh+HAzszIzEDVWhmX9m22jIJ75Vv
-  nONJehnok3/HV6EOdYt8ciyGvqKEruU771WzPT+FyPCBdsiALol8+NECgYEA+6p/
-  ECqKz8Myj5Xwg4FozrUCQtfutFy0nHGJe8kw9/wnMr3v7I6ZP15cZoZ9dQCsV6Y2
-  TVaJq+mz76HwtyJRcVCc5NT4bpcrBerYFmm9CQcTg2qkSnIEk5IUtig4BRoMZMzL
-  IUvIgcvC6ztgqxUilOSamPXZvRDD4bk2Au0hJ4cCgYEAsVeKbJ9a2WOjATA5DGdY
-  uJYDk/p0FK+2BATtgfXVsJaCvd7muTMigK7lESmz9hHEYlMwMoMeRng200wYvQcq
-  +Xy6ADPD3IbUWK5jWg8kjQUqqc9IOD8RPGfhox7G10sHrFLiseltEUqtQKuhAZ8C
-  Nhgqhvmokbo1funKntc7i0ECgYEA7cq3rKrF5nHmAE4Ip/lK8qWNsWMepUVDUt7k
-  rRX5MxgKYaOeY8KJgprCbA1/1WIBdgATJxgxlUKJRk+ZhzDiC1PEK2QgKT6k5D52
-  VxcqCrGo+m91NPJu6JELCOMPq6JlO4lWFevpVNsXHfVI7d5WgqFOgmEqj76bl1jN
-  dA5jWVkCgYAFc1TJWwF1yJ1by4nq3dtSau++4Phwq7LtlcVhhlMTsXUITrwPhkp3
-  GSrhkKoX4oADhqu43Io4mKqOvA780xsESftT4NPiygfEZHL6ML3hRV+lAloz1Uvc
-  9kKjjndEHGESUpDOPyRMSTX98VmzF52JT9RQ7TG7VOgQkHdaz8Gggw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID8jCCAtqgAwIBAgIUMqljqqkL/hlrS1jO+Hn6tPI+DdMwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMBQxEjAQBgNVBAMTCWFwaXNl
-  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANlUOIACLwpa+dP3
-  zhFMDN/U+K7zqAG97YzdosHdRRFshySfjHbcPhH+ibR5wwvogbN24l7SRqW/sLWn
-  +3GR1fQfIozyOd9Ho/CFlUqJoC9moRvH7jyBUUIRGOkqgzbJvAFphd2QIrAHKUCu
-  5QBpnen9VrEEH8ahKAX5FdDUDokBxPG8Cd3nuZQJdFwJmAw1+AXtvXyZrQt+F5dQ
-  f/vypD9dc+fc04vDkE1I1QaNBe+6PS1Z0GmpQUiwSykdZ25tEOmv0VmLU5dR03YU
-  5AJia7Aj6LX2FpeBUd6QosRqhOvFNQOEN2LQFLxsI25cjBgqZG20fy1iEA+iqd8g
-  Y54RYC8CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUU2r8HCw7
-  O4Uz4JxmwGiBp8Y4VcAwHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dww
-  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
-  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
-  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
-  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQC1B9TvfBcN/nNS
-  iye0KHK7OuJji8svYnOdxnXM/We6rAjcbCvFWvSsl6tfw6jp0v2geiboO5NYDT3W
-  evdTtehv/Dy2xVs/cUcraKL/hPXJYV+SvlTa17h2l5CBzQmtV3LcBo0TApqX4R6k
-  fyxLFi3tGB8zupSq49lRze4Oay6mz3cDVh9N/6X7axSUC5mt3Ih8CBmRKS+gw8Li
-  LtESD/+9l2f+5Wh2OwvzGFua+Q4gLbyrbWFL1KpWipfw9TNzq2+b+RYnczm4YTaK
-  dqCKxZyNucSHX8h5UNUUXLZSwAJaWee0aKJH9U5beYVb3+FPzJc7ckTQmqfrtsed
-  /IvwcNgl
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnjCCAoagAwIBAgIUTMcTNTAF+m58S4qyXu0gtRe/An4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMEAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0x
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbFKDWnbRZlYOWseti4r
-  hmcYQFm/uCi4pbIr7HsatGp4OelmMMzzFH2MELbScEx+uwcz1AKRxk23B3qhDB/e
-  o9CBgosG39dka9DURsFirALyla7v/DT+sjO+6OmryAbmBKTbMdl4Wc4nNHmVQG/v
-  X/fnZ/iKjp/GXv99s50ZyKBWVWovoaJWYI/xZfrcby3eN97GdlrixVcyLCW5ylvN
-  sb7LKr9mPVKz8xPqaNdtJK73jz1DWQiCZGfvW3jZIsfAlV/Z/axf9Y81T3FozOJm
-  EXd4Mc6ltgSr9jItzttTXe2cpR/AazGd1ncGdgskVO9VYx0Wz6i2UNB/rEOMSWq+
-  5QIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUfBNLCrnh9CgcM/gF
-  V6Rgq/vb3vowHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dwwIwYDVR0R
-  BBwwGoISYWlyc2xvb3AtY29udHJvbC0xhwQKFkgVMA0GCSqGSIb3DQEBCwUAA4IB
-  AQA/XFMFbR8uzmDxvg4kF0vv7hbOqPM4ODIj4XeTB3fFUKa2CBrYdFxTy+9NgZhT
-  Qv7so8Zt2mIUfzGQAzrT93ngwd1zCOr1JKerxdpM8C2CELXUh0GXV7JEtfNGOGdH
-  49RhQ0/rmOVOJkQ207EEVaLRAywOpAXWH3yV859++jCLf3NUMbBeuWqeFYlnQ1GH
-  G3CEH9kKUrkbRTHXEHi+9qtECRbVl/f/amVOPgQeOSfk9LqUjiAYabCLyCJc+U+W
-  ptVKOjYPfZgIzFx6npgyR8cbb1CfpDotp4a3A5oy4ovy/+cuzThjRG8fhN4THEG+
-  gqj67JzmRamiqn6PHNp5nRMj
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnjCCAoagAwIBAgIUS91QgOq3AoivN8mS1gcyzdPddNkwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMEAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0x
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/c8OSNuAUatuH95rqyN
-  1bGww8WywbljGTRqKvhwkDTnXHCTOFmO0D+wwH2uzfDORDSfhxvCOBIefdqIzPx1
-  IOcQU06+qIOLxKf3J3Dmp8Hjjg1orZZU8UpNGtG0quMHIqOx+Yk1pWwYCKr8CIEu
-  iiE5rkKjslkShbJV+Mu79cBQptOOp0c0WF28Cwp01AcfBaOy8AL+zhmhUQuKORm1
-  8SufAK7V1pz2boVJ/5QwEMP6fvkWvZepHPjbHr9QzKzaB2G+1PBuhZjMkjPn9+Fe
-  Ea4lc/qkNz1uYuEZGPFSbk8V+f5E3Nn3tl1XL4vgTxML8U94eQLTR90UdfoVbk1X
-  pQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyV5+Op1pVpugNy5B
-  X3MS6i/OC2swHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dwwIwYDVR0R
-  BBwwGoISYWlyc2xvb3AtY29udHJvbC0xhwQKFkgVMA0GCSqGSIb3DQEBCwUAA4IB
-  AQB4SSiMuqNvQSTPEcH2GG+TxGAHNTsQhPXYhF49l3bCX7IYY5X7+yMHN9w+3X/b
-  taaHdyilnqcvB4Kke3gdZNTRpf1OBprcbZXI6FtTEBw0u9htArDsHYYTFkose35X
-  XhophpEtfrIXhc9KCuAxwW3/qxVrXySIvOPn1PuHIh+C964749ZF3LtwkHUKB6mQ
-  zMbPv3qeaiqLppl+2jGtdXIIZFIsS4J/aeN3r55q7XrfwB8zgebeZLgM/Tjq8sg1
-  VLgLbVaiDzAEZOFkhEhJuaTD/hm3C6l5JBdtxQCTP4R8BI1AXcgJXDGMDw1Qk8fc
-  mXdQ4oCVKIWTsYYvhh7kowz2
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnjCCAoagAwIBAgIUNMpO6QMJAv0FbEIevUHjAfSvIWIwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMEAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0y
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLU2qRhMhclbr8kTqbz0
-  B6fXoIgssc5xdvX0Q6xoI/dp2LuYEzBEYTcXNmUsm0GSLWkVz90C58a7f95lHrWH
-  qwfW78FwoDzpFIG3ja3seqtcE9mezCy/6ckm/YH4vbkS4cwQGTPYEG8Rf23DXjNI
-  Ng4Hjd2nlebCjxIZ+TlmDgeCgd83hXjBZuqFw50m9JSz9O3by/O2ZdRrnDrsrgCW
-  ilCaCD684sLwECZyuXIsarxR3eBWoYI4jgf+cgyOD1B5RCSXnD/8IUMGPbKhB1Jq
-  9LVLwdDFKuD5gpxVjLt121yFz73HNnF60d6ftOyiUWOytsUJI0aAlHyOS9AWqLk1
-  lwIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHeCdMMORtdQHUkvS
-  9muolQjR9s4wHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dwwIwYDVR0R
-  BBwwGoISYWlyc2xvb3AtY29udHJvbC0yhwQKFxYMMA0GCSqGSIb3DQEBCwUAA4IB
-  AQAooYvZQLSFm9nTUCst2SUND8YEeIlP9rF5OfrfP51Rle3GWvWeCZbdkvuRwibJ
-  Gp1m2pGBXyYO0cwWHiMAVhbrHa+lV7Q1kIdvRsmnimjWyPZaEwjKbFk+O74rpPTN
-  mGXvHMbPzfXMyh8JtGlGTc1XJL0OYYuwiygv1A7QeE1Yva/z/to+3bcEFx3kSueb
-  HQBMmePetjLlRqbtWmXm3VzxT3zsQBvoOjMe4FjOpGiQl8CFmsaxKzGtgditFGfs
-  1dcKDivdRolR0sRPRRUHArcsOKA2p/dgoY4BPJe9ai2EWsYYZtFbu84hzigvtGi6
-  qXjgeUOBrRynkj7Y6qn0p28N
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnjCCAoagAwIBAgIUXydhboReFj68yEDKWCSKXmRiWU0wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMEAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0z
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+F2TxTbWQlW74wGGn7v
-  0DdLhD0pYy05KA6N4irgF9TH/nxmQnKzQFzo1IO0dMQWF8+esnKR5XuoCpW7RAbQ
-  Kyk02d1OBLprPu5zorbm4LqiW/VUclMuWMlo6tE7i9nCIGpypDHtvNmGSnx1Ocew
-  0/F1eoJnEVafyMsg4j4ZzS9x/1ikxvc0v6NgPP6RcKET2NfhLNB2FaWj3PIxzItG
-  Pizy4pAOKvRM+HJoaaxxAuhhd2rc0581JsevNw547nX8zx8hK2L1yLLgNUbxkecT
-  DQ0iCWmV5iraKbJYodhTZxdAjY2Q9S+M32SgBmxdfedR9dwytoi8WBmoBsw0xGCl
-  ZQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUiRvTDNDuBUa45fwP
-  fdOPha/BAR8wHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dwwIwYDVR0R
-  BBwwGoISYWlyc2xvb3AtY29udHJvbC0zhwQKFxYNMA0GCSqGSIb3DQEBCwUAA4IB
-  AQCQYojWc47Ep74nlUy1OIWVsvDj+jkfUf9vcRdNC2bIFZ26EukX0YuhrPKPPtv3
-  /0Y9kLKm6LIS5udlQGfySCoIN/BneTyJin/t6bY35sR33S18AhBLqKmeTW62fU5p
-  G17oyNdbOLYy9ctgb2u7hU3HMPC/o5u62hcNyu3eENuCDvDA6sLTAxVrE0e2IopD
-  QxDtQdLQvd8u5vcRI85bAl4hvtsqGzOUOtnnX9uCoPYNoVaddw7oTYjUx7KSBjBJ
-  s8VIBeSGmoYs6CMZbWkj6g969jru5P+nZtAnoPjMY9fv5/YLfjXYgnMgvlP2Bvhl
-  L7m/nbzsuATQs+nuHQSzoVOM
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnjCCAoagAwIBAgIUHqowyQv2NKXCu1tA7jHAoYUhgJUwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMEAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29tcHV0ZS0x
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs38Xlh/LlB0wTerwwnyK
-  H4/J49wpkqPMh9hXIaxPNJ4vUhqCt5YiT7tXfpkhz/OLA5PVqhU5mW7jPRRii5Ad
-  3ELt+ASSh9UsPNH/LF+DMuJGJcIuzCr2bK+bwXbB740r7ulJQ68nwEc6626Qo28p
-  HQLUpdj3XNtsiz29CzMs1zfGxPvWwAc0WwwCjrLoPVvONIMCk3Gee2Sy4i2zVpVH
-  yC8SygXyx7q0u//W8nonS7rZwqKlXtBKOMR2lYmpLDxHVtFvMFAUYPlrLnU77RD9
-  WKB6SRgq2MwV52MbFQTn//EpIy5bMNw6Py4p+cvihxtd2xcsrsgm/3kQGoz5hXHO
-  HQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUq2nHm+xlMkQLP8Uj
-  NUPzy9fg270wHwYDVR0jBBgwFoAUu0zMp7874n0tNMrGPUxsI3Xo5dwwIwYDVR0R
-  BBwwGoISYWlyc2xvb3AtY29tcHV0ZS0xhwQKFkgWMA0GCSqGSIb3DQEBCwUAA4IB
-  AQBPQY14V3SnKlX5Wb7u/Oh5hGe0JcpVD+sR1Kjprd0OuBkF0EMzdhDFpLMnBunP
-  p1ykrpTSN2qObbpsbln25/Ad9gVbKgRqi9bZQYUKEcY7v8WnbYGHA6VXjiPgyobS
-  6jWZ02/z8Pkx27YoTnAQjF/fxDXjTLMfyjdFczUMMsl29SO2qrPgl/2u0GVbwDGn
-  DXWlgehSuVEK8LTL5stQHRieeY15WvfiQnXRCCG9y0aSbcn/7ASNnmXWcMWUdbPX
-  TRTn0/ZloixlcUIsxu6X5P8zjy7+R6ulyewtJSY/+IosLePwOK1CY/leezvoeroC
-  NAbvshPk0AThw/MrunxvDjjL
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-compute-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVzCCAj+gAwIBAgIUPL+r1GW2Ntyq2D6WMlV2toXXHl0wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
-  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-  ANRXQtx8rK1vOWF2Pf8HOOiZtecWPZY/ckzAMDYMNQWjHOPIDsW/W9+icRiSIYYO
-  kHhqPkPRHOfNBhFfVuaMP2R0EymIYQ4dMZFpCmeytrcgfCfE9XaPZUa3D6GWysKj
-  Rv57wl6nTWw2/3EmvDODMkXrYTCymKHUMt92f8XdL/5B2EQVBQp4D8zRZ061/2ex
-  +ICTsqMkH43AT2S5VJrtI6rw1EdFIWLSHMfEj5AocaIPH1D9lq5JJxeZfWGEcpP/
-  fuHTIbMwo/G2GO+Kmd6CGXOflxx3+1ZNE+Y5xGEcz47wN8ppj7kQbJh2nNuB6Do1
-  FH9qyM5mQ3QdAMOw35z8ATMCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
-  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-  BBQTHX+LFPInDpMkOXtQ/xcPUcZ/jTAfBgNVHSMEGDAWgBS7TMynvzvifS00ysY9
-  TGwjdejl3DANBgkqhkiG9w0BAQsFAAOCAQEABCggG3gLSJshj+RGo0cn7i29ONJN
-  aSYzgPv6u6XoLiflXOzVpVmHhBU6T5FCzZk5ENavZTMOsAKjPPNO9pfXo6/E6vI0
-  cq/JeQ7+NPRLhbN8kIxM+ylHvDhSa5fC9cKVfDuhcKWPXvF2w56Lh9Ld6Om/mhxN
-  PlnUBW55gi9TydYQ+8Vo4SyvC4Q7m/J0sM02ePBEbCtJfS3z9VhNlf+KgxwV+gFc
-  DVgw5cPu7J2rfSLRSAL2scrKIYazrOyx2yoKBO7wxjNl78TBijOyeiHjgQ3Zzkjt
-  bnAz9TKDUgPddhMxvMEAIBS7JBlV3eFuNrhW7Ctu55tU+eN3ocofIw/gjw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUAZlC7MbIbuAYUVJb0rVNvnfJ24swDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
-  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAL7oCem92ybxmzH8w+50tczXXaZWuVoQpFQOOc/wBnqNeOx5+mmm
-  Ka+ph8WF0rnjVR6Z2jpiCnFmjZEcDTYcAFTsXcy+vO4GOXCZgQJ/Noua+JX6toCW
-  MVc18e1Wf4FrGaEsWQb+DQwtt+VsC3+2Qwwo8iJR7vXaJCKZvVQXds4grzdt33+x
-  YX3k8WP2vwGFmuPpDk/Ww2zaClWKHdxwTv5KOPf34AY9ilgZ6sQoQdI+W2XbD67M
-  T8msh14pdOMyjQN6EsKU/PzH7NQDEmX9s7Ig2eONGJlcP+NXYBRMgGbyod7DlRRd
-  knTpURklFPe9oMbXfJHJo7FC64qkP+fFYzkCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBSux4wsMb0b5Fm75oPYYfAgb04CATAfBgNVHSMEGDAWgBS7TMyn
-  vzvifS00ysY9TGwjdejl3DANBgkqhkiG9w0BAQsFAAOCAQEAKYVbuoZm1cSsGqXo
-  o9nuYV+d4wvd9B5m5K+dVB1DWyY0pIjqrBevKUVtEoJpBtPGmgCjiX6fpoNqMT4a
-  u41QB9oigzO194gdiNcLx4ahSvlxPqQ/wrIYxgIyHAiacqYCgWltd1hqGRKWVrch
-  E+kntNiEfT28V+U+n0tii1nbNKMn0QqhOlw1+V0O9Z1PBBQw4tT8RzbW3De2aRqC
-  4WV3cdfrlN2T1lneWYEo5nB0YR3KUF4Ouqkz0E1QNaSgrq9iRv8MojadWFEP0rou
-  O/4B2x6EXG9Fqh2oROdarIIzvRKFabrFyUIig7s5ZdilLmGF3voHQHdy5kCe2LMG
-  bIMEvg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUSxYvqvleGXPSsy48h2KUIDW76YkwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAOMw7UAqXPS8K8/M0aDzmFUSW4WYUVYIvjCKSzbvlXa9mhLKiaTw
-  7rlRS9QKv9N1JKQBeqUtmOMJYqENiX+88L45bKHftRXrY8fHrAuk0EvKjrpKMNon
-  HUiaWEbNyZ8hl2a749guJkncyqoy52kHVcsD9j8hUX/F6pEDb1sI73RfVXVpu6/2
-  5EIO/HeGSNQMGvk3kPHnrDVEz7uwnoWS52sk7Ltp8mhEy6zE2aQdmIeQRtB/8RDw
-  coiPilQR7ERRyEqDpyWGYdBWRDncsSdlZQKx+TkIyBd5YGRI+4WcpHMvut3U/5Kp
-  GbJv60ckLVW5WfQqZTFyEZB/1qopZsKAA4kCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBTcTAVcEYGzoBrfD9YXCRme+6TtRjAfBgNVHSMEGDAWgBS7TMyn
-  vzvifS00ysY9TGwjdejl3DANBgkqhkiG9w0BAQsFAAOCAQEABJ2MviXnbvsO7u8c
-  uWYwbHyQDqmemWZj/6lhlNzpqrFof45MOOWpJTL6UpL0Lwtr+5dnj6s9oKdBrWPf
-  ETPagL0E07QDIzh9/7hALr96tfA/olcHl9iWw79ZI4fI3T5iMRRu3IyETLmbN4oa
-  yXJUBVReoDHh9zDjEQmA1YemAJTdAo8IoYWNiNOfpPARcbRrAZB28IZZ8SP67Ebd
-  pUUEsG6Jwnms53dIVDT2nDVdlgCW6hCAJFSob4oCqctfiEab+lq7OLJ1VPIvIAno
-  TR0b3N3D3xzis9+UUyaJF4hTzMfTi2J/ca/Q1idAAG6bKApUXK+XU3zSDTHpLP06
-  iH54+A==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYTCCAkmgAwIBAgIUNj5LqM8zVIaAfcXJr0MIWTAZeuEwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDtuxwcd+NcVxqpGhS2GQ+9+OmQxtANBVnG7enHZ3eT4gz707qk
-  hATCK06eSRowr4RXKdhP0XD4+Ls/W50hIaNz2SQ66KUpMTaKWrx5U5Q8UbjDvUh5
-  AwC8k3YTud2QccptILw2Vh/PbMamMSEq9ElepDhUMy5LKS7h5/T/tPIkQ55ld94G
-  ivVqjvElgFdMf4lCVZIaIIi+4KWKcrr1mClErap2w+4u0PYgxJZDzGXiHvIY5nWs
-  SqafLcLiCZ9VdhtC5OingxlFuQhYyRoLSPLC9fehbLVB7Y+7EyvkPYzq85qrGGyZ
-  95y+wSOvGPMV5P6MwAuyhUAoNmomqQbHQH2jAgMBAAGjfzB9MA4GA1UdDwEB/wQE
-  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
-  ADAdBgNVHQ4EFgQU85v01ENcDdzg9B6Wqvv75wq4t4YwHwYDVR0jBBgwFoAUu0zM
-  p7874n0tNMrGPUxsI3Xo5dwwDQYJKoZIhvcNAQELBQADggEBAAZxHH3RcfLPPlmt
-  9IKnnKp6NJA7FYwCLCpQ7UYBjNEPFBcVPOANTktc5r7Iy2/BPksavUWu2tCw83EA
-  236AN/Vt9WT3SE1ev7a6Nxeas4prjN3Zf2RWXSLQ7eiP1F+3tbp9uvdd4tJH9hGT
-  EeevaynE2iz2WNMdxQk0EqVJTRkzxseGPIF8MuZTQ4OyQ7vEQ7wn0t5aiNHQLs0e
-  PktrMA022LR6l2DK+vB5T6I2jGZoinDdaIS+jrwSB3dfMN+EDkvCR7e2D40tEuMK
-  FqEwRbPXm6IpymB7Y0V0caXdGg4YtvoHxckzi5NKmNwALS6/Mt63C93mzUGePnTN
-  2gZv9hc=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUDCCAjigAwIBAgIULyIn0dp4pon0o9NaIsi9tW9ALRQwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowFDESMBAGA1UEAxMJ
-  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD/UKm64
-  QncyprXBo7BPDIRaWjkFbLWcforGuq6xqiR/ZFwSqATaQIlnmcSr5tvv7u5pnq46
-  qh3iNzi3TEX+0wxUgKjW37OIgkcktnl34eTB+3LIfVNqstmEBYMJ7gMKQSdIiN0L
-  Pne2xbIe6b4rb+7KvGGITQ523NvhReSb10SgvFnZ8RwokI8sQGZqOS3XkUbypvI7
-  3guU/wIlQHQmKxwpG5yksF1J3sF3RySZL0hTjXsziHt4YXwRpApbGtqFF5/p9im0
-  86SW1lrm6LV3pWdkoZ1mHcsh1aNMe/bXodhhhkcP7IlhEEHpa4MIvI8JKUOmxwrB
-  wtAitOEvhiOB2QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNhI8+IV
-  J3wAW2srkQcxI4vhNC9UMB8GA1UdIwQYMBaAFMyMHgVzKT+YL4b+KTYjJ1XrLenz
-  MA0GCSqGSIb3DQEBCwUAA4IBAQAxJsnipQ2/8nAGo9Rco4L3QpG8175qkRZxtfBw
-  s1moWc3DaPPTAShmsKq5pOk/SwbvNVkQJBOk+s68DTWU54m/ZpKhf5cqTZbi46XP
-  zkyzEFUIIYp+L0Ek5C2xEheDQtbtud3gxuo/K94iMHMozY5FBE1WzQTonOgQbbIG
-  F+f2SHpVneKETFUs6KntnRbvvCIpAj+fYGrGdxgSS7sNWFkXRrz/bB9OkvqaYjmh
-  1wRacDlmPUmZderGL3HjuUsUIzv6aOvFXuojgYAiDobS9VMS9eBbCiO/N+1xBmI/
-  2SqjuLNJom5EYgaolWmdCP0hZdPBZwXUj4K18v4sbxTLkg2I
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTTCCAjWgAwIBAgIURZvnVj4+mtojv12p0W9y6DqPfaswDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowETEPMA0GA1UEAxMG
-  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHjoYEbzXqCs
-  M06zlsTZWC/Y6mkA1pzIpxiLoRqhrsiingESHfHYKrJTer4zTU2MyLay59HH8riS
-  mD9hR9G+x7d0bZd7J2aAX6AYOzoiheUfoCxvtc4Y9xISn1tez1mPMFOJxLRe1CFY
-  jIBKuF7p/MARgETwd2Nu0VbBUMn0G61w22j6UgSfz1AfiZBJcH0DE/yB5v+8NPnI
-  RPyUo06vUBSJzvPg2S3ZQZfAV1VrqHxqR7Zo2R0Zv8D6D4W/rLtZ79SIqkyMD4KN
-  m8jrXfA66IOMCf/WBthIsqeU1tQk3QbnJlFgXftF+dj1usFzsX+kOgi+2g7eWB+x
-  O3l5DWZngwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
-  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPldtwJECIso
-  gv8ZzTcZRlgQfHUsMB8GA1UdIwQYMBaAFMyMHgVzKT+YL4b+KTYjJ1XrLenzMA0G
-  CSqGSIb3DQEBCwUAA4IBAQAUELjYzXasXIrmPs5EPfLYILqie5spNPfT3sGMbYmP
-  /zaEVpe5oQsCO//7pPGFDPULRYMFlPwiSUlweZepoq1gsiYzb74/1OxcKpVDiRTx
-  dMwaDz/WtJ2KhBzmbDevc1uHXvkpzkxc8ZFDLwHFz2ImZtvszez5ecox2ExgMHG5
-  /loUEYI20fp1eWm5Fn8opeINJpZIwQUJxds5dvh8cqyhNAkBDhY6hQJcBUqDcEBD
-  uUWOiv3RQ5N7q0ce7Ml4pmaKI0lFz/lkTVCVG9+YrkbZ1uiqguJ/T0AJBSKrCEoJ
-  HCI6bblxASNpRI/H39W6guE3rCAGrIC9Oh9YUbeHQGP5
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDyzCCArOgAwIBAgIUDqpLkDYYbyfv+GJETQZ3z7GdlL4wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowIjEgMB4GA1UEAxMX
-  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-  ggEKAoIBAQDtMOSLYOXvMHutCbX6mMFiDDBc9jFihUTN5RkMLQ5eY7kAN1AGbWOV
-  TmDK/VpySx51V7YX7tvdU8svaZg1qfJbWlGO+/2d+BUF5z3RRo4o9QmoymuGji3s
-  otn87pRHccF3mp59eYhDZRmAgz1vUTgyVK0H66U9lW5kQ60OHSBoaUTX22peAAif
-  l5VQJT6ouGr6gvg4wJG4p6mmeK4IuAffrYmoWEVr6Wx4RLyLV/RLgzPJSLZu1ihJ
-  XjrI8+vCKaYdc1eZuoiTjDTxFtd4FKLxLfgETVds197cEDTzZ371/IXRFVcTkLUH
-  nslde4CwrSL6feTrhQfWRuCifXXUm38DAgMBAAGjgeswgegwDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBQq5stJ51Wt8gnA23LpBWB9ktZJETAfBgNVHSMEGDAWgBTMjB4F
-  cyk/mC+G/ik2IydV6y3p8zBpBgNVHREEYjBgghJhaXJzbG9vcC1jb250cm9sLTGC
-  CWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVz
-  dGVyLmxvY2FshwQKFkgVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
-  7AMTatzqhdHI4kIz2fKdfe4y/s9IiAOhIHPLs9bDiw5SOPqWMXofNXkiD2lhpieW
-  2KmRSS/6bVMI3UD97aXaSk/kfrLKp8ZNFp0m5BnqfpNR/HxQyukwanc+bciBI51u
-  Dz/fWE9wmHIgq9/Dr/8mu+kZCumuwTfGBHJhSGcs/vxmfLNlHdxRy2u+EsHCEUYJ
-  aezEABUDTmMFhcSNVD0OCUqa0hT2lkLdKxvYpk5IImkGUgSV7ioly9Hii4Oh2dyQ
-  Fyly7Kb84d+bfRD2weo2K1L/iHT7+dM/z1i6l1LJ8MKgFUqQlfwr1FoZvo4j0/gz
-  Uvf+OcXXQCCa39m27YSq
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1jCCAr6gAwIBAgIUFXq/7xb6it4s6BSszhDLJ9b71GAwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowLTErMCkGA1UEAxMi
-  a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMTCCASIwDQYJKoZIhvcN
-  AQEBBQADggEPADCCAQoCggEBAKt9sZwllvBLwHjZ63+lXaOMaFUAjCZs0oFM0LX+
-  mu7Ujtl9C1MOCGzRc8C1rTtFNRSpMNv0iyn8X651c1Ir0uglOIf/MqWlml5tKZ16
-  xawpkyLeUt/D7SI1F9GxS3aqUmMDyucV8X2Baq7AYdUsVzqD3Sv/qpz1aHvxw3D+
-  oNqgZcQW6pkiqeNQbGtdpsh7yI20sfxf5ba8Xxv0jpXf11EOC+/8EZRLtVO5kvLP
-  PwX7VW2Vbq7vw/IQZB1aygKj8mU6dByQgU1915wM4fJrMbKoKTPBdvkHKBC6SSAU
-  gzfvo+yNbFpgiNzFruP+4ny+KI7sMWbonR5Z+qO1ClnvMnsCAwEAAaOB6zCB6DAO
-  BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
-  A1UdEwEB/wQCMAAwHQYDVR0OBBYEFB7BMxQsUF4T17ZuVhQYpJy1NFdMMB8GA1Ud
-  IwQYMBaAFMyMHgVzKT+YL4b+KTYjJ1XrLenzMGkGA1UdEQRiMGCCEmFpcnNsb29w
-  LWNvbnRyb2wtMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoWSBWHBH8AAAGHBApgAAIwDQYJKoZIhvcN
-  AQELBQADggEBACRXaaS2yzM3WMrIYu8BO2J56yJep8DZqJ6556DZSOzuttRPwDGh
-  /L/agP1U1UoUwHs+izzhpqfryCXcRbjei0fCc6egh6U66SPppv1dhoW38S/PdnNv
-  kO49q/uJY2aeustaA2XWh5YVri9et0UzLqrVekwsjGztntnghwbQKX2M3dxWx3Tg
-  T1qqbM2WKklZdQjxFAqK536mnE06vFq9wPF41yQzqzumS1aGeH1CDe6VKg3cnpID
-  e/xRgvGxhaFjVNGCfSz7vMCj15YfX0GAAVlJuiY4z+QCD9xeSmkt2zwpjAquMpom
-  33mJ4beORtWop8Q8REzV5i3pmdJRxXd10MQ=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1jCCAr6gAwIBAgIUClU4yz8zywj9/QDnw+ptk4ouy0owDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowLTErMCkGA1UEAxMi
-  a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMjCCASIwDQYJKoZIhvcN
-  AQEBBQADggEPADCCAQoCggEBAKKalAN2K/F9AnQvBS1W5JVeuknGlDcNE+0GMs69
-  88QowdzAObPqWGE2dR8YRv2Cm7NJ4OteWNBXjpwWzJSd4AJJXv8E7hAq+njIdpOS
-  6isqqz4mID08XlODH//Q48h9tv5QApd9fY6DPrA69Fdt/DtdQKl3bWNB3/J8Q7JQ
-  03im7v5QzC007VOvl9UlQAKGf2ptzOCLj7/3HJH182PC90dmtqMFCAfGo0nQHMUe
-  OujaTRmNY8WtaNdcWLA2GUJiCrjPXR/qokFih5tJobmn5pBF5LTITFWdfdJFYTy7
-  gIdXTDaczApkQoZSb5O1tM2STctwgUzQ/QCJVIp3BOf9Z+8CAwEAAaOB6zCB6DAO
-  BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
-  A1UdEwEB/wQCMAAwHQYDVR0OBBYEFG0EuCXYRscDpiQOfk6snHTTub6cMB8GA1Ud
-  IwQYMBaAFMyMHgVzKT+YL4b+KTYjJ1XrLenzMGkGA1UdEQRiMGCCEmFpcnNsb29w
-  LWNvbnRyb2wtMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFgyHBH8AAAGHBApgAAIwDQYJKoZIhvcN
-  AQELBQADggEBADccp8b3l9X3kYaF/OgDOi+Gqbl8xkp4lGjjmn1HuoDTbTwS2cMw
-  0pFAeE6N9o0Vz86UFIIuoVrgVmDU5gmtxyf8cFecciLgvYg87yJV7H6NM7DvKvvH
-  fCFz55FOUYcG42QpfMgV0pWthz4qtDOxH4m3f4W+BNu8217JSkdB15KesmJ2fj+h
-  /vFHHW0KrkeRGCsgFsyUBb2bc6jFMUUQa6Woqu6+AggF4qq3IANnHV4dpEVle4M1
-  QLtiUNywPsgIXUPtRM+i7B8XxVa+XxeUi9gREacQqzz+nDkxhqktixsx1ORzXUr0
-  rxkiRpuv1U0+zNbaaZwmXik0GL3vNPyNwqs=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1jCCAr6gAwIBAgIUBOWO6/nF96a1o3UK0fXPuPN8uA0wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDcxMTIyNDgwMFoXDTIwMDcxMDIyNDgwMFowLTErMCkGA1UEAxMi
-  a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMzCCASIwDQYJKoZIhvcN
-  AQEBBQADggEPADCCAQoCggEBAK4g+DsRPrTNvrxawyL2nM/MqrPXeLKDR0IkI7Ly
-  Wg2R0dKip1012SX6daIiqM3ye8o3U9f9iIfpdtmx6LZQpbNCU/zsdVYU1hxQUmrc
-  1j0vzJneypcPgyJDK2hyy+5Zio+VaU9aMZK3emSq7ucbPFwURslm1GMLb0vCkBft
-  t60pRULdCTAdpC86VxjR2xBB+25AElfcm/r79xH7LPIWS+U61ayXiidgxdY3AYDb
-  zzg1tEyQl7YGlK13Ze+1ajNrtaWuGYK7hAzUkjTrdzXjBkWU2v0H453HMW4Zhc2Z
-  sezrLSvjBFNT/QQLH5YjeebmAbBYvmLBKf6tiqnc97pAnHsCAwEAAaOB6zCB6DAO
-  BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
-  A1UdEwEB/wQCMAAwHQYDVR0OBBYEFHvt/j3Mh8Av3q8eowWfq4tm1a/YMB8GA1Ud
-  IwQYMBaAFMyMHgVzKT+YL4b+KTYjJ1XrLenzMGkGA1UdEQRiMGCCEmFpcnNsb29w
-  LWNvbnRyb2wtM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFg2HBH8AAAGHBApgAAIwDQYJKoZIhvcN
-  AQELBQADggEBACPmOefYSiRxz1pioJwZnR94XYJ62BQKOQM4ael7MnZSKb223dyl
-  cBPO6XwzFO4E6C5R/fJe7HYlkPJJ2w9/179X/aQefV7/aCdI6mLoB2tAOeuuV6ib
-  dw2Mc0xdLKKuVztNl6wsKwmXNwlWLrRoLj34oe1Fa30CuszDJamH/kRwFhRDa6U5
-  pZ6FxCOrunkBBr9uO5J6EZAd53DtLJdHUnhy4SE1rA/mGfkmHhzuPstCrL302kSg
-  xYOuy65nY0Uh8sB8JdcBaXg4hiRAenznXedLHUjBzSRS+Y8b56CFNe7JlSGmGOLh
-  YRvnE+J+mIOhMZQtVTrC6kBO/ggkdwA+YNE=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1TCCAr2gAwIBAgIUe/3pqkMO6Ho+HC0KMBZ2N7QYB28wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjAnMSUwIwYD
-  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
-  AQEFAAOCAQ8AMIIBCgKCAQEAzkl6Rcjg4KUQP/dVl+Hs0FvU2prcgvKqQLgDSRuF
-  ho5h+RKXR1MOGLx0jEXkmCJLtwi11eAYcE/sOMOmGdWrtfqE1+On98Rj8IqrdRnZ
-  Y8Q3RV9Vsj7dlVmR1KRS3RUyKLEMr1d76QHFZtcutaj/kROUC5QFXJ/TC5hGeJ4j
-  3vYb20vqiM378BF8LNEe5jeED7qMbnkI7u803izPn5AFZ32vhDwKnqT8i2Fd6qBz
-  syXC5UvUhpJ4LurPXb9W1VUBVkYCmYHfha/vwFbJjQ9yW9NhUgT6qLt/xtDJxZIp
-  Vk1V9RSJmH9TOdxY5sJ86owHGvogy82lFrCHXQ3N8am2sQIDAQABo4HrMIHoMA4G
-  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
-  VR0TAQH/BAIwADAdBgNVHQ4EFgQUOsMDndHzbtqwIl0GykNiURGnFDAwHwYDVR0j
-  BBgwFoAU4n+ZcOGQc+YVOuado6wyr0ZZB6gwaQYDVR0RBGIwYIISYWlyc2xvb3At
-  Y29udHJvbC0xgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3Rl
-  bS5zdmMuY2x1c3Rlci5sb2NhbIcEChZIFYcEfwAAAYcECmAAAjANBgkqhkiG9w0B
-  AQsFAAOCAQEAgCGHbHtNQ/n0rkbkzF1KGOkxGn+LkVB8aijZewPJRmqUftLeuxV8
-  rvu5JDZtHu/efqpWXEmtOlaJlNDvb2VInxcSxhMGWCUiu5zz9xiqk8kHR08Efuza
-  Xpj2uE9Dy0wnbUk5lQltJR6emrWAb9A5g+665wQkLlbcqy8ZQkfQmdJZlhEw0Yo3
-  HDTbSIbFjEe4YpEw255IPgfnqx821wbSLEOVb+lrxG2A8wagttvMB6dtb82mJXjb
-  wF7guVhduioio27uXdh5Zg8orHQYXggdLX54SKALRBKGLKxCadjmebT0IJTXE9Gg
-  EcwgWxROV51OBTrTIpF22st94EFBUDJBuw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID4DCCAsigAwIBAgIUFz1/cnx1wmsceR/1MifjsIGULy0wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjAyMTAwLgYD
-  VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0xLXBlZXIwggEi
-  MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/EnJ3eyEEuApW+C3YxKnzPtEf
-  AQAKKozqUw52G4RuO1VaGJb8kNw+RV/FC1eUCUGscBujZyh7GQkUBaImeaSMvzEh
-  3xfA6K42CnIbHEtpFt5VghZGN7CoYvrUhnxU+zH+BitwnL8Vlhr97qHDAvm6fsvA
-  lx15kkIuJmbwzD8P50pxvpgdm9RQZ1bpH0cnZgKOddWJyfF7AhC+SXbpZJ+uvJki
-  Me8eStD3Naw2abB5/N+2UT/bGvcRYpNPTdNgje3njsqCn2GWDJ0Nfa+0zaV4JgNS
-  M/V7HbmjohUCbE5URNU4vhUIqe4+sLV8qe72Ac7UgT0EVyjZiLXRA/cftsPBAgMB
-  AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
-  BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRe0E5cW2K9lBO1A07Cnvxt
-  5Q2xDjAfBgNVHSMEGDAWgBTif5lw4ZBz5hU65p2jrDKvRlkHqDBpBgNVHREEYjBg
-  ghJhaXJzbG9vcC1jb250cm9sLTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk
-  Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFkgVhwR/AAABhwQKYAAC
-  MA0GCSqGSIb3DQEBCwUAA4IBAQAGWZg/8OtHjycvbpb9VPC+BPpO2+ORS+B8IcqL
-  imYtSHrvfnKG714OmxqegE1kc2RkXCtXNwD9DZGICSaF42ea/dqqDZAdC+XLFuuF
-  JOjAiHcVDc4dPKuAOCZXzZ709B14aLJqLy95v6+xkQ/C4adCtm39IZ6b17q8As7y
-  U0gQDPMR+grWe59uX1L2dwZfVLBW72oFgD6ieIx9Z6NTtB/TfzdizValhfr0OuvH
-  zJphVRB15DuK5EnNIgWiRdf+Rl1iULjw+UTQeMUmiiR7lCPSlU9zLesFpw83XxfX
-  oqPFV5vMjVzyNQC3TyOguSxvZ3DRLGk7x4pUa4DfMgW4H7H1
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID4DCCAsigAwIBAgIUGr/52tlhKvmYuy3CwU9hw4iqhp0wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjAyMTAwLgYD
-  VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0yLXBlZXIwggEi
-  MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTqLTERnUdvv2J9cGtdo7GggwV
-  hepPn12WsFIGu7iKKEBJHtTZ+6zgcj1hliPAPHUqnN24F25wC9/PL5UC2VC01dtw
-  KVsN1O8ed7ASuS5lXfY2eYt/uIJlLZTpuURGvtwZOKNNsfSyobENYzC5cJEytuzA
-  AreDogzjtGo4AF2F3c/UtZxaCMVI3FDYmczPJvB+8et7GTvHDstQ8l5k0FFuG5n+
-  a21UMF70qHey9VCqcugQ24j/WczlOSdjGUOppq+4lZuHMikl1h7L279dgg1onKQf
-  nnGRu26/M+pBm9rETQxW1B+iXESd7DpF1zdgdiue43u3SqmTyhPSw7y6NKevAgMB
-  AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
-  BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSluvKTnDMRDsAC4Z5h4EOY
-  SnMnuzAfBgNVHSMEGDAWgBTif5lw4ZBz5hU65p2jrDKvRlkHqDBpBgNVHREEYjBg
-  ghJhaXJzbG9vcC1jb250cm9sLTKCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk
-  Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFxYMhwR/AAABhwQKYAAC
-  MA0GCSqGSIb3DQEBCwUAA4IBAQAg9o8O/OzltXbHxT3Yqqwvdfa8W3bW680KEhLh
-  csqNHNkE9tn2VKSNN/gAdVZdtMWo+UGMmsf7kDD9VbJcBV9G0Zkm/8oFL31Jkimd
-  arhDi1mhNFC2fJZrM1xn3c8+QLsVWej7nHOZt36+NhIH+8fNzSvmsGPOCsqovNXL
-  NKQdaueozNs1gNTjvqW3WyU/RFVlE08/9irpSv4Vhw4Z4kWOQEzEYVW6RBWHSHxU
-  1xeBz30grR9/K0T/29aa2vbtua07tFhvJTOvPXaHTGdcRQA6ubUdCk9dfdzujrZi
-  HJMUduoqoV7yizjsvNYreVYSKM/5fP7HbKxq5ZgdSXqXIkFC
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID4DCCAsigAwIBAgIULR4Vv/igrwYoWpFhUT8OQOgjTFcwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjAyMTAwLgYD
-  VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0zLXBlZXIwggEi
-  MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQKjKfbMgd3uYs/BZ2UVpniQp
-  HBumElmKjaYmOu1vXHfA/ECxK5jQu2jt9Nxus3Lm5X3woH9lYUDM+SA7edQDYnjV
-  bG0ITjkALa8NSd79kzdPeVoLg1uksjK2si8Lp9KkeZrg9YIbMunn173PCF4S9/SV
-  kVeohbMO9Jgw8thuXmanuc0+1wVLSFpmGNNNS0H5rmHC3A5Sg7cAm6Z0ohah7gao
-  hGi0/ItryfVMrV5cowIlNR2qnL+MIEw2ZtEkzW2LzmEjYP8F4IeF1WNzMeO6I9qZ
-  LKONuFmS4bf1DnJbFZwqfJ16hhA1uoqet973nK6/G8Wqj391F8UHT2ZkXQbJAgMB
-  AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
-  BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRgsj7FAPzKv5KfNbAOdxZb
-  aw/l3jAfBgNVHSMEGDAWgBTif5lw4ZBz5hU65p2jrDKvRlkHqDBpBgNVHREEYjBg
-  ghJhaXJzbG9vcC1jb250cm9sLTOCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk
-  Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFxYNhwR/AAABhwQKYAAC
-  MA0GCSqGSIb3DQEBCwUAA4IBAQBPiVNDlPUZ3Rpu4Pvr3r9MKvPFUwf3OSeW8jd3
-  6VldlnobgJqANeflRLrJmSDbBNDtjESvsmgM1TB1nUQbr7sKfFbtaKwJw8m/pF9e
-  N9VjK0j6QG9+w9TI7X14kBGV9OZpgvovybATdnOczjnb8O6NBlRmbRI5OoAZbo+8
-  qJSU25mRmiFxNh7HV6on6W2wIzOywyorASeQ8LJekh1ilRIXxS5tVBJAdh4d1iCt
-  cAzl2jXGQcLvmUILOPjb7Ugczd8XVcXqUUo7VqD7Bqbw1jX2iVY7e3zOzfXzRMV4
-  IKbCCD2Ny6g/WDfcWq2NWna6mq2pGJ3xEmXJxUreZ6JwWM6s
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSTCCAjGgAwIBAgIUSZDVqgS+0bFSy0Wd4q7tRbob+MUwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjARMQ8wDQYDVQQDEwZhbmNo
-  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJK4nqNsP0prxhrHWZ
-  XuoVYj1rhGLt9Mu6UHwKDzhIna70UUyeszzXicEAMO+PNDmwaZEh1fCoQaxRgtVV
-  +LRKVyEHJgTUS9bVhpAtc02qWZrRLGJr2tP8DvEDcLSr7Qd60S555JBBqRNh6uMS
-  LtpAYC3SVQrgHSeNLHf6N/xXAjDDhy4lUDS5mjIdKI1PO3ew2drvhUvxT483Eu19
-  2mgVp/LZmxScFZady3ETB2PviszDRkEVAPcJ39NRT6QIQcRQEZKRUvlqX3oqmhyk
-  062+dAVoqwOuVL3G7dv3wQVoa+qzmSWNAP7Otd1jwMbym+m7l+z/MT36ECxvOOZT
-  GVcHAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUuRTGMgmnISbHvRYb
-  HgRYkHCjiUYwHwYDVR0jBBgwFoAUQHIP50JuONNwShW4vrwEaYUKmI4wDQYJKoZI
-  hvcNAQELBQADggEBAE2NTFwnsM0SJ2+qhB7DxSh37+ypc4fYBVUtF1zh6RAVzxny
-  uo2YFNgeLXfLPG++0Y9RwIQlpB+lHTMpqnIcMFUfr6Gm/wP9z767INhNsLz3GWT4
-  33xQWM1TqmoqB6peDD2wrqA2qyJPj16tAIR7DgtQtF4vu7ZUqmPLcVZ9OZffW5C3
-  2zXACh81P68eJ4wWqzB1HegSPDGtblrud0McySNKZcp6Z10IWVdytZuBA/CGLTf2
-  n8QBapdKh6gUeL3U6vuhKQvH2nsqlS0nTO0mELZogp5Txu9+1spD4ux8apgMKHkB
-  di7FdYmx/bTzN2R4NsPiaaL3w/188pOnjugw62E=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnzCCAoegAwIBAgIUPXqhse3UYM9QvXsTw3ougNNLW24wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjApMScwJQYDVQQDEx5jYWxp
-  Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDLeau1KKRih9BlsIrXbijbps95AeeSOv2M2WPi5jP5jXPDGhLR
-  HCUPKAONDF0BXGUrAidWfuQRoNul1B7iVY2rmJOWfh1JrxkcAzz42qWOqfOlr5D2
-  tndrjbWe1SRtf4ZXOS7LnmO+3XCFSest5MDOSTBdueU4OPik/V6ZA3XQlYk3FntK
-  arxYtSINGrXCN6TkBDPwVAQuiEvf5trOiaLciDY5AVshcie9ShSU26mjfVZIl7EH
-  MdXuqdiAaGyBx08VH2/5E7ypuz+jmp4pmYbdFbcvV43vbfYIskrcyFQWiGZhPlNt
-  BcOwfdYKo4CtrkcWQZ9BEXKAjIODMH0rO3t9AgMBAAGjgbwwgbkwDgYDVR0PAQH/
-  BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
-  AjAAMB0GA1UdDgQWBBT7x6KOAhNaQM3wSOBFALGvKoO1NzAfBgNVHSMEGDAWgBRA
-  cg/nQm4403BKFbi+vARphQqYjjA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s
-  LTGCCWxvY2FsaG9zdIcEChZIFYcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC
-  AQEAk1NF6txTBKfOFCEduMbPE2hYVkDISmrvdTg3dZaXo0/41b16FsqOLrV0mL7w
-  tPooXTJZIZZCo0kd2EikU+NNPBEu8SwC9P03HMmrfmQ7835qin/R5SBj2b+OCrB5
-  J9DhKOi85rrLCdpLDRg8M7iWHIUGgMNa+YN6IOoi1ysoR8fe1pqIQTNvx5eQ9Hpr
-  O0ZAJyfYXushWeny4OkwX2PoVEwbi0tRlU5+1s8747LPfAAAVa+qM5Bm/752FhFT
-  dDSpnUPNRdj7g6f/jypA/CmNwqTxKtBhQhXn9dlk44iSzVsCds0Du5U7/KECjNYI
-  AT7W3tR5QDn4vTJkJ6oe+QmMLw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnzCCAoegAwIBAgIUUH5844OiQOIZ8RMHvMW3yaowDA8wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjApMScwJQYDVQQDEx5jYWxp
-  Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQCWVwPti9FCJmZBK2cS/9ymORCcMK0EJwfajXb1ZngMbEdNvu+U
-  orMfbbqA0gnmj+ktleU1fFe9l4s8xS+oGYsoB4sM/bn05RAerytIi2AkTctd24Nc
-  35dTM2BVpkcuwJJxqYR4fu6K63Qg4+mUHk1cLKyvFvrsl1ym0F4FwCDTeDE6AUhE
-  HuYACKqPJffKJSVtCHNCSgB5KFm8LUyGNFk/mc18yGKMh3W5VPjyv6Aq80rOE+YL
-  rPrGgIHaipeiflazxROMOx8C/oxXWmEKEry05eVbrIIk6bYyZg+2gIv2knyA4X3t
-  wQ5lkwnD3UKiJvs/v4fqEoFiA8C8/UbXH95RAgMBAAGjgbwwgbkwDgYDVR0PAQH/
-  BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
-  AjAAMB0GA1UdDgQWBBSjK7uisTckymVBo3qV3BI/Qs+PLjAfBgNVHSMEGDAWgBRA
-  cg/nQm4403BKFbi+vARphQqYjjA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s
-  LTKCCWxvY2FsaG9zdIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC
-  AQEAEC5jgOj7aqr61ViLuHhenJaJ+Viin9atJ5sWAJRuyNsqgB4pyHr2NUpI5hQc
-  sY09KNzsPALvBdibju0ng5YULJuyqT0OGZsECsx6GuCi6CP51Wa88wRLO7JtaL+h
-  DTs2aP24paTavmfzZjn2DnGNEftngvZ1omYSy3aDn3R/qIxHQ6kiiRK03Cur4v5M
-  YFWdnC7u7d2IL/LDVORrAFoedcxy2k7nikwM2KFxMJJ18nm3c0r1kpV9BcIaU14h
-  JWep5ZBgPaj2RHpJQAO2rHNW129+P2gNlVT3xlQDDkIbdJWUtAtYRFzMkvnRW8ix
-  poJ4Rz+0FyIzUK+rt140s/bF0w==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDnzCCAoegAwIBAgIUBDVBmHiDoPkhgJF8FSDG1XD4yk4wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjApMScwJQYDVQQDEx5jYWxp
-  Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDVvRChUKugz19XIuAzaFy+obM1EwedLuk70DBMcRfnXIT3LpHo
-  GYsxfBFPocd55zLdng2ZDOCrQnFem+H9Wtb99NEhvUf/B9rbIa0rk981iTX4meb1
-  DtOnZptkeStF89gWDNNEwxxRTaWu9GEauJ2k9S6sUzXYifSC9bejS9/kaFOSQYle
-  ltGf8IZE1Se3CsK+Cfd25SZX6c//QkW9stnWIXYpHNfGo/jOMPdbP7UWCzkc8D4E
-  U+ZwzzCfouz1fGdun06dIv580SuQB0IF3rS308KyThNJVkRgIYvy2XLeZ6cjZADN
-  wjTeUJ386JlLfs6jE52dZJynis5+5b4QrpbbAgMBAAGjgbwwgbkwDgYDVR0PAQH/
-  BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
-  AjAAMB0GA1UdDgQWBBTMNd+hCpyyqSd0fIe6MNS02pxDljAfBgNVHSMEGDAWgBRA
-  cg/nQm4403BKFbi+vARphQqYjjA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s
-  LTOCCWxvY2FsaG9zdIcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC
-  AQEAERUaiT6wKwmhBZetnd42fqA+yfDRcLkQ3PBf5TP3OWjZuLyxe+Oxlm/Q7bwT
-  WvPGRwijNDdtic+NY4LdV2HQ+LMEM2avQ72JZdFIYGDl/7cjSxVmgb0VPXFXkBBE
-  nJWDpnNTkBEPAeDGGFxjbFozGwV1XJ/eNpFfJUPlHoL96fVua3hdC/zvIEeE6eYU
-  2n5UFlQNZsL8eNHRfBNWdUQ7SwmXW4+9f+0EFzLpmb21h+Sep2e5sEy92piVfdND
-  A939nq0xlFj8ojyneNBU3ClGtQBf7DRCLEq7isAgHcWXKe7h0rGN1eOKGdgerXdL
-  9YDvXq3UDIbAxxl1vfMukL4LEw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTzCCAjegAwIBAgIUe7lHT/bsUea+wHfxFJD9GthttSswDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNzExMjI0ODAwWhcNMjAwNzEwMjI0ODAwWjAXMRUwEwYDVQQDEwxjYWxj
-  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6SxFlxOqC
-  dwtknLdqdRzMvfv0N+zbyGRnD2tDepedIaH7QljuV3l2sbxG+pYPHJxsPMgn39ml
-  Z8ibVLzzXWIBBrqAs71AgRvlC6qh/z816M2dZhwGvHHIa7Bw8Tl1ubFUALMQXyiv
-  DsoBixQk3m3kSY6CUFaNQfSg5HPvGgvhxmQ3j54CPQvCk+ptRKu/8W6nnkYPFJNb
-  LnAjf4eYvxf8wsxi6wPDHrVeEA+hsFFkx6ylXwikiplV3Og4HOzrr/7wGyOzE7Iq
-  mtrmrcuzPgX2FOR8JpSvjzazPhrpAYDyIvKaUCt/csd/iwuYf6mkBz/uyT212Orl
-  PbZs5a8IShGjAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUpkTdCmRa
-  GEFn4XseB3mODggG57AwHwYDVR0jBBgwFoAUQHIP50JuONNwShW4vrwEaYUKmI4w
-  DQYJKoZIhvcNAQELBQADggEBAKNE4JN9mAr6ohnd2+NxBPj58QrsYdmg6lpAbBZd
-  lwDSHFYGzWGFgCCRt6HYKyAuOx2REbB/d1n2TpW73an3HOO7lM191mnJmI2iX7D5
-  KySfVtNsRIJpFfczR2j3QNJ9xJOKEY6NWDfYTNNKHGwB3jDkNg55YBygE0jOBDKh
-  PRQNC5YRcptve4YN7lhEcNP89jtUTpzd/9a6DlXkO5A8wraXsQDSPSuWQFyXgtXZ
-  XylpHSZwt3NuRPWYyw57Mb1HZR1Ti49ljvjnOCNYWocz3NC7QsV9VZAJtgMjR6Kj
-  VmMp8Lo0xlzZL01TbxmFlWYt6wDACMSJNLG4i9V+RV3CJaw=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDqTCCApGgAwIBAgIUCIeV4w4DGFnDgPGCOn0EIyRNhZYwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMC4xLDAqBgNVBAMT
-  I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMS1wZWVyMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKS0SWSg47TVHiddHWA0L7rlG4r20iq1/6iL
-  vc803KxHbLeQ+6KsLKJ6MxHIIQK2RI5QW20VntPusXFHcNfqru1xT0jsK2Td5Rwo
-  4zRQT7fj97CxR1GVXQo8EjmtuiAm9/3c5qVC+j/lYmUs7m81dnJmk6U25DFeoUf/
-  k2Wc4CRdnPv++Uk7SZ8YAaCeaOpe7NxX8WYgXVnILvC5n4OIf3OY4gqtpnSw6dtq
-  0zey5gHMiqnm+MUCr/TyXauuFaPPqhaJUZQD1aC6XulaxAzzPuOv4sr4He/XO3oK
-  TsJr1EDezgrALOr1o2lzJlu2jVW5S1b7z6zuZQA3nILCPLmkrwIDAQABo4G8MIG5
-  MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-  DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPssWcS546UcRdzE4V6B2qketg8kwHwYD
-  VR0jBBgwFoAUIFa4w4c8sJ8j+Zfirl3gGnOQ8nAwOgYDVR0RBDMwMYISYWlyc2xv
-  b3AtY29udHJvbC0xgglsb2NhbGhvc3SHBAoWSBWHBH8AAAGHBApg6IgwDQYJKoZI
-  hvcNAQELBQADggEBAMbsg/TThoZV/LHQLZF8z2eYxFPS3Aw1KhRQZquXVL+j44Or
-  J1HcTHYOwCYAGbf15Q48qv0KB39Tbn0Q1OeHqb9zP/duvy6eYnWZ4YMJQa/qvxpa
-  U3V2xWZ2u5KZe4iWCt0id7kizWMmWMT+lQs1GHoUdngtIGIbVOF3gy2mhQ2NFPnr
-  1JLp1TfGnS20ZH9PPMKSCJqsYIIJqvJ3q3yl+bRB3ACOlDdYBFXCcND/BZlD8HaP
-  8ukd2jZVjGkmCvDrQzK7qrppX0J3m7VAYTQcEx2GSrCSgL3vkyGtDEbtWDx6hlSL
-  nZ4p6Fej34JYy1Z5oQXE32Nciy9ce6vHVSD/F4A=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDqTCCApGgAwIBAgIUFeXxxaEFPevfZ16lL0vTS8XV618wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMC4xLDAqBgNVBAMT
-  I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMi1wZWVyMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WxryQtouuzKQ5xfafQjZh8Lsm8d1fF/eqUU
-  crxdx5cVGdLkJopkSu5w8OT+HBKBq98utgOFZE5fMPZlUBYTXj6Rvz1Gry+7Hh4d
-  cS8PfizJvTKCDVTHpgBwNBlLsd4qCo3/Swz4LMz+JO8cgYDX3Mo+PZC7m8l8JE+k
-  ctiXiTNETdq8B/3rEAQYe+E77dVwBGLn6M5zxXRmMBVqphQzaz+ZVjXYooe6sAf4
-  vprSg3nCJ9qhm2c9tDm5jD1dR6vxCpQiSg6Tsz6Au7KFXa97fzM5TjAKwlNi0MN2
-  wKrlhrastlActMs1ROTi+SIeYNDSqiqRn0jt2Zt/+rGvpjWj3wIDAQABo4G8MIG5
-  MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-  DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUvUDzZ+Q+OdjHQXRlpz15E/MY5sowHwYD
-  VR0jBBgwFoAUIFa4w4c8sJ8j+Zfirl3gGnOQ8nAwOgYDVR0RBDMwMYISYWlyc2xv
-  b3AtY29udHJvbC0ygglsb2NhbGhvc3SHBAoXFgyHBH8AAAGHBApg6IgwDQYJKoZI
-  hvcNAQELBQADggEBACDK3u2IczooHECNExFIHXBbGjflqaXAF6KNnXhcy4/uj48P
-  NVlpx38djyAkixSXf0Mk/7VkM4PlXxDS7VFk1Wy9X8oRcG+wbwLMTquGSKM+anp1
-  O3/CejV8tB8n8Cuthq7Vjh04ghYc2swubaEP4sEOk6Pkp6qMqnGqOcHDgwS1hpQT
-  TtRONy2o9YNZGHyuRqyhduUdsSsM7KyTY5i3KbsTWVZ1rW2FrzQnXTvtRHeAB8XQ
-  KnOg0wRYyE1LzIdrLKXPkzxqteRMvh3XWgCHkv1IcBNeYTVEjdX6URbPSVaeYWUC
-  vsHuNAcM0p2kMQvpwBzkcG3acrccZjWQIPoXS4w=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDqTCCApGgAwIBAgIUS54mLAt57X6vwh1vo5icnaHdqQUwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMC4xLDAqBgNVBAMT
-  I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMy1wZWVyMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc2164O4HBhvZQr01MagQqZqeZhX0mLhTT8f
-  QqZnNiSi2OgqrhnwlX46QzxPW0A86kubcv+fSl9WwzrVVyzfZcp0iNH+f848XRNk
-  RnYuE4CLkimZ5KDV1MdiHp7XQ2bKoSwp4rgPbqQUyNZuzabvEDSu+C4PfDS/9vzB
-  MYVkProDpRXbAvXuRhiyUc1QmswB/fA7MA3DFosL1x1QDYRhUQ5Pwl77dhf+z/Hg
-  /fXWD/gXuoQYDtZv204BD6z1GXFwIcMpLfFArW93cypGhOTV92nw8BVLonPA6hvi
-  vZtZIoKWnzYa0a5+wSYKJG2IX4FhZNWXeHDjFWvWtzwQxfSXsQIDAQABo4G8MIG5
-  MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-  DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU4EiXZl0D8a/TR81KmLWoIxl9N30wHwYD
-  VR0jBBgwFoAUIFa4w4c8sJ8j+Zfirl3gGnOQ8nAwOgYDVR0RBDMwMYISYWlyc2xv
-  b3AtY29udHJvbC0zgglsb2NhbGhvc3SHBAoXFg2HBH8AAAGHBApg6IgwDQYJKoZI
-  hvcNAQELBQADggEBAJT6LcpcqYzB9MWAptU1EGH3BlJdnYW6fVsCauOieq9UdZOY
-  gtskXWQrz6yIVZahRFPSo59EAtbZdD2bS1QSS0FjnvBQH0bTIfSLYl5SyFuGq9pc
-  J2aw59yGAbqx/SG37VYG7XDPgjuAjuFLF1hoJa4vFL+SyzUxT9J/6TE1KteBC26W
-  3Lj6Unc+/POX8DdsdpA+yItXcbBa7Wa3AfwJ66C1V5gslJVBEi53xdh9PPeTtgZJ
-  ETjC4WnclIUVg5kXL+i6NVBSOu2GBP6azwUHxk7ZhBRBu/A9luC1GTCfIdbcdJEJ
-  iwantFRAfEggr1p+i3rzyYyoSqa7A5bzQWdBpPY=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDWTCCAkGgAwIBAgIUSQmGxG5CD+2/eonVhdXEnjYga3IwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA3MTEyMjQ4MDBaFw0yMDA3MTAyMjQ4MDBaMBwxGjAYBgNVBAMT
-  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAqn7uFly1Pz8krwNCOwPfF9y3LySMjSTasJHjppAW49oiJQbKHdTt3QAsBt0c
-  DK00xeyw8z2Yd3iGl1rA3xYtUnCx3MBntU05g3MGZHErHH/4lDZMaSFXq6pUIcbl
-  PmjoNHpWtyzHlm+anCqIzzcAqJZ1HW7MlfCOhYljeYSDMCExocL14/nIBqSW0/ck
-  zf6IrJ43At2DRvdqfEUEwBgSA+oernw7djBAs9DrpRv0sMNbbkPwcgms253GsmQI
-  qUYOsDa273HkNaiTbbfcdXvSjkay+D9imKYVISjUQ8mfJKwqvBJQ3Ou1ig5SGtQM
-  YAV4DDqeDP6giSTvlBt5C2kvCQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
-  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-  BBYEFIDVNKvkS2vw6VEv66hdWM1SUEEiMB8GA1UdIwQYMBaAFCBWuMOHPLCfI/mX
-  4q5d4BpzkPJwMA0GCSqGSIb3DQEBCwUAA4IBAQCg0D3x1/PJC380mKMdXDuoS/sr
-  pxtCeXJc//3V6eFeVXj0F5nqrNAPCPukeAxaYVKu//DtMtlNLv6Spk43vgi7sqpi
-  KF4ah2xdpoTQyyk6uhF1qV/WVriEnXlgmyJEWLUaWC4dv5WmrDpTiyJCF0oxaylr
-  /iw6rU2LbN5YJfGdISoNTy1WgJppWuOhFOxQ71soJtbYVm6/MI8MKW6t4cuZbwf1
-  FoZTjwXBM5nLjxVe4xdTGbbFkNix4B9F7U4Z1MUG6wRI7PxEbe+67ij0qonhsmwu
-  jZ0hUhjJKsoUOrHkGGq66NyZ3swQWXRoUqXvGQFRAfDhN25b5U5XEK28u4Ox
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA2VQ4gAIvClr50/fOEUwM39T4rvOoAb3tjN2iwd1FEWyHJJ+M
-  dtw+Ef6JtHnDC+iBs3biXtJGpb+wtaf7cZHV9B8ijPI530ej8IWVSomgL2ahG8fu
-  PIFRQhEY6SqDNsm8AWmF3ZAisAcpQK7lAGmd6f1WsQQfxqEoBfkV0NQOiQHE8bwJ
-  3ee5lAl0XAmYDDX4Be29fJmtC34Xl1B/+/KkP11z59zTi8OQTUjVBo0F77o9LVnQ
-  aalBSLBLKR1nbm0Q6a/RWYtTl1HTdhTkAmJrsCPotfYWl4FR3pCixGqE68U1A4Q3
-  YtAUvGwjblyMGCpkbbR/LWIQD6Kp3yBjnhFgLwIDAQABAoIBAAQFwAn2gGJjrq4S
-  rxi43KAj8/pg/iISHtx1mbaW3tlktdeisFne17NDj87sVgTZZ9UnhScWI0KcGqwy
-  EMBYX6pmDSCotxN/4vPntQytIW7fKmo2OB2ckyFy6ZAfPlB8SWOJTXX9Xfb+GvBc
-  jFaGneqfysP5/JCTmQcLRjEYS7CTdBHaFocJD85BNEw4P+oW0xwMiAMWTisvpZFs
-  PO8ZR7FPmRq6n4X0g7IONoEjBulsnyZ7p7Hf2U0hPArlnKtj4SqpgcV68NUcuUfI
-  Y7cYQzgNDTRi8suhsRR60lHa7X/Cf3Lgzw6IHnU8+tSyIJ/Ehl+c0GdO6SRPzrPL
-  MG4NinECgYEA9PrA47aleI9ooVsMam003yT/RY7h/tot9UkAyf//21Ch0J7GkMm9
-  BRO4nvRJ6KRPOmov/2vnOODg3ZHjugeCVjSoAB3x6yWp8pwknZ7oBNfrtNyhIGMe
-  JPTJQS5FSoSjKVE8TYfuuxrUb1O7RQ3jctvql3MNh1dh+el3UxcifLcCgYEA4xsJ
-  a4/QUnfblvoetNSqUJ8pIGyzZ89tGW1gTuwTHn4u/i1/TxZvuA69d9gcsZC9aK0L
-  Y1iavbMKfCAOgRTqMJFut3zfnuIGxEDJwmHLYKh3QGtYFstk7Lf+Fa2E9/0wJE8+
-  2ipobCDC9B6mEGavK8oZQWWiUL7OTAHsjWpysEkCgYEA4F8pe2Y1d44hTmeNn4wV
-  +KpyAssywbAil50dU+Vb+QqIqgJB6ypaLOQ7G5qydpjG18GZ5F53j+inC0grQp7O
-  CRaBKFpE0BHW7ZWFE7gO2SDJiQTprjgZy89G5KP0YqPIrHbyvC/bvxJ7rtsJkd1+
-  jBxPaBbANU0bN0FVQIzX0VECgYBCfSDl58XSzxpv+ixRPs3aKq7MumZP5y+GuTnw
-  ATebvs+dRM635daxaUdZNeE4ryp04eyqmj87eJaCPpRggDIMJBfpClsh1gSrIliv
-  WxhC5S98obC5g7S5hSiTSijavbqBdt3s22uU9IZ/GBYAST/RrypztgCuaR5WrF2I
-  DXkkWQKBgQCSCbr2Pnm7WwIURq1oFRbPmy1UHIfq0kJH6u2w1yb0820eNPZjja8K
-  3G2aWG+3HuJjxDEODd3hi/bbuX2XeRE/n8hu+EtDbaj2rcRVUg5JG4sh01KZpSnX
-  sdlmC/aOeLoMCItyDI1w0DBRPF2H6jOGWQecSZSRynd4FzHXvLPSJg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAxbFKDWnbRZlYOWseti4rhmcYQFm/uCi4pbIr7HsatGp4Oelm
-  MMzzFH2MELbScEx+uwcz1AKRxk23B3qhDB/eo9CBgosG39dka9DURsFirALyla7v
-  /DT+sjO+6OmryAbmBKTbMdl4Wc4nNHmVQG/vX/fnZ/iKjp/GXv99s50ZyKBWVWov
-  oaJWYI/xZfrcby3eN97GdlrixVcyLCW5ylvNsb7LKr9mPVKz8xPqaNdtJK73jz1D
-  WQiCZGfvW3jZIsfAlV/Z/axf9Y81T3FozOJmEXd4Mc6ltgSr9jItzttTXe2cpR/A
-  azGd1ncGdgskVO9VYx0Wz6i2UNB/rEOMSWq+5QIDAQABAoIBAQCSEW+cv5VDNI1K
-  R4q2oyCHuw7hJS8R/AyKaT4pCcBug6h3aauW7SfCAQ2Hn/2W+f49ZJH32ToqYmuU
-  /BeYZMfVFA9NDDo1E+nf+7mM2gB1BeyFim9JU0LJGpC5eUXykp5L2h8XEw7ok/jF
-  vfv4U3xz1TDG0o5V2VnyASa4mqBdakOaXCpEvQCwuzcHkp5pWPoYlMJDI30509Jj
-  PkmsVXjr6TC3Em8UR4QNo11/s4o26tcZTKLs9yvgZOLdrNufN7KA1XDonHZ4V6eO
-  ZJSV9OliR4EPR/wTX/gTArzJtHROHStxGcG13ppjl5LujfePbnMXXC/IrZuz40Az
-  Id0UA5RhAoGBAMYLF7QFfWkFOWMWJmWnKsjRZ3097W7cI5hZ24FC71YLpPNjvP4x
-  2Zn5r1u6uKXdvtu7/J4RY19o+4N5VFjn2f5xQE8GJOiF+nZgYAdiqz5H2Be+42zk
-  52ZgjeYDLwyPPvGBHAxiiXPDlLkpxZuPmG3dw19B+3Skr88KlxmphZK5AoGBAP+L
-  6oKrEpR00L/rIUEH+WwgV+ZCJrQh9Fq6pjn5amuI7ZhFiUfx+iuWvBLI80OAqeEm
-  9XzzC8ukYkJIx+hEgw1dBlTrlZ5lGMWwqDuLCchkf5HlnqsCNPGH3DRmx4pPj144
-  8DeiJ+VgdOJ9Ojb45U+F0ctHa07D2CJc/OfVFOeNAoGADgcHHMcuxNuL3wrYmWan
-  zyWV8PcL9Eg/dTEYLSWykiOtAVhVMKQTR6a51wN4xLbaJ/I+yGtu4HktJ3jWkp2J
-  gU5AQdirkJS80tmss5k3i+fG1Je+wB3Ojh/UrTAYiwkyaiS8+duY5Mw7oonk50na
-  gB2vEvY3e2GW2lFjtnudbHECgYBflTTtFRHJB3yBHHB+w33OrLZUANA7NiwQt5mv
-  O5RLjpbYCsJTb7XUEfhcyl77E6f2+DyANORnkh/SjSiAvweJuw7AOrHm4geHAhGa
-  2+GX28c/ifR0IEovQVLjIsJmAGYupvtqw7NKf26YvKBGqYgT24jiEN+ZQXWZPNC3
-  4iKEjQKBgC0GSwGEWqvMSzmLEa9Jxu7/lOcKFyJdAjd7eBOxTVqOIBE6jiAWDnh8
-  GFRvkCVIgiIiFDWamEY09lDBwxkEOcFIzfgu/JxYSjxWqVWgn0D8rRD4tHU1e/aK
-  KUFKErOpz5ZstJNz7gB9QCBY0OQAXwPeqGtJCxX06XWsaxG+SrZg
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAt/c8OSNuAUatuH95rqyN1bGww8WywbljGTRqKvhwkDTnXHCT
-  OFmO0D+wwH2uzfDORDSfhxvCOBIefdqIzPx1IOcQU06+qIOLxKf3J3Dmp8Hjjg1o
-  rZZU8UpNGtG0quMHIqOx+Yk1pWwYCKr8CIEuiiE5rkKjslkShbJV+Mu79cBQptOO
-  p0c0WF28Cwp01AcfBaOy8AL+zhmhUQuKORm18SufAK7V1pz2boVJ/5QwEMP6fvkW
-  vZepHPjbHr9QzKzaB2G+1PBuhZjMkjPn9+FeEa4lc/qkNz1uYuEZGPFSbk8V+f5E
-  3Nn3tl1XL4vgTxML8U94eQLTR90UdfoVbk1XpQIDAQABAoIBAQCpMH85iYUVNVx1
-  rv9JDzdOjiIkmsDA++/Q8Wym4mAbsBwL3xj2nR8EFV9IWQ6YJlx9S+xfhL8FdFyI
-  oKBp7dEHFprkEyqzrm+vyE48/s+S/3V5YomgA/9Q/mWVQcIn263nRKdc+LzWy2f7
-  KM2sQKp9rPrwcic80kB/pzj8HNtbshh1pvf++Xpm0vxltaW+IDqVryuvi+Y//4a2
-  BtzBowAbWWmETR1hAzfJ25FigAIw/eyVXiLk6bWOrAmQblGfV8/P8fmM1nlGXOPI
-  evZUuKSPIYojapUC38Q3KqiTLqEwCliI35EMbMKqPnxKh/jangxrHMvBin7P3CjL
-  GlhaClstAoGBAOU0hDjt4RJit7S5cwh22DFldHRB1PUogfA32pRvn7653PzDipGq
-  /OKJBKi0QIl3aT7rvn29VUDH1QPh680uRIwUHC9CldULVsSgg5qGr79bHyisuho+
-  kKTHTuEMWEcX0fbEwfDoXK4uArQoePbRErC4MAGptHQFUhso8V80m52jAoGBAM14
-  0+eEyP3+/J9YWDZisCAFUsJxTwcT4C6xtfmabxSyArnQE2SZK5Ha9pppy6b382JL
-  dWE3WnVPks5JVcv+snMdlJScHlIeYgv/rR8+w+fcnllR0HZpEsL1/TXnrMEvVrgg
-  1/9hy6im3caEskVLxLx7eVWLDfbD7O1v3arWK/oXAoGAWIj/pgnlDbgKJAoacCOQ
-  AQyifiHLw+MgxgydJwczGnYq8YwK45e71Tl+DjiKUU9J3R8s1t8ipkJKexRyhDAi
-  FEXUWUEMJV4a5xrlmvP5wR3OnGSUAn02XCAMzQt6sgN2fC6mh4sJ+dIWA0c66oP6
-  Bz8udAX8iXBgtdML4W2tyqcCgYEAltTk0WaDWRkOfzaOAtZtLgRaXUxqU+q+PejM
-  if9ZHZsTLy3UnptmBXr0XiPdkKMhsf1snEHTEJyqSu5AojBE9QY45OK5y1Rsaxx0
-  DKS5kQI955mMau/1CtMi3qhEA8hpY18Q0HMM2rAryyfr6byWHjqRtj8OsB/hU+cz
-  lM4FmF8CgYEAniqXoGILivMkUbRBhdFVQVB/6fiGZKCrph2F2a7/VDGLUpgg/bcs
-  jSnd7T6wa93K+FqjIf/nNIzMp1s+zcMRlcJ4rscrCxxoRTjloOagubeTkAryhRLF
-  fU1enUJIFKZ7kdcUSilFE6RMZ0MmaUAMato2lc43cDGBQeWlhU8qUVI=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAtLU2qRhMhclbr8kTqbz0B6fXoIgssc5xdvX0Q6xoI/dp2LuY
-  EzBEYTcXNmUsm0GSLWkVz90C58a7f95lHrWHqwfW78FwoDzpFIG3ja3seqtcE9me
-  zCy/6ckm/YH4vbkS4cwQGTPYEG8Rf23DXjNINg4Hjd2nlebCjxIZ+TlmDgeCgd83
-  hXjBZuqFw50m9JSz9O3by/O2ZdRrnDrsrgCWilCaCD684sLwECZyuXIsarxR3eBW
-  oYI4jgf+cgyOD1B5RCSXnD/8IUMGPbKhB1Jq9LVLwdDFKuD5gpxVjLt121yFz73H
-  NnF60d6ftOyiUWOytsUJI0aAlHyOS9AWqLk1lwIDAQABAoIBAAmak+QauX5mvCu0
-  eQoNU77QacJLWmy8twUGf0vVbtdyf7qYBbYHW6r6/Y3ThLJfosAtFI6uhUgCJNbf
-  3+no5ePuD7tAQZcShaSkXDf4ZVgDoWogp7LcMfrfyOWyMaELo/hCGxzrx3DgJkLq
-  d3abLRxKVJZykESENhTadmzrYwQdxSjk/HwMzmT6CeUVxriLKAcG8qcIQ+V5C3vk
-  BRJevcI7rhX5ekEgK5cBWPCZhOIVpcexO7c8MazVV3kAXNqhTrIJ51Yq3aoHXfyE
-  e7ErBQlqLtdDZXaMdYhOauvO3I31kfZ5ZpzJjmFyRmQC+aom31KzTksA8C+ex4KG
-  9BKzDzECgYEA449adUTzSVg/bsr+NhVQRT3VN4wha/cR6tHlQZBvX+jBzNyijuXN
-  hr897yCLeFU0p2z5e5pLB3RhMh3wgLWC8wH1KYHUvKA0c/Jx1sFGFbu0tF2BxP3M
-  iVazrfGuytCBLLyKa3luy2P9wmvtsnp9adLCEWMJwezB5UKchHiCG48CgYEAy0ra
-  zJzjqcJX+Ih7+CAHmytNJOAhdJE8S6ebDhdVYANtaLiwOnBSe62Yn62YK4ztnrrE
-  pe1G2pa/QEk+YyAqxZcImDagxLGQhKGnhwwBJVeitpiyUbEEjmWu8MuAei2c88n3
-  0S1hHsgDtx4eWFjOzamuE3AILawkRSCKVIwnYXkCgYEAx+WLzuwM0uckgczr1tKO
-  OuUAQdVlHpRhNue+/gNE8vliFPXUDrcr/ixM2Zy7J6+hm1mNJtj5A8lmAEJwnH/W
-  UmXr2NRl7nTE3v2gpsgNKtZC/RYPAt74J8Tz/d8KbrsOXiAZcCOyAhUKOxnYKiqT
-  tLwhImjfj2zNPvluyKebk10CgYEAr0AziOrDNIgucDmwrUFnbTQSB/UTwjqmAQ5X
-  E/m3htLNkdaNTYOhB6+qgBUVto2CFzEo72WyjCQicVfy6V9EoBvIs/d79rSgQkZd
-  doU5w6hdxA20w8nXhK5R9pFoi2sg/+Uftvro27FPyp+zRzQf65oYT/dnhX/9sH4R
-  4jsEg/kCgYEAiusQ/2LqiBHO/3Osem+g/0JBpUw69DU2HKH0yNS+i0UqIp8McUi9
-  kLSdhIhXzrEbJ+ZJzJJ52gNe5lNtQFJfc3m/fiGHgty9WxSTWWNAlxkmP7PYb5Qt
-  LExyOZZu4H0f8jB6pallGpJn+3CGLZ7jPwjR66KkQDCHiukFdK5Axck=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAs+F2TxTbWQlW74wGGn7v0DdLhD0pYy05KA6N4irgF9TH/nxm
-  QnKzQFzo1IO0dMQWF8+esnKR5XuoCpW7RAbQKyk02d1OBLprPu5zorbm4LqiW/VU
-  clMuWMlo6tE7i9nCIGpypDHtvNmGSnx1Ocew0/F1eoJnEVafyMsg4j4ZzS9x/1ik
-  xvc0v6NgPP6RcKET2NfhLNB2FaWj3PIxzItGPizy4pAOKvRM+HJoaaxxAuhhd2rc
-  0581JsevNw547nX8zx8hK2L1yLLgNUbxkecTDQ0iCWmV5iraKbJYodhTZxdAjY2Q
-  9S+M32SgBmxdfedR9dwytoi8WBmoBsw0xGClZQIDAQABAoIBABcukU6zw2kAGSIa
-  C5dSkJlm5uaN802CwID3DzX8jJDFrViQs6UQnyVGVAM/TfxWYPqEmVEqDr9iZk+m
-  6FFmB2Hol5UUPj/BvpyHooNvyuVfaBktzspFCg4LNug8Os5VK/19enTKsnbKGdJz
-  o6/kmldWIOu+7oV/gmwgMYa2tiCJK3a9E5+opXW826SKQDXvnJoR0NfUzvGDdVRg
-  WTD2Kf+Uct0Sj0pXsbLUv2BYUcvKbXIQLKdq6TlXPXyZhi1G0E2Pn+cQHJ/qPUHW
-  fsQFiccEr0uq2xZe9y2qhIRDharPmW2YU1jnily8BcdVb/u84TKi2BNsl5U8VZvs
-  fLbazQECgYEA2191VWFYrrbnAVB5ra7xNeSaBL7nB+yseO8wv0KT5+1Mtjo8JMp9
-  vhHDWrEJ64NGwc0t5FAAq8CVPs9eB20PXp7jsMrtnVYcDuJmUGoLJwQi9pU2Z/qN
-  yvQQRq0zD77nUEVM+9VAdwuaJANKvbIJn+umPHzjO4LEreaCmccNkmECgYEA0eoC
-  o9Gi+b8xkZ7tnnY4Tqg2A2tBTnIhRdllnt+U89BJVtws+3mXOzqhKk0K91chUDzE
-  66zLMcuKUEf0QQulX29XGR+IklbcArofHGGfASyqsM7iKumsC9syV1ejNI1qTw5t
-  iMgRaywp8i5RHFXu4iBlhvqFOQDcIo1XOcY8OYUCgYAsb4KZ39UR1tSmDIIJL2WG
-  sB6OlYjAry0kdfbe1wKUuRmP0+342ddsl7aFeVT0EqxTd1czZw0rvR++EE0QngO9
-  +9tNJV3KP/YBAdUNtt05cvoODp1tpG/yS0u8tTqhlt7OAKueW0zqkDwRzWTnVdfj
-  P911ZSq2FD/4pbeQpKRYIQKBgQDJvKQc3HRMoTr6QEsNZ4Bl17NRRdrVkUn43x2S
-  uj1ktGBHYgK5C/oTqh0JklFftBUID98QwFfn2z1qOjy75n1gYpjKREv0mBWJaWZM
-  2GT/s/W3RpyFsVzvaBHRbyAieWYZ5DvQoLZc0WzemzTIjq2uFIR+XHV8ex8U9dFG
-  bQWkIQKBgQCHd0Bq5HB4BJatwVi2PllJcZgi1CDDDiY9jT08yA3TqoxMfT5qAjH8
-  CkBFOxa6QFrQTgUehW7NAURemVDFsi/wM9mjGHoxjG4CVPtlg1ylv/0JqlbK1Fhj
-  e2rEvk0/XnRFjG9pxJ/MQDeRiqot6SHbTaJE6RBOCglpBD8SGZfiUQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAs38Xlh/LlB0wTerwwnyKH4/J49wpkqPMh9hXIaxPNJ4vUhqC
-  t5YiT7tXfpkhz/OLA5PVqhU5mW7jPRRii5Ad3ELt+ASSh9UsPNH/LF+DMuJGJcIu
-  zCr2bK+bwXbB740r7ulJQ68nwEc6626Qo28pHQLUpdj3XNtsiz29CzMs1zfGxPvW
-  wAc0WwwCjrLoPVvONIMCk3Gee2Sy4i2zVpVHyC8SygXyx7q0u//W8nonS7rZwqKl
-  XtBKOMR2lYmpLDxHVtFvMFAUYPlrLnU77RD9WKB6SRgq2MwV52MbFQTn//EpIy5b
-  MNw6Py4p+cvihxtd2xcsrsgm/3kQGoz5hXHOHQIDAQABAoIBAHq8g9dOhHkSAG63
-  IMwMNrJgMu/RIsg3ouqc3u+SkFJte/QLVqjMS0fz1V8mvL0iTkMy+l4jx1AIR/AD
-  GWNPN2vehDQchEnHVUl9Wpvv75mCqe61uiQ3mGs3JS0D1JbGFG14LXXPtkG/MyW7
-  Y8GtiBJjVh7VnkdrbuxDWhnnc1jxj+tgYfyJ55hFB1RKG5oa0/m4mBq/eKd71l20
-  g7qK/DR7/2/ajwR+0zb+qt71vdovUsPlHHXVzeTrZ/Om/IjblS9KcyH18cKx4ikx
-  noq8T1VOn8g8+tslSNypX9TH3dU6dNhK+WFrS5rs0FBNWM7z9R6n8HX90mEk9bED
-  IdF7/k0CgYEAyCm3RrpPBc0SANxopEpk4IxnbwWTwVLNKzADNgSs5lXLJCum1HRQ
-  j1vCkG1RvwfcNWKEbBPfF8LmVVa3RE3vlksS3yrLXXdfLHqdQqM4j+uteHLLsmtf
-  6Y8QhJ0dZqDMZqH8JWZy/5hzl7Fy+ERx57BbztUhFXVTSl1iuLrGnK8CgYEA5ZGD
-  v3XgSKMwkfp9UGg4MdVwnB8D+ewBtidWn3DvRYJoTAhKF0yLEcy+5VDyVp0PWSZ7
-  65h48qVvXlMRWJqvKmZjhJxwnQTsHn//QVzXO60uqeRY8MfFzed2a5aoORs674/F
-  JAoOqqtANJ+Xr09hLeYPYDczdEhY+cOU0rkTLPMCgYEAjYHQbFQyoatE2w73e46M
-  mqMoTLjoqHfdTHb5DitoAL8OilfB7dj9SxxYBLsEW8U2zRcE/1NdGPNU22ge0E84
-  3kvc36DlfQJzaoKUwxOZXUYEsW6Wy2BVwky+JMLekjuDxdsm41n2WvRwZAGzggkB
-  bgakISlT5lO3uo8ix+5jk0kCgYEA1obsAjAqXla5ncDh+BDcap1VtV86fQNx+gG6
-  7hZAUslxo5OfgTRTRVf7EBpbzFrLK/lNljUO2VmFwDSKIi2zAUFbQGJczi76Y+oi
-  47bZn3fQAo1UG/Xjv+3L+PB51Zu/sHy+slX/rLeJsWNuATKB0r2JotUS7VhqZUTC
-  v0SaSccCgYBMbrKUBZ0Pwm3Iuw1mLI4z5Mc8jcH6XxhQaUUFDul26KgHimJ1rNUe
-  +w4MvvfQRXpYRxzCnCt2sFupEu15/VYMTx+W/NTLfOoGspgrlKgCYVSkl6gOeKWB
-  +/jV7dC+PMYqdWxIcfzXnyd5/QB6A+SrvzetSB0ZtIdC9gGNQZHSug==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-airsloop-compute-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA1FdC3HysrW85YXY9/wc46Jm15xY9lj9yTMAwNgw1BaMc48gO
-  xb9b36JxGJIhhg6QeGo+Q9Ec580GEV9W5ow/ZHQTKYhhDh0xkWkKZ7K2tyB8J8T1
-  do9lRrcPoZbKwqNG/nvCXqdNbDb/cSa8M4MyRethMLKYodQy33Z/xd0v/kHYRBUF
-  CngPzNFnTrX/Z7H4gJOyoyQfjcBPZLlUmu0jqvDUR0UhYtIcx8SPkChxog8fUP2W
-  rkknF5l9YYRyk/9+4dMhszCj8bYY74qZ3oIZc5+XHHf7Vk0T5jnEYRzPjvA3ymmP
-  uRBsmHac24HoOjUUf2rIzmZDdB0Aw7DfnPwBMwIDAQABAoIBAQCwDKkipTuFj/HD
-  HIXKK/LC5q4qKgZly7S4bZ+LMBPF2LbbI8MbsMw7XjLmbEHfI7QkIfH9yCJvDU06
-  mhEylJT6dEJu7OOLEClIpg46a7GRox1M27+nzLvrJVuQXbU+KqFx3KoKUCugzPh8
-  l+Dx1JSZ481w0qI5ifWj0FufcQOZiPq/mm/dVRJtpBsaw/k+xWqa4jFE4YRx0zl5
-  PWoAvxVP0ZwjjB7NVvJpe2wxY28QDvxtoP+iJtanUIwfSz5L5Fo5UsvFMCCc/p6z
-  SaU+gKQ0fwWJ/y216bdXnHLaW9ULLbvLDnMuctOBEZKbwY68YYdRIPmBz58WOUtj
-  5WdfJEABAoGBAPcyKqTdb8V/PERA7hzKgLryn8OAKe/DuK5xGhqJKnSH+ICYzESI
-  6WU4jZeeAUPrOCJyC1yHpPA7IZ7eO9f7gMnhpxTt2jWMBHk/LTxn6E0YKxjguO4p
-  hJjgJo9OFoICBg6T25rIzrSDiWfjzY+dhAkwVWfXaJTAZMcDqj9JbHWzAoGBANvn
-  TMC0ZYo3AyeVBZrWMCQS3iqn3TIcPH6Es5CeFJjAyfxJ319LVUT5vaafdbmvAll0
-  +FiXO53rDv7aUOhIH9i+OeV1c4BtYvHFlVWVyBIP6AH1xNHTHjQoWzlWzMnmJ6P4
-  ZA1gjH1XFrm6sz3JFz7vAbqoP5ARrrhBdFSe44aBAoGAGl2BauArYbc2aFk8jFmU
-  7VufaqyqzGXltsVdcWMb4h32hVDGyLCJpEAp6ffyTpox/IqJZ68YCn9kEJvHajvq
-  +p1Uwsizs25hs8TnQEAc6MwhHKArWUuYVu3hbvt3LxqkJr3ieFneoiY9a5VCgYTd
-  ZlV/Znn1L5htp0Rezi04oj0CgYAwrG+2r7dR8n9GQZvt+77IHU0DkAhL0SgqsOC1
-  /+d7MCEFMKy6gQgsrkKmIOGD6hLRDizyHvdZKvA0xMnnwB8ccG6MNYUNRikCbsNx
-  ICgap16pIGciMmKbFNusQ2QsxD698nri4x31mFM1ZPfLkzkL+wcc86SuFNvheMtw
-  94JRAQKBgQCIdWog+tihkpMfBgxLv0VZGw2RhLvtaFYU9A+ga4kpyKhyvZZ7qnKk
-  cxkppKNE9fmZECtivBqC9jV0p1YQRtZS0pe4S0LY2fobVWMJR7ElLaSAWEHE+w0n
-  WIYwm5vBk+cfp5X7JinISGU7txVU82m4Hb1LPwVhpRVjgh/Y791dew==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAvugJ6b3bJvGbMfzD7nS1zNddpla5WhCkVA45z/AGeo147Hn6
-  aaYpr6mHxYXSueNVHpnaOmIKcWaNkRwNNhwAVOxdzL687gY5cJmBAn82i5r4lfq2
-  gJYxVzXx7VZ/gWsZoSxZBv4NDC235WwLf7ZDDCjyIlHu9dokIpm9VBd2ziCvN23f
-  f7FhfeTxY/a/AYWa4+kOT9bDbNoKVYod3HBO/ko49/fgBj2KWBnqxChB0j5bZdsP
-  rsxPyayHXil04zKNA3oSwpT8/Mfs1AMSZf2zsiDZ440YmVw/41dgFEyAZvKh3sOV
-  FF2SdOlRGSUU972gxtd8kcmjsULriqQ/58VjOQIDAQABAoIBAQCRflCHxr0uCfao
-  eyZsJqCjlAN4kSHEBWjn8suWsSyO3CErwK7bM9sTWJX0MNBwAVTO9Jx/4FZrJKiB
-  zio3cdHC5z15nGhq022VZjgPShqs/Re1XhUXHOBPwfo2UrTsUk5/KkhTbu1Muc8s
-  V1LQK30f2FjpVR5UWsMtZ5QGcbeG0cmRcXetC/y+Su7maayK+ri6Kp8wf2QT+Vy5
-  6kbkk2IbSEJW5nzK1IWQNOIaGXOsD5tJfVvNhi86b/mBr7RJrz6wCJUsJq3HQw9z
-  byK9S2zpZG0rAXF9aAqcO8H7YPWINuXNmkmjbDm2AReqs9Vo3fLzLt1HPoVoZw/k
-  DbnBbHgBAoGBAPNdLjTM61j03TR4QieVr3+UrpwrpFY8MtJGYwmxSDC7/THs+pYi
-  Zc8baBHGrm/mGCXvglt7rgnRskBlNScH56jkzOfccdnV6/omfFJ6IjCS2VSyR+Kd
-  t+jh+K+TMw+VtfOfUoww2YPbeLaiI67SK8XvQ5h5jXH/Hy+HKw/MldsBAoGBAMjR
-  licZpyn3j9UlmXE6cPKQGBAI7TxAI9cdhjvCGBukQExBhmACfw3kJowJd27HUQPB
-  Xoj/fWXCL2hjDLjJWc3fwAcyUoxFBJ6ncdEIblBUgAkagAMuMk3UVLBLH63F8Yle
-  JcWJcoMRi435qRJkwmYVhP5+xov10tqFAVs0h6A5AoGBANf9KkY4XOQ9ppmr5eLm
-  CbVsizAV16ulj+FqEPoIOq7uGYCW96wJ6VvP0iR8tlKf32zDzmlNMqCKWO6oJG14
-  qZUPRADAeNdB8ka4o3w7415C5toxxHUPT6tD6whA13+Mesk27Pd5X4OUZOWKr6q3
-  45uvh8mqj+vN5qqzB3flNlcBAoGAP1sACC3rsy3LTu+hzTsmzx/ut4BZeBy0MfW6
-  l7fQa0gSkPxLLJcdBoDoOF30NBrl0E19SbNxGF1/H2vAY7wCfRUOPDcAHAjaQEOL
-  gOssAmPmUPjvUhGNBUjrvwK0Z9p/LVtqhzupyPgMEyqk0IzBV/uKDdBpS1auwwob
-  N28HKuECgYBHf53x1PUPKGGCx6UwatQJsYWA5Iw6DDd9tr5RaqkBCoAphnKMb9zo
-  wnaxp7bc0HOpfDCe5JEHU/VAlJX9okw1tzQk7cISJb11Vx8kD6YjhdIutq1xNYdO
-  HYm9nyVowc4VEIBD+diS23fH6tYCMs7pf3D7kdVCjRW1zDuEaiTw9A==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA4zDtQCpc9Lwrz8zRoPOYVRJbhZhRVgi+MIpLNu+Vdr2aEsqJ
-  pPDuuVFL1Aq/03UkpAF6pS2Y4wlioQ2Jf7zwvjlsod+1Fetjx8esC6TQS8qOukow
-  2icdSJpYRs3JnyGXZrvj2C4mSdzKqjLnaQdVywP2PyFRf8XqkQNvWwjvdF9VdWm7
-  r/bkQg78d4ZI1Awa+TeQ8eesNUTPu7CehZLnayTsu2nyaETLrMTZpB2Yh5BG0H/x
-  EPByiI+KVBHsRFHISoOnJYZh0FZEOdyxJ2VlArH5OQjIF3lgZEj7hZykcy+63dT/
-  kqkZsm/rRyQtVblZ9CplMXIRkH/WqilmwoADiQIDAQABAoIBAEr2QdICKFm4HNyb
-  wC9TMNghDoGuGGhCyj5J4zdlJfPf6453taLuvFX5NQPp6BFlfYl/02/c8601041A
-  YjX7qZOabvWaUq3A1VN91o6g+vmHBEEDacsRTOA/zRDPpc8TzljfdfZGg+urJlOy
-  KBjHis9Jp159J9749sSSVZO8BwZmLwNxaY+LKyfv+QooDYlebtSio1qVUNuvgOqr
-  c2u8KDzM/hDLwTjzN15SsEP28QA6TAxayJuJmJvxLwSnynpMu1kiZFngKlHR7dPD
-  VVQYCUziitVkdUawkJ1st5vBUGNMbl77GDUTWboCX8J+YRN601K92rPheWyfCu8A
-  H2lFCWECgYEA5lXRNqRPzYNafIkLvHdpNDoUZFbsyuhurIxfFdSGkma1i22lraPL
-  0qygcC9CCRzvK0xl3TeKiELS07CdrggYmWWbGbts8CYR/AlpaAMMpBCdTQ/2vnZS
-  XmfnSK2jZMVipfK3RRRgVBZd6Wv1jaGQ66d3Z7GjgpPkRPthyiG8pt8CgYEA/IFs
-  /SA+Tt72yO1siO974O7aiDjymX+Ytg29VggXXbghx21IjdPbj8KOgN2dp/TFhSIX
-  Xe6WQzvdu2ZJKRcbSGV0wJoQTV4qJXVKW7Y7C7U7UT1w/+6OP9ri0qkU2tpybMS9
-  zBt1xezPHxBWE1J3Vo5p55nNdDTcElJOl39HKpcCgYAOVRy1l7fXg+rngOeYDJ4h
-  P9PxAm+tmJT6a6mnBBhzl6yIRoRer6iJLXC2SlqDkqdXPGPCRih6nh3cSkslfx94
-  vBfQnBcFQnkwA63paPcqZlZDa1DhPR+W/EQqA5P9O0MOLHI2/DOaR+IEGlGnRHxu
-  DXeini0cfPNhT3sgRsUkZQKBgGyV39+uuPzD506aw1zT1+rv7Gw+SR13gJ1xpSVV
-  D29PGr+fIF9VZwsYeJ20L/MlULei5HeRfW7mVMEdCIMyG5pzftTArBgJUYiQOuzb
-  neK4Cg0ypeB5nxSYtYgwC/bdj+10YcZfXLND1gIezVU71nQThDmDq5W4kZcTbBa8
-  Nkd7AoGBAIuhp/WUdDgqDaNxZE122+mYZ0nQwLI6gHxLP1qprCRTE2A2QR2vaKGq
-  vZ/f3PasxaxqBStZUgIVZ0zphsWbbK/XdkKuWIy0wTK0sXbZGPqauUzqt5/vxoqp
-  xT1kjN06rpRJNGarQ+dAZQsap52pe+rd9UtqatDmwoIPRSXefwsB
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA7bscHHfjXFcaqRoUthkPvfjpkMbQDQVZxu3px2d3k+IM+9O6
-  pIQEwitOnkkaMK+EVynYT9Fw+Pi7P1udISGjc9kkOuilKTE2ilq8eVOUPFG4w71I
-  eQMAvJN2E7ndkHHKbSC8NlYfz2zGpjEhKvRJXqQ4VDMuSyku4ef0/7TyJEOeZXfe
-  Bor1ao7xJYBXTH+JQlWSGiCIvuClinK69ZgpRK2qdsPuLtD2IMSWQ8xl4h7yGOZ1
-  rEqmny3C4gmfVXYbQuTop4MZRbkIWMkaC0jywvX3oWy1Qe2PuxMr5D2M6vOaqxhs
-  mfecvsEjrxjzFeT+jMALsoVAKDZqJqkGx0B9owIDAQABAoIBAQCif3yGpRhfXRbX
-  MgGoO1c8VrFoic1aqSalyKg86iediS2w0RhKLgeGpc2WeoeRcdf3MJ4waQxc0sBD
-  XZ75L6InpOyT68RBdOdACSe9kvjHhmDSQ0cPmJLfU7ipYSnm+zEQCQk95v7VbRgY
-  L4rpbpPcQkpSm61wKNVoC4K3avr89344gpsQjGUtTPUk9p+jjnzhYOwGwW+odycj
-  AaAG/EavP4VfxqOr8APgP8bDMRrdA57UaFOEWsBOshoPHn3E0AmRxBZvFlcKoACa
-  KY62lhenbR/2bVcZjD7ULSTy6R194Zfs278KRXrvN3hHnaJm5piD7n09kFkEmOBg
-  r/ROYSIhAoGBAPLewIId6US8dkVkzFhh+HlE5P7gMQOOUPmLBPGtEzzY0PkaAmC9
-  3I0gEu6S/TM0HU98XUyNr5xubEb5+p3uNbFqsgj3aqLXYtq3C0cxNoBx+l2fr8u9
-  M7a+T27bV7M2O0qNlt9TN7FnbMK+61c+qoG/hDsA0FMmSWjNyWWLnRbRAoGBAPqV
-  O4TUoKytAoM5ioVeq/oKbLLAEVNtSsW64fz2l44jQwKpyLRoAGrxtkuX3w5MqPM9
-  VBmxGAnm9Eh5I7RkBiCbQPWUa7OlkBy9AVlPu4N93fl6hX0CTFFwULrhSI1HKeA+
-  CSxGhhpSuhu9ISgJH41JFm9AyBKE1/+Pm1QAxlIzAoGBAJI+bX8sUbWRIkqg6qdh
-  vwQO5zFOgFUa0kmhW4XHaSkfiZ4l+j6UtQTJxnygSBUYEXo2cdvSCWfR2iNXDYEh
-  2nUNwUzC5xRNS/pVdFYXHTF08ISFzo6JTGWC7UPckk+YnVVEMxAhBQ0vMP+HhSDQ
-  3E0qrI327HrVOCkCmX4q9pmxAoGAa1iArc+UoURgXizJPYcn7y6GEDEdevrH3FrJ
-  st9EX3yVmU94jmg7PZUcfdeqk2qduc3c+ECYRq2smltiw0VSJqe7tTiGxue3C8ig
-  Ck2Qy6yg6d3lz36riPuvac9WkEcbFlgc/92aVy53Uai8ynTWEmVr+e7rhptoGK/B
-  X8QRMWcCgYB9bDsRG3X6pAWQpYJI93nzb5hdhRhlbIK2Y496Ye+GjP67CfT4MuPx
-  v1xy+w19uqC7WA0ioKjOptK6ZKf64tDSOgwHgDrLfgiQYtlkHIeWpIz7JIdlyN+e
-  GOO2+6+Rd8MFQQJUb2siSpZLSWB2yswCF/VPksRtlBAl1XRcgvn2LA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAvD/UKm64QncyprXBo7BPDIRaWjkFbLWcforGuq6xqiR/ZFwS
-  qATaQIlnmcSr5tvv7u5pnq46qh3iNzi3TEX+0wxUgKjW37OIgkcktnl34eTB+3LI
-  fVNqstmEBYMJ7gMKQSdIiN0LPne2xbIe6b4rb+7KvGGITQ523NvhReSb10SgvFnZ
-  8RwokI8sQGZqOS3XkUbypvI73guU/wIlQHQmKxwpG5yksF1J3sF3RySZL0hTjXsz
-  iHt4YXwRpApbGtqFF5/p9im086SW1lrm6LV3pWdkoZ1mHcsh1aNMe/bXodhhhkcP
-  7IlhEEHpa4MIvI8JKUOmxwrBwtAitOEvhiOB2QIDAQABAoIBACgG7mcDWdyQGc4G
-  0aCriXNg5RFQFI4z442olm71XEOQNSIyzai6N2oHjWbNwbt5wn+sY/rgkwq/Be21
-  +ouWSoO3mHQu8llohDsnQ3AlTc9TY8fCdUzoosRaqc6+OStJrDGEV9D6JzzmGY/Z
-  uub6j6PiQ2tg1amEzNNTUYgZ/uT7jeHogFoX7ECrUSeD+wTxE9CvHvInz0GDYSjG
-  J/j5M1Kbp2r3ZjnPnLrrluzdayXXF8PwnZpUoENftDlgaonfWQluZs3NfiIPxeYb
-  nvqaCwNZ/9Co/9HH/YcvTI5dtupcY8iUMVnWxBXcBqrVdSuqKiXudgEdhgls4zyj
-  w8l2rwECgYEA8ekRBo/aqIUM7wlulxrGE99fgaEKRuSofOM51/q0m73ThkdVQSi1
-  Y0n7YqGPZot/OxKLNOdIkpcgZ3ghRU9fBlxWkpXNJSjRkfMVEUqBzi+UZeZTsOoU
-  xlr0FPqVhXQSvDBc7gJbKbtuBEpmGDyOFwbwnAsPiXIdFkrMnA25zPkCgYEAxzaq
-  IdTgwIjhYsSkjrThZ0Gj183Ezj39up2aw8gM82JMXWmCijcjgmA6D0YtA/21Cq7Y
-  0Z8nymY34qkwYnOnF1NDBHIoWjsJQEPbpf8I9Nj9nNtsFuvim3+9WVBvUIYmPOpV
-  mqq04IRQkcOoTUV3rlyWBhge4BSJJoKIO2n28+ECgYBNFGg6YQfY/lv6plS4jO1k
-  U55I3Zk6sY0GDhjWOqnlnfySIpSFqITzWBVjffsFP5mQpv34I2G6Y7ENhveC8CFl
-  E3L6TgUJvBHaoUurMMRfgEWWmmc8TbnE4iI3tQiDd1Ko5/gUVmfZykDp2RLi0his
-  Oafc8KFIuDWQbtD3QGBdcQKBgQCp+LUuioB9Jg0QBXHWJPTQ8guGfJW31uKfEAvV
-  keGi47L+XKC5pxQQEGRZVengpt6KT+bE7AO6SH7UUMDsr3rYhvz+VRyi6A4bnApT
-  1odgyaeR5xGReQ/u1w3Kn7tqPBtyDAqgHZiYm6xWwlbeHzBfP7XtWzU0wbDHf8YW
-  03GWYQKBgQCBQjN1PKkze9vRNy76YJz5queWRHY0slArK8bxB8MZmOVUVccKi6Yt
-  MYUEz7/cOl+hAR70D4YddFx9iSDHWSUi3wFZ9yaFUuKZkwKwrKGpd3PJQ0WnBt98
-  P5PV7jD6I4FssPUD6AKJ5YNAsv1PtPGmU9dYS8ZzT6PEYSx6V4Z4TA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAqHjoYEbzXqCsM06zlsTZWC/Y6mkA1pzIpxiLoRqhrsiingES
-  HfHYKrJTer4zTU2MyLay59HH8riSmD9hR9G+x7d0bZd7J2aAX6AYOzoiheUfoCxv
-  tc4Y9xISn1tez1mPMFOJxLRe1CFYjIBKuF7p/MARgETwd2Nu0VbBUMn0G61w22j6
-  UgSfz1AfiZBJcH0DE/yB5v+8NPnIRPyUo06vUBSJzvPg2S3ZQZfAV1VrqHxqR7Zo
-  2R0Zv8D6D4W/rLtZ79SIqkyMD4KNm8jrXfA66IOMCf/WBthIsqeU1tQk3QbnJlFg
-  XftF+dj1usFzsX+kOgi+2g7eWB+xO3l5DWZngwIDAQABAoIBACa6DGi9Rop1EsCE
-  keHRhEiyTwGre4bZ6YIHsWkqLwp3knIRuvFpO5CtB2WKvU5Cyl8FKGEDpxvTc9dN
-  knYo79sG/9uFW8j11gKlUYyj03XF8pwmOtOm+bQp0mARZ9zwMGsieOPftoC63ZkG
-  kKaLIux31k4PCtvW3o1+jNeeZN/Lgitzma+k8wJ7Fol4lA7D0yksjo8FAJbSB+qK
-  mxHl3YxHJL7TXkcTsSlk7UcHJNN63N9Rq4jNWR0fCV6Oyc8VdEvs4cXTyWlPiUpo
-  uZvwdTRzthJeHpYdBWkOJA8m35IOHAz+wi3rPq702NWlBoAtRnfl8G2ShsF34BWQ
-  7quSVekCgYEA221RyXPmUTgJhDZnT+/F6hh2lr/vX770DMdS3DsLMmaDYRUdtSTO
-  JlzNOd3TdkWQtfjNvk6mbDmriRhfHSqSbZn8Ro1bpJZXwLzSnKvNGGQ1pIDQh/BE
-  fC1iVf3dzoTjTmAmnjk3+97fjqMuBr+NJucGFE1m9IHQpVhOzF+itQ8CgYEAxI1p
-  o4P1pgeddTMxt5Bige511Kk4ksYVQGI12foZUhZmXsgBwY79WyhAfxm19a6C0T6J
-  DIPA2pTQbJro+lShjNyucYuoedDNFypXy83ivuwVCW+Fpbv6J/EZUQrFHPofPqiE
-  dixZ/Yxgb1v+AN2yAcyJouTVYZZNY4NPCRy+7k0CgYAC/kTFWL1lkjwe/5b9Mioi
-  /V5wxAGB7trpabappmyKrXdRVbZoCC5/u3hZN7twu5YzxUcZN31xsH+0iQ6TGUeS
-  Ey2r0LXVUu+zg1/kHzvW/1bz/YXatN5aS0wyHBpwfMOVCB6+vc0TtICcM4GnOem1
-  BCXDFSM4ZqTv/Hpms09G5QKBgQC3h8Arcg2Pga7SgAIdgJGq94pJD9YGnzW6z7mv
-  FyxLjST7vdB991G1q8lFpTFV/iSi07zO1bvfnnNb5e5DyYCr8mhlF94yGPlYdy5R
-  3KasVe9yxxLJZdQ5NZTJKsBRxXAlZt+BJPrGmSx27zQnhNsxeNbQJtLkc59Bm5vS
-  S2gxRQKBgFz7tzdK10o2h/1V9mTMRxaQHGOKiyn+u0mA2MC+UJDozmlCys3cbVpJ
-  p959yYqRuYVnPttWyrmHg6FVn4V5Siy9mGDNv23eR2YrpsLezhPpcR/TNwHqs1+b
-  fOJsq6qmtWyJ3cyYsQH4KWJiHg4OoQdUe+y2CFciguRJVZ+zUTKt
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA7TDki2Dl7zB7rQm1+pjBYgwwXPYxYoVEzeUZDC0OXmO5ADdQ
-  Bm1jlU5gyv1acksedVe2F+7b3VPLL2mYNanyW1pRjvv9nfgVBec90UaOKPUJqMpr
-  ho4t7KLZ/O6UR3HBd5qefXmIQ2UZgIM9b1E4MlStB+ulPZVuZEOtDh0gaGlE19tq
-  XgAIn5eVUCU+qLhq+oL4OMCRuKeppniuCLgH362JqFhFa+lseES8i1f0S4MzyUi2
-  btYoSV46yPPrwimmHXNXmbqIk4w08RbXeBSi8S34BE1XbNfe3BA082d+9fyF0RVX
-  E5C1B57JXXuAsK0i+n3k64UH1kbgon111Jt/AwIDAQABAoIBAQCr3kG8vPnf18HG
-  IMM8UnPOGAbzVXFzch3pE5iSuhMvUhM7lNjnz1vZVHHOpMZlCwmG/Yd00B+AwLb6
-  JAmm2P5EM63lbbLYRGr3XBfvDLD1/JiDNimz1lJwpZBPNpE7M7J8eA1f3jBepWNV
-  O8PIZZHS5oh6tMWHWkAjZuZ+05woCroRlRn9XSmZvZ4phYkkUQzTDf8U6bdpNN2m
-  rzP60ObRXv3k1elpipvf/aP50xD8JQnbNOAVIdV7WuS0eJPbqtzpBuxkvEiQtbSU
-  9da3x/YAVl37p12WoiRksN4UZewoY5JN5yu1+sukOHFac6oc5N82hy3ZmzPjr/mY
-  VCndyWABAoGBAO8VD6UVk0CSCseCFTBt3M8tZ4yfEiyOO87ysHt61qzgps/e4Lz4
-  jAWuvVfDtlaHgrryPDSj62UdqLKLeMZxfwV1s9OMPvRgMgApQx2k2kKfkcRNkd+z
-  QDiJ0Ds+pRmd5isRTL9CBv+miSC68ar1O3rMqYxxztnh4soY2hrQnQohAoGBAP35
-  kkN1UwpYNN5/5bDZxJKi3vH3pmS3+7Ad+hSoEzN62tOkcZdKBx5zI1GBS/6h5jf5
-  5u0JsvxJHpal3L1bXmtqfNAQtq1RCGjR8uL7FY7Z0uVMcHazYjMMyZ7wbNRcfNoj
-  LsBfedRDZDSbyJpM9XkcBt3RpCqCsC2b2YLElIyjAoGBAMS6eNgni7Z7NaF7OcJS
-  9HoJ64X7srG1DCO68Vt59cHlTX4I8LauclGOusDIC3biJMF95+qM43qd0B2yxFvO
-  Mm4kryco5PijWyFk0pRG/U4LDaAREDKZxgN/6zeE0cfldOsFXjiWtTmSKI4lJgy9
-  pAbk97LYRxRkWgBgOMAN3trhAoGAYiZD1xwNNm82J1KIApt18zFMNXh+bmgHtV0w
-  WzFFEl0FGktvtobeT28xk/sC0mng3XsPOkXITOU5FAEPWIJp79scVxBOeJZbSJ7y
-  XbOo9ibJ8OFkiQr0BUSI2oqRlFQVz/tOwvtiypwsqoQVt0PMjbw+DxVIe0E8MrQL
-  EBVGTz8CgYBOAb5MrD3QVT70nVRAklGfOmcITQV15kd64ScUHZUQyxwH/X+yYGNh
-  lv3ZTvcCNddijYOaR/ZVuegKPUXvFcboJKslhqkMw+elLrTsSQ1zfGmoTjjXeoIf
-  4oByRRhUbBtSwBCPwHs5net0HWoB8a/lAyWxygHscWXJ2uCwplF5rg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAq32xnCWW8EvAeNnrf6Vdo4xoVQCMJmzSgUzQtf6a7tSO2X0L
-  Uw4IbNFzwLWtO0U1FKkw2/SLKfxfrnVzUivS6CU4h/8ypaWaXm0pnXrFrCmTIt5S
-  38PtIjUX0bFLdqpSYwPK5xXxfYFqrsBh1SxXOoPdK/+qnPVoe/HDcP6g2qBlxBbq
-  mSKp41Bsa12myHvIjbSx/F/ltrxfG/SOld/XUQ4L7/wRlEu1U7mS8s8/BftVbZVu
-  ru/D8hBkHVrKAqPyZTp0HJCBTX3XnAzh8msxsqgpM8F2+QcoELpJIBSDN++j7I1s
-  WmCI3MWu4/7ifL4ojuwxZuidHln6o7UKWe8yewIDAQABAoIBABGc8D/0UGNPtG31
-  G83ZYxuoERMh4kMUDC7Bf/IhOzJqXF2UDTSzjUP34yaYwjkDK6d6lQ0SObTPOdiG
-  MZjv7VJweDTnjgEbWBZ4qbyF3oWHI5iCMwrOaa2IvHCKABEo/xsySYWgaFQWlalr
-  EuE9E5xr7KxXLuO+BMQuGX+id0zc32g3lmnYI07fD97shNtA799bSXlStaVFrSzr
-  4KrVamaqQJDbipsYbzdRWeLtXN4Q/eew208NPAC4GhKb0oww6BWD6kb/e39mv0oh
-  Ww7kXgaegJeIuGJOeQ2yztZPXK8HuM41Y+SJHcAttKdDp9S1D5U/cDcJ1HIdKTTH
-  h5ylFEkCgYEAy6gSZMaGvwCC01XHgeZDZfH/IdJ4tAwvVYURcNv3RbW2q1496WY1
-  sN65CzqIgMURfWmq/p5Po6VBvudOQPggbjjDErhEyof8nw0T8I6oHrGkSy+omwBF
-  lDU0qnBaBxOpFT3iZ+Z8O+EsiIxdCnNz8E5kCqd2Kdb/JBRntKb69/UCgYEA15E8
-  SwuZekUas12bLDuRTS87rINZhbhEwf0UbClEETRSunmgNRZGnJkwGgWp+qI1CT32
-  kf5s0U6qtkyHy1UAyVby/toEWGDIvBTJNFF9cGAdkcvpF8vrtFTGv/+0SSmfclmx
-  5cNN6Exc6XPhA1eQ37zSo+8tP/lwseXzhiV7qq8CgYAz4tE03aOM3Bt4rl0TClBX
-  k80Vl+LqtEQG/M0RvOkF2KL+jBcn9MNvGX95jeMjM5IeKqLHFhxiLANRGOtGADF7
-  A3kntszH8Nd6ykEvQ5kvoMCj6zOAshQIC3oshk1ZijfE0qxxHja+psLK00ANHpcG
-  PWKdmEaxqDX+wjgdvYEpVQKBgEycHfxhq/LLOlkCbFJE/TecEK4XpCokubLjeW2T
-  INCocro43Vngh8nBm1m0J5ueKBEXx1hNPmkIdx0Ah8YYeIYVc5hk7ORnyQ8mp/cC
-  +vyD/B5DhJxjaWoWMugrPOw/cZ4XCGUqiraC5QZGm3IvnZoWJhoCt2ckBAwFOA21
-  poSbAoGAJrMWS1QdYa96eCgE5UfWy5OFlMgvYIb7rBrtCWuCjHKEFzxmSZX22wOP
-  dfgZkMMZvvb1pvKwJkDfy3W6TIUympwIEMzZdJI7udxalx7bFwwVCvm+VAOTPilS
-  QcjJFTILatsDcbzUkvpvgMqzS+1tJS0THdHgJJSoKJX+Ja/518E=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAopqUA3Yr8X0CdC8FLVbklV66ScaUNw0T7QYyzr3zxCjB3MA5
-  s+pYYTZ1HxhG/YKbs0ng615Y0FeOnBbMlJ3gAkle/wTuECr6eMh2k5LqKyqrPiYg
-  PTxeU4Mf/9DjyH22/lACl319joM+sDr0V238O11AqXdtY0Hf8nxDslDTeKbu/lDM
-  LTTtU6+X1SVAAoZ/am3M4IuPv/cckfXzY8L3R2a2owUIB8ajSdAcxR466NpNGY1j
-  xa1o11xYsDYZQmIKuM9dH+qiQWKHm0mhuafmkEXktMhMVZ190kVhPLuAh1dMNpzM
-  CmRChlJvk7W0zZJNy3CBTND9AIlUincE5/1n7wIDAQABAoIBAQCd4d2p5soQNsN1
-  MFqkhWR5rHrRO6GaOnaIhKY8m6/fXXuu7m6YxQh/i7L5OEdly7WGxks//mHaGcn8
-  wR5vh0OEtN0qXQ0SYcjGEk8gR1xcAZg4RiizjLRB/mXJrHgfqgFOuT1q/ow1HjZ2
-  QygQ5FgvBALPCYkLAWGDPyk0MMrEsDXKcgMU07xhpT50t2ogPYeAUWDSNdBkTP76
-  uEsdgGFomgh+eY8R/q0Jo3TA2wu/hz+eEHU//iDS1/5JuxNrN++7G+bR+3DP/fdA
-  ZjYlv72pnUCd+nh/eBqf8X6SEzPFEijDgfrJCU7wlwH6a30AbBPBlIBLaRGL068g
-  +O49ahIRAoGBAMkerx4LNrvoM8K4AdbO/mQ+hhG6zN+Wyp1GlCDWWedfa47pgrlW
-  CzNMM8tE9LCmQwavG2I/Nt+i/qJuPUlvPtRN2tmLZP6h0lEtUh1zCtKAmnqg5YGn
-  pmGmlC6/Q+XaWUNOLCYG+Ij48OLDiHGkjuifsv+VzLAVO7N0tKooGBVDAoGBAM75
-  VuDZ+lN7Krpu82GCvO3jn9PJNpJA2w7y+bc8q7IPw0d8/qb+NebUOl1X1iH3I7KQ
-  pcK7exAFBzBI3rKoIlsaeOth2vCV7+o5a6aRbxTonE2S4TqXf5YNLmQgsIW2/FqV
-  mnRTPKO/e9mlmXWb7A2RNy3T2SVWU4wZLbMTzGHlAoGBAJi/3ELWQ4Dd8AoQ1Ry/
-  48hhEFSA6r9aeJKRG0oBYxDukPNe+PEon6MbWi8lNS7BaCC4d/TbjCK4WesmDRgs
-  DK0UYIZfb5pRbzpGUJqbWHneQPWoJAegPCbobJ1AmSIG/0q2IaPUIYlugQ3JcmTV
-  ldCqEjo6HNcTmV9H4Ttm7jufAoGANY/RK989KN128UhFM7bhra56bhRkSvT9u6Cl
-  fwX0aOAraRSv0gd3a4UAladlguSyGEPWoc5iyoKCmbxB5XodafYv1Lo+LoSe0b6K
-  XVDFrmOED48zOjZ6jhpbJw5OoEv6gna0weXIi5fCNVDlpcn0DI7H+NQaHc95T4g0
-  i2NUQQECgYATjQbvsWE4BnXsXstusffkXmSqSpq6utzsVT/oRnZlzZSPDj0heR2f
-  9FvCOl0l04E0YPnilxKJoYRcLPtghZFqLQU9AehBATqz+XQRJC/MTkocfi0Rf97n
-  pm/JHyaZKYw126rovAsJml/DEDNliL0yRyMy2l8HNfKHKB4mhnRjIw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAriD4OxE+tM2+vFrDIvacz8yqs9d4soNHQiQjsvJaDZHR0qKn
-  XTXZJfp1oiKozfJ7yjdT1/2Ih+l22bHotlCls0JT/Ox1VhTWHFBSatzWPS/Mmd7K
-  lw+DIkMraHLL7lmKj5VpT1oxkrd6ZKru5xs8XBRGyWbUYwtvS8KQF+23rSlFQt0J
-  MB2kLzpXGNHbEEH7bkASV9yb+vv3Efss8hZL5TrVrJeKJ2DF1jcBgNvPODW0TJCX
-  tgaUrXdl77VqM2u1pa4ZgruEDNSSNOt3NeMGRZTa/QfjnccxbhmFzZmx7OstK+ME
-  U1P9BAsfliN55uYBsFi+YsEp/q2Kqdz3ukCcewIDAQABAoIBACFVim+0U27FXFgu
-  f+C3mTlmkt8uxppV61RMGtFs97RVT/ekz6lWX6WXluFdBTe3zd7eTJyymmp6VRhD
-  qKsOMUppzi5DDgtWnc55ye1PLWw1NFPYhKv6ej4a4bpzD3snhRELp0dbmtXdbf7L
-  gkSXwCxYbVys5Me5LqswKemKxnjNdq7hXGFAj0ADcGWj3B2nMoOO8mPA+VMEE+f6
-  2MPII1iPUmiqlffwytSmM7HWppCqx6zNMQFUDHpZd/vjQlA6/4DpWSxo5UKNFmsD
-  /vUywN+zzpthFIYYywYxef7Yq8m38sgnh44dvLwB3+ybPvxsJtl1fVh/wREqpzXD
-  f316FmECgYEAwvcc2muydtxu5vMCh7HCpGai7oIaS7otaQKob4OD7nSAH3Jkd/I/
-  aaYgoeyaW1BGq0qmBlGgH/DFC3wnUMUwg7dII2M4yoPDYgRGLoSDLYrMqeNUp/Wm
-  hPbls1N28twUPdOJL99GCjz0Cdsuw0+mghXqjtPKPFnqwqVI+b9duPMCgYEA5KP7
-  C6iGwRWGa5iFYhyFnwss34u+NePlJQ4VYzq5j2sLC+2etue9R1htX3Sz4BDhHK+1
-  Jt4yLr15IZNcguTByo/TFcvj0Wui3Am+1Nmo2pj6Qla3mgadxhL2moUufJQhUi81
-  T5/mD08YzN/8wtcsfvVOlSJjU/nQceaRhJd7cFkCgYAZCui33ZGE1vefzqMKjviz
-  aUOQY0HBbF6c2GyONlRh8rDqWSUyivk+NsqGQf/prrwFEIeW1DE/KQwGV6ItK8b5
-  hDdN5FbNHHOiSW5CV18KIIP9ZmffUxxag+QpTpU+yKoI7vz2GzXB5uZpxa+SAs8e
-  cnY4dlfJvLr82YIwIjaFpQKBgQCXY8ScaZAgVSJWJ/1Zg00ui/XAZwUhJa7aJEMh
-  Gwc24UfFNCc9MKBxlymEZP+dQ0/q8KTgAYv0ytxj0PEWcmWmvCimbASC6+RAEevb
-  f+uAIn7CYizbvbnGJ1RF6B1pu6N8iWmhOVzZkiP3s+/nCxaZUdAgi059khHk+Sgt
-  RSgksQKBgC9Fd680TMmwz5kQgtCToUhJhWfo0shTxwjUYN31Bn0v5uPUeFu+uxDy
-  xGi3aJTMDmq+RcqgNR1l1fkBtzGOM/wHQNPZFdgeQm9OKLKboFTmWkCLulwC1iIH
-  wAw6F8DT/uA/bTlbFu57+CO0ALmcgiCDXdkJ+FA6llZH/rz0I+zu
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAzkl6Rcjg4KUQP/dVl+Hs0FvU2prcgvKqQLgDSRuFho5h+RKX
-  R1MOGLx0jEXkmCJLtwi11eAYcE/sOMOmGdWrtfqE1+On98Rj8IqrdRnZY8Q3RV9V
-  sj7dlVmR1KRS3RUyKLEMr1d76QHFZtcutaj/kROUC5QFXJ/TC5hGeJ4j3vYb20vq
-  iM378BF8LNEe5jeED7qMbnkI7u803izPn5AFZ32vhDwKnqT8i2Fd6qBzsyXC5UvU
-  hpJ4LurPXb9W1VUBVkYCmYHfha/vwFbJjQ9yW9NhUgT6qLt/xtDJxZIpVk1V9RSJ
-  mH9TOdxY5sJ86owHGvogy82lFrCHXQ3N8am2sQIDAQABAoIBACYv6/anLRno9I0i
-  2DF5nUEk/s5JBLEpAuNgLRuHgLxb9z8IdgC6G03w9RJSjfKrxqBneGHTTjLcWLpZ
-  XZJCv7q8WYMtnZZ8QJPy17KhymBxnlm1QEPy50oSfrCCiuRqXBK0U8jRxRppPYXA
-  J+FxG35bxXgvOp7e506qLcF+ZN2NFJ1filD9x4HUyVUqPcfrRJ54wjFONDY7+mOF
-  /jXuyW9ObnIu07lZX8eWy4WEf6lESpHi67Hk1err/sZ12fEO+SadZwWTBg5zPmFY
-  /WivzmlxMjca1+d+EHPhEUmx7mO6gdSHhpo5hn6E2qRSlm48fDCSq+AzIXA/lRjI
-  rmT6bVECgYEA5AThk7h8R6O8TGP9uKl26JdgS3kIkydcNBml+ro1ksbIzBKNcTek
-  k0jRgjRIN6g/c9+0s9LA7pqlBQmY/7sF603FLtxECPzbgvc/p6oTrxeA9ggzbPxl
-  N3NZpymU4GB21DazVIi1sB4/S4lsefM7wtHCUzUGTCa9wuyJmyG42RsCgYEA55nk
-  0TCJ6Ey/o4v6leFnduLXqlY+SqOyueDLVPCO4GTzZT7thmhUM47k32tkiGRJENqY
-  yFA1pUTkRFOLs7fKBHGIjs1R2Yq+YLQAn1yANomgaptU0uuZYrQpSg1yLxjuceVY
-  ncVsm5hLEhECDhcSmZjV9+ZPHsuh9qcWviE0mCMCgYAYn2JQllptTgQWZ7HNUBd0
-  FGykmcRQR67QPXjL83G3kNm8F8DIWg7ejL17BvRJdlSryZt006xb1708JwYrj2Gb
-  QEGrxsNeCRgXM2XfUCFiBfK6HraW7UZsz3r97yKRfDk4v1NsLHsaMpn5KTTakmaA
-  qjAG1jIA5SoWs35Ej0arwwKBgQCEVmNxRRMIMhKvGSUuz4WXYTdqla0yaSePHuwQ
-  tQRvJEAP8k03KBY0/8m4AF2JsgQuJTp3+50rupnUkQiawMIml9k4AAptC+KMz04r
-  wWdhwnJveCKYAxe6VsfhEJ3WW6CkZDCmtlDA99ytjhpmgriWG8bnyCodpq39iqxs
-  J/0tkQKBgQCrIr+JG6DN5xaxC6wXBX3HmW9Y3CMqI3H17vuMuTmUX6iXuYlkLzUU
-  VK9+GsCfWxjSgudxH/gL7RnrMpVPq65FdUVlZ/k+UkhZnT8JrmRkdgWM+n2dxjH+
-  y/q4LcAxMcWHshMwJRezTK+/ddk1o5AIlXdPNjoMj1Yrf5GCnNxmlQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAvxJyd3shBLgKVvgt2MSp8z7RHwEACiqM6lMOdhuEbjtVWhiW
-  /JDcPkVfxQtXlAlBrHAbo2coexkJFAWiJnmkjL8xId8XwOiuNgpyGxxLaRbeVYIW
-  RjewqGL61IZ8VPsx/gYrcJy/FZYa/e6hwwL5un7LwJcdeZJCLiZm8Mw/D+dKcb6Y
-  HZvUUGdW6R9HJ2YCjnXVicnxewIQvkl26WSfrryZIjHvHkrQ9zWsNmmwefzftlE/
-  2xr3EWKTT03TYI3t547Kgp9hlgydDX2vtM2leCYDUjP1ex25o6IVAmxOVETVOL4V
-  CKnuPrC1fKnu9gHO1IE9BFco2Yi10QP3H7bDwQIDAQABAoIBAQCXeVVbmTZU2l4A
-  EmGuLkKY/tykGpPge1kZTtzxDuGOzeTdNw9DjMe9ahwBRvuX9TqmLH4MrXQvGmrS
-  /6BLpjWoCs41jvnyycOKPf+1tFmoJyP9X9KuuemHpGg7YZ5hdH5uZo+7h9gIkeY2
-  Fx8QTWSSz4BR3rrULPngQjtrfFAmFxLmnhLakmyH7jY+BnKSv/vdhSKLfv8O1r/o
-  /rEwQMN5gilVqEknq+KRdcHTl6qf2/TajAeemxQtlFfiJEPWKH9NiArFs7q5JLuu
-  j1si4OhES1GRO9O1NnnCzUDZxiWkVzQV+6NBgsGj0QkzkEnxw3wZoG/GOl+y0Dl9
-  79H+grE9AoGBAMjbct6tpDKbJN8M9Fmhq8xo08c6PTNsQUCxIWIs14FJ+pH+z9TQ
-  4z4K3C6OQgT1R8JjWTHUnA/VLPK+gSpURKMSb0HqOFlYydwHHqh+70J2aA9/3UGE
-  yItb9oMhxKAk+oyk0r5n0Ut6aM+acig7LDxJHw2siiKoVsxG2cnEu6GLAoGBAPOH
-  SEXdCFrEcmzXYT0r/22CFG3UPYrjVFfskG0obkFU/0VEmGmumeLE48uDFYqOi2Vr
-  INetuKcbh16YkvYW/eRRrL/qdHtSqbJmKxr3yLNnvXDPjsbChVX35DxoY3MQaAcb
-  eMgOEg7siK16OVNuBlbI/gtrXJetCMHyni/TyUFjAoGAOA1NrCjHBrxW+MwTsKO2
-  Xs/uMc3l4GDYgOYti8k5xsHPZEi41QoKMHk1YuSeNeYBRZUWAhr0BlMWPRO+1gI4
-  OU3esIVdfkmR4441Fw59VI3YkmK7axpUINfkHkohJhPLu84PZcVxGeAqOa0/KE0D
-  FjvNp7I7xlo2BsHK60y0k+sCgYEArSv3Bc8eoMTvBVzHBePil/GXK15wgPIUyQ0s
-  yqKkfIq/l3cm1ofVX/9YaSCG0ed5Up4yVYxwMUyPH4JphttkodY+fJ5xRDzM9VJX
-  tq6appDPkofV5Jrwi+hiAV7N0UXKY7tyUPhIeRpUOuAeIaisk0wL8vzec/EUuC4Z
-  tLLqezcCgYAPyqRL+LHz/PQ0GvKL0VlCndaO8VM2GANrqbLK4UwJLCBGo4cIh7cq
-  6AMtLzGd5otedy26WNyXsrLsjT7If6trTHTm+bmYyQXHrnsrAYzAWdReHIjfD5si
-  7d26vaVIHAxlf2Gzr2f1YTHUgG6OkHqqxeyZ122+PHSlVq1ZV32e8g==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA06i0xEZ1Hb79ifXBrXaOxoIMFYXqT59dlrBSBru4iihASR7U
-  2fus4HI9YZYjwDx1KpzduBducAvfzy+VAtlQtNXbcClbDdTvHnewErkuZV32NnmL
-  f7iCZS2U6blERr7cGTijTbH0sqGxDWMwuXCRMrbswAK3g6IM47RqOABdhd3P1LWc
-  WgjFSNxQ2JnMzybwfvHrexk7xw7LUPJeZNBRbhuZ/mttVDBe9Kh3svVQqnLoENuI
-  /1nM5TknYxlDqaavuJWbhzIpJdYey9u/XYINaJykH55xkbtuvzPqQZvaxE0MVtQf
-  olxEnew6Rdc3YHYrnuN7t0qpk8oT0sO8ujSnrwIDAQABAoIBAFdIkRMHwzA7HK8R
-  y4bPB13RL06I5PFk1OFZYNop+5Xtt2Tv8/LYmJgOREXD9oZF6ENkYQKTlxVZsDfu
-  dVKxb1jDgDSmuUfg8aLs1I1EFF/0+Z3JTb+jxRIYU/p2TjOmbXlxI9bcdf5cM3lD
-  2EoAo7/4M3WTKT59SzdzpQHnFKoo6I/tYgdQOugQz8tSr3Eob0aBusyjwtFGielg
-  sJM5MjaBQLJIIuoxFti53xwe9MnzjDfuwr2+vPV/kNzyk6pTQPmT7OxLEt8yQ3CT
-  kvpcrNKFagNxZYT7rym5HPK/TwTyERm67xFcZdaYpE9wRq1vfGd+5ey+mK99ISps
-  25xZb+ECgYEA7WKtgyq2fGIZZOtsLZbtifzv1WcSDjVwmX9yQuYdPuMWRBAMTGKv
-  TdJBkKFgiopSm59nV4lyfwuRKXLrppc8u4b6J8xYRLMLrGm/eCPwD4QTg/eY5kbn
-  hf0tNUxFUj409wx1oNdJ0CYjscRcDBjnuv8GKPScCgYv91YI14tbkakCgYEA5EGX
-  K1ijLThqc3mEIp8m7NrZb/yDKErYuPiFVirj5fgNgicL2vVebRgDccNWvYQYIb8n
-  5XzJD8j62kxeVWVAHJN3lcCl9DBcICyU/4nmMJitwndxifGRWuLzEuM5dJKWWWrq
-  c4mMICKys0g+Wvwsf0wd1eYy0y07YaibFjNT9ZcCgYBF6jg8V4ojnCjqhkP4MWmI
-  qIxih9bThH3DV7vpZCjc6rkWFrvoi3AiNXjGBiGO7CpkV1BygbLNJDT+xjANgqGK
-  gbiPnCmrIiigAQ05byw3BalRxsyrldp+phB4kBwimtuyn2LNmlrNCU6d/r01euhV
-  NOM1kMWcVjIuYJJ+GTdA8QKBgQC0+RAbLP7LZrR387uBG8BoAKhvMrzmoFkuZtSI
-  2h6xAbfsHns20l5YjraEZ0UJo4biksXWHNbpLgc+N1h/ynRHc+BXmlO5xPH2DILi
-  DHq2wwbZbYxWu3Hspo3kxsWSGHseUDes/TxdakVXAgt2ZgP9teLd6dMYPf+b0WuM
-  8Ys65wKBgHBTumhzYdonAqDHOuxRxxDPC5R3a2f+UDiesJcv+vpxoMtOXAEmTD5f
-  L2LCMXNPbKL95nwMJPwTUXkjkOc4OJmrK7iZytB7GxbMu1WTJOXVpIv18j2PvgLF
-  PNEDuYEkTne2PGjTeLZ9/nIaOG2kyLyAZVMc+NDaUisSmir95Mjk
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAzECoyn2zIHd7mLPwWdlFaZ4kKRwbphJZio2mJjrtb1x3wPxA
-  sSuY0Lto7fTcbrNy5uV98KB/ZWFAzPkgO3nUA2J41WxtCE45AC2vDUne/ZM3T3la
-  C4NbpLIytrIvC6fSpHma4PWCGzLp59e9zwheEvf0lZFXqIWzDvSYMPLYbl5mp7nN
-  PtcFS0haZhjTTUtB+a5hwtwOUoO3AJumdKIWoe4GqIRotPyLa8n1TK1eXKMCJTUd
-  qpy/jCBMNmbRJM1ti85hI2D/BeCHhdVjczHjuiPamSyjjbhZkuG39Q5yWxWcKnyd
-  eoYQNbqKnrfe95yuvxvFqo9/dRfFB09mZF0GyQIDAQABAoIBAQCySC4MsTNNP32O
-  iGFey5se2X5Os84eYx3tJj7EV+MvtNKCjKwa+Sbl6u9n5LcTmWbNy7rl8fHBF+Zs
-  A3fy8h/w5F78SyvQeBag5T9KphQR2hIJOK80JXA0jaZeeaE+1zmxfsOFYEY0X3hz
-  eYif0XnrrKq8cqTE4A6vGyhMcWwgyI4DK3EOol2kcxVwX59qyIpZEE6ffrfEiVsr
-  NuciahHfTLZu28ADG53vw60UnFhwrPS4ptMVMq132XCNUIuIY9q/VNBfAHh6RI98
-  FeTe7Vl7aP6iLl8PH4NUH/xJd8Mnc4AsEUayFIr1G7DwP9Qz3L1YkjUBboPuIn0+
-  hoNrattBAoGBAN1YVRAJH0awDPi50PgHhm/LVdKAI9gR2tpkLvA8VxsTvXy/xtpZ
-  fsCE7QGLinrCDFfO2p7TfLYspP/Oo3zlW+CZcsiAbGuzbkcA8T6yVq79GLFxyIq4
-  Vc39MCrSyAsDIsmUbnPH00FxhfuOQGXu4+1Z4Mk4FXz6DWSIeu4aanWdAoGBAOw7
-  P6Evi2cl7Km+hFOXXG+lyVGFgGsU0L8EtKmlyXf++KT+uxdAEaYeS3fchKim3L2u
-  Uf5m00QO/IXazoyT3d9ZEycgy2fmdrgqXEWZBFcfYTgIfVl8FYHG1Z6iaLeBzoV4
-  o0O6j3Lo6HiZWdzeVAo10CWVvlAvbzcWE0Z2UEQdAoGBALdrj3GuXYCSOu2R7Zzb
-  f4f8k63QCePvR9BZ3JuvJO+HOCq8MOiX6PVYMZ5qJ+L6EohhHcEnt9yuujxQ3CGP
-  XseL4RZNdYr6MZQdL8yotDRl/6RriaeKgXAlM1kJOkQF4TnyCmVfXayJimGey7as
-  c6woIqIcG5JpE9gPUO8mbLnxAoGAEH2mWHs4MRAtsD/Tfv5e/pBFOIKoT1FZrSwH
-  7JvdL5pGA0ahCuN3F/CfdhOX0yoq2Lb1lFvbPbIKINIAf0HHSFMwihe4+1zURtD2
-  NgmTiv1uzPmSvo9x9OhLe1J9Gupd32VniE/aubvWlqyl4ExI85mEGUuVyIU3L1JE
-  MDQMMGUCgYAcjX9tGA5whqgXqENhEvQ0hF5TtYxeQS667ZvNfTtt0fIATeQts7KS
-  bgZii5LQfZxqSGcmml3qXuyARaoak8OjitAS2hNgOIjDzMB+4856yB+Qw7GnK6dg
-  g3a8YvEn1MpEE8lttsh0QnkNuXAqTlxR28sYtXErnHdDVEr4m7RaEg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-airsloop-control-3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAySuJ6jbD9Ka8Yax1mV7qFWI9a4Ri7fTLulB8Cg84SJ2u9FFM
-  nrM814nBADDvjzQ5sGmRIdXwqEGsUYLVVfi0SlchByYE1EvW1YaQLXNNqlma0Sxi
-  a9rT/A7xA3C0q+0HetEueeSQQakTYerjEi7aQGAt0lUK4B0njSx3+jf8VwIww4cu
-  JVA0uZoyHSiNTzt3sNna74VL8U+PNxLtfdpoFafy2ZsUnBWWnctxEwdj74rMw0ZB
-  FQD3Cd/TUU+kCEHEUBGSkVL5al96KpocpNOtvnQFaKsDrlS9xu3b98EFaGvqs5kl
-  jQD+zrXdY8DG8pvpu5fs/zE9+hAsbzjmUxlXBwIDAQABAoIBAAdCb/aoxUeF4NRx
-  gcjoGPBunCLOIzfNFrEBiIhgZjqQniio6mfrte1dRj64hVyYmOBZ3ufmrYmU3SAP
-  5Zz1naP1Ivb8Ez6KAhWwhnFtcMcN9r1HqcGUowO8kkv6fDqcEiIHfHLfoakM7esh
-  q9ITKMMb9WtasErIIo5ApY+9B3koRbDvFKAnNVYg0wgETYNzVOi+KM9yuupU6cCS
-  e49BIG6Pp+2ObIi3OMheT+lt6+OSWQOrmDyJKJ5Xw12dZkQjJn36nxs953do+FY8
-  6wqjYX9wZq9LA/sfKyWKl5/IIYhjEvzAEykZh3o609JBklM5JMmD0Hm/NNfy6wzt
-  VL+FmmECgYEA6pa4039R+Yc0EI0tu3iJzf5uAaZ2GypjVYW2mqItIAew9kJzybYV
-  fZDXDS+eKpFji8pmKhAXp5PSGWlg541ReV9dsClaIXGAerof4A01Ovw2RF+3GugW
-  MxtLiwmHupHl8AcgVonZ8amPcjq7n5S0WfyO1UURcr0F/SLtqHibptECgYEA24f5
-  KJ0ijHPesvP2UwB+UNHOE1jpssXb3wn88gHQK56t3kJASZWZwIzj6BVwOb9U+mTy
-  SQOtitVgWU9wwG1c5x/G7SMgfjPs/STJVW2uq5tkYlp+bvvPPIx82GnCFI0RQBPy
-  mBzy0I3KS95J05tyAYyHMw1mMpiIZhY8/QfOxlcCgYEAxxdLnRN9OsyoPzPSEDzo
-  l07LhdMEgWGkFDz7EJl6uqhMY3NaWWKTMpHuMV6sWWwyk70en6wwpyQpNy/b8ihZ
-  cSyikpNFzwRJCd9Ulg4fkwPh+n1RJSC7VnxfzIw2CP0xrFgf9dHgidxhxYxbF8BY
-  n9ZcUlvfxwTtRDyUflp9n0ECgYBtqrCCZHUU2vFeTlc4QZ/YeebLbXhZcVQUSKYO
-  s28tyzgqNshsugoz0W4sy0Dj6DvoVjNe3DJ+j3dxRikaR8fIQeybHBgoU4JJN25I
-  eeFvItJz+6b7hFmTcs8PQU3N/Gaorw5ahOOb4ak0W1hgGGBMe8oya7gpAF/rN6LB
-  +HuIQwKBgCdzF0nP9a25oBn9da+Oz1A5trfCf5/2fBwswn2QCfdkk3T3GmEzsWBn
-  +ls5TQ9oqclt9ppYk7Rm9g8bcDyldSpdY9lY1gMHFOvZHSMY7MLZBDD3PefnnGfq
-  CCd378aUL6Vy+f6oarhOrPBCiITOIsnJREjMqz5B/iPGeWySDBWv
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAy3mrtSikYofQZbCK124o26bPeQHnkjr9jNlj4uYz+Y1zwxoS
-  0RwlDygDjQxdAVxlKwInVn7kEaDbpdQe4lWNq5iTln4dSa8ZHAM8+Nqljqnzpa+Q
-  9rZ3a421ntUkbX+GVzkuy55jvt1whUnrLeTAzkkwXbnlODj4pP1emQN10JWJNxZ7
-  Smq8WLUiDRq1wjek5AQz8FQELohL3+bazomi3Ig2OQFbIXInvUoUlNupo31WSJex
-  BzHV7qnYgGhsgcdPFR9v+RO8qbs/o5qeKZmG3RW3L1eN7232CLJK3MhUFohmYT5T
-  bQXDsH3WCqOAra5HFkGfQRFygIyDgzB9Kzt7fQIDAQABAoIBAGtMvj/KLuXGuR7m
-  +lCgxusODFrDplp2wT6FZSdCPiZbcbBxD3s2XFShxT2cR29wSelkOVpjj+G78hiA
-  w8iXVR4oV6wE1W0F6TfcfUq+ApA5D0NQUiHIFzGgiSY5P/x+Q1m7zfGSlQcRv0SK
-  tnp9Jy+haOAEJ9x+LqDS/A+0w2w6fVPtVFwUIvc0cqBi5y9l8fKw4/4yYxYJhzh6
-  jq1lvu2X6IIzU7piGs5TX7q3fyWF9U4SMeFZZns/yIAHgH6XEuS434WvcJTEEfah
-  FSR+MltgkyN+Xib+tRJSC5The5BRGBrPkiLZx46oZYFzcNS1uz7X7fzf/+KUNtX8
-  kz445AECgYEA+wMHu6JQSBfYgBIENyl8O0KH2sYNEh9D1fzIh5IigtnMih5K3VKb
-  HEnSD8CHdH4iAbZJ8AlZ5wAG0eBRkkh5Y8NwqG9YPS7xnV6D+YFr0Gl0I5d64cRK
-  M3AdZ/qYNBnP+Avnd8FnGgnT28IYky/xLQtXaH5sg4BlieiZryw/wL8CgYEAz4TO
-  7J++faadRWHNblevya9zLEDd7bsGnThwSXVgojzgAyP8905w9juo+z5Zd8aBDrv3
-  eQZLE0htbYA1MHXPr53r50/I2BmvvzpH3BUShW7AC/pW+LEWwJLXCP7Fz3/x9/a0
-  ZE3m4cQs6Oge8L/SynuaPMTpOWk/cEiq4mt01sMCgYBj+Af7ZaCdpcmW8BX3tjEB
-  FPUwX1JTVlpY/i0LOVs/S+jXVUsxrDWUZZ4goegQsC9xCR2XWNISWwNcUP+LyAt4
-  fR0AKCA3ddvKdhsPosjCn00e47SP9/IpXEyJ3dcCYQlf27XbDw614xYaXsoUzLI7
-  41lzh25GTTujWhzjFDdr1wKBgQCkWcqIHPwBB7QG/y5z9X6DfTD6G2WoojbazZgg
-  lZWy6AOCeT4fn0BXw2hRk0/ITK5pvPSCJTnQS8xerOtzNdsGe0waJlYq0C0ghkfj
-  Rc0lYFE5K0s2KwqZ+bHUrfJ8JBi/CeRUjF4O8A+hZjUa9tE7DClbd5g+n9xeUS8F
-  o5UlgQKBgFCtllFAIBmLLGpcD6hpQQttlbFRTRmXUOLU7TaL6NurSOqF87ZZ73IB
-  NMeDsE8ScfQwTPCzOPtAnBx+1P6rkaEicvoofqQz2LkZVAZ6BeZFR0iqlI/pO9jL
-  cInR6j1eksOrNPAR0KthHX/50k0VTBGmMX9KEntSS1oHB9wRFUu+
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAllcD7YvRQiZmQStnEv/cpjkQnDCtBCcH2o129WZ4DGxHTb7v
-  lKKzH226gNIJ5o/pLZXlNXxXvZeLPMUvqBmLKAeLDP259OUQHq8rSItgJE3LXduD
-  XN+XUzNgVaZHLsCScamEeH7uiut0IOPplB5NXCysrxb67JdcptBeBcAg03gxOgFI
-  RB7mAAiqjyX3yiUlbQhzQkoAeShZvC1MhjRZP5nNfMhijId1uVT48r+gKvNKzhPm
-  C6z6xoCB2oqXon5Ws8UTjDsfAv6MV1phChK8tOXlW6yCJOm2MmYPtoCL9pJ8gOF9
-  7cEOZZMJw91Coib7P7+H6hKBYgPAvP1G1x/eUQIDAQABAoIBAFhuutrCQccde0ye
-  UTU11/7W1lRptXwZ0V7Xk7/qFHeKQa8Tvy25PpAgJXKdGkHLKSgtYfRCPgJB4B9R
-  BiVlURusxDhSD05kZ0UFWPqFMXppYFTHSNAanZLNR79Z3ck8cWf2hPuz/nEs6tRl
-  /AGqiWrMxI8Bf3wn1NIzAvty9lwtEkrgki7VCWOU693+dlNshiXQ9omZ88ECeYPA
-  OrCsdcCJXgXsQiU7Q+we1cG9+youd3iHWVE5P20odKJTV5yRBLN/XA6QjiZbcHBO
-  LWFL1pNAGKTJrKpw33e1QhiX0ad27pJmoiVbW3UobKkT1+c9QC73tz5FJxmqr+SU
-  dL3SMpkCgYEAxRwppH5/RTef7wrTFNnqWcgqfjCroO607UQUrE/97vqR+UPVS0Ie
-  5GnxPQoFaE6ei6MFwd/XCEfz7Al+fa7ZDcrjZOi423Zx4a32ffkK/r1fzNRBx0a9
-  UF01xFIJjRtMEVvIS//GUwwWN4LdxhSiUjONXnxm4THh8rnWwmGAm5cCgYEAw0Gr
-  gv9PYUscHY3zXTizbwsgd+1ezJakSF5fKSM2Yr7oM79UVlq41UMZZgcCyDPRg9i7
-  Oei/UxnWMUHtLrzhzMqFD283OAqNqFAD5Aa6oXv2RYwXAd6nlXgv5blSEkrE25Or
-  +l+UOF1M1izcJr9XsXQOvSGr2w8rPMw6tbEkslcCgYBebhiRIr0MRxLK7W+kjKWW
-  L6wT2nNO3S02gig5SPVJmSd3uISl0l6EZTDaYkOm7gtMsGQgtoEJCZeVHBNKWQrJ
-  bcq03D07fqoeST5OqZIX6lfMBGAi/QPTTWRl0jubK1ms80CpEDdOL/swyvQ+YkJF
-  iUcP3h9XgZNSuq9lXlrDrwKBgQCdryURj5nNmtjDzWViPW47GSNJdrr+QhG+F+iF
-  0lgTetUPJU64xl9KavvR94t5ns9uyNK6u4n3VIA0G2euPP+lYU//3PMdIPixmpzp
-  w71ouDF0jOPvsJ5qCTu1K+ppt1Qvd5yFgDa1JjPtKyFHcXMibfWRK+Yb7K4gVVZ8
-  cOiP1QKBgAgGKu1oZdrmUXoHDrm5lknWvwDmahAao+r9KzptHr560f9u3cqa+PXX
-  QW4hKKs07qi/swN+O8NKQBpa3+x7gSTnsg/pw9K9wh+7mHGrk5sgsWhwlKT6gdvO
-  rnERHUl22draIeM04wtPOBC282wEH7FhJeQdEU+bQXYXwqDzZ5f1
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA1b0QoVCroM9fVyLgM2hcvqGzNRMHnS7pO9AwTHEX51yE9y6R
-  6BmLMXwRT6HHeecy3Z4NmQzgq0JxXpvh/VrW/fTRIb1H/wfa2yGtK5PfNYk1+Jnm
-  9Q7Tp2abZHkrRfPYFgzTRMMcUU2lrvRhGridpPUurFM12In0gvW3o0vf5GhTkkGJ
-  XpbRn/CGRNUntwrCvgn3duUmV+nP/0JFvbLZ1iF2KRzXxqP4zjD3Wz+1Fgs5HPA+
-  BFPmcM8wn6Ls9Xxnbp9OnSL+fNErkAdCBd60t9PCsk4TSVZEYCGL8tly3menI2QA
-  zcI03lCd/OiZS37OoxOdnWScp4rOfuW+EK6W2wIDAQABAoIBACahblEJqIt/D4dL
-  OWRxN1oJFb/A+b5SDTuPTDt0sVJSqYGXfC2L+FlwSByxa8E/pTTi7Sg9aJnrf1wP
-  JpBJC9SInAfSEyIoBElY09iteElPzF5rSo/+Jwj5hZpqQAT7ppGNrd2eug6Dzy9I
-  4ggXV/7Jha8FtxS1EmldCdzMyOGaGL3LKVOjuOLYp+ZjexiN+d+X0fDNdUt5INjf
-  GCRGaP7WaISYeg+0RJgzuXwyopZIkPGzI/ZAcEtL1o55qS0pQNAUb2aUmam1ccwM
-  OCQB11h6sleCtla6uhRW/+HSkkQouqyUee2bUgtpmz32+D/e3hcLVjP2GxColUrV
-  ZuJq7tECgYEA/BFTaa9rZtg6VNWHMBvRsieOM4gN3ekPLOr4NbDAEtO9orDbEVI9
-  9Qf6BSmlO4ShOJhF/zN/L0V/ob+XkOVkyA6/uu4K21xlVbrqYZICVu50IMAUiLcW
-  SLqhbKoWpZmPOfxMGx/jr7FkvJvYeYqb8vbrvG6nlc5Jd+6ocE+uXEkCgYEA2RKq
-  UqETwv1zQ8LfMVUhzO2sxV4X7H61XsMdMeNEfQY/9pcIgm+uCvCA3hiHw1rW1m7V
-  powYMxRP7b9L94Z/cxVTlRajxTErKOZ3n6G+mSu7KlaSBq6rP/vXNzwWEqae1Sq+
-  G59GgWYoqYUmueAoK5NmdsyneoCQrb0+SEozcgMCgYEAuqLlfRI61tpxTlEQGOnw
-  ORYar0Mk6VNgPiT4hWCKxyXqeqSyf7/CSkSOtfXg9xG8AdiVs2Dg4hJ2b0AaLFn9
-  ZjetdO4+Ma/XBEQyuO3QN6e1am5uhc/yewVc8sV5oUHzD78kZs0U3AjgCtrlzRB5
-  acu0PkA8a6pjMZ8PLqGA+6kCgYEAlcqzjeFpaZzL9W575ecBNBCusGOFzsSBE6tA
-  cjSKBlxRty/xx1CZoSLlSl1TEhOVPNOuywbRjC3wGfdvzJcbS6bjznWY/XI4fjjL
-  Q3SxubDbrxOeIM5XjgeTM6Ja+PPRlvevyA/Y72I3nQMs/gcYsTk986y1xWsCa2Gz
-  oN7TMVECgYB0MsMuaCEB5CqsqFT1zMICrEBUn0DeWDIu32oIeLWTxY3FnMah0u+g
-  Je1xMUDVY5IxF2xTv72iD1wGGRvPux2ZCQl6IOX8n1nQjDDnJwBqzJMp2Y+gbtmF
-  eHERLdulZB2g1N2Z1BIy6YVhmk7qfA5n1cogK/hRt47kD172CuYDjw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAuksRZcTqgncLZJy3anUczL379Dfs28hkZw9rQ3qXnSGh+0JY
-  7ld5drG8RvqWDxycbDzIJ9/ZpWfIm1S8811iAQa6gLO9QIEb5Quqof8/NejNnWYc
-  BrxxyGuwcPE5dbmxVACzEF8orw7KAYsUJN5t5EmOglBWjUH0oORz7xoL4cZkN4+e
-  Aj0LwpPqbUSrv/Fup55GDxSTWy5wI3+HmL8X/MLMYusDwx61XhAPobBRZMespV8I
-  pIqZVdzoOBzs66/+8BsjsxOyKpra5q3Lsz4F9hTkfCaUr482sz4a6QGA8iLymlAr
-  f3LHf4sLmH+ppAc/7sk9tdjq5T22bOWvCEoRowIDAQABAoIBAQCYFTyItm80Pvcg
-  FghuclkmlFqiDx3gdwHwWNgaaHRppNFWC94KBYN1cLfhwiTLBXJ1slE8rDREIivV
-  EyKGEtA1QkbzVsjDZiNdo16TjYsO+ZUSUA/FOAYztiZ+rY9ZGlU33LJSRT0zXIFx
-  LRcu2h8gZSRgIjHmc9e/mYFDyyG0GBuDnpp9fm6JjTGH86JuGEzFr1HzcaAL9ZVi
-  jXfiDOV92yjp0xqXjh1Z/UssQNRXErlKXacmhuN9eDEa+eVWyEWY57KAjnm0JMzF
-  CnLWeBzh8UHG04ceAGFJNTGYR/QIhmKeuwsjI1M+L6ez5WnkPpSKfT0ZuTFq0zu6
-  Cy5idb7BAoGBANVokL5zcHz19wx2SrL9RRQJ2vnBUpvOXQhiUcM7M3vyzYX4GwHY
-  MwgXiCYK2aQyqRzP1QtitzRDgiIPnthJ+9EsQMK580XWdbplSZ3yIi6A9sQwAWYl
-  dtSWt5F9X/ObzOfEM+1Qw9D9xYd9aQk4qu0Np8DrUwZvtaeqQcjQBSTRAoGBAN95
-  Iqdr2JFTZOrNRomPuHIq3kH74Yyv02sG3IvvWw4Mk7yUYiUaOG5uORwU0Iep6vXI
-  7mDM+DMu1eyakYs+yvtMVwl50NcJsKiu/DubXujRFQlIJf7Ym5Z1uQXbtFOP/ePY
-  C4ZzvvsX2XNIzDQtf+Z35LsuYb34M/6U01gQJvwzAoGANysW8AULuWIkgXY7DVZn
-  +ywpDZOqdVi9uCMim+O8BXjZJJ7k7G8lkhvzOFJpvQbTrP0VSCI21i31gDSljahi
-  jspv22cSuqUcPhldFJW5vGfeYw0971gUBhUIU3Yjzegi6m9QNTNBy88utz32X0nk
-  9e8nxLmQ9wL95OAgrXcJPWECgYEAvpd7nLp37Anp6e/FFxGCR6yT/kaqaOiUMZWa
-  h6ZOTD8hyRXsVqR0OIq9HlwKNYoPoCwMUna9wDlTrgVt2Apn58eF+8ju+leDWXpU
-  GSo72ehoPpBQB3gJylsAwCRPOW13Jdleiv8whMokZRRTRLUBfjgG1jWKmxCSl6+q
-  SFMOTM0CgYA1I3sJXvGhhphMrLV8zJBD1YlzhRmvx9/nLa8x6BxyG/5mfeBie8ov
-  6i0rjfHF4PRVu8I0tPHn9Xo3O2moprRNsUF301c+pwKUnfVHksmXHLT3AQbqKrbL
-  phRheN8w1Ltx41REkmd8zVXGrVTTwxApf3XSc6IY+Sa0PAeNqlsz5A==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAtKS0SWSg47TVHiddHWA0L7rlG4r20iq1/6iLvc803KxHbLeQ
-  +6KsLKJ6MxHIIQK2RI5QW20VntPusXFHcNfqru1xT0jsK2Td5Rwo4zRQT7fj97Cx
-  R1GVXQo8EjmtuiAm9/3c5qVC+j/lYmUs7m81dnJmk6U25DFeoUf/k2Wc4CRdnPv+
-  +Uk7SZ8YAaCeaOpe7NxX8WYgXVnILvC5n4OIf3OY4gqtpnSw6dtq0zey5gHMiqnm
-  +MUCr/TyXauuFaPPqhaJUZQD1aC6XulaxAzzPuOv4sr4He/XO3oKTsJr1EDezgrA
-  LOr1o2lzJlu2jVW5S1b7z6zuZQA3nILCPLmkrwIDAQABAoIBAGKiK+6HC3JJorQ8
-  OhN4HAaTvdU0I2DOAWH+3Y5ePTbgun8aHAfJ4sjcTmzkIKolmPAF5MqG3W9DuOka
-  OS/cNUAeVeg8oPdws9gNcCXewptEhS0RRTrzyOJsXDB3Xexq8dwmuR8WzWNm0BDR
-  vZ7TChYKkQe9BiPC8TCO53XL3cRkK5LlgKfr3x7iTUqfAY+bWDX82D40+ccW3NlR
-  1DbMQjUpS9mwagR3C+7ElYi0F7qwJ69VCOU82KQz8eEpIrwVYz6t0TxpVTqyh2Gv
-  m9rdhRg8eXM/8qvH9xMDg+WLGu+H55nBligYSbC+a23PHBjHgyewGjQv/LDBhWx/
-  5AyfWMECgYEA5I04JEJTJohltieoV4tP8ToFqNlEMtGZ/Qqyd6omgTrqLOjHm+/s
-  p8Qg97deEa++wqxQejugddHP44O6A5dOq+xTnA0KakLuxd4TzFEXaGmOWKsKKDiU
-  SzuvgSYl/589ZA1QTA4oWgaZwi6yXdhJ1GVEWjJ3tSctB4CJ/FTtD10CgYEAylaN
-  vpMon8CVnF1m0dXmJet2X+uRh+30iJRBmEKfo7sKL+poh6JDd/b3QbyanSg9pEjw
-  dYlOdZ+6j/zy1wpDvu0VvhemJaYZPpbC6pNJGgtoGc88rXj/fzcPG5vE/zfMMwdm
-  1n2MSBpvdDa2nFtHyca+UIrgvhKDTf+pN11jH3sCgYEA17REwUvrqFlhDXr+UamF
-  CJmHT+XGjOPvnrei2ne3IY6WB06nXZAiXfAoYUMpwC2LL7ZrugFenvQnbYYcYFlE
-  gdRo0MYqB0Imko7XRqVeH0hIdXzv+Cf2Jc8uBAkaIdiLm0tJdo6CHP1Pzso9w35n
-  p9LvoOUyv8E6qXLySDlrB20CgYBkNd3ZxvRVuoHegXvM7Q0hNq7X7smS8s0rX5Hl
-  IQoDgz0WYhgHJNwZbB0lV42TzDxLQzykWa6cHtG9Ql/bFOBcjPs5vGizOMJD91Lt
-  7qhD1+Zk8fhxSf3wOYqn98vnQvFFTKMoE+IIS99rRTXH1oWFb4MOTNnmCTEyzi42
-  l2/iRQKBgB7Fr23rNG1xYv4S/RfeKubVuH/g7wEcs29KxSLRjjjz6jymO59cWJUX
-  xxQuMekZkG31uWPxsxWwar8jmGF0bydhe7IASolWVeGLD30tNhI/E/ZM0l01AZkH
-  HG0/OYFCbMberbb7nAsUsNgTPAV8hWxsaj6HnGaixJkJlaSR3zs3
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA0WxryQtouuzKQ5xfafQjZh8Lsm8d1fF/eqUUcrxdx5cVGdLk
-  JopkSu5w8OT+HBKBq98utgOFZE5fMPZlUBYTXj6Rvz1Gry+7Hh4dcS8PfizJvTKC
-  DVTHpgBwNBlLsd4qCo3/Swz4LMz+JO8cgYDX3Mo+PZC7m8l8JE+kctiXiTNETdq8
-  B/3rEAQYe+E77dVwBGLn6M5zxXRmMBVqphQzaz+ZVjXYooe6sAf4vprSg3nCJ9qh
-  m2c9tDm5jD1dR6vxCpQiSg6Tsz6Au7KFXa97fzM5TjAKwlNi0MN2wKrlhrastlAc
-  tMs1ROTi+SIeYNDSqiqRn0jt2Zt/+rGvpjWj3wIDAQABAoIBAQDI/ZeMwihnji6p
-  KQDhvW/j6NPfEom99SL14E15uJMApV2ZBS/2VUfgKmu2pu/CnXhaLb607TguhpER
-  esjNTgKUptRWiEa4h8S8KQb0w8fIvs93h2wNw1pBVZZaShS9xozuyE1GCFJ/HNal
-  N99R4whJXMjTaX7FC2DbsJwRpRH6l72AYxPdizheX7kBwJQrsw/WEAv2EY3xaasP
-  yJ7iJlTo9ucY8E2seov9Dafu+8d9mIWk1YNACnt6pOX1ny3CIyuwieOh1pVbsYUS
-  TKMO6nF1RxEDv2WXxwjv1tRXB5W/7G3jWACFbO65C4NoiKiwQWlWXFgoof7aA+Aq
-  PPGT1P7BAoGBAPswo0jT1vQpTSwXaWDrZbxhkbdysY3UDGQ5M+WBZ36a8UWbj817
-  v7/2+NClR5IaJiEEhHlydasmran1cgeFJlw2JfZKKWdeCy0ORonBDlsUdpfhhoVu
-  e9zHuGjGUOWC59gt5Hatr1RRvBlj/EyyoaGNAsa+gz+p3aCqmnJp/wBRAoGBANVv
-  CgbhSgAFFcqYvOR93mbUOGPj9U3t/S6wTIL9uiZIRLBZOK+lDOy3HXqz5EybogGL
-  a4yDgQli9uG91HJE/RJPxZag8oz87Mwgz0/Or2992x9XYdMu8reKTUIAllTvYBmv
-  O7YwNfei9iMyjcWpbARNn459hL+ZJ2JmzjLBcwUvAoGBAIZzX0MRGMJyBPuvwFj/
-  RuJRe1StEHqw4L0YnT2gSUxMFQ7EGHHNZjKTOFU90pRSaMxNhbcX3AHzXwtU9Gcw
-  DvtWhHVS9tx8SxEfzgPYER4RUvUy4vUy0Ru4z21NkWl36y8cSWh4yRsh8MPKb/aB
-  uuAlATJuMQR3oMhp6OeK8tIxAoGAAwGEV6J2o1du/iJ2jpVDO5mDjcyZGNbgOPcc
-  rL+cDov4A6/N/5NIglD15lOARJ/wgSsQgbMcbyBor7c3tcBI/CgJdVyg7eFmCF3x
-  7YLQr7ZLDr7xTsMbggA9pE9TzrBsXxA7vA4jxHAUHVzJ6F3BerIJLD2SUAx9JIKk
-  JszYrNsCgYBi9yr9DjSMxyJ+beV91cJoA+xrkvffjzkgvDeKyMOO0APTSdsZEh8V
-  N8hFvmK1Y+OHBei7FWfW3vJ1a8MrH6hW//PcM2AL6X9e9EsRuQELEi4MlBlg+hFA
-  dlIA4RwGd8LF4u+9+nQIARTlMfyO2soYzYIpCCF+NpGrKj71aKMhUA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAqc2164O4HBhvZQr01MagQqZqeZhX0mLhTT8fQqZnNiSi2Ogq
-  rhnwlX46QzxPW0A86kubcv+fSl9WwzrVVyzfZcp0iNH+f848XRNkRnYuE4CLkimZ
-  5KDV1MdiHp7XQ2bKoSwp4rgPbqQUyNZuzabvEDSu+C4PfDS/9vzBMYVkProDpRXb
-  AvXuRhiyUc1QmswB/fA7MA3DFosL1x1QDYRhUQ5Pwl77dhf+z/Hg/fXWD/gXuoQY
-  DtZv204BD6z1GXFwIcMpLfFArW93cypGhOTV92nw8BVLonPA6hvivZtZIoKWnzYa
-  0a5+wSYKJG2IX4FhZNWXeHDjFWvWtzwQxfSXsQIDAQABAoIBAQCgsO/sBScCT417
-  jbbMdXvMFzjEAYt6qeCU/ZtTs64Q6vLBWlSplhq7Hk18u2JN9KixAQQG/Cl+dGLj
-  NpYWfXycE8/cev3hbQZq/qLym3xXMFrk40GjvyEcz+LnH2KPgoNXqzeoOo9AIT8a
-  IPOS4ttx9qlubAhzfmf8EI2zk4yeXle9f958euuHjblrMzEgD9sy4gWC1fqYTxw5
-  /8AWudvXphr9evmJioHLETPTX9mhHO5qDPDy18cioyVJlzlBb9nQVwzHhvWO+p03
-  PnW7HK9TTxxP5waQ6AxvCmfw3pnQqIz16PQIv9or75SE11dzURYTkNKYF981a0Dk
-  rAqM2PaRAoGBANXsCWv5yqm+LOaIaVk2L5bmnhyW7XKYDbVvXw0ZIMdVFCwYDtGY
-  1OJ25/8Qz6gQDICjRrqzPK66zw1kICynpIU+gFXxIQTQgif30pVZZAA2D5JM3MRy
-  bOiuho8HsvgHmIxa06/XggQorIaTu47HXp4SLJqrs/G1Is9nwj70yQLvAoGBAMs0
-  Gu4mqwMBgF9sJsan/M+6ygkuGvWCmAAQ0F2Co1sJ9CbJnAjj3cUqDZGqO3EDWA02
-  mKxtzxvxYZRVbW8JKrwpUBQlu33l8PEqGB8XpbXGHVSvhisOvyYzVSuTZ/rweMC3
-  xUKReq2yibnEuKkgTFTYrs6Q06GwjPYB53zQ149fAoGBAKgBXkzsutugvga3r3Ue
-  9zUeHaL6bbWH8YxC0XWp/HJQQS14H3tA+kB5fi5194BYSllk4hGS3t+jWyV7M0Ge
-  z7jNo2DbpUDwuKfHHB2rPLxluMj/kIrACwSavJbsRwRAgvAIDSSWrkex4f03XR//
-  ODIQt/MpUoNL7PDS3l0vRgcFAoGAbiU8Q8LqB6MUtqSlECGWw/L3+KnpKxMy2TZD
-  +6wIaBypHy1BSwBZAbqdyEuCFOw/Gkpxz2VmUjsxLXpw6zMI2x15rrIVQ1UUmWS7
-  1n628CUHWRQbodNIgahpjklEn50hlzUF0+OPn/+a7/tWLTa4qXUarBWM4aQVhHPb
-  yqhZb/kCgYAn3IBtOy2JZsiiG+bJouuh+//N/VVpxjWpIMYfLiPQBoS8SFnKVysh
-  ENUzVHzGclOIcit3vVaEo6X2IrrFqkGCT19LMn0istqhh27jFdlm1JqYfOjNDoAS
-  w8yohgKwk6Q2ZJ5TCD/dwkIIq86eThLoq86gMibFCLohyxoFhqDgbg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-airsloop-control-3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAqn7uFly1Pz8krwNCOwPfF9y3LySMjSTasJHjppAW49oiJQbK
-  HdTt3QAsBt0cDK00xeyw8z2Yd3iGl1rA3xYtUnCx3MBntU05g3MGZHErHH/4lDZM
-  aSFXq6pUIcblPmjoNHpWtyzHlm+anCqIzzcAqJZ1HW7MlfCOhYljeYSDMCExocL1
-  4/nIBqSW0/ckzf6IrJ43At2DRvdqfEUEwBgSA+oernw7djBAs9DrpRv0sMNbbkPw
-  cgms253GsmQIqUYOsDa273HkNaiTbbfcdXvSjkay+D9imKYVISjUQ8mfJKwqvBJQ
-  3Ou1ig5SGtQMYAV4DDqeDP6giSTvlBt5C2kvCQIDAQABAoIBAQCPS1j9kHOAsag6
-  M4nxocJaAtYvGA/M/MGUjzj/H7EtVYNHDVrIEdLM4L0gE6vkd5qYEuNxvD4tgy3T
-  faIGnVQAKtlCCK/hMAN7mCwyNO8f5+pbXvt/jFdr3x8QuGKpvnAS0xOYplkk9a3D
-  PPh49+hkyPerghkOl/yg/SSO2DGOO6gtgXFlFesftbZbOntdsl9u+23qrjQlRL+7
-  iZrmxZwmMggOjJ3fZDIpd4qgne5QWKFCfBr8pSUBuEY8LmJ1TsEzygcQtpa4igZ1
-  /F2WNUDrHQN1E7SfAO+0eX46VT9K12ipMrO+RZnqTxpAu6LuSeO2RCSF7DrQkCpa
-  hkfdIvlRAoGBANtAWd4YslNV19pJJaDuWLc+XY5pdf7NROEE50z1sA3S9yVZ5s49
-  a5MGE6tM3BWgY84U2g0D8yoxsI7vZ7pjRVrkuSAtvcMA1i5MviMKpUhxMcEMr0uo
-  9mM6QEDGm7lvurNrUfAtFc3EKJ14DoR01a8KmQv2FiEKNJuRJE2xhE8FAoGBAMcS
-  ksYkC0pVTR1u4vD1f26foWCxs7VCleEWifnXjpL1zmjIwlcOjFmyP7id/+VkkQ1P
-  Ket+tR6UsKKfxr9Q9gYxAl12BHaUUI+/iFh6QoYKXthuh5chaNLQqec8mOcuAgc0
-  luDuVOOTmrxPWIxulSf7PcDC6oVgS+zpv7AcW/c1AoGBANQ9QgFmJNHZCn/LSTq1
-  H3obTBN88XU7nc65oXJ1bvyi2Q32LiA9grIrMsUjPPVOcu7ebook5bJVsZVcGSxr
-  xoqLWM3WmZh4ad0d+v0O5BrxQHmhXtu97uz1SZeq6roidzgRzprR+gZbOfndayg7
-  tVKhzq+ug5NuPqjNYrg2/F5FAoGABU23X1QCgP54yXn0zdqchIP4Nq1FTmTxvUdu
-  cZuOjtfBogUHOG6IyrL3A6Ih+SiOvL4JLd74UFJBynNbRimQBGY12+uS/t3Ar7O4
-  nDLVpuCL2lRHhH09X7Bzdlek8zPElhCOnHt9A3shOjca8tLXYnNNF9+Zg+gm3a70
-  jmqTAKkCgYBizzNAExtx4vExlVhJsXW1VKY3oS3+OMNRtdgcXQYaCyI5iEbD6AaC
-  bayM+O/3HGI50M7x3q04qDNiiYPolRDAiuNMc8W2KlS38ZCDZ/RVCkP/wZELzclD
-  ApOrONdsp7iOC7ZxB5kxHlZLVVjuU/izp+V4AapnfwlQKZhIJI3WoQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79h246KM8Sb+0IaODLfV
-  4sGSCU5y/rL/hP2aBkwSKPsSTqzcMqnz+xKYedVw6+KPiYNelXi+FSxnzMXrsOTF
-  mk8hkraLk1G7dwThZIn5kFqD9YHpV2jSRO4Pbivz9EWHSW/lvE9gj4bMlYDgGDwn
-  cfVMxkv0Y32SBzEEZT8B8GOOYThcoCiFShVGrqszwB+c7OxV9tGz2mnlxwkAq5uZ
-  ScKp+QIv4CK0unQjyYpNV8O2KY3dtHLsozrxAv4zNIDxEHneSYZSe9HJFahLSQis
-  4Ck7X8A8zieJeTs8LUjYm0yVIvNuIvjHnM2BgEUIBtda2tBCeElUINWKp9lUCyQv
-  WQIDAQAB
-  -----END PUBLIC KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PublicKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA79h246KM8Sb+0IaODLfV4sGSCU5y/rL/hP2aBkwSKPsSTqzc
-  Mqnz+xKYedVw6+KPiYNelXi+FSxnzMXrsOTFmk8hkraLk1G7dwThZIn5kFqD9YHp
-  V2jSRO4Pbivz9EWHSW/lvE9gj4bMlYDgGDwncfVMxkv0Y32SBzEEZT8B8GOOYThc
-  oCiFShVGrqszwB+c7OxV9tGz2mnlxwkAq5uZScKp+QIv4CK0unQjyYpNV8O2KY3d
-  tHLsozrxAv4zNIDxEHneSYZSe9HJFahLSQis4Ck7X8A8zieJeTs8LUjYm0yVIvNu
-  IvjHnM2BgEUIBtda2tBCeElUINWKp9lUCyQvWQIDAQABAoIBAAtZRb7dqSeb/cCm
-  LUCCzlcNa7iPArf0hkynp0sW/GD+CE66tSyciBPgPGC/bblrnfkWwzn1XaEo2byB
-  vPZAzOzRQ7hqdM5CtskZ7QRR1wIylj3eqMjfB9wFG6vN3pw3UgByj/9KDjqcWT/V
-  ukTLS96Did90JpsyjN9UPW4A/jl+lP+wbpjmwYDUCBFxv8isCRrik6zCC/8xrlPm
-  3cAPVPdqtayVHoWbPr6L6KJCYJKhmFpTdfEccE9mN+anx81yBaq9X2xJIWc14aUl
-  niMyv0/qPuEMAglCxWr16o3y5l5xaLhXG6s2Hn1G2NPFf0y8z5XNKWnUUC1XV/bI
-  enFtp4ECgYEA/rm6+YUCalzDfaqHiKzqQb4+8JZvMmFQR9tgUc2S89UoPf2qkbuU
-  +IkrQ3w8YvpDfKUeg4wspa0GOQfBLjkwyIxDN8HMIbyBIqRAXss8mw4LZUI7Kr0/
-  V+5Xk70GX8Segj1/h5PCCbB7rnJOVEYbngedI4XSkFiIrjrDWzHh42kCgYEA8Qus
-  v96GaY2DPl5izaFhn6BMRCmCZE/EYMhPTkkEWfB2Agp3eZgQ4m6mpITcv2+7QIp6
-  D+ThB/yE2pT68D3y3Oqo5E8MsAR4yIkTxxwQDU7kZVKHYA6xpt+6LF735kbjo03Q
-  sMpXC5Lix9vTnF7l0EHXzGTS5P9nQM0kZnz0nnECgYBkUR0Tu5BR9yp+STSLXR38
-  ukHrWjN8sdp+EiWC0eU35hCtKUONlUR8BPlm4HyftlPxuM2lnQTQUq4Ks8UewSM3
-  OBYY1VfhSW3KCMnZC01Y+1T9kfHfSRyzMoiHBICIItUSEcoxyL04N6rd7uJuShYC
-  TJlULhXZByT9CON6/NArUQKBgQCh4GFHCT3jLPHytJhN2A8jkBcnv2idzSPoix0X
-  SdnuPJpDjJvnwMO2DPFEkyVcOsDZ+yU1/1NQdbkSwfIz3KZ4ze5WRPAUVSx4H/Z0
-  RNhS16RylxXq4HNVyfHRUoXQ09KUHPIFiB0k3KQH7A0UenaDgXRXA27N8ud4kUvc
-  uBXfQQKBgED4T+86bin4nuM7gUb/iHiliHXV7yH4Ka3AufBojZZO4/XKT4Gn/EwB
-  k/nYlQsgRJeLeX+2tDHKTo7igIlEWyakgU0HbrG6bx/7E02w1omjyIYR+W81u2wL
-  TihulxXnOdVEXxz41v2eA4ZkN7469hzuYkAaj4PTbUY15jHkRRaw
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PrivateKey/v1
diff --git a/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml b/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml
deleted file mode 100644
index 0e18709fa..000000000
--- a/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: airsloop_crypt_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# Pass: airsloop123
-data: $6$AVL7yH1sLYlKqvcK$ngUiLKYZQhhj07Lb3ngWa4qVwDgUP9pCGfGFG7JIpF.6iStnfEMeySf8XusA0/3i9O5gMHE9hbg1/4GrFb5rR0
-...
diff --git a/site/airsloop/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/airsloop/secrets/passphrases/apiserver-encryption-key-key1.yaml
deleted file mode 100644
index 5346c0d09..000000000
--- a/site/airsloop/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: apiserver-encryption-key-key1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# head -c 32 /dev/urandom | base64
-data: bL2mHd9Sf5hQvZPuDncZRugYYqYyR3cGcZKVJ9wjswg=
-...
diff --git a/site/airsloop/secrets/passphrases/ceph_fsid.yaml b/site/airsloop/secrets/passphrases/ceph_fsid.yaml
deleted file mode 100644
index d3722c607..000000000
--- a/site/airsloop/secrets/passphrases/ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: d52a9d00-64b9-45f0-b564-08dffe95f847
-...
diff --git a/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml
deleted file mode 100644
index 58f477fce..000000000
--- a/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_swift_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml b/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml
deleted file mode 100644
index c720b8a59..000000000
--- a/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    name: ipmi-admin-password-site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/maas-region-key.yaml b/site/airsloop/secrets/passphrases/maas-region-key.yaml
deleted file mode 100644
index b60aba3c9..000000000
--- a/site/airsloop/secrets/passphrases/maas-region-key.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-region-key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# openssl rand -hex 10
-data: e12330cfe038735aee32
-...
diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml
deleted file mode 100644
index c4744d86b..000000000
--- a/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 670007e5b..000000000
--- a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
deleted file mode 100644
index a8e9170a7..000000000
--- a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_barbican_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_password.yaml
deleted file mode 100644
index 752af118b..000000000
--- a/site/airsloop/secrets/passphrases/osh_barbican_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index d88a5fecc..000000000
--- a/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml
deleted file mode 100644
index c7b383da3..000000000
--- a/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 0b7fdba72..000000000
--- a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
deleted file mode 100644
index b8e3fc8df..000000000
--- a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_cinder_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_password.yaml
deleted file mode 100644
index 2f2dfc57c..000000000
--- a/site/airsloop/secrets/passphrases/osh_cinder_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 336ade114..000000000
--- a/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml
deleted file mode 100644
index bd3637013..000000000
--- a/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 555b8ed17..000000000
--- a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
deleted file mode 100644
index 680166b62..000000000
--- a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_glance_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_password.yaml
deleted file mode 100644
index 37fe978c2..000000000
--- a/site/airsloop/secrets/passphrases/osh_glance_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 5d8e2c93f..000000000
--- a/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml
deleted file mode 100644
index d57fd59ac..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
deleted file mode 100644
index e4ddea6ae..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
deleted file mode 100644
index 398d5b110..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_password.yaml
deleted file mode 100644
index 823762226..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 672c49600..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml
deleted file mode 100644
index f3aa29b08..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_stack_user_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml
deleted file mode 100644
index 10f0edbf5..000000000
--- a/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_trustee_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml
deleted file mode 100644
index 684b6ca03..000000000
--- a/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_horizon_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
deleted file mode 100644
index 3a4afaaf2..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_elasticsearch_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml
deleted file mode 100644
index 65a7ff0d1..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
deleted file mode 100644
index 1d110224f..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
deleted file mode 100644
index c756fddbf..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_session_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml
deleted file mode 100644
index ab3a31095..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_nagios_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
deleted file mode 100644
index fb8b570bf..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_openstack_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
deleted file mode 100644
index afa5fb979..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
deleted file mode 100644
index a0879738b..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
deleted file mode 100644
index 35297f03b..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_prometheus_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
deleted file mode 100644
index 9f64719a0..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_access_key
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
deleted file mode 100644
index 3e06f913a..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_secret_key
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
deleted file mode 100644
index 97c7d2312..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_access_key
-...
diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
deleted file mode 100644
index 60f0134e0..000000000
--- a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_secret_key
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml
deleted file mode 100644
index 47fd23016..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml
deleted file mode 100644
index 6d9729244..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml
deleted file mode 100644
index 7b38466fa..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 803e42dab..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
deleted file mode 100644
index eab9ee70d..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 04fa2d674..000000000
--- a/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml
deleted file mode 100644
index e05dc7856..000000000
--- a/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 9a8d2dde0..000000000
--- a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
deleted file mode 100644
index c0f63b1c0..000000000
--- a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_neutron_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_password.yaml
deleted file mode 100644
index 7b264bf7e..000000000
--- a/site/airsloop/secrets/passphrases/osh_neutron_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 3d68cdf13..000000000
--- a/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/airsloop/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
deleted file mode 100644
index 37d5c627c..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_metadata_proxy_shared_secret
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml
deleted file mode 100644
index 888cdeb27..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 319c6fb54..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
deleted file mode 100644
index ed27e00a5..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_password.yaml
deleted file mode 100644
index 4ffee0d6b..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 5546e6884..000000000
--- a/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml
deleted file mode 100644
index f187b4548..000000000
--- a/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_cache_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml
deleted file mode 100644
index cc04ebdb6..000000000
--- a/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml
deleted file mode 100644
index 42be33deb..000000000
--- a/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
deleted file mode 100644
index e7d97e27c..000000000
--- a/site/airsloop/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_placement_password.yaml b/site/airsloop/secrets/passphrases/osh_placement_password.yaml
deleted file mode 100644
index 194c62fd3..000000000
--- a/site/airsloop/secrets/passphrases/osh_placement_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_placement_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index a3b5a2b69..000000000
--- a/site/airsloop/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/airsloop/secrets/passphrases/osh_tempest_password.yaml b/site/airsloop/secrets/passphrases/osh_tempest_password.yaml
deleted file mode 100644
index af90ec05b..000000000
--- a/site/airsloop/secrets/passphrases/osh_tempest_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_tempest_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml b/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml
deleted file mode 100644
index 138e2e7c5..000000000
--- a/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant_ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
deleted file mode 100644
index 98dc10d5b..000000000
--- a/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml
deleted file mode 100644
index 8c01bbf42..000000000
--- a/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml
deleted file mode 100644
index e264efbe5..000000000
--- a/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_armada_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml
deleted file mode 100644
index 86be06b50..000000000
--- a/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
deleted file mode 100644
index 4ce2c0dd7..000000000
--- a/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml
deleted file mode 100644
index c8967699a..000000000
--- a/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml
deleted file mode 100644
index 52f9e24dc..000000000
--- a/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml
deleted file mode 100644
index a501401dc..000000000
--- a/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml
deleted file mode 100644
index 45a0d2da9..000000000
--- a/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml
deleted file mode 100644
index 76c4bf7c1..000000000
--- a/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
deleted file mode 100644
index 57004eb9b..000000000
--- a/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml
deleted file mode 100644
index f9af87bd8..000000000
--- a/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml
deleted file mode 100644
index b0a1c51fe..000000000
--- a/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
deleted file mode 100644
index b1e792513..000000000
--- a/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_openstack_exporter_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml
deleted file mode 100644
index ef9c4a2f3..000000000
--- a/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml
deleted file mode 100644
index 00d02bb68..000000000
--- a/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml
deleted file mode 100644
index 14184ef31..000000000
--- a/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/airsloop/secrets/passphrases/ucp_postgres_exporter_password.yaml
deleted file mode 100644
index abdaa5bc4..000000000
--- a/site/airsloop/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/airsloop/secrets/passphrases/ucp_postgres_replication_password.yaml
deleted file mode 100644
index 452043e9f..000000000
--- a/site/airsloop/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml
deleted file mode 100644
index 6e9a80675..000000000
--- a/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_promenade_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 92241b944..000000000
--- a/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml
deleted file mode 100644
index bd73c90ba..000000000
--- a/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml
deleted file mode 100644
index ccc328a33..000000000
--- a/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: airsloop123
-...
diff --git a/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml b/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml
deleted file mode 100644
index deeee7611..000000000
--- a/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/PublicKey/v1
-metadata:
-  schema: metadata/Document/v1
-  name: airsloop_ssh_public_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCycUyxcb+AJIOyU2fzJ0C0tj7UnWZkIAstdPOpeuHQejhezFFT46w3CA9tvr/XlrLu6Rwk7E8qLJvBCGUuZnE0dkRgwgjv6irjy90jA3sY9pdW5h+MxrlbLVNXOEsZbHzEK3sU7WfCpAuIEcxmL+F5+0h73BCqKNG5IiJKApmzPvwYoOxc1BuWguVrFjHqEhYUjMkJwyNRXy6Sfm0MiOVcdF7uvgK7tf25mGUaoyGWJYKTSJCOJ4M535BN5n3G8amTP3fcna1Ig8Rn9yDkGF5obe5TPB7zKuLNMp2bZW5YkSIQFRpm1RDHypXqNa0Lmr4pQyKNL+Auoq852D++XH43 airsloop@airship
-...
diff --git a/site/airsloop/site-definition.yaml b/site/airsloop/site-definition.yaml
deleted file mode 100644
index 5ca82f786..000000000
--- a/site/airsloop/site-definition.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# High-level pegleg site definition file
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  # NEWSITE-CHANGEME: Replace with the site name
-  name: airsloop
-  storagePolicy: cleartext
-data:
-  # The type layer this site will delpoy with. Type layer is found in the
-  # type folder.
-  site_type: sloop
-...
diff --git a/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml b/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index 0aae163ae..000000000
--- a/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which calico etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis hostname - airsloop-control-1
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - airsloop-control-2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - airsloop-control-3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-airsloop-control-3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-airsloop-control-3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...
diff --git a/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml b/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index 92adb0048..000000000
--- a/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which k8s etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis Exception*
-    # *NOTE: This is an exception in that `genesis` is not the hostname of the
-    # genesis node, but `genesis` is reference here in the certificate names
-    # because of certain Promenade assumptions that may be addressed in the
-    # future. Therefore `genesis` is used instead of `airsloop-control-1` here.
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - airsloop-control-2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-airsloop-control-2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-airsloop-control-2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-airsloop-control-2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-airsloop-control-2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - airsloop-control-3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-airsloop-control-3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-airsloop-control-3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-airsloop-control-3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-airsloop-control-3-peer
-        path: $
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...
diff --git a/site/airsloop/software/charts/osh/ceph/ceph-client.yaml b/site/airsloop/software/charts/osh/ceph/ceph-client.yaml
deleted file mode 100644
index f0f3db0b0..000000000
--- a/site/airsloop/software/charts/osh/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: tenant-ceph-client
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: tenant-ceph-client-type
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          osd: 1
-...
diff --git a/site/airsloop/software/charts/ucp/divingbell.yaml b/site/airsloop/software/charts/ucp/divingbell.yaml
deleted file mode 100644
index f7fa6c7d9..000000000
--- a/site/airsloop/software/charts/ucp/divingbell.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-divingbell-global
-    actions:
-      - method: merge
-        path: .
-  labels:
-    name: ucp-divingbell-site
-  storagePolicy: cleartext
-  substitutions:
-    - dest:
-        path: .values.conf.uamlite.users[0].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: airsloop_ssh_public_key
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[0].user_crypt_passwd
-      src:
-        schema: deckhand/Passphrase/v1
-        name: airsloop_crypt_password
-        path: .
-data:
-  values:
-    manifests:
-      daemonset_ethtool: false
-      daemonset_mounts: false
-      daemonset_uamlite: true
-      daemonset_sysctl: false
-      daemonset_limits: false
-      daemonset_apt: true
-      daemonset_perm: false
-      daemonset_exec: true
-      daemonset_apparmor: false
-    conf:
-      uamlite:
-        users:
-          - user_name: ubuntu
-            user_sudo: true
-            user_sshkeys: []
-...
diff --git a/site/airsloop/software/config/common-software-config.yaml b/site/airsloop/software/config/common-software-config.yaml
deleted file mode 100644
index 5a87b97f1..000000000
--- a/site/airsloop/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# The purpose of this file is to define site-specific common software config
-# paramters.
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    # NEWSITE-CHANGEME: Replace with the site name
-    region_name: airsloop
-...
diff --git a/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml b/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
deleted file mode 100644
index b0cd5a169..000000000
--- a/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-# This file defines a boot action which is responsible for fetching the node's
-# promjoin script from the promenade API. This is the script responsible for
-# installing kubernetes on the node and joining the kubernetes cluster.
-# #GLOBAL-CANDIDATE#
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: promjoin-systemd-unit
-  storagePolicy: 'cleartext'
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: promjoin-systemd-unit
-    actions:
-      - method: replace
-        path: .assets
-  labels:
-    application: 'drydock'
-data:
-  signaling: false
-  # TODO(alanmeadows) move what is global about this document
-  assets:
-    - path: /opt/promjoin.sh
-      type: file
-      permissions: '555'
-      # The ip= parameter must match the MaaS network name of the network used
-      # to contact kubernetes. With a standard, reference Airship deployment where
-      # L2 networks are shared between all racks, the network name (i.e. calico)
-      # should be correct.
-      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
-      location_pipeline:
-        - template
-      data_pipeline:
-        - utf8_decode
-    - path: /lib/systemd/system/promjoin.service
-      type: unit
-      permissions: '600'
-      data: |-
-        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
-        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
-        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
-        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
-      data_pipeline:
-        - base64_decode
-        - utf8_decode
-...
diff --git a/site/seaworthy-virt/baremetal/nodes.yaml b/site/seaworthy-virt/baremetal/nodes.yaml
deleted file mode 100644
index 2662b552a..000000000
--- a/site/seaworthy-virt/baremetal/nodes.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: n1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  host_profile: cp-global
-  addressing:
-    - network: gp
-      address: 172.24.1.11
-  metadata:
-    boot_mac: '52:54:00:00:a3:31'
-    rack: rack1
-    tags:
-      - 'masters'
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: n2
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  host_profile: cp-global
-  addressing:
-    - network: gp
-      address: 172.24.1.12
-  metadata:
-    boot_mac: '52:54:00:1a:95:0d'
-    rack: rack1
-    tags:
-      - 'masters'
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: n3
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  host_profile: cp-secondary
-  addressing:
-    - network: gp
-      address: 172.24.1.13
-  metadata:
-    boot_mac: '52:54:00:31:c2:36'
-    rack: rack1
-    tags:
-      - 'masters'
-...
diff --git a/site/seaworthy-virt/deployment/deployment-configuration.yaml b/site/seaworthy-virt/deployment/deployment-configuration.yaml
deleted file mode 100644
index bfc6c0cbb..000000000
--- a/site/seaworthy-virt/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# The purpose of this file is to provide shipyard related deployment config
-# parameters. This should not require modification for a new site. However,
-# shipyard deployment strategies can be very useful in getting around certain
-# failures, like misbehaving nodes that hold up the deployment. See more at
-# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  physical_provisioner:
-    deployment_strategy: deployment-strategy
-    deploy_interval: 30
-    deploy_timeout: 3600
-    destroy_interval: 30
-    destroy_timeout: 900
-    join_wait: 0
-    prepare_node_interval: 30
-    prepare_node_timeout: 1800
-    prepare_site_interval: 10
-    prepare_site_timeout: 300
-    verify_interval: 10
-    verify_timeout: 60
-  kubernetes_provisioner:
-    drain_timeout: 3600
-    drain_grace_period: 1800
-    clear_labels_timeout: 1800
-    remove_etcd_timeout: 1800
-    etcd_ready_timeout: 600
-  armada:
-    get_releases_timeout: 300
-    get_status_timeout: 300
-    manifest: 'full-site'
-    post_apply_timeout: 7200
-    validate_design_timeout: 600
-...
diff --git a/site/seaworthy-virt/deployment/dev-configurables.yaml b/site/seaworthy-virt/deployment/dev-configurables.yaml
deleted file mode 100644
index 7a7d42f72..000000000
--- a/site/seaworthy-virt/deployment/dev-configurables.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: dev/Configurables/v1
-metadata:
-  schema: metadata/Document/v1
-  name: dev-configurables
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  hostcidr: 172.24.1.0/24
-...
diff --git a/site/seaworthy-virt/networks/common-addresses.yaml b/site/seaworthy-virt/networks/common-addresses.yaml
deleted file mode 100644
index 29470c774..000000000
--- a/site/seaworthy-virt/networks/common-addresses.yaml
+++ /dev/null
@@ -1,132 +0,0 @@
----
-# The purpose of this file is to define network related paramters that are
-# referenced elsewhere in the manifests for this site.
-#
-# TODO: Include bare metal host FQDN naming standards
-# TODO: Include ingress FQDN naming standards
-schema: pegleg/CommonAddresses/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-addresses
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  calico:
-    ip_autodetection_method: 'interface=ens3'
-    bgp:
-      ipv4:
-        ingress_vip: '172.24.1.6/32'
-        maas_vip: '172.24.1.5/32'
-        public_service_cidr: 'Nonsense'
-        peers:
-          - 'Nonsense'
-          - 'Nonsense'
-    ip_rule:
-      gateway: 'Nonsense'
-    etcd:
-      # etcd service IP address
-      service_ip: 10.96.232.136
-
-  dns:
-    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
-    cluster_domain: cluster.local
-    # DNS service ip
-    service_ip: 10.96.0.10
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    upstream_servers:
-      - 172.24.1.9
-      - 172.24.1.9
-      - 172.24.1.9
-    # Repeat the same values as above, but formatted as a common separated
-    # string
-    upstream_servers_joined: 172.24.1.9
-    ingress_domain: gate.local
-    node_domain: gate.local
-
-  genesis:
-    hostname: n0
-    ip: 172.24.1.10
-
-  proxy:
-    http: ""
-    https: ""
-    no_proxy: []
-
-  bootstrap:
-    ip: 172.24.1.10
-
-  kubernetes:
-    # K8s API service IP
-    api_service_ip: 10.96.0.1
-    # etcd service IP
-    etcd_service_ip: 10.96.0.2
-    # k8s pod CIDR (network which pod traffic will traverse)
-    pod_cidr: 10.97.0.0/16
-    # k8s service CIDR (network which k8s API traffic will traverse)
-    service_cidr: 10.96.0.0/16
-    # misc k8s port settings
-    apiserver_port: 6443
-    haproxy_port: 6553
-    service_node_port_range: 30000-32767
-
-  # etcd port settings
-  etcd:
-    container_port: 2379
-    haproxy_port: 2378
-
-  masters:
-    - hostname: n1
-    - hostname: n2
-    - hostname: n3
-
-  node_ports:
-    drydock_api: 30000
-    maas_api: 30001
-    maas_proxy: 31800  # hardcoded in MAAS
-
-  vip:
-    ingress_vip: '172.24.1.6/32'
-    maas_vip: '172.24.1.5/32'
-
-  ntp:
-    # comma separated NTP server list. Verify that these upstream NTP servers are
-    # reachable in your environment; otherwise update them with the correct
-    # values for your environment.
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
-
-  # NOTE: This will be updated soon
-  ldap:
-    base_url: 'ldap.example.com'
-    url: 'ldap://ldap.example.com'
-    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
-    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
-    # relevant for this deployment (test users vs prod users/values, etc)
-    common_name: test
-    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
-    # deployment (test vs prod values, etc)
-    subdomain: test
-    # NEWSITE-CHANGEME: Update to the correct domain for your type of
-    # deployment (test vs prod values, etc)
-    domain: example
-
-  storage:
-    ceph:
-      public_cidr: 172.24.1.0/24
-      cluster_cidr: 172.24.1.0/24
-
-  neutron:
-    tunnel_device: 'ens3'
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'ens3'
-
-  openvswitch:
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'ens3'
-...
diff --git a/site/seaworthy-virt/networks/physical/networks.yaml b/site/seaworthy-virt/networks/physical/networks.yaml
deleted file mode 100644
index 6eb0a24d8..000000000
--- a/site/seaworthy-virt/networks/physical/networks.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: gp
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: gp
-  allowed_networks:
-    - gp
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: gp
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  mtu: 1500
-  cidr: 172.24.1.0/24
-  ranges:
-    - type: dhcp
-      start: 172.24.1.100
-      end: 172.24.1.200
-  routes:
-    - subnet: 0.0.0.0/0
-      gateway: 172.24.1.1
-      metric: 10
-  dns:
-    domain: gate.local
-    servers: '172.24.1.9'
-...
diff --git a/site/seaworthy-virt/networks/physical/unused_networks.yaml b/site/seaworthy-virt/networks/physical/unused_networks.yaml
deleted file mode 100644
index 6301de3b4..000000000
--- a/site/seaworthy-virt/networks/physical/unused_networks.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.1.0/24
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: pxe
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.2.0/24
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oam
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.3.0/24
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: storage
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.4.0/24
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: calico
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.5.0/24
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: overlay
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  cidr: 192.168.6.0/24
-...
diff --git a/site/seaworthy-virt/pki/pki-catalog.yaml b/site/seaworthy-virt/pki/pki-catalog.yaml
deleted file mode 100644
index d93e81ead..000000000
--- a/site/seaworthy-virt/pki/pki-catalog.yaml
+++ /dev/null
@@ -1,279 +0,0 @@
----
-# The purpose of this file is to define the PKI certificates for the environment
-#
-# NOTE: When deploying a new site, this file should not be configured until
-# baremetal/nodes.yaml is complete.
-#
-schema: promenade/PKICatalog/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-certificates
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  certificate_authorities:
-    kubernetes:
-      description: CA for Kubernetes components
-      certificates:
-        - document_name: apiserver
-          description: Service certificate for Kubernetes apiserver
-          common_name: apiserver
-          hosts:
-            - localhost
-            - 127.0.0.1
-            - 10.96.0.1
-          kubernetes_service_names:
-            - kubernetes.default.svc.cluster.local
-        - document_name: kubelet-genesis
-          common_name: system:node:n0
-          hosts:
-            - n0
-            - 172.24.1.10
-          groups:
-            - system:nodes
-        - document_name: kubelet-n0
-          common_name: system:node:n0
-          hosts:
-            - n0
-            - 172.24.1.10
-          groups:
-            - system:nodes
-        - document_name: kubelet-n1
-          common_name: system:node:n1
-          hosts:
-            - n1
-            - 172.24.1.11
-          groups:
-            - system:nodes
-        - document_name: kubelet-n2
-          common_name: system:node:n2
-          hosts:
-            - n2
-            - 172.24.1.12
-          groups:
-            - system:nodes
-        - document_name: kubelet-n3
-          common_name: system:node:n3
-          hosts:
-            - n3
-            - 172.24.1.13
-          groups:
-            - system:nodes
-
-        # End node list
-        - document_name: scheduler
-          description: Service certificate for Kubernetes scheduler
-          common_name: system:kube-scheduler
-        - document_name: controller-manager
-          description: certificate for controller-manager
-          common_name: system:kube-controller-manager
-        - document_name: admin
-          common_name: admin
-          groups:
-            - system:masters
-        - document_name: armada
-          common_name: armada
-          groups:
-            - system:masters
-    kubernetes-etcd:
-      description: Certificates for Kubernetes's etcd servers
-      certificates:
-        - document_name: apiserver-etcd
-          description: etcd client certificate for use by Kubernetes apiserver
-          common_name: apiserver
-        # NOTE(mark-burnett): hosts not required for client certificates
-        - document_name: kubernetes-etcd-anchor
-          description: anchor
-          common_name: anchor
-        - document_name: kubernetes-etcd-genesis
-          common_name: kubernetes-etcd-genesis
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n0
-          common_name: kubernetes-etcd-n0
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n1
-          common_name: kubernetes-etcd-n1
-          hosts:
-            - n1
-            - 172.24.1.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n2
-          common_name: kubernetes-etcd-n2
-          hosts:
-            - n2
-            - 172.24.1.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n3
-          common_name: kubernetes-etcd-n3
-          hosts:
-            - n3
-            - 172.24.1.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-
-    kubernetes-etcd-peer:
-      certificates:
-        - document_name: kubernetes-etcd-genesis-peer
-          common_name: kubernetes-etcd-genesis-peer
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n0-peer
-          common_name: kubernetes-etcd-n0-peer
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n1-peer
-          common_name: kubernetes-etcd-n1-peer
-          hosts:
-            - n1
-            - 172.24.1.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n2-peer
-          common_name: kubernetes-etcd-n2-peer
-          hosts:
-            - n2
-            - 172.24.1.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-n3-peer
-          common_name: kubernetes-etcd-n3-peer
-          hosts:
-            - n3
-            - 172.24.1.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-    calico-etcd:
-      description: Certificates for Calico etcd client traffic
-      certificates:
-        - document_name: calico-etcd-anchor
-          description: anchor
-          common_name: anchor
-        - document_name: calico-etcd-genesis
-          common_name: calico-etcd-genesis
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n0
-          common_name: calico-etcd-n0
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n1
-          common_name: calico-etcd-n1
-          hosts:
-            - n1
-            - 172.24.1.11
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n2
-          common_name: calico-etcd-n2
-          hosts:
-            - n2
-            - 172.24.1.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n3
-          common_name: calico-etcd-n3
-          hosts:
-            - n3
-            - 172.24.1.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node
-          common_name: calcico-node
-    calico-etcd-peer:
-      description: Certificates for Calico etcd clients
-      certificates:
-        - document_name: calico-etcd-genesis-peer
-          common_name: calico-etcd-genesis-peer
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n0-peer
-          common_name: calico-etcd-n0-peer
-          hosts:
-            - n0
-            - 172.24.1.10
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n1-peer
-          common_name: calico-etcd-n1-peer
-          hosts:
-            - n1
-            - 172.24.1.11
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n2-peer
-          common_name: calico-etcd-n2-peer
-          hosts:
-            - n2
-            - 172.24.1.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-n3-peer
-          common_name: calico-etcd-n3-peer
-          hosts:
-            - n3
-            - 172.24.1.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node-peer
-          common_name: calcico-node-peer
-  keypairs:
-    - name: service-account
-      description: Service account signing key for use by Kubernetes controller-manager.
-...
diff --git a/site/seaworthy-virt/profiles/genesis.yaml b/site/seaworthy-virt/profiles/genesis.yaml
deleted file mode 100644
index 5947feb92..000000000
--- a/site/seaworthy-virt/profiles/genesis.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-# The purpose of this file is to apply proper labels to Genesis node so the
-# proper services are installed and proper configuration applied. This should
-# not need to be changed for a new site.
-# #GLOBAL-CANDIDATE#
-schema: promenade/Genesis/v1
-metadata:
-  schema: metadata/Document/v1
-  name: genesis-site
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: genesis-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  labels:
-    dynamic:
-      - beta.kubernetes.io/fluentd-ds-ready=true
-      - calico-etcd=enabled
-      - ceph-mds=enabled
-      - ceph-mon=enabled
-      - ceph-osd=enabled
-      - ceph-rgw=enabled
-      - ceph-mgr=enabled
-      - ceph-bootstrap=enabled
-      - tenant-ceph-control-plane=enabled
-      - tenant-ceph-mon=enabled
-      - tenant-ceph-rgw=enabled
-      - tenant-ceph-mgr=enabled
-      - kube-dns=enabled
-      - kube-ingress=enabled
-      - kubernetes-apiserver=enabled
-      - kubernetes-controller-manager=enabled
-      - kubernetes-etcd=enabled
-      - kubernetes-scheduler=enabled
-      - promenade-genesis=enabled
-      - ucp-control-plane=enabled
-      - maas-rack=enabled
-      - maas-region=enabled
-      - ceph-osd-bootstrap=enabled
-      - openstack-control-plane=enabled
-      - openvswitch=enabled
-      - openstack-l3-agent=enabled
-      - node-exporter=enabled
-      - fluentd=enabled
-...
diff --git a/site/seaworthy-virt/profiles/hardware/generic_vm.yaml b/site/seaworthy-virt/profiles/hardware/generic_vm.yaml
deleted file mode 100644
index 530ac91d5..000000000
--- a/site/seaworthy-virt/profiles/hardware/generic_vm.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: 'drydock/HardwareProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: GenericVM
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  vendor: 'Dell'
-  generation: '1'
-  hw_version: '2'
-  bios_version: '2.2.3'
-  boot_mode: 'bios'
-  bootstrap_protocol: 'pxe'
-  pxe_interface: 0
-  device_aliases:
-    pnic01:
-      bus_type: 'pci'
-      dev_type: 'Intel 10Gbps NIC'
-      address: '0000:00:03.0'
-...
diff --git a/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml b/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
deleted file mode 100644
index df838a71f..000000000
--- a/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
+++ /dev/null
@@ -1,173 +0,0 @@
----
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cp-global
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: cp-global
-    actions:
-      - method: replace
-        path: .storage
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .platform.kernel_params
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  hardware_profile: 'GenericVM'
-  primary_network: 'gp'
-  oob:
-    type: 'libvirt'
-    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
-  storage:
-    physical_devices:
-      vda:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '20g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  interfaces:
-    ens3:
-      device_link: 'gp'
-      slaves:
-        - 'ens3'
-      networks:
-        - 'gp'
-  platform:
-    kernel_params:
-      kernel_package: 'linux-image-4.15.0-34-generic'
-...
----
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cp-secondary
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: cp-global
-    actions:
-      - method: replace
-        path: .storage
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .platform.kernel_params
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  hardware_profile: 'GenericVM'
-  primary_network: 'gp'
-  oob:
-    type: 'libvirt'
-    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
-  storage:
-    physical_devices:
-      vda:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '20g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  interfaces:
-    ens3:
-      device_link: 'gp'
-      slaves:
-        - 'ens3'
-      networks:
-        - 'gp'
-  platform:
-    kernel_params:
-      kernel_package: 'linux-image-4.15.0-34-generic'
-
-  metadata:
-    owner_data:
-      control-plane: enabled
-      ucp-control-plane: enabled
-      openstack-control-plane: enabled
-      openstack-heat: enabled
-      openstack-keystone: enabled
-      openstack-rabbitmq: enabled
-      openstack-dns-helper: enabled
-      openstack-mariadb: enabled
-      openstack-nova-control: enabled
-      # openstack-etcd: enabled
-      openstack-mistral: enabled
-      openstack-memcached: enabled
-      openstack-glance: enabled
-      openstack-horizon: enabled
-      openstack-cinder-control: enabled
-      openstack-cinder-volume: control
-      openstack-neutron: enabled
-      openvswitch: enabled
-      ucp-barbican: enabled
-      # ceph-mon: enabled
-      ceph-mgr: enabled
-      ceph-osd: enabled
-      ceph-mds: enabled
-      ceph-rgw: enabled
-      ucp-maas: enabled
-      kube-dns: enabled
-      tenant-ceph-control-plane: enabled
-      # tenant-ceph-mon: enabled
-      tenant-ceph-rgw: enabled
-      tenant-ceph-mgr: enabled
-      kubernetes-apiserver: enabled
-      kubernetes-controller-manager: enabled
-      # kubernetes-etcd: enabled
-      kubernetes-scheduler: enabled
-      tiller-helm: enabled
-      # kube-etcd: enabled
-      calico-policy: enabled
-      calico-node: enabled
-      # calico-etcd: enabled
-      ucp-armada: enabled
-      ucp-drydock: enabled
-      ucp-deckhand: enabled
-      ucp-shipyard: enabled
-      IAM: enabled
-      ucp-promenade: enabled
-      prometheus-server: enabled
-      prometheus-client: enabled
-      fluentd: enabled
-      influxdb: enabled
-      kibana: enabled
-      elasticsearch-client: enabled
-      elasticsearch-master: enabled
-      elasticsearch-data: enabled
-      postgresql: enabled
-      kube-ingress: enabled
-      beta.kubernetes.io/fluentd-ds-ready: 'true'
-      node-exporter: enabled
-...
diff --git a/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml b/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
deleted file mode 100644
index 63ba91f6a..000000000
--- a/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-schema: 'drydock/HostProfile/v1'
-metadata:
-  name: gate-vm-dp
-  schema: 'metadata/Document/v1'
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  hardware_profile: 'GenericVM'
-  primary_network: 'gp'
-  oob:
-    type: 'libvirt'
-    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
-  storage:
-    physical_devices:
-      vda:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '20g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  interfaces:
-    ens3:
-      device_link: 'gp'
-      slaves:
-        - 'ens3'
-      networks:
-        - 'gp'
-  platform:
-    image: 'xenial'
-    kernel: 'hwe-16.04'
-  metadata:
-    tags:
-      - 'foo'
-    owner_data:
-      openstack-nova-compute: enabled
-      openvswitch: enabled
-      # sriov: enabled
-      contrail-vrouter: kernel
-      openstack-libvirt: kernel
-      beta.kubernetes.io/fluentd-ds-ready: 'true'
-      node-exporter: enabled
-      fluentbit: enabled
-      tenant-ceph-osd: enabled
-...
diff --git a/site/seaworthy-virt/profiles/region.yaml b/site/seaworthy-virt/profiles/region.yaml
deleted file mode 100644
index 861be487c..000000000
--- a/site/seaworthy-virt/profiles/region.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# The purpose of this file is to define the drydock Region, which in turn drives
-# the MaaS region.
-schema: 'drydock/Region/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: seaworthy-virt
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - dest:
-        # Add/replace the first item in the list
-        path: .authorized_keys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        # This should match the "name" metadata of the SSH key which will be
-        # substituted, located in site/airship-seaworthy/secrets folder.
-        name: airship_ubuntu_ssh_public_key
-        path: .
-    - dest:
-        path: .repositories.main_archive
-      src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.repositories.main_archive
-data:
-  tag_definitions: []
-  # This is the list of SSH keys which MaaS will register for the built-in
-  # "ubuntu" account during the PXE process. This list is populated by
-  # substitution, so the same SSH keys do not need to be repeated in multiple
-  # manifests.
-  authorized_keys: []
-  repositories:
-    remove_unlisted: true
-...
diff --git a/site/seaworthy-virt/secrets/certificates/certificates.yaml b/site/seaworthy-virt/secrets/certificates/certificates.yaml
deleted file mode 100644
index e7b1c589a..000000000
--- a/site/seaworthy-virt/secrets/certificates/certificates.yaml
+++ /dev/null
@@ -1,2784 +0,0 @@
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSDCCAjCgAwIBAgIUCQVz/8ONRyMvXQYrD2ZR7oKlzZMwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yNDA0MzAyMTE2MDBaMCoxEzARBgNVBAoTCkt1YmVy
-  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDKqbIQ5kNXN/B3yILfwhjshIu8++rpkrPGFA642pgf9cN2m6ju
-  QL++gOMBV5fisLSHgCxzX9g1efsGj9sFjXeFCJJBHVeiBeIiX/f9GD6gwpeaSSRz
-  Lu205HcL8Nj7zRefSVR2OEzclT1otj7POL0X9eVtD8B9Tz4oMXt5HzmXQ/0VcvOL
-  4xwQiRS3IUEkT7JUYimplb5fn37N+dEC+6dIUvWnarO0OKsB19iv9ASfjzj4HHRl
-  nIk/VPvXT0DbL57lNAxKJ3t84cflGvWkd2hQbKRM/ghKbvgE3WoXohQ8UoinWIu8
-  biQGZL77Y2lYX6AFK+XqFJhelCESJPAnoPL5AgMBAAGjZjBkMA4GA1UdDwEB/wQE
-  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQKZgnvLoc613L6vedD
-  eGE0LM9qIjAfBgNVHSMEGDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjANBgkqhkiG
-  9w0BAQsFAAOCAQEAh6cV4+Q0siYqCrmADSOWG4J1uLp945Fc+bW55eTsYxXLTelf
-  K2anriWU2F89Nzt76wAIHXIrufD5hN8ACnUfc5doMfoOV24u4LaRBt1VO8KmIkHT
-  yEs/O7pVcHF6UZxMeOQr/KOk+Fm6O+XO0RWZlgJtSJN1SMgL0EsJxzjc22Je/04N
-  oyOT9APARFBo/7RmkVNDz2pJYRwgsbZE9rdrRrmTncVV+mDB4EGS4TDglbJ6Yd0d
-  je8nxp1WL9EHikRpRL+esGjW3AsWZUdCXvuPKMbjeTk5LmCXxBraHoRkcj+axfr2
-  Dkw09jCqU5Y2M2SOWv0zpwx1ZqcecSYdRYANHw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUjCCAjqgAwIBAgIUO8crfH8g37+Ycsfg8I+48deMSqkwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTI0MDQzMDIxMTYwMFowLzETMBEGA1UEChMK
-  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLbWUDLyDRJLpPZoPG6CiMRJl3sd+vY3UyH2
-  GDodKWZvWt7Rr/aaFp7nlbBjauevnVlzme3TZMiHjAzWomph60eqvRnc7LDUKSNf
-  oz9O33IK9FrUoiVyFeVjJdpsOtD8n7SHY+cVSS65gHWa/SsRehyChwv99mkoDIHm
-  DQyJdY2FcBuxq0yPavd7CbLKqG2TaarCISejpFGAp2AM2FyM1zFT5aevabmR6poQ
-  1IS1s8Aeo5t0c3ixrYLerz5TCR9USXEXeldy7Lj1hfnBYkxtTzY5JrmwTfdCotQL
-  XIRpF8E5YdpFFjb9cQuv1uhjj4W7CbkltaSrMRhQRmrYfO/TawIDAQABo2YwZDAO
-  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU43OY
-  94PlLN3mex/BeMwsM4kbuzkwHwYDVR0jBBgwFoAU43OY94PlLN3mex/BeMwsM4kb
-  uzkwDQYJKoZIhvcNAQELBQADggEBACeESuhun+h4SoeUJgfX6hxuSaH5zHDmeEZZ
-  7/l6k5l8yK68BRHt9Ed//hIpFQ5OMyTlNA9Xkuo50qh44Kk2deSsZ56g7eLiXSHt
-  H1BnD8GT6zt6270RmsMg/JUFOkkAwVM8tTPn5K7oopuKhtzC2g1WggHh5KNuYO13
-  jYP5is4x7GA8KH8Ldu2tqpAsFYkJY+67QVIx1L0PvMpXOAaCgpcrQqYI5DPlOCU6
-  3w+sQlPVBsMd0LR8TBeu2yWdBlNNp9AaU6ZBMl160+7YXfZ5p9FL5FM/xubBWW9S
-  4IVggeduTd3r6GlEQrzarSr8jAgbliqctOB8B4mpTTJXL5Rzk1I=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDXDCCAkSgAwIBAgIUWVMdYbG38/6j4Lm7UDtDZGl4r8QwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjQwNDMwMjExNjAwWjA0MRMwEQYD
-  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
-  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOR8HkZ2Y5WNZOvz4/Oq0b9w
-  J6I2twQJmrhlgcNLF6qm2FKXhb7kj1Dzrwswfq8wGWEDiyMO0UpLe++AgC8DzcLG
-  8gtkiBMxN5gV25uqHDJUzrVybX5HB2kyT3YCfF32ZdAPy3zPLf6LCTT3FzapORRY
-  sBcOrtpHTe7WJct8jR7kDynSoWI2LEVqqf+dbyjliMEWWXZrhEtOuJFnK88VsyYq
-  IniPkBfVFJ7wQmKZdJuS0o73LV4G8Kf2DKUBk+Qv/+q6NXPFqL58Ex0EyIrxNAUm
-  cS1ddfqSJGd38tiwjZTaJrHthwgwYVATZ9pjgfHJF8PTtNm4ktGUGzcAmUxhYJcC
-  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
-  VR0OBBYEFHymZ4KhybMyT5d07GGPS7MCVqKJMB8GA1UdIwQYMBaAFHymZ4KhybMy
-  T5d07GGPS7MCVqKJMA0GCSqGSIb3DQEBCwUAA4IBAQBE03aufRuJrpFGFrKWTwhY
-  HJqKCFhef2nHiGdWnIXwt04G+e/QaY4mvnUZVKUW6hv5mvC0eoWdesJ0yjEXfTni
-  yBGgxCsdzsdb68FpKVIDYZj1XzIW9skXOJgX7J7Dl1unakK9oGyY3yIwP6IjC3/3
-  DRds9ZOc4uoA5QbgQOyp4fNfw7E3bUShVdT6x6in2wIQxzGqDhnS6972OFxhGYeJ
-  +u7OniIeXFsEzNY6fprPmcgTqguOu6YJkR3MBiVm/2i7VTA7s77+uox1fK0L/5qN
-  ba6jLTTSA7y/donjtJpMU6GLxVvXy3O9/m9Vz42xSavwqVIycENQDQEQl6iXoZzp
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSjCCAjKgAwIBAgIUa3AsypIQhM0UgOLRlQKA9xCoNiUwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjQwNDMwMjExNjAwWjArMRMwEQYDVQQKEwpLdWJl
-  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBALj2/iGDeHav8GVjBk0P+/qRPuZxo/qKMeNV5oBeLU3DPmJt
-  6vGsWGzCI3g2ZreNQsfIHDEiLda1YemTBwyiYk3Uv17loHXuxnA6/9qqqUeS+lY8
-  DcZg6eCVrvnVQiczHfYAk6rDN/V6vLHJAv53yhpqQ1lqt4xEp04LbXP5fNKkPmN+
-  l6gtdJ/eaH2q+pniWUuJ5qDY4TRk2foCL9mJLQ6HPF8RUxL2CQ6jphTDv6c6AmN8
-  /g7ol4rNkiYOx13RncqpBU3t8nbHnBa9zRUW45HhJLN+dbBAgdEmv+SJjAYO+rpA
-  KHZHsc1sW0+W2wnjkVEoPkK+4aB9QiGo3U/RWvkCAwEAAaNmMGQwDgYDVR0PAQH/
-  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKGnqGJfvLi+vKm5
-  zxVBcToZ9HTVMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ9HTVMA0GCSqG
-  SIb3DQEBCwUAA4IBAQAcD+nHhxybGLiJtUEbiP2ddPELjbxf2B4iBMkwYbzkxYjA
-  bJCLoZjcQAV+XgozCZSySrIsZpLoRKucuEG/SCEsA02wJZUW1rdaTlxUYSwXpv28
-  Vwgb8cZtiKprSZ/5q/1bso/2nhUnT9wyFKFeoYXsh0co3ZbxGQFEoMM9sAef1IJh
-  ypt+xYe2ka2gtKWlHwCYCLvcghuXtygv/WpE16gxkxtfGiUwBP7MH9mCWY0hLISm
-  S2THS7Kk1yfwyS5ID4ohK6UeL4Ewwr131O+JC/Tqv3SFlzKPiQC6cDIY7t/K7LxO
-  GoUBf0NOCse8nVyFVJufyDQjXjCNYUOgbLje1Rup
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVDCCAjygAwIBAgIUFsUpSoDtSZ+JcMMoqIPUGc2+MVowDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yNDA0MzAyMTE2MDBaMDAxEzARBgNVBAoT
-  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
-  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHcdjBDa426WvCKmV3iNROiJ/dd+x1K5Sz
-  qtisx5YE+WKI9OHApsfMnFJWd0N5T8bZ6Te/cGIKmnUbLsA/FQhd12qwVoeJ8H9M
-  uIBa25WSH9LhYC8qTOqrUbr3B/nyRE1TuC9vgyOePClSmnhy5Ml9/kPm+UJIp49k
-  oG4eICHzFLpMBefa3MAB5nthYka1lzY4UO4An8toO3XQPb1Ibvel3hWi98gRE9rn
-  Ja3UkyL/2KzEtPnZYjSmASNI4+duABD96Y4fKG/U3w0YYgWSHGnw1NP7cikjvZH5
-  X8zfv7isCJwVqQSrbPsZz7WJVks32M9IUwsEluXNZE2KohbeEF/NAgMBAAGjZjBk
-  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRj
-  iKCZ10uDu8enjSUsGyEakhWmUTAfBgNVHSMEGDAWgBRjiKCZ10uDu8enjSUsGyEa
-  khWmUTANBgkqhkiG9w0BAQsFAAOCAQEAQfRILnEUGIckGtW3YAgI6kwH3yqK0wUL
-  1Sz6x3743ZNP3u+ZK7lNmcb7UrWK6f4QcKEUUiVNq0rb7E4Ib1trtGRQRKiL44gZ
-  aGs/UTPBqAdl+3VoIJayP2SQaU4bbyl5/sV8BQajMrCK9YbXNlcEQW+rH3ObRiIv
-  hdDHBykRaVM9GsX9m2MQWfwR6Ei3V09O37oezzlL4aq00ddWd/IJr4gAANydFTDT
-  8l1IHIhJJ3ChuHB4IkZGTc1WHnp5dAK92L0scffzyeN4scJr32XK6Ayki7KFxCd7
-  2SgaaHagiOdIYN60V+eQ2Jr87lB/ce9HCgDRsNFGbiK+eZSEfWlyBg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAyqmyEOZDVzfwd8iC38IY7ISLvPvq6ZKzxhQOuNqYH/XDdpuo
-  7kC/voDjAVeX4rC0h4Asc1/YNXn7Bo/bBY13hQiSQR1XogXiIl/3/Rg+oMKXmkkk
-  cy7ttOR3C/DY+80Xn0lUdjhM3JU9aLY+zzi9F/XlbQ/AfU8+KDF7eR85l0P9FXLz
-  i+McEIkUtyFBJE+yVGIpqZW+X59+zfnRAvunSFL1p2qztDirAdfYr/QEn484+Bx0
-  ZZyJP1T7109A2y+e5TQMSid7fOHH5Rr1pHdoUGykTP4ISm74BN1qF6IUPFKIp1iL
-  vG4kBmS++2NpWF+gBSvl6hSYXpQhEiTwJ6Dy+QIDAQABAoIBAQCxR+qVb+f+dteq
-  4MLjW9YTqArZIYGoGwWZw1fxin7CjmkS6y3GZOuWiQaK2QXrbmotkgjQUEpA1Viq
-  r9KHM+4WeJ3/ydwrxnu/WDYFt1ypoi+d7letTqLvt18QGfqlog4E78+rrqpF12Ml
-  oy6kdNytBhRQ6BOZSmV0IX0CQjdNwsIjxVmZTBgTfcBcciMSARg4eCZGajMqOm2E
-  QJFiN7cGe07sfXBp/wfZwRlAYADSAFgJfqqrssXpb8fnEaY1uPRkNzE6WuVB6bsj
-  +hm7ZwfElApEqHptgn6zC2pKVDtPiK88K5mdRh6+sb46/AGh3xhMrrcyAuyqjiax
-  GkUl/oIBAoGBAM3BzWJtOnPH5/qn+EPs2lRTgjh18Fe43yP+hMDyPfbRu8MPOrVd
-  1ER+WwmLMOFhmfyKpcyxjkf/xc5LYqpfEYOjwGSnAFCB7bi0npEjw1jTM9umWBVp
-  FKD5fUzsOaM9usDPd3NYdXg9FnjauEiiib+G2fwxcFooDV9i8YGrFCHBAoGBAPwm
-  eNbYTXCbFtIcZwVaIKSk9e+JvzIAc2Xy2sPdBq9cAZuK39SB82Fn9nPareK9D9hz
-  hkGzqkr/+Pw+gjOdEmkzDE8RKvcbIIM/ctVWiqbOqL4JtgPbpXmNEc+LEtKHrYmQ
-  cjbtBG/7OjO6CI5DBoAgHwQquXW3aL0bLP3Esy85AoGBAI+XOGYAJFK4p8PdhPyi
-  Rpuiy7XrWJdfhRnxfWPJqkSdiZNPBYGcwY4rQA0g/jPLkVMUzzBSmSDV9o1JPsn3
-  HpnnpVSY1zdX9TZ5lk9jzegnPIGFTONkOek9M5yDHpY1dicoogv1J8WJnC0rNoA6
-  LjdjPK0rM2U3nl17B1+erKYBAoGBALdvUYeS0jtySBbQnM3S9F5yt4vsnNBGba0k
-  EKxelidqeqzqSc1yQFmDZVKBKvEBc46W9HvFtcRcFYmD+/qKcUNg5Lp8ldIwxOVW
-  ejbjf3i8bRvbOrPxzZ7w1p0y4p2QINor4Ds/EHRawsuwsdq0vfzl4UqJvmP56tNv
-  +roep/BZAoGATU3JtrRUti1y5ayuNrGHWRVVHaRKGSlioqflkPWColL03J1x4QP8
-  rB1kTA2aPPhquI7Y6YtNujXaUnCPwkevkmPFkwtoF1mduwQ/zguRpeg/MwhgLEcj
-  CeST5ur0G4YqX9fcNqGS12DCSgSsbXrhNNvvBYXXFceMnatwE2rBhVs=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAuLbWUDLyDRJLpPZoPG6CiMRJl3sd+vY3UyH2GDodKWZvWt7R
-  r/aaFp7nlbBjauevnVlzme3TZMiHjAzWomph60eqvRnc7LDUKSNfoz9O33IK9FrU
-  oiVyFeVjJdpsOtD8n7SHY+cVSS65gHWa/SsRehyChwv99mkoDIHmDQyJdY2FcBux
-  q0yPavd7CbLKqG2TaarCISejpFGAp2AM2FyM1zFT5aevabmR6poQ1IS1s8Aeo5t0
-  c3ixrYLerz5TCR9USXEXeldy7Lj1hfnBYkxtTzY5JrmwTfdCotQLXIRpF8E5YdpF
-  Fjb9cQuv1uhjj4W7CbkltaSrMRhQRmrYfO/TawIDAQABAoIBAGaieTzAwgwPUWbM
-  36hMg015O6bm6waqTp1rrnFRwShi2Zb1Xi/W51GQY/+hrewV5leY/4nVQvOqFN71
-  t0ExuUzhWnaOa1o8+vYMyLRNlgbEOGAEJEggZF7UQZ4j2qVnwCcBSYVyPjqWss41
-  CrSHfMOMGd7uA+QqE+23M9umTq64zWCaJ7W4//4HLHqYonXDHs7rgkMx28a8Pqs9
-  XDBV8VDQZX6UJXelAZHW53WI9sVA2/l9+2NFgq/G3/qpIxYWAfOePzBTCqv00I3l
-  J/cYXdPjgjXLrJ6FmkDB9uvk3Sh/Fy7/FfwsFddoXXImFanBd9OxR383s9x/sy8j
-  GxT5jnkCgYEA07LsSfYVyyD9P0VQtULCELTl5RclN6tLci2By5pkrpfyuQRFP9yw
-  XmtTKZskixPvFnTWM5OzzZCmnu/Bqpw79AWUlVwCylHtq2MICM2BgFZCTcP7Y0Dl
-  UEUlCOSnay8J4Z7oxaBz6iWAab4mxMOvoAlGWMyI7/H4iaFG37zX3BcCgYEA315L
-  7IVTvyglych+s92/Gzy+DM2wy7twqirn/torHqwdPsIwBdWOCGdoE3YVmK2yTUr3
-  64NhcalCzi4z5DUeNBHVgCrJTv/ZEmzcRCeLBdtslTkZGTPx4IyZzVtmZrX24DUf
-  tOhmn3FvRinUIb1MGBVI6fgqU0cHbQ/iEDAkM80CgYEApNg2VoFhBwNxL8txxTNu
-  mkPCoFkdifPAk/ALmddnfuyi/J7urYPTcjJwV32PPx0Ol5XzFcZ1xCRXGnvnekqe
-  BK4zvPog0hppz4MVxoT/ykdg6d0p62elKJQu+nXSSAwgzadH6lu+5xy8mZqP5bfb
-  Eesm9A6QswbgWYtT/PS3wZECgYEAgFzSSOP90pah0Kn1livSjTaFCRqThSD8h+4M
-  UHrT2NaUH+K8cj3dV5sFRlnP42O+WYjBnIht0UGx8IbAr16PMuEkznjIIywIdPw2
-  QLxwujb02XRspf0h/ScPo+HooRHlA8fDptT/VJV9mtai35jHR/fDZSGGQUFKVTSR
-  dzgTNekCgYEAqzRwxe+/KoEGH04x1/CC0AsDrsbdonfeUSbocIE4GrfgRw+jGwwL
-  JuhhWJOZFsm89c/G9H94NgOdioecpLSNTw48b/0janUxKvOq0RJN0Mk90Z9BlmYj
-  +kUYlehcossSK2tXywxhV9omz0F1WvZB5XPaZRy+/YUCmcp13HAeVwQ=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA5HweRnZjlY1k6/Pj86rRv3Anoja3BAmauGWBw0sXqqbYUpeF
-  vuSPUPOvCzB+rzAZYQOLIw7RSkt774CALwPNwsbyC2SIEzE3mBXbm6ocMlTOtXJt
-  fkcHaTJPdgJ8XfZl0A/LfM8t/osJNPcXNqk5FFiwFw6u2kdN7tYly3yNHuQPKdKh
-  YjYsRWqp/51vKOWIwRZZdmuES064kWcrzxWzJioieI+QF9UUnvBCYpl0m5LSjvct
-  Xgbwp/YMpQGT5C//6ro1c8WovnwTHQTIivE0BSZxLV11+pIkZ3fy2LCNlNomse2H
-  CDBhUBNn2mOB8ckXw9O02biS0ZQbNwCZTGFglwIDAQABAoIBADbx4hXvwmLkbbCQ
-  JfEi0u3GesF3hutho+NUBbCBDl/rX3n9FhyhuhUthJqcPtrCJlg+EeeMWKgVHuip
-  bingMEr2rJ4wvshevY/FMdptPfqcilj3+3yyeAXEI3etgVrXNgSix7xr1hOwO7aQ
-  9PQgHanW6gGhdkrnesZEmTIl8YnLucAClpsD3kwXPQNNayOdv7+gj8GxJGigj1+B
-  Qi5QiNqo5Q5Td+B7a2VyhJwnWeTtPr4n45BivV2nbvBsCPF+njVyzto+HlJndzgX
-  tuzJc4eaFsyRGXvWUiPPulY9qUqut8QAI6ueJqMu9BCl5MJYVya/nj/aHbaqtjtF
-  qfbkS4ECgYEA7GDmqcsS6g71vi41uIwekHyvwpP47bksh0kqowDSEv04wYj+gD6W
-  s8PHvw6Uh5bAtzZGXgUcZKMGafLGPNi5JxklLE4PD7HjcC80uMECy4y/LI6Y0eLK
-  8DG1magmRgqE6f8h5/4B2R4BhJVImSUyJqOpPUjD9YigH6A+4JJNOyMCgYEA93N5
-  gR2YUlO8PtB0u8snmO1UaBD0cDUCWt1obgsJSrs8wPsfpTnfUowu2Ns7aALirkOH
-  +lsnI8spIOEYXIrzmmCCg1j2ZM0WRV9n27xpEzTeU9iY4TgCO9elRRSZ4YZN65Dh
-  U/9/EFxXrsbkgLS537os/B+A/8YWVvnYP2kExf0CgYBCymai14SyqiN552i6iq0g
-  OnsXSeRul4Ijf+MSR+sT/oUI+oKfDhBbHxjTvXTukwRFQIrFikApl376dOTa0IoQ
-  qCQ+zpem4abYTh5hjfgSN+TU3D4GIEUjdYhQsJiP9ez0iWi1OqqfBMF9CwmGbGIt
-  VNU/Qc5NFJvaE9dwcSZtbQKBgD8tACxyvdzm+/ydg/AeIfHtRct76KxtHDjOpkbS
-  EoE95HjwpFeuutF8cMl0z2nysqUDIMhOVWPSDqISVgHqh982HJwkLmP16GW1wfJb
-  3AfHS6vkdMOrZQaaO9uzMsZdX69wwdaMOIiYytoYdWZWvc3c3ndQI8Mpc7Ko/wjR
-  ayKRAoGBAKrpsVDari0GQyELjzeTMPH4Y66+AcMhPlMVzCo/MpldSIZlR9ny3Jii
-  izHcBtVWTKUdeYVWA95El75MlTCk9Yrt5eYiH5b5k2AJ2r02XteUvTEwgZV4TZZj
-  MOA7brdrMgb89OO10KGCepgKuRm9SG/eCpidMBkqB92Oohz8YnCf
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAuPb+IYN4dq/wZWMGTQ/7+pE+5nGj+oox41XmgF4tTcM+Ym3q
-  8axYbMIjeDZmt41Cx8gcMSIt1rVh6ZMHDKJiTdS/XuWgde7GcDr/2qqpR5L6VjwN
-  xmDp4JWu+dVCJzMd9gCTqsM39Xq8sckC/nfKGmpDWWq3jESnTgttc/l80qQ+Y36X
-  qC10n95ofar6meJZS4nmoNjhNGTZ+gIv2YktDoc8XxFTEvYJDqOmFMO/pzoCY3z+
-  DuiXis2SJg7HXdGdyqkFTe3ydsecFr3NFRbjkeEks351sECB0Sa/5ImMBg76ukAo
-  dkexzWxbT5bbCeORUSg+Qr7hoH1CIajdT9Fa+QIDAQABAoIBAG5H/d+3hoSlhBy/
-  PQuHg0KzhSBbE10XNoWIOwXAoRxjU/fV96Yejx5RZlqPfRDlrbJ2UrDM4y3IOdfN
-  LP/QdfJX7b5EBTcrpa9WziPvazzcmlv+NGxabjfUp14YU/gRV0TMtT60ZNH9WzJZ
-  Wmqku6CiSQOwSD3e1S4ITDtAvrbL6UCef3g9Tstt4hhqu7xCYLcgXbYTzLJeAXEP
-  ujSTHFqB5m/nb6L6GUWrK56Lq0h3Mm/MqMHdIOmrJ396QkmOTYCX77KD0JB/o05v
-  AoMoe2K4pZG0uu/mmzlwfLHitxKUlWM/amnJLUvhxGKT938Lm6May2mFL82+a/wX
-  f9qfKl0CgYEA30NdJsb//SK7mXxpnCSQbfVuL5bRq6cQzPdsyzWf48cUpdPhQQQT
-  gMOMRCpzC4XKPTPQfON18AL8jW7xN7KRhLwV+WP409TNJkoYRQGbToGZZ5LEQg/b
-  0ZgUcqn/Qc3oTNuwAOExqQ2NFWNGJCYwN1GpwrEM4Zqqz5kOy5evDwcCgYEA1BYF
-  9p3+Tw396Dg8l4j3m2KTQueBQ+K6p7kxSM65KMya8hh/e/yYRqlxdQwr6Vj70Nq+
-  /u3P4+xyd02yYv7WT3RqJnAfVJoaJP4gx158ASsq2e63v0fir6IMUbvRfe9aYJbF
-  5Gvs+AQ+RKgKLjE3oOTLOuxiRCOhQq9CU0XXxf8CgYAoTQqlk0pmMTzX6eNOcjM4
-  BhOLt5fFenTH6unSjK19+lO501NX3xp+Jc5OB7OYot/syEucH5sMZh2ckigsu6kU
-  4ra8u9UQt9sITFuxKScVtsMwNQgEPMSbQu59/D29bSO/q/BLWFsUfwO2lqL0p4gQ
-  lEcmg7slhjvLGX/YNFs/RQKBgGl+lvLIPhJmvFDBgGpECB4zl1qlOyhgZEY/mSNF
-  KNcBh2U7CFbNG5WyfSwipMkKqR+HX5ABDPKrz3hGnqAdcM7O8moyRXNYv/58piNl
-  fTs7lLIYyy+Le1evvH7/dMI2x/bZqI/pm1L3EV4nVAEMHEac5/ZkVLDeJD2+Xbh8
-  OktTAoGBAK8sPPVlqQFq3Hpfh8ykXyZtD+yS6pfffdgxtXJHQmvE+bSaxk+PNk40
-  Vnt4UeC3KgV/0T6NSURElgQ0JX3sDrbyVlAGpQ3Xvr8YNHhQZdEWUI+8tn7jrCrh
-  +8IAdfgWyJFvkSWeXN2iEDCoKtO+k3mIUYRARFeFRaVFNLE2WOSA
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAx3HYwQ2uNulrwipld4jUToif3XfsdSuUs6rYrMeWBPliiPTh
-  wKbHzJxSVndDeU/G2ek3v3BiCpp1Gy7APxUIXddqsFaHifB/TLiAWtuVkh/S4WAv
-  Kkzqq1G69wf58kRNU7gvb4MjnjwpUpp4cuTJff5D5vlCSKePZKBuHiAh8xS6TAXn
-  2tzAAeZ7YWJGtZc2OFDuAJ/LaDt10D29SG73pd4VovfIERPa5yWt1JMi/9isxLT5
-  2WI0pgEjSOPnbgAQ/emOHyhv1N8NGGIFkhxp8NTT+3IpI72R+V/M37+4rAicFakE
-  q2z7Gc+1iVZLN9jPSFMLBJblzWRNiqIW3hBfzQIDAQABAoIBADEN0EkTS1EYMjfM
-  Y651yfoS4nb/QvpCoM1b7PT6FezdRZ331PqkSqoJnLrFlKPmujrogJymUIbZHIp2
-  AjTBwJAMJqJ+ddG4hCbjjjZKocwR5bUnChK2XlWKwZh2rsQmhnpb59beg0ks9ODr
-  O0rO+LvzaNILZoEmLT+LsenY72CwvcvIBGTTYbtDwjARAnM7ghC9Y4G5c9642Xwt
-  M8daS3lOwq9Rr73BgJfH77gAfPkYl/YlHjVVPITDk7qzOuA4e8ZRdgsQoUMvRecX
-  RLtP2vSDMp91aBXBNbuRTRwnGyTe4QOC+CjljfJlbC2Zv0+UUi0a2EHSospHO4gI
-  N61DHwUCgYEAze+9bzdGR+Yji/oAN5zgEGZPbHh7HuIDfEJsBQaVd81s7pN6vgYb
-  /hsDnffLOw4p8I4QxW5q4CusC5OqYtFc4Fi473MWmS9rBnwCYyZzUlUqjoXCZB3R
-  YpfDCz6dcn9SxDVZDwxsSgROYhNtY619qJ562A2bQ1cNopahafAqQ18CgYEA9+4Y
-  +0091uWo9guVKJ1owAN4gUahk1ElV5MEfq01vn1rUvTtk8eDlfGfK+UZhf3Cebhd
-  BD2uCZhEqbSjQBsttjscca+yKSvmlJbL2zyX2yvzFmxMyP20/OFluxQx1WnnIGcN
-  8ZbYDXAa/W2Wv7gqTWBwKsJWEnp/zgxCHQw4eFMCgYByR2fIH9RQcdWoB8O3GMb+
-  UsggWXt5V9K3UeS/pTesk8KvYgfrC1jdWgBX2Ppeey2q4CtOZEfKvnFquzcCP0xa
-  8uEtf6A6waWSo55vhxbXyYskK/YDuMhI/g6uXsDgmOdFGpWhVDODn4AfzMgXWF8z
-  Az8IRgSzCcv3Pb+1GiFZ4QKBgQDVgg+1aoFUrRZiPPtIrLXmlZaTDbZbXUghMJRw
-  Ws2rq+pe2Fo4J1rkJ94BORxPzYZKuEAyRMO5s4197/eeX0lwY1tNdBajahD56RrJ
-  RFcqAaEnsEA33nScSacIAo4f0UGfH+BcKqEIgYBcuqFVnU2gsOoniJAC/cdONDRD
-  O6DtzQKBgQCqRhyj3G4qPlBx6vii+OeZ6T6E1HyvzPkzwxUUpJmJ0INluOvNoxg5
-  5f3mUSBIAFCGbFs4xgFSGQVw4vVSoVce615TuMdPb2mj2KJ/cuPtJPgVjL/Y64nS
-  ++4Ezi9LRa1MEWQbED62Edt6wM9g7U1w7ttG0TpaDev2JFuwJdhyLQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID8jCCAtqgAwIBAgIUK99RCpTdT8qqZKVamj+s2q4WdEgwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMBQxEjAQBgNVBAMTCWFwaXNl
-  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUFx7DimhuzTWL5
-  KeHcONCKVCB5GRITsurrFUwFZechVmdrIx7n5HtCeKFdlAXgxdNLn0nD4bgkCvxE
-  dSJ1U0lec7MdgHWswwpTFfTXHuuJUgMtqUEP+fytKJZXkVrUOW78adZeF9EdaJxZ
-  n1RUld9QpOxVjSmhmhWupxKRJ1z6Ky3cgEY61WJfmHGB4U4on+I2SV1gRXAC7lYo
-  Sk40HAL9z1N3rhRn5r+3kcCNHtMIejPjqe15b8f2XdVkl317IC83deGJGY35fu7L
-  ltnbbl3P07uBk1EVHJfAyNPmaqdTASatEY5DCr8t1TssWxI+2M/33PiEnnZ5HJhu
-  fRwaIQkCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZaMpYLtk
-  s3DqJwvc3RWvq2U9zNkwHwYDVR0jBBgwFoAUCmYJ7y6HOtdy+r3nQ3hhNCzPaiIw
-  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
-  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
-  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
-  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQAUMAo7hWPTH5Qu
-  EGwov/rSqJyajaeh841YnNyeydS+bpSF4Dp5y+Opv/XQwqYxFJHRsgfwDew8IBVz
-  aMGs2UmGdRzQK/g4gbMS3u1+URfK1LQKkoNebbY3DKcJ03co7f0gFYTBCbW3tUKI
-  JhbVY9Oh0SVvZeLgqCHIc4P5arO49W8Dq/1IdoX7OJwF4XoWLlnj1l3Hk89asJIi
-  CdqZfsiGORGO7qMzC21XPLCjrtNZ4reMeWjNUfGJRcgaTUxUexSBe3JwG7esi2cs
-  ynvn5TAD9MnTgBhr+8lui+MC0wZ8+GF+aFz5rJ1Wzsx+Ty7m59Q1MSGN6r+Hs0U+
-  lvUEX+tY
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfjCCAmagAwIBAgIULfqNTHv8fSvrXYxtPIjhGemDKlswDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjAwggEiMA0GCSqGSIb3DQEB
-  AQUAA4IBDwAwggEKAoIBAQC4QmZAuPcdQnDvApJ5E3vFfiH7aE185JXqUZDjdy5a
-  I83xhGwVpGlMsCwsZLd473mvZfPEbi8EFbX1EHf0HIb6XlQ76YIkK9qUDvKkrAut
-  QA9wYJzNoBuC6pBBmfmv5qqCJontIHnqzMVxskHzlNVDn6ESxjBleic5Bq/UMsNm
-  Ul9xjg/lPtlYz4X+E4/j3S7uMDxQ3j2zmbY/N2hvZBscSwgPeRQ6nJgC2PurV/PI
-  i63qSCu2SAvEWEffLMNE+bvdANCS0DBn8yfQhhQSwrQ/S702RpL4QeSNatBjUGU5
-  GP+1UeaaRSyN3wBbrmyNP4UsY0GUpBX52FgLqqkh2c6ZAgMBAAGjgZUwgZIwDgYD
-  VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
-  HRMBAf8EAjAAMB0GA1UdDgQWBBT2ubpAxJzTDii0dk27uZ6SvxesCDAfBgNVHSME
-  GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMIcErBgBCjAN
-  BgkqhkiG9w0BAQsFAAOCAQEAc1q8f+tZiDfOMSSOZrUyInMFQfYRJb10y/7wLv9u
-  9fmFRgIevHeTwae0lUOuaKIffw13TQAEPlwxTjDRyk4vJ5uF+HSoZixL+NCKQduC
-  enC4uQJolJ29LbibPmsN88Agwh/6j0USzk9TMWFlLXY11Bbrun7JqHxsZ0dXm4Hh
-  N4UyDtxWUt+KSGd/5M/fLUYx+OOc3d5hUMJw8F8JHVeLEvbLR0A9fcBE5ZlaEZxz
-  uyQXDvVBEo/evYfnjI1z//2iGDmnz0rBNDHtU2h7BtNdGhVtonSEsGp8TYPhR54d
-  r1CDUSbxNjXW11KW5+QVl4CekyyT3GlRLWYK0EH7LKrMFw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfjCCAmagAwIBAgIUOdTNLXCU2L551fO+zjizpz8s9QUwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjAwggEiMA0GCSqGSIb3DQEB
-  AQUAA4IBDwAwggEKAoIBAQDdTuE1jXJpNcKGzLSVeYnjWioBLLXEgLD+qToYWlBL
-  ze0VPleKJKwpd4f1KVuRvJKI1psbMD5aOLSmXAyPOPaweZXQFbHI4K7UaoXofoZQ
-  uzXbVcyt9XYcIKUzciMjwfrN3Oz4gxM7LwxpfZ+KdZOwihfRXfyQWd1WhAM3d0t5
-  6gM0IpSvOrpkDEMiWnbVuh/5Qn7oWYb9llwyk4pN4BEr0NDltdZ4wE6hqvVIK2QK
-  e1zcuLC8QjhmV4pjMw2E2vtzHwRl9v08fwGldy/ofK/B4Gk63V9XyLg/EAKTm5rw
-  AEScEHPzj18q6UhHrqxZaeVGvcYUPAvuLqMBd2BzuWiRAgMBAAGjgZUwgZIwDgYD
-  VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
-  HRMBAf8EAjAAMB0GA1UdDgQWBBTuUQtmdvOMURCGn4VMzU4VZSLb6jAfBgNVHSME
-  GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMIcErBgBCjAN
-  BgkqhkiG9w0BAQsFAAOCAQEANVoHlDY3lHxtXRC+hyNc1rwBPf0wQEzPI5rv9A/l
-  jOhPFu/j5fGPDSYUStGveTt79EX3exir+WkEY3m7f23NqWSRhAgI9VFJQFSyV12V
-  hqSqxo2GLFXFqfcgPmkbF59Nw6Cd9uPusAdBIGRgELZN3weKDkDq4KHFDThtFSfB
-  8lGBDd5EYxWTmAkBtRJBewI6O2gQv9RnEzNMofYVkFOvyJwn+p06kb5QSIdZW+SY
-  IVBNzeAy8SuPO0m1X5CCJ1bpTp5YL4ejUIxwGKJV1UJ9E8SZU0q2G47xBs/hIXIj
-  jCNWP/lKl4UiqbYdRLofnyRvVhIVBY9nCxeG7rgCg7b7JQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfjCCAmagAwIBAgIUPDvVI8pdhRNdLE/sHERN2tx697swDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjEwggEiMA0GCSqGSIb3DQEB
-  AQUAA4IBDwAwggEKAoIBAQDMuEOO/r4par5zDNs9kO7y6t53a9Te5uAb4QN0iRFF
-  e2CTN8Wjp7rRWryZUGIqosVZL9mvp1FgxwT0RkY5iI8FN26Nk2Hyf196p8RtLuri
-  NCJXLpKV362eYL6IjU9G1Fe9f4wJpI/rV9XypCuvyn2frM48aQSpoEMec+YYxgyz
-  2QXZ5T752p73tqfxtp4WjAFnMmizAqbGPxBvdXyxr4iA373wbPL8V5AYGJYgLFjK
-  3Fc6gS7or02IsyXtHw91y348JhIwYceagkDa/K8LJk22Vd+tCtLR4IMAkFx+t5iU
-  cW2JGDpRUB18JnGSQfCwQ/veYbsVeYc14/8Av6YInTa7AgMBAAGjgZUwgZIwDgYD
-  VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
-  HRMBAf8EAjAAMB0GA1UdDgQWBBTN6NdiyE8Cb8aYowyjhMdiwcvouTAfBgNVHSME
-  GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMYcErBgBCzAN
-  BgkqhkiG9w0BAQsFAAOCAQEASsvpIPzf5CQZHLx2HWAn71EwlLU0w4hs5FlK8j7H
-  9laeceu89cKSn5Orv77z+8+PjA/Dxx9626ICk2SyUMnyDH64RMzSNp7E78iSHOZJ
-  iNbPZfPoWw9UO57/lPmaDYVp5fuxVe7Qp88lKq9nQLXK6QKav2mkOA+a6jEKpqu/
-  a6GvqDcFGURU190ezZ8DGB5NRq5nZ+bQz5zRGw5irRAReL9wANBcjeYN0tLlpDu6
-  YT7KPPRv7BD9HgmUW1kDWknhWUdGuOw8GJyQkAGXKjzBKF9giSm5Lr4D9rd0OsoC
-  OqycknYmJ4x+3QuW7UDBuroIgRWfzuU09+RfobRp8ThSlw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfjCCAmagAwIBAgIUG0R5tzB48xnYRCgjItQ8xrc5AAIwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjIwggEiMA0GCSqGSIb3DQEB
-  AQUAA4IBDwAwggEKAoIBAQDTVVCK23hE0co65WSVj4SOlgNYi9Flg1wyDlDVO1wI
-  ROSzVincehVlLenWV/wuyXVNej0a+d0XNahVAlfSmtfyQWC21P/nTkwd6zzjs5Kn
-  bM62ikeDY+iL0cRVdBwSX2IdiQiMQXseof515A9zb8NMwMp5u6g9OdbezzIFkkJU
-  jOOZQjsSVAPSFFs6+YCbSq9lopHmAQAIKaAYxMWkr2XyISF/din6Jq0Fa6N+QfGR
-  7QDwQJMjKJgi6ZqsE38eDWyOWeFKDJILQZKl91ZgnUiPLwpX96Mo+ctGS09xoVV1
-  apVHsA+As+uFtNAK/P5gut774HLXGv7qPQMTtqe/cCoxAgMBAAGjgZUwgZIwDgYD
-  VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
-  HRMBAf8EAjAAMB0GA1UdDgQWBBQm87M/g8Nu19lSSwGuoj2Jsl1UCzAfBgNVHSME
-  GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMocErBgBDDAN
-  BgkqhkiG9w0BAQsFAAOCAQEArszyMZtZDATC1EjgGJO/8TQVOmSriOAxJz+te64H
-  fq7eoOR144FNM9cIzIvP5k4F9tyuBy4uwWU6yRw/cWPNFOxU1qAkElhEMgJIl1LY
-  YQDQhVGZJSD5vBEuMBtx/alPlWzJduKZzp1UTlqYbrjDjNlJjMqlA0/NzsiEwJMv
-  ntRTwLDAayeQpdDoJDS0Q9jkzmc4dso9G5Wn4HQBn4ro8rfFLdxdYEuaKHcwFXbn
-  KSLuoD+QxTqPvkTUEJX3h4vSObE303Ptvq1JCdXbX8tKHgU6ZbyvE0YgbH58P48D
-  usmmUibn7rjoi6je9FGA1K1qqkNUJqj4xnK6lErUvE3iTQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfjCCAmagAwIBAgIUMkYNYvBFm9vG93WfP+8Z8SQY1TswDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjMwggEiMA0GCSqGSIb3DQEB
-  AQUAA4IBDwAwggEKAoIBAQDDBHW0RF45RpCc0/no9TeEqDSNs1q0rZHRG6mUWHYl
-  ZMMJZaZgFlH8x5w4VwJEDGtTUoDk7pRjxbPX6xcRMd/ih3An7LQp4fruO7g1YPNt
-  6ZAYcP7MWkgo96Ks9LDGutcNd0WZmFGAVLXrCcRnvU7vCO8tfO7X7BmuEhDoC7bl
-  1I3yLJ2ZBrtbNifntuZ9Qsxppr7AMlG81+TIrl3BR/t/yvAL56sKTWleMEEn6djV
-  d5tD+3YczFF1R7kiVyilr4H90WMNUG5E86ONhQG8ctF+1O+SfKvsYhBmyFN4ZYn4
-  6GMhh3r4lkSm7wQ6UQTwTezCU7UBw0klXtLKg/Ul8cJJAgMBAAGjgZUwgZIwDgYD
-  VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
-  HRMBAf8EAjAAMB0GA1UdDgQWBBRobZ5d4u6GdeXkyf3iV/bB1glXAzAfBgNVHSME
-  GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuM4cErBgBDTAN
-  BgkqhkiG9w0BAQsFAAOCAQEAFOC/jMY7N64ZvStGntjP9UnB9rcNG2pUNxqJyrw1
-  kWdQtRubnDSMtyFGDjt7XbbBaZ77xHUtqzQR9cB8gEFqTIdug/lc961p0aFfOJ8h
-  5M38uOhaw0Udy6A1LHB90alHsDnSZBOr9bpKsZQLsqQ96mPJ3ImnFCJ6LZBnhiBB
-  q/L3aD1LtlkZXiTs4N7KwZeJyzg9ZoM78hCDcDHPp39mp/0N1Yj6AeLqBfabnxG5
-  lIfVRC9EtQc4eh2yPuGklka3Iu22T36x1Px+FTh6DXzX11W7hWbxJDFF/z3TzZWh
-  nrbZqvG5RFrFo4sznop2dIsxwU3HX/K7zJwz7JyJ/+Dehw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVzCCAj+gAwIBAgIUMHEjSsXFGHj6bvfoeovrNnlYJQYwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
-  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-  APforaUR+iErpH7UJLQLLRa3sj1HxTXvP5xFONKWeQfXYDpVkufxDoatMSRNiw+1
-  ttJXjPxrFlxRRL5Xbryu7bniJo1VmhQEkaPbWxjBJTIWKo6zs25WyhvuUzTGGc2x
-  CV8dsEj2P2ljW22Ore0UqHMzzNPUPJlciUCwh6kQ5V//ElU3OhqQOKMbPffiD4R2
-  i2GeNQomAUebmNHFYiH5tryu0hrKXoCt+d8VKTwmQo2RkrQ9qii3GJElEwzGYL8x
-  Ybb5h5dg09bxFVe8qTL8xpFxASMv9OIwixbRJosiqZVNesVPBiKzAe5K1sxAbhzG
-  XQynPrZbDhlnc08JTs9GUvkCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
-  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-  BBSEqJKQwsPtIwZjNSa1sVPOI3fIbzAfBgNVHSMEGDAWgBQKZgnvLoc613L6vedD
-  eGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAuE78y1VeLVXl3bMAVD3pcvxPdBrg
-  iPuaS+K3TAorDRWXHMknalNgds+cWXtmE7K61pRf7h/7HkxdXJ1j/fzE3eB1YPv2
-  k6WKG5+zozD4gUtSAg3J/VnV64pCN4cxexVKGFeUPfhPwdjMoEZPQ9kmXNvYWRiz
-  vHkSUekP2k0KLVEpDTjZxtSMLZeJxhkSejiFDEzMIZ0LbK4K8N48kXVxKQ1tGp6T
-  /gFp4hkju+5XPaW2fvnNrpWwTHB3gY5+7BPeVaejGCQ4FeadCKnYuymMyWPZFo6U
-  C3/Flsdx1xiDJsFMbfNJVPgU4mn0bxVZtASyHA1QfEmb7zhF527YcYCIjw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUK1f2+6HBrMBRZhbjLGu6b5VbOJcwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
-  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAK3DZKjMmx4V94nmF6+0m547BFKGSXVcqvucxq9gyLBUY1uOZ985
-  yDVAhldYh0LK/R6oa6ginuzS/HwXv3Lbby4/vqtSdpOhldxSNt0b5d186zgBRFvT
-  fcwQUNbNlCdVAXvYrQq8749zD4z3lwKim0OnB5chXSfYHCbhXXlQ4jrcG22cuyFq
-  qJfyfqP5pKCayqpUN0EtWmVsVCUOd1wDUeIyM/iZJTxf7fASq8vt7Olkvx/FpL5n
-  2BqSXMCYeDXUUA2LkRcVaL6XzspQDEM0pAmE16Kx7OKPtNTXU4xm3HqgWd/V1w6A
-  4Imr2uPXNrq2BKTGczOg2Z5sxmdd8MMjOCsCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBQLCWOBhaiObRAvjvYKy3hbj6zcWTAfBgNVHSMEGDAWgBQKZgnv
-  Loc613L6vedDeGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAIB5ZT58Cl80xoSN8
-  44v77GtYTB1JDNkvpoxpuywf8xMVwq3iY8Uj/FkmPoBd8PiDV6+GTYXFV/W3tJEj
-  57hwDnIqi0kqkFPYJifmcxg96GNN9ThSHqwQA1bqDs3wyvfXO4NXrTpGejtgtFjB
-  82Ie58xj5AsojoiuUR39MLNNQsbiCeV/UEjbFnJ75VxDizByN0SZtzQTuHdhkNer
-  pa4uUcI+oTY+yWJSSGzf73EupLpiyTo4xWWxsWauuThyLi4iE8TEEwSOaWDco+T3
-  8yhL+iJxlqE6VVQy0eBRE7MdIhLm9M5QLZVI05UFuSH2wpz4/iGjgtu4u+N4fXHf
-  Eu+9dA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUL4V5IRuNd8JuKFWvw8zyPbh59nQwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAKR0g7SYJjAkDaZ/2E6N4wSUzNuqg95wKIEvza6WqPf2GDpf7w6n
-  DXJY00i5Og9WbNsQUoPYO9ShFXH/cWDxr+Tj/9ErZjyR1QIE0Mo6tsCLEZbsv1BY
-  G98iMg+dSpBJAV35FA9GChF5QynkEeBREq71NcoiCm2Oua++pU7CGtcjRYe4oL06
-  pMksqwpMoql9REHD9gAfeofdZ1TOBHEbRcQx6JjhAON6eJR2VQBPB0UT7bq1ZTk9
-  JHB9RtxTWZdmVLrdcP8ZDExcaSf3omXng3rTNufqEvevJX9P12RyFvpwSdeqo+6s
-  LsLV3mL6W1i9b/p+Yl2RowO0usZbJBLpmnUCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBRbsm8C2RQX1oW1b9dDlfHNNIUybTAfBgNVHSMEGDAWgBQKZgnv
-  Loc613L6vedDeGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAe0Gi20AJpiqoD9gI
-  sH3NlRz8WwnI/28Bs3wAWdEYfnRZORL9viEPHkIZcTIOniuaniTyTOCiNelGArv2
-  lLvGES6pAu6yt7xw6pCTyZTTAGC13b1OSuFQyQz+OaIbKQQGd6EKNr8JujuG+6YM
-  4PXIHl28u26sf6idpfbFF//HI3OEeH03Yg1J+HMDPJoeF0BkaN6FH1OGWi79YMHb
-  BsrkfRm0Ews9h8xEkc7BH9Zku2VwH66MkPOZYcuLcMPZy6wVoaKbWRgQc8DSsSTH
-  KGnzrzeVZu+Op6nV7/zaA0TqEcCgHQZucNyclhdTi0mTcsnFhLGyX1wD7BVLa4iA
-  zmVc5A==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYTCCAkmgAwIBAgIUZp7Y9yLyCLwIdSK/DTEivPidc3IwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQCzs2FLT2M00/UMNBhD63efcVtsqVN2YUtUFFzINgkIjzOY7YPS
-  9BU7TQ+X/Rln1bkLtCqC+ehs3BD0SSn6mTsW3l8xjluRtcZz7j9ysowHIO3W2QIs
-  y/XVHXFsYBg0bTxj02yprDQLtQhU3/WiNHqOVzr/gQUrk9P1r0qBYE1tvh8sPu6D
-  +oUPfgzX1cpZ5SjRTmmPFOyaYsbOTPi/QRKBUITNSHaPfHzMvOt2D10XJUgnO6nG
-  iZNigL5AFCNdP+PatRLNJKN8PE/jLxdoaZnvcm6sKgxjMlRiVWTHQmjZW15uXGaB
-  ElcnThi6NdH8JDJnVCi5qsjlsY+cdp8KAhldAgMBAAGjfzB9MA4GA1UdDwEB/wQE
-  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
-  ADAdBgNVHQ4EFgQUSNAmNOqc5RSeKosGYRyEIi2Bv3IwHwYDVR0jBBgwFoAUCmYJ
-  7y6HOtdy+r3nQ3hhNCzPaiIwDQYJKoZIhvcNAQELBQADggEBAMYBSiHbuEtd+vZI
-  gVRNJW4LB+334oaf1NE/0zrFw1a3Czy6BHIxYTtEOaO6/Zf5C5giPd3t8qus58Ks
-  XDhjJ/V64ABEzKHtuNAFb26EfQfoQzPuO7UuORWpR9LE3XexW4gT03w8ftcY9zZ2
-  45Boh4c+fBOO5DpRd2kRyLC68q87dQ3s5+FfWXmZCgnTMIxa1mjBVyTTezi9T0rn
-  LjvoGDBgZhhK/3/YEpiScbsyORm0KQnTr/aiS9ww+8dNNRFMVUA6MgnVLRmSMuvf
-  fmWcX+vc3/orhEUooNIFp0OqelzxhaP1rpAq578EavpGZVLiKycPcwqmvhnAv/uh
-  Re2eXTY=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUDCCAjigAwIBAgIUfRto5+MCSvjBdda6LwiZpgr1USQwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowFDESMBAGA1UEAxMJ
-  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBP+3Mpl
-  JOoeBwx8CQqJrTTKxSRwlI1GceaBpMvqfjfJHjBTvHEgfF44p1rwMuCHAWxwz5dK
-  XzfFL3tp/iKIGRDbwV+ahY+xJZnEHKET0sY9z7rSs6p6ymqoiZUdl32b37LIYGnP
-  rirl2Fuy6X8i1WHUwdZAX2czqZpReL0Dcc5W0n46nVJa4PKLXHKENJdm1dMq+BZW
-  maYElny8ifAtJURQMnfiaoeGJwTpCNi2uvUWDjq0KiOy+PFzgTtZClPdqBcp6cF3
-  jL30mdAlA2xNqrsm1b+rATH9loh3zCxk/wSr711ToNHWTmr769n0EkPm5oChNJpV
-  4lnW5h2/T3p6fQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAUAvrpI
-  mS+C+ZU7mGxAXP8kz30MMB8GA1UdIwQYMBaAFONzmPeD5Szd5nsfwXjMLDOJG7s5
-  MA0GCSqGSIb3DQEBCwUAA4IBAQB6HxduxBbDq6KMT9JXAygj/UlpftNeCYk4yamF
-  fIoy0+njIR7fuhWLWCSyE6hleoK2EVH9k6COlzZl3xH3/5kohgYgs3I5QEum6pxu
-  IvRyutp6mzkIR++Qx+OCofmTTwWvyHaYOKxHgRqbDh7Wyay0THNMK785u7KjB/89
-  QM2nNkBOdEZrWxKvmmOjGH4jxN7rU1v7COTkx1W4kNXJ/KT/Az1c6M0jNsJbBqB1
-  KdNZUiW9/1wqajxuS+8BVrdrP9kTv1moWno2gNYfTGynLHmM3rRD7Kn6pY81/blo
-  DGhmNxv5cOUDz+8BtHLsPkIJronX3sOCe2VD8q6lU6NRSZnc
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTTCCAjWgAwIBAgIUaYZyaLTmvwdt0hUkZ+jObOszgQ4wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowETEPMA0GA1UEAxMG
-  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ixzgthrvs/m
-  CjWiPXf3OJ8SC/n347R0PP48RnjW6xlpAfWGuoTKG1ARY6XQoSyGNmeS4Vk8Bvzy
-  QQWwYUXCBtqN2VBoYZkAHMsVP0If68CGlTj+uBOTPNmWhLZKq8aqK9ZgglhBvWJL
-  4ef6h/L7rhhPkMvAiT980YtbH+IxNZewdOxmJ7pkxjewZTloDZaAqKaBfceM1J7F
-  96fvZ8nlu3BBzcVW1+Coha1U0ZIL7my8WwN2pzbgqz9qT/06pBaKie3ZEg//bGIu
-  duPT2jugZMFvIYrAs/XfcevPitltOwhd8rcaXx2wqpTTIuUG8WUpndGu6lA+/QnM
-  2c70FmcYBwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
-  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ3aKH+UR4s+
-  06P2jrSTnQgPVkWgMB8GA1UdIwQYMBaAFONzmPeD5Szd5nsfwXjMLDOJG7s5MA0G
-  CSqGSIb3DQEBCwUAA4IBAQC1UmBQx7RRLTBKLS1twnbASuJBYnoXlcO4prtB4P9s
-  Q0eGgzHDrhzXZ3Ah0Is2ek+sORQW7QLbucPHnMNjVhvDf22ijPDz7l2N2QfcB3P0
-  FpFQ30goBv4fMqa/NBfk9zZ55BNv2HEn6KLzafgsl5Ht6k2kLflhM9mOiRNtmVze
-  Kzif3mv7uQrsGeK5mK17Q/OQ//0d3WTrrVJ8RgdWYd2KXzWQfQ4zQf/bnSNONsV0
-  IQEciTCx3Yi+/6erVXAUk0Xy40K7xRvy0hMIROXfQtWe0u3ufeU8S/WrFHuSInk5
-  dYgHFhH+5pIXOrU/oKGhyshcLugpbhWnhOU54q0wE8V2
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDuzCCAqOgAwIBAgIUY0qgiRYCs1/6AQY/9kcCnK241dEwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowIjEgMB4GA1UEAxMX
-  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-  ggEKAoIBAQDCJWEvOQhXlm3OKjxuiIgUz6rLtBBqSoNlHRVVhEtY3SaIstUBG8pq
-  2w23jDEmAP3kvxVHHavjn6HJhOHzws153OYbEBPeU5Vst7vlrvfb8+bH/xUKCFI5
-  N+HW2sKAJxELU+A4TmXSoRK5EW0aiRV4OftnBDNxc+tm5+9/2iPFkP6DWo783XXT
-  jMMqN/ETLCMfzS7CPBETavtubek3kPaq7LSeKuWUTUDI7jj6ejyB320Rr2fjAo47
-  Xdp4Vy8dhKTLXyV2jl9f+r8YpRVjvHGuIhF0aVX+s5bEaP9hPEJhYqmFyNhFOBxd
-  OlQHI7qbb3FbvO9aU0JtKWoE2qzGhQqvAgMBAAGjgdswgdgwDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBQBIWrTnVNv5qzAs3kQjFanW6im7zAfBgNVHSMEGDAWgBTjc5j3
-  g+Us3eZ7H8F4zCwziRu7OTBZBgNVHREEUjBQggJuMIIJbG9jYWxob3N0gi1rdWJl
-  cm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBKwYAQqH
-  BH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAI49+9igPkaUalTUI11eIJDP
-  Ty9098SU688uWAtzn8sb3KEDLpbLq2zdpvaRVk/wEo2AgmHBJ/Sb9N1GsCYwHePP
-  IOE5NQfBl71W1CYoJmA/vjJZHP5Lj4Yj5GlFwjnS44QkOK0np5H6dub12t3RWAMA
-  eh7gM1A9ChW+bCraTZNmPXHvZsPWSsUxAjZn2dVDvXLF1/nP6UQ9Qgfy0bNGsBFC
-  RHXblck1volVJL33fqeS2YBDhk3tYMEj19bK7p9mzV4as90ItyKLiJvnKdcuITBO
-  8r+L0zzqfJDAgG+1hmriumC7HJiPORuEZJPHWK6k7nLZ2SLXLW7LvTTJ5dloVKo=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDtjCCAp6gAwIBAgIUKjw3fYJ+Y5nOmS8rnR7cIQaZ/iUwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS
-  a3ViZXJuZXRlcy1ldGNkLW4wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEA2ztVAxDkW33oU364dwIBbbsiXC3dAkzSHiJUrGUA8058Mbk4N2SadL5UKkXc
-  YS4g4SdYrIlhWMJHw/JVbLWkm9B5gyd+UZnQjD2w9edSMfrQUy8Kw25Clg9U4URW
-  wJNB4Nl8mxElRrJiHNkaimGC/yzId+TZwiXpiu6/ANxehVnjeni4yQ0GIrPbh+ex
-  iSp2oLIITWQPq4WgLgq56p+2uz9RbISfAdX7EyvQ0rOnrHokyEfGhXmOnbF/Cfmo
-  xMjM3sJfOp4h5QOCiRhqk/m+kCl9hEwBMVoIAkJLrQkhVlGIN0F/ooPrsNtzIPgw
-  Knjff1BwbPz6gRtRbThOm6VIBwIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd
-  BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-  HQ4EFgQUULf/S6jOGjshbfXiNmDiIvh4ZJ4wHwYDVR0jBBgwFoAU43OY94PlLN3m
-  ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjCCCWxvY2FsaG9zdIIta3ViZXJuZXRl
-  cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAEKhwR/AAAB
-  hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCm25OQTnOXyo3GEa+KUUJTmPUHclJO
-  su8iS1/d9O88HdeHG7hzj0hQpjsN+RuQYD96E+jEFfNd6mWEyVGQiWpZsAVmpfzM
-  QmkeJXSUQNDEV0MPnL36kwr/OSRgroRyl0Zmo3EnSMOMHFrfn6bUZzrTvSnFDqeN
-  iCkqMjI+JVMf21GFhDMKK6al6NxBXdH6BY3fK64hmwwgR1OyP50xvM6L2D6tkmXy
-  OD/HQUbE2dFWWrcaXoDsqWm9TSrrJHqM37kjGOXxo2hcRdZ+sXwekBez+RquiPVr
-  23UOcZXbFJwHM4iNhAtaqx2amQonV2qoKE3+Ast5+dqizWVLafV/I808
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDtjCCAp6gAwIBAgIUMiAvopZunlB19wZifryOykRm3U8wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS
-  a3ViZXJuZXRlcy1ldGNkLW4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEA2Vo39YGxPvLX31o4bTQQtpmNfRUlykRGgFx4q9Miagv+PsMXVWqRzGYvCJxN
-  +FYJ4nzDOTyFc8FQlarf0cK6M66Kdw5q65IZXP8k72Kwz1kvr7FHndYkPYDGy2CS
-  yIbIBQhZnypt3XQfvVDQOVz6tKYIQtL6V6NzbULCYrVdjgiu2ulPtfvUxi6LLhyi
-  kxkJdG0riqiRMXH2/nr6IZa1f70yK9/nDQFXKbGr9pPYcKddsRufs0RJV1Cr8RF7
-  p2bl4WDhM7CbwtGRQpQmHSxiiaInUFpaPK+7I0GAyNef06UqdonxNuodHTe7h7MF
-  EBAKsX4KxqYLWH87UWLsuZsqcQIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd
-  BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-  HQ4EFgQUonEdrg7QuVpXJlAcmQDfSo89J84wHwYDVR0jBBgwFoAU43OY94PlLN3m
-  ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjGCCWxvY2FsaG9zdIIta3ViZXJuZXRl
-  cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAELhwR/AAAB
-  hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBS8RQSWKJN6HUvqtc6aqYMyIi80zUY
-  7LJQV08kAC/Dk9MIYdyaAeJ1zI0AN79l1GNUxrV1+ZcrNQU8x6GhY9DeCiMeyWOb
-  xTsHaylsuj8qh/OfofYEt6x/Yr01MghZzZe82XlHJRwWV1RMoqLuu3DxU3bx2ke+
-  zEck75sORz6VwEZb6MN6V2D6C0qtQrHa5iljjjCIpE30+ZtXwMYYTJgxinfT77/N
-  q6o7XhLxNxhdL02i6Et2tjhsCF3XHZK0SXf6OlzWGdUPcWa6GfZvBEH/abr48rjZ
-  A4mXo5q8k19cstFDT+U9crQ33Wx1zhCoPyzyvx1vOJzabOabQCbUBgfL
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDtjCCAp6gAwIBAgIUcktKdAnNsIJgh+RTX5fz3/whdD0wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS
-  a3ViZXJuZXRlcy1ldGNkLW4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAslfIOQLgmiDoHzOIwO9gblUFQk6prnygYtbTus91TYvvLMOcWbtPp1A5F28F
-  S21XYRbZZ2x86n1B6QaAop5qoAkOPqXN6WXmhEGN6Pxrwf32Ywym0FHwlp2eNFz5
-  uIV3qBWB7Z37U9zWl7bWIAxWFOt/cr/RMmPuhHoHjUvAWPPkYgCpEr6T7gaptq/j
-  jOhwjZSw0LBsIq7gB/QFXgFJvBaWY7hcvBTmIyE0yG+A+eCifStNWNrEcUK7iuNj
-  bgGh6f/pgf3Z75iNkl39xKckIwyUlMT4J/YVPj1pzs5WNy3otHERjrWLlqX1WTdr
-  Vr0fsxULUrr7F/uX4lhYFd52ewIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd
-  BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-  HQ4EFgQUhiJW9kNOTqa9yQuX/y8tLMLawuwwHwYDVR0jBBgwFoAU43OY94PlLN3m
-  ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjKCCWxvY2FsaG9zdIIta3ViZXJuZXRl
-  cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAEMhwR/AAAB
-  hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBhD1IebSL7SbcCWZdurGzpR6yS4+2V
-  lTbyS65mYj2cpwowEm+Y4D5kg3WbS603JCS0EO4MKJubFmJeZTbWNRuiDrR3v83c
-  eFRCuoK0BOZBFRBDWqI03cpbPpeNouWP+5tGxQOquTcp6zRIDoofMmFnSBpdY4xE
-  Fth3LRy+SAqTapMJUDiQ7HtVt9B5ayNfyOkHSrkyPv7HLQFmcAW8kNI0NQDAPk9K
-  ihlKsMdmZ0TWkiG4UYG1SqPfmaVHXWPJtprccOEUzw4AGVYn1IR5vWR1LbfSbDQy
-  hGk4H2knfew8RJiGtbwp2NzM5mrA6nMOCbvQtKxUx7jvUd7opZQSP77b
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDtjCCAp6gAwIBAgIUe7Hg57Gg2s0rybiW987sxQS4i1QwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS
-  a3ViZXJuZXRlcy1ldGNkLW4zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEA8aYO4BwvtSCSneWza+2Pr/jsY6ODu3KNHKq7679VyaUj+pNXlo1rb3NPmFeS
-  feIMp20ZSfbZAFWV+d5nGVH/YpHU4XZaNFfaalDpBSImDpdejQcR2xlj2fTMEGMW
-  1+DclJbYNE9oJ6qTO43fCDuzaYbyzxofND1wMofz1J2mlq25r9zVgQZhM70HT6FD
-  BWg2dJBHcL0kax5XjAs5zqGEJEzgZBDUy+Fz+cahz9EqSYQ2ZGk31lJ6ikDZCIuM
-  hv4P+GEmWbL743cwz2qCSteV0UCsV0B5Lp5mcpeT0ZjqJZ1mMT2e6hPda8qN8zfp
-  C2i6AsZiGUvQrmI53XdATsR6BQIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd
-  BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-  HQ4EFgQUi4mtzlZ7O8aJHtd87BWw3bGiPEkwHwYDVR0jBBgwFoAU43OY94PlLN3m
-  ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjOCCWxvY2FsaG9zdIIta3ViZXJuZXRl
-  cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAENhwR/AAAB
-  hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCy9KgsVACZITN7/HvZukBbTV/TNmmY
-  eideKy57K5uT9DHC6mZ+Fn5khrIQQZ4ATNKU+fAV8QiyYIS4pYriZ6jPFPF6FQa0
-  WhBBGZdHrXbf0TOuSMy+PBRK8RcsiyW3K+xLuPql42tySAIewPL8xBkx18maB8Rg
-  jWzlPm6QFUEeFjxKzSe7lV06YylduqPKEAwM2WfJbb/opr+mEeuTPu6bWM1BYdoW
-  1ClkAJXQXulhjneUg/pzezM+xYGizghTg0XHLLrRoiNmmoFSu/S2GSTyxGZfl0Qd
-  Eha8ue3DbcMdlRnPqiEzV4pmJZ0qJPl0UOgExvbSiHCQXVB/iHORuafv
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDxTCCAq2gAwIBAgIULbmQz5y/uAPWHxlPtqGtjfFihIMwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAnMSUwIwYD
-  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
-  AQEFAAOCAQ8AMIIBCgKCAQEAomtllliJXa6lN61GJCymGQT3+ouVAsT7Xnm4VYkZ
-  4Kzdko8W95N6K0n5rkRyfWo/RgCHUuYNB0fJvk1G7Igm2EXGJvJcLA/4h36Sc/v6
-  3WzkkQYqrVrnWtzwptNDeX88RO76ibFXM7SNuWIbKoJvOTsz2PM4jhDmPSz3ezpT
-  Lzjgc4LSCkgqWoPpTqZAjtRXMseYfKwDNmVqDVhIAEEwYMTn95bg233veWQa4rh+
-  HHQWpofBS3dZBja9l7gqW8ITTUCV9wJLX/zBIIEHDRhiduRKUafNpPS9k1dNjEEL
-  e1DHZfBdcD7HIw2y8fm3cOhnU4xw+njXfORv6+tZ9iidvQIDAQABo4HbMIHYMA4G
-  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
-  VR0TAQH/BAIwADAdBgNVHQ4EFgQUc1U8gqKrEgOu2KafDcfuPkfOu70wHwYDVR0j
-  BBgwFoAUfKZngqHJszJPl3TsYY9LswJWookwWQYDVR0RBFIwUIICbjCCCWxvY2Fs
-  aG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxv
-  Y2FshwSsGAEKhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBcEshWGc02
-  EZ6/Mv0kJLpDMpiDkyD3YFJZokzWlFFlL9pv1T1ZB/LlKhIBM5KAs7QJyRpPBEc8
-  fE90+b4VxAtci11jhTu9mJZh6PmvE8fGNvjlgrsory28CTzc1e+ixcIK6ja4w5fp
-  m4OwQPc5zpkrPUot6eOQ0u510ySQkZnnymvO4IKkl0hAq8LnYwG+eEKw7GAnxnJP
-  Mjf23Wx2JKvYvGu0zSuQbR2O43uRj+c36MnYr92zRyKJASBMqxhzfq9nCpBZ1ytw
-  ziEzNYs0p2W/OC983ryavSdr1xdjq65gP58S7MeVPZr17oUMyrb8zG4LseyAEJZE
-  H+f8dNgF/Eiq
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDwDCCAqigAwIBAgIUSPGu8WY3RjswuInudNQ1gO639OUwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD
-  VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjAtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAMAi8lLRq2ejjCSkEVtgjdTuyNMxGBmjmbdyvhDv0cpQybDn
-  u55xeXTIzjLZAezO5NrTwz9nUT6X9W9KLKs1JLFa4t8ltaLef4E/U87XHdtPT8z0
-  vd/WijmRcJVwL7Ov7nKN251Rs2O8pSXt5feDzwNE0nBo6GTtl53ug2oRuRUlXdCm
-  T5kaEtiSnClhZK6EqtvlmaeNWOON8gnU/KOpMfYxU1uLkn4g5AEUtiKZIV6xWXk3
-  D7VLraLUrCjYMRuePaZwhqEqH+e3dASfEbyBAD6V8FjCp86BTStKdTl8TWKy5PIN
-  qGzPC0FirqmRK4PuCU5cdtEdvtiPg/HdmxUqEiUCAwEAAaOB2zCB2DAOBgNVHQ8B
-  Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-  /wQCMAAwHQYDVR0OBBYEFMfEcOrXWCFCtv5xCDEXciqzmgxRMB8GA1UdIwQYMBaA
-  FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4wgglsb2NhbGhvc3SC
-  LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE
-  rBgBCocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAxusRMWlXZd5yMNgI
-  goe8XjmGSPMCzkDKJPfadkB8CWg1V72Tsh9mJfNpstWJgjqKH72ncwW0N68J8eVI
-  zDFb40yqRLCizu9CVjf5fVJFc27WLkIGogCSsFPNKXc06hqSjCNwyQXB89i0dhNt
-  JBUXeJcmJWY/Pno8+q9nPOt8v31I6SQUkmoGjhnHpnNF/N7sQnDZrU+hE8IA+XVS
-  IihEi4rzNOp8Llo3TIae2sbdQcqyueVTUWo4x1wxdV2wucoQUBEbUd/zpMzfk3Nh
-  6hO2A6g7eKeEJR8jj+17xHA9roTSP61I/or7rCwVVDsiNwh+iN+5rB0M2OOggP8y
-  OihXhg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n0-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDwDCCAqigAwIBAgIUEH6SyMqmKgJwyLqJPB3mS1As6ycwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD
-  VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjEtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAJ5QMaftq7Ezo7eTi+KFbmJGwWm+tdTLf4/Kg3rH7SmzIbSX
-  63ZvS5SZx6FTd1Ev1exl5cqb37d1WdFu1NJta8Zti2E6JZPvlTioHArKXZt54NYX
-  EmB1RxtepsuPJHviIfzHexDF/TIUhe8CA10dyW/KW5wbNKYnfWjODa1d7E9P9/dV
-  RRcHn6Lf8jDMBLgvLqLAZFTBRflF8ttvRz+ngjEWDugu+zVGEDkwedxxFEEy7Aj8
-  cBJ4pvv3ULJNylZpsTNYFYqE3NY61rj2iWWoKwVT4xr3z4dmedFzRyfSNYw+KKb6
-  TpbDmOgF7ssVL9z6YGy9/htr9lbTBkXfnL6SWb8CAwEAAaOB2zCB2DAOBgNVHQ8B
-  Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-  /wQCMAAwHQYDVR0OBBYEFFm/KvwwPFSUhs1DYf1lvrwVExApMB8GA1UdIwQYMBaA
-  FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4xgglsb2NhbGhvc3SC
-  LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE
-  rBgBC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAg5bkGiAf+9ot6iD9
-  bdulC45t6bpvJYEEL+RVWvKVmxVy7aKQLRZ5COD1iiV8bhMtutCje2rPZ/jSRBZ/
-  2DTszQrjnd4gbRZ2uP0J6u5rBCA+QL3X4AtfnX0QHpRVlcQ5l33n1KhXh65KHmXU
-  sCdb2LDctgSWXp/gkkz4KvmyjTF8RxVw9Jo/v9K21K5i3i17meg6VTJ44qr6sen6
-  iJuClhoaDwKMQ4N0r+Omu8rvk7vzIpqIil7mYKyASRV/19jjH+Kszo3LaVAY10sw
-  Sd4+jpMgyKhXsb3z3j9tcPX5VuA1GFtDPVR7HQKWhRPbf72pU8i97fgAGRYNhBVW
-  ZZNG1Q==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDwDCCAqigAwIBAgIULajVtdTVIH1rz+eK0Xg1xIoIjkgwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD
-  VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjItcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBANAVPJx0lomjqWrWcJQSbKVY2WW0/JTFsU5dMkttGFbPVzB1
-  f4Tu86iOaxbKwiMYVFBUHyAYyR8NVFb54Nnpm/N+ujnZ/pVbnSHAhll9mxXcdjir
-  p8G/tSks13MecN+ht2V9Z3ARis4ow+4lQVyAqDhU79E6Lnfzgi8wS/CZempE7qw1
-  6/aEh6e7iktyXHdAdWDduBIEbSGy8o+3VQ6UmsEf6hzaAiCfE9K0nnvKfmzRDwoP
-  VYpg251mel1P0o8xAp8xOCLA3YAtXraIy8vFwX4+PAjFYZvGoiRU5rJ9yUQO/PPm
-  Kh/ACfpvDtzPflj5pJrGeXs8MgTPMWAR4/QdJl0CAwEAAaOB2zCB2DAOBgNVHQ8B
-  Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-  /wQCMAAwHQYDVR0OBBYEFDx6quirvg4DJ/NnrA4mTqN1u4cbMB8GA1UdIwQYMBaA
-  FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4ygglsb2NhbGhvc3SC
-  LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE
-  rBgBDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAs5OmPgHccYUrnImr
-  xAbj4RJ7NMEqnOdkASCCk6iPoj4PjI0B5vTEZMNv/unBdQQv05uBJhM+kA78/QSR
-  C/kWXb1/9mqLpSXCr3JJwBSdA7QissCFcEOeAnHjBFQKmZckQKih2E5hcVcmBc3I
-  K492jwQg1A0zlql1qWH4NLM4o+B1nVJhuGJC31CUhuoc1AFJyZYJuvKb6vPa8XIY
-  4Ze4nsTxRnzamSfOD2JlAEfHi7EzqExLAEzn0BNbcYWuAABV/imDVKsc6bO4jymv
-  wlJl0hiPZZVffYdcKBVhMBCqdFj9vg/JZ5GFt9SWwlV5O1xGnS6ASA0rS72ZGKEJ
-  BFEzLw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDwDCCAqigAwIBAgIUVrKDYghcqkQMBlOztAkhzdPK0+MwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD
-  VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjMtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAN2Ex6XZ8JszyyaH+IiSZnlvHNu7k7Q+kuHkuPj3efXXE9K1
-  50Ogl8v4DMQy0l4DYmx53DZjaoFxjHG87OUkpmlAn/Pjb3XuOJDUsAUNMTIMiTqI
-  B4rP8lnK84SPak3IYd9MMSNoyYsKqM5ivrzYx84V9fJU6Y55rZXGxOnfkIcFMiiY
-  K0jXGXBvOeIjEYVsf1DBdAXRJWWoxm7KvUrzu0g3zNihu80TjkSzh4hkLGnMWvpn
-  /+jkNb1MwVzCBbpNlYpwT3TON5FpgMqjwp/wHi63hJXb7yGWRvfVVYs3fvi4Ol9R
-  iGL6bbxiovVtsggOHkAQzBzLFI4qudXvnH5EEIkCAwEAAaOB2zCB2DAOBgNVHQ8B
-  Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-  /wQCMAAwHQYDVR0OBBYEFASBv6hL/IoVwfuC6CplU+ngM0A2MB8GA1UdIwQYMBaA
-  FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4zgglsb2NhbGhvc3SC
-  LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE
-  rBgBDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEADDH5PA34T0rbNRVK
-  +DQfu6OdkucVzGJ0iqCL+X1zNhgYEX4DzxQwxOGysH5y02Y3Ypo8CPMzBcelKZ2M
-  17C4f9kTw8qDFMi5yshKZ2y8dtIA1/LFgWore/vgBMHQlH2ZLeuK46r0y1ALqYSX
-  JjkLzFw75yxazL+/RGPdQnkHrtolAYgjBqCAuw+agOGCmirmjRZJaYgRYOv4omp+
-  1elhMBZvPicd0+oQ1xDbLvI3760LEN6XkEeXgceeh8qvJawPWJYQgNHO3E0R18qA
-  n7v5DuDM3oNhfaH+NjpAFAGSng36oa/4wJ0cAqPDtwebIrSP8ztoS5rXmWqbwxI6
-  eSxRGg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSTCCAjGgAwIBAgIUK3vtsOF4MoHwpB9/MdCi7GH7BhwwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjARMQ8wDQYDVQQDEwZhbmNo
-  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcpdrK4OwL/QYH1D+/
-  ShFt85ANoHJ/+bEmB+pqIO7Ww6rsDHQSnUkJeykCVX0kTmxMR34cA/rgy1v1+xP3
-  0zObkcD3YNXCNCNi98XMilDvfh3GImURxFDND6Ngje/cU/hGhjatBzJ17nQddbzM
-  dU681gyhmqKs2rp9aIxFgjIv+Bemyxilfh7j6qTTLPE10hZry03e74Ttn//XH2Ya
-  taKtu9l25LNkhuqh27KfBO9pGJqZyxhLtkPb5t9NIYU3yWam99tA9nSiIO1RDuiX
-  seYsS7pSXLAbcivAzlx+dxLVGGbXLQ80M129zc2uFD8VyyHF4xBxFnEpSp0cmxsF
-  qcmFAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTtYGwpK2tBqS6Sbl
-  /vZN10wxM6AwHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnPFUFxOhn0dNUwDQYJKoZI
-  hvcNAQELBQADggEBAAFy/hf2f0U8VV9SRKgR2h1Q7SbpWyBItA72LDs1sdyWqM+x
-  73sn3NL63PQGSNTEjsEfRLkvkh0wCFZxF5euK7rkyWFiD489u0HfT7I86iI1MHg6
-  PYKo8BdyMEoHAOjfD/Z7Oo4dpZVGVjHHEAImoU2nGckh/JiBzRlVKNhtGMhny+O5
-  su/mzkKdLqEJzxcSDdDx9jymyP8UggeSg3bT6ulRODvY+uYYOef8jnwzROIjPfaL
-  iHeGocTTl1cLRhD9cy2A7+N+lUruMRWpCPpcpTecEsvXn6feZGrlRF/x4IG51ziA
-  HKxzALECV11Nv1oR/khqbSjsZZTUJt3lIGYAl3w=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDhDCCAmygAwIBAgIUafGGg7ugTjajdMfrXUf/ybtJCvcwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAeMRwwGgYDVQQDExNjYWxp
-  Y28tZXRjZC1nZW5lc2lzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-  yLkMThPcGpCAqM2ZFq3iOloNc9hrkfhCnDSEugyQWiuvQxlBACh6xsTY9AuVXswB
-  3b7y31gpgeFKtafB24FQOUX04NdrrbeKp2+xmlivnAous0FmQGq8Kxka7zYadPYO
-  biROawebCKGGTGvhF9EfRymTjbGEO9rNnmWpWDAtWbVM3ib90BNd6PKAJFZ7fjo4
-  up1eY391OXh577WtkgaTx87YhMmXM57LMf0heAJHFE9kRHOzi4e1ZDh+EXAqFvP8
-  yLsL/Iu1frdeMv9ktf/8OP2By8oYbIehTW6cc5Ti4dk0QTyGhgZfqttI880gwjz1
-  wak540H4mIffBKKTorhTMwIDAQABo4GsMIGpMA4GA1UdDwEB/wQEAwIFoDAdBgNV
-  HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
-  FgQUR+egPjuUH9iLeH/DnYz4UeubWf0wHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnP
-  FUFxOhn0dNUwKgYDVR0RBCMwIYICbjCCCWxvY2FsaG9zdIcErBgBCocEfwAAAYcE
-  CmDoiDANBgkqhkiG9w0BAQsFAAOCAQEAhORD7eU/nGJBaKBVCZX4lIV3nD6rhI4l
-  oy6d2aIP+dd3zzOGU4JMAzWysAmS0cEfr8+rrZnxd8CcfsPwBpoasURZgE/HwZqk
-  /KPfPZMAYHhNNllud4WvXdpLaCyfzEfWDjaTi5Ymevzrkyxr+PNTIYESx/2dBiRm
-  OUPIMFhmR8/GacDGI9xQl9z4+n3lGndcMoYG7XUVPK82sj9QQWsY6tNZiJ15I9SS
-  1+sVaardZaJB0GoZVKxU9xSqFZsmjdmkBwYP1DBV1Ff8RB8y81gQPlSDyx/Q/2d7
-  4PRjxlqQTxeZvRX3XoqncFk9yCi8RdL3PmSzJerQYY2LiG09XoVxNA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfzCCAmegAwIBAgIUWbXvhKUHkmqUYSj6Oy3L8kvN98EwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp
-  Y28tZXRjZC1uMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMv0oE4F
-  qf0nPFXFrDZU5dt+QqryT5deqhpPYDqrMGvcpgpjVaoYSJlSBZf59buaEL0JwwJt
-  Mr+ua46R4gILKW2Hu2RZHLlnO/vr6u7WJh5WqK97ZrwgAXjmLcRM5yF7S2yAqBnq
-  2AWlpmXoI5J9saoLnaCoTK5EcCg3DwGRP0WBNbatxY6k6DAOwPa3V7WnQvkuK+eT
-  /loP3v5em9fxW7W34M+qgoEfLsG8U6DoNhOMBkqegwE0hNZAuPEMvfKuUTGbbbHE
-  GgAiqkbIh0eGkw8qjGZyewYVsnuzkGf4wK0fEZAN628CChDUZZgYz3c3oyx7VqAk
-  oq6/WEt/scEYexMCAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-  FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7k
-  IdF+cHEHsoWZLP6H3xjC6RW+MB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ
-  9HTVMCoGA1UdEQQjMCGCAm4wgglsb2NhbGhvc3SHBKwYAQqHBH8AAAGHBApg6Igw
-  DQYJKoZIhvcNAQELBQADggEBAKzOMvbQWpocM/h3nH+Bxtz2hQsjtdqA92COwNMt
-  E6/ACcK0YqrY7Ab0fnA3zLddRJi/UEyomkdhv4wk3naHjesedMg+cn/QoyW/oiRM
-  8RybowuOX5qMG4bB2jOAcyV/c0VSVV4GllaNEoMLTklFFWru5EjNsZ2qGI+Pz/Nl
-  tWGO1W37fs+5j5Hg6TUDaXcKNlPHkrNPeeEyPGJEv5jZ3+gZQhMOv96b3qt9a3Ie
-  vCRWfgAth7zzTuJRyVtPuvsllxvht6Kcg9uNMQkfHwnZ214rxqNKsSwzomGzIy9Z
-  SR75o2V2/hMq9ZzJGf3vgFiIo2gddhsmH5BTmVH5Nr1csFU=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfzCCAmegAwIBAgIUbnTO5ahDuISPUHjFkdOnjzRZE74wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp
-  Y28tZXRjZC1uMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAUH3IY
-  TtnyAJf5e32rZnVEBUyduCLk6zta6f6nF19Jiqph2ABij+TBfvSmG1hlaGUn5nGn
-  yajNfnUD9ifE7OQVwL92achXRISelXDGgxrNZGIWLTN2v3p01KDj5WiEwkh4FPtW
-  ErKNBRJgHLffxx9q5fZJUSLyqj+hSIUNfFD0nHE3p1H8As/AiP4Eed0aPATiz3m3
-  XbN50a09fiS8QJMPg0rBcrGR2TPm5jBkRCYyQbFS4AG1l510rUJm3wMSOnV1rHXy
-  Z5WxQlkNuvyxjVAYRFUjghw9IZTmewCXnSDg5JHTIpCD5gpEiHoYXGbn2387qBtY
-  4S6LrSSTftVIV88CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-  FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1l
-  CsgS4KXBWR5F8iFAlU5kyQZvMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ
-  9HTVMCoGA1UdEQQjMCGCAm4xgglsb2NhbGhvc3SHBKwYAQuHBH8AAAGHBApg6Igw
-  DQYJKoZIhvcNAQELBQADggEBACII486ZBkTP8V3chlSMlAyqd2/xedUTbxTN0dHT
-  FC26hzCNxDqlBzTMYGyXAqvw1mgt+n9DffHYiiPx+2yYVxW7Sm7tuaHsPrnTaPxa
-  zXvYfb3m865UdnXrqW7OuXabn3bSlKLG6POK1T6sbMfDClg3FwibskXPKmuJe1aP
-  NiuLle7CJgw2TXG+CsagOIpKlMXWxFTn4RHd/KVDGNctpRKwnJoHnxSB8py6WQqD
-  qC129e8cSwvuifcDcUG/mxC2wH4MABY7a/k0JAISCQjvxxz6szr+jxrgsv9/S82v
-  Fjd3s5V2MgHw7L481LucmTsQs/I4wh6zfSsKHy7DI10vzeg=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfzCCAmegAwIBAgIUPg5fHiCu2SFpQirveyOKhmBc3VAwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp
-  Y28tZXRjZC1uMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJVwQcqr
-  IoKxcDmTLOH9YeNgCf849S+pZrCdtngqa+rGQ2AWKYYHbD7XetaCcZafhhysjHJl
-  rdeuuVuWs7eoaQml6nVNk6XyWWYchb4MhRTG1Ujil/cM6KPM1/e90yeu12nmiajP
-  VSvK7rAKG9Z7R1RfC8H0D8rxfUouOyyGHXR7YAhulRlEl8VMOtkAWU31UR2ucLFj
-  gzKi3XM5hVW/e5zDDrk2sccVJg19JYgsORk6M0QhOf4iANTsb8L7OI0eSU9Xgk2a
-  xj1us4AiClIszfj0mJkEM6wWdS66W/dDWAyfEIlUOf5ekuZN5D6XW8f5tVqRCoCo
-  yphwrwrL9QBMBGsCAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-  FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGnK
-  4Z1CYXWKP8NRP0Xn8MHGN5tqMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ
-  9HTVMCoGA1UdEQQjMCGCAm4ygglsb2NhbGhvc3SHBKwYAQyHBH8AAAGHBApg6Igw
-  DQYJKoZIhvcNAQELBQADggEBAEtmsGNdmq0EpXoFrTBOf3B7s048HC/waDnxNRe2
-  BSWPZoqBdUiMU8LfNZzua6IbcNUa07BUnQj13cq65D5SINlWvoY/gFd3aETZnpZ7
-  Q91jzUWYsB87QeE6Pc5gvAQkRi0QhUWezzaoL3fMYVlVNbyZZM8Rh2tfCYUwgHtw
-  80qPM0CJdcFJYc7TqndUYTKafhWsNIv04EWxSpSE3PynnxXUoy5m+sYWREutlV9L
-  YMcug8a5JMuPR0l54PX1j2pGo10JiKcFggFvQXXFApgrTYc2WgJTeTHmooIr225M
-  sGJEGW+81+KI6Bbq/RSC6Hk/OIsIkGmVWo/4w/Xv5SVzfKs=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDfzCCAmegAwIBAgIUEH/3nmXnsmA7llur/Mae0Ecm4cUwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp
-  Y28tZXRjZC1uMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyvrFPq
-  sNvwQrVSexx8VMGzbDOM2SMFQHN1kn61yO089M8ImuZKXMXGQE+Dc129jp3w26TB
-  bY2zphXevOedfI2ehPzIVq70vF+pkrt4Vbk0qg85Ba6ppc8/Vfk0jR4C++PisY43
-  t05FcYMQr0dHGCNJ0F9PTKrksShlJFFAKjnKz4g8L+fC8CXNbMicfrkHtaHJJXkg
-  6IQXlMLbRTTIs9zzblqnVZvwam5J6xLIrUfpwQVpDs5hxZ/SY8lfGs03wK8FWbjG
-  nyuhr80fu4Z4iD+/JQVPiwsN0BGVpBrUMtPLkjn+Cxy68PmsllgoSRa+VciEqCz9
-  eu4eB6d7s7WwY/0CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-  FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEgU
-  JSfZu4Ldehtlf7AJNPPbmNdOMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ
-  9HTVMCoGA1UdEQQjMCGCAm4zgglsb2NhbGhvc3SHBKwYAQ2HBH8AAAGHBApg6Igw
-  DQYJKoZIhvcNAQELBQADggEBAJW8URCVPW3Q6BMzvnArCn8I8nF3xiv1US2yXg6t
-  U72aK1wrYTPSbE8PNuKFHFk8PMJ5UETBYXdFcBtxhqdhqj7ve3RZSzjxEQNbXBZs
-  2qsUmC+4hXcGg/FQe68KfPBPrAMl/cVi7qcNHvN09eE8qswIYb2qqScZZWPv/HFM
-  3JqehUFwjuzYfNzQ+mRKSt+6nCwGLsGaWQGBQ0dRXbkCcsGY4NyCYUhCPmni00HS
-  Nwnobev15FkD7p82qkwn1hIzrPHvyaJ0I4L1qYJPNaFDXrE9CFhsQRA6DtWMzCFn
-  L5av/s+zsB0Uwn63UaAjrxTvYg8Se0Ov2AlG4fqyAuFbIQg=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTzCCAjegAwIBAgIUS4xv983JzzKNYmFStCikUemFhqowDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAXMRUwEwYDVQQDEwxjYWxj
-  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl54T5x5Tb
-  9M8qgrej/nKq382vIuLfIV0vImEEZN2WT/FPpLoBB1zL6+0zKWdgcL2A7ZQXWVeS
-  NTtgXjs6VlVJdyrOOce+Ku8zkcfRCTW5PgTW1SfbcvhvmUiu5oCDGESsBEVZhQjf
-  d8LIcpEAPrd4GwAPEvKv78vXgDpZsJH0vgtPPJSb6vDVyTTaQqhHtw+t+U31Hfu8
-  1fPVO+RT+LzusuaBr6KIf8PBZUzSNsKP7Xc7b8DUZggoenr4QcM8oum5CethLaMI
-  SazOK+l/d6DiNiL0RzxF47DSwyZPUkFiBrvZsqYrP+BERSP2jMl3oybnP8bx4V7A
-  dLOYynBNk1mPAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPAvLOhPj
-  0fJuD8jtaZQI/aANk0QwHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnPFUFxOhn0dNUw
-  DQYJKoZIhvcNAQELBQADggEBAKmrjWAC697jUTMn8LOTTx4a6QaJX6SwYFTFKhXq
-  8wln+Ertu3ubU0T8dFzMI/ICc2mUuUM8+utZQ2wt4PXIpNeuMNs3WkELSA17GbNk
-  pDzysWvawjiBriAMc22xzZGFgNpkYSnyDM+/qbPwHWcZUkjfpTW4m4TgNiOBHC9z
-  55r983xjNJswpjODA++9muVdBDnYI2UzLr2umWzyp/lxoVd2e4FO9EIDpeZKGEMl
-  oqipWgANDSanRLiR1P1YwvnJ1hcFDCen6/cZvVD0dJN0WDS3PRY42+s4Ez+J98PH
-  GgRtbQD5W8vyCTgwSLgeuPQSM0KVJWs/1kZ1LZJ0BXejLUw=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDjjCCAnagAwIBAgIUC8wKLpKjRiVFo+GatUnYVohC2tkwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCMxITAfBgNVBAMT
-  GGNhbGljby1ldGNkLWdlbmVzaXMtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAJ+ptEBVWepk6REq1+BW9mNPMDssPpabQU4khPOwdLxCuoWgO7cj
-  bUFnrTICTMoh7iz+8AiROlaKVuFxbnuu5md0ur33pAhROGsTXWDIIDzYVAktV8tR
-  4aINA/b7HRYp1LQjbC6oUWkMuGFf+R3DTxyN6eOqmmfBXYmlDzaLXg1cikDOtrMv
-  TjovVUerWr6ykSy3AGpwxARcUWLpyDKKSRlsj8YkEUkjPalv3S085y9RPbbLbZ/d
-  ERbfPqmhKT4lktO5zyyzjdoJdrqKqcfvvDrMn6LwAsOguxrJMhZY2c/f2UsLjpHR
-  Wcaxc2vexf4GicYPeUufMv34MePpaWf95V8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8E
-  BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
-  MAAwHQYDVR0OBBYEFKrF1nkBZJVENcxMSN200u7dCyj2MB8GA1UdIwQYMBaAFGOI
-  oJnXS4O7x6eNJSwbIRqSFaZRMCoGA1UdEQQjMCGCAm4wgglsb2NhbGhvc3SHBKwY
-  AQqHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAMBuiJTUyz9lAqmZn0Uo
-  /yYZedUeHvNbSQp+M80eiBqOKMGrPAcZ2O5/Hg5UTyYK8ruUFO3NSMRZmSVamfst
-  ogGEKEZGMA7Rug6rciuBirc7SiiTW7WgEa+BKe5x9JHikCu743rO4IXapxazE5kj
-  3CbbzDwv1Rm5QO+V7la3gW4UyoJyEWgueim7Kf3h8ZjdpaLSulvSKppk2UBHRDLJ
-  lRjl1r6PzkwUJwTiA+tsay6Isuu/ddx4VeLjGiV1LIg2ASDnT5fc03uMefsLMtM/
-  nNDgqzbFBHcnMYvOa7FXdbB1o/GcGcxYSjj4G1/z0VXuhTwME5AbZoKXqUYFZQfr
-  q6I=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDiTCCAnGgAwIBAgIUdLBP8Bev5L3B9IWXU4MNo6XudTYwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT
-  E2NhbGljby1ldGNkLW4wLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-  AoIBAQC8PvCSqxs0QA8NVNdhBKcI+tJF6oR7jVKzapGdKh5xBGGekQH47SNbOCxa
-  ncnY27vU0xzAS8xIiur9gW9UMsF0Zsa5rz3Gi1FCi2hblQI4XxF1U9xH+S8bYsBC
-  RpKZzrEmf82VRg3KUxCLFx/r3LSqDH0yBCBllQe6g1ZaB4EEq7pvQU7tbcQlay4e
-  Ot4tyxRdE8CfnSjj20hvdVpOeDL6Dw2dcdbNnxj9Ozp8VS4tv2A0VnFFnqGA2NBc
-  u5MgEqr18+0MlMz/MrqHpDvNp3Yw4VKG9tjxZ8yhIJDwpXYv1Rg2R+5Aiy/vII7X
-  Z8NpSYB/6KfKddJ+83T4IiVzcy8ZAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg
-  MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
-  A1UdDgQWBBQv1SsglIBzVUOoTZHpXxPAJ/bxCjAfBgNVHSMEGDAWgBRjiKCZ10uD
-  u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMIIJbG9jYWxob3N0hwSsGAEKhwR/
-  AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQDCcW2arQRD2YGTt+n14AYscFLI
-  bXXar3QmyKFDhR0Wus6T/zJgQO7fxB2G2w/cdBFU5U4y4P/3W2B1GpIgD9VUB6BD
-  rkpm8D1uMhsqI+hFPKuax5A+tFpLqMNoaGbTeH8vgiANdmBl3SJheUjD/w5Kh74I
-  DHYYvxDDp3gMyqfCO4xm1OxRB0T93xe+XyQU8lI8yAx5sTtWrp6+V3vkrhvgwPq+
-  h+OlvhJFNiECPr9XcGqIdM7qT7EQ2ETR4fOgFANcD2zEfb680nu++JfVu+fiAEhd
-  JHaV3JIe+Vfwa3zhJjPxOIy8SVgtVxeR3idL7w16hlBHu0hX4603UFfbSg17
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n0-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDiTCCAnGgAwIBAgIUb2tlZjjFiRI81s5YBGohR3aVpoYwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT
-  E2NhbGljby1ldGNkLW4xLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-  AoIBAQDCfkUI5emZa00zxhqM4tPiaTwpGAyIfu45/Et/CTv0FCLZ65II+Ei/al8z
-  GSmDnCsDzdtfq6zeoIwvFIu/5b8D83GU16M7Jw++KvLJY7EsqYKKbZsE9LqsfGkN
-  PY3XM1TZdHXIlrrCmqjSvGwYNfiJ05fTFMl0UOc9W1AuvDbXeeoUpY4tjDB0TPlQ
-  znQMdcrezu+oT4mzlfQFj4I1Tq2prpoZnAO+6NGKSEH3C6ChCyO8qks81QjnPUcl
-  xLkIsmLPF6tR9tOgZ3kglCexchwUNe8tsFsN/nHMlTOEmn/hWGZyeSzhF1WXN5S1
-  8dGuPXM7qf0DQaiqFr/SyI8smyYpAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg
-  MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
-  A1UdDgQWBBTlO+FD5UztWVnYeQEkFXSPITv0sjAfBgNVHSMEGDAWgBRjiKCZ10uD
-  u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMYIJbG9jYWxob3N0hwSsGAELhwR/
-  AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQArqfZHTUHoqGKJHd9i/H29AyJi
-  hi05LVobnbkxPsZDJF221/9Lc2087wSmRm2UmpU5XqMCrA34wjf4n/XTlpitvRwy
-  vG5mhdiyhcYeqcpPfS6vdp0eDAgJhb/obzyKVmAwLZW5YfAKd4gXJ8GBNJb3F1f0
-  PAo+aPt1hZmax7hTmwbXuqi7F0UdVWzdoAT2nNcPKKkP7QKv4fnSfizRgpfRSsay
-  mIFy3PtHFMMiFcdjO/prf8l4A4tMp2ZxQShrTY4VZMYUgoLoiJ7+uUUoUJ6TruT7
-  c3lKu9reCtO303Xu1yddDgUqefieUarYHS9sMJc0ExTR+rXjk4gUW/17npqY
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDiTCCAnGgAwIBAgIUYlyJ7JME8Hc4VOuRU8bulGThdJ4wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT
-  E2NhbGljby1ldGNkLW4yLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-  AoIBAQCvxKIq3P6gx5FKmUr7O855lwL7ncmvMgg/RRR1NuXik/25Bmti/6dwutQV
-  x528j3Qv4CpcYSvopHOJp8sISvQKG113wv1aICKz7tHnfjxZxvLaUlZ8CbzkjKrK
-  EiWAHXNBTu/Mq1qzL7UrXa9ab0YJn5O3SgUjtOCcaDb+6J19A5vhQZLuNjUdpuiB
-  d3yVyt6y72G2eAAK6KQriR3+thpPBafhAKFInXM4u0aMj+l9TcA0vpHe4Hb5lpNk
-  c46TcoF2hQUnXUPZ/9F6pKtI7M8YNSdNLBB3U2tWs1GMkgfk4pGHIEQaXR2QqCBf
-  dcLthSiye2+dE0vEPgz9fs6yENZ1AgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg
-  MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
-  A1UdDgQWBBRxRlWdcH2aEVj0ZHsGB40T3MUIQTAfBgNVHSMEGDAWgBRjiKCZ10uD
-  u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMoIJbG9jYWxob3N0hwSsGAEMhwR/
-  AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCWokTVC3rh6K8gLHop4/erJSzL
-  uSr1/F6M81SvqCbdiGhzfpVllKMYSIKlfgDVIQhesndKsu8IG613ylts1xvQyGgt
-  mza9HU/TD65MRAt5BcM1mj+4UrSfxQyX3845x6XrxpHo2akwbrsbvSuE1k0CFdW3
-  Hlw/UZRdYOyYZeM68K5psr1hczdTq4sgQzMjCoaQdWEHzVDwqFPWRDf9pd0MzGux
-  ks8BjeQpbSFf5hsvpLYkrlM6428bdgBTeGLA7EVzpRoZIbDF2W9w3JF3GmFIhP4q
-  HEqUo59o4r2f90wmcXXp169Aq4VukMzqkBnXad+ngdkcjWyiQZk/f1DM3Rw+
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDiTCCAnGgAwIBAgIUYNYuv0Nuq7UhmYNjHGJ48eo0OVgwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT
-  E2NhbGljby1ldGNkLW4zLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-  AoIBAQDCMAMI6PcFB9PJztSdWDwrIK+d9i8EHMRx6cDq5Z3wYwRNSu4cSMjt7XHK
-  APOE320dJBzR/AWutlfKIuvRkcvnWWlu+vDS7lQpw+vo5hTFRLnZSkwwNl8XoP+p
-  ARr8XVL80+BCiibH2NCWCUJqxNU1J2H0BCOIg6ZWc492wrclKo7BEWdRg65uoTfV
-  SOWX6LxplL8Sm5nhz7lBz2sdfO5rVIDXD9Ok3a2rRBbKaHs18ZKfAapXDLX1eaVt
-  zAr/M46Ke+eFGSAtj939PJpkJ81Jqh3vpDfCjvxEqw040FR5ZMVJKx/Enj9OqzPA
-  hhxl/vLSa3azecf4J9OZdw1lip1nAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg
-  MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
-  A1UdDgQWBBS9nHufHGpS/FioJ+aF5j+fXWHR+jAfBgNVHSMEGDAWgBRjiKCZ10uD
-  u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuM4IJbG9jYWxob3N0hwSsGAENhwR/
-  AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCJ7X4gkfxUPJdAoI7MDf5Rhd34
-  RyPCOe/j+VnZZU6mYciXhJbL0Z1JCJydyakUy6SHUK2puWak+kj2jDimEaPVX943
-  wukiACT0cVv51NVPifSQK9A7aqGnf43XEwNiEBlS0FRRnjeIsl5eKndAqRcsk6JC
-  QdfrxBoWJef2yWPpZKl1t5xHQG6EQ8s3hpKRyweQuicNtEm+sWORnfteZZlT1az1
-  OkF+a09GVywdMbbJwpZqKcEzWHaBh8DeeozqRaEY8Hps9SwKIN83O20/g+KtYY9C
-  J1493TngAkxzV/tI0U4enO3XnmXRoylJwWIKydnROzustwfE9eQ292Dyk48g
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDWTCCAkGgAwIBAgIUbrjF3WPV2FePiFHBqvsRyX1NtJAwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMBwxGjAYBgNVBAMT
-  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAxKDvOf7gM/KYM2B8NhGNi8EW1pMNROiiCLmRFxiPMo0aoLMDjR9fD1K59qiT
-  Q2nuohh2Qm3jZywDcOSby2rrsuPwRC7XyQ8TdmQ7dD5KLv27b33oUKT7eWKL9KVG
-  9EeKBAKT2MKT6GR27WBvdi2we0yJGeG17nG30RYI6X/tjiFPONnRyt89KhwcQHEI
-  0caEtX8AKXTvzQqSHG2i9vwvVFRFtV00v0xz9heUOSBZ6zVOu/ynnwt1gJmiFJxM
-  C7VlruHPmMvhLu4Q8Q5mNagxC3GyZQPzazgU/ej230UcfwnKAJWDJDZe6Y4eR/n3
-  tw7Fu20Mdu02/NjcJPxVm1af7QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
-  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-  BBYEFE8TGjPhEwapcCh8swjLDNnfuYkIMB8GA1UdIwQYMBaAFGOIoJnXS4O7x6eN
-  JSwbIRqSFaZRMA0GCSqGSIb3DQEBCwUAA4IBAQC0zww6DzdLfbOUp+QC2YM8sjdV
-  g3Aa+O74EJSRP8gE1oMj+YwXSjkS3t22T0i6v2U2KV2BEqrmzf1TpuAg35CqQPGk
-  VJBzbg6LvCHkyy1wTm09ShDdj0lLkRMY5XwQIOHrk54EbCHJUwNnQJcUznV1P16Z
-  ji//MS+DHl9u5o8Qc5zC4LJrs0NQT3CO2+GxMjlD+P+pnvoBRtQzwo8lb19xNMf2
-  GBSvr+Up2Lo3agw70oZb2IPy6Nm3EfykO1XjVY8p6W4FXCa3XQ2JYiqyQeO33eE6
-  1866bnKC5hnZRwCjKrOJAUxC3Z4T9N9OwU8LieMUGUDlLGI75uE1jLx8LlKV
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA1QXHsOKaG7NNYvkp4dw40IpUIHkZEhOy6usVTAVl5yFWZ2sj
-  Hufke0J4oV2UBeDF00ufScPhuCQK/ER1InVTSV5zsx2AdazDClMV9Nce64lSAy2p
-  QQ/5/K0olleRWtQ5bvxp1l4X0R1onFmfVFSV31Ck7FWNKaGaFa6nEpEnXPorLdyA
-  RjrVYl+YcYHhTiif4jZJXWBFcALuVihKTjQcAv3PU3euFGfmv7eRwI0e0wh6M+Op
-  7Xlvx/Zd1WSXfXsgLzd14YkZjfl+7suW2dtuXc/Tu4GTURUcl8DI0+Zqp1MBJq0R
-  jkMKvy3VOyxbEj7Yz/fc+ISednkcmG59HBohCQIDAQABAoIBAQDHbr3hkISO4nLU
-  8kiPt8lJE/hm3njmP6MF5Ejv/y3EEaX+9ILQ8HEsJLMi/6URS7ppcycRvF2aM8RF
-  ISI4vHbY/aB8VGZrxO5kwBySOMQt50Xsy9blnruAH+0bs6fVzVJn4dCEbVsG3+2M
-  Uyujm/0kMS/2QrICA9Vp7zVjYJnlpGssVf/RX2GJrv009iWiZPRnZd2RG47VUKVL
-  hAZ3HMHePbl4e5TSHOxv26CRTVfz+jS2o47vSYWKAa1i7V07rsA64CR4lVF0f9Vd
-  aPsbqEGkPKDJNJq7C5Zt8nXjTw/8w7cxXNZLneL6jni2pxuSZgreHBXouEbsrROz
-  OtMHWaABAoGBAPKbIX/gF6zuBhj5byUU6JdeWiPT0h/cG+IXYL9PPZxW3gMKkpot
-  sxlV97Fr+cUhUS91LaRJcWzNhX8d7jOVmxzVFWaOIIXj89JzqsyWHJDZOeql736M
-  JqybsVtfg+pJqA2LoVYvyW2lwQ1/mJ6T4smbjCBVWxwIf7VMe3JoDqoJAoGBAODI
-  iFCgwQ/Q/aB/a1QyIS3ucjsr0opg6xetRmh8Vmi6ftzMUfRZ2z6MPxTuhzH3vG3w
-  hysHrqtcRyYYVVxw8iNjnHJTJpP9h+1qIN8S4aQJio6vtXrTsSF80OBFWY8NqN2W
-  dMKgiAGAXA91nZLlqSjW1KFUepJheUsfoNYwaX8BAoGAbYO5y4/NIDMSbZOrqIGX
-  vTzKVAH6iIdDzvveoH2Uwk40Sgsrwo1+m6FC/sRPK72ueE3dHJxKp2LfMFLChGa0
-  bn+B+ZmO9OHB3u5324KnwntMua/OPMHnc2OU3DpxwgEd639shQttUiHQ09cVfgAk
-  D/43cyEUz8LGY4Dy+OIgPIECgYEAnxkQcpD1VO6FNX46R0Ob/FiS/ZKM2Gi0vPNl
-  rDqlJkcp17m+IAchiOnXFEen5RQFiIMACNLNLHiJ20rJ0D4ZBDdS2hBEc+a0uLOv
-  RHSmxGYEbe2rs53190/Sv4oWU4xFg2Ekj0T0PqvNfRuwRfLLgh5cLTwP7V+UbDmc
-  qz1kzgECgYBnAmBqC5bbya9dhQ3SVTylqL6YQCl0VFL6/pRcOQDw1LGfdnsMKz9q
-  yH9YshLtGACMmyP61AwEEScXUz6o8/V01bpcoCfKH+jKdSs5wEdIVA8ZEiLY0jBB
-  IKkXbwXeFApV5FRLxXBtrvg+UeMW6oDEVG2xDc9dvwxf070KT0bfJA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAuEJmQLj3HUJw7wKSeRN7xX4h+2hNfOSV6lGQ43cuWiPN8YRs
-  FaRpTLAsLGS3eO95r2XzxG4vBBW19RB39ByG+l5UO+mCJCvalA7ypKwLrUAPcGCc
-  zaAbguqQQZn5r+aqgiaJ7SB56szFcbJB85TVQ5+hEsYwZXonOQav1DLDZlJfcY4P
-  5T7ZWM+F/hOP490u7jA8UN49s5m2Pzdob2QbHEsID3kUOpyYAtj7q1fzyIut6kgr
-  tkgLxFhH3yzDRPm73QDQktAwZ/Mn0IYUEsK0P0u9NkaS+EHkjWrQY1BlORj/tVHm
-  mkUsjd8AW65sjT+FLGNBlKQV+dhYC6qpIdnOmQIDAQABAoIBAFXQ/wSn4NesySJY
-  JVXkoCG0BCmuQ2CmqbfPM1btfBYZVOJmVVyjDTPdXUVzxwu5JQhuyGC1HIqfffZc
-  LDHyU18qLbsVnzovfoa0i4fsZSfUjRw+sukF56pKitMy3lpxaPpi7pwVIxMbOd4h
-  Mpw6tjTflMpEqeepQ7lIhv2iguUVL4SOC3+9FZJOttFIu/ot6wa6LX59aSZDtX4Q
-  hwIXRtdGrWyPuGs4MDQc+ELjuxiI91aglnba/cNop7UWVMdQc/nfwjlU88tx3a+b
-  oKYIehDanFuZexFTAhcQI7kdxYV0BcXSSuCKb+z5r+VAMwIbWccJC1diJhEqfsW+
-  9rJpVw0CgYEAy0m0XWMV/2prFABxgOKO2H+abOg9xJbqb8bIrQSUTXNoVyodvSFY
-  XmF1XAZv8fpLB9Kg8KdnX9cVCFD2amx25PMyT/orF5Rvur0IvVHfOk5lRkhNucO6
-  e37CNusz34PC3XNchdyrzM0l4gChIOvtqGbqC/1ReqoMIGNWMDd1mYMCgYEA6AmT
-  mOmrIlnHVA6hDMqoC2U5NMc3siOHnViab8+BTO35Z+R3b+73FdLDPfPDFCVk6El0
-  4c6cmLeKKQ4XIZ6av62hnRhNwseKF73awKB8840r94K+fmH6ZPBHTWVYZIB57ZrJ
-  MnQZpIg47C0SrYN9/xJK5qGVm4s9q6QWmvBhKLMCgYAvOq52y+B+eMDr4rZ8FSbO
-  0caU6tf+5nkNAwf4eonh/KAPMC+8kxSuyMG1YaF8fIQWCy9s+deggp3WUskNLKnq
-  wz27Kwn77naO0gBHy8+rAi+xRncYY4rdyjNhAwAIO9p4DKdASmZ3rGnSuga1WVrb
-  tx1FL9NQRlWO6MVLancd9QKBgDtxQJt6uPma0EKLYNybCgOpUcdghbcf/PzlFuMv
-  4Grpx+vCjophSHERxiyXxtDhZ4FOWCAEwv8ofb9YubpGHFSgUXeiI0GTxp+gZmrU
-  ck4eSzYkC1LrHK9BErMUFFniw9mHvqUrMuqAbzypq1BCEEQI1qFQobfwKsNOzO+y
-  RuGbAoGAMLU6AM9whKkrWq/gyyRS+7KEGw+RNFasOt3x3BUXTK6ueIyJIsqfrp0V
-  hvvk1Y9+GMUHY9v8FLF7FdeQbOOXkNHF+/yQt17zMK5hpWmQYh29ZKjnl222BAqm
-  xU3w6q119kcVeCPgo9m4hWjAYsn2Oa7JCqt8db24m2x0x13qOAs=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA3U7hNY1yaTXChsy0lXmJ41oqASy1xICw/qk6GFpQS83tFT5X
-  iiSsKXeH9SlbkbySiNabGzA+Wji0plwMjzj2sHmV0BWxyOCu1GqF6H6GULs121XM
-  rfV2HCClM3IjI8H6zdzs+IMTOy8MaX2finWTsIoX0V38kFndVoQDN3dLeeoDNCKU
-  rzq6ZAxDIlp21bof+UJ+6FmG/ZZcMpOKTeARK9DQ5bXWeMBOoar1SCtkCntc3Liw
-  vEI4ZleKYzMNhNr7cx8EZfb9PH8BpXcv6HyvweBpOt1fV8i4PxACk5ua8ABEnBBz
-  849fKulIR66sWWnlRr3GFDwL7i6jAXdgc7lokQIDAQABAoIBAEvNqPZe7MF82JSz
-  qWdJqiFl0N12IwybyARykqOky7wrXPnZ0MJQrWfGuZsP/317yfV1DMvTSog8xCP3
-  g5XLPTRVcStFQxA7Zab8lcF9FSSx+1CVovYzDbG0vOFSRxcIao/5DHJS81NiWi4I
-  CY2zmFLv+hiMyOXo4hewQCnPgtrO2g8Eo8/N0SvMAchDtsjMKg4UOI06c0+ptQOs
-  0Y0rCyeMo+xe5phyD0fappsgq08EIrpLedsh7cGbicKajx6KdhoDdxsDC8vcUqUz
-  W2DVA885ksS8DRAUrJtDCmeahjSpIVtpwwXVIARx7wgoiP9gSrbU6SunAj2L2OA6
-  2QMMgAECgYEA87+GXgIz8dy5ttyxK7WdpzfG4pTq96M/wTuO+8JBBKX6n19LaHPM
-  OHqcRUNyqhyYejyMIlFHgrV7l1ADY2dXHOV808ZFdP8kQzNMi0jlnrZHTEkiJSUq
-  Iy2NrDUxAFWVCY1oJrupc6c+3KrT49ZutTyx9+sn9SQnGeE0no3ocIECgYEA6G6a
-  igMhxvWQbns+YQ+n1+Lk0Wgy4ywGob7605YPiR4bZlZlGrsjcIrvgOBT7nurNpP4
-  JCWwtaaI+vEyvy12fxKK0k5hWhaUPOCsL/rRldUSEL0DGTcpS1pRMHoYVjAMdk6T
-  hLFT4V6aUt1cgOUKw8FtyiPI7983oisqkQVR8BECgYEAy5WCUu6gGDj1XIhD6nAM
-  t2fc087x2dgeHfTy3dBHoexHwelEAIAHaHzwHOHS2cZ8jEwZ92fPxJp0GdOYoOPl
-  XJtIgVEvHiMkVIR6QDOopcE1F8BVppS99xfLJrResxrIGmxjO0aup4xe8swzoi6t
-  1O5W7u0YOKXziqgQ3QVFyQECgYBX40KiPw7tmXs0m3t53h6cPlpBaIIdbk9Pp9RW
-  X16efXjk2HRAiFSdQJvRgoGaIr8Z0xe4K1xHQ6J2KPAEZB9za0J8xVCAbRs+bcIO
-  HmxTmI7NL3tVdIszyAH9L522MVL1BT84pIjQJiJ6hONuhaztWl22WpOnSCNUObhN
-  v9I80QKBgQCX9EjMNkXnqW4HKuo5uENE2o+zGHzw4+0MmWNK9UQiAluIj9TQIBVS
-  Vt7p1km23qnnSyTCfGsIqZP3uksFNZw60KwdnZ2jnVqekvfBm1Ya8nBBuWeHako4
-  hAx6AoVhiWZc7jzbQszptHPErCZuQ5C5GbhBTN0Pi+bbrFzYpwF1RQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAzLhDjv6+KWq+cwzbPZDu8ured2vU3ubgG+EDdIkRRXtgkzfF
-  o6e60Vq8mVBiKqLFWS/Zr6dRYMcE9EZGOYiPBTdujZNh8n9feqfEbS7q4jQiVy6S
-  ld+tnmC+iI1PRtRXvX+MCaSP61fV8qQrr8p9n6zOPGkEqaBDHnPmGMYMs9kF2eU+
-  +dqe97an8baeFowBZzJoswKmxj8Qb3V8sa+IgN+98Gzy/FeQGBiWICxYytxXOoEu
-  6K9NiLMl7R8Pdct+PCYSMGHHmoJA2vyvCyZNtlXfrQrS0eCDAJBcfreYlHFtiRg6
-  UVAdfCZxkkHwsEP73mG7FXmHNeP/AL+mCJ02uwIDAQABAoIBAFyovjNXy/x1CxSJ
-  6iW4lt6uPdkxnlzxhNg5hVXWwFGBoVmg8by8K0uc1SZTgssnd0mB5faiNawnCHAD
-  6r8Ztxo2V7yOy9N1oWKj0r1Ucg3GaRCqzMA3SJ8ZzMODqjE15SypMVof+OAdloHH
-  mtprPWbrUUF4ixq3pgl/jdMCuTchIRGB8pcHkIeS2/F7umzcEcFAgC3R/wUn+NPO
-  lxbgJuQmyj3zDPuyq5CTTGsy+6oQFUL6AY9E48lFQFD/0E2ue2OgiDc2X6nDbWk4
-  J/G6TsXuPDEMq+sAFISfEkc5KgrQ1OV1pesDHmYSkCZie73UBbgiBUhaj5aXWBn3
-  l9Naj2ECgYEA2iEk+rtPB+VLjaPg6rH0lN9dC4+ZxP5kyLjR/16mIMO5nfr8XaJT
-  600gjvKr+pyeWQjEOrNiwlbn5sb77HiW6pgkYo5USbK1p1YvjHjheVmT6+dg5wyT
-  vHlvThdZMVIoas8oFDxJfxfUr0ejyX02rYzVmwlv6ztPk6Ik/qHgthECgYEA8EMe
-  xG4YxtSqVRT5Ag2ImbdKBjPmkOwZkyKm0CddjW7tQ+FWW0fXg8wTII4a9pmAX8+V
-  Z8YerpPIJLHruBKpf8gMHOCXXJL65BiXB8iyp3cu+Ah0ZXF3IxcV8zCht52acJiN
-  LGcFlpI5Ypc7YOPhPCi6d1kDKbii6YzZCQ2rJAsCgYEAu0/3B3DNvwQCS1FNFX1X
-  gHgG2KSp8WZbeZpsipTmqAArZyRejrGUytzidp6hXIYd3GsQxy/AQQ6L+bsqHri3
-  MCESLaf3bYoPP/Fcx44OYTyxL8Tzi7VbMGA/WpnmN9pLZt0Zl7bljkQSmao1VhM2
-  XvYvgAEsoJ3AChEVH6w24WECgYEAo+FEdTubjtO0M0CQ8IOGr0LELSLtm+BPOXsj
-  SUvwle4ZzHlBTBXevLlQOp5zac0eMTwIbrZGa1HF7LGnVPD1yIENMg1HcQ+YLklP
-  izGsGmpDEU/DBQa1+qtef3imdfX8R9zmPmku+JtYpRT+nYISOdSWC54deDHGfYNi
-  7rfyCi0CgYBaTKDjmzkDjTefmuWU2/J5XPiBpQ3+P9wHGwysdhKWiEdpxqxkyvw0
-  VDNXxlzrs7nKskqqaqHUiejwlxhx4WNBq6uZdzeOWbo8QBPcR4xdv4XhgKCRY7X6
-  BciViDUQe6HNU8mjZS8iIaQqWmQ9iqlIJjxwTyMusAC9/fGpO75oqg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA01VQitt4RNHKOuVklY+EjpYDWIvRZYNcMg5Q1TtcCETks1Yp
-  3HoVZS3p1lf8Lsl1TXo9GvndFzWoVQJX0prX8kFgttT/505MHes847OSp2zOtopH
-  g2Poi9HEVXQcEl9iHYkIjEF7HqH+deQPc2/DTMDKebuoPTnW3s8yBZJCVIzjmUI7
-  ElQD0hRbOvmAm0qvZaKR5gEACCmgGMTFpK9l8iEhf3Yp+iatBWujfkHxke0A8ECT
-  IyiYIumarBN/Hg1sjlnhSgySC0GSpfdWYJ1Ijy8KV/ejKPnLRktPcaFVdWqVR7AP
-  gLPrhbTQCvz+YLre++By1xr+6j0DE7anv3AqMQIDAQABAoIBAHVuhefzFnyfWtGp
-  YGAfNNiKkWdlokDXYqbJ/67NYlGR/seMjIxgJn1nqvWZRJ+3AIDB+SyBRZK9FUHP
-  oH993ZtXKufNqjmc73z8l4Qr58UzGBak9iITpUf0kzWs5GBtMjcZS2+sfz7BY4Wc
-  6d0KcKq4woosdcs31adP2Qrxf/w8nuXS76k3RvxoqaATPRED0fGGi+jYb0LcvFha
-  lG0TcZRZ9qwEKxzESqP1K7wE5gVxgBbvx4PvTzR1m0qnEWyjqMNbj4xJ/YhNq7Eq
-  sN8MiyhgZR+awFxluyV2FALJYGceunf24IZul1SEuZQXr7lZqWAnFpTdX7rkwiI5
-  OrD6R0ECgYEA9adV6GbLnOOKTgJGFyUqglQLD2RreExO0CeUqlLgspNlrkKOp9sy
-  gb4AW48cQV+aV8asVebrpRIfsIsO1A/8yxpz9XeJweyzVjCQYpyGET8XPKRFAN2r
-  A5bXZzoDtj7mzG2moBLnhawZ01hYwud9BCCwSK8UToR8Qy6uLI199ekCgYEA3Dvu
-  zQ5He0VYIjT53paW7cVhLJ8tORc0m6XPJAu6u1Q/RUcpaSF+5aJXopvVgBjZxkwh
-  gSpHSgY+2uhrctrMAQrQ7mOikTrQQk0pW5w8is/f68n7lpiBz8vYFXRHdvxQquhM
-  MyPhZ3rqScz5DcQur9CTvCf7+LzyGQf7b0raPQkCgYEAl9c4Da/EeZRX/8H+Cv5p
-  GSfTsk7y8ufP63Abv2/8/cSIHD99qBmgTXvhArch0vLCFzFxgqN60oyyU9CQeNns
-  +qm+NWMPHnQtob/g72Mqp2xk85HiKRfbRhutx1ufwb19sayxSs6ElyZ6zB0WuFqX
-  9r4x2KuHlMTlfi1Tcax/yEkCgYEAmoz4hTA7G5fLRJ4Wp4zYN93m1rCRxNmzEnNm
-  jO4qSaHSkORifCOEcNPfWf6v8if+U7lDXeh0hM8jNu4Z0U0YErcrbc+/2tkCIzUR
-  C/f1SJielFJ3WvSFTHTJnCywpiBk37sLFmxclwjb95R/RpjhBoKB2m3Y1nKKFuTS
-  HwTRaDkCgYEAsN2kmsc5xtMNyQ59imymOR9fvOS32spvxeYkY4s9Z+mQnOEUJzY6
-  iIiCoheAc3URadIps12D+mkmP/uF49GIJrmNf/8/vt18muGshlpaOfjTp93QqtKh
-  4SfkG/I5sHunuX6q1wWalgAeaTKxzjvb+bxTz9eQjPWQFK4Q8LpfyOI=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAwwR1tEReOUaQnNP56PU3hKg0jbNatK2R0RuplFh2JWTDCWWm
-  YBZR/MecOFcCRAxrU1KA5O6UY8Wz1+sXETHf4odwJ+y0KeH67ju4NWDzbemQGHD+
-  zFpIKPeirPSwxrrXDXdFmZhRgFS16wnEZ71O7wjvLXzu1+wZrhIQ6Au25dSN8iyd
-  mQa7WzYn57bmfULMaaa+wDJRvNfkyK5dwUf7f8rwC+erCk1pXjBBJ+nY1XebQ/t2
-  HMxRdUe5Ilcopa+B/dFjDVBuRPOjjYUBvHLRftTvknyr7GIQZshTeGWJ+OhjIYd6
-  +JZEpu8EOlEE8E3swlO1AcNJJV7SyoP1JfHCSQIDAQABAoIBAFK4lpDjmzAiXX8Y
-  b15Afc84ZiphFK2lHkAbwr/ZEixkZFKdGoiRjy9xIDPJvH1O40uRqHjzNmBn4RRK
-  dRtnE3eMSae1wOovH/hjvoxt1nQd6XBkpb/a39b4y7kfhciWQlhE6nHvaUrNI+lR
-  2EzEwTGlkYazAsD2NiJfKWq0ZV1xIT0HfYyyOfI0/IBjnyTLdRbkVtEP7miXvBXv
-  9i6DLn7ziwOAN2rVOx/7EnexIgpS3ct+kNTDjXymuEZ+nCeV/AzGy5cJWcOYoc6f
-  8bfJO/G1s50YMYIc4uu4Xr6oYl/pq6BHWMxqu8OsvcL3fMhJZMNIoKx6DvG3LUaF
-  f0DLFE0CgYEA3BNXxE+Ln8wkyteO/45kVp1fyqbNCMFPabGs7HmOcU+Yi2+eQFuf
-  BATGHzRaoQWXd0LPKKARZ3nNGgrlJUygfgdNdr9dMLNvqmN9+wUsnOD4EN7r+3zs
-  O6Q8S9BNXp4g4+dFphlpfJwUSue3esMCrR9gQKOWrtFEq1MU2bl3M18CgYEA4tn4
-  uxR1LizmoJ3aYqR5Mw6wMjzTKYBhXTW1OAO0OeTitUoyKjNiuenKeQGDw7g39MvN
-  xQjzlWofb1mvvnaJB0VrTdtKNjhcIbDBwzBmcteWe5sLIp+svmwxHV8AbagKxdCT
-  SLtf8dtGtqLmTth8qdZXtoPQUOFBjNnOZ0/o01cCgYBmQWqPYXJ7vkv+H+hmn8/J
-  WvguXhB4l/GBJ7g0bEqeJaC4cRVzy9537Ivt5dKSbNmy5U0CEFXl4XdGOXe9O/x6
-  coQwv7vaLBWfcvkPUJkpD3LTy/CT+rh9AdOuWkwIwaqAmm4HPlmAN7lKEJ51IPU2
-  YZTEk/4onj2s6T6P55gWOwKBgARAKVT4ESoIVVn1Gz517n9yawLF+P7yFOD2PKsM
-  Brh+/XCAL2hzBgqNwul5icqFDSddGkHy5P2Lu4MOnyhmeDLWrigLT9ysOa237imG
-  IqVMPNmcEh1X+Jio1lLCkPN9DpaeTeQy/p09ipmpe79Gdy+HgKU+2wxo7B2Dh0aQ
-  TMCJAoGAb6B+R/QlhjT0pZmSB11EAsazZwoFX/+/R46vhAJqncalM3dZxPNokUzB
-  R1Z3HGf2mqoG8Sra7I5/kIOIz9SKY7QDFzoYEZK5G2wIu1Jk/yxKFTNRjpIx4m0A
-  ziPN09/PeCFX5t9vKsp97YADEQd3Sc7e4wcvPk4tRW18WM2DnmY=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEA9+itpRH6ISukftQktAstFreyPUfFNe8/nEU40pZ5B9dgOlWS
-  5/EOhq0xJE2LD7W20leM/GsWXFFEvlduvK7tueImjVWaFASRo9tbGMElMhYqjrOz
-  blbKG+5TNMYZzbEJXx2wSPY/aWNbbY6t7RSoczPM09Q8mVyJQLCHqRDlX/8SVTc6
-  GpA4oxs99+IPhHaLYZ41CiYBR5uY0cViIfm2vK7SGspegK353xUpPCZCjZGStD2q
-  KLcYkSUTDMZgvzFhtvmHl2DT1vEVV7ypMvzGkXEBIy/04jCLFtEmiyKplU16xU8G
-  IrMB7krWzEBuHMZdDKc+tlsOGWdzTwlOz0ZS+QIDAQABAoIBAAYCwTsQXYUyXrGo
-  iR9IahZz68FqnRB6tYsfbopElbin8zBW5NH02UpQprFfo/CEkmM1Njjki80/NzB6
-  RDgU8bShFBg3LB4yIinb5rCJ9lHpkayWFNKnDg1xUNkluHhxQ23n9V8/gTgX7Z6R
-  aAwohREN/3hfW/zH7pf/77ocq8MRCvRWUPNqxlcEjEFZomcQLZz9J5uzuT0Bz2DA
-  W4YpBXCzFjrXGXE+lpjRHFePfUv8d8fa0Ye42374a88zRDHIpy/1zgOMza9IkgG9
-  bx7jdreKHtAfHsKhLe4EN4Js0YiMbRygjHr1/RgYCV4bui2f/uU9QtfdUNd/aF3J
-  OfppZZECgYEA/SlxNbmn3w9m+5MispbY75vm6jTsUKL6YC7EsEcfxyXBY1R8nEi4
-  IZCpIM/xvZz4OuLozYb8hagF2+ykZ9OHxkGV2eoIXTwsd8/9W9Gxf9M+mzyLXVHm
-  wMpcVpIutP9Y7tws/9/XMcWFrRydt4so0YRBBhYw1FMKtvcmgeUmfX0CgYEA+rAp
-  DUhNZ032bjszE/7CtyI6qPFdoGoj0Ua7DUfVVAEsb+oEP4FCZYhOhkz6OKjIbIxx
-  J57tcuDB+DGFJqrCvqRvHwosSDEKVAPj5WnmU08PDwZkVELOIW0jNQttb+9gYdpd
-  nfFDPD/JmXiuwAR1Be/OH0+/Iu14oRW8fqyulC0CgYBnsf3pH66fM1PfYBkqRZd+
-  LcGb1SmmrdsYYo+2FKvziod4BDc2XKLvPK3J/uLp483ZcPAin1P3+ybLOlbtIDvQ
-  /TRAGhhq+CbOvKbuYSnvTburIlWDV/TIqxq/awkuohjvXcgg1rLydBGZIsuHTrzd
-  dOqdb6F4lrsgzoM7WX02kQKBgDRX2/p+Aktzp+TUT5H5O8bpSr5Dx3zbLKdh0WSw
-  fwaPSCwF/OUVpDt2/o5kPErgUxj3KhlPwdyeuWGNVXQBa7BKvTkJ8r0QIEvyk/8u
-  4Xy7oTVN7Fz7pfasxxEoVa1tmf5Ujf+QhK1r1DhLTpGhXJ3kuHEpQYuVcf6Qf08j
-  1z/xAoGABaQ44V+VN1033epY4KR4Nm55DzZMCznftyDXPyuHO5tvOJHh2QdibmBZ
-  t0Qni8i7K+hEpKSAClq+Xf2eLB/PbPETveDPNQMf9zuVcxLsV1ohmz9TN3K386hS
-  Dv+BZk8O8F2bRtpbBhnJz9R1R3qzhF5zndOUaPmAWu2sdOS1XsA=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEArcNkqMybHhX3ieYXr7SbnjsEUoZJdVyq+5zGr2DIsFRjW45n
-  3znINUCGV1iHQsr9HqhrqCKe7NL8fBe/cttvLj++q1J2k6GV3FI23Rvl3XzrOAFE
-  W9N9zBBQ1s2UJ1UBe9itCrzvj3MPjPeXAqKbQ6cHlyFdJ9gcJuFdeVDiOtwbbZy7
-  IWqol/J+o/mkoJrKqlQ3QS1aZWxUJQ53XANR4jIz+JklPF/t8BKry+3s6WS/H8Wk
-  vmfYGpJcwJh4NdRQDYuRFxVovpfOylAMQzSkCYTXorHs4o+01NdTjGbceqBZ39XX
-  DoDgiava49c2urYEpMZzM6DZnmzGZ13wwyM4KwIDAQABAoIBAADtkDYOka2BdIb6
-  AZpgnowjyIwgR3gm/IrHdZAuNiQq7zTn98oLZvRR2eXRhTdoGh31zE1jkfG11r9a
-  6RzV6ywWDxCfKh7zt/crQTvBEGM0bZUo/JJ4+K0EUUo0Ytwq6g0dRR9Pjv/3H1gj
-  Yl0TPT0JQVMfTH4P+2aBwZwKQIsL65+f/YkKCEj86mXjPPjzE1xtzf8PjaLoz14u
-  etBsAIfqCFlE/x5qg/5Ots0UEHdJEsM3RC//q0hRs5/7oho4Y8dcBsqzheLSRgbT
-  wE3zRqXMOmKmuwyipgzUTYuE6CbzQy9+PrkUN9/17NQDMvHITqo2bXs/vov/hpbE
-  Wezvo7ECgYEAxYBu5lLnRtcU+Q5EQdBk9hAz8qjrkp+m0ozCGslJAt9/vYSfCw1R
-  GZ9sm8QxOztKz4qOjoGWoAeQbD2ASxrG2ylr6zLfjke1VkcmSRKMwFAvyodDRKLv
-  INYsMR7Jj4cBBSNmLmeNitQ6W4LGiEhd0riJTUsKWjE2/mCcKK7odl0CgYEA4Tr+
-  K9M3zrisO9q6m7o7dGp2Q/Y1kU70HWU1sMJnsRVNVVFY52nW8PhcG+KIXU9aRDeS
-  OGu7zUtW03xSoMdPSTBVqb9on7K+veymvY6V5d1DXOvN9j5iowFWA9acFAE3Xmxl
-  Qr8hctXFxC3YZJYAGKyJcMAxtb2dNv1KyJmq8CcCgYBH2BB/eGjpPBRFBQuPZV9U
-  o1BCVXBcRfdJYCq707zbbrHpHvU77/wwde3sO9Is2cS8+oohDMLeM+I1fanNqE/u
-  KYM4a6km+K7eU8N5kWXiD0lTQyEVNrAGIeKxe6GWtGWKmPXyq3ixp8ISx9+wc6Kt
-  pLNNip6ZcI2wuzQTGI03gQKBgQDSZc5r2BrI9ICIRVKPCNBjdtRVtljiDdRC5Xnb
-  Ti+ZH+Im8h/PxXIxloBM2Dg0ml0jXposNI+yPk+0re1uHeG15/4N3S16CXrfZoN4
-  jgr/OMulsO2suyhfR283lLImieBUR4Psbylq4cGl+oGrrOgYJI0bk56cPK3xYXoL
-  nGkvfwKBgQCCPWv6C3+erUnvcZEWGA4rCyWi2gxV3iBdGTToLIO6t+n3FUtcL/uH
-  Xbto102J74HeK0faC0U3DKv2HQPIIDHvSO6E0Phvz9KmwrAYfj6X7IJbFa+m9oGs
-  MpoIJgFleUCNwE8ct8yZBwE79xaUJ5PBl1xMxujA5q3aMHhcLCpXWQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEApHSDtJgmMCQNpn/YTo3jBJTM26qD3nAogS/Nrpao9/YYOl/v
-  DqcNcljTSLk6D1Zs2xBSg9g71KEVcf9xYPGv5OP/0StmPJHVAgTQyjq2wIsRluy/
-  UFgb3yIyD51KkEkBXfkUD0YKEXlDKeQR4FESrvU1yiIKbY65r76lTsIa1yNFh7ig
-  vTqkySyrCkyiqX1EQcP2AB96h91nVM4EcRtFxDHomOEA43p4lHZVAE8HRRPturVl
-  OT0kcH1G3FNZl2ZUut1w/xkMTFxpJ/eiZeeDetM25+oS968lf0/XZHIW+nBJ16qj
-  7qwuwtXeYvpbWL1v+n5iXZGjA7S6xlskEumadQIDAQABAoIBAFswkGdvhp1jIH6W
-  nWbRnnRH3mBf6MdLAerAixioSgFU4JJd570EPJyPTHki3GLs1WeTYW3iVSrON4oC
-  zuemnJYbJxrhKcukQazg5rV8YSHa+2Ho3Ry7/ph36bJm0ZW4JZ3qI4lkmOifiPKN
-  mKv9yJJjPfRbc9TUM3qUCC3ny+JGtQPH06M6rzoidX4Vd56wL3QHklufB8h2stoC
-  pixjn/Qqq3Zalk3+vc9jqf1bnTsT2MAM/9M9cffewg/QvGay8H+/9th1sBKuKV3e
-  Ih2mc1j6d3toe2EnNsHi+unhIsAo9TZczh+3MNUyWMB/Dim7zCIey/LqFFMsad/H
-  PEo/NIECgYEAyBRSEmQfi3Tt1lK7I8jovWQaT2Hr5IlsjV5It+N7OqgnNfUgmdcm
-  E85BdWVcH7bZJQdCVKxQ15h5AmhkXYgoY3x1NqC+YvesCDos2MPhL5YmbY4Br25t
-  F7LFWQ8taAMGYSkvgIP6AFpM9OWW79k/GxKMfqv8enVymOzdtLBPuD0CgYEA0mtH
-  gfTNiPAIDg5daPtLasx7FV1MDIP1257Y7lTq8F6qPv0XL+YrOfwLf3tZgv8TgS9k
-  wD2Xlm+yB4qY7S90VQhNL8x4o7FLnNX08UgE6WlTX5zqgr8IO42FpCRvV0tqUmlR
-  NKFL3KkKbx6ZDX1WjxSr4UIfhPGNsvdviu7gVpkCgYBMNclJLhAB66kIQPz9VXKp
-  aS7IW/EhXOMXOfmS6bgvkItW9ybS0muzkZXHZLNhdSFjBE/UtsoYRQCa1S6dndZc
-  hrSS+UlroxFJFPeuHXZxzMyYYEXuD67IHxUipjBSdQyCB9ELL7oTVlIH2kfS1jo+
-  UqNnQJVsA76B139fauUCtQKBgQDOgvtrUBdojitZoD+NCRS7fHRQQ4Cfx+ND6GJ/
-  hlgOENqFd1+KYxuJjRS7yRPQvQcngpwfEFP2ESlovV3ZavmBeuRGRSchgJ/1DQeY
-  xlYLvpNVA2wlZddumzbOIfQkeJ+gwjwwqx0JM95JsH4F/z00r9UA/yRwFaI8Qxv1
-  /vuuAQKBgAYVJ5C6DVab38SzLJtg1iMWlND61RTCP3wn1uAS8xVunzb1AU/ALFLY
-  ianXFlsIZwKYOiEUjZoHAnzoPW4++00YxTLujzI9KOrqNbDxI/ET8+cLwiMq7Ul4
-  h6PO2m12UdyY+T4GDAzGnTbp3xF+tJZiGQzspS2s1XpIfy5EKrMx
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAs7NhS09jNNP1DDQYQ+t3n3FbbKlTdmFLVBRcyDYJCI8zmO2D
-  0vQVO00Pl/0ZZ9W5C7QqgvnobNwQ9Ekp+pk7Ft5fMY5bkbXGc+4/crKMByDt1tkC
-  LMv11R1xbGAYNG08Y9Nsqaw0C7UIVN/1ojR6jlc6/4EFK5PT9a9KgWBNbb4fLD7u
-  g/qFD34M19XKWeUo0U5pjxTsmmLGzkz4v0ESgVCEzUh2j3x8zLzrdg9dFyVIJzup
-  xomTYoC+QBQjXT/j2rUSzSSjfDxP4y8XaGmZ73JurCoMYzJUYlVkx0Jo2Vteblxm
-  gRJXJ04YujXR/CQyZ1QouarI5bGPnHafCgIZXQIDAQABAoIBAFWAwYeC45JMU+mV
-  lAIlNMrhtf2S58qI6r273pXI2C2BbayTPskOKFgKB6Rq4j68u4ptFFkzrbq2Tz7c
-  3SOG602rSyIaOUmwcxfQQdJCUExIB8LViKpl9beMhd5qLrorS7O38pkc/bqgTbGM
-  yqR+Ud4OdV0DN8GPWigpWssKVm0jX1kLUtGCuDEXMCkycXG08RscozlTv+vz/l1n
-  C2csuA2AKgIfiMbNqN/HC0LLT4KVOmh39Z7+OSz5vd7XOQ3usbh4xXkRUk6MrGPP
-  eRnYzsV3WKjpkByCgA6AIFSepKcmeHfcTGcW5bkdBl9zhs662dUanghBDIi1CTOM
-  JrpeB6UCgYEAw5LrapTnQApKtwjet+Sg4YyQEJG+X7w+7YRyLxgqr5Zh8aq79ydC
-  3ZC14A4HqqpbTAMaaI0ORDO8LjBjM03OtPatsEGotfptsq2JXYgVuq8CcCYuTynj
-  +q65U4r6AhYTlb/D7qC9t2jX+cMB8vzxU++BgicGSjqN+NBZ4PgUwHcCgYEA6zj0
-  1+cuciI1y8b6/bP11Df/Awsnsi7M0PG81RyKjOZZZNayI7gzDpX/SUJC3ok4k5gn
-  Ntb78bTfUbAr84YD9Q+Z84+CLBTqQ7iPDUiAAHcrgCBQVsJcPp49ETRo93eJoMfX
-  jpB/eLDaGgk1BK9fEJzYLs3TLSQWHis5z3ZAHcsCgYEAly5qZzCF9p4+FXF44USO
-  DOzgrL5NIKpfJrI8piUTUjp4qhzmQm8KJEZqIbIWwRoBiyfW8T0g6x3m+PmUpaMf
-  CAqsR1TqOwpEZFv7lN7OlUoWI2WQZMeoIS+RuX/0NUqlhxv/NOby4OXeFodlaVWY
-  o97ACUFrflP3TYCaCesb948CgYBEFEAJHQf8UJpxWC3cr/E+ctaD8v6SO6lb8BtP
-  MuuGzESjQuBcJjvgxNkWQu9HqT+OuELhRGe3FTptUifmW6tZiiJss+RhDcyfvRLq
-  LUme2N7mPnQCKE66cOIL0LdwqFBVEIH66Sd7rvPxBSkrKfbBwCNxqHCuZ/tez/Pz
-  b64u8QKBgQCL+gfBrZOEpKNDFRX8XXkgOsRHWOlWZmcdFpgp+1NbAtIXu5D4FofM
-  nTZWJifE/glb2YPi/nZC0wbLh0GwB6iSsvt9Ic0TgnlWhRSL0RiP5lEjZWVnorJz
-  rO0HnwS4scZZmcMuYpFUWZLa5dcOybXv+M3W68MqDOlRA0dKipE0uw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAmBP+3MplJOoeBwx8CQqJrTTKxSRwlI1GceaBpMvqfjfJHjBT
-  vHEgfF44p1rwMuCHAWxwz5dKXzfFL3tp/iKIGRDbwV+ahY+xJZnEHKET0sY9z7rS
-  s6p6ymqoiZUdl32b37LIYGnPrirl2Fuy6X8i1WHUwdZAX2czqZpReL0Dcc5W0n46
-  nVJa4PKLXHKENJdm1dMq+BZWmaYElny8ifAtJURQMnfiaoeGJwTpCNi2uvUWDjq0
-  KiOy+PFzgTtZClPdqBcp6cF3jL30mdAlA2xNqrsm1b+rATH9loh3zCxk/wSr711T
-  oNHWTmr769n0EkPm5oChNJpV4lnW5h2/T3p6fQIDAQABAoIBAGVtKJSe0/hbwG0Z
-  EXyCL7J6PCZhmEgrNOlwP9TmP12w3QyqVJ6goHbx7D0JtJtqDgCQD2kUUQDSVEvH
-  trhM1ZJKIRaGKaucWxxlwlsJvwvbNYxe4Hn9YGmx2vfvoM3Rc20tcuCCkYVqjOLQ
-  vbFnHpdL6TbiKwq17MnX5zBsd2ilmxGYU4XFpAucaQ1RHDlFjvzk92bePAVAcF3G
-  VVsIMEjnoNMhaPCOXn1LYegcgd8vlW3zGOT0L5lNInQ5PCRLRxHU0eraYKOrUWOC
-  80X+g2JOrSG4xRUgPMx2+MiFycb+FTK+OOrxb7FhuRHDPdUQ8Ti/i9cIl9OYKgk6
-  GmMsAK0CgYEAwGonu00SP46ESZrh8J7LGVITtMWvA+6xsZ+bhLaUFpoKx3NV2drB
-  Eaok2pjsanVUwAqNx0Ysbr7gJVCGiAKmVAw5wPXhwnJQ3IQnB83SKuRdDTtfkMFb
-  emTzLP8qUHt1c61X7de45Wzdq4xdY4tWQkymPz7F1pWkqQzKGjb8aYcCgYEAylV1
-  btBgGSjJDAI/Yn7/lB379kDlT80IeV9u7+gJjO9d6D68eV21XsE26E5HSoXGQwRq
-  jkEOJXCk17Vlh3/IgaqN/1w1DrI7WddaTH+bAZ0y7pTmVp+CQVuaH2jteUcQbZeN
-  lCpd9gNGEVmHPPzwzdRjcVrOgCdVtSi0aMePLNsCgYBkQevZ6FqtyzCauZ0op1Tk
-  KKQj+S0sO19TUfrSt9+Jt1IOgsYk8ZrP/XueezgUcHZsahNd1e6o9cQNLVwr2lWY
-  TZZ6OKQdkTsY67L6mf/8YWkqz9kHr/heWeNrerktnmagk53RTCoHQSZvkH/Isn2L
-  piypn6euG+LkQsm7xxLWWQKBgE6qOyYCTdp6SPAqT4pz5doobjWntX/5LzpBKFiN
-  1mi9B72r5ospK8LTTA21oXIP4K1doi/8iwtzaCOVmwu7WrFPJjYKG3bDROABIlJr
-  qlBOVeb8bTFwgqv2eU2M9gcY4gI50gmxDyb+ztcf/7xuexELaj5AF9krcd8lHD9A
-  lyHRAoGAcFRfxqAWT0YsTgiEtq6VqnO2ZtB+o0z5rMmHL1wwDF8cT6mHvyTWqY+g
-  1NkCWHQHh+F91p3oDSqLcwLtreRocTgANuVyZkxgq4ejudoX3yxKju/LN8xn7wqb
-  DGGPDHDvT0FVyymaFMJKScsAb3VU5TJmktl0/JsO12ctufnM5jY=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA4Ixzgthrvs/mCjWiPXf3OJ8SC/n347R0PP48RnjW6xlpAfWG
-  uoTKG1ARY6XQoSyGNmeS4Vk8BvzyQQWwYUXCBtqN2VBoYZkAHMsVP0If68CGlTj+
-  uBOTPNmWhLZKq8aqK9ZgglhBvWJL4ef6h/L7rhhPkMvAiT980YtbH+IxNZewdOxm
-  J7pkxjewZTloDZaAqKaBfceM1J7F96fvZ8nlu3BBzcVW1+Coha1U0ZIL7my8WwN2
-  pzbgqz9qT/06pBaKie3ZEg//bGIuduPT2jugZMFvIYrAs/XfcevPitltOwhd8rca
-  Xx2wqpTTIuUG8WUpndGu6lA+/QnM2c70FmcYBwIDAQABAoIBAE6WuYLM7gDNUGy4
-  Ur0CtKK7gZxxcyHdsWT7cesUNdv4e7j0zp+PBBFFF6DxkrAmHh8CZvS5v3mOo9a/
-  //g7auntKgIp0y59Vv280gXexb9EFZY6aWPRbhG48aYnCsFN+Zb4I7Ta4L9AnOBG
-  yXc1QoKu/YHm3c7rSmsoQ89H4gMoGQNe30jQG3ePur22nEwh7lc3v4iCpruHwbNJ
-  nIQL0bj4ZDuWpRLrE5qCGuH5OyW9CxsEjH16I+OqqppYGMIySfofDzVmdN4+qQYU
-  QgrnDWLtootGKMDKSV7ID7uJBKxmHLLuj/5Aunv5pGBfd9l6kI18LgSyum2+NOwd
-  6LXSbkECgYEA7YANMfTkMRxVrVxDt390A4J6rtPEKUcuuxBIBd/OSc/yBoq0AJej
-  q3KkP/t8eNIzwxSyynstv5zM1ClGNJikMeymgMqQg9nUhCFj15Fv09FmaVNkISus
-  pQS10b4fFsLzc/KUEnd06Gmlmg8sj2YVvTYDHBhAmVI1f5gOvQX1a2ECgYEA8goi
-  h+u5v9DpI+7Fpw9gan9V4V8WXCDefUUoOJPGuxVyL7558Q8YOsQQPg2QenHb2/Q6
-  0yVdkbfA/VWpVs1vgmKr/bmUD4PTfFHvumYulPucOy2gHESxzhjcw7vG76vqcgIQ
-  lSNrHuClpUtCbPmtQ80bceWeN2cHvyEEek0XZGcCgYAZBtddHks1iaDVpdVU7s9Q
-  110KMzKGjwOznqGYTN82E/2TBua08UXD+U6pl1ykdrIRqoq0n4pQmLtU2AyX2kXj
-  JObex3m3CytDySj2PFMmZPh/vNPeUvXcZcSrF3e7NEvnOfa0g3YET62tsE+nxMAh
-  siFdwoh8H5eXnHRhItGbwQKBgQDk0Hf8jvi3QcRl1+C7Imo/w8lomgAFcH1lZ++y
-  LOH/EzMzt5qILYD2bUv9nc0sNF9o/OZvni9rBpBH7qd8DBKS7L0zzDEQycsxCDTd
-  vqPi7EqyF1v53WdKM27hC6/x/FBTH2iV1Tn7otx1+0P8ybznEAwWDMEaFyjXo1sc
-  U6z9mQKBgAIsOY0FaDg8rU+wpHKafbE5IuljG8FrKR18aSSENEks00vqKN5ESA+u
-  vXOzM+Lq7UAPkUGvcelJawByE6IQVAD7GeO9ESpRO9jac+o3Szo1nUOrgjSrZIxN
-  ydiOBoPCwJFtL6BZDSXYZMEks26jv+KLt3lDzLRXH+5sEY2xJknq
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAwiVhLzkIV5Ztzio8boiIFM+qy7QQakqDZR0VVYRLWN0miLLV
-  ARvKatsNt4wxJgD95L8VRx2r45+hyYTh88LNedzmGxAT3lOVbLe75a732/Pmx/8V
-  CghSOTfh1trCgCcRC1PgOE5l0qESuRFtGokVeDn7ZwQzcXPrZufvf9ojxZD+g1qO
-  /N1104zDKjfxEywjH80uwjwRE2r7bm3pN5D2quy0nirllE1AyO44+no8gd9tEa9n
-  4wKOO13aeFcvHYSky18ldo5fX/q/GKUVY7xxriIRdGlV/rOWxGj/YTxCYWKphcjY
-  RTgcXTpUByO6m29xW7zvWlNCbSlqBNqsxoUKrwIDAQABAoIBAG9PzSutEGpfdi95
-  KdLZ9uOvuSY35B19AV7M0PmJ80VM7pX7qoKLM4AWfgPZnihC807ee82dZnsIgFMx
-  G/eNng+bplan3ixfUdHWeiWTLsruSUgrqR1qbfIeZx6vqEqfm3caLPk7gcfE0B5J
-  rntDU4rt+4Ux9Gi85J/IpRlxsYbIvdhuX6GWRJVHnvrtOsaLOg5XAZslcxB29c93
-  c7bNiU4c6t/CUl7dDkicCIuH1EvdsUdYQmroXv/eEQJ9redPukI9BpALQskuTd3u
-  7WWRLgjhUi0xF/rV82mtRlVAT7Jh1M2BlmrXk4pZi5QdHyHSGgTGh+awnkCl2Xxv
-  evQqNDECgYEA7pv+PeeyLWwOxEgK+H8R7hNPRmfkyWJ7ujwcRnmlDVycJS11TELG
-  hGmyBKKaj7CFjLiIhNkalNl+Ux4AqKDyTSUDRwoKkxv3awAHYYJX2dHwzN6V9jrZ
-  NAaqLVXWFxrNffv3zYuYnnYdG78HHMX7us5MTuyLM1h2pydV+40dQScCgYEA0EvI
-  iN4+NxFy6nYJo/8E94XvENd9QuU1/FyLWQXmS/KP3ECwkesRo5vgOjSX36Unq4pF
-  L6L2aV+anZt3SVwtm5G73a5IRgZ725CmSqnNKZc1PxAt4lgh7z/CwiOpqoufWPVm
-  DOi99sRCDvaB2Y6rc6D7me19BvwyqVd6kn/1zzkCgYAlqhgK240DoIAAOcMJkL1a
-  0E9+NJ4nr9UKA70O3trP7iNztuZCIHRHqIuCMcymC9445VQfbEnG30ISirTd6XH1
-  /Xaz+wDKUerPSBTiLnoBlyMko6oWURnCHZ81Qsxln0R6s5BdMMDpmoljvNa5kwL2
-  bOQcvTgH5dns7seiypaolwKBgFFvL2mDKeOxqLHNkBtTmoeDD2IQPWKn5iFRtREK
-  42yR2niLufxyYKUMTe+znCTNluLT3hSvq5Kq0/IGU+6UYShPI5mZh5wI8Od4d+r8
-  078M5L5Q/v9c4Xd+ABCSjMSmbZgD6O/nFk2hkQn0ifOaeaFtMLCPTrAqbUwTbVJV
-  QK7RAoGAL9FOD1xHIznBNOc0aWd3dUCGuuQhQt6R9k+rkTDJiM9uL1xXlLY8J2pa
-  pMzc6E5JHFdnJqb3lEwtZtbmc0C/mVDdNb3qMDVjD13HeL33qPJhben9ZtmhIsZ0
-  OHE5pj845oE0OuVpj66vveWdDMNF8O0th4TcKklNkSZEHeoTGBI=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA2ztVAxDkW33oU364dwIBbbsiXC3dAkzSHiJUrGUA8058Mbk4
-  N2SadL5UKkXcYS4g4SdYrIlhWMJHw/JVbLWkm9B5gyd+UZnQjD2w9edSMfrQUy8K
-  w25Clg9U4URWwJNB4Nl8mxElRrJiHNkaimGC/yzId+TZwiXpiu6/ANxehVnjeni4
-  yQ0GIrPbh+exiSp2oLIITWQPq4WgLgq56p+2uz9RbISfAdX7EyvQ0rOnrHokyEfG
-  hXmOnbF/CfmoxMjM3sJfOp4h5QOCiRhqk/m+kCl9hEwBMVoIAkJLrQkhVlGIN0F/
-  ooPrsNtzIPgwKnjff1BwbPz6gRtRbThOm6VIBwIDAQABAoIBAQC+VvEkTFI3rUU8
-  2NTHXpJm9waKCbfM+22ihCQH2VnN5OKnOSy5yzrfCTCB003XgflCAqtWgaBnM6aj
-  VY8dZ0eXkJUvbeaaanVKjXVKyp/ujNi6oCk0LFLbfkwvmOnJIREdazZoW6aFjvLo
-  IQaOBsN5USRsE+GMUuZFnatvz+Sw2RIosIsm2YNIXgKqJ4xvFV3YugZJLXPYeb6v
-  y75Vk+CBGgB5XqjJPVUY0/shFXWtvdjVL71L2IUP6cegFqXQW1t9sSrXn6hNWvgb
-  Ml8PleF1VH4ksdIuteBWomRuPQD86+v0JkuRYOsp8Ri4E2f3Of7iLDn0i6HP3qnG
-  93ODbanBAoGBAN7kHoLa2bJ/Y827DDiv8ojZESCChB4SS3vyQ5wscXMmdIZeVW6i
-  KD+aJv0d3/jzx3hCwtbg7l1CoUhzOz5/OZyIypAgOnxFzre/CDfAzq65fK3g/oIF
-  zK8qbr6cFEpRYBc2pKHpYG7GEkmXO8fQ77StJj1tPz7qHrcm7EeGl7aJAoGBAPvM
-  D0rBUHQTv7n4y3YnuqITwRZsylNK9AfvpEiM80xStz3uB0yOg5Lz8q/Mb4UG93+2
-  8/syx57zzgGZSgFbT9LpTWE/vRuaMEAd3JxGhX1Qkw977TPe1TYW7YGU5nI69uiN
-  f0NeaokftlgNvVffAcUtEa/7KbN5wh/ovuf0D2YPAoGACAJkgklA92QSfwsQplzU
-  N0yti+CExNvdcIfFHDCQpxWjrExpf38+OQLeEcxoBvcjnNOxUq1kg19okkTpxRYn
-  SNO1i7ZMw7hydDHeJrq78pVhwJHMM3nn4AeDUUAkjoMcE9l30wWi3Hgrog9YK5b7
-  dh+etyhc1HLvRZ+VcACLJRkCgYEAz93zFdynJVyUX9vjY6SCr4CtW2zuTnrHILIW
-  Joqt4+k5OxgA0JOqTSu0wqp7ug85TSblHhAaub895xX8AUi3ij9t0QXEgT/160h7
-  skuJsh1Nem/tL3AbBe9BnUMmR1EkOnFtiVktjAwxBVo6YItKs9N0EZrAH1k6CAul
-  ZmmWOMMCgYEAnuwMKbFwmi+0lxF1dDgcg8dQ0h3mzvF+HMCSV62DMm/CZXTbBI1w
-  AtgbxiPJSpiZXMMGXgzZb0hjS2kH8/nthIqSTAiGC8F9wRGG5HUgs7UjBWiEG+nD
-  BSknWYHlAnNV+rqKsoFs/wtUJyMqSIU3FpjsPRE+XaDxyKvcoWyeFk8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA2Vo39YGxPvLX31o4bTQQtpmNfRUlykRGgFx4q9Miagv+PsMX
-  VWqRzGYvCJxN+FYJ4nzDOTyFc8FQlarf0cK6M66Kdw5q65IZXP8k72Kwz1kvr7FH
-  ndYkPYDGy2CSyIbIBQhZnypt3XQfvVDQOVz6tKYIQtL6V6NzbULCYrVdjgiu2ulP
-  tfvUxi6LLhyikxkJdG0riqiRMXH2/nr6IZa1f70yK9/nDQFXKbGr9pPYcKddsRuf
-  s0RJV1Cr8RF7p2bl4WDhM7CbwtGRQpQmHSxiiaInUFpaPK+7I0GAyNef06Uqdonx
-  NuodHTe7h7MFEBAKsX4KxqYLWH87UWLsuZsqcQIDAQABAoIBAQC2Y9m/gASPsVLr
-  T5c4NE+uGy66/wsGL8MFphNxBKzFVqkUW7vx5orQfhML47YeJX0H/PAJ0LqgB2Gr
-  JofJSuHbyqTRAV1Brwjvm/+Pjj6W0N2OTnKthWxF3BF1yuWBtnCUoIwsX3twMSkN
-  QYpqCJctDoKyKL8A2d1bm4DpOg52x1ATP1bLu0V3AAy2BpJyX/5T+30Urc88DlRG
-  ypC2Ecs1w21ebhit4yiAFPgnB27bT9Xy7WwahFQ5iQHmbM+K8y7An2+e/bdA41rF
-  vnJKGSMpepIcJ6UuOI9nxyZ7m/H9U37Hx2WmIvi2ZM66805cqUFCejwCWUAbM/aL
-  Zaev2wudAoGBAN91N3NKYPeT6qYDIf+J79IASWDlEfHmDz4OSIcpJYRMNUldflWn
-  9pOm2irTB/iss+ysAYfKK20O4B9aLh2eAvJn7wbylxoh8mVjxmD+/JPVOSk7oSyJ
-  JhN2d4Ofd6EFNCxrr614JkTIYQw+MevWQeAHrVI7PD4kzsqHWCpQw9rTAoGBAPkB
-  Ygcxy2joyL1yWjSwo9uY59XWKwqqps8gwPfK2ov62os1mlblUdyllZWXwURhDYub
-  BdSGhrDmN/5yq0/2D0O9rSfdVmIF5ByjiSRCHwGmho2wIXBe0rnLkKlpGXl0Sn7J
-  yg3VYD9/bd0R4vVfljugljz9XG4tjIrqd7VkUVMrAoGAO9J8os/Rv9YIpqMGEgxS
-  eMz82ATbVgA6KmnWfuDEG3PvfBGchb/uoj6z/2z5oFhT3tN5oWm9UHgABkS1PdaU
-  gWLTue9uBl/6LayValg5NDaME/7TukGJQQKhIkqp0yC6g/3cTTtyO03NtWJdKP72
-  KczEWNRk31opRk0PjFyM4mMCgYAO491Hztt6D4mJgqAQTIvP4uniKKd0QNYuxqej
-  abb97edJsc/j6Fyn1CMIygVdoGwd8Aw+NDkztOCeT58c7frlsx76pkq3G+ETMVhP
-  GcEe6SVcra6iOJljUN/6sXU7hQ+7WzfA8gSKZ4VbVel7gNbMBANX7FKtp/2ihPjZ
-  mQEf9wKBgQCS36/Nj6/WkcIT1rbpXZeiD79Znr+NMpV7VYaYFIYK+N3Sa4wovIep
-  RXRqo2zV/Xt+Qao1lVF1aXseLYZ8jnLF4sBZoEE+F8ifJHjVkvQsH4ljpxfbMB+V
-  nxu4kNRGQ2/lyEeazTz6xcDr6KsEhISCr9wK/2rxS6jge2co9Mvrxw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAslfIOQLgmiDoHzOIwO9gblUFQk6prnygYtbTus91TYvvLMOc
-  WbtPp1A5F28FS21XYRbZZ2x86n1B6QaAop5qoAkOPqXN6WXmhEGN6Pxrwf32Ywym
-  0FHwlp2eNFz5uIV3qBWB7Z37U9zWl7bWIAxWFOt/cr/RMmPuhHoHjUvAWPPkYgCp
-  Er6T7gaptq/jjOhwjZSw0LBsIq7gB/QFXgFJvBaWY7hcvBTmIyE0yG+A+eCifStN
-  WNrEcUK7iuNjbgGh6f/pgf3Z75iNkl39xKckIwyUlMT4J/YVPj1pzs5WNy3otHER
-  jrWLlqX1WTdrVr0fsxULUrr7F/uX4lhYFd52ewIDAQABAoIBAEBWsNH4esS/2F3h
-  PpW0BgrnuzT3oflj1oyxycKcM0pdkFSK4S3yCENpCp+smrFiaeKJ1racCdiihZOm
-  l+OS2Q6RFcV+FXH9JBNUfvitj8Z1c1y6ZLfEx9HeXQOxAxoRdGB8Gdp6YwAXLIeh
-  G1CGgsubRehE0RinupWqXG0aBfNQtrzE0pb/F8InrScvq+FOIHL8Rq/Ny9ejnaAV
-  Q+6/69p2jYcZM4ETfybf/JJnrMXL6ITme3pA01w5shFOaVYfsZhgJbivkUb4lNd1
-  VNCg7Qjx8Jm6mxsjxgLpwar8ISboqVMs564XD1dEKkKfwkz0mpJqHww2S8Al1Bum
-  jo2J5TECgYEA6HeMi5BgCm5zHP0XnBKJpp7Te5BLklZBspWFtSmdXla2D5CqpEnh
-  bh9J7yTQXbS08DO+kst7V4qx1mm81XWGmgf9NOsk3QNxxcKQquxj+jmNFc0K2EWf
-  Ba/SEaQFXJRaVMSdktsL7xhfLI6/N7vNJpVVxkxzAvrg1DyXW9VBmskCgYEAxGWX
-  XdEtS5UsSEYISpX4VuiQcYdU/fKW2cB9O9ZoPnvcolovxGWbv4n5KzcafD9TwW/X
-  a8tQngPBx3CZa0MPyQFnJzlms6Jy27Dl2HAPIRmHtSOTkZxL+3wwHEVbxqifD5SW
-  1u0bQSWinpNr0MMQ5P+CNQG4DCPjI7HwTOKtZSMCgYEAkiBz7Fb4yBXdrl85tBXD
-  CUXVUlrF5lrqOUPcJKDgFykSkH4zhcobNoncg8L0Z7Lr+gHMzaGzCrhYSZt15AhY
-  cAKNm/Ij3foITnObVJX70pLSqN2W75Pz/jMjLYuZAzUOAzMEige/XLBJQ00HzhTz
-  REmi/V+Y/EqPgVoFGujWsGECgYBOcgmoxoFiHD5oy9hJ+mcMR65SOmz/ViNc7J7Z
-  BMX0l0LEcmN7/d3c/r5QvZzNnfnVXNfdzYLw6q0+/UG6bznh3raWGz5jZ/Kav6i+
-  79uLLAhhmMk7swNCexM4Z5fF3NpTvdUWGfT165Nt5ZJ9+zxHS6t1gq9B4h+6xTsn
-  aq85owKBgBXInNyOw80ublyTmFcPJtqgDtB/UiII9DZnfW2Y7TakqA+iIJpLgRBs
-  RNwMJG4+krvck6YXFg+eFLrbnGJSMv+PHLCcZAULPgtNsZlMQTCw9vcNezbamvfp
-  VGLJfDs+FOSkLJe6SiYOCTDMLLRRPGffDArPYV6UQqmo65hL0f+a
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA8aYO4BwvtSCSneWza+2Pr/jsY6ODu3KNHKq7679VyaUj+pNX
-  lo1rb3NPmFeSfeIMp20ZSfbZAFWV+d5nGVH/YpHU4XZaNFfaalDpBSImDpdejQcR
-  2xlj2fTMEGMW1+DclJbYNE9oJ6qTO43fCDuzaYbyzxofND1wMofz1J2mlq25r9zV
-  gQZhM70HT6FDBWg2dJBHcL0kax5XjAs5zqGEJEzgZBDUy+Fz+cahz9EqSYQ2ZGk3
-  1lJ6ikDZCIuMhv4P+GEmWbL743cwz2qCSteV0UCsV0B5Lp5mcpeT0ZjqJZ1mMT2e
-  6hPda8qN8zfpC2i6AsZiGUvQrmI53XdATsR6BQIDAQABAoIBADGJpEUHIjSUb9oU
-  q7p1Yd5mPjeS3r9/lTQKQCns+G40/3Iv4GXJqfuX/PozAaHyxDtSXzvNceDiqrMl
-  h6cmKx+O28A4nfdbBziCS7K0tG6LU2O/zkZHJzQYPfkiBx3MSAvh/IKEwMpY6oPr
-  6ovqiTYZ5w7TwQ/ZhHWnbzHn+62pm4P0B1YvIpI63ejya0IoMNiLNx4Q2QIgxaGT
-  lkL6IuyVLnlJYU4ZhRhH0Iuf31BJG1IlMRVa/rzJLeBbWpLgcW69jBJgWgSUY02c
-  RTtCBJXmZDDvuFQUW5fudGzn4jO0TZEc9te3aGn3r/K5YzzgQ1fxlkEfI+XxMcYG
-  bRMIV4UCgYEA/xzoeu+TmRQSzxl4KNCOSVm8/nXQjBDmahFQqwkI9CL94+1ZrLU1
-  IacBCjK102Z16RNTiDavKAyetXBVy7AmRPTIIOomtmtVMSiOBsvNVjOMz/HvybO7
-  8FADLLKve1V+k+ANSWoB1e5X0Lwxs/78TD7b9jZGgzVDlnYnX9O2JKsCgYEA8n0q
-  I8NEduLywhhQiqzoC7FReMh3zrJoaEymeiTXxNSCR8cvr3aPTCwmUTedC8Uwat2k
-  Ot1uT21X2eZZVGneZixMign1j2cg1qpHua5Fm12ywQbmmlVGz047rWM8c8GIrzD+
-  yucEq19W/0Au48Zx81DYfLe4jMVzeato5NEA/A8CgYEAm+uYL2Lz6/B32nnvlcp5
-  3FzrhP6O2ryNhzBUBGT+QvCMCl2LnGIYOhwvJ4N829rYn/5+5Fa/0RN9gNlKprZf
-  fW+6TVuvE3kgVW469+5h7piNLJ7q9nVSnXrZpd0EIbZMKacbl84hlxYYN+x92Ew0
-  +YjFuYLMr+7DA1ftksT7owcCgYAGv7UMicK+DFL1U/fp5CYRLT43Pl0XQ5/kRz3a
-  6GuY7tExbjnFiGc0l4X5fLLCQRq33rNTcBZB36kyR1b1In0uGs2GigBrnVMsplCY
-  umD1kgYHmUmRwg3Wdzbx/HESR7CmL5bnzsYyftTNBdxIOp2xR+6+id55DIXKPRsO
-  Q0LjwQKBgBi2slOSs4r2q7VLrNUwubf066kxbe30WYn4nOZ8fbNPOs1QIZfMg1/J
-  iBCGwY6goAMtbrd9WRawgLVq050FZu8M50jvWTOMTKBXTXdBWN/H7MeRQ9ArvXQt
-  TcjfAhPW7f3v3Bzeb8thMAcXtI3ae4afpq1IgpCVsh4KTTtW/M6w
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAomtllliJXa6lN61GJCymGQT3+ouVAsT7Xnm4VYkZ4Kzdko8W
-  95N6K0n5rkRyfWo/RgCHUuYNB0fJvk1G7Igm2EXGJvJcLA/4h36Sc/v63WzkkQYq
-  rVrnWtzwptNDeX88RO76ibFXM7SNuWIbKoJvOTsz2PM4jhDmPSz3ezpTLzjgc4LS
-  CkgqWoPpTqZAjtRXMseYfKwDNmVqDVhIAEEwYMTn95bg233veWQa4rh+HHQWpofB
-  S3dZBja9l7gqW8ITTUCV9wJLX/zBIIEHDRhiduRKUafNpPS9k1dNjEELe1DHZfBd
-  cD7HIw2y8fm3cOhnU4xw+njXfORv6+tZ9iidvQIDAQABAoIBAFH/IjQ60m6nQuXO
-  5oBQwjITXhXw7fON+tGBZdxY8OWKn/njn1ax75V3LUQbbil+wB7ZGXhyh9VLGsCm
-  Rs4XFnVNFHKJHJtqHLBa6BkB925eES5eDKGkKPSoYh32vjPSVlz+wSFOlJWX64zR
-  yKE3ZGtiRhSbBcxDH9l2oCJoGaLWp+CK0cV7Zht4ZWfKapZ3Q0SRLk2amOwJVG+d
-  FSrl1lwo4VYaadFa0/zH6P0eptkQBTJpgt8rhjL//EgU15zAW54vEwk1H5PoGYmQ
-  2+QRRNzKuZ8W2o6eda2MY6M2RrldxAYfnxv8rloBXhjv2NgvEro3QwAdcWOBjE9j
-  uFtHwIkCgYEAwa+wrM2mu6tVpTmterKRjSuW/7F/s4RojVUehhTAlS4aVGROrpJp
-  5gDhW0NOnpTsea+q1EIoSUWiyalAThvTTmZGvMbQbWyWhkeGwmLJZIUxDhpU9EZR
-  qfyaWZw47phNCBytT9WtISlRs8HER7+NlN/nUWM7ODoEAQrS4uvEbc8CgYEA1qyG
-  oDp4dU0BKmB1lwLjIDli/dqIWfsqjkFGPVjmzsaIvKdDDzSxY9y5+t4qsJDG5zWL
-  yA/OIVPdqj1pfJJx1ooTQ5s/lktcWIPwvWxyXDde+LtZ5JPY2WdGu0WbrmY4zLQm
-  NskKnMc2E7CqaYSiF5FbVH0RwTySOYu4gfFOSrMCgYBjpjap0Wy1JWN9DH26oODN
-  1t1rVDE1dSwtetundEnY9s1JGgp5Oo8NbOqE/84VPN2lhcHITvlXKWKlilSxWxOO
-  RISkX02g3rta/rXQkO64ruYcMWQAAaXGZVYsQHnyF52aTNbGOlNGunF0oH6Rw3Xe
-  YIwsjXdMaFzjBGSXp2F6dQKBgDBE+sBsZUl61xhAODCMZaWJQcjyqlYRM7Bo3PJO
-  WxeDbJt+wIVaw8hAiVDvQ4oQA6lZUOTbKO41fVIaHO31v8MNqOc6sUGKEGmWwTrW
-  d6BkkuY6uiu7UrcPkcfqDudX9M2SdEU9TzWRVYd34dl4CTpjZLXKqYNZq0dlM0eE
-  iqYhAoGAf4tZ0QoBbzcs7ybLUuTm0tclyxIP1S/6Sw6fHqH/Js8p347l+Lm8cZ9A
-  hDCYD5ConMOwy45HYghCGHqBSQGRLinO82eFt7tRUy0Xks72Q9MTqToHx1Rhoa6A
-  497bl5RcrxE6+0wKMARxoLJCi7uuyTJeiwS7UWNxMFdyra3P/K8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAwCLyUtGrZ6OMJKQRW2CN1O7I0zEYGaOZt3K+EO/RylDJsOe7
-  nnF5dMjOMtkB7M7k2tPDP2dRPpf1b0osqzUksVri3yW1ot5/gT9Tztcd209PzPS9
-  39aKOZFwlXAvs6/uco3bnVGzY7ylJe3l94PPA0TScGjoZO2Xne6DahG5FSVd0KZP
-  mRoS2JKcKWFkroSq2+WZp41Y443yCdT8o6kx9jFTW4uSfiDkARS2IpkhXrFZeTcP
-  tUutotSsKNgxG549pnCGoSof57d0BJ8RvIEAPpXwWMKnzoFNK0p1OXxNYrLk8g2o
-  bM8LQWKuqZErg+4JTlx20R2+2I+D8d2bFSoSJQIDAQABAoIBAQCD7vtK12LFtc4j
-  0u2AO5ro3lbUfl+4K1kAWTAeXS9Hp5X3fgidUfo+sSy2ScFCpQcNJGBsBzwIqTwF
-  gX+OyN07U9d5t2E0R2hyjdO0so5z69A2QtCnBaDAyxft5a07y9EGpFZrfpCaKg2V
-  L/i7r6zU58tBGSiLNYLpFcDzctwOofm/MfmfYgbxPX5w2oBTDgOrv7y+xEjTHgUm
-  Cvi375d7S9QvivzkaLUeLjTP2OLk66NosxUgXQMx+FKMZxmN1YpeNivj9Scg8twE
-  4n1cZhdTTPVaQJdddxL5SktRbxCaRCvCdQneAOdLWneFhuvoGo209UpprUTM6kgU
-  KT+wPy8BAoGBAMfZ3cp07hl8sZ2IirP2WA5YEXAFnI0t5AxBBZJkcl/lYMxezltJ
-  ldS3CVUg/wJ+bss0uimaO63HEi5mi5Eh0Ci3q2umRItkKTSrhkB0QayIqzXSHaRQ
-  1JK2YXayJRDpv0yO/I49nDcwxMn5q4PUQMFPyix4C61vofjcgo1JyrZFAoGBAPYe
-  N+7c0MWhb+I0tCRn84E1+jppQ7ocxWUba37Yk/g4UgPVaZ/VhcK3E6IYZ1+um0YZ
-  fYl2t44XbMWdG+hdM7a69GxCMTXGVx57BWUlxwCmC0OO7XR0nax40RNlaVwpdyxb
-  MG72PVJ82aFhEqTb3RQGnAhvE3b2XS7Mwtl++BphAoGBAJBd05fiq/UBXJT+A6RI
-  ugdymvYfN53MnsYzWkEMCos3eZtoiQzstS16I2W5dj1o88QbDLfs0FuSSJH4Ra3L
-  jUE8nLog27cN3a5MkaiR0rc96t/wLrV6JnTtBq7ltVzoXeaCC/L8kpJTynRUxQ9w
-  Dm8WomdJOLZKw+iv8ib6PVM5AoGAXFC9XiUJUffZxZlLMJSlK4QZlatCMh70k5YT
-  XgLSjbpiWPnFoqQuhfixro1EyQjvSP3qrpMPCocSz5S8kQ3UhefeInU5jBgXOWGf
-  hm8DE+U0OGT2AEZ1lenDUmkped47yzFxG03VdolKAFQu8BNf+1D3WdqADJEgJpu7
-  QmVznkECgYAoPJvFMDVPtFVF7e8G91UPdjOzc2SLULdWPGeaneEK8Lc4D1TmiJSZ
-  8Lx/SNI/MJ2uvrXAkMbW3x022FCZNOlEUKUWeJgVvifLi0CIwpkOSpXocf0NXWO1
-  W12yHMOhlZw5ZTfzCzkscKFZi6q+3z3FEohwoIsT1QDE5OGQCCEo3g==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n0-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAnlAxp+2rsTOjt5OL4oVuYkbBab611Mt/j8qDesftKbMhtJfr
-  dm9LlJnHoVN3US/V7GXlypvft3VZ0W7U0m1rxm2LYTolk++VOKgcCspdm3ng1hcS
-  YHVHG16my48ke+Ih/Md7EMX9MhSF7wIDXR3Jb8pbnBs0pid9aM4NrV3sT0/391VF
-  Fwefot/yMMwEuC8uosBkVMFF+UXy229HP6eCMRYO6C77NUYQOTB53HEUQTLsCPxw
-  Enim+/dQsk3KVmmxM1gVioTc1jrWuPaJZagrBVPjGvfPh2Z50XNHJ9I1jD4opvpO
-  lsOY6AXuyxUv3PpgbL3+G2v2VtMGRd+cvpJZvwIDAQABAoIBADpxnINECHg4eh4R
-  SDjtzVxWhpyFHRdbsNHijztKh1E3oh/LXc+xMpO/WaVC7O95212UGIr9lE9j8S6R
-  3dt5LappUmUoVCsS7WGnHgMVxgzZp5khl1UotoFyJd1MEMnzJ1zsP5BnpxtP3Enp
-  0lgT4QN2Du/IU11rgq6oMwBnhg+Y/2kR5Q6ZpZC8y+91l6kYGDLPQ5cCK2u26cnU
-  gwGLF0ix1fvy+IIEpXkhLd/qTgHiz9jUcnY0ejVdYJ7P5JQFKeDkykpLvrMK9dp8
-  QIjoAAqzkRDyIaGosvREWW13JczeW6r3WEpL9aWiCVKe/5Krq6qxycBZSIPIQhh8
-  KZS+B1ECgYEAy8K6+U9lFKEbhbCJdhlqFM+UqsK3nv1GqP3HJEoco6jkSC2UlcbJ
-  MgRIL8rHvF4rtZS6emKZQHst+3fqSOkYbLwlJQOEG0Et1k+Wf7NV961qqLdKCVOZ
-  ozIzZQ72JCdbViQ7e1Fx0k/zem7IBfV+Z4fCHTvafPo0S3HHzDwUesMCgYEAxual
-  9IBaW1MBYp2TIZW8eWJW2XAd/BQ+4uy4nPWFMGPTaBKFsdaNNe05Tx19Q1t/DrcV
-  wlyRab4ZEpCemNrFfeDVft/c6v0LuO5r1evgdug4gSEhx5ns/5/UCyH5eFkufi+s
-  O0QW4bp20Svbipkg3XbceAiyX0y9etjaD/HUnVUCgYEAleOvy0peXyiMqHHPDPNx
-  F9ID2QHYNbq3SgU1gzqJitLo6zesf+l1g7emqpGPEMBtguvfqbvyZH64uq3hyLS/
-  5O0anfnSKoJuB6MQYOw5pzMIrQf4DJhVArohGIxDASF6jQmmP/cPtdhekYgA2HFZ
-  BSvW3c5z0U/1PDJ8+X6QyiUCgYAETCd5yOwq3PhCsTTknN+dn8pQmGONdsKFFKhI
-  e+WMzhtbPEs3NHOInr+GPhTex7NPFhWaRXW+2ySfihBjLRbnSVxTiXK0gRMnw78A
-  uD/5Ubsmzxhzv5enTkS+mNVTDFo8z7rg7O+xoN3AVzo/HF/haRgKX+W6uWW+qcDM
-  Z2U4oQKBgQC8w0oCeJUgBn+jC+ebC7Jgw1Akho/OYX3PCM7braxltri4IIw/ZN0Q
-  dIW23BzmnqYSrYMpIzYtp0aWd2dq+gOw8r/s4zaGyITedtI3S6f4xixWNpQHKCnD
-  mc6qJGhywV2EWIPXNJOIZYvpcIFUXw7E95Iafrf6M9Bajsrw4JnOVQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA0BU8nHSWiaOpatZwlBJspVjZZbT8lMWxTl0yS20YVs9XMHV/
-  hO7zqI5rFsrCIxhUUFQfIBjJHw1UVvng2emb8366Odn+lVudIcCGWX2bFdx2OKun
-  wb+1KSzXcx5w36G3ZX1ncBGKzijD7iVBXICoOFTv0Toud/OCLzBL8Jl6akTurDXr
-  9oSHp7uKS3Jcd0B1YN24EgRtIbLyj7dVDpSawR/qHNoCIJ8T0rSee8p+bNEPCg9V
-  imDbnWZ6XU/SjzECnzE4IsDdgC1etojLy8XBfj48CMVhm8aiJFTmsn3JRA788+Yq
-  H8AJ+m8O3M9+WPmkmsZ5ezwyBM8xYBHj9B0mXQIDAQABAoIBACYxT6+z4pGe3ZDD
-  jWRQQWrT9Qsq/hVcd9/XUUzw2D/OzMUTO/WtWkG86kEDtEB2zbr0xcXBZuDxNGLG
-  eJPmwf4ea5YEwiqt5xhz2vUADgAkN/rM3vy78Ed/eIgjtToG17+kFeFHBwAyEUxb
-  wDR3VOkKBf6UPEU+B84bgkTGFub8LNl43VAJBdHxrkg8GTOmjY/PyXfpjwGXD3zg
-  V3G8pfuE6H7MmX18MlaL5ZuWz56XUcYVODbSUdv6Wk/qE+fXZLvG56BYO0QSGs41
-  P3jcAj9DKvgjXvPH1Qc2fkojgsGy3B5QpByHcHbHBsj8Z24PuJ2socapRbVtjtxA
-  Yiyv/2ECgYEA/9prDf/LxcWv1kVH1yPu5V8+Ye3vsmV4xKsyKgFch6akVAzcd6k0
-  21qjmU0+LVCSvh7q+M+L4Os7QXRd4GugljOheX4P+hUSpMRl9lTjxgrq7cpobPgt
-  UME02hbHsHjvhpBHBHmlbOciwajLBSZqMme3MnScRmeX3dNiiQDpxEUCgYEA0DPN
-  O+IHT9ryvBd7QUrlbLaTMyjuw6Yy9oouoQ7ght+ZGpdR6t8mSuIhZ24WQv3rAs4t
-  cXqSDfMjUg85EuS7zhm4ELjpa98aqkaU3nxSF9BBMJdmO4wQ0eLpc1KR1a/pWLJ5
-  6ntF5q9TltwOK0u7ze/z21VNh76aDAZu/V85VzkCgYAkjnzFX0sqUviw0O1W3BeC
-  Rn2PWIPrJXx//UYJonAqIbFRIRVPM6oNvYGqodLEfsK4z4obSuxdkr7At3PCYR5s
-  16u2xEBcJy6mxDkdXTu+TEkM+OK6zysKYtC+aIrXuC/hNjQve4IbcVsR+KApeDes
-  RA109BxwItUcKNvnX24HUQKBgA2JYK2lC36oqKGMEUp0eSgxUq6/2Y5E7wlSgKee
-  FQEP5p9w+TWBHrc9rphP8wiWA8Kh7xhytK5NgZ1jOf29e2xyBaKosxx9W/l4L1Or
-  15aOxr5HCbGTcMCEtVL3Kl4vWseWixCwxSGzgobLdexgtywzjrJTAIBz5wYjIPI+
-  T7cZAoGBAIh+cxGbuXhFDhlNIjy5t2VnVdSoJjWVdtTS5jgWe5NyRo8Syx17g/hF
-  El4tZGPmKmLgYXoeknbXrrBV126v65FhsUn0q9d0e3qgxhi0rSTobeFXFY0Ss830
-  7RzcpWqWDVh5wY45o7kwYxWQKi/DQK+X1uXRcbYmL7WOLBzCoxzz
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA3YTHpdnwmzPLJof4iJJmeW8c27uTtD6S4eS4+Pd59dcT0rXn
-  Q6CXy/gMxDLSXgNibHncNmNqgXGMcbzs5SSmaUCf8+Nvde44kNSwBQ0xMgyJOogH
-  is/yWcrzhI9qTchh30wxI2jJiwqozmK+vNjHzhX18lTpjnmtlcbE6d+QhwUyKJgr
-  SNcZcG854iMRhWx/UMF0BdElZajGbsq9SvO7SDfM2KG7zROORLOHiGQsacxa+mf/
-  6OQ1vUzBXMIFuk2VinBPdM43kWmAyqPCn/AeLreEldvvIZZG99VVizd++Lg6X1GI
-  YvptvGKi9W2yCA4eQBDMHMsUjiq51e+cfkQQiQIDAQABAoIBAQCio1tF3KZ3/OX5
-  qzkBZKOSIs9IUQcX/h0vdxOLz38ezUODoARktaLdoYgWAM5NMiTwSeQxlnpbAXhB
-  BZnUfz0i58zIbsKmDjo/s7hsbQwil+ulKryG4TgpTwXN3NIKu8WIAdPOEKBw0mmv
-  5fXuhybjm2IRAuDbt2CIKADpSTg+uGaE2yWpKY9is2fX2hCTttjdXdSIxgyGVSQB
-  jqrlEg49/sT8vKbG5FM7B1sEJrfVNFZDzD4IoDfc7Xn8r2ATR4aeq8r1tv7lIw0Q
-  hrZx97zvMFJZqFzStrZX3cR6FfTrnT/YmBrSiuia3msBIPUx/Axb1+jQfQApMGPC
-  pOLg5ZMRAoGBAN+iz1HM+7gd/Fp0xLGjaJNSVAU94as1dk8r/hXmxR0gY7s9RQ19
-  hs5rLVx+RcPorJ9eaG/h4m7tW3WK9ZeX4wHkC7FiXXmq4zizzaOLqHzGpvaI0YjA
-  L9mM/BgEumf2sB6hyM0BbBRaIHvADcPXeF08UeMl3wZL9rHIaEMo9m5lAoGBAP2T
-  h2KREsnyFl64jRyWNWB7a6ExjV+dyE/oZcQo8gce7ArdAFUk06SDBGS/MCxJ9iV5
-  KGhvFSPgFS63XXQ5B61R1vAoQQ60mpVCDg9TyxjkQwwvrtxI4C2nsRM39S5d2t3p
-  ygbN8Ep87Ih/xQQA6yTczJtAz/M4MVWUvgoelLVVAoGAemNFhoTh9V8jrfVdd8Hw
-  Bz/1D3FQQTxe5PE0epPyqAAD1IKxebKKxgjNqGLKl26MmiM2kJRUMVTgyrEjurS6
-  3VwKMiec9GrbMzrjfW9+49proVw7H9Xd2fdYN2TPBvpwZDMyC0+N8I1qXY87eURA
-  cPYD8oXVSkLkXWNJ/Ac85ikCgYEAoyMtv6Eb2GZyM+BBkLmmf3sHxH2vuWs2OwqF
-  pky9YQ1oyJhkJWL68mUEB5jk8ilnPbaT45RLongAyLxZWHN0V/JF+N289SwGI66K
-  gxvilxILfKSUt83+xACVsIqYp4rkS06klfoZ9KIoPq0M4EWDAoU28U8iOhTV0HxQ
-  Qwxnmb0CgYBED7VkqY2upePhx/cVcmf1E2BNH3nzdIPZcguDw3FZ1Hs0BARS7vqV
-  0qcJlBoeTz0nuwl48HxxmjO0wKbVaEQ8dtzZpTckTvYUa2np/Mx7+KQd52tXcQNu
-  Fa/kax0QE2G1shbYvPEeSto2Drq+J/rrgZliiG6FcwqYJ61TYNf18w==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-n3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAnKXayuDsC/0GB9Q/v0oRbfOQDaByf/mxJgfqaiDu1sOq7Ax0
-  Ep1JCXspAlV9JE5sTEd+HAP64Mtb9fsT99Mzm5HA92DVwjQjYvfFzIpQ734dxiJl
-  EcRQzQ+jYI3v3FP4RoY2rQcyde50HXW8zHVOvNYMoZqirNq6fWiMRYIyL/gXpssY
-  pX4e4+qk0yzxNdIWa8tN3u+E7Z//1x9mGrWirbvZduSzZIbqoduynwTvaRiamcsY
-  S7ZD2+bfTSGFN8lmpvfbQPZ0oiDtUQ7ol7HmLEu6UlywG3IrwM5cfncS1Rhm1y0P
-  NDNdvc3NrhQ/FcshxeMQcRZxKUqdHJsbBanJhQIDAQABAoIBAQCGhYeWogETan47
-  SvJTe2/sVDVo/lhVvj96wWF1MkLo+69Udn1XXurR0YouDuwguZgXCW4q8OAJG5ol
-  azCCqkSvXEOyLN5koBGjc9PRCxbmFA/NjsvsrgIVl1BeIoXRV+rl5WweuweCbvwY
-  MHupuTOcxtSiEwGQH2X3PEj5iA1BUxxAr5hEXnfFJwkZtH0gT33a/4F3NyytvbMR
-  QuSmhczWeOTBWiCFdlzLiGSKDjKyLi4DyegFoW9zhF82R9PlTtL7PePKHVSYbt4V
-  FPb6/WxZeWiE3sP+IP1WGhNIm14sGui1TcjjBMpGsqtPBHGBf349y0F1OW7R3oUQ
-  txhd01cBAoGBAMUxH/pRtyiB/0lPZ/y1x/7hU9Ov5ezexQZD+1Q/6aKKNaB00Mp7
-  b9OPCWpe4sMF5O+PHFHJb8sHPmCdDDt/Li9eXxnGOeUkmiyrpi/bKBIkbw49cJKl
-  Phc+4N6WucNdtxhOqoc6FRaeSdCfi3+mA9CJZqUAOvlW7372y8A6r7htAoGBAMtd
-  V77usWap+dkzXAytZWbJLYN4CCg19pdBT2tLKAz2/nBYp0dX1BY6Wmo6JzW85d3V
-  HiVzfpkMm5m/4WxN3RRgbYeMICoVQTgO9go2daKVGYrwUVjBG1HKovW5PWgtW+Y0
-  ISlAZZ0PJ3oxSYlxqpIhjQ2XFuj6XC2LPrOY41Z5AoGBAJRJ8QZJVTd9KwFyWXzN
-  Ju0hfex/JqUOkZO4o9QjjArTbKiRsEHUua+arTX0zQpj8FnGgUFv/kXr2JjHAV/s
-  sEqm6VV0oC0VbWuSWZM7d9LM20cWJQXiheLtQiWhq2ijnQEGh27R2vH7bv8YO8tu
-  iQfVi/8hQTgojEoqReb1OxexAoGAUAPoFG3iSxyx+63jl/FZpnmdeM7vlrK01YqS
-  7wphNcixEA8xsjZyclR/YrCC4Pf0EbZa6C1rMFjvmC0RSwXP6MaQEfcmaKh4QtBQ
-  KnCHFHNJ24r21s8UKrhqKfi6mpTOReNY8Nwvnv5pcACYiIW6sUiWMTSzhPOM9TaG
-  cy/CszECgYEAkaWqAeUnDZ/gk9NVicYNgWkevjn/PWKfmRpVX99QhZLizY7l9Qf5
-  Rt2toqyp9vGIhOGInWcO9IfTAPcM1kKX71o36P/JgxsJKL9fvmsGapBrurUS3HoM
-  1rPIMpBWpKTSsTk6KBLZ0+yV12ITZNHBjhrzuorgP5lYrlCEdtvZZq4=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAyLkMThPcGpCAqM2ZFq3iOloNc9hrkfhCnDSEugyQWiuvQxlB
-  ACh6xsTY9AuVXswB3b7y31gpgeFKtafB24FQOUX04NdrrbeKp2+xmlivnAous0Fm
-  QGq8Kxka7zYadPYObiROawebCKGGTGvhF9EfRymTjbGEO9rNnmWpWDAtWbVM3ib9
-  0BNd6PKAJFZ7fjo4up1eY391OXh577WtkgaTx87YhMmXM57LMf0heAJHFE9kRHOz
-  i4e1ZDh+EXAqFvP8yLsL/Iu1frdeMv9ktf/8OP2By8oYbIehTW6cc5Ti4dk0QTyG
-  hgZfqttI880gwjz1wak540H4mIffBKKTorhTMwIDAQABAoIBAHuWdJ0eXUd98bn9
-  3WS5a7HCAMZzWshls526OH7VfYwHmcIWqo8OXYpFac/Z0f6sXfnKuIAMKIJv1TBE
-  OniNBng9Oqm1+fbcK+MsQo5mTLonCtoUSoEfNvzSWGMxTNj3J6tpb183L54A1k/3
-  nICtojSOxOtZgbHY5wHAVqSWBVZV0/iVaLZuKOKoqIKUJlAymFJm7N1WOAjDY178
-  Q91th85eCXBmOucfFbX1qCxebjIdSahyEC/0qNinFCLc654GANm6iaC9UrNJ2d3j
-  Lw5/lFITk6Fr35l/2eGg2tlKC4wCMRkaXB/aAylLhf/q2aK8cQkj6UL/aLwfgdEx
-  3N7krgECgYEA4yXo3z3ct8diRLfEnMLK4/FX03IIOZfGj5v4PJTDpRRJqFyOx+47
-  L0dHi9Ijxfe1HeJ9+6gTyyH79iz6WbbHUqn+J6Ro9vqRZERp7WK5HiBQOyMD2zMe
-  UQtpdveolnA3/nBU9JY14y2lQqslqm7V7ci3r8Zgqz58lHL6YzBhbLkCgYEA4jfg
-  7ZHdh8aAh3udLrEgTg4ZFmLuRComKkLkZuDupgxnMbCOLS58mYzYT8xmWtcZY2CQ
-  3grOgTdgLhjut9fXM/fJ3RDVecrRpGoI5g74sIJlk3fZ7Mv9l+mKJIGTjRC0g82V
-  av6ya9IuNodHRlQTD6bLDZ8o5DgWrFDFVX3mwUsCgYEAnhF1elSsUd+YDMXtNkF/
-  uxvpyCTkgF+UN7+MAWxssWXq1BSE77Bi00XBDhXP+yWjjgZdMVEHZSZjFi66kM/W
-  6TmOubt5p9U6dBH/vMgklkhaTKzTNCjggfl1DOrPENFKxe8Zz5LwMQVEqZ47+dxj
-  VrOEz/c2sjQrsYpJn9i9E1ECgYASM37Efpz9ZKpIvFhsPlIkFZxNIc6b62xAsDsi
-  T+zDrXHMHLGDzx61WBC7cu21V2MyjL17MBFnciYp71Wdsx8cjk5OnCEg+IGfoexv
-  XjsCMKutjtIY7FzOETtNLqPJkNOFW1AvWKjQZgvT1VSVwwP5mWjzAqBOpHimiqUl
-  +MhNOwKBgHZiJh7OCwLtjILfVoN0F4jJnBWOEX/FOrIvvd+96mCtzJ37Np/wBciu
-  XEBn1YF/2Hfimd3zBHlvdHMXjEc2uCKUCeL42hgSmWXDmXo/BKw/Px/sHYs/kwpJ
-  6ynT9djqAnyKxsURauVAscEjwvSZimpSxVSzdEuu3raJT4F6Bkig
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAy/SgTgWp/Sc8VcWsNlTl235CqvJPl16qGk9gOqswa9ymCmNV
-  qhhImVIFl/n1u5oQvQnDAm0yv65rjpHiAgspbYe7ZFkcuWc7++vq7tYmHlaor3tm
-  vCABeOYtxEznIXtLbICoGerYBaWmZegjkn2xqgudoKhMrkRwKDcPAZE/RYE1tq3F
-  jqToMA7A9rdXtadC+S4r55P+Wg/e/l6b1/Fbtbfgz6qCgR8uwbxToOg2E4wGSp6D
-  ATSE1kC48Qy98q5RMZttscQaACKqRsiHR4aTDyqMZnJ7BhWye7OQZ/jArR8RkA3r
-  bwIKENRlmBjPdzejLHtWoCSirr9YS3+xwRh7EwIDAQABAoIBAQCq0K6Rqdy80OeP
-  Tob02hXIxu4/DcHrHLWKY4BMoqNjMuE9QgS0+LGU90UIC6jq/hWWvV494gbm0sXy
-  GewXmhGQUmV3ncqY3QU38FZKwcAbGKkej1Nzq7qP7vfVuDK7r+9zaC1hx3Y1BI9g
-  OhPQ1MS/jgruSwYtzdPBWpuOzH8ZTadS9qL5+66npGQTNPQw4xIkPUAxTUVyPaOT
-  V1YV+iPMe4p8XfsPXQyZxYmis+43b3GoeoIUAeWqCY3PO9LpnvUZMq5rvnN1LQLo
-  fzDXH7vV0QbudrzroNtnk0kPYYfhjcUK8emFVE5HntYvY4YcTurd1oTKrM1AIKBG
-  Urepo1TBAoGBAOJ4bWWRlmthxqrr3etc38WvSZ4vDxD8jlo+Lxs7DIE0R4VIbkMY
-  ES7oove+sX5lWCzIAVRlR9EmC6M4//xh0ykE2kdRxJ+izHifbHFrqLOCpgTpyBN4
-  hocmsrHK2YFwRUFoYQudaP8Il7DKcGYXXeQZ0Ai7AlbS03Bf3jiTCuBVAoGBAOaM
-  p3qDwqp16WhH2aZgp9WcNOdaDmRIL6pbZC5G7N4OhRumY5PcT9/gehgMdnFUvQrD
-  S06OLNWDI0AQlZuYAuaKq7Jz7/WzyYaps1pMLJam6YL5fH6Z2Gr8IaoHOe3FPQh+
-  SDjZexoM/T+J9x1xz8mvTMejwVv0e6GXcK2e6LXHAoGBAMEzJXiBlAY1motTvrU8
-  PPZjTHVzBfJi0nowFHWxkUBkPiN5H/+C953B/s1FVBxVDrzdPy0lXfgR8dmkFdXU
-  CpUyu5geLJRXCQJaVuQHiRri+Qi1++aIapO/srA0MgvXoG1lQ2zqM5lmVioO+YZO
-  pt2iG7Rm/V7ealyynFw9LQklAoGBAIojlOYPtMA2TlgxVPQfzfBr3DcS+rSTnBvT
-  Dr+7t4mF4bOjit65jxJxijaGoSFeyLZ+Nc0n2y1Dmgd06G+GMZa5WA9g8FKkGwgY
-  /mIIal8KO7hCjJm+zLGtyO37znXtTJieMd/+T4hYaBV+MRbvbrVF2Bd2wxC5+Knl
-  95nQMVdZAoGAUYEtQxAW1RtK7Taad1HTYn2uiEKiHvtT/ylNjSfyCjjtC5CHNjT0
-  pZZftXnjc8ONGln04ukgeOECytIsuHfcWi1+N8vkj29cSsOtsm70s4wO4qvtumLi
-  QFBf8WQ8fvsu8BUbMcl3SP26KLhihAu2KMrN/lAxZqelUZnCXkuVP+Y=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n0
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA4BQfchhO2fIAl/l7fatmdUQFTJ24IuTrO1rp/qcXX0mKqmHY
-  AGKP5MF+9KYbWGVoZSfmcafJqM1+dQP2J8Ts5BXAv3ZpyFdEhJ6VcMaDGs1kYhYt
-  M3a/enTUoOPlaITCSHgU+1YSso0FEmAct9/HH2rl9klRIvKqP6FIhQ18UPSccTen
-  UfwCz8CI/gR53Ro8BOLPebdds3nRrT1+JLxAkw+DSsFysZHZM+bmMGREJjJBsVLg
-  AbWXnXStQmbfAxI6dXWsdfJnlbFCWQ26/LGNUBhEVSOCHD0hlOZ7AJedIODkkdMi
-  kIPmCkSIehhcZufbfzuoG1jhLoutJJN+1UhXzwIDAQABAoIBAQDd7nA6o6KtL4ew
-  /ZJ2pCUFLcqF2IwAW3QzxFaPNdTrNj5VhDTYJMZZjd981WuuADoGPh96H/GV83k0
-  0iihuOPa/0R5HQGmP/CH3T0rhiFhkV3D3C0GlK0OztmtRCn5e8uk1PILAHPiTdNh
-  ILowzz07e7epV3I5x9ggz0+xH+spjVBvdIrbNBaeDYdeleAAjJAO4AbXEKuF4Yic
-  hqV/IqqwF8FM+7+jeA5dEGGT14eGmUx6TYoFQbmJkYrFp0X8I/IjkFbUD9ajmHXk
-  Zs6r10SrVNMtyKt7VEaZ6EdJ+8NM/kHLiB9MEc0L13N66PiV485sgl1BwNA6wNSB
-  jjvqbRzZAoGBAOEVill4N/6a/u2pfS5IaNYfR1Zt5nkeSu+fvG1J5LZsag1rne+Z
-  S5ciXMefzmxa0LvubJW/88AxMDGr9Nfj37lYzg8RDC/bPOXli6yC3sRzkkYcohkK
-  rJ+aK3tAB+Tzqu97wdM+HFOXz1X1pwCEa0plEsifCGmhvMaeH1mdeNAtAoGBAP7b
-  ObhzGqGF6z7kAnerQBTAbVNOSjEU/t31atBVB6QjiWbBYJIEm2TAXY/KrgWljg3A
-  XhJN6+Oc1FeXFYv6LOYaftkn3hISy6CyzF5o84WIBIad9gx5yQJvKUiq4pPUbvbr
-  xc2PZdwjTNNQ6bMhTwpIpO+Tm3I1KCnkD6upbslrAoGAPcBnIHy3AAcOAa4KRfRf
-  rr8OF0w3euswq+UrEODA+rtrrRrlTaLE9kXbJnlVbKzNr4GOENeEzCmyiy4eEkzW
-  SEdw4PlQWqDPaFM9qqqM62C5tLqOTkh7a54kZ7/9anbfYqyVVJspslVn8LFgi+fI
-  d7SbHqdi63gQDn27JB7r0lECgYEAi/yi4dvnvt0ucGcRq+XW1w8zfdS9D+S2cfjB
-  6Rkrj08tw9FoWAxLxrWbLsZnfBaJxqfphChk76tPP6VvYmnSi7n1/xXU9xx32Rcd
-  BqajTK9/vOm7IvMqJDom9RFYT1cadGrhRZ4ElzyUkGYbWBdtsPpiDm6Hrd3g59Gr
-  geEZR20CgYBlIBuFD6++65x1knXHETtkwJwe5XQBFsCa8JagoWvmaP5weEVCW3E/
-  g0hlJBmUCGemLtYStvAZwZj0ipvC9YokMHlL0SRHqFMb0WAz2vOlGBJCKZoivPIe
-  aJKCMO1nj4BP9VIIV9jEyy5/ronUnO97ZETWvKLie1k+S1DNc2XRwg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n1
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAlXBByqsigrFwOZMs4f1h42AJ/zj1L6lmsJ22eCpr6sZDYBYp
-  hgdsPtd61oJxlp+GHKyMcmWt1665W5azt6hpCaXqdU2TpfJZZhyFvgyFFMbVSOKX
-  9wzoo8zX973TJ67XaeaJqM9VK8rusAob1ntHVF8LwfQPyvF9Si47LIYddHtgCG6V
-  GUSXxUw62QBZTfVRHa5wsWODMqLdczmFVb97nMMOuTaxxxUmDX0liCw5GTozRCE5
-  /iIA1Oxvwvs4jR5JT1eCTZrGPW6zgCIKUizN+PSYmQQzrBZ1Lrpb90NYDJ8QiVQ5
-  /l6S5k3kPpdbx/m1WpEKgKjKmHCvCsv1AEwEawIDAQABAoIBAC30BDdHYuhfmgwK
-  Zv3jhgt+h/R01mjepdZf2TGgkejzKNrOVdyCQdYdOwfluvo/eeUtZk7zV38Amr1A
-  XWl3nz05SRzjSyj3mmgdEz966B2YexPbojF1RcDBCBSFyf3k9Rb6rpA7mYxK7hUy
-  NpdA95FJXPs6ivS0R/vctZOedkZQBc9Z2TMaRyMUUrP9MScpM/rd15+zRWUQFY+7
-  GGODXmggrlHz9tGMGl+SOqbmrXSCPAa++NeWe0rM7USSVguRdd28m1UlWeawB/g1
-  w3owrk8dDzLX7z9yY19xeIXhJ68/NGDBZW1ZuecT1jGuU/wlGUFTG2R7BtC1VFly
-  d4N5dsECgYEAwm/rAuuDeCT1QHuMvHWNF825UUyJiS6eZ8NWHm/GtxSNWblf/EYh
-  LATUMmJr7i39EuiMgz7id6VSLrGYKfbZCIS2PBmiBKDhmZ2ca5STUhT5SCi4CDv4
-  F6xYDkR7vbpJwC4o81DwBRolcRHIuOgjWhHzCtTujdQf2TkTtjWFQMsCgYEAxMD6
-  DlL0c93uDjCwLY0p7Wy+jspzMmY3hGL237UH5dUjEPjzPhC2PfJ/oys4zMCJK+Ej
-  b3Bii+AXwdfCXwKBPjXZN3IKrevx1r9TaOgZ5zTk3UaucAQCbx4Y4bHLAACrEA4Q
-  1tUTTmmzpNylTjQ73Bj9XMZpKgiXcxH/kndh9uECgYEApzUlzioIsj5eJmjZW4xf
-  nJPPBUojkLRlhugl3CDVq8Xh1MIk+Ea66ibw8K9RD8++rg8MHyXqDWg/Z2ZUa+ob
-  NEckjESi3wYXXEp9JMrtcg4VXeeec35W2MzeIM7l9wAHwlwv3SbCcjDM+BKKIfGH
-  zUJYVv1MdO1xwhVijTQzdscCgYEApS7SgKYafxBKZPVxY7zI/4C1dxH2ptB0OZwQ
-  YX4NtGI9P2mSZYAIUHe/utB1rkjSoNkyM8PpqD8qEt6+W5+xu/XfeJIw7xVQgxc7
-  wq5h2N9qaW+G0Zo8JOfiwdDPeiAVfbQhZQucWs+ZN4ba7Y4i10TPqU0WS2jNJZlt
-  tJyvzWECgYBxJQcxm8+TPlkcHQ0KrQ25u1tyLBJh4a6CB4Rs/kMxGX1guW3+DQTo
-  1KouYPCewi6kJ2HZ377bWoTtGsBwzLClInfQfXEFA2e22/CvwizvkTf9k5CkXea6
-  dRL+p20jDgEGWcN7gC5iTBKRMkX3ovzsmDLGKb/xVDWV81tObWQ2yg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n2
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAnK+sU+qw2/BCtVJ7HHxUwbNsM4zZIwVAc3WSfrXI7Tz0zwia
-  5kpcxcZAT4NzXb2OnfDbpMFtjbOmFd685518jZ6E/MhWrvS8X6mSu3hVuTSqDzkF
-  rqmlzz9V+TSNHgL74+Kxjje3TkVxgxCvR0cYI0nQX09MquSxKGUkUUAqOcrPiDwv
-  58LwJc1syJx+uQe1ockleSDohBeUwttFNMiz3PNuWqdVm/BqbknrEsitR+nBBWkO
-  zmHFn9JjyV8azTfArwVZuMafK6GvzR+7hniIP78lBU+LCw3QEZWkGtQy08uSOf4L
-  HLrw+ayWWChJFr5VyISoLP167h4Hp3uztbBj/QIDAQABAoIBADlCgcmRBNz7aoV1
-  BQSd8yNufGZCXL/NlYYcO1MO/8Si+BwI2wK5vjmQf8QPF8P0GABkGwCUp4KXWmS3
-  p3VFOlVOzu7KD9OUIJsdD0Bvc3RhaJxzjD4ORUf9r1+I8uE62e6n05dTiSuTeS4a
-  lNOJiaqruPh7tFrnhE5s197RghzoDId+4n3nipc6osiCupgYkTUctv+mLUXjwbLO
-  Soi9euwvUO5OwXfXUKZh+ej1k4vt8M+njfrXjipBEQz4JP/0rInZBHJyI63i3fyK
-  YR0hVgioYlDC9CJsy9+1nxUHr4ALEJjKC4irgG5NWOGfutEhCVaQLq6sYsWtXzOB
-  C7AeEkECgYEAzpS/xaPkqIM9kkRcPINEPa6OMzWnHwW0HUvBUR+q7sPItlNEeXXD
-  p+Rc+KeLryqPqv1mkdSnW3+OJ79Ltz6AROowKi54n6TrIedCvUU1pCYgs2WN1PDl
-  gVar1eCyvwRFJzTqXEZT0lDVPbWbX2vTs2A2mPWkgGHUCuVd/tZfEzkCgYEAwitP
-  VE01xi8LT4bdRGyrvx7Xib5Hbq4HYAzq6GYuV2QCHECYwYb8ohGrGZgzj0EZ5trK
-  pzFLUwo78oU+BEZ2iD97eyNdLNNeSVLzW650Y8TO9hGv6lW/vsQh73ZzaNNIEsYG
-  1Nb4DMor8nsqdoRqo92L2XwF8/aDnNkHzYerwuUCgYEAzLSd7A1iUpHqe3x+IgC5
-  qJ3Gj3xFJPqT5svgvrCww3UC+Zk9q1ZFEaO7dTMhuexk/T2pXCzrwkF97mkjcGvg
-  02l1XPc71Iap8aime8OPSh/2G48woqgr5KSsFn5Y4ewrUpSe/904xpoPFN1XH5FL
-  8N4QfDY+UnGem0V6hUKMaBECgYBWmRRXZ9wc2Kx1upOCyejLY4kDsO6Q6WL2rqwy
-  HCh852idix3V6ktQSQsDbkNIl+Nid6A8cxrCHWVhI5XmODrzR0TeRYZv0JFTqIBL
-  GoJkYMlhK8BGhhnvjfAIqc6NKPYTEWjIklus8JorGk108FfTX6LYy5yoEwDd+lml
-  i+XKFQKBgCoz/VSasLIZZyjuYBccwRWq7+4EpjbbuQACbwegc5oZMcBdRcxcG0Js
-  +oOGf8km6U8KCawR238Spa+CqoxujkJ9zBZ3ptOa383yIrghWxH1L1JKQIw7E9sV
-  H1ax2jorimyN757UpRAkh/9K606WyCado9+Qi9HRLYg52QSQe/VF
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n3
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEApeeE+ceU2/TPKoK3o/5yqt/NryLi3yFdLyJhBGTdlk/xT6S6
-  AQdcy+vtMylnYHC9gO2UF1lXkjU7YF47OlZVSXcqzjnHvirvM5HH0Qk1uT4E1tUn
-  23L4b5lIruaAgxhErARFWYUI33fCyHKRAD63eBsADxLyr+/L14A6WbCR9L4LTzyU
-  m+rw1ck02kKoR7cPrflN9R37vNXz1TvkU/i87rLmga+iiH/DwWVM0jbCj+13O2/A
-  1GYIKHp6+EHDPKLpuQnrYS2jCEmszivpf3eg4jYi9Ec8ReOw0sMmT1JBYga72bKm
-  Kz/gREUj9ozJd6Mm5z/G8eFewHSzmMpwTZNZjwIDAQABAoIBAD/XRoljrrmxi+K8
-  6HPX30I32wtw7kKUsSoJHbI2KjrESoSuS9FHhwMFp4JPhXNMDvBE+/68J4GgsFeW
-  C06YmDsr+zHedCmOlfuPNogO9jhxUCVnYu4EYOt43cpH8t3/gbV78z/OfKqZiD/g
-  LkIc4Db8lNo4HWFsclFcC5gl5RR7SlOHXgSUifzIwtnCSqYeGCMZAd/hYtbq+sIP
-  /x8+5eRGPZp2rex8W1hyRKw3b+yH7A0TjRgcgeeF3gyEQ4u9W9Rkfz1zB22WtEou
-  UieZ5o2bkACIMl1fIXOZ6eFt56glzBfktJDsH702dN3/pByqBNQnXd3nHwnu169Q
-  GLBYz9ECgYEA152fN3Hc7kO0VJFzdM+VfAlXFojVVeJYfWAjEzfyWHM693oqhTpV
-  0EK5+y33IxpxiWwYBjtVm12UFQMg5RuWbFF3mmetr0+bazaPn+Y6pY9ufH3MfBdO
-  QLB7nM79R+Ebrk4H5boZNaQsyTdWD8YNCt/ODwPs01+Rx+Nf0Rm8TjcCgYEAxPpU
-  eUC6AQ4J9Q7yYWtFuN16bK/TjtuzLORivC+GZWyyhE3QNU0A+RRzx/pZTb46cD26
-  wtV3lH49yxGJv3ujUaVTz0j1r3rHMEFe84dFLqb2KpvK9y9Uc99J7YljjPpXOwFX
-  H1u8RC/8EqEKJAXrkP+I16i3AlvSfXIywq+oY2kCgYBs8c2zHCs/kKIbYOrviLvF
-  UorYbgctQBLqNptCaLBhFMgkp2u4qYMWmcCTM+R9rizT/PQeofhdamkaPNxwJwJY
-  dMl0ERLnU9f50jW7236ijNiMupuJz9TQRtwOnV/I4+sypWbEIsX+Hpgqi3VGvxFz
-  /yWE3LzbCJ0GXNLbOp+0/QKBgC1j+h9O2Q3xLD46SYRFcfWdo95zze53lhxcLJxs
-  3y10FNcED1yY+AZtvhhxCi8uDM1cjDLlef7P8HFhAzsKxKHF1UBI8cSUKF5oUfcQ
-  TtLnSoabC/RWBcIFzEVeiYAtF/jS4D6rpwCXhiDM10dhzdzF5cS8bh+vBRw/Oo8+
-  ZzExAoGAeBb5IwsKVRQfq68CtZaT6HUq+v7SearRmQDNPJInkEdGSHhxjJsGY/Zp
-  j+zhwmLSZttE7M4wvbRpXqGPmFKnddKAfV5gQCgmsMlcV0fd9zj5SVF3qrPyMKYF
-  XgoRl4uZtb9uBZBd/EPLGkLF1O9qw/O6jG4D5fQMur5zJpVypYo=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAn6m0QFVZ6mTpESrX4Fb2Y08wOyw+lptBTiSE87B0vEK6haA7
-  tyNtQWetMgJMyiHuLP7wCJE6VopW4XFue67mZ3S6vfekCFE4axNdYMggPNhUCS1X
-  y1Hhog0D9vsdFinUtCNsLqhRaQy4YV/5HcNPHI3p46qaZ8FdiaUPNoteDVyKQM62
-  sy9OOi9VR6tavrKRLLcAanDEBFxRYunIMopJGWyPxiQRSSM9qW/dLTznL1E9tstt
-  n90RFt8+qaEpPiWS07nPLLON2gl2uoqpx++8OsyfovACw6C7GskyFljZz9/ZSwuO
-  kdFZxrFza97F/gaJxg95S58y/fgx4+lpZ/3lXwIDAQABAoIBABUAsOppj9tqjNIq
-  TZ2AMwcbSp/uEQmkwLFz0l1wD9sX+AtN6a0MpvmclsbmUI2iav9WReMKn570sbsU
-  PdFdT4e6bjpBEj3Z2U8UjAsIKF14o41VfqALVGAJ0ES0Ab6BoC5WHowArjzgZHzC
-  sDV/FLAP5v2A2rDdWd2abebh7GxbU8ZSoRqYY/xtSEtiunMhuL050WSfukVcG2P8
-  9ASsyA1xOECR9qnJAiwdb3FZSSZK6Kei19iSSb9OdRjvK45/G+bULfoy7sbOrius
-  ZiJ3+bcTjUz7ZqzmvQoPUjjf6nyn2RerQcCjDmZxVpxRocDyVYB9paWP9sd5tSoG
-  Sp+3r/ECgYEA0d4bbsDhtAR6xzgofj4iH9i7HTVXZmG5B/BtiLHVBz1MN3w5V1WA
-  tT1xC7luEL0OrvcD9j3e2Ci1r39IQyJCx7m5C64fmbT3IIQCeTKKnpUep+4rmr3p
-  ZhZVO7VKB9yhvKV6KHTV87AwUDE181t40/Miobbk2B1Yib9v4JzPW+cCgYEAwsJs
-  vi9e9OdNffnNsowj4cEvcwHAwlugQ/NpGDo33RkryVf0yTjsRESw4dIY8QGQ5PeP
-  p75XHppbb0qHU8CksH8r07nw1xTJBUion1HlJ6cgbixMVIiRxQ/2wp10ChYYMu6q
-  oIa7OhhLPV7wgRNVEZYinZSe6B+IYv2t/Gzru8kCgYB8No5cBfNQfdpBcV6eIZ5G
-  5RsSVZDuOuat6UKbRk3EpCYpLPAvXZ75Jm1zOAQKCivXqMICi2oK3EV0oswdV/jY
-  h3cbj6qKag5eg2OHYj+jTrU/RXsvcjnjP1KhLVKsxow/wF1F9qjvO5fMzuOUrs4b
-  /GrB9iMKOow9sz2/XnBofwKBgEOfRCiIxByejx51dMFQvUiuTe5NpoMVU0Ekq9HY
-  rPrcuYJQQtL3K7nMa+oMi9Jqa8fEWSGyCge7KpIqu3AODGCn1yzNe90B/4YRI1Mm
-  GT26Xp1CTkJvpMVadKBAEUFLSJ2ulpnkDe/u7XjilPkMIFZZ3az/JGmOQUm1sQpb
-  O0JZAoGBAMBfO/n/qlSkm4HnSKHAwNFh/j/nBQY3ZMhDvXzOKSK7RT0N5vCOzfEl
-  NeZMnt2B5ftTH73B5JoD3/sEARdnCZrf9GCowkea2tHxjYcs9DqOkolbmHLuYrYI
-  q998ta+MLN6ftXLfCLTIKtI9MK+dBgexDtSoj0YvwYl/pK1RBBoF
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAvD7wkqsbNEAPDVTXYQSnCPrSReqEe41Ss2qRnSoecQRhnpEB
-  +O0jWzgsWp3J2Nu71NMcwEvMSIrq/YFvVDLBdGbGua89xotRQotoW5UCOF8RdVPc
-  R/kvG2LAQkaSmc6xJn/NlUYNylMQixcf69y0qgx9MgQgZZUHuoNWWgeBBKu6b0FO
-  7W3EJWsuHjreLcsUXRPAn50o49tIb3VaTngy+g8NnXHWzZ8Y/Ts6fFUuLb9gNFZx
-  RZ6hgNjQXLuTIBKq9fPtDJTM/zK6h6Q7zad2MOFShvbY8WfMoSCQ8KV2L9UYNkfu
-  QIsv7yCO12fDaUmAf+inynXSfvN0+CIlc3MvGQIDAQABAoIBADxwsOlGituB3dNX
-  9DcwOTlG3xCXtaW9wFne05X0mgWLdJRm1o1IBlwZcxQ9KTu5gVtZ1RdgvtxjzgNK
-  9aXBDiADh7bCr0D6JkMJY55T/3x9+asEG+v388oFMNmWsyczF+nWivlsnqzhcqRV
-  7mfaWx9mFyRh8szqxqp51NXfJuuKcebfy2KxT1O8eMO3Lt7E62Ty+kclDLvEqSv7
-  a5DfPgtif8akEpfyH1F2UAdfTL7FaSqh17ZubEcLc1z+Wwz1a5Ht4j0qCSeCuVnr
-  Y/97pULCzq2oc1YGJbErYFzT0S//welNhkQqoppfC53QGBydK54G5eHLuPuo0f39
-  pugmOSkCgYEA9PQfUBcThsMjDqw+SghWJ5WarYnehNEiTHbI1i+JU6JocS7lTJ2y
-  ahh4cHsCfBKeYdop5TJ9sNG2hBzdK+0ojuNoxgusYex61Qakzu80mJwe87g4urld
-  d2QrQRfwq+FZROSXudWYPEmNJAiNO0eW7nC3n80v+IbY682J6q4owLcCgYEAxLwn
-  ATdIq+/l6WBrW0IMu2kbmWwJAHoqoQJshxX4DxMf3nrpYHUFAAXCjUzJHppP1X9w
-  VS2A0zlkshlaquZPi2aLlppeR6zXLWXh73+U2UTy0p+lXCnDexVIm2VSAEDlEE6n
-  VCac7YC3elJTEyhfkf8BGQN1Q/4RRPo59JMOHq8CgYAJ6nv+BQEgWnPn2ycmXhIG
-  xjKdxdABNmoaCFD3ArOfdBqgQlK7+EJJszXk78XY+fP5aBh8E8As0UB/Np/pcE9N
-  AX2zTrOqvyT1zLANRHevmdpS6Wk6fdh/xclOeEag3p17gXl252OjRSL2i3YUKUC9
-  5Eg6qta/S84qNYbYvjYeHwKBgGlZ9G0zRKhGLFFgP707zoOhkpUDBIML6L4WBTYF
-  rrOr4xoJqeXsZEQR0ZBHOUA5FF1ZBDeoyV7TUjgJWcNA2AHnZQK+IZSyWvxFncra
-  AESlJn9h3HRRLQxBZoNIq7PVDJVB+VsX3ltU3WwUn8YXja4p51WUw3wolujgMp7l
-  DN+jAoGAEsaBCmGlcAO2tVNMw+p9Tk0kH940wltqIzVNZp4qvZNE9+3A75vGVPbB
-  BGWh0dsw8wu7b2i4S4lzx4PUktjJrXB81zh2wCl3B48jFEoWk6uYbHpkr2ggdEGJ
-  QIf0epqnVOCReKTweoHS1VyjlLLElRbHBwLA0cWS6EIqlWIq/LE=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n0-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwn5FCOXpmWtNM8YajOLT4mk8KRgMiH7uOfxLfwk79BQi2euS
-  CPhIv2pfMxkpg5wrA83bX6us3qCMLxSLv+W/A/NxlNejOycPviryyWOxLKmCim2b
-  BPS6rHxpDT2N1zNU2XR1yJa6wpqo0rxsGDX4idOX0xTJdFDnPVtQLrw213nqFKWO
-  LYwwdEz5UM50DHXK3s7vqE+Js5X0BY+CNU6tqa6aGZwDvujRikhB9wugoQsjvKpL
-  PNUI5z1HJcS5CLJizxerUfbToGd5IJQnsXIcFDXvLbBbDf5xzJUzhJp/4Vhmcnks
-  4RdVlzeUtfHRrj1zO6n9A0Goqha/0siPLJsmKQIDAQABAoIBAC2knGbeLdgHSnLg
-  BtMRWFBGCgxKzIYr45RQFReW/y7kmtkxY3AfdFMXj4faW9e7Co01/kmRbFxCqSNT
-  WwiJzi4LL5iSkogLPrKOObPxZV7p2OzLlBmxpS1ddPnafDMIpNzza8DLPsD0srHh
-  7iwwXkdaFMNAmZZmdh38E/Ej0mr2lDLnOVI88Beo36k83tRlGtDQJk0hM9PpWfnZ
-  C3HpLRRYtvUYuQJ9N8p856bLgR+c7ItHSS+1Sa5w38izQjFABW929OxteMgseVCI
-  dLwfV41AqjZ20JRQ9k4uAdU2JCbSexdF8140ptPD+MbOfdNrGr8AHchoBqNfleNS
-  dxuL7pECgYEA9d9Yv/az3LEpbLYaVxvmp405fe2hwXLJWx7txQuq8l9RIhSj4bVa
-  PNNdIlnH8D9WYuRbgRumcxyy5mRQwdT9Pe5yaJJHquKzZ2gVlEci6iS/Tc6AHshK
-  wZ7ytM0umRV49Ny2cNGrPN/jv2/6788xkTnJ8ayU92+35qMPDCFQej8CgYEAyoEk
-  655Fz/2UeuzrxdT/AWXGVCV7O2r9xLlOoCazIN2+SaZMQUbGAQuHrxliLxkZjYIn
-  9ziTsmzR6hV+K7mhMSME7gCxZxlc9TUrVGvF2JM/HI8s7B/b2953SMy6PlVABPbA
-  GBI34XKjDeL43oKvO+v9QoZQ0+0ZyLFZmKYsNZcCgYEAsdvPJ44erha6EJnqk/jq
-  8WmHnUC5MmcGoZPODCxUjN/GoRCtPCkkDbwYMzEfIPuwUfk++DY4Qi0QfPk0MgMQ
-  7iv/NwYaMdOsU7FHauvKpfXPLUmkBKB+83E3wPJsMvEFfpvqndIOPQr4hRNMQw1u
-  nc9f9iMR36xBK+XojK3MuaECgYBMoVI3V01Tx8HIQp913YQiI0FJ1mUrtvEQ4I7A
-  S+S9Kyw28pconH+RJavStuhQqk7hHb/B7cb2XfeRfVChez1kOrxC1EBNo2tp3xTm
-  fWIA8rePNx7ou6WXLjg1dEOGEvyG5FkMwtgimB7bwmgqy4lEQ6ky42Dy0WZQa8xb
-  14YjQQKBgB9PxtHPylWO3SYzLH9mUooTnBPcYWL5oBClZ+5UNSLlbEVxUqkQs3RF
-  vPLsOzYZJ80BAI9iNJKl8tsWDd2DJDqIlRt5UtRHhxcTB3HVZfhdHB7oquYWAoZG
-  Hg1FkJAAPTkw7Ni1Thcu1KgcWAORFDqfry40iPn84wrvrljq1N3j
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n1-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAr8SiKtz+oMeRSplK+zvOeZcC+53JrzIIP0UUdTbl4pP9uQZr
-  Yv+ncLrUFcedvI90L+AqXGEr6KRziafLCEr0Chtdd8L9WiAis+7R5348Wcby2lJW
-  fAm85IyqyhIlgB1zQU7vzKtasy+1K12vWm9GCZ+Tt0oFI7TgnGg2/uidfQOb4UGS
-  7jY1HabogXd8lcresu9htngACuikK4kd/rYaTwWn4QChSJ1zOLtGjI/pfU3ANL6R
-  3uB2+ZaTZHOOk3KBdoUFJ11D2f/ReqSrSOzPGDUnTSwQd1NrVrNRjJIH5OKRhyBE
-  Gl0dkKggX3XC7YUosntvnRNLxD4M/X7OshDWdQIDAQABAoIBAClgnNyCUd7/nBB3
-  rdMe7ShqiGU7a/M2UAK0/G/rkIqaVCxuenE/xecf1DWcXGG7U5rBprdAmNmXfSt2
-  uLEnE/QdJQ/Ac2v4DLNXEUrxyLtJvnnu0DU7BaC4DKytQO68ABnrvz/rRtrP7FJd
-  J56ee1pgmqGXZ0ZUmlu3nNq9X/XBs9sB5QwhkTvImkO9zde/A05FdzIBXSvwjWvm
-  3+JpC1FlPbmbGj274gjLA3O3GbyOFnZoq5eVJ949OENIFjf2iffoWbgQIbngN1/f
-  HTb23N6TnHZ4URuO2+udNPQXUpL8wJhPLPS6FoZBm+R5K52fqST2OGpOfj+65Qlv
-  x7EzFTECgYEA1rseBAc3TjVjbVCNiyTjv52kuURZyoyh6/rQrFGwSzYQNwumNqY1
-  w+R7C4Qe5ziMGh+9NENA6DPMrf862AQ9WH7Z1b0Jlq9LiqMpGaYQ289lOSJwF20G
-  waHHJvmFK6lBreVsoCR4WRcQei9oxum36nkypV/Q5NqnTe0/YLwQwvMCgYEA0YyF
-  6/1i5zd7d0T1EUY1/PI75h1qwB/dj/X5wiovullDxnk2xuD1mAVh8aVN8J5+097+
-  A4kowmuz4plzfps1ZLqRNNnebq06MkPDCM6p+W7m+kdT+T3OKjrYHL9Q+x/UVcZ5
-  4AeQjYM214jXBZexQRFFpcq3zmrMOujgCHXryvcCgYEAyt+Spj+jEvMB8x+t+w5p
-  Vno8TQW0x9dCjE81o/ix1P1JKJiK+wrhtShC0EiNYetdArmF6sC3rCp0cNe44qpu
-  wxNl/7hQPNt1RZCNnjv1pZc2jVpqCNfrEDomjD4mgW+yK/ecP1j1k0ZlPOtZ1MSw
-  DIlhPjlehTnH46oIvP4x390CgYBWWJ4ykPW5Ku6QRfTpylGiyjoOZ16+jiLhGE1z
-  SajjE7dOyFHe/4GTw9wJE8Ga/eRq738h+9m0y2aTYAHsUI5e1FXTPldeqbjKT4vF
-  TEtUAfPhe5TJpkMWuaqlpdv7rrDzK1a7DsLs3P2zMKrRniEnG7PkTjURNIa1W5I9
-  SkIAHwKBgFSHaJytPaZ4wQrWO4/xjBmYbm1sL2ayXuDt20cojDVd4hdcN6ExGpaf
-  fL6JqTMlKUklVPPuEKm26DToV8SkqJ4OILlEp1eRIvKNAmJwBhhFYTC0NSAp6H6B
-  pL3XkRzFMTTnhCyNM41iLkdWogmvu76lEF1Lz8jZSOZ/x344EzJf
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n2-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAwjADCOj3BQfTyc7UnVg8KyCvnfYvBBzEcenA6uWd8GMETUru
-  HEjI7e1xygDzhN9tHSQc0fwFrrZXyiLr0ZHL51lpbvrw0u5UKcPr6OYUxUS52UpM
-  MDZfF6D/qQEa/F1S/NPgQoomx9jQlglCasTVNSdh9AQjiIOmVnOPdsK3JSqOwRFn
-  UYOubqE31Ujll+i8aZS/EpuZ4c+5Qc9rHXzua1SA1w/TpN2tq0QWymh7NfGSnwGq
-  Vwy19XmlbcwK/zOOinvnhRkgLY/d/TyaZCfNSaod76Q3wo78RKsNONBUeWTFSSsf
-  xJ4/TqszwIYcZf7y0mt2s3nH+CfTmXcNZYqdZwIDAQABAoIBAQCUQfvPLa6LFLLJ
-  /TOu/dLSSp5KR88VoLELF6DGtpCjG7YJHRA2YAuoPAUIaTmDVOIFwbCPUY81GNpl
-  5cuNsXawJz+sD8MWCAgR6xeONTvecN5D28nXdWucqrsG2WU1EDtv9IPfyYJaSlrW
-  cjNXOPhfILZUi2Rlsb2pe4ko7vjNUh3vF6cXZcT+USmqdx8nTNyTEapjlhpEmt2m
-  V6DO1p+we3m0P4LK1sUOYHpZ2LVwDgCtuM+ZoNhx+DDsVypNHdoi3O66fgpD4g0+
-  ZcvqIvxVhXK2TV5nsGWqIe/efoJPd3JmI0kpl7aMrYmQ4BKL00MnQ9jv8t0tO1qR
-  q4Cy1HTBAoGBAMZ1UHoQef8pBHQaHEeYUOG0NUdk1rg8H3tVzPS/oqKmzheM0A4s
-  Puk69MPxwtAz9m8i6nN/3DOGHegYj/IUJnlwe35NFkjYSl9p/zC+9+7KEwNASxV2
-  XVKu7+8OEp2S904qtrNbGqq9gtmU4wXJivkTKAc3i+O5DKoWEU61shdJAoGBAPp9
-  s4LHNCXom282JWJ5GGrysiPDyYR+9l1kLNRuzQWD1q9yRd/7bRlC6PkdWpWol3LU
-  ePhTwmAUcsoEyQxu0387FAdwTp7B28kbe2kdDsOf+kcYigrWyng67bfb4FEteViY
-  3o9XhUH82GyD9O6PpyoX9wmhKBbLk7QeiLU4Up8vAoGBAKBKfr6ocjDCK2Ou9ypo
-  fuNdzy6j5r2VagQO7+S6p5xhx9HDnQPlfsaYJLvil+vcHG31MJIrMmq3J46f0BvB
-  ZLXvQP9pOdeKQr+/+CqiA9Tth9+3XS2vlX7D5u0ZW7XDz1VmMHy619YSDQ66L4cs
-  GsBEVa9GkQlUHEOAYWhGXtppAoGBAPiE0B3W/5EAx3297bdWR3iME1tSe1OeF1Wu
-  9p9I0tY+6DenG1ZOf/5JGRVXHzFOU/vUe7R8fWOPxhdSShmwttsLRSLgNNBjq2hK
-  gNVXw/coeEojOYnpcnV4mbMJTfOcN0FEYcM7ZPWEI0D+ZnptQb+MiUcfgcOj9IYG
-  qUGKgMZ3AoGAUjN4cA6mfEbmANOcsc/k3XYZb1WUbcyQSrpOSznQaT+wbcCt/EPE
-  MH13DRFOdog/NJXZhEMwZq3UTumd1hXBFfu8JKAkmbGt0elVxUJ454cFFpHGxQVu
-  QoEBobEYqb7cAqYkkSWkOHFKKMVMDOaX9FwKwyRRP//8j67X1qhlaTQ=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-n3-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpgIBAAKCAQEAxKDvOf7gM/KYM2B8NhGNi8EW1pMNROiiCLmRFxiPMo0aoLMD
-  jR9fD1K59qiTQ2nuohh2Qm3jZywDcOSby2rrsuPwRC7XyQ8TdmQ7dD5KLv27b33o
-  UKT7eWKL9KVG9EeKBAKT2MKT6GR27WBvdi2we0yJGeG17nG30RYI6X/tjiFPONnR
-  yt89KhwcQHEI0caEtX8AKXTvzQqSHG2i9vwvVFRFtV00v0xz9heUOSBZ6zVOu/yn
-  nwt1gJmiFJxMC7VlruHPmMvhLu4Q8Q5mNagxC3GyZQPzazgU/ej230UcfwnKAJWD
-  JDZe6Y4eR/n3tw7Fu20Mdu02/NjcJPxVm1af7QIDAQABAoIBAQCJ3xJ/BvEsW6FO
-  /Qt7Wgl3AfhCkq/OLpRXK87JdAYMexY9sef+jw23j9knVAKWVXPnIuHhKG44TItJ
-  IHMBSkJkmCFDndjeePy7mgJ6OqcHlhBUV+OKkHRoI6pg63b6GCN1Nl12stDFNZSS
-  U3k0U0sY2YyUokhQHlq2eA3dtD7c1dGC8PLScvWRLOFSgn8QHrYxUBQLwOpd6yde
-  WQYatv/Nvubjc6I+0Xsx9USlNSdmHgMTEQ9LqCblnTLVWUIapFGzQplpGHaWzXlc
-  aTb6A3jHH64PKXvybmgJyg5at+qpJ7QPxyB9DNy/vrYwSla5Qphl3KXJyHL3IB78
-  czQVwFR9AoGBAOht4ucIc+EqykbDF7C5+1acOfZhCafwPqFvSf66hjOkKmRKhJjH
-  D/O+MIRNQeoCZ/pIpBvT+Bf86+v9xtG4LFOdUqp8KhmOtdgJs5tCMQkLVCSlCEKn
-  GlBDKSc7JlRZ1cxJn4KLfmaz6vfPZ64J096v5fDGNWfTvzRA6riroGCHAoGBANiR
-  oEvY1++xSn/2frjC8cSdCASenXwuCMi1NCa1VRKp+0VRikdEXUTUfLRgpb0WVh3u
-  5v9uIjhGLkY0oGmTPIY9uUHe3jQhBMkAYxo33j9BdD9Ha4roGjYspV7qPWF2QJGo
-  nWPUhqVWv4uqol71tLIV3fudvf6MkBCcEyt/BtzrAoGBAMjvnraerxddF8v/Ay8M
-  ScYBf3aJQ4DFCFAl1vF5rWVdqixT47f0d8z/ghAOfkpg1CUiwYUxRgzu4cJ9/XD2
-  6JNMsdejSf4YSwq+sGAr5Bpuicq4RaDht7TlquE4mJVZqKRYjaadE6SULDEaRAbI
-  hjrBFGeH40mkXGs/J+yIqzhnAoGBAMuvOznaukz/S/hKFykigEzQ/CeMHsYabbyH
-  YIM/bMHfCSpK5GjezXHc/2SOuZK7nUcN2EhIhvqyVvdEq9Jf3j7Lcp+XQxl4LI33
-  RT31aZvIrdKOE4FThsOI/gfk+tHdbCESmuS3j+OVURXE6G2zXb1Yf60U0QrFnQFi
-  KU1xbTz9AoGBAIxoC/5ekMjY8t4wUlNPHzdw0dFV+SwsJB3nwHtwMdidIWvO82kO
-  Xq1Jh9fYmOVUpePcguHXARhhEc3BIjgMib2amlNUR/jAlxL/rdo1Rz2MnQTsAKbG
-  Lb48jdUB7rDglRhRp57yHpWoCmYxLp0JApLC6m/lsjPUoR5urPuh7hxh
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA381tmbS3oaX/aYtOjYkh
-  sW8HqDGVHpCohYPgxV5lDDrcvCP1ce+bjt6ILHKxZcvu8NrkWBpAEP0gzDx8VvE7
-  Kzq5WtUZvr7lmzYUpDwIQ+BjwNZJivL8j1/LfAKeYeGjYk8brtGswiRAPQsSB/Bv
-  by3T5++ZSD/AX1j0go2zeUFVaajV/rkUyskE5GiEdRwaHjE+XwNaUBbDHtMGC5dR
-  XMt3omckVjTN1RVlcUXEc4IY5N91yzeQOfIGqEdbyephDhTgX7aVMWRMJtJknPpX
-  3WY4HBSplz/utEMrh9HM3qm2IlZ8bwvjhrBzD1U5BF6psOvI0hkB4/c8BszIv+Je
-  YQIDAQAB
-  -----END PUBLIC KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PublicKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA381tmbS3oaX/aYtOjYkhsW8HqDGVHpCohYPgxV5lDDrcvCP1
-  ce+bjt6ILHKxZcvu8NrkWBpAEP0gzDx8VvE7Kzq5WtUZvr7lmzYUpDwIQ+BjwNZJ
-  ivL8j1/LfAKeYeGjYk8brtGswiRAPQsSB/Bvby3T5++ZSD/AX1j0go2zeUFVaajV
-  /rkUyskE5GiEdRwaHjE+XwNaUBbDHtMGC5dRXMt3omckVjTN1RVlcUXEc4IY5N91
-  yzeQOfIGqEdbyephDhTgX7aVMWRMJtJknPpX3WY4HBSplz/utEMrh9HM3qm2IlZ8
-  bwvjhrBzD1U5BF6psOvI0hkB4/c8BszIv+JeYQIDAQABAoIBAQC5u63qsvz2zWGT
-  wQX3Fkh9DY0IO+XqkNkavSCsC7PGm48XIKyQ2u55ehr+8ExjFAT/pFl++IIU104B
-  0WzLZrXZIYo0ZMhR8fFxh0dIKX4efrmqjuxHwXJytmiUSUQSLYU/kDGEOwSpthYN
-  0wMqzZJdbWYAhWrrd+T5/EQnmNvKky1qHJwhY57sX4amJH9amz54Ra2NbmNUtDGI
-  RmRqZupUAuAfy09AWt+PPiEJbKawmEtcvy29ICmTft5TKqlKoTFTzpHd549vzofa
-  Eq1UhZwPR4TPe5yKmEDgwiZjkpPpsh44bR7E6sOv0GiiOPs51/JfRurpC49+pzXh
-  UjdAWq+lAoGBAPj1e5QEGWFWJK5LSeLnKY07zepksiiEAo1YKbB/aqoBEmVGBVSi
-  4wBX/j3ID/sKlE0cVWe+ZLMdooxbUgo48q3FXVzrvfL57fmedtHXL9220HUARGkB
-  7JoMfzfIMY5WJ+kfsrvc5MqyLDGyjyqzGysTNNWlixmhHDs+Mkbx6qqjAoGBAOYh
-  zpyP4PNLYTWUzE+YCT3aqdPsVCf/Q2eFNWWagVOFQBiVuTBUIfVHmBLkTk3atQ9f
-  kJ5enpiBYNLBiFH/eOwFLdEMMpjCRruzBc2yUHf0AeHlYumTlb8g6h1NQTc45ArR
-  YYuD6q/HwYWmoC2MUJVSHxx7PHswTXJ9IjsKEccrAoGAOhRCzSgbp6qKCiNETGvz
-  NKCkDC+LpIoPclwD9cnz3086tGeebL1HSdg9Vrpqh/1S1Z5rijVPlr2uIyJWxE2+
-  x61Id5oDiUCnNNm0DIYwA4BXp0P1sa2iPdn2f9PzQ6pzyx36+3qv4V2pk7p9Tc/U
-  4bqsU7838TW1uVhsMELVpRMCgYA9yqQMe8F98iaG2Y5GbN9GYXkqMxGhr7OsjyL4
-  RhUllOjR8RnJdT2s+21E3VJ9KxVkrFdLfsJ81nhl/psY0UzpqrZTpD/NrpSJf5c2
-  VQOwQa9jtVDqwLr7l93kwkKZjkgE85WKfYA9dJhsx4HI2R0mCufZoOlrdlvFOv4+
-  9gQyAwKBgG4bxo60JxV36qziXCSeEvpFcZjOvlQXZb3VmxOzgDcrAo18MXGeqk4d
-  9+V3oNnqMbjUSsZVkESSPQTlCsjXTR4Kx8dxevjBiJGBfBVjCyW5UajGzCboQvJI
-  qWkioSgoKbfXh359I0aZo+9euM/DkYgcHVVNZFcMRlEf8v1bhmzR
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PrivateKey/v1
diff --git a/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml b/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml
deleted file mode 100644
index 150907ba0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-schema: deckhand/CertificateKey/v1
-metadata:
-  schema: metadata/Document/v1
-  name: airship_drydock_kvm_ssh_key
-  layeringDefinition:
-    layer: site
-    abstract: false
-  storagePolicy: cleartext
-data: |-
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP
-  yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM
-  dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u
-  M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q
-  8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp
-  b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk
-  fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN
-  F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE
-  hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h
-  qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/
-  V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+
-  nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN
-  KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW
-  Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316
-  G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA
-  CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk
-  hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5
-  wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK
-  Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq
-  NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x
-  tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur
-  XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65
-  dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA
-  5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC
-  m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g==
-  -----END RSA PRIVATE KEY-----
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml b/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml
deleted file mode 100644
index e80417d2a..000000000
--- a/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/PublicKey/v1
-metadata:
-  schema: metadata/Document/v1
-  name: airship_ubuntu_ssh_public_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml
deleted file mode 100644
index e9cd1ddf1..000000000
--- a/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: apiserver-encryption-key-key1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# head -c 32 /dev/urandom | base64
-data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM=
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml b/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
deleted file mode 100644
index 720150288..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 7b7576f4-3358-4668-9112-100440079807
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml
deleted file mode 100644
index 9a9af1f2c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_swift_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml
deleted file mode 100644
index 6ab430ed8..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    name: ipmi-admin-password-site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml b/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
deleted file mode 100644
index 73d4a6970..000000000
--- a/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-region-key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# openssl rand -hex 10
-data: 9026f6048d6a017dc913
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml
deleted file mode 100644
index c5f866c85..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
deleted file mode 100644
index 9bf0217bf..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml
deleted file mode 100644
index 51221924c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml
deleted file mode 100644
index b22f898b6..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
deleted file mode 100644
index 5d76ba793..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml
deleted file mode 100644
index 26565dbe3..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml
deleted file mode 100644
index 073906900..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
deleted file mode 100644
index d103c2780..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml
deleted file mode 100644
index 93ae0f24b..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml
deleted file mode 100644
index 3352d4ce9..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
deleted file mode 100644
index 39f132713..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml
deleted file mode 100644
index 5777ebbf8..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml
deleted file mode 100644
index 36db28bc2..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_stack_user_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml
deleted file mode 100644
index 58129ef5d..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_trustee_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml
deleted file mode 100644
index 7c78d4572..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_horizon_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
deleted file mode 100644
index 78c265edc..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_elasticsearch_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml
deleted file mode 100644
index 9232de761..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
deleted file mode 100644
index 6d5f49e5b..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
deleted file mode 100644
index bd4e57399..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_session_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml
deleted file mode 100644
index 52dbe16a0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_nagios_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
deleted file mode 100644
index 64f78e1a4..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_openstack_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
deleted file mode 100644
index 9c68e9d5c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
deleted file mode 100644
index f134f46a9..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
deleted file mode 100644
index b3df5f659..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_prometheus_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
deleted file mode 100644
index 9f64719a0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_access_key
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
deleted file mode 100644
index 3e06f913a..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_secret_key
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
deleted file mode 100644
index 97c7d2312..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_access_key
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
deleted file mode 100644
index 60f0134e0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_secret_key
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml
deleted file mode 100644
index 6c3f44695..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml
deleted file mode 100644
index 2edf0f22c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml
deleted file mode 100644
index 07b2206ab..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
deleted file mode 100644
index be716f432..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml
deleted file mode 100644
index 4d0b15749..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
deleted file mode 100644
index 6be02b9ce..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml
deleted file mode 100644
index dd0b2b68b..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
deleted file mode 100644
index 37d5c627c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_metadata_proxy_shared_secret
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml
deleted file mode 100644
index 2cd60f567..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
deleted file mode 100644
index 13569ba02..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml
deleted file mode 100644
index 4c2223d36..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml
deleted file mode 100644
index 11747a726..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_cache_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml
deleted file mode 100644
index 48df9ee54..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml
deleted file mode 100644
index 61b4144ad..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
deleted file mode 100644
index e7d97e27c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml
deleted file mode 100644
index c72b59ac0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_placement_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index a3b5a2b69..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml
deleted file mode 100644
index af90ec05b..000000000
--- a/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_tempest_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml b/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml
deleted file mode 100644
index 18bd48556..000000000
--- a/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant_ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml b/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml
deleted file mode 100644
index 4d6046803..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ubuntu_crypt_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# Pass: password123
-data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
deleted file mode 100644
index 33c4125ef..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml
deleted file mode 100644
index 8a1d64884..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml
deleted file mode 100644
index 866efcce2..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_armada_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml
deleted file mode 100644
index cb2da2244..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
deleted file mode 100644
index 95a76ed17..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml
deleted file mode 100644
index 5ee27f2a8..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml
deleted file mode 100644
index e63319b71..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml
deleted file mode 100644
index b8083b519..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml
deleted file mode 100644
index 2eff5255c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml
deleted file mode 100644
index 91f74fdc0..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
deleted file mode 100644
index a9cb15317..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml
deleted file mode 100644
index 402c1299b..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml
deleted file mode 100644
index 96ec5745c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
deleted file mode 100644
index b513af431..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_openstack_exporter_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml
deleted file mode 100644
index b3c132542..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml
deleted file mode 100644
index 95d6c0e3c..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml
deleted file mode 100644
index 546de05ba..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml
deleted file mode 100644
index abdaa5bc4..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml
deleted file mode 100644
index 2176e714f..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml
deleted file mode 100644
index ac40d1ec5..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_promenade_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 6a2aef93e..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml
deleted file mode 100644
index 181a52a84..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml
deleted file mode 100644
index de0eed714..000000000
--- a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy-virt/site-definition.yaml b/site/seaworthy-virt/site-definition.yaml
deleted file mode 100644
index ba98fd8d4..000000000
--- a/site/seaworthy-virt/site-definition.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: seaworthy-virt
-  storagePolicy: cleartext
-data:
-  site_type: foundry
-...
diff --git a/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml b/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml
deleted file mode 100644
index 146d008e2..000000000
--- a/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml
+++ /dev/null
@@ -1,160 +0,0 @@
----
-# This is a copy-n-paste
-# from globals as this document must layer from type
-# so it can replace type, but really wants the content
-# from global. Refactor after the gate emulates fabric
-# BGP peering
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-global
-    actions:
-      - method: replace
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Chart source
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .charts.kubernetes.calico.calico
-      dest:
-        path: .source
-    # Image versions
-    - src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .images.calico.calico
-      dest:
-        path: .values.images.tags
-    # IP addresses
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.etcd.service_ip
-      dest:
-        path: .values.endpoints.etcd.host_fqdn_override.default
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.networking.podSubnet
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .values.conf.controllers.K8S_API
-        pattern: SUB_KUBERNETES_IP
-
-    # Other site-specific configuration
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.ip_autodetection_method
-      dest:
-        path: .values.conf.node.IP_AUTODETECTION_METHOD
-
-    # Certificates
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.ca
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.crt
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.key
-data:
-  chart_name: calico
-  release: kubernetes-calico
-  namespace: kube-system
-  protected:
-    continue_processing: true
-  wait:
-    timeout: 1800
-    labels:
-      release_group: airship-kubernetes-calico
-  upgrade:
-    no_hooks: false
-    pre:
-      delete:
-        - type: job
-          labels:
-            release_group: airship-kubernetes-calico
-  values:
-    conf:
-      cni_network_config:
-        name: k8s-pod-network
-        cniVersion: 0.3.0
-        plugins:
-          - type: calico
-            etcd_endpoints: __ETCD_ENDPOINTS__
-            etcd_ca_cert_file: /etc/calico/pki/ca
-            etcd_cert_file: /etc/calico/pki/crt
-            etcd_key_file: /etc/calico/pki/key
-            log_level: info
-            mtu: 1500
-            ipam:
-              type: calico-ipam
-            policy:
-              type: k8s
-            kubernetes:
-              kubeconfig: __KUBECONFIG_FILEPATH__
-          - type: portmap
-            snat: true
-            capabilities:
-              portMappings: true
-
-      controllers:
-        K8S_API: "https://SUB_KUBERNETES_IP:443"
-
-      node:
-        CALICO_STARTUP_LOGLEVEL: INFO
-        CLUSTER_TYPE: "k8s,bgp"
-        ETCD_CA_CERT_FILE: /etc/calico/pki/ca
-        ETCD_CERT_FILE: /etc/calico/pki/crt
-        ETCD_KEY_FILE: /etc/calico/pki/key
-        WAIT_FOR_STORAGE: "true"
-
-    endpoints:
-      etcd:
-        hosts:
-          default: calico-etcd
-        scheme:
-          default: https
-
-    networking:
-      settings:
-        mesh: "on"
-        ippool:
-          ipip:
-            enabled: "true"
-            mode: "Always"
-          nat_outgoing: "true"
-          disabled: "false"
-
-    manifests:
-      daemonset_calico_etcd: false
-      job_image_repo_sync: false
-      pod_calicoctl: false
-      service_calico_etcd: false
-  dependencies:
-    - calico-htk
-...
diff --git a/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml b/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index cdaa83c9b..000000000
--- a/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,153 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which calico etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[2].hostname
-      dest:
-        path: .values.nodes[3].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # Genesis hostname - n0
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n0
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n0
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n0-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n0-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - n1
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n1
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n1
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n1-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n1-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - n2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n2
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n2
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n2-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n2-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-    # master node 3 hostname - n3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n3
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n3
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-n3-peer
-        path: .
-      dest:
-        path: .values.nodes[3].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-n3-peer
-        path: $
-      dest:
-        path: .values.nodes[3].tls.peer.key
-
-data: {}
-...
diff --git a/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml b/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index cb19b8345..000000000
--- a/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,163 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which k8s etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[2].hostname
-      dest:
-        path: .values.nodes[3].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis Exception*
-    # *NOTE: This is an exception in that `genesis` is not the hostname of the
-    # genesis node, but `genesis` is reference here in the certificate names
-    # because of certain Promenade assumptions that may be addressed in the
-    # future. Therefore `genesis` is used instead of `cab23-r720-11` here.
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - n1
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n1
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n1
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n1-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n1-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - n2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n2
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n2
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n2-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n2-peer
-        path: $
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-    # master node 3 hostname - n3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n3
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n3
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-n3-peer
-        path: .
-      dest:
-        path: .values.nodes[3].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-n3-peer
-        path: $
-      dest:
-        path: .values.nodes[3].tls.peer.key
-
-data: {}
-...
diff --git a/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml b/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml
deleted file mode 100644
index be619535e..000000000
--- a/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# The purpose of this file is to define the environment-specific public-facing
-# VIP for the ingress controller
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-kube-system
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      ingress: kube-system
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .vip.ingress_vip
-      dest:
-        path: .values.network.vip.addr
-data:
-  values:
-    network:
-      ingress:
-        disable-ipv6: "true"
-      vip:
-        manage: true
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml
deleted file mode 100644
index 0679cd98e..000000000
--- a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for ceph
-# client update
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client-update
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-update-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml
deleted file mode 100644
index 642538960..000000000
--- a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          osd: 1
-        spec:
-          # RBD pool
-          - name: rbd
-            application: rbd
-            replication: 1
-            percent_total_data: 40
-          # CephFS pools
-          - name: cephfs_metadata
-            application: cephfs
-            replication: 1
-            percent_total_data: 5
-          - name: cephfs_data
-            application: cephfs
-            replication: 1
-            percent_total_data: 10
-          # RadosGW pools
-          - name: .rgw.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.control
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.data.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.gc
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.intent-log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.meta
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.usage
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.keys
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.email
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.swift
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.uid
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.extra
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.index
-            application: rgw
-            replication: 1
-            percent_total_data: 3
-          - name: default.rgw.buckets.data
-            application: rgw
-            replication: 1
-            percent_total_data: 34.8
-...
-
diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml
deleted file mode 100644
index a3b09ae88..000000000
--- a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for
-# ceph-osd
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-osd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-osd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml
deleted file mode 100644
index a373c6ecc..000000000
--- a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-provisioners
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-provisioners
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    deployment:
-      cephfs_provisioner: false
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml b/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml
deleted file mode 100644
index 5f8fc9b39..000000000
--- a/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# The purpose of this file is to define site-specific parameters to the
-# UAM-lite portion of the divingbell chart:
-# 1. User accounts to create on bare metal
-# 2. SSH public key for operationg system access to the bare metal
-# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
-#    based auth is disabled.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-divingbell-global
-    actions:
-      - method: merge
-        path: .
-  labels:
-    name: ucp-divingbell-site
-  storagePolicy: cleartext
-  substitutions:
-    - dest:
-        path: .values.conf.uamlite.users[0].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: airship_ubuntu_ssh_public_key
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[0].user_crypt_passwd
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ubuntu_crypt_password
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[1].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: airship_ubuntu_ssh_public_key
-        path: .
-data:
-  values:
-    conf:
-      uamlite:
-        users:
-          - user_name: ubuntu
-            user_sudo: true
-            user_sshkeys: []
-          - user_name: airship
-            user_sudo: true
-            user_sshkeys: []
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml b/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml
deleted file mode 100644
index f73079349..000000000
--- a/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-drydock
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-drydock-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: airship_drydock_kvm_ssh_key
-        path: .
-      dest:
-        path: .values.conf.ssh.private_key
-data:
-  values:
-    pod:
-      security_context:
-        drydock:
-          pod:
-            # NOTE: Drydock has a hardcoded path to SSH key that
-            # uses root home directory, default `nobody` user
-            # does not have have the access to keys in the root
-            # directory, consequently Drydock fails to connect to
-            # the Libvirt host using SSH.
-            # Remove this workaround when Drydock is fixed.
-            runAsUser: 0
-    manifests:
-      secret_ssh_key: true
-    conf:
-      drydock:
-        plugins:
-          oob_driver:
-            - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver'
-            - 'drydock_provisioner.drivers.oob.libvirt_driver.driver.LibvirtDriver'
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml b/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml
deleted file mode 100644
index 1a44797b2..000000000
--- a/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-maas-global
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-maas-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: airship_drydock_kvm_ssh_key
-        path: .
-      dest:
-        path: .values.conf.ssh.private_key
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .vip.maas_vip
-      dest:
-        path: .values.network.maas_ingress.addr
-data:
-  values:
-    endpoints:
-      maas_ingress:
-        port:
-          ingress_default_server:
-            default: 8182
-    manifests:
-      secret_ssh_key: true
-...
diff --git a/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml b/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml
deleted file mode 100644
index d184e147a..000000000
--- a/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-promenade-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy-virt/software/config/common-software-config.yaml b/site/seaworthy-virt/software/config/common-software-config.yaml
deleted file mode 100644
index b2ed066f1..000000000
--- a/site/seaworthy-virt/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# The purpose of this file is to define site-specific common software config
-# paramters.
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    region_name: seaworthy-virt
-...
diff --git a/site/seaworthy-virt/software/config/endpoints.yaml b/site/seaworthy-virt/software/config/endpoints.yaml
deleted file mode 100644
index 8d47cde38..000000000
--- a/site/seaworthy-virt/software/config/endpoints.yaml
+++ /dev/null
@@ -1,967 +0,0 @@
----
-# The purpose of this file is to define the site's endpoint catalog. This should
-# not need to be modified for a new site.
-# #GLOBAL-CANDIDATE#
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  ucp:
-    identity:
-      namespace: ucp
-      name: keystone
-      host_fqdn_override:
-        default: null
-        public:
-          host: keystone.gate.local
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    armada:
-      name: armada
-      hosts:
-        default: armada-api
-        public: armada
-      port:
-        api:
-          default: 8000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    deckhand:
-      name: deckhand
-      hosts:
-        default: deckhand-int
-        public: deckhand-api
-      port:
-        api:
-          default: 9000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    postgresql:
-      name: postgresql
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: postgresql+psycopg2
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    postgresql_airflow_celery:
-      name: postgresql_airflow_celery_db
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: db+postgresql
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9311
-          public: 80
-    airflow_oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /airflow
-      scheme: amqp
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /keystone
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-    oslo_cache:
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    physicalprovisioner:
-      name: drydock
-      hosts:
-        default: drydock-api
-        public: drydock-api
-      port:
-        api:
-          default: 9000
-          nodeport: 31900
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-        public:
-          host: drydock.gate.local
-    maas_region:
-      name: maas-region
-      hosts:
-        default: maas-region
-        public: maas-region
-      path:
-        default: /MAAS
-      scheme:
-        default: "http"
-      port:
-        region_api:
-          default: 80
-          nodeport: 31900
-          podport: 80
-          public: 80
-        region_proxy:
-          default: 8000
-      host_fqdn_override:
-        default: null
-        public:
-          host: maas.gate.local
-    maas_ingress:
-      hosts:
-        default: maas-ingress
-        error_pages: maas-ingress-error
-      host_fqdn_override:
-        public: null
-      port:
-        http:
-          default: 80
-        https:
-          default: 443
-        ingress_default_server:
-          default: 8383
-        error_pages:
-          default: 8080
-          podport: 8080
-        healthz:
-          podport: 10259
-        status:
-          podport: 18089
-    kubernetesprovisioner:
-      name: promenade
-      hosts:
-        default: promenade-api
-      port:
-        api:
-          default: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    shipyard:
-      name: shipyard
-      hosts:
-        default: shipyard-int
-        public: shipyard-api
-      port:
-        api:
-          default: 9000
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-        public:
-          host: shipyard.gate.local
-    prometheus_openstack_exporter:
-      namespace: ucp
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-  ceph:
-    object_store:
-      name: swift
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_mon:
-      namespace: ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6789
-    ceph_mgr:
-      namespace: ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7000
-      scheme:
-        default: "http"
-    tenant_ceph_mon:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6790
-    tenant_ceph_mgr:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7001
-        metrics:
-          default: 9284
-      scheme:
-        default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    object_store:
-      name: swift
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1/KEY_$(tenant_id)s
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    prometheus_mysql_exporter:
-      namespace: openstack
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    oslo_messaging:
-      statefulset:
-        name: airship-openstack-rabbitmq-rabbitmq
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /VHOST_NAME
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    openstack_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    oslo_cache:
-      namespace: openstack
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    identity:
-      namespace: openstack
-      name: keystone
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    image:
-      name: glance
-      hosts:
-        default: glance-api
-        public: glance
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9292
-          public: 80
-    image_registry:
-      name: glance-registry
-      hosts:
-        default: glance-registry
-        public: glance-reg
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9191
-          public: 80
-    volume:
-      name: cinder
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev2:
-      name: cinderv2
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev3:
-      name: cinderv3
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v3/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    orchestration:
-      name: heat
-      hosts:
-        default: heat-api
-        public: heat
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(project_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8004
-          public: 80
-    cloudformation:
-      name: heat-cfn
-      hosts:
-        default: heat-cfn
-        public: cloudformation
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8000
-          public: 80
-    cloudwatch:
-      name: heat-cloudwatch
-      hosts:
-        default: heat-cloudwatch
-        public: cloudwatch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      type: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8003
-          public: 80
-    network:
-      name: neutron
-      hosts:
-        default: neutron-server
-        public: neutron
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9696
-          public: 80
-    compute:
-      name: nova
-      hosts:
-        default: nova-api
-        public: nova
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8774
-          public: 80
-        novncproxy:
-          default: 80
-    compute_metadata:
-      name: nova
-      hosts:
-        default: nova-metadata
-        public: metadata
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        metadata:
-          default: 8775
-          public: 80
-    compute_novnc_proxy:
-      name: nova
-      hosts:
-        default: nova-novncproxy
-        public: novncproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /vnc_auto.html
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        novnc_proxy:
-          default: 6080
-          public: 80
-    compute_spice_proxy:
-      name: nova
-      hosts:
-        default: nova-spiceproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /spice_auto.html
-      scheme:
-        default: "http"
-      port:
-        spice_proxy:
-          default: 6082
-    placement:
-      name: placement
-      hosts:
-        default: placement-api
-        public: placement
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8778
-          public: 80
-    dashboard:
-      name: horizon
-      hosts:
-        default: horizon-int
-        public: horizon
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        web:
-          default: 80
-          public: 80
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.auth_path
-      dest:
-        path: .osh_infra.ldap.path.default
-        pattern: AUTH_PATH
-data:
-  osh_infra:
-    ceph_object_store:
-      name: radosgw
-      namespace: osh-infra
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    elasticsearch:
-      name: elasticsearch
-      namespace: osh-infra
-      hosts:
-        data: elasticsearch-data
-        default: elasticsearch-logging
-        discovery: elasticsearch-discovery
-        public: elasticsearch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-    prometheus_elasticsearch_exporter:
-      namespace: null
-      hosts:
-        default: elasticsearch-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9108
-    fluentd:
-      namespace: osh-infra
-      name: fluentd
-      hosts:
-        default: fluentd-logging
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        service:
-          default: 24224
-        metrics:
-          default: 24220
-    prometheus_fluentd_exporter:
-      namespace: osh-infra
-      hosts:
-        default: fluentd-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9309
-    oslo_db:
-      namespace: osh-infra
-      hosts:
-        default: mariadb
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-    prometheus_mysql_exporter:
-      namespace: osh-infra
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    grafana:
-      name: grafana
-      namespace: osh-infra
-      hosts:
-        default: grafana-dashboard
-        public: grafana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        grafana:
-          default: 3000
-          public: 80
-    monitoring:
-      name: prometheus
-      namespace: osh-infra
-      hosts:
-        default: prom-metrics
-        public: prometheus
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9090
-        http:
-          default: 80
-    kibana:
-      name: kibana
-      namespace: osh-infra
-      hosts:
-        default: kibana-dash
-        public: kibana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        kibana:
-          default: 5601
-          public: 80
-    alerts:
-      name: alertmanager
-      namespace: osh-infra
-      hosts:
-        default: alerts-engine
-        public: alertmanager
-        discovery: alertmanager-discovery
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9093
-          public: 80
-        mesh:
-          default: 6783
-    kube_state_metrics:
-      namespace: kube-system
-      hosts:
-        default: kube-state-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 8080
-    kube_scheduler:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    kube_controller_manager:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    node_metrics:
-      namespace: kube-system
-      hosts:
-        default: node-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9100
-        prometheus_port:
-          default: 9100
-    process_exporter_metrics:
-      namespace: kube-system
-      hosts:
-        default: process-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9256
-    prometheus_openstack_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-    nagios:
-      name: nagios
-      namespace: osh-infra
-      hosts:
-        default: nagios-metrics
-        public: nagios
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        http:
-          default: 80
-          public: 80
-    ldap:
-      hosts:
-        default: ldap
-      host_fqdn_override:
-        default: null
-      path:
-        default: /AUTH_PATH
-      scheme:
-        default: "ldap"
-      port:
-        ldap:
-          default: 389
-...
diff --git a/site/seaworthy-virt/software/config/service_accounts.yaml b/site/seaworthy-virt/software/config/service_accounts.yaml
deleted file mode 100644
index 9dad2920b..000000000
--- a/site/seaworthy-virt/software/config/service_accounts.yaml
+++ /dev/null
@@ -1,435 +0,0 @@
----
-# The purpose of this file is to define the account catalog for the site. This
-# mostly contains service usernames, but also contain some information which
-# should be changed like the region (site) name.
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-    ucp:
-        postgres:
-            admin:
-                username: postgres
-            replica:
-                username: standby
-            exporter:
-                username: psql_exporter
-        oslo_db:
-            admin:
-                username: root
-        oslo_messaging:
-            admin:
-                username: rabbitmq
-        keystone:
-            admin:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                username: admin
-                project_name: admin
-                user_domain_name: default
-                project_domain_name: default
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-            oslo_db:
-                username: keystone
-                database: keystone
-        promenade:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: promenade
-        drydock:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: drydock
-            postgres:
-                username: drydock
-                database: drydock
-        shipyard:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: shipyard
-            postgres:
-                username: shipyard
-                database: shipyard
-        airflow:
-            postgres:
-                username: airflow
-                database: airflow
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                user:
-                    username: airflow
-        maas:
-            admin:
-                username: admin
-                email: none@none
-            postgres:
-                username: maas
-                database: maasdb
-        barbican:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: barbican
-            oslo_db:
-                username: barbican
-                database: barbican
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-        armada:
-            keystone:
-                project_domain_name: default
-                user_domain_name: default
-                project_name: service
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                username: armada
-        deckhand:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: deckhand
-            postgres:
-                username: deckhand
-                database: deckhand
-        prometheus_openstack_exporter:
-            user:
-                region_name: seaworthy-virt
-                role: admin
-                username: prometheus-openstack-exporter
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-    ceph:
-        swift:
-            keystone:
-                role: admin
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: seaworthy-virt
-                username: swift
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.keystone.admin.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.cinder.cinder.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.glance.glance.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_trustee.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_stack_user.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.swift.keystone.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.neutron.neutron.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.nova.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.placement.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.barbican.barbican.region_name
-data:
-  osh:
-    keystone:
-      admin:
-        username: admin
-        project_name: admin
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: keystone
-        database: keystone
-      oslo_messaging:
-        keystone:
-          username: keystone-rabbitmq-user
-      ldap:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        username: "test@ldap.example.com"
-    cinder:
-      cinder:
-        role: admin
-        username: cinder
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: cinder
-        database: cinder
-      oslo_messaging:
-        cinder:
-          username: cinder-rabbitmq-user
-    glance:
-      glance:
-        role: admin
-        username: glance
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: glance
-        database: glance
-      oslo_messaging:
-        glance:
-          username: glance-rabbitmq-user
-      ceph_object_store:
-        username: glance
-    heat:
-      heat:
-        role: admin
-        username: heat
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_trustee:
-        role: admin
-        username: heat-trust
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_stack_user:
-        role: admin
-        username: heat-domain
-        domain_name: heat
-      oslo_db:
-        username: heat
-        database: heat
-      oslo_messaging:
-        heat:
-          username: heat-rabbitmq-user
-    swift:
-      keystone:
-        role: admin
-        username: swift
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-oslodb-exporter
-    neutron:
-      neutron:
-        role: admin
-        username: neutron
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: neutron
-        database: neutron
-      oslo_messaging:
-        neutron:
-          username: neutron-rabbitmq-user
-    nova:
-      nova:
-        role: admin
-        username: nova
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      placement:
-        role: admin
-        username: placement
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: nova
-        database: nova
-      oslo_db_api:
-        username: nova
-        database: nova_api
-      oslo_db_cell0:
-        username: nova
-        database: "nova_cell0"
-      oslo_messaging:
-        nova:
-          username: nova-rabbitmq-user
-    horizon:
-      oslo_db:
-        username: horizon
-        database: horizon
-    barbican:
-      barbican:
-        role: admin
-        username: barbican
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: barbican
-        database: barbican
-      oslo_messaging:
-        barbican:
-          username: barbican-rabbitmq-user
-    oslo_messaging:
-      admin:
-        username: admin
-    tempest:
-      tempest:
-        role: admin
-        username: tempest
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh_infra.prometheus_openstack_exporter.user.region_name
-data:
-  osh_infra:
-    ceph_object_store:
-      admin:
-        username: s3_admin
-      elasticsearch:
-        username: elasticsearch
-    grafana:
-      admin:
-        username: grafana
-      oslo_db:
-        username: grafana
-        database: grafana
-      oslo_db_session:
-        username: grafana_session
-        database: grafana_session
-    elasticsearch:
-      admin:
-        username: elasticsearch
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-infra-oslodb-exporter
-    prometheus_openstack_exporter:
-      user:
-        role: admin
-        username: prometheus-openstack-exporter
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    nagios:
-      admin:
-        username: nagios
-    prometheus:
-      admin:
-        username: prometheus
-    ldap:
-      admin:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        bind: "test@ldap.example.com"
-...
diff --git a/site/seaworthy-virt/software/manifests/bootstrap.yaml b/site/seaworthy-virt/software/manifests/bootstrap.yaml
deleted file mode 100644
index 694d1286e..000000000
--- a/site/seaworthy-virt/software/manifests/bootstrap.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-bootstrap
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: cluster-bootstrap-global
-    actions:
-      - method: merge
-        path: .
-      - method: replace
-        path: .chart_groups
-  storagePolicy: cleartext
-data:
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-...
diff --git a/site/seaworthy-virt/software/manifests/full-site.yaml b/site/seaworthy-virt/software/manifests/full-site.yaml
deleted file mode 100644
index 1b0cad972..000000000
--- a/site/seaworthy-virt/software/manifests/full-site.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  name: full-site
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: full-site-global
-    actions:
-      - method: merge
-        path: .
-      - method: replace
-        path: .chart_groups
-  labels:
-    name: full-site-global
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph-update
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock-scaled
-    - ucp-promenade
-    - ucp-shipyard
-...
diff --git a/site/seaworthy/baremetal/bootactions/promjoin.yaml b/site/seaworthy/baremetal/bootactions/promjoin.yaml
deleted file mode 100644
index 1042934a5..000000000
--- a/site/seaworthy/baremetal/bootactions/promjoin.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-# This file defines a boot action which is responsible for fetching the node's
-# promjoin script from the promenade API. This is the script responsible for
-# installing kubernetes on the node and joining the kubernetes cluster.
-# #GLOBAL-CANDIDATE#
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: promjoin
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    application: 'drydock'
-data:
-  signaling: false
-  # TODO(alanmeadows) move what is global about this document
-  assets:
-    - path: /opt/promjoin.sh
-      type: file
-      permissions: '555'
-      # The ip= parameter must match the MaaS network name of the network used
-      # to contact kubernetes. With a standard, reference Airship deployment where
-      # L2 networks are shared between all racks, the network name (i.e. calico)
-      # should be correct.
-      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
-      location_pipeline:
-        - template
-      data_pipeline:
-        - utf8_decode
-...
diff --git a/site/seaworthy/baremetal/nodes.yaml b/site/seaworthy/baremetal/nodes.yaml
deleted file mode 100644
index 968b5e11d..000000000
--- a/site/seaworthy/baremetal/nodes.yaml
+++ /dev/null
@@ -1,254 +0,0 @@
----
-# Drydock BaremetalNode resources for a specific rack are stored in this file.
-#
-# NOTE: For new sites, you should complete the networks/physical/networks.yaml
-# file before working on this file.
-#
-# In this file, you should make the number of `drydock/BaremetalNode/v1`
-# resources equal the number of bare metal nodes you have, either by deleting
-# excess BaremetalNode definitions (if there are too many), or by copying and
-# pasting the last BaremetalNode in the file until you have the correct number
-# of baremetal nodes (if there are too few).
-#
-# Then in each file, address all additional NEWSITE-CHANGEME markers to update
-# the data in these files with the right values for your new site.
-#
-# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
-# that the Genesis node does not appear on this bare metal list, because the
-# procedure to reprovision the Genesis host with MaaS has not yet been
-# implemented. Therefore there will be only three bare metal nodes in this file
-# with the 'masters' tag, as the genesis roles are assigned in a difference
-# place (profiles/genesis.yaml).
-# NOTE: The host profiles for the control plane are further divided into two
-# variants: primary and secondary. The only significance this has is that the
-# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
-# standby nodes. For Ceph quorum, this means that the control plane split will
-# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
-# of the 3 primary profiles. Other control plane services are not affected by
-# primary vs secondary designation.
-#
-# TODO: Include the hostname naming convention
-#
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
-  # after (excluding) genesis.
-  name: cab23-r720-12
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
-  # node. In the reference Airship deployment, this is all logical Networks defined
-  # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
-  # (what could possibly go wrong!) The instructions differ for each logical
-  # network, which are laid out below.
-  addressing:
-    # The iDrac/iLo IP of the node. It's important that this match up with the
-    # node's hostname above, so that the rack number and node position encoded
-    # in the hostname are accurate and matching the node that IPMI operations
-    # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
-    # reconfigure identity, etc - very important to get right for these reasons).
-    # These addresses should already be assigned to nodes racked and stacked in
-    # the environment; these are not addresses which MaaS assigns.
-    - network: oob
-      address: 10.23.104.12
-    # The IP of the node on the PXE network. Refer to the static IP range
-    # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
-    # IPs from this network, starting with the second IP (inclusive) from the
-    # allocation range of this subnet (Genesis node will have the first IP).
-    # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
-    # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
-    # so on with incrementing IP addresses with each additional node.
-    - network: pxe
-      address: 10.23.20.12
-    # Genesis node gets first IP, all other nodes increment IPs from there
-    # within the allocation range defined for the network in
-    # networks/physical/networks.yaml
-    - network: oam
-      address: 10.23.21.12
-    # Genesis node gets first IP, all other nodes increment IPs from there
-    # within the allocation range defined for the network in
-    # networks/physical/networks.yaml
-    - network: storage
-      address: 10.23.23.12
-    # Genesis node gets first IP, all other nodes increment IPs from there
-    # within the allocation range defined for the network in
-    # networks/physical/networks.yaml
-    - network: overlay
-      address: 10.23.24.12
-    # Genesis node gets first IP, all other nodes increment IPs from there
-    # within the allocation range defined for the network in
-    # networks/physical/networks.yaml
-    - network: calico
-      address: 10.23.22.12
-  # NEWSITE-CHANGEME: Set the host profile for the node.
-  # Note that there are different host profiles depending if this is a control
-  # plane vs data plane node, and different profiles that map to different types
-  # hardware. Control plane host profiles are further broken down into "primary"
-  # and "secondary" profiles (refer to the Notes section at the top of this doc).
-  # Select the host profile that matches up to your type of
-  # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
-  # 'cp' refers to a control plane profile, and the "primary" means it will be
-  # an active member in the ceph quorum. Refer to profiles/host/ for the list
-  # of available host profiles specific to this site (otherwise, you may find
-  # a general set of host profiles at the "type" or "global" layers/folders.
-  # If you have hardware that is not on this list of profiles, you may need to
-  # create a new host profile for that hardware.
-  # Regarding control plane vs other data plane profiles, refer to the notes at
-  # the beginning of this file. There should be one control plane node per rack,
-  # including Genesis. Note Genesis won't actually be listed in this file as a
-  # BaremetalNode, but the rest are.
-  # This is the second "primary" control plane node after Genesis.
-  host_profile: cp_r720-primary
-  metadata:
-    tags:
-      # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
-      # plane node, and 'workers' tag for data plane hosts.
-      - 'masters'
-    # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
-    # documentation for the specific rack name. This should be a rack name that
-    # is meaningful to data center personnel (i.e. a rack they could locate if
-    # you gave them this rack designation).
-    rack: cab23
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: The next node's hostname
-  name: cab23-r720-13
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The next node's IPv4 addressing
-  addressing:
-    - network: oob
-      address: 10.23.104.13
-    - network: pxe
-      address: 10.23.20.13
-    - network: oam
-      address: 10.23.21.13
-    - network: storage
-      address: 10.23.23.13
-    - network: overlay
-      address: 10.23.24.13
-    - network: calico
-      address: 10.23.22.13
-  # NEWSITE-CHANGEME: The next node's host profile
-  host_profile: cp_r720-primary
-  metadata:
-    # NEWSITE-CHANGEME: The next node's rack designation
-    rack: cab23
-    # NEWSITE-CHANGEME: The next node's role desigatnion
-    tags:
-      - 'masters'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: The next node's hostname
-  name: cab23-r720-14
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The next node's IPv4 addressing
-  addressing:
-    - network: oob
-      address: 10.23.104.14
-    - network: pxe
-      address: 10.23.20.14
-    - network: oam
-      address: 10.23.21.14
-    - network: storage
-      address: 10.23.23.14
-    - network: overlay
-      address: 10.23.24.14
-    - network: calico
-      address: 10.23.22.14
-  # NEWSITE-CHANGEME: The next node's host profile
-  # This is the third "primary" control plane profile after genesis
-  host_profile: dp_r720
-  metadata:
-    # NEWSITE-CHANGEME: The next node's rack designation
-    rack: cab23
-    # NEWSITE-CHANGEME: The next node's role desigatnion
-    tags:
-      - 'workers'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: The next node's hostname
-  name: cab23-r720-17
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The next node's IPv4 addressing
-  addressing:
-    - network: oob
-      address: 10.23.104.17
-    - network: pxe
-      address: 10.23.20.17
-    - network: oam
-      address: 10.23.21.17
-    - network: storage
-      address: 10.23.23.17
-    - network: overlay
-      address: 10.23.24.17
-    - network: calico
-      address: 10.23.22.17
-  # NEWSITE-CHANGEME: The next node's host profile
-  # This is the one and only appearance of the "secondary" control plane profile
-  host_profile: dp_r720
-  metadata:
-    # NEWSITE-CHANGEME: The next node's rack designation
-    rack: cab23
-    # NEWSITE-CHANGEME: The next node's role desigatnion
-    tags:
-      - 'workers'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: The next node's hostname
-  name: cab23-r720-19
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: The next node's IPv4 addressing
-  addressing:
-    - network: oob
-      address: 10.23.104.19
-    - network: pxe
-      address: 10.23.20.19
-    - network: oam
-      address: 10.23.21.19
-    - network: storage
-      address: 10.23.23.19
-    - network: overlay
-      address: 10.23.24.19
-    - network: calico
-      address: 10.23.22.19
-  # NEWSITE-CHANGEME: The next node's host profile
-  host_profile: dp_r720
-  metadata:
-    # NEWSITE-CHANGEME: The next node's rack designation
-    rack: cab23
-    # NEWSITE-CHANGEME: The next node's role desigatnion
-    tags:
-      - 'workers'
-...
diff --git a/site/seaworthy/deployment/deployment-configuration.yaml b/site/seaworthy/deployment/deployment-configuration.yaml
deleted file mode 100644
index bfc6c0cbb..000000000
--- a/site/seaworthy/deployment/deployment-configuration.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# The purpose of this file is to provide shipyard related deployment config
-# parameters. This should not require modification for a new site. However,
-# shipyard deployment strategies can be very useful in getting around certain
-# failures, like misbehaving nodes that hold up the deployment. See more at
-# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
-  schema: metadata/Document/v1
-  name: deployment-configuration
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  physical_provisioner:
-    deployment_strategy: deployment-strategy
-    deploy_interval: 30
-    deploy_timeout: 3600
-    destroy_interval: 30
-    destroy_timeout: 900
-    join_wait: 0
-    prepare_node_interval: 30
-    prepare_node_timeout: 1800
-    prepare_site_interval: 10
-    prepare_site_timeout: 300
-    verify_interval: 10
-    verify_timeout: 60
-  kubernetes_provisioner:
-    drain_timeout: 3600
-    drain_grace_period: 1800
-    clear_labels_timeout: 1800
-    remove_etcd_timeout: 1800
-    etcd_ready_timeout: 600
-  armada:
-    get_releases_timeout: 300
-    get_status_timeout: 300
-    manifest: 'full-site'
-    post_apply_timeout: 7200
-    validate_design_timeout: 600
-...
diff --git a/site/seaworthy/networks/common-addresses.yaml b/site/seaworthy/networks/common-addresses.yaml
deleted file mode 100644
index b048d7f25..000000000
--- a/site/seaworthy/networks/common-addresses.yaml
+++ /dev/null
@@ -1,158 +0,0 @@
----
-# The purpose of this file is to define network related paramters that are
-# referenced elsewhere in the manifests for this site.
-#
-# TODO: Include bare metal host FQDN naming standards
-# TODO: Include ingress FQDN naming standards
-schema: pegleg/CommonAddresses/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-addresses
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  calico:
-    # NEWSITE-CHANGEME: The interface that calico will use. Update if your
-    # logical bond interface name or calico VLAN have changed from the reference
-    # site design.
-    # This should be whichever
-    # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
-    # network. E.g. VLAN 22 for the calico network as a member of bond0, you
-    # would set "interface=bond0.22" as shown here.
-    ip_autodetection_method: interface=bond0.22
-    etcd:
-      # etcd service IP address
-      service_ip: 10.96.232.136
-
-  vip:
-    ingress_vip: '10.23.21.20/32'
-    maas_vip: '10.23.20.9/32'
-
-  dns:
-    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
-    cluster_domain: cluster.local
-    # DNS service ip
-    service_ip: 10.96.0.10
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    upstream_servers:
-      - 8.8.8.8
-      - 8.8.4.4
-    # Repeat the same values as above, but formatted as a common separated
-    # string
-    upstream_servers_joined: 8.8.8.8,8.8.4.4
-    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
-    # Choose FQDN according to the ingress/public FQDN naming conventions at
-    # the top of this document.
-    ingress_domain: atlantafoundry.com
-
-  genesis:
-    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
-    # the Genesis role. Refer to the hostname naming stardards in
-    # networks/physical/networks.yaml
-    # NOTE: Ensure that the genesis node is manually configured with this
-    # hostname before running `genesis.sh` on the node.
-    hostname: cab23-r720-11
-    # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
-    # the calico network defined in networks/physical/networks.yaml for this IP.
-    ip: 10.23.22.11
-
-  bootstrap:
-    # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
-    # defined for the pxe network in networks/physical/networks.yaml
-    ip: 10.23.20.11
-
-  kubernetes:
-    # K8s API service IP
-    api_service_ip: 10.96.0.1
-    # etcd service IP
-    etcd_service_ip: 10.96.0.2
-    # k8s pod CIDR (network which pod traffic will traverse)
-    pod_cidr: 10.97.0.0/16
-    # k8s service CIDR (network which k8s API traffic will traverse)
-    service_cidr: 10.96.0.0/16
-    # misc k8s port settings
-    apiserver_port: 6443
-    haproxy_port: 6553
-    service_node_port_range: 30000-32767
-
-  # etcd port settings
-  etcd:
-    container_port: 2379
-    haproxy_port: 2378
-
-  # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
-  # control plane servers. Ensure that this matches the nodes with the 'masters'
-  # tags applied in baremetal/nodes.yaml
-  masters:
-    - hostname: cab23-r720-12
-    - hostname: cab23-r720-13
-    - hostname: cab23-r720-14
-
-  # NEWSITE-CHANGEME: Environment proxy information.
-  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
-  # should be commented out.
-  # However if you are in a lab that requires proxy, ensure that these proxy
-  # settings are correct and reachable in your environment; otherwise update
-  # them with the correct values for your environment.
-  proxy:
-    http: ""
-    https: ""
-    no_proxy: []
-
-  node_ports:
-    drydock_api: 30000
-    maas_api: 30001
-    maas_proxy: 31800  # hardcoded in MAAS
-
-  ntp:
-    # comma separated NTP server list. Verify that these upstream NTP servers are
-    # reachable in your environment; otherwise update them with the correct
-    # values for your environment.
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
-
-  # NOTE: This will be updated soon
-  ldap:
-    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
-    # relevant for your type of deployment (test vs prod values, etc).
-    base_url: 'ldap.example.com'
-    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
-    url: 'ldap://ldap.example.com'
-    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
-    # deployment (test vs prod values, etc)
-    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
-    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
-    # relevant for this deployment (test users vs prod users/values, etc)
-    common_name: test
-    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
-    # deployment (test vs prod values, etc)
-    subdomain: test
-    # NEWSITE-CHANGEME: Update to the correct domain for your type of
-    # deployment (test vs prod values, etc)
-    domain: example
-
-  storage:
-    ceph:
-      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
-      # used for the `storage` network in networks/physical/networks.yaml
-      public_cidr: '10.23.23.0/24'
-      cluster_cidr: '10.23.23.0/24'
-
-  neutron:
-    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
-    # VLAN number are consistent with what's defined for the bond and the overlay
-    # network in networks/physical/networks.yaml
-    tunnel_device: 'bond0.24'
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'bond0'
-
-  openvswitch:
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'bond0'
-...
diff --git a/site/seaworthy/networks/physical/networks.yaml b/site/seaworthy/networks/physical/networks.yaml
deleted file mode 100644
index ce9b7222e..000000000
--- a/site/seaworthy/networks/physical/networks.yaml
+++ /dev/null
@@ -1,301 +0,0 @@
----
-# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
-# devices) and Networks (i.e. layer 3 configurations). The following is standard
-# for the logical networks in Airship:
-#
-# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
-# | Network  |                                   | Per-rack or    |              |                                                    |   VLAN tagged   |
-# |   Name   |             Purpose               | per-site CIDR? | Has gateway? |                    Bond                            |  or untagged?   |
-# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
-# |   oob    | Out of Band devices (iDrac/iLo)   | per-site CIDR  | Has gateway  |                No bond, N/A                        | Untagged/Native |
-# |   pxe    | PXE boot network                  | per-site CIDR  | No gateway   | No bond, no LACP fallback. Dedicated PXE interface | Untagged/Native |
-# |   oam    | management network                | per-site CIDR  | Has gateway  |               member of bond0                      |     tagged      |
-# | storage  | storage network                   | per-site CIDR  | No gateway   |               member of bond0                      |     tagged      |
-# |  calico  | underlay calico net; k8s traffic  | per-site CIDR  | No gateway   |               member of bond0                      |     tagged      |
-# | overlay  | overlay network for openstack SDN | per-site CIDR  | No gateway   |               member of bond0                      |     tagged      |
-# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
-#
-# For standard Airship deployments, you should not need to modify the number of
-# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
-# need editing.
-#
-# TODO: Given that we expect all network broadcast domains to span all racks in
-# Airship, we should choose network names that do not include the rack number.
-#
-# TODO: FQDN naming standards for hosts
-#
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # MaaS doesnt own this network like it does the others, so the noconfig label
-  # is specified.
-  labels:
-    noconfig: enabled
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: oob
-  allowed_networks:
-    - oob
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
-  cidr: 10.23.104.0/24
-  routes:
-    # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
-    - subnet: '0.0.0.0/0'
-      gateway: 10.23.104.1
-      metric: 100
-  # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
-  # FIXME: Is this IP range actually used/allocated for anything? The HW already
-  # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
-  # network either, as they should be routable via the default gw on OAM network
-  ranges:
-    - type: static
-      start: 10.23.104.11
-      end: 10.23.104.21
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: pxe
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: pxe
-  allowed_networks:
-    - pxe
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: pxe
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
-  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
-  cidr: 10.23.20.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
-      gateway: 10.23.20.1
-      metric: 100
-  # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
-  # The remainder of the range is divided between two subnets of equal size:
-  # one static, and one DHCP.
-  # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
-  # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
-  # its IP address). However, when MaaS installs the operating system
-  # ("Deploying/Deployed" states), it will write a static IP assignment to
-  # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.23.20.1
-      end: 10.23.20.10
-    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
-    # excluding the 10 reserved IPs.
-    - type: static
-      start: 10.23.20.11
-      end: 10.23.20.21
-    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
-    # excluding the 10 reserved IPs.
-    - type: dhcp
-      start: 10.23.20.40
-      end: 10.23.20.80
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: atlantafoundry.com
-    # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
-    # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
-    # deployed without requiring routed/internet access for the PXE interface.
-    # See data.vip.maas_vip in networks/common-addresses.yaml
-    servers: '10.23.20.9'
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: bond0
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: 802.3ad
-    hash: layer3+4
-    peer_rate: fast
-    mon_rate: 100
-    up_delay: 1000
-    down_delay: 3000
-  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
-  # configured for this MTU or greater. Even if switches are configured for or
-  # can support a slightly higher MTU, there is no need (and negliable benefit)
-  # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
-  # 9100 for maximum compatibility.
-  mtu: 9100
-  linkspeed: auto
-  trunking:
-    mode: 802.1q
-  allowed_networks:
-    - oam
-    - storage
-    - overlay
-    - calico
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oam
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
-  vlan: '21'
-  mtu: 9100
-  # NEWSITE-CHANGEME: Set the CIDR for the OAM network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.23.21.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
-      gateway: 10.23.21.1
-      metric: 100
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.23.21.1
-      end: 10.23.21.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.23.21.11
-      end: 10.23.21.21
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: atlantafoundry.com
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    # TODO: This should be populated via substitution from common-addresses
-    servers: '8.8.8.8,8.8.4.4,208.67.222.222'
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: storage
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
-  vlan: '23'
-  mtu: 9100
-  # NEWSITE-CHANGEME: Set the CIDR for the storage network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.23.23.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.23.23.1
-      end: 10.23.23.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.23.23.11
-      end: 10.23.23.21
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: overlay
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on
-  vlan: '24'
-  mtu: 9100
-  # NEWSITE-CHANGEME: Set the CIDR for the overlay network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.23.24.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.23.24.1
-      end: 10.23.24.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.23.24.11
-      end: 10.23.24.21
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: calico
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on
-  vlan: '22'
-  mtu: 9100
-  # NEWSITE-CHANGEME: Set the CIDR for the calico network
-  # NOTE: The CIDR minimum size = number of nodes + 10
-  cidr: 10.23.22.0/24
-  ranges:
-    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
-    - type: reserved
-      start: 10.23.22.1
-      end: 10.23.22.10
-    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
-    # 10 reserved IPs.
-    - type: static
-      start: 10.23.22.11
-      end: 10.23.22.21
-...
diff --git a/site/seaworthy/pki/pki-catalog.yaml b/site/seaworthy/pki/pki-catalog.yaml
deleted file mode 100644
index 758c3ab5c..000000000
--- a/site/seaworthy/pki/pki-catalog.yaml
+++ /dev/null
@@ -1,358 +0,0 @@
----
-# The purpose of this file is to define the PKI certificates for the environment
-#
-# NOTE: When deploying a new site, this file should not be configured until
-# baremetal/nodes.yaml is complete.
-#
-schema: promenade/PKICatalog/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cluster-certificates
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  certificate_authorities:
-    kubernetes:
-      description: CA for Kubernetes components
-      certificates:
-        - document_name: apiserver
-          description: Service certificate for Kubernetes apiserver
-          common_name: apiserver
-          hosts:
-            - localhost
-            - 127.0.0.1
-            # FIXME: Repetition of api_service_ip in common-addresses; use
-            # substitution
-            - 10.96.0.1
-          kubernetes_service_names:
-            - kubernetes.default.svc.cluster.local
-
-        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
-        # the environment (genesis, control plane, data plane, everything).
-        # Add/delete from this list as necessary until all nodes are listed.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        # NOTE: The genesis node needs to be defined twice (the first two entries
-        # on this list) with all of the same paramters except the document_name.
-        # In the first case the document_name is `kubelet-genesis`, and in the
-        # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
-        - document_name: kubelet-genesis
-          common_name: system:node:cab23-r720-11
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-11
-          common_name: system:node:cab23-r720-11
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-12
-          common_name: system:node:cab23-r720-12
-          hosts:
-            - cab23-r720-12
-            - 10.23.21.12
-            - 10.23.22.12
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-13
-          common_name: system:node:cab23-r720-13
-          hosts:
-            - cab23-r720-13
-            - 10.23.21.13
-            - 10.23.22.13
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-14
-          common_name: system:node:cab23-r720-14
-          hosts:
-            - cab23-r720-14
-            - 10.23.21.14
-            - 10.23.22.14
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-17
-          common_name: system:node:cab23-r720-17
-          hosts:
-            - cab23-r720-17
-            - 10.23.21.17
-            - 10.23.22.17
-          groups:
-            - system:nodes
-        - document_name: kubelet-cab23-r720-19
-          common_name: system:node:cab23-r720-19
-          hosts:
-            - cab23-r720-19
-            - 10.23.21.19
-            - 10.23.22.19
-          groups:
-            - system:nodes
-        # End node list
-        - document_name: scheduler
-          description: Service certificate for Kubernetes scheduler
-          common_name: system:kube-scheduler
-        - document_name: controller-manager
-          description: certificate for controller-manager
-          common_name: system:kube-controller-manager
-        - document_name: admin
-          common_name: admin
-          groups:
-            - system:masters
-        - document_name: armada
-          common_name: armada
-          groups:
-            - system:masters
-    kubernetes-etcd:
-      description: Certificates for Kubernetes's etcd servers
-      certificates:
-        - document_name: apiserver-etcd
-          description: etcd client certificate for use by Kubernetes apiserver
-          common_name: apiserver
-        # NOTE(mark-burnett): hosts not required for client certificates
-        - document_name: kubernetes-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   4. 127.0.0.1
-        #   5. localhost
-        #   6. kubernetes-etcd.kube-system.svc.cluster.local
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml, except for the kubernetes
-        # service_cidr where it should start with the second IP in the range.
-        # NOTE: The genesis node is defined twice with the same `hosts` data:
-        # Once with its hostname in the common/document name, and once with
-        # `genesis` defined instead of the host. For now, this duplicated
-        # genesis definition is required. FIXME: Remove duplicate definition
-        # after Promenade addresses this issue.
-        - document_name: kubernetes-etcd-genesis
-          common_name: kubernetes-etcd-genesis
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-11
-          common_name: kubernetes-etcd-cab23-r720-11
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-12
-          common_name: kubernetes-etcd-cab23-r720-12
-          hosts:
-            - cab23-r720-12
-            - 10.23.21.12
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-13
-          common_name: kubernetes-etcd-cab23-r720-13
-          hosts:
-            - cab23-r720-13
-            - 10.23.21.13
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-14
-          common_name: kubernetes-etcd-cab23-r720-14
-          hosts:
-            - cab23-r720-14
-            - 10.23.21.14
-            - 10.23.22.14
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    kubernetes-etcd-peer:
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: kubernetes-etcd-genesis-peer
-          common_name: kubernetes-etcd-genesis-peer
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-11-peer
-          common_name: kubernetes-etcd-cab23-r720-11-peer
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-12-peer
-          common_name: kubernetes-etcd-cab23-r720-12-peer
-          hosts:
-            - cab23-r720-12
-            - 10.23.21.12
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-13-peer
-          common_name: kubernetes-etcd-cab23-r720-13-peer
-          hosts:
-            - cab23-r720-13
-            - 10.23.21.13
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-cab23-r720-14-peer
-          common_name: kubernetes-etcd-cab23-r720-14-peer
-          hosts:
-            - cab23-r720-14
-            - 10.23.21.14
-            - 10.23.22.14
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    calico-etcd:
-      description: Certificates for Calico etcd client traffic
-      certificates:
-        - document_name: calico-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
-        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   4. 127.0.0.1
-        #   5. localhost
-        #   6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        - document_name: calico-etcd-cab23-r720-11
-          common_name: calico-etcd-cab23-r720-11
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-12
-          common_name: calico-etcd-cab23-r720-12
-          hosts:
-            - cab23-r720-12
-            - 10.23.21.12
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-13
-          common_name: calico-etcd-cab23-r720-13
-          hosts:
-            - cab23-r720-13
-            - 10.23.21.13
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-14
-          common_name: calico-etcd-cab23-r720-14
-          hosts:
-            - cab23-r720-14
-            - 10.23.21.14
-            - 10.23.22.14
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node
-          common_name: calcico-node
-        # End node list
-    calico-etcd-peer:
-      description: Certificates for Calico etcd clients
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: calico-etcd-cab23-r720-11-peer
-          common_name: calico-etcd-cab23-r720-11-peer
-          hosts:
-            - cab23-r720-11
-            - 10.23.21.11
-            - 10.23.22.11
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-12-peer
-          common_name: calico-etcd-cab23-r720-12-peer
-          hosts:
-            - cab23-r720-12
-            - 10.23.21.12
-            - 10.23.22.12
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-13-peer
-          common_name: calico-etcd-cab23-r720-13-peer
-          hosts:
-            - cab23-r720-13
-            - 10.23.21.13
-            - 10.23.22.13
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-cab23-r720-14-peer
-          common_name: calico-etcd-cab23-r720-14-peer
-          hosts:
-            - cab23-r720-14
-            - 10.23.21.14
-            - 10.23.22.14
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node-peer
-          common_name: calcico-node-peer
-        # End node list
-  keypairs:
-    - name: service-account
-      description: Service account signing key for use by Kubernetes controller-manager.
-...
diff --git a/site/seaworthy/profiles/genesis.yaml b/site/seaworthy/profiles/genesis.yaml
deleted file mode 100644
index 54c527687..000000000
--- a/site/seaworthy/profiles/genesis.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-# The purpose of this file is to apply proper labels to Genesis node so the
-# proper services are installed and proper configuration applied. This should
-# not need to be changed for a new site.
-# #GLOBAL-CANDIDATE#
-schema: promenade/Genesis/v1
-metadata:
-  schema: metadata/Document/v1
-  name: genesis-site
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: genesis-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  labels:
-    dynamic:
-      - beta.kubernetes.io/fluentd-ds-ready=true
-      - calico-etcd=enabled
-      - ceph-mds=enabled
-      - ceph-mon=enabled
-      - ceph-osd=enabled
-      - ceph-rgw=enabled
-      - ceph-mgr=enabled
-      - ceph-bootstrap=enabled
-      - tenant-ceph-control-plane=enabled
-      - tenant-ceph-mon=enabled
-      - tenant-ceph-rgw=enabled
-      - tenant-ceph-mgr=enabled
-      - kube-dns=enabled
-      - kube-ingress=enabled
-      - kubernetes-apiserver=enabled
-      - kubernetes-controller-manager=enabled
-      - kubernetes-etcd=enabled
-      - kubernetes-scheduler=enabled
-      - promenade-genesis=enabled
-      - ucp-control-plane=enabled
-      - maas-rack=enabled
-      - maas-region=enabled
-      - ceph-osd-bootstrap=enabled
-      - openstack-control-plane=enabled
-      - openvswitch=enabled
-      - openstack-l3-agent=enabled
-      - node-exporter=enabled
-...
diff --git a/site/seaworthy/profiles/hardware/dell_r720.yaml b/site/seaworthy/profiles/hardware/dell_r720.yaml
deleted file mode 100644
index 55e134c71..000000000
--- a/site/seaworthy/profiles/hardware/dell_r720.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-schema: 'drydock/HardwareProfile/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: dell_r720
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # Vendor of the server chassis
-  vendor: DELL
-  # Generation of the chassis model
-  generation: '8'
-  # Version of the chassis model within its generation - not version of the hardware definition
-  hw_version: '3'
-  # The certified version of the chassis BIOS
-  bios_version: '2.2.3'
-  # Mode of the default boot of hardware - bios, uefi
-  boot_mode: bios
-  # Protocol of boot of the hardware - pxe, usb, hdd
-  bootstrap_protocol: pxe
-  # Which interface to use for network booting within the OOB manager, not OS device
-  pxe_interface: 0
-  # Map hardware addresses to aliases/roles to allow a mix of hardware configs
-  # in a site to result in a consistent configuration
-  device_aliases:
-    ## network
-    # eno1
-    pxe_nic01:
-      address: '0000:01:00.0'
-      # type could identify expected hardware - used for hardware manifest validation
-      dev_type: 'I350 Gigabit Network Connection'
-      bus_type: 'pci'
-    # enp67s0f0 - for data plane traffic
-    dp_nic01:
-      address: '0000:43:00.0'
-      dev_type: 'Ethernet 10G 2P X520 Adapter'
-      bus_type: 'pci'
-    # enp67s0f1 - for control plane traffic
-    cp_nic01:
-      address: '0000:43:00.1'
-      dev_type: 'Ethernet 10G 2P X520 Adapter'
-      bus_type: 'pci'
-    # enp68s0f0 - for control plane traffic
-    cp_nic02:
-      address: '0000:44:00.0'
-      dev_type: 'Ethernet 10G 2P X520 Adapter'
-      bus_type: 'pci'
-    # enp68s0f1 - for data plane traffic
-    dp_nic02:
-      address: '0000:44:00.1'
-      dev_type: 'Ethernet 10G 2P X520 Adapter'
-      bus_type: 'pci'
-    ## storage
-    # /dev/sda
-    bootdisk:
-      address: '0:2.0.0'
-      dev_type: 'PERC H710P'
-      bus_type: 'scsi'
-    # /dev/sdb
-    cephjournal1:
-      address: '0:2.1.0'
-      dev_type: 'PERC H710P'
-      bus_type: 'scsi'
-    # /dev/sdc
-    cephjournal2:
-      address: '0:2.2.0'
-      dev_type: 'PERC H710P'
-      bus_type: 'scsi'
-    # /dev/sdc
-    ephemeral:
-      address: '0:2.3.0'
-      dev_type: 'PERC H710P'
-      bus_type: 'scsi'
-...
diff --git a/site/seaworthy/profiles/host/cp_r720.yaml b/site/seaworthy/profiles/host/cp_r720.yaml
deleted file mode 100644
index 81806337c..000000000
--- a/site/seaworthy/profiles/host/cp_r720.yaml
+++ /dev/null
@@ -1,224 +0,0 @@
----
-# The primary control plane host profile for Airship for DELL R720s, and
-# should not need to be altered if you are using matching HW. The active
-# participants in the Ceph cluster run on this profile. Other control plane
-# services are not affected by primary vs secondary designation.
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cp_r720-primary
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: cp-global
-    actions:
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .storage
-      - method: merge
-        path: .
-data:
-  hardware_profile: dell_r720
-
-  primary_network: oam
-  interfaces:
-    pxe:
-      device_link: pxe
-      slaves:
-        - pxe_nic01
-      networks:
-        - pxe
-    bond0:
-      device_link: bond0
-      slaves:
-        - cp_nic01
-        - cp_nic02
-      networks:
-        - oam
-        - storage
-        - overlay
-        - calico
-
-  storage:
-    physical_devices:
-      bootdisk:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var_log'
-            size: '100g'
-            filesystem:
-              mountpoint: '/var/log'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-
-  platform:
-    kernel: 'hwe-16.04'
-    kernel_params:
-      console: 'ttyS1,115200n8'
-
-  metadata:
-    owner_data:
-      openstack-l3-agent: enabled
-...
----
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: cp_r740-secondary
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: cp-global
-    actions:
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .storage
-      - method: replace
-        path: .metadata.owner_data
-      - method: merge
-        path: .
-data:
-  hardware_profile: dell_r720
-
-  primary_network: oam
-  interfaces:
-    pxe:
-      device_link: pxe
-      slaves:
-        - pxe_nic01
-      networks:
-        - pxe
-    bond0:
-      device_link: bond0
-      slaves:
-        - cp_nic01
-        - cp_nic02
-      networks:
-        - oam
-        - storage
-        - overlay
-        - calico
-
-  storage:
-    physical_devices:
-      bootdisk:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var_log'
-            size: '100g'
-            filesystem:
-              mountpoint: '/var/log'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-
-  platform:
-    kernel: 'hwe-16.04'
-    kernel_params:
-      console: 'ttyS1,115200n8'
-
-  metadata:
-    owner_data:
-      control-plane: enabled
-      ucp-control-plane: enabled
-      openstack-control-plane: enabled
-      openstack-heat: enabled
-      openstack-keystone: enabled
-      openstack-rabbitmq: enabled
-      openstack-dns-helper: enabled
-      openstack-mariadb: enabled
-      openstack-nova-control: enabled
-      # openstack-etcd: enabled
-      openstack-mistral: enabled
-      openstack-memcached: enabled
-      openstack-glance: enabled
-      openstack-horizon: enabled
-      openstack-cinder-control: enabled
-      openstack-cinder-volume: control
-      openstack-neutron: enabled
-      openvswitch: enabled
-      ucp-barbican: enabled
-      # ceph-mon: enabled
-      ceph-mgr: enabled
-      ceph-osd: enabled
-      ceph-mds: enabled
-      ceph-rgw: enabled
-      ucp-maas: enabled
-      kube-dns: enabled
-      tenant-ceph-control-plane: enabled
-      # tenant-ceph-mon: enabled
-      tenant-ceph-rgw: enabled
-      tenant-ceph-mgr: enabled
-      kubernetes-apiserver: enabled
-      kubernetes-controller-manager: enabled
-      # kubernetes-etcd: enabled
-      kubernetes-scheduler: enabled
-      tiller-helm: enabled
-      # kube-etcd: enabled
-      calico-policy: enabled
-      calico-node: enabled
-      # calico-etcd: enabled
-      ucp-armada: enabled
-      ucp-drydock: enabled
-      ucp-deckhand: enabled
-      ucp-shipyard: enabled
-      IAM: enabled
-      ucp-promenade: enabled
-      prometheus-server: enabled
-      prometheus-client: enabled
-      fluentd: enabled
-      influxdb: enabled
-      kibana: enabled
-      elasticsearch-client: enabled
-      elasticsearch-master: enabled
-      elasticsearch-data: enabled
-      postgresql: enabled
-      kube-ingress: enabled
-      beta.kubernetes.io/fluentd-ds-ready: 'true'
-      node-exporter: enabled
-...
diff --git a/site/seaworthy/profiles/host/dp_r720.yaml b/site/seaworthy/profiles/host/dp_r720.yaml
deleted file mode 100644
index 8a6133e57..000000000
--- a/site/seaworthy/profiles/host/dp_r720.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
----
-# The data plane host profile for Airship for DELL R720s, and should
-# not need to be altered if you are using matching HW. The host profile is setup
-# for cpu isolation (for nova pinning), hugepages, and sr-iov.
-schema: drydock/HostProfile/v1
-metadata:
-  schema: metadata/Document/v1
-  name: dp_r720
-  storagePolicy: cleartext
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: dp-global
-    actions:
-      - method: replace
-        path: .interfaces
-      - method: replace
-        path: .storage
-      - method: merge
-        path: .
-data:
-  hardware_profile: dell_r720
-
-  primary_network: oam
-  interfaces:
-    pxe:
-      device_link: pxe
-      slaves:
-        - pxe_nic01
-      networks:
-        - pxe
-    bond0:
-      device_link: bond0
-      slaves:
-        - cp_nic01
-        - cp_nic02
-      networks:
-        - oam
-        - storage
-        - overlay
-        - calico
-
-  storage:
-    physical_devices:
-      bootdisk:
-        labels:
-          bootdrive: 'true'
-        partitions:
-          - name: 'root'
-            size: '30g'
-            bootable: true
-            filesystem:
-              mountpoint: '/'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'boot'
-            size: '1g'
-            filesystem:
-              mountpoint: '/boot'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var_log'
-            size: '100g'
-            filesystem:
-              mountpoint: '/var/log'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-          - name: 'var'
-            size: '>100g'
-            filesystem:
-              mountpoint: '/var'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-
-      ephemeral:
-        partitions:
-          - name: 'nova'
-            size: '99%'
-            filesystem:
-              mountpoint: '/var/lib/nova'
-              fstype: 'ext4'
-              mount_options: 'defaults'
-  platform:
-    kernel: 'hwe-16.04'
-    kernel_params:
-      console: 'ttyS1,115200n8'
-...
diff --git a/site/seaworthy/profiles/region.yaml b/site/seaworthy/profiles/region.yaml
deleted file mode 100644
index f8ac846c0..000000000
--- a/site/seaworthy/profiles/region.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# The purpose of this file is to define the drydock Region, which in turn drives
-# the MaaS region.
-schema: 'drydock/Region/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  # NEWSITE-CHANGEME: Replace with the site name
-  name: seaworthy
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
-    # list of authorized keys which MaaS will register for the build-in "ubuntu"
-    # account during the PXE process. Create a substitution rule for each SSH
-    # key that should have access to the "ubuntu" account (useful for trouble-
-    # shooting problems before UAM or UAM-lite is operational). SSH keys are
-    # stored as secrets in site/seaworthy/secrets.
-    - dest:
-        # Add/replace the first item in the list
-        path: .authorized_keys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        # This should match the "name" metadata of the SSH key which will be
-        # substituted, located in site/seaworthy/secrets folder.
-        name: airship_ssh_public_key
-        path: .
-    - dest:
-        path: .repositories.main_archive
-      src:
-        schema: pegleg/SoftwareVersions/v1
-        name: software-versions
-        path: .packages.repositories.main_archive
-    # Second key example
-    #- dest:
-    #    # Increment the list index
-    #    path: .authorized_keys[1]
-    #  src:
-    #    schema: deckhand/PublicKey/v1
-    #    # your ssh key
-    #    name: MY_USER_ssh_public_key
-    #    path: .
-data:
-  tag_definitions: []
-  # This is the list of SSH keys which MaaS will register for the built-in
-  # "ubuntu" account during the PXE process. This list is populated by
-  # substitution, so the same SSH keys do not need to be repeated in multiple
-  # manifests.
-  authorized_keys: []
-  repositories:
-    remove_unlisted: true
-...
diff --git a/site/seaworthy/secrets/certificates/certificates.yaml b/site/seaworthy/secrets/certificates/certificates.yaml
deleted file mode 100644
index 01d21db9d..000000000
--- a/site/seaworthy/secrets/certificates/certificates.yaml
+++ /dev/null
@@ -1,2805 +0,0 @@
----
-# Certs generated by Promenade, see docs at
-# https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#building-the-promenade-bundle
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSDCCAjCgAwIBAgIUB4SofoPJ5jsvJKPmx0A/bkd6DjUwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yNDA4MTkyMTU3MDBaMCoxEzARBgNVBAoTCkt1YmVy
-  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDrpRX/8wmY9U16j58EviUgbo8vQ6Nn196p/tdaLc3C69rqUMJY
-  7jRw18pTWVIGnCmZDfqq9VlyAodzPNMcxZ3/MCXsPtqDqhFMSZ0h0KXeHvyl8doX
-  zqaCS1yRgce5RQa71ah6sX8GrmvA7rDuSuE/MxMfrBHGfjRWuY0vVK/2BwkNhhUd
-  mimyIdxGZXScaOKe/lbNGoiPeyh2Kz0TmP5GjtvSZZT1Pp+aYIvaVLtou2trhCuw
-  c31MVoExjEPcRUjtDQmAJCw4/DhdVZpSyZqUwajLVsaurP2rgtHQpW2P0CF85Df9
-  oq7l1SwW4s6vDdqY0VrcW4u/hfWIZkU103JvAgMBAAGjZjBkMA4GA1UdDwEB/wQE
-  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBT4FGVtU/iWsj+vnLiA
-  LnIWwFhF2TAfBgNVHSMEGDAWgBT4FGVtU/iWsj+vnLiALnIWwFhF2TANBgkqhkiG
-  9w0BAQsFAAOCAQEAWu8e4bXV3Ac0dtvqJpysC9GXOoOgvzD9HsmeLrKfHa/B6Bt2
-  AYRncn0mTlqjP14FqXIKKAYyFwYMzp4BZ+gss6OPR+c//yaE9Z7NX9O+JVu/C93p
-  Lau0lSSMPvC2xcskpJ3mnd6O9rEDxvcKlx2LOohVj88R5hJaDxQRq3Zfps46Z8cP
-  xr4K7bIqxSty/vdrmjDbJf8eElpSNpm7OgAAbwruj8ERWYRVxzKhRxqOOYjMbpnC
-  ZzfFF/3fp3rX7m7/WF1Wsfqz3uL3cmMidTOb2cVVrnlrDNNbmm8rnaXtJ1ND76QE
-  ToPqIVKZ4/0JMMPFB32miJqF/qXhBM70Naw21g==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUjCCAjqgAwIBAgIUHqPtgQWNz6l4X89pa7CFKxIHE1gwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTI0MDgxOTIxNTcwMFowLzETMBEGA1UEChMK
-  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0temgI+aj9xnbJJaWKqsSCIUCErc3x0NGSz8
-  SVGcyZCjqtIo563PsUEvyvtJj5x02lO+ReToOvRZBnExVPDtiRoxr+PJ+kr1o5Im
-  k2GYdyfNTuar3AF+Q4HZ/zz+LEfomgnW5FcO3D1VgS0g9NKLGb4LB8QRubojfw6W
-  9NRvSeAFzR4ihl8G0XHvtzFJnPZPZSuZ6fo1lylXFYxN9zhWLEWJPjefp4k+Vwpf
-  xviuHvEchIjjqf/nABGK8ahJSdBsKfcMXOKjNDVLPKafjU0Wv9vFvLtVRiQz8QLu
-  uzW8jecRtDkhY0hLL/JRz7oS5Srqq1bCwVbzog2dDVGqzg83fwIDAQABo2YwZDAO
-  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUr2uf
-  abm8eAeqlcXFDOyfnzDNq2MwHwYDVR0jBBgwFoAUr2ufabm8eAeqlcXFDOyfnzDN
-  q2MwDQYJKoZIhvcNAQELBQADggEBADeEHsNTsA491VtNV4q5ZJ00PR5j6GlKRrRC
-  WQjB6I2vzi+iYO6NU18A8GQXlw/f3GJbm2PAanmKd727+sk2eK9W0KjJ+eao4SHb
-  DsbgMJapweq2KjgA1JGV2PkT5lcF9AKhBI8cVaUTbllHhUNTVlq7dplBP1wRjC3W
-  xsbKdkelkTN4sXtm5n7Z/sF7aWNhDRr/YaFc+m5PnuihrWGcrZxXKAlrwEqUqfiT
-  g2VzOFwdKn3vxnOx/0J7JMMybKBUQ40u2b5bXCKoc3IQ0j3l6ZCyXwR8V4JotgNl
-  5/BFnICaCKveEjNf5xIt3V4qvMbm/myd031CmB31FfeyDdcYGLc=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDXDCCAkSgAwIBAgIUBsD09kk7EIVY1lHqVt6dIyAaZqgwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjQwODE5MjE1NzAwWjA0MRMwEQYD
-  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
-  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAML6yw1PckLgFsFMvZ5tBVJ+
-  Sy18q/JP0Sq93SjfcKnrU/mqvqkxcsRC4B3C3Lf5IBmOOmtanslvwaKw10nna+AQ
-  /N8CJDFofKrgcvdf+4SUxwBot5JbG9fiuuZZn7NBwEwXhkVsukmeYGxBhw6ZzrbR
-  nWHlHR5xlmtbBJBaZD+tU+LhBq/Noj18uzgPGTZPooYSZAcDM9feAkuS7de+LOGJ
-  vfjWsyzgXtwNZK5eXDHgPtU+Y4dCa92wNymG4XQStr7+BDrOhdl7U5e8g93Cfdy0
-  3nuMZy1upx/zmgspZvA7wUYf5B1jPYRn1AZUa6CP/o3YmggP/GSULeNksAh+deUC
-  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
-  VR0OBBYEFO4tzIC2HZjOB3ghZossQ7+KXUOfMB8GA1UdIwQYMBaAFO4tzIC2HZjO
-  B3ghZossQ7+KXUOfMA0GCSqGSIb3DQEBCwUAA4IBAQAq1oTCUy7vyIFr3Y+D6226
-  FYisAkKCbZxegTaElCzHMfdcanzAtdf4xrIifBJuWc+yQqZzJTisNLFhcKqkVI7b
-  073+DFwWFrzWDxRvwgCr0/969rVpNmW+RnFzEm/FaA+FLwOMNK5S/ByfqyYCk0HS
-  6g8L9zHlTdj3S3qLLSNqzmDzT2UkVyIy78c1TibIL2cjyM3/k+V34jLOWArD3Jy+
-  0MhAOzgHDLMj614vWAwGfeLQEbnvB4IE9zQ2FjcxSL2sIrddofpbUwnSkL3BrzjT
-  NabbqqLdaOiLWTkQLr45WdN5JC/PxsCFAeZrWrn3tAfh0+sM5LxmlAskpM4WWoxG
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSjCCAjKgAwIBAgIUM0GfsGD1sBOgvjLbJ5bOezXbaYEwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjQwODE5MjE1NzAwWjArMRMwEQYDVQQKEwpLdWJl
-  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAKDnGqOJOYMMCGvXfy0S/M1lO8DrsxYkjbn1i/DtUAcykbtC
-  Her5/7F5sNzxuVn/Gw5bMoNY97IKJWeorIAeTpq+VAylwcWLSuS12GIe4NVskvVQ
-  LzD6m0heje65Fj5P/LXZNTW4TSiptKIL+1x+2QulVJnHAxa0w+xNY5QdjWj2luR0
-  NpJl0OCK6GJf5AUU7VIQBFYpA5eAN5Ta1ABHmQ4MhGpziqOsYF4NPek65BEHpzY6
-  D9VsbZPzcCfE0bdVFxhCNXcuo4AfB6pHD3FUI//CJm557My+pPNiJmj3YriiE9P6
-  Q38iCguSscGzVyzwgnKz9+bwKg2TVivo3nMZ6ncCAwEAAaNmMGQwDgYDVR0PAQH/
-  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFAq+rY9RyRHdsltA
-  N+t+QG/YZVtoMB8GA1UdIwQYMBaAFAq+rY9RyRHdsltAN+t+QG/YZVtoMA0GCSqG
-  SIb3DQEBCwUAA4IBAQCIYbBWUzVXz8AaXHdlnPaUYDaUQCjV9NEL9l4qhZscDYsg
-  ATXN63PTK/f6faIhCo7ywoisPMMm3JLkCMcZm7//i0Uu4+0wZ3UlXgdCh1WDOvVM
-  gGoX8PZIXI74ptH/XUkEWspzaYMQZq27UIVYfq4T85rDPVL/Sx5q3jmJnJL5pg1C
-  SJHritlJX19W9rSY9h7Ds77nLivMSyHhrv0IowUq9qWpD2y2lQAZw0mycBvom9Qo
-  BQgivR19fdlPFD0+5tTD37S/+RkS3IDMTrd5rzVf+C0Z/YwwY7ARQJcQA0PhJ4hT
-  hstcg3PTt44E+YeH3Xz4PXQfsC2QYNXsOdg6eboI
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVDCCAjygAwIBAgIUFh/9pHEttQMt9YiKqEfnSh6QAa0wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yNDA4MTkyMTU3MDBaMDAxEzARBgNVBAoT
-  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
-  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ+v+JthhvATjZ0mcNK1lymxoXL83vw3r/
-  wSefdYhI33+BMVtdiEN7Xtx8KdiEeAWHamDjfLNNr33ToWdbxlxIqkdC6TQHZvLc
-  DY9A3PLU3IGUBG+thkWouiYvLgpQ9lVeUybDt1/0EdCmv+86MOYSKAkcr/X0nwhO
-  gwYy5X8YagMhvKtoJjRNesdXEEm9HQ4elzjMTRwEN7BwkI3hRuJaziO+6NmCewq5
-  vWHDXXyQpIPavrzYfm9MgBCCgASZNXlrMKt/SnbLFESLJDwHg5EmF7LWACqlSFsO
-  tiHr3tnJ16wa6+wJQspii6sGnh4TRSd/gFeE2sk2mwhPNK9+CF2JAgMBAAGjZjBk
-  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQj
-  vp2VB3mqA1BJKAiqEHSscwyyVDAfBgNVHSMEGDAWgBQjvp2VB3mqA1BJKAiqEHSs
-  cwyyVDANBgkqhkiG9w0BAQsFAAOCAQEAH/LTB/4W8fRcUWDHd+q3HHV7Ghxmiw4P
-  uCnzFWi65LU45vVKQLDaQ8KsKh+m7SFM+bx2fEOYSUAk1K2kwP0ZJ1CW2puPqS/p
-  gMwj4Bi96MCFrs93TxPZo9Pdj1X8QneipsC9CD0DEkOoOeV6WHBgMQqhf8m0OxSS
-  szK/7Sl3kFjU+E/xGKgu7n/0RV7exhGqMPHsyFjJjvN352wwL0JLyw9drZSXoGqP
-  97SU6H6LH7/IT9fJ8HN1h2uWMDuTxkvdaB5Mq8pXOV3gg9k8XyYJRu0dYzbwNujK
-  HUBxCzDv+V/pogYdQDg8EMGzs0YkqoRk1ixNb/nR5IvU83uLNK+pxQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA66UV//MJmPVNeo+fBL4lIG6PL0OjZ9feqf7XWi3Nwuva6lDC
-  WO40cNfKU1lSBpwpmQ36qvVZcgKHczzTHMWd/zAl7D7ag6oRTEmdIdCl3h78pfHa
-  F86mgktckYHHuUUGu9WoerF/Bq5rwO6w7krhPzMTH6wRxn40VrmNL1Sv9gcJDYYV
-  HZopsiHcRmV0nGjinv5WzRqIj3sodis9E5j+Ro7b0mWU9T6fmmCL2lS7aLtra4Qr
-  sHN9TFaBMYxD3EVI7Q0JgCQsOPw4XVWaUsmalMGoy1bGrqz9q4LR0KVtj9AhfOQ3
-  /aKu5dUsFuLOrw3amNFa3FuLv4X1iGZFNdNybwIDAQABAoIBAQCAWxIastW9fZDQ
-  e77QpIowmkhgJGWzwMBGtMu1EVINJM+/5nGWY1opRUGuGO83LoTyG804piAsm/gP
-  60fLWlFvmVhu0OXR5ic5+LcgnjhbP2G7Onvjj+re+hHYKGsUHedHFWCKRHi+uO90
-  zg+OHTeIZ1e5Xs7n4gK8YqHm8ChQyASUc0srJoanHruzIkFIM+B0nGOsvH8DUl18
-  rbIlc37WWCzfaUC6AVZq2u6OgDSD1t7beIpGqfLHPkp3tDq/VlSSpVt4VdfrWUy8
-  GduTEhRkLMvEYHwFLd6gIYeu4p5ADcVD/pSlawCE8sy+NJEGiMAiLuH/qOD8H1Vn
-  sls6/R0hAoGBAPzg1cdsBqpBPLqR3CmgaNH+svHLBD5qDkBSVhTnrfTpi0a09BUd
-  KKGBAWaE26XOE9TPbYgTAIcL9fvWT1VpCxj6PyT7YeuFIMQZ9ajQTD8OZopOvH3S
-  r/5DRikCmpc+h0dUFTi8Mn4oyGhBtg4KYiQr2jsPkhiHRQsK5mhigmPZAoGBAO6N
-  yeEEXQ4Q1Ub7gOZIOPivWR5Kll7M/mf0BT3VvIHe2YkoA03+pwzMgBSdUtqvRO9x
-  6U3d38hjy6IR+KhgJNxPYsgfYFWa/i1Fm6OuMaH85yGiOKqbLNTaVKuOPpsI9Hra
-  26SCqAMSepo0FZhGg3obyym8Rbk7m4HA7OqoB0OHAoGBANEnMQoBOj4FOTJiw8MW
-  LrxJOj4smTT6SRFASHx/5uxjYdO4hQ0Vke6KodrmVjl8CgEBE2nxtYT9CpYh+nn9
-  KLWe/S0cUjAXazNm+T2IExgwU/VfDB3RbckSYWw4AB7KE9+WFvtXBTg9iQxaFTbl
-  taiPMK+awE5TS3LHsCx0Fb55AoGBAIYGOymknfNNGcYrfxvh78AoI9WU6i6Q1U3q
-  FxfKgYIlheo9BL5JF+lk64CpcudSGVS9luocgaHAD6QanK1cdtkf8MumdSUjUzJ0
-  LSEkuNXdlK2cymFvlRxxHajU3e+UdGahl00x6trvAtqn8IoA89Ui0F2+XR3Yk2Gu
-  1mxvwsT5AoGAEnN8iJJ+hW5UeO7RllEy5RUvKVir/+VBt7j61JjHWwkAg50cbaRk
-  XlRIlp7vFyWeUDypXQk7GJz+7biVD+eq+e4i5hu4k76h0aNKOGOke9/NHC1gEX+b
-  j1bLh5cSHWSFJo/5to7LXsNsQENpGiFbLIXULLgRu7yIG2zH3EEA+7s=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEA0temgI+aj9xnbJJaWKqsSCIUCErc3x0NGSz8SVGcyZCjqtIo
-  563PsUEvyvtJj5x02lO+ReToOvRZBnExVPDtiRoxr+PJ+kr1o5Imk2GYdyfNTuar
-  3AF+Q4HZ/zz+LEfomgnW5FcO3D1VgS0g9NKLGb4LB8QRubojfw6W9NRvSeAFzR4i
-  hl8G0XHvtzFJnPZPZSuZ6fo1lylXFYxN9zhWLEWJPjefp4k+VwpfxviuHvEchIjj
-  qf/nABGK8ahJSdBsKfcMXOKjNDVLPKafjU0Wv9vFvLtVRiQz8QLuuzW8jecRtDkh
-  Y0hLL/JRz7oS5Srqq1bCwVbzog2dDVGqzg83fwIDAQABAoIBAF3iBJPuXcZ9P9hK
-  esxMgxZDhmQC4cK/btus+lGzc3sVWqtvlSNEc9zbx+o8Zo75/dZRv8HjobzOnO2P
-  bYYDGeIYtdM6PO+kfShupZqutHMqV/MwJ4p5Z72rjmRmxk71Xg9pHjTixw0uimpQ
-  rAIX1jSKOOMmXTY0OiYTWwh9p2he936BYtY6RbqWf9ZHo3CJ0+QRXTr/9+oismgb
-  nH69KgmZPGo5PYmeCmoBzO3j/kdOPghfgkV3D1hrYY3cGD78bm7ir3pS+759A3xa
-  JHhEoT0yFldYyMKu567uXk+65Wq/tpVrQhPFC7RnmFhIX01ztuF6f65DSGeh5H6i
-  6OHc2QECgYEA7kksyUBqNeHsYZh32o/oFrkqNeNHx+dejRmwlnKy2G6QHcA0BahE
-  eBvQkg2fZYV/X7oQ+TfZW9ulM8F0rqaHZsEdQYj3H1cZ0qJV83tTvaXkAV1x7LXv
-  hiM4cy0bLrIC7qJel7BA69E1x8R9BlYGE6AB7hVtzi5yg6mmG3oOrkECgYEA4oQy
-  vrRkiyJCkHtU8Cne+ABwVZVYag3PjnbC4qPuGwadYg7ICcTq34fp0zNm069sdlMU
-  Cy0rU4LunObHUKQNIJxD+Ml6A/b/RsNJPk4A6g9t3fC5tqS8hvFoLy46FxB/twRu
-  3kZqPlrmdyGjIT8PL73bmgv6ogN0iLVHB+iX9b8CgYAzK++8QGMOszfKNa33d9QF
-  nTodXHO70EoTzyKHDJavt/6nBPGnDV221XJTCy3h5WtXKWQfwQiim2a82JywLP8C
-  6BHaUwmO52uaOlZu9VskbQ2r5V9j0CZiDgo/Yb5mpr/Oc3wQ4z7t5X3BKscWpz6i
-  1EfV0zBDiOH6uGH9oJaqgQKBgDQbfSDplod7JhzegjeNKkGauDy30lLzQl/fag2A
-  8HE/IE1CYTn+Fpm9RkjTdkAUBrtheSbpCSJ46DMn04n1cx+hUvGUR4FJ/IdmvR6c
-  CxHM4tU/XzloxAW22uSfmbVckkSjvG1dfWtCtemJz2EChJfS8QWK4+kJKnGYYfKr
-  yuk5AoGAdv5de4HA10mCHI+8YIAJ7ZopYbyi4Dlgmehp7q6NGq0cy3q5cVtXEBmj
-  4KssRFkkbE4iXYiWtsHlp2EkdLmnHVFdjv6YsTDIdU3aJ06STrvhFShxBlqY84UW
-  jx/mMxsRskSGt6glxowmOZqElFvCgwQPeQz7r7u+JOy+mzHHD8o=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwvrLDU9yQuAWwUy9nm0FUn5LLXyr8k/RKr3dKN9wqetT+aq+
-  qTFyxELgHcLct/kgGY46a1qeyW/BorDXSedr4BD83wIkMWh8quBy91/7hJTHAGi3
-  klsb1+K65lmfs0HATBeGRWy6SZ5gbEGHDpnOttGdYeUdHnGWa1sEkFpkP61T4uEG
-  r82iPXy7OA8ZNk+ihhJkBwMz194CS5Lt174s4Ym9+NazLOBe3A1krl5cMeA+1T5j
-  h0Jr3bA3KYbhdBK2vv4EOs6F2XtTl7yD3cJ93LTee4xnLW6nH/OaCylm8DvBRh/k
-  HWM9hGfUBlRroI/+jdiaCA/8ZJQt42SwCH515QIDAQABAoIBABRuGOadI3jUaC36
-  74dxHvSk3RW4EYBDUsRqvoiw2OpFCTiI5o9t6fuckkUsDNqOFQn4eDCVfzvWJPD6
-  HKTWxdvli8mGPOqcayuwdvtqqD0dJbjqQAnq2AEH9dN7Ipuy0QZoFJ6jpOVf3fSZ
-  7R/fh+RqFFaUnjd5aWx4TgMeJZDyVn4Nh7jQHLVzasXSThcvnn6Fs8QdQy0S7XjC
-  4YK4mgNci4iR3zAPTrEA0dFcW71SBewOhNY3qOkpJ+NJbfeEcTT+RCwyBx2xn2rT
-  vMXPnKkxdeDaDTyob6ZFZlWI3AF1lIFcs3Kw4KIQBEvenPxtilfupqa/vlb21IIM
-  ULJRgSECgYEA8AjhMFsKLvCBEvPQ8V0PW+Tu1ztLXoNS5jeFMgEmrltX4hPfoLkt
-  TFX78TLkPyj5dJKurTh9pmL8wmyrMBNMNMzGKad4KHHqGpKe9rQPuD4nPb7KsMae
-  yX2F4KvyYtLxTh1sQejgqQLlPItx5vGYUByS/ASrnmtLmQWACid4aCkCgYEAz/LA
-  lPeIdFLUza/BMn4J0nXjFSJ3jV4oX2E/MZ6rAF70pkgmwwx0FDCREPuGv1zdRlLy
-  sZ7KLBRwr6kWjFLt7C1dDYUNP2edQov83zuA8tjRI4pR3rY64mrOLnhVkLjDRlnU
-  JgyIuBw77ue+vDEEU+jdlcJvn0x8TuWw81Kbh10CgYBLjE/sG0taOMI3R9wEi6iw
-  4J43yebP6X9nDCR0953IFOHVOzIQcRgLxahVYxIpuujAwwYNaRFLFC6/ttoueHRs
-  zeK064vLFwd6s5kqxsOH1rAdI/bBqtIBUuuXKidQ6Vmfn20aVYSYTVv/MVh5OqMY
-  29V7UrD9XIHfuLZy+7dO+QKBgAXgWkjbZePDo3fci50dqrFj23LxcmdwTbvER8Dj
-  NvnftRIt38qLQ4x+gtr0AK7PtQETvv/9+MCeI0ETiiuU/Fw8O/Dx3Zn5F5yV0COO
-  zuoN7nsOoZmllKxpUEJH7EMWtY37Y99fY02wnpD1w5IV4IVugzSENhtOUgT4wLNf
-  lj2RAoGBANCOnTl4hQED38uTr3ZJNOzdeHSL6IsMrQgWmDqAr0K6Hte3n2yDp6ID
-  qKrDQzj9XoH/GADkMF9YYscpEM1TA7osKaCrQhp3Xvse09S/xEhBt4nBOuh5HTRn
-  ClHUms+g5R0FGtaBW85YBl/dL2LBq3KlDs2+wypT+6MFDAA1q5jZ
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAoOcao4k5gwwIa9d/LRL8zWU7wOuzFiSNufWL8O1QBzKRu0Id
-  6vn/sXmw3PG5Wf8bDlsyg1j3sgolZ6isgB5Omr5UDKXBxYtK5LXYYh7g1WyS9VAv
-  MPqbSF6N7rkWPk/8tdk1NbhNKKm0ogv7XH7ZC6VUmccDFrTD7E1jlB2NaPaW5HQ2
-  kmXQ4IroYl/kBRTtUhAEVikDl4A3lNrUAEeZDgyEanOKo6xgXg096TrkEQenNjoP
-  1Wxtk/NwJ8TRt1UXGEI1dy6jgB8HqkcPcVQj/8ImbnnszL6k82ImaPdiuKIT0/pD
-  fyIKC5KxwbNXLPCCcrP35vAqDZNWK+jecxnqdwIDAQABAoIBABaHRRuQoxTOIn+2
-  9H+DIRJBElS4q6J2C8H1t1pMX+AiHHVzlGzKBBr9Rt4omiMXrNodurzZQBUVhpc0
-  7rIhjC/uZiY/LxpRnnLXYyyZ1jELuqfOSk05SXSgiI7cK1keKevsNZ8H5wXCfSAT
-  PWZ9/DW9OFMvoicTuDrluwOJ/7qqUylC/Cgdd+CgrxyPprprEcvgZ3o8YrFwkoyM
-  PvLo+VZvPdR5FndCpCNYxVUHuHhACX0s7P0YoPVqKj8vPTHYlSo0DAvSfXWvCivR
-  IKlWgbjW3aGY35V1B2pjPCzK62vJ3AwAkyQPPpJYHPx3zcC4xQLmmOsI11tXTG2Z
-  XuzjPAECgYEAxISA60veCqLiJnTKXzdOyvi4OP1EhPEtArQCCmcUKs3Z0JpMyb/Y
-  CT2n7hFCUzS/rRJKk62tjzRilIAqUMM9NpkXUooAk39D6REobWi3m+xjhmdHUi7z
-  09mRQy0+KDCKI0VHQjl4PcgDlRCaqvgYQvqY2h5ADeAx87RH2lea0cECgYEA0Zrs
-  q5uFUcnOtQ9SBfk+/G+Zw+iFDf+7xZYcijxbCkcZzyl1PBTmjBQ03ErF+KUjjGh/
-  1EJfLItyg3Tl0fEH1bSzFOzGPjLyyCS+wlPZmbnaietXLKE8D9VyElNoNFF805ot
-  HUPPqr2uYKMf+dy5u+hFMWEUCGt3CmS4GgdZWjcCgYBv/N6GuBZR016y8Y0904PY
-  UQKSn2nDpLi0uKYNDY7FkcdVhAjMU8ImCfe/yCAW0JGGbE0JeUjVudGPtLXojko8
-  6eMLi08mvriRgdCbALjZZ02UExjmsZELogmQ0aCBQKAH13vzNlLaSjgYY3zwfy88
-  RBiE/AYeoit1KMBlodS9QQKBgBT73o+7jRhIDNKhiwOgFUcuYQV05MUnAgRg59CL
-  BE4+Gf5cVylBqmcBqt0W+0TOO4XV/F4imuaZu0gfztY6vB8P7RG+NoaJkTaqPxKz
-  VEiIi7FdBygnqBypsLbW9MqwEcAZYkTYwhSE0s1H526bQ1jlgu/TmS7Sm2NF/AxX
-  CgH3AoGAKRqK7RIew+t1ia40Irv20TalJqVBAv5T+fzHj3R3GXpdBvf5Ld1YcK2s
-  VvX8UdjUM5dW3ZxPuRurWvZuX1Lcs1uujRg1TvTVJivVLc60S3+THobfVUr2z/1U
-  YgoahOl7QY7ds1+3Bb4cK/GUNYVn3K8Hh3BOiqLW5CzDkx+AjPQ=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA2fr/ibYYbwE42dJnDStZcpsaFy/N78N6/8Enn3WISN9/gTFb
-  XYhDe17cfCnYhHgFh2pg43yzTa9906FnW8ZcSKpHQuk0B2by3A2PQNzy1NyBlARv
-  rYZFqLomLy4KUPZVXlMmw7df9BHQpr/vOjDmEigJHK/19J8IToMGMuV/GGoDIbyr
-  aCY0TXrHVxBJvR0OHpc4zE0cBDewcJCN4UbiWs4jvujZgnsKub1hw118kKSD2r68
-  2H5vTIAQgoAEmTV5azCrf0p2yxREiyQ8B4ORJhey1gAqpUhbDrYh697ZydesGuvs
-  CULKYourBp4eE0Unf4BXhNrJNpsITzSvfghdiQIDAQABAoIBAQDEdR1+Rin7UcSl
-  PKY4DkvNqNB4+VLHtwzSGInXg5xS4WwPSiaoQ7leJX7eQPCtY2bIRy4PmUIY0AO9
-  iwiWhE6EB0O2oGuOCFD11xq3QOtywVHfz6e/YvbBPRRRDVOq6HjETHjxiAHo/W1p
-  /C5l6dBRqNedjVFFKVfZOumJUaGco7Uq21/hUWPv1MkMl9GCA9+pkc3olpzkTykd
-  4+7AfNkP/fv+thGg0Gf3NivN+ns5RAOivaj9PgOpFpfOb0qLZPbq6CPzdSNPdGhk
-  oxxwkzIfm4UUvTn+xJd3ykU+83bcltKH4uU3hBJvloPoXxlFUvv6q5iWCiZcVFL5
-  pM+hN4KJAoGBAPP1I+IyZ4ayMlCt/Lie5/nYWBsQdjsaXp6B7sJRV4TQaad7ZAb0
-  u2SJ/2hL9ak72dFJGBriyoceEUGt6M4P5HdSR298wq61ndta/POfk/v9j84ymBeQ
-  IQPj3m657m8ToQJdfHwShXrDAlEVaO22w90SGXvO/yBShL5nBibV1wzfAoGBAOS9
-  lq9gII4IDKPVYE5+kQZhrxYhRfBN59E4Dm6KjcM7q+LQpYsxU9AA/lc0VoKALgX4
-  xY208BHK/36rpUtzMD/b+isibv7kB1PiuNGDbK4aJJ8BRh4ks7ajVSj3LrmlEa3q
-  PnucuPxbdeJ0d44C8YEm0WLFs1Dc1ClXJSzcIvqXAoGBAMudH/0MCsIuerZB8Tt6
-  Ta2HN0onfDaqNKzhT5DZ6U0N0hEaeIshukIYt5aqR3ifXpZCBp9yCI2rt8V0zGko
-  dIxunPbdT3QYW4+YqqT/3Limkl8MdUq9XgDsMFuEThBhdrINqve3Ubb7ijR4xSIa
-  t/EMyT4/r0qf9PEh9c12D05LAoGBAK4uVH1tdLzTElT7md+L74FthzcR1UEdAebG
-  ie7RIQxG9ye7fCPXRxxAdW0QVMQBOYqgmkbDPoA+FXpu2Grw5w/pwcFw8ha0q4PM
-  RLJ+IpcdHz/ZZ3xytEria2nLeFAzi5fkpPnaKN86AjWUPKnuQdr4JT/Sji6ISiLE
-  0nErnJM3AoGAdWougfu0wbILDYQyF8WGxPFhtYM8xwEQmt7SSQ2zTdnKJ+TCTN+B
-  Nr6zn5iYOYRHDDmePCDbrMOe5ABA3YZDlD1gtYk2s0bsEahByoYIo9TyIpv3RlZg
-  pWSkAUrs30ch7hNGvcy7IBCIkEcCmanWP8TvZ5AWu9opEDJhyvdd4TE=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID8jCCAtqgAwIBAgIUcPwucaRX5ZSdIefICpdt7m1smowwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMBQxEjAQBgNVBAMTCWFwaXNl
-  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB2hetX5z+7edP3
-  f0nniFe4fKlXywhytJ0xyNC3jKn+0k8Mxu7ZJjlzjqTl8z0NyWi572n9IRldppWu
-  /ZoVrnZWKo7zRr+PJTLENsjkZ5aE00ez186B6mKNps6KLJZ3ssUlE+LUmDNhz0l3
-  TZ4DYBGL13eiefy71u398WV5JtaKjOg4RGYEuRQTaXgum9a54hHsgvnUbYN3vN6y
-  0UHDTWgZVHJybq3DatyuJnmS8nhR4sT1Kc4S3MHhQ45b46HqxMqB5hj19iqyzxM3
-  qo5mZH9NUhKr7c4u9fgPvx8WfM9fqq9VDbjhBTTW43We5pK3mPdrVuH9Wu5iFX6Z
-  EaFl9s0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU16TspZfX
-  WK3KYdiZFpt3ZQc0NwgwHwYDVR0jBBgwFoAU+BRlbVP4lrI/r5y4gC5yFsBYRdkw
-  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
-  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
-  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
-  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBQPQxmEfviq/uR
-  G95WBWMpxQRR9VzBs2PKZ2x9oPacJOca++IGdzSIB0y9OZ8xkHh2FHxNxOMINuuh
-  TdWd3fFgCjUJPzkfjc65lSFW+KjKUvzFoxwQrdDrk/HpXnPcWZyoNAEDRs+xobVn
-  zu6+fu3psAdYUEIqTyVF5g+4Wbt1Fdf2VzyQguOjGQzxVxeMbVl0SmdeCpD2aEoP
-  APjB+Af7Zw0qhM2C9PhgrWdFxRnnxs9YhhOJAtavdZ5RbyeCa4GZLXZ7V4AWpCtZ
-  6L0TISTb16mM8CtagL2sLmvrENtZ6nwsrV6QusblHM9Ar66FTN20yaahDaLrtES6
-  kyKTKcs/
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUGVbVTbjB6oGskiz94FIYGYlCkt8wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8m0xwCTAIAk6/HWnk0J3pJZOR5
-  7VmoPTOiIgZOVWGs4BXa/AcxUN4VqsIwwwOR8CSFKWBR9jX25CDc4WRImpAnsDHU
-  VdCBSWwJgF2B3GepOLkqZsG8EpoHO7RrdhxtTFbztYJni1a0Hdu75APJS8uHtrVE
-  cIEmtl0kVqTWzPjHYu9PzPtd0N2PvAuAqwdBWFThu1rHSzF8+dpyBdatpPaQ4l/V
-  LAB4psTQrHMGVNhH8PGxrvmozHnKvsUQqSngLI6vtHRbpnCF/Pg0uQKLVsAhG7hU
-  rpb8AFbUHWfLT6Z8wz0ZrJv+AI33VnRyTtNKrEx65popw06qjQBmkh73G4MCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIuhUBpMNfu0S5wsv2j6bRbn
-  CwrMMB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBABi3
-  zwMJ6yS4G99H5R3Q1+G7EOGhSOCJ6iiXaqSgZQy3YxFz5VLucKcYyr4nZlJFkwVJ
-  0Mzj3xEAzlhdwcevwYM47Df5GK+JL9+BRAhXqa8kM1ZzsK4mru8knrMn7HKaMg22
-  gAz3cVw+vEMGs3rsWzFvsOIFzVWPMPb+MPc5O2j3k45AQSL5RV0+5521y7KbDLMY
-  1ZI3Q6pPfmtBs9lM8FCtw2jBmVFH5WT8PTm+spMfkgg5J1cO8wgkfNLQPYNueAfq
-  3WPMkydyv5fAapJjC4aGCnl8A1WMUMc8rnZkuPwcBJQZtMb2JBdVS6I/ZVrymtFu
-  oMToXHKRgo4+ANvZWJU=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUWGgjtdQWpfk4rah4YZhNPf5M4I0wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpoebNm3ACIMYlHztckBUZRwUkC
-  uybDOAyYnwmzBEDCUXWVBWqXP4hLRblgBPy+5mksdX054at8fpbYajiM3FimpBFL
-  VtkVI3Gxq60Nx3rGs/xKfEaBDMPeNjIFbbL7be+u2THVl+UpPn5XH5TRC7RwOlHC
-  rcZek0ZzJcfoTB34JZx48DaahAVyY3JUMXQ1Rd2Sg1ImP32Mc0xLuo3NgqT5UjVI
-  0KHreNmlFWNawfUK6tels1TPB8jD7AGEI1EuBJnPXoBQ52qTMieCzCRdG9UrLA5G
-  gj/e7g65APHhEk4EAhnvE/7mo2kY7Fqui3On8XzNB0J6o+BTPF5Ut+WwnasCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNwv3mDqyEuhmHUIwLip+aId
-  IQGbMB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAAPH
-  5P9V6Rr3jPkBjV8l/2IMJ6gyumzS/yQgSHwbzMNRXwIrvjMMs8xfGdn8MoGy70hS
-  gBgj6ILOROVokXSqvyS5xVz2D03Mc24wSwFC9oz1mw6PcY3PjJn1Y2K8RKqoLTTA
-  Zbblb8XAGEB1Uggf1kjX/9utD6RaDUWuLil277hk5LKKszoLwTT5FKCQNI7U1sEF
-  nhYKutU4Koc1btM/ceXjiYSabzxipDSGfqoQ1LiYXUni8AM56MHE9Nw4dx4/btxG
-  OlLic4HIl3aQVLas+B9Rd+Wpip4dMHEbLJ0tPqkaBSUvRbCJWPoWiC0GethbDsuw
-  P5DJE5CLBJtaBESoCR8=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUQcU35Cqfdo0Ev19S9pXUH2WFozowDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGnJyjGloCuUHkbQnN4q15eUj81
-  cEz5T2F2vvi34lfaC9HEemtpalgKiYqX/M8TBuzFWBsVQNdBIDV5UcCz1YKnB+hE
-  vccE+mH6f8sfNT2Xal7x0k4r3nKjV3/65JEqEix3y54YZVuxELFrk5bCJLo1EKT2
-  vgWgOMXpLLzHuzhi5wCkt4YMxfWCrExc3oniaZIKFBbI7WagOUq6QP1Aa6b6mdwz
-  g/z1xdPRgqdCFJI95J7pGgARwt6bPacrSJwiFz8E1FfcOybk0cEl6P4D7IRAA+A3
-  wty1mo4i0taKp3FIxFJPCwxuB/WkvRQQQdryFGo0dIDu52Mbc92vkutGqGsCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPcTRrbtom/NWHLBV7p4gMHH
-  0EpgMB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAL6F
-  4NGNtKHnsmJPPGn5B1T4Q5xTZZT/IO2LRIZmpyTihSbYXtGYs/ZX70hBvG703zSp
-  PUUOxV5ySkm/v5KmL4bp6B6+N4eUfPJxO86MvPG7SBPrj8CwuPoAcL/OTf+ERPqp
-  GRByp0Nqkzbq3FnnGJJ9vhMTRhHm8XyDWQB7csevAm8H7CacQjEAnmJVKBcpFfwe
-  cyDDQZE/x+k2T7ihVIdJkqZASc6IQV9CPwsqML6yHgEZ8WYAUxxpONqUnbKRYIfi
-  ivBup9ABBBHcDZ4s9ldbWyBVhjc462+4Xz78ta84IQJ0jmpFcu956F2i1w2FEhrr
-  TnjttxLDz0ZQxTqJ7Po=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUG+E3seD3+qkEAwtjgOkep60ZpC0wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTinoyYNIEfeYuDNj6zR4azw86R
-  kDqZqgoFG6b6XIO34nk+FRcOWPMk1Ux85Fld8CBGqFY7GlOg5aDXCMOq528KqlKb
-  AZQuQh/+yHQS/4BoJdJd9RsVM7wLLJeJK1wuKbfpZinX3Jh8RGYnrD595aq+RmIV
-  VCn/wmlMtCmWrY7sJ1Ol8UfzyFTh7GlKe9cCUTmMChiupsDLE8VW9MLsgXsKUpcl
-  RY0XRJIO4rV006dG4e+6HglnAEZ0Sk/WzkMdD+seUmkthN2oyhQKPDGnXy9i1KQb
-  bBZ/hD9aUgY8Z+v0DK79AtucUNXMPxDxXFV0R7CpgL7aQm72yGr5zkiOI+cCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBxe9hmcq92o3d2nE4aFOK0r
-  OibuMB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBADHi
-  wJ0DONh5/l4IMBXU9rQsstvZsGVwMDM5sao41Pyya/SZ0oAbSWVOuGQojGh8co1u
-  9woDihfkq9rFEAk7I9gWr+A8rgZfkXjYYj9Rpm9j57TOukHaCWbGbAorNvgSu4u4
-  8sn3/K8WJJ+Fuy/DFyYN9GFCa1Q3G0TSIxADZI/0MeOObRf/x+mUPPi1OMRsPlO9
-  LcUkwPMygamNyHs/FLAKII8SzPRm6Z5Mnp7OighhdDZsE9MPaqPOPdLelP1lmKXn
-  ajcE9yqnMSV9ib2Y+ZF4l2KldvaWKmiz8Ft8aKbBDZHe8Y2zI1Ybl5aqgCaVO6Zw
-  cdnT35uua8a85qZHMqE=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUAnv+tF1DVnBkJ1rBSuimABa38Z4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNoZaieDEOI1M3/bnmkqTd0DK3D
-  cb8t9UDe+a4h9gowKh9mVLRj8H6GcZsjK4d51684vLI8wj6zy+2iULuEoTSbYmI3
-  7kSksLNjhjN2B5bls9UxTSJO/pSYEDrOki/ejXPlFdVRQS9P60yS6r7/co1s0VXs
-  p+yOzu23Htg/ufOZcupVN6hOfl2JEQumoyFutAcKBOUMCH1XjELZjk0z8macmZ7B
-  yEUES68VqSNverSr9Ljhf+XvxJUc4HIrX8hsktVerGU+TEo3IqPwm4YgpfZmjEuK
-  YXs2GKmaAqwQs08lx2OE68fWqJHhLW6hJ9DAhVr2ZTslv2kQR/9bouEGL0UCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHOJj7jABEX00zAvLYMsb7jC
-  nwl7MB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAIjT
-  R/sY9Z5+0x0u4548Rka0KOjY8dNH7q7k2iECzt5R53UIPDrIVeKEGN6854tBrvsI
-  w63j7OvLpWmTos3gfCfuAlP4MHzpseecgRNzWGjvWn2QHO4c/poj2NzGqnPxX6dH
-  ZUAB0UsweEahzozzyZYjhJ4ogKjptgv1nSLEEV6Hk5U6glJN6MkIdkdCw8lOTu1c
-  rMezoIUox84X5Jh065eW9WLVrtnC0iGgmY0i5mrMDqsb2r0b9mDi/X55cRYPwqWx
-  ItgkEaTJtuEfFxJWc9VDXvYnJnw9LNU6MX8L/zghA+ZdQMt1r8JjbrHQcFR7ranX
-  HfwSJMqiLoHS/Utbmb0=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUAVw0SAf9CYIZmeCswCeRQVKqI3YwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYF/Wf5i7BBCgJIiQxsmoSuoSli
-  4QvxJYJt2SId/hRC+ew5toZflLzt4/gKWqROa7p2JYc5j8wbFeNpMDYEC4Spn+tP
-  CHXdnUI71dI7I3tpTu9L36ZgAxuS+K06XPdbSZIKG1B6qkhMi0V6bWClGnjRbuVt
-  +zNv+//z3A8sbO9pjZmnJqEZh7kd6G4wvbwh5/8MSZpYehQga4FxnkNOXWSmKXqX
-  OiNd5L09KGpd2U8tZit9QU4ULno5HPkQyu9Zhx3iLaRJeqk6OynXVmf5dTeYdx4c
-  S9CYOnI1EkFLlRVtkLaWhqMB4P0LgyLP6oO/EWkTv+0nXzQjmO1Azy43KrcCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEFkMy8skc/kbe3eB1TeRB29
-  3R/RMB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBALhf
-  ti7oOWGFvH0B7mNM3QUEPhEiN5X+gEh43IoOq7Jbmyyb0i/HBEIrE0ZTEmp8k7+l
-  o+zods5KvTMuQriyjpZWt0ehZgVN8jjoVU2VmMAXtWK7uGXYO8ZRFftGxQ3YpW9g
-  uYZYyuW2INTTJSv274A3lr61TGX600b+SMKnbwxJ+rFfhQnj8uOknIvtCZpm6PnO
-  SK1p1cqrUjmPSXd9TkeubPauqtuh22Y3UPv3U/1GLYY67tGW0LxCfoLF8+zuVxZB
-  Ca8MxHjU5jXUYhsESPy6t4+eK2cqo0vsL7wpgq3UKr4eGXTgSmPdBXL6/jzCWpOe
-  Sh8XmKe+qJokyPBLmhE=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-17
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUGtXuczueFkOQz5ZT2ivZmI55fPwwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBQpjifWoAC60v9YNRiK9iBsJHs
-  N5tbvc8sky0g0vs4Vb113S+vXZMHrJZyJFRrlecIzHc/gT1jhEBsvW9V6RteTDWU
-  kdmAswWW6/2PwS+ATOU7+Bv3c0XFumtBy1fjmIITioAaNV3HX1hLOu2PB2CqTJkP
-  rhec2ECrzH2q6MdHy4+jnG3CddoZ/34vP22rNOtdccWzOmHD1dfwtZI3zeyirf/u
-  ObaqI1e7S83CoETKe9A1aUudtPgNPt957J9xhi16Q8b3SeVCRqT5Yxk+ixqnFatb
-  ZEpXKpl6h0y6Spf7MLkTbQxHnPjHZ2NmKhk2p6wWGrD/KbuMKRFuySbFuGkCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKmaqPbi47dqGQQl9trX4foi
-  l1N3MB8GA1UdIwQYMBaAFPgUZW1T+JayP6+cuIAuchbAWEXZMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAIO8
-  cH8Nf9ui8R2WvTljjD3NQaVj2kch3Uf7i4zdt/spkiq9spp+qPJSKLD2d0v5nnZJ
-  myWx2Py2IS7BCjbNtj2DLSu6GixDHbvFgQpPjY/SMZUvoalIh8sZFSAkbBQRQr0k
-  hyKgSXTiBd/rbXwsXG8dgxbSZRB0KjbbAMp7Hx8basrqOyhNKtwYsGpSKISY9jth
-  HZJ3L/dkkeN76UBBWS75ai1jVG5Dl+ZdQbdfz35wwM4drVLcaOHbBxEon9/yLY6r
-  Rre57qb8TeW1+fUjFX3bfnUsWZYmcrLHNcu5ryP2+QWuURKkHC2jDGpK22aS2TV3
-  cZDDyaGxLOQhsrpj8cE=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-19
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVzCCAj+gAwIBAgIUNgGdUHkI3CyjB8X/u0WEZ3Kn/i4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
-  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-  AMeEKwJhSve1OdYe8cFR+Q8VIp/XALaWltn6f1K4vSw+zYP/HdoENO7nXdaz0PCf
-  hhypXwbPGMQ4x6i2jLIH/NOPGU59S5Qr0VitwOYarTHA0ilESM2L32iwlfnv5qrB
-  WxUxBk9QfrGPx6ElwPdbkSdwLf/bW8VbL1G0b+7qIAsiO8Sazsd6RU7KXk+S2PPg
-  gjIC+EoVEd3cEWgwbYRrGMiCqIUjixwrR3lRHFfvT+NOkAXyy2ZhCvqouHMKtyu3
-  KqWztvMCq57oWgsExI0IJH78A74DbzVdUT8rtDNDb/Mr6rqqzEWgjsAmzgIpX/Gs
-  vOLs4PqY3Www+xlv7q6rqtMCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
-  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-  BBRCyuXT9B4MYHDA+38KblO4gJxgrjAfBgNVHSMEGDAWgBT4FGVtU/iWsj+vnLiA
-  LnIWwFhF2TANBgkqhkiG9w0BAQsFAAOCAQEAK/ypHz3FbVLfO+mwNOCqMuRp/eMN
-  ZoRyaGrDLzBv2jbKhU3+kIE4ssqHwL4TPCF2bCVxRs0Y3bjdgDmwPR0zqmWDFRGJ
-  5l9jvM3jrCtYkYci85pdOGByBRjVvFIqKAROjscunFTdz8xUSokTV2uK3ISwjt37
-  A7L55g9QITpUcns8NCvoLgxCABXz88N9aWoaj8Coal5013u5uF0lHlFsaFchap5Y
-  GBFEgaVlkDrcoqUYQmMLg2PxpsCjfhg+pxEtLg2myKWGvch7myx/c3qZVCN/zwxc
-  3w88gYmrvxkXOHKeHBSXY0EImcH0RJ24PTkeygYMhZoD3DnqcTEFxJ/0Xg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUGQB2kNuFPolkpGpbJfB15eppcRAwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
-  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAKuWPvWJMxehjNyAML0L3NrDTfEFTzNOPl4hffwFgdLI/dvlaCDY
-  4da64U728SNSOodFFffGuWWNl9kQkMb1IrfFspY1HxN9Ipj5r3lZcGQSF9quS2Kl
-  Wd2Dg2qT8voKFaMVDvJ1ShfkZsrk5U02egGKcSN8fKNcrqXzm9DreXxJ/FfYilS7
-  JK4MtjbkEa2nm2tVH3eJE3ys6PVK+h4rizyAdIcXBUdBGGcfsliKJFtW2i7SHoqv
-  N+BO2jM+sozoqwar65+BnGwCxdiWE0noJjtfs0+nJVOWpe522vH32KJb/f90mAuJ
-  v8dApR5bLi162ZkEoGKEmVMKWOjKaGOG53cCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBTCeoVdRfEKUE0WCC0F3IxaUB2Q0jAfBgNVHSMEGDAWgBT4FGVt
-  U/iWsj+vnLiALnIWwFhF2TANBgkqhkiG9w0BAQsFAAOCAQEAsrwOnp56w0hxtwSn
-  zOqI3xi8ycYa8S5UaTPYRcnB1b4BqYTXkuQT417Cf8UWT4O/1HUso5PQdLeLaX1R
-  KkFzuN1W6DXGFHeSrM/CTQseyBbDgDf+l2/6M6jlJR+BvCf1o0c0/VJXdpPzbXil
-  qBQgOb07itMpLkxamutk42i2Zw79ljlK54DDwj58kddQMl/iEq9Tg9ubNH/HsBCC
-  Y3T58EQrXhb77ny55RIF7SzyjY6XWssG9s3cI6rEUA0fOZCguUq3Iaz5YnqqHmNp
-  wa0h05PrisEFkoeVklxVJH7ArroOaGnbKZXeZ4JzhxzJMirRBQTegwO6jXE9OVDU
-  DiWDYA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUBDmfO9fzAG2WIrJN63zGpSelQ6kwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBANvi1luKYiF556PDLFoM2TLRdhjNjp20S6ZqyEwi/dtegwlabjvu
-  aGzr25gJK62cI8AMppau82yxFRu/HqLdS+bi7/z9bsPFVyT2pWHXczVZog/AsFej
-  BCFK0Z2cM1dijP8zcEA3X4lRfWw4wvhHjQznB/SBNcmTE1hm71UG4CYgH2Z54nxQ
-  aINr2oR+HVcjCEY8+FTMvHgDGXNcNeXF6l2r5BlnS77Fa1t7BaziUnOeISgqvrz6
-  yRpFKnHDVC9VYxycuNr/mMTcenIvtggc7Z1gF3Gj9CF29S56EjolKM+eW83teT2X
-  tWspjFfZaMftBY+sOmNgWPYcnb+kYX5NJScCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBT5EFGXs/p/IIWxdmMoRreq1nAalTAfBgNVHSMEGDAWgBT4FGVt
-  U/iWsj+vnLiALnIWwFhF2TANBgkqhkiG9w0BAQsFAAOCAQEAtozT2BwrAyGFAGTZ
-  xyUXzT1Qb6rlfiWYK53iGfeO5WiBAkYXpfBd+GVJvoJ4Hhszoo6DXCFM1GsccO/a
-  SQDXncKSlaM7C0HwgywlOijUBeKszenq78uqwyJDpobjmYse8TnU23n/tD0V71gR
-  6BhkQH7NntejgKn6KjPBGAT7nFeIw8CA0nAYkGzOJopxf3wnfgrjXrAlPlyXu7pJ
-  KUPt4YzEllqUCJp7jCYtz8pfdhfaY7zFYs0sCxEweQjs8U7rnXJMtzRkb0G48BGc
-  Fg9JT49yAPsU7shyCe3Ga5vZrMjEGIoDmczdC0yVZSoFdVXuZMWgJwL5OjDS24vV
-  /SUmHg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYTCCAkmgAwIBAgIUMu0V1GE4JWCe6iki4xvMAIt08tQwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQC1i0MGKl+oYwMQerzcI2iLwc2t2aljiaRmkk7dV5k0evZj3Qi6
-  ct71GsJPjldXq4+DKXtSFi2e4fxX1DUSsk1sUsEWL6YOFOd6IZgD8duiwY6xFDpO
-  aiLV9oydG7EGG5DrZghimk/wxIwgPm8ipRj1as0PoDwjDLidIwJV4VAPH1C9e5D5
-  vw2Iw/C9SD9n1W/AjrZ4YcwdW6PMYG0ncYKHf+J7+cljRX5OCpd2RpzYA00pFP65
-  M3DQpycPyRkpfSeLYnVPFA2po92XLx5Tq9aoDw4sFzPljg+JqjN2zuzgNWUHO9cP
-  pR0GXV6ZuGSVJKpK92aPoP6Fm8/lnj6ch1T7AgMBAAGjfzB9MA4GA1UdDwEB/wQE
-  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
-  ADAdBgNVHQ4EFgQUxFx6u0xrURuQCPcB3OiG0RJGT0MwHwYDVR0jBBgwFoAU+BRl
-  bVP4lrI/r5y4gC5yFsBYRdkwDQYJKoZIhvcNAQELBQADggEBAD0Ty5i2/RzdHNDk
-  4XznkPrqss1ITEtk4AoHL06+u5WHdKdLN9k02HiZ7J0pzPbTr942/isZIQCEfxA9
-  whvY7roCadeEr0qRZjAbgkTk1FAiQoSvWo+zIBh5Dl8XzSsRfd57TK4jticaoBKj
-  dOiEmE596N7EC58WfH6QDMtyr0BCoPwnYJup3MldZDttdxh1KhrxS3iSBsQcXyWw
-  K1ToQJlMLG9AkInAwO7UwhCcASTBZogvkM+E7lq2rvVr5qPbyBqfEX5QEMQOLkDZ
-  13Wa0ftm6Y6o1e3t2pQfjjoac2qe5PLO/57JpQ/qziXa1IsJB76ysykhuRkIX3m/
-  zx+IahM=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUDCCAjigAwIBAgIUc2muRAavN/sGH+9s/nBvBcYCTq8wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowFDESMBAGA1UEAxMJ
-  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjgDtPqX
-  VPFzY9HySNZf3JxwzeSVzVlFWnbjaulSrwI4jIOLKryF6mowd6tr8ZwPjkG9q0a3
-  +bTivRTgxJNaHXeLtX7we7VO9g58BNjSOxKpjdxdHpDJJ7MFduirxX0ktUfYg6V7
-  Kf6jTYiAY9BCYKqC1QpJH4wcrg1hJFw/ZCz6yQsQt+04iB6eQAFUHi3u4a0zSAKf
-  9NB/G64zUXmFQjTruNs61zzPKB/jaI+f54YmeelhTOJP1cmpaSwPr+v3nPbUsNeu
-  sVU1UrU/Wbndu2oLMDuRhuZb7vXTuZoaqb2qOEQANW59nCvv8bVXM+rqU97CMp5q
-  N39K+b8nBEunswIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPSiN5DF
-  QXrACNTIC995O9UJajOoMB8GA1UdIwQYMBaAFK9rn2m5vHgHqpXFxQzsn58wzatj
-  MA0GCSqGSIb3DQEBCwUAA4IBAQBJ8mAkWeCadxTgheUnMLA5dAg7c09Lm5damssL
-  BhaFvnkyqdxC4Nr/puNfkEqSr8mUxAzFTr9TA5g7RlSI98p2AWCf97XiqdAN/8gn
-  LcNFMy7jBFKh7jMS0gf+J2l0eNMCUmCgekvaOm1hZtdRI1faGYsI9DKowx9uN3V6
-  ghHOqh5be3IfnkrENJ6BLVyRE/Q7gYg/z9pTZUYkI69Z55Kh2LZ/myLtO1bWd0Z9
-  eRUB8V7Bxm+7wsPeAvVJe00aFJy4Crg6VVP7j9gl7gIe0NUERwvQkIdEsYbdKeJN
-  dYXRZpb0b04R1LbVHyBEwiYLlu9MOoOGyUAiBpLZ8tQkR16c
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTTCCAjWgAwIBAgIUFlIFywtcQcYC2xI3UblbgNk+WV4wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowETEPMA0GA1UEAxMG
-  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryjVV+EJMk9u
-  SBti81l27euNTH3Q3Y33GcBBPOLt0Qz/NtpMsQezUXNEdWsCdGeNsa2xCoBriuTl
-  EhVUPLWH5p4lNXvln4NRq3AWhPiXYbyA1vLA3iJeYcZR3vcqYBxNX9E+0j+FhXm+
-  GpHIEi5k8zYPswxLnAS3w26VBBVm+dKW25A3UxBraHddWLBAPbo1ppeTSRIGoqPN
-  65n8VZqQ9JEiCceaWr+nwgWJl/6WarLKBi/LxFl9IPK/vecUb4GhycvsGr7jYss3
-  I14k+7lu/RJAVMYL74qbfFgYTlXcbqH+cPUgwaGuw4jFdHEtnNwtI2tGoFyOUwme
-  SwqGFd8geQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
-  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDgLNPKbSFXo
-  RM8QAP1LJHtWXhSwMB8GA1UdIwQYMBaAFK9rn2m5vHgHqpXFxQzsn58wzatjMA0G
-  CSqGSIb3DQEBCwUAA4IBAQADAEE9YtVEUYIB4AZmjT1yRuQuwBnbzJrpqvUFErHH
-  tQ8z4wdleKw7ZApLZvwBtcIx9Qpo3Y9mkSVlDqSAxdYLqRmAv984Qg0RhwycT57o
-  wQIGPwdk/wG5Nmv2IExN/5UguJ3Mya8kvnaZQPhGhMDZ5hcOyX5f+vIfiQrD9qVS
-  CQmV1iOm9tLjPu/IflM3n0u+sGb45tENzNWGb1BTrkkuKOm9mEfU74bmFm5qCfqh
-  76nlDW/YFFc8/XSfAba2L1kitKqa+GTxmWbsMM9zCpOLiRSlIKSYJfT5fauws0d+
-  Cd/0bNwtNhVYAd23UW53n07ZgzCONsuijcoF/n6G7y6f
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDzDCCArSgAwIBAgIUcrxkdDECPSSqLLZc2VW0kPtFnWUwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowIjEgMB4GA1UEAxMX
-  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-  ggEKAoIBAQDvEUjB+U1x0YjwcLrTxpeCkCmZsjD3+qtOlgoks5ZAy27fsNDLqOsp
-  IbvpgEyVFfFyAxn05gNBjjkwkPKHIkhkRioMD/UjvKLo4Q/yYuI4dJmjZhOwD+L4
-  xMeSHCEAplNzJCryFNXnfaTEF7voiepJZGhO6JQUs9PUQ09Tz/ZBufMraegTycyS
-  zy4cje02lBRIilYYyO1TBsAvKCL+ZPl4VFejzSb+DU5DaPexR5j8apfm6DrTrEfp
-  /i+P4ze+Tusma7qjejIfNyIRjQb3v6b7brSK0Rfh4e6sJU5RCQXTVXs/iiQnyQMa
-  1K72O98ayICYf4YUYYxbm65DRkWVNT1fAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBSmCCj6C9jykSgmhTndgbanP4re5zAfBgNVHSMEGDAWgBSva59p
-  ubx4B6qVxcUM7J+fMM2rYzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh
-  bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
-  b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
-  r6f6vjicMIerY4RzbW9659/1V04OxM9OXeUOIeMm2fILxDrzklhfS26KojoXgQv2
-  qURSrXBbxfjZpesF8wxGmrP3978uqx69Zd5tWWOYt3dBaIZBp75m1HbkRJqAAi05
-  fgwXCdj63EF5clVQVO7RzROkyv+R/1SCMrpFDVR5pcDCbfRIHY2sEHCPnBUE/oHb
-  Y11220Rs0HMbaiOPuT9ACDrFFXOqH8ysR/7Gs7YhO7BIyKfbYzAyPdzUybhpuLTf
-  rpEFWbJzJwBwjh5wCe1XCH6fWzJeVDh1mUJV7rX4V/ALd6l2LTE5QvsSZYArpeni
-  +kNAaixbdat3STIfmKuTdA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIULAwhC2pWdEvhanPLXeUZUnY4RCkwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDbRpUbFpRhatWFQgpbdzpY0YTQ7y7nzN+PBDswUjbgVqgk
-  sfeLox5c6NXt8MJFYqmn9sirZ/2Xwi7VscksaPIdsGOJuFhSfQxnk5Ovj5Y6Tpk6
-  un15Sr3Y4bb1VxzAFJKUIDGmURHs8qrW7YfmiL4xSBFyPQSgc+PQH8UxaBNgtl2s
-  tSGjlwyOZa7Nf/Y1CcPazODTt/fU77HrQI3h3L/H8MtwNeb/fpBo4OLxQoC5cdaZ
-  TZakxgUQzBduoqZXaZH5TW6gPrBVygkIEnJEHa8XkopmNWUu/nWKfpzoz0+JmZrM
-  QvCiysWWF1zVwlIdOeiNh4uhE1lJZ4Er2ENDI/lHAgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBTv3NDLPpIE+uSGXbWeICXVwuAZvzAfBgNVHSMEGDAW
-  gBSva59pubx4B6qVxcUM7J+fMM2rYzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAmuvGRQER7PSYBviPbXFFQp78WIUTOw9lMzrfF+/6NFEwAByinnDDEVzS
-  Cg0QLRHzMSK5DfEPQHk2DGG8hqb3vY591zNQA4KPYEdRp3ZwpjQDvzaNGC5ClM/j
-  kPkXA/oSS45nsVHemIY8d3PHJ1JEhzsS8Ivm/ZVNi90a1CovZ1zi7RsB1z99D/SZ
-  VhxjW40v+W16unfkcH1EWg9nkX2h2bXUGRQST2Cjmv6QAdtBZRxMBkJ4Sv44kKQo
-  5e1W4zlWzPYcx+IlNGscQlXgS3aLKT0eHUWv4CH1E9ceZFfIfMsQGl9J+Xikv+70
-  Ta1U1Bn5ncIR0WjLgWb3S773bUC1IQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUfKNlvZtjBObXivMFqpq3ZLGbib8wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQC2Wq0cnLV7lqV4mPfNCvoTrzfWwWGASyf3aECbx+HXr0VK
-  gH5oWrLVVeW1z3bQpJ06oJOuYKHUH/+xR2vi+6a2iUXN0AyzuFotD2ZaNxwtWWOt
-  sStpW+RLBmy31D4Vfw0Ag26gSsPFdD+buOxAkraHUpHRBxmxZqwFFiUFsiBkYXds
-  wkUbT1sQwT8Rg99KEMjX4eF/p3M+xK+c+u5L4ft6HWTGQavLU3oYWEE85YQ1YAEp
-  Sgo5yrOsbpBFknHDJmjkj4Nvo4ktJm9P7xLnEAAvLTkIJTaE7GYbGS2pvwPBcQpW
-  n3f8rLryO1RlxzFD5xyWsUpm4e+yzzpSi30TycOdAgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBSAJZdBVJf+irB7Uj5Lr70JkSgw0jAfBgNVHSMEGDAW
-  gBSva59pubx4B6qVxcUM7J+fMM2rYzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEACQIz299bs9a92T1kq1Mu2XNCYCemAqHWgQ9NCG3YIaQbZcMUVaffpKhw
-  Kx8CkuB/c11pr/r9/XLC9QJAkQRo82NoaAWCV9kVHsvcZGnhwhpzG/GjFri46tWx
-  GwZCUGGist0A7bWaACcVtXVD3Y4d/CmV39Vu4Ht9CKnPZIQ4Pfg+73oN00w8SFoJ
-  zEndSDD2WBsXC+xRcVEG6Flau3/80t2fJ4bfDWuq6u/Mx/25L9cQ5kF9Da52+u5n
-  rzX/TVBwOEwrvk9LIXHTB15sbU6QIAMEsrm4Ox2mnOxZP4yBtOA7Y+bXLQuKFwle
-  Ma2jaTt+qcVz9nKYUwcETuOoAB4a8w==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUQHpY4tDsfO1fBAD63CUp6M/n4rQwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDNC1pv/3Hl8gDKmMchhQ9VkWvd/Yb45hvVPlpXK2jKoWDy
-  8lHjaEZxyRhkJrcvIoC20nFSjBCL+jrN3E/kZHGfdV6JLfhMQ0cRUS/oJ3/GWaAI
-  LIBmKnfm20i7AcN8Wxx6sqDUzdS6eVBzHTuZmzb7/MHAoWic9qf/UGWi0Yw6OssA
-  DdMuBk5YPU3VW9nbyNNWm1ZGmd7Ke7Myk/kFEAp5qRnmN8wnKRIFi/RFkMV61mod
-  NjiTheDMF0giXqydk3xXRhYb/FhpdKcRO6Uh2jue4eky9pHioPZTeNgzdMje2gVs
-  +RqO3T51p0Dkkk7XYd9wTBVHyBEOZ/wL4vtOzPMJAgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBQU7zZayQlCEnE4QjaCSwjHTpuNyzAfBgNVHSMEGDAW
-  gBSva59pubx4B6qVxcUM7J+fMM2rYzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAh6oQWLOyZDG9XHZmz/DVNQzHgB9RTglSwLDpDSdT5oKphaiR1dX4T6cr
-  H1ab8+6i+lWeTIL0yrG+f2gY58nSHMnu0K5Cp58+XcQo84X17m7JT8N9UOXQrDjt
-  W6gPPpKKdkl/l2KvkzXMrL9b2trdAIHEelzVEJkwlo/XTeRXrKr5OrNEJjOOC6P0
-  v1SsmQODNFtvd17Dfdddue9WslWTcoel78SjiDyDizmoVWPMq5AQcAhWPpaMdDJC
-  M1j37c0013TNWbpwIWbybkiDZp7yrcWTK50CIFuJ4zYzq9yWk+m+zffH+gXOTXGW
-  mjeEnOjI3myldp19hKNUP0FTZlmEwg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUOyFHCOY2JB8aTjCewOdSjdFe0PwwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDgyMTIxNTcwMFoXDTIwMDgyMDIxNTcwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDDOoKEA1y+BZwEdAgCT8sbM0VY2T3+2CfKYd8EgDvB/3bp
-  W0iHMkHD/61cJaJvoRUP2/quvChJphkBwvtzpU+5YrOsoLkmTrsFl0B6Ghhl7LMM
-  pNjNcype+OyDCL4kLdhV+Ak2TfAWzQIF3wHX33DsRXw0gE2IHbkxJrjgETUqF9Vv
-  ygty+k2xySCx91YE7EH7eHAeeWF0BqeepU8VtsQbDXNtKRB7ocVHfvIWNs871KGH
-  Lsh6F16hCmTv9Sk2j7saHVGXBc6eTSjQAaFHGfb8o267pveUcQ48EVZP2F7cB0+/
-  qkjat9tQG0jEwc0+tA+QPpo1BAeC1IAKo20JkxB7AgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBSfjaptZRtJHzNAR4kBsOMjx8Sh5TAfBgNVHSMEGDAW
-  gBSva59pubx4B6qVxcUM7J+fMM2rYzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAnMgfhCUJU1BpViQCvX5iwn55dB4OVwG57lyK4qMhFXcupS30b6HwDpW/
-  aRvUVMk3VzrkcIarcLcvh6bgqo5D7/HXjdHFZXPAMUhwW0cA2DMfFvcNQzViAPfv
-  48WC7n4rFyVOYjiEKXE50nzDY72cvFzkTKR0FKkcVC437BHw6AbDgrzTuRZq1D43
-  VPvuk9a4rgbJ0RHex+fJsIZBetxNrZIISgNsz3RFDoWlXyjl4mQjkFHNjhnUSdyR
-  v0UwyQBY9XvnOiBncJugMbmF0HkjmuNR8qpXdUiRVgRxZFh9iUf4iddS/Sd4dMsK
-  XN0jjB7fs/57EWTMYjb6MRObsPn/qw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1jCCAr6gAwIBAgIUGhAQHVIly5YAILgSwHjEa0297x0wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAnMSUwIwYD
-  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
-  AQEFAAOCAQ8AMIIBCgKCAQEAwtW5/EEeumaQjfxrJbw1IkRYJlmYUH8cE36ceXCt
-  gS3wgN1AFKbnMZsPCASpVOKyHy7fjgCk6uJ3+Hm6gKues4t74ucQxTMnfY6ya5b8
-  AgSadMz4XsLjkfX5jcz9oAtqWqRJcuJA/8CszMkAIb9ye3SFckspaw+ONYpebz+4
-  GUzP2aaHQLORAn8yHxgp0Vzo360J7uBU2gtDhqwcB9Egst8wJj5Q8nZnqhIOgrS4
-  DQM049lD+rySZLh/voSF/bHEC7DX7E3wyc+lXgPXKElfWW9qOoHiaVMeKZGvj6qY
-  cJyBIDja1UevfM71CxaaHrGUBUhgN62diLwupSeTST+KqQIDAQABo4HsMIHpMA4G
-  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
-  VR0TAQH/BAIwADAdBgNVHQ4EFgQUXlu1vVQ++20j6Q8i6j+QTrPQ1ZgwHwYDVR0j
-  BBgwFoAU7i3MgLYdmM4HeCFmiyxDv4pdQ58wagYDVR0RBGMwYYINY2FiMjMtcjcy
-  MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
-  LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN
-  AQELBQADggEBALw8ICjtzPPfEjNCR13lDl0Zloc4sGjWjuRXqKWArJv1CYWz2M9P
-  IfkeH3OXZBwar4uu+UGU4IB1BxOs0iTC3izSVlyMC4gWOZuYwAhlpi0fvtZ7jCef
-  ZtXRMvOhQ5ajY55JCtw3mEuojyhNuFv6vkWjQoUs0FDzYd0Tf13z1CaOALiJcVD7
-  qpTSaQlD0uisya4Os52enqLGFTAgOHf7xvKFNBXaES03hGIbqBhQLcbc1hb/Vmpd
-  askalnseSzv+xWuKokxS6ohYIxBkyJStiyo4WNvWFc+Vz/PXdORRMZWlxKJRrbHF
-  JHGxEB8+FC9ABlpZuRLWMGeI2TrxBxHj6R0=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUBpSxrFAFFcQiSr2zK9WtUanumSUwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hdTvMRTiNeZP7Ibd87+m9Wa7BWjBe1U
-  JoEVTRZh664zeoXKk/MKRQhmJMVBoO8Ygv6EUacnDxOEwKdml100DAzyEkQDYL93
-  IrWBAx0wNiF4zcIuWfNiYjZlxnNS5PkOSOH0zjHiPMX3H0+56DPGcZxKttxWTcDg
-  ZlSXo56cvh/lrkk3DZMd0pZe9HcFI8ej+cvpjFUp4DMX+8j6265Fn9BHHpk3ROlx
-  /g/tUlqO2Di1rIiCfNdrEyYiY7BGlIHw+/W1R4snSVt8OlCToTySDENkahtw3mkp
-  Ug4HAFaglgyoB/MKFDSyugF+Jq2JwOWIqZ0HdTq9wxsoUD/6o9P6cQIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUOhP/cqGZKqCW2rj1oPu4kQpWtLMw
-  HwYDVR0jBBgwFoAU7i3MgLYdmM4HeCFmiyxDv4pdQ58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAG6EOYGXaSMcHMp/48z6iZpVQ3PqGddtOK0AmIpaty2g
-  2YPA6xTjZ6s6oJdL3G+vLAW/adWqRvxa0WCVwHf83kPrW5Wh0LjFZTV9lb0bQVAL
-  FAfUXOQyu2feqqi2oGQD5mSatYBc4RYUJVdeveYnSlB3u+V3a58cfbwI+EF6EcxJ
-  h+6oR+0+yUA+BiALySTB64glk/ViZji9uK0LzUoHLFCI7zqkjg8xm1S6YLlr4zGU
-  wlBiCPdc4XvXnVxAAJPJCHlOAgGfjFfLCHranVAiyEECA9DZ/v4EM83Lrk2Ips8X
-  zMArloqOuVcROMogolPgXZAz+NkPMgmV/mxjp7vqLfw=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUUgzx2uiSwMi20e+BHbMx95qYY90wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMy8INNxvbrnpVwbIUl9F4AemqSrMrin
-  6rSREH42nDdgRz4aneB+dobQsUpDVJmGnNnWwCkjKQtdBdU9yXeP5sL7haylWM3c
-  hEf0TU1BKw09jV/kN4FEQNzfyLC19UoZXZxuE6VyGMr+jGshbBXsYCQte+kpoxG+
-  pHpmzQyDldd14/yd8PaDlY5mIGAAIopUWetFflqkZlz8I5VcoqYLseWhpWU0cqWA
-  KhcnxIF3p93GXif45Ji06WzVuJkKpqaO1OQPmJnEbyojB1y/Ukt5rTy6RK28kMHY
-  mDv0j5Y2UsWyxYw0FK3S/jx+WgT4nNaSvgn5c0VJfJDRjjd79RhEHQIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUm+AVKpX04AmhnqFXgJ3pwG4ZMFow
-  HwYDVR0jBBgwFoAU7i3MgLYdmM4HeCFmiyxDv4pdQ58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAGPSYlDETBn7s4t85OeygS8YVXpf8P3X035nElXAisqO
-  OaY/Q2XpSv0DE9yOTZY/W38IT9MlqwhlsvFAzw7BlOsmDzXO/VaXTlDQgiloZ4dU
-  OYR1OiNheYmmgzYdcUbU2xYYzeRW2scH6xk7AXY2b1HUFpTaUoBOiB4gEVAifAqY
-  HXoTmyOaJsQh0sWWSB3/w5dAcWigq/ibpV6Qegf+wcSMKZy5W6e7at5XTQns+2oj
-  vfulk1Pm99c2tNCjeGJI/5e4QFOgxrshXDNsXbrTpxwWtF1SJe+m/Y7BTW5PZosR
-  3f5efmRFQNwXAjdEYBeLw9EZbnEdO10RfAWxPtmhSdY=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUXIQ8cqueEUF4iI5aX1KvkEe4jj4wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn0jLvr2XJXoSf5IaFWo3mUcbTah8wsP
-  jC0DJIOhZEbrCJAMCMEiJKmEHU4Xedx2rTPuFbqNrEr9f0BV911CyLbxFidksOek
-  wdcNq7kTHkIe+2d7OEwzJSmNqNH+/QD4hXClxYEHboMGtuL1rusFL4C9pdKyPSKH
-  zKxF8ssQKTCgc46PaqlI2oKD8NYtVbbaPeP6v+nIKX7J9bWWinEu4vbYlLy5oqkl
-  A793pXfs2lfeWrDQT27v5O+N8JDdfSlfXwFyiyqLYGu+cTGqfh6I2eoEV4DNYkRn
-  XEnWmvye8rgh5Z/DELBvTIGE7MSGKvfXhsgzmp4eM0n8WIg5O0jr8QIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5HzlDYp9h3ySMSGZLZnBxvQ2LiUw
-  HwYDVR0jBBgwFoAU7i3MgLYdmM4HeCFmiyxDv4pdQ58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAACqgI6vcvu7RlSV3FI/GInnJIU51Uph5EY3rMGO/XLr
-  IVp4C+lbDVAjBxMO+IoRSMJuDFYko0DhFLzdesiQqGhfaY1KXbzXRcS/8uWXMFVU
-  DQ/j8uP0gECoEbnVy6dmuiTe0TRjEvYXwq1+Yp0OWfG/e8qfKDzx5hY58fA5zH64
-  jZPKa8J7XYrh713LZXRU7ZSnflicpCXBcAx8lBZ0k2+lHGk7nB3OpRyYNbS35az5
-  OGbBj1X9UkuUK82mjbj4RqBg/5zDVS37b+29WJp7cyc++TR1YZ4ubQOz+ZRbduSe
-  wa1aJfUz3Cj2UCD1s/UvOjHL+YlcfyzFDFoj+xJSaBM=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIULLSpU8Z77mDv+SYwb5UmPutncNswDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlevTMHXJ/5k2FkR2ReY7fFg1l4hnFiDR
-  LxQTmb7DgkfVgJqzbDqn8fBCAEVnCByXcUK3ekZqBFOumUO5YpBdSduz80u0C1BT
-  tI3F9geA86QS/CNjFCQjMqPgW656tQ3iYANGajSpDAatyz6b9oGqvbxH51HgTXST
-  ztsmq4IwmC58435dMNtsGecpktBm1KKptjxaosfL5xV0sUVszN4wYZxoxWhKhB2P
-  sGYBObfJ8I8OCnUUKztLxOrBmanhB+aBmhXaiN/9bFU4yiZ4JUShhaSeC25HOLpB
-  3ClSaVk1po6P8rE4/HZbgDu0VgJ8X8gbTaO8IBJf7Ndj/QaUHckH7wIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUz93jAg2jNiePXdu89xLTmyDEF28w
-  HwYDVR0jBBgwFoAU7i3MgLYdmM4HeCFmiyxDv4pdQ58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAAWSUqYk9lysF3vsjFXJkX/6j2nBoVEZy02clioUWN1T
-  cMPi2SElNpeq86dZjXUe/lmV6omVMsyPOJnIGzMlI4TQTNslF55FUFhgRkpXIwW/
-  fazl2NuWV94sE2LJKzaJ22EFjop6bLTdTBWxwFxd1oHKIhEyjWyHvxD2WVmeg810
-  MLU8D8ffXk7aRVxKw0WlOQiwS3Le0G3fuVztY5CHvWDnq3Qfli2A5U1wbM/MwfPI
-  LLTXkjTXuSF69qeKTo+6qTMc9O6Rb/fqnGUHmKJPJxaauJtnqnV8AIJ2ouoOPNFd
-  EgLwee9NO0ZHbmM8MeNJ88c6v2aoXqiyWp/YR25HbN8=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSTCCAjGgAwIBAgIUD96SOuzQIdA3rjjo6eSGLBSiYOQwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjARMQ8wDQYDVQQDEwZhbmNo
-  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+sAmIYbc6Ta4OMy4M
-  puPrPNNYp7vNbDgOEQV51qr0zBZ6DFDD1mXC5Kwjin/JOJo8bQGCLBEydzcHYhjv
-  mBeO6E+8pNnO4unFNlnGAjWVSNAiwoGfatYdo766pItQtCtIMLubGb5NQkByEwnN
-  z1yehT+mPYw4AwcFLpjI7FoKLGYtoeZR+h5ToDi0wPw10L7eTaIIvh8+CETItWQf
-  RWCIy+tlG1YQ9dsYkbcSkGjgKq0jNN4R3imGlZFwyBQcIx2W2hSoMqxl2vKpo+Kq
-  AOI8jggQZqXVJ63XjMILJ07OAUIEfQ6bxT+gbWu8HCSJSXGoBEUgjQGIVL9qFn+n
-  7w9fAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUe9NOEcPw4m7Lmk8g
-  YHBNtmrW+0MwHwYDVR0jBBgwFoAUCr6tj1HJEd2yW0A3635Ab9hlW2gwDQYJKoZI
-  hvcNAQELBQADggEBAJp/WfnceBHubFUALwOAqzQGMMva9CoVat7LEpz4h719Y7ho
-  2aI9lpA+y2wfyjNPnxGsSynx7O2LBJdiyG5OmKFz0MlC89jIF+VQyM++u33JpBba
-  mq1yG1vyFdP/VtGcctDuSf8PYX6ij3hFKFThFtjG98pzJrsTDK6b3JuJ0rV5SDlB
-  w615vfymK6bkKqoZS4AeO9IIa1MtA0ocGPoLrt+L0eC3Edk0OiQElc71t1Q38/fR
-  knazBmGGh0hFTUHRCcJjNfu2EWnPW0ROJlwXt2k3HTh/LNw43sC6oIefj9rx3U9e
-  0tucU7OVZ1HQiFAvh6zcf2ye26jOgyIVxNly118=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUcr5c5i1BMIhh/JyjUVBwWVwHl6MwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEAxPWKhECo8V+5a/mUDcG4FXO2bX/mGQTk9uFL/lfKZT3uY7CK239UYu2W
-  79Tm1+AaoUs6TrHkyd1wAM3DBh4bvO+1U64+2PRoMj1qPKKLO1yAg9W2QBcowsTx
-  gKphTc4HP9FxsQ6nRKtAamFDBS0WkE0dbmQmdLhMB5UKhJDJYHbbrdkpCIenmM0z
-  AjWpzGoxxS1tHvdU2th2SVs3Wq4SWQrakDaSRYRj0Z+To8DtRonNFeGv+ADXwmM0
-  2KUHK5Momd5+hNsmqnGn/UTtp484DA19YCPKKqCvdteOcTMVmgh1p+vVNWWMQiWn
-  bYSaHmtAqTDeESYm9RmKacpcCwZvPQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQUOE7Ss3IA3M/yeRPG+8VEPqGU3EkwHwYDVR0jBBgwFoAUCr6tj1HJ
-  Ed2yW0A3635Ab9hlW2gwOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo
-  b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAT
-  6F9ZPo6S+vFwX89ZMliOpQC3Rn+902OUf2WQaA8L4VjkWz2akUmBFdHSaZ9HKT44
-  qroDaJiK34vRxgvx/vR5gtuSkinc0Zcxd/2En2PF70SQzk7MSgvf3JXy9pLl+qaP
-  5si0LwV/H8kLh8e+6aD1wzOnhyvRj6VhIexgwf7Nt/uZTvIvY2qdOyk2fNJhElZO
-  2UNJxZv66V6uz9JhXB5iNtRcdLLPmrM1LpApP21tsvo22l1xehlFpgALTw2uS3iW
-  IZ9/+SL1E7r4IhzFii/3MBZH+dPTp+ZGq2kWvY+iEsEbdT2zP5bkYpbAmTo9gVHQ
-  zt63eqIUnfa5IiKU2jHe
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUY67ba511bA2JR9XhJtsF3CWrOLYwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEA2DBz0wjhyQ3882zcjSv6SVOFrgJxIY0MY1PeGXsOiMQp/TutK75SZa4B
-  R8oTKEcqm5W4PO10lclmXdwBtC2O9IKqY8HhB2n/kD+jHnSsK2KnpdN6yyXhCRWY
-  cDKC8ldb8DmsfefKpnDwlPNUUEG5mR5DpozAgBk2rmSglgpETT+yEAAk+96XoB8j
-  OJHPaU9te7nHY38OrKw/75hVm2iILf/HCjKx8q78mLEvY6R9al7Wt2bVcl3GLAdA
-  hz94nd49cqZEvOnXSwCdUDuwjZ/1ZVqteSBcmeioVd7MHVJIYCY/YvFBGCLtfPFq
-  R8IoJlejYKAmg/feWqatYc5/cpZT4wIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQUOUqPVULULCgbTm6PbilETkPwTz0wHwYDVR0jBBgwFoAUCr6tj1HJ
-  Ed2yW0A3635Ab9hlW2gwOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo
-  b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCB
-  LZ1bP73uLgnTgZadSn94+QzrQw21Muk3Uycn18cg9iXRevXadAinVacrVv7402Nt
-  XpV0gqya+j2+FvE1MIpfzlXebJXn4uFpOE1zAbK41jnr0ggtZkbo03N9IHjhhDDu
-  ykR6Fop09fu5ZY9KhXFqc0N8MHZsvfR4t8tkKT5d70DfkqApjCQZ0KrchS3JPKWw
-  8a0q8ypZVKowiyjJ48bF8vJJVAsjkSeObvc7zieip5MnSfZqkTjX2YPUYFwi/dVs
-  lGYSP/lSSZZDOg5X2ThOAAFrg3OqOLz8FX49SCVYASvfYYrZH0KQXCNOGUbgLrkk
-  XMPo3w7vQUn+nD0uH54q
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUOyC8uPjxB+l0ub9shHeWk5+GIc4wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEArqfjiTlogGiQe7uwt7xl32AZGP9E3SYxJIX/mR/suK1BTftY5K7RnLJi
-  sG6yrYSuVANCW9GTRkVsJ9bKsprsMyAIiCvIlgp7NJPbNgKLGPOiScgWBjyZz2cQ
-  kEP2H5ePQmSWM0HjZklOP4uPkjnRRuREuXTVT61RNY7SU8fnJusWJs5+Ih8rPsRv
-  GV7eTYtXOCSLGbk9f3RxxVAkqiAQ7yEAtF777DWIkLTDfXKdIlYZYTovL6MD3doG
-  GtK7lJedcvxWlAsedAVJFLczaSfFWztgKMnOxiDyyiNorwrCMlF7sbRDWgXrb7io
-  R3FlpSkZAra1T0WTlNKu30BSQqeoTQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQUqYseXY3lX7Uz4o6q0KWYbYDs3lkwHwYDVR0jBBgwFoAUCr6tj1HJ
-  Ed2yW0A3635Ab9hlW2gwOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo
-  b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBm
-  56l5PLYrY3gyUUK9H07fIU80eWbtyJvPfppC27wT0ENbjscNW/v7in7Wrkiz9Uzj
-  dkt7zKr7Ut1oDA6nB0gOIwskt/w7ofTN4gZfS94N8IPv23ftuayLZEl8K4VJx4Vl
-  fqpvbaQFtQfRnkYmSZqnOr2eSddnkOAz23prW1BswxlmWAHIcL7o4ZVZpQ8BeE0u
-  TCELTfwGlhoni+VRVXtE1CbO6SoizYwLhGBQAuu1XLFMml0qgft3CWMQXmjnRUwx
-  KqdAT4QF1Xlvc0z337UOClKWFijbP+nd9WyeBBQe1VRIKw5mFA8pu3fYwtc4DMBO
-  CROhYX0LtyNij0u/3RN+
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUe/9ppsPspb4OCdz703AP+7/usWkwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEA3i6kUMEWW8K9OBT6gv/qyD+obyahNam3gQ3h8kvtO1831noaohIvuMr8
-  zFVnBBx56Lpqp6HvWVQNTncJwy3JYqBdKBARsYRooLj3ycvyxPt4DK5OX6QiMozh
-  H6gFrRWcqf5j075N0WVlyOZgYUKrR+xXp9CyEuuI3WAVme/0f/3tLLNZ1MKdRpjM
-  anAGyAumdEBCxZCqJBRRWiXQJl8Y9CPZLuAMXI5TdJmgkjWPbev2T7mk6cwDzrv3
-  Q73C4zG0n7EsMUYnCpeK0pjoMh31rBVZnv9VJFt0F80JqIa9DmP8V9JEqJdBhLkJ
-  POY7l+q2SkptS6IsaKUKoCYu0CpaIwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQUJCF7PVUNXz0VhsaknJnr4KTV7LswHwYDVR0jBBgwFoAUCr6tj1HJ
-  Ed2yW0A3635Ab9hlW2gwOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo
-  b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBl
-  X4wjK7UkfMFwK7vhXf9/UqDbocICwBazuW4/f5C4GnWkPP1AVU3EN8YB8N3/n8Dr
-  v/QC5c9C8LS6LnMLkDKg7EoxVZJPVt5vGNvk58Rf0a85Me2A68IfwNoSCV4yHLC7
-  NSdfNIJEetD9Ys5xMGbGCGJyaEKux+X/t5zUVfuCHLxtaw6ZBYzu7EVP8qiY1WST
-  nAFxxoki10oZvJ7H8zB5RqfC12SwlB0qSx1xXttHZ/pQB6ErjGuLEEEw+oJCua7I
-  Qbmkch3nUOltvY+LjEq+DnXyTc9MUvvdpVJvR7nF9uDV6WwmnDhyVTh7HiBduY7P
-  s0fVPdqXDYwBU4PBP1Z3
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTzCCAjegAwIBAgIUKHiqzwAH6lAI34ZsknKOfsiN678wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwODIxMjE1NzAwWhcNMjAwODIwMjE1NzAwWjAXMRUwEwYDVQQDEwxjYWxj
-  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1mjzogItf
-  G4x7uhoRO2zHe5osm8LQDAALEIEYwT9vKJLtfpoIbIiTvnd1es7qQqoEorUwivkL
-  tBQEiwmoX1w5Wf+Sd2zGDDdRYGBwzvWw1Fvru5zj9CEXPj1shbHJ+gbhdwX3nr1U
-  hDq29ayuWzqkP0uxXdBWGHGqPYchld3rYs96z3Ic41Spaoo7ndp2xTalYJoi9tFJ
-  DSYr18PpA+l4OO7r2T97SzXYgUhH1J9itqWrzvCSllROBsWCXfAKZ6XZvOvvhxXL
-  soW07irVRRLb0LeUrMHsrFxwLra+epMhtpP/jHg+uDqzNBbtY1Ygere0XxLOnwNK
-  Su/8gU18v6YvAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjuDDbb8U
-  th98EKbJIQHnlbeBVrAwHwYDVR0jBBgwFoAUCr6tj1HJEd2yW0A3635Ab9hlW2gw
-  DQYJKoZIhvcNAQELBQADggEBAFBkBLOZzUc4ixXehx2kIJ9UO4eyp9kZ++Jv+U2N
-  xirpiG/dzOt6XOs5A1FP3cv+f3Qr2iwQUk8UGMc5cKG/cUSCtrHdXsHv9eQfpoSn
-  mxQAORQTIV/5myfhDX8eiWfXIQQfDalktUqnPviz6fqao5jRK9KjbaSghcR1Jk/2
-  2GFzMlfzmthC2sHzUTuD87v5dqDt/JqObLKso5Bet1BiWeJJhGZPPFuKDg/CoZmc
-  7+qARv/JR1QhIqoyX1qpHvwBUIvbkiuAuBsnbuNmeYpzyaHdgRZ3PHtMPzialcSd
-  aspS77Fm5b7nTtmFQvPTJzfmCZLYLu9WnOMWGlF4laot3rE=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUJ7vn0Qdai9QqhOBpaPTDmLyftrUwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBANkDLIZqMyMqMeUnjxNLkbXFyBaTFFCWn4XU4G3UEMhe
-  X6L6k5e66lVs/nYNsx5bWPR9OAbucXwzbxv0ZLjdSflROdIamZvtDjuK5ZuYb29m
-  wdeNClK774msx+6aV/cgoPrPSamapUq5iFCbnuNQYJAwP9Lj3gwRiU+QCORsaalA
-  i4BmR23j/+ZzA8xKyCrlemkkIpgKX9ImBtZBVf5MOHbhvOGHe6G6WvW2hqVSHDdG
-  kyYtUOnO0IHgIxO9R0Sa/AYafgz9gdXic+rSpfGa1GSwHlgxTyqskMe7yHEdffRc
-  Svp3A/tArVvo1eJA2RS3Q2UTqLdWMvmaUoKsUEHuSD8CAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFLKj8eTRY8YY+K3pBB3H0RXkGk9ZMB8GA1UdIwQY
-  MBaAFCO+nZUHeaoDUEkoCKoQdKxzDLJUMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAw14eaB8TjUdrPk+GAt1rcKnMXAQcTOFezCl/mTcX8bvm+UlnV8mu
-  eyKrGR80Ex2KGBS+9x2cnVfR5DLXBFRT36PVLFJWyaGS0m2HCFRXLPOBaq34FQco
-  W9JpTq3IRt9hWkbLnIPvENf5zrpeVhciaokZBmS1CDsnYr4DGg3SNvDqIeRJwtAg
-  bfiMsyoU14xANzeGUiChZxH/YhDUFUY10ocrQuE0UBbdvcX0X+TcG/72cuuTgLqm
-  4Wc2xY0xXTy5kVHv0vIJqW5gjI6nyCYh1TIYfaNKFL3yzKjihwpxEMKC6MdY14pf
-  wNdUtyJ7POeQLA/81gKlFwwDZ8xCLeohuA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUPTii4kLF76dTEgXWjXe98mKs4+owDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBAKjUfuUMZfQrXrs098y2a+TBdo7q/oqK5HVyHnl96p4d
-  zlg19nXy2RNPjW3EuVJJB6DlpbrSwW/n472tqe2fZa3rfX7xulTIcICz7fJ1s7x2
-  ny8+Ak48w5Hf619HDlJ54Se3+KUeneRgU8lAe7qE7PxFGEE92qfX9Cd2vIV3Sf/8
-  C5+RIcWY3+XFiPXJ96jDsREVWwfWmCwBBiJaSbQ1qGLAvqisqLnH9XPsBx/9pu1o
-  SIYuZO26Dcb4T7I2DdaaGPeMcMM1f+We63hSFUIAwU6Nxz38znHmNr/7WY3FpBhc
-  Z2ErgsHXFqMmn6552H/yfN53XX4f1HmksDmkhzneQYsCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFKPEe00gFvwW0mi+difOIl48CW+iMB8GA1UdIwQY
-  MBaAFCO+nZUHeaoDUEkoCKoQdKxzDLJUMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAvU0mnmNzJPtsh72hCLi5kSsG94fhLJ0ragHLslFh8SS2usYurKOC
-  lf6vXEM0llkd0HjNtm8xNi4kuvwdNZlXYQ2WvCbj+2bc2g7DPAUc+YIrPG3H5Rgk
-  Vg2dMgULDGzVvTlQP5b6wiM4x98xBNuq5aQv6JkSepSrN0dprqV5Ve12SjywsfIF
-  1zfRZEJ4pean1B9055/dMKV0Yt7vvPSnwxhTSznTBhPKSNBhDH5L/GSbdnYbwJEE
-  Ah9M1F9ONWHZxvV+khVn4nzSoji6Q10qPtFX5WiTiBW/wyib5Vo14VfTYmp5WnsX
-  xJTFzFyVPWLMtNdn3Q0y6Lp5SVefNTS8Ew==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUP4SaL9E1Fh4iqoCEhWwHk/h7WCcwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBANnzlK8pZva9sexXfmxqPBgQFxy3eX42iKm6Wm67KPGc
-  jj8qnDNYL3QPtVRmkxeaBwnurI2ehGntDslklWh1S+dp9TkAZ1MsBaW4lm7d+cr1
-  WciEoqfesFdmi+XFqpK1J2sjr5uOunKVeAfHzx0khJjwinfvIWdkXRbrYls9LdGX
-  LOBsbmirHsKIsPD7WvT0omt0lEw6/C2FC8yYIeYskJqdQr7YL5ZGsox0xyTygaFc
-  oQvtV8TB7vFvELYZ49o05PRIh6K3oo5gmHSV4VXCtLJoJa5HLXihFy49OpNZPlq/
-  /TrePtEYPzVUfIPaXEPbZ7iXGw9+BKhC6ACewO0ITGUCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFOal6lBOcyZAt3p+ibNtI7VpK3DNMB8GA1UdIwQY
-  MBaAFCO+nZUHeaoDUEkoCKoQdKxzDLJUMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAbNtS1EH7fdetaxwXFoD/Cc7t2fxBBF2g0VpJoTOtsAM7GZRiaX1u
-  WSYpgKYGdf/t9PFp8QDSK0ymkr7An0kcNvpNWPUW5ZC4h2g0aWflyT/k+2i2gwUh
-  q1nXWrbSuAU/uG8wxsRA5OT9eHZoWqEnG6KFXitefSo5XxyuNjQhQkqEU1PiQszF
-  /5sMidLw58QKO2q9VBuYJccGGmp7+7wl6weYQJEP4uPB3XlWh6wBkfYhf3hmNxuE
-  ZIB+8d4TYgyclH+6I1Y/9l9tRuOty1HuDsn9uC1HaXop/gNEKSLT4NDNS3BxS7T0
-  EqYX9ADSuFxw0PuOFFK8HNMuiNEOmRKO2w==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUIIQngy1FuLb/r2HwO86BEJYndecwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBANqF8cQpihWmAZ+ZptEo0ZlSbhjYnSflRBYBe+z5njhb
-  n5irCgaBhsjN0Hq1jjYaL5jz32kxmKG7bzqBmKtucGaA+9q/0thil/cfnpQjcUc8
-  S2MXHs/uy2SehH3Hzw9DfhZc/mOYAElCqPzRz6B0S7R9pAh64lJbiXDuSTTdLaVW
-  zCUKpn5phwBjezJqD02btvLdNp8yIApp7f5uRrd4xW6Xtm89BS7+JtxbsgzcK0Bo
-  i60x3QlMR9acvoN94ffXxYkPSNQJbM39NI5UJiT169IRu5GS4Yh2x4a7qUCnVZRy
-  iwPuZxCYSh1MK0jA6HbGA3mXPT9VbBRfJjEvCz3WaNMCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFH8DHTqbYhaLhodz/V39I0bCCEK4MB8GA1UdIwQY
-  MBaAFCO+nZUHeaoDUEkoCKoQdKxzDLJUMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAzyLf4OwW0KwzrwWYiWLA7CMZyG05/NM6vM+sW106a0V9EeqNoBjw
-  W4NbfDVyspY1q4zFPEBVjD19ViLkH4r7bAfFNHqY0DyT1YrcLQnI5OumFjIQPZ3l
-  +pmi6VuJBV7ogiTqVgKncsBmw0CC1PyZQmUSStoCuw9FwHF6zzPtEaTj9SvX7hSi
-  gv7Gk6ND4DZqPI4/eAZErbXTMwrXnhpqRNpO0c9f+vVZyITqq27RFhLiUg+e3LWl
-  HjBjTiQEFFW6NYdy0PdzPIyHVH5+XYUt6wiT3F9yw6y5JcjmMsaPhoMzZd5QUEPA
-  8CB0QKiX99IbASejdEH246Kk1Ist7kvq6Q==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDWTCCAkGgAwIBAgIUdiEj7aY0xZXzujbmcasj7495d0IwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA4MjEyMTU3MDBaFw0yMDA4MjAyMTU3MDBaMBwxGjAYBgNVBAMT
-  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAr4QQ1HCNZYgb8+quNvCLfdrW8TwaT/4FOVNBM5zy7/tdnAfVtWn3UQx1GdAq
-  ejtdz+wY1fb9aRhAr+yzP/mtsTiZn0noDh0f6T5WrYJHeOCFGSj3YkIohx3t/y8G
-  uo6+kLOgfgmeMwEDVWgSYiEIc1d3tm6YzK8QrISp9WSrPyWdbXzeNilPKJgxRePo
-  fPd2oPWeIHrkDVn8uPbkeXf+0hLlpbjtwc+WavdmCQ+Z3vjkBnvYPMq0wKp1+VMX
-  Dl9rbMv6QXiHJO69S5fWkyev9YY74giekZ2AUNPQwXeDKnf32spmJr+nfe/UDhfQ
-  kl6NQS7HlzGKpcTBh8TG24kPzwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
-  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-  BBYEFMfYygM6jvm0pGGaFSMQQCsJXoSXMB8GA1UdIwQYMBaAFCO+nZUHeaoDUEko
-  CKoQdKxzDLJUMA0GCSqGSIb3DQEBCwUAA4IBAQDIZdJY+0nx3lRKxzs2lnGYdsrc
-  kefA1N8Pnx1eAEPu1kEB4QZcswR/pCi6hV94UGKv7vFJ1HuKHHAWslKFi4Bb71fI
-  ERAzk3woW8YE1VpU4/r2qWoK2firCOab0nXALTawHkV7VfjPyFufPz34hBp4IPOg
-  E7Y1f+Xbp0BkwePFLoGHFvRL1T9cmbeMydKEa6ksDTZYWXJfZ7i/foWqAPYiv+81
-  poxhstb3nSY6m82NplW7vZv2ct7OLYFkRYwVwYN5LVzwXVJwAEVjXweA7rJzRp+1
-  SHx9XIeYtAgTtYfX0GLZSrVpq/Ot11IbP8vczo90Fk/cfXZ0H89R5xxQelO+
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwHaF61fnP7t50/d/SeeIV7h8qVfLCHK0nTHI0LeMqf7STwzG
-  7tkmOXOOpOXzPQ3JaLnvaf0hGV2mla79mhWudlYqjvNGv48lMsQ2yORnloTTR7PX
-  zoHqYo2mzooslneyxSUT4tSYM2HPSXdNngNgEYvXd6J5/LvW7f3xZXkm1oqM6DhE
-  ZgS5FBNpeC6b1rniEeyC+dRtg3e83rLRQcNNaBlUcnJurcNq3K4meZLyeFHixPUp
-  zhLcweFDjlvjoerEyoHmGPX2KrLPEzeqjmZkf01SEqvtzi71+A+/HxZ8z1+qr1UN
-  uOEFNNbjdZ7mkreY92tW4f1a7mIVfpkRoWX2zQIDAQABAoIBAQCsQijQoCeQqlp6
-  9jzOR9WHNc8Vvkcxc4DmZOWosW/LwxA2wmfW5TJKH3xfaJTRY2KOQkTfZzjVvDVa
-  KXpADAHPVoXW1jTPRO51RpsGKS/xz0ZPGc8gvLSsqr3OhGst7UprGyl2TvM+od9m
-  kMo+kCTO74vVPu3R38mZzzzcppe1UlU+OSA/x/ae6YgZ2EZ3xylC9nzO4iGRQ0Zg
-  QTIRGts94Fu8csiftdDXEzwerb7Fl16ELvbVzDyobuz1HA7z0EYdaHLNzhPzD2fx
-  K/foNpOTvHoOBar4asQABT8I1DJQgrTxLlmZTUovk2b8bFyVYzX1knWCqy5UQUqs
-  uTLSI/k9AoGBAN3c53hdCOJM20QZ8BurJGdA9tVCkDAvyRlJbYOgQALQatxjeVZv
-  jkfVpCHF5+qo1hSled995cPoF+iPBWf/ckvxdm2+WD1nq17Xg0OrMz0MPFMLZPx7
-  pyifWPuY+iXabQ2CsvVBJ/0rhf3fd8jV3s3jCrDQKwqdz2rrgw97X7QrAoGBAN4T
-  kSbYOoXAB9LicXUfs43qBDwVeuxHcfndNLVkY/DRohfmRM6mKiLhLHTmq6gx2Mqp
-  +3nGzsklXI4DIEKKbAixqskfvdBb+w+jh1tnckfzEGCb3x1bvYwfRyZFfbUzth88
-  q8E+QODpGIQAFBv/VZcrwE5pNdsgInRlN5b4uSznAoGAL6esfHkXWGyDyIv9vCO1
-  rQwSONqUWBVbj7fq8xPvy+rymSYwwPUzTZDBMZPt7cSYP1UP6YaEXOE0iXp3AdCn
-  v1I9SvNQxtfGwpduFZHnbpx7NKdE6MqyrBIWLey9BnZ1aCqDwBRfv4yiulZOx2/Q
-  7M5w1GvSYvRkwiWWQDQS6YMCgYBFpudwwoLgblFF4EXrkUzUpuA7JBWQw/vIfYvJ
-  lLoPzwBC9LMCCXXPyMYTyEFwmGnBbrzz/dnflrtHw0078YRe2bKSMEVtc1v0FLsg
-  fPqH/IFXe6vn3l099JVxOHxr99MYSwQnsOnSYOmShR/JhDUJG+zN6wu8NYD49sIP
-  tOUHYwKBgEXRGWeV9QcyNDRGiILXhcZvPvNVlfjyCFQSPvNmQ9TsCwGYjmTGLKoB
-  Nzf9FX2ijrSgbmBnC7zxN41DqfZGe4RlA/YVtMintNqNNA/16FZoOViQsNjJIrgF
-  qnZRfGLaC8G3YCU9FUu53rHtvmXF3gRfwItV96d+Jm1/mCr7/lSN
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEoAIBAAKCAQEAzybTHAJMAgCTr8daeTQneklk5HntWag9M6IiBk5VYazgFdr8
-  BzFQ3hWqwjDDA5HwJIUpYFH2NfbkINzhZEiakCewMdRV0IFJbAmAXYHcZ6k4uSpm
-  wbwSmgc7tGt2HG1MVvO1gmeLVrQd27vkA8lLy4e2tURwgSa2XSRWpNbM+Mdi70/M
-  +13Q3Y+8C4CrB0FYVOG7WsdLMXz52nIF1q2k9pDiX9UsAHimxNCscwZU2Efw8bGu
-  +ajMecq+xRCpKeAsjq+0dFumcIX8+DS5AotWwCEbuFSulvwAVtQdZ8tPpnzDPRms
-  m/4AjfdWdHJO00qsTHrmminDTqqNAGaSHvcbgwIDAQABAoIBABytolJhWwZ37/pI
-  3hSjjMeYO5iJ7LsZ2Ic6bf1zgMyJ82fzLisMv8ZPN5m0yHrJDHbx3H2SO0TTTlfi
-  XG3Ww1crt2/elpbMH08Ora/EV7AeNFUmMp2lnOmoELL0oaBj3Uq4aKuKDDdPrkaK
-  Z5HCn3So8Dl+JRksM9kHO9uMRUo3iIDk6iOSFvrD6iCcC3tmmS6BZ0NML7TDCnEY
-  M+1qC8bKhuv0yM9kzm0GKWEB4a/DnqtP1SjSDixEp9i2C+5PDYi+G2gB7PDzoQCQ
-  teK9I+4ZnZLvqMTYAT4sxDqVz9jooN/Lq6N8c3so+0vqlWvMda/bgfWZmag4Ge/h
-  44k1YykCgYEA7/BM4P50jHHnmjoSdhiGg70+023sHqlfFJg+1EXTYapL/22RcA7J
-  mfTZFx6Hzpf3IQ4/vWC1ymEoyaKHiN2GJcQQ1IyH4qFWuixnSdXX0Nl8Q83nb/rv
-  ASDt4k5k1divySnCG79sgdL7jwk/POJ/cR0l1v2NvX2CHoOfu0fQng0CgYEA3QSr
-  w1DKKH2+9idezGjQ/c/3Y9QKvs2BjBfxbCb10vntbSH1DCfsynQ/+R+yDgGj5Q1U
-  wWo/E9zntAf84Gh7qffNyv6dtIxTaAkCm6Ez4pUV4l4+wOxUmwpHHJ3QnFHHnzzU
-  8ZSICzLUi+MBmUBzKBoqQ1spZ10Hhx69NLX/y88CgYBshsmPPyjiWacDSF8PUZqO
-  PewL3/1cBQn/m7lXdFnfJBMJ7rpI8DdZzrjezy1oUa4zImnMM9EmP/od8cjSLDjA
-  HkXqjcHszUMYJHt3lyTtz2F4ncqgCOVQIl/W69SKMV+ZYqzsthHTSuYD1Y/n7x7r
-  v95ctwUEf596Q9jc8ee3hQKBgDEoCMu3/D5lOUOmHf94kILi7jLVxk4JhvaRnLBh
-  Oetiitvq4YWCm7erg071LbTPyJP5ExCxgLX6O85euG9wzZBP/QVY+9pcG3DYECxs
-  /g02+1cNfweJiIezEX3b27notm1EKlhQoLFc7MjwBDsBipswtpWkgODsX/A9dfdz
-  QyEhAn8XntCAC6mp/tYfFO8xzJgByhqvA8Wr4LSFP35H4V/9P38FYlRG973SiJVp
-  vdnlJL7V1SeeuydRBuCA6TQo6b0G4dQ5V9PdD8sNb8lxLcBiAkziTN8BUhsTTwse
-  ffYqUieY/quEvF6mBK60vP8JdgvKsa7flrzwAqmj96Y0hnqU
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAymh5s2bcAIgxiUfO1yQFRlHBSQK7JsM4DJifCbMEQMJRdZUF
-  apc/iEtFuWAE/L7maSx1fTnhq3x+lthqOIzcWKakEUtW2RUjcbGrrQ3Hesaz/Ep8
-  RoEMw942MgVtsvtt767ZMdWX5Sk+flcflNELtHA6UcKtxl6TRnMlx+hMHfglnHjw
-  NpqEBXJjclQxdDVF3ZKDUiY/fYxzTEu6jc2CpPlSNUjQoet42aUVY1rB9Qrq16Wz
-  VM8HyMPsAYQjUS4Emc9egFDnapMyJ4LMJF0b1SssDkaCP97uDrkA8eESTgQCGe8T
-  /uajaRjsWq6Lc6fxfM0HQnqj4FM8XlS35bCdqwIDAQABAoIBAQCChW59LoYN3cU7
-  xk9uUm8IUm32e8ldjKOXE8/yfDrw252V2hvdCV1RsWBr0qxEo4GHLsEwmGOaprQm
-  57VPdB4fGI5SDKgbYlMx3KVc+ba5yGqF9S5AdLVblO6TwQZlVVcmKTUrupWxk7AV
-  3m6iE0+d8oTY9lYCxjfoRRaG25hB9fxPqF0mcbeRTb9qZOy8DYYIFAuW2VrTaCEo
-  +FnpJR7UlqUdyHtbtiWBZHUvHnyaQcQNJRGpKdBQoJNd0oqAhIHpuKHS9gMLHvwN
-  J0wSvEBX6Mednn9jztaRBT0VnNXCPpETrlEM/LMq0M4KbLyEi0XoRbx1eg+bRCD5
-  kDV44ywpAoGBAMwdk/FZZXC63w0aZV4yUEO+81wb5sks+e3Rp4O2LA5gyPEee+kz
-  TUm4DkcQKjFfC1fyH61Ei3KoSgGM3ndF2/U08onlPRtx3gFq/7wbSWYy8kZDoH1Z
-  UDSESk7m9R6ctlSfkv3jeUHG7tUswHfVvF8bstysDB8v3eRy/BM9nXrXAoGBAP3b
-  yildhrIACn3quXs0T9bpx+R7afIwHCcPCY1tMtSdOgfh4KzXhTBsnNRr5QKV2cjg
-  V/NnnJPrMb1ZMErFYScuR8ezEoyC59Mjv9rz2vMJ3fCNs85hYs+dkD9zuYCE4ZDZ
-  KJ9mkr/vWbdaWgeEpjEBmCK6yUdcN430djpvoE1NAoGBAJr7JlbN2vECYtQPI8Kn
-  DzyxIxTf9pbvuIEzfC7MxpzQLiKuU8VYd6muv+CDTJYaJYHMTPMBpaQUVcThkhUc
-  DQwc/L9pOMG67qdC+BR633ti2YQyWwxyIS0O+WD5ikqJEQQl+bUe3/Xqt3NTPHyA
-  5DuOy3s0gyu265NHH1D4qrcXAoGAGvaqbWRatzNb6e3xj42J4Wjpa3JUWX4Ur21g
-  dV4g5QZiMI4kYBdwNSmEKufe5jxmanixvs/FiMyVdugvQfHfFNtMkoCJutT4rKuC
-  aE44dlIY+cEDVStw5F53ANZY4La8grceIngxpCNXIyt8nonPYSsrLp0qXeMEn5ZU
-  rHZIz40CgYAzQVsTGv/JH8JX/O0wAeXLDmBPkVYKmbxhkqNb4+2Bbcgo2TCydUq6
-  eiefWnN8OWQ/LJjedoj6mMBOKZzvHpd/7zkNdeP8bfPog9Hl8fFXQ27o3+/xQnOw
-  CnFyLUdfr31Eg0kCXk/j5M3RH07nca0qzdMjFCRYxHkFCmvUOLJC3Q==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAwacnKMaWgK5QeRtCc3irXl5SPzVwTPlPYXa++LfiV9oL0cR6
-  a2lqWAqJipf8zxMG7MVYGxVA10EgNXlRwLPVgqcH6ES9xwT6Yfp/yx81PZdqXvHS
-  TivecqNXf/rkkSoSLHfLnhhlW7EQsWuTlsIkujUQpPa+BaA4xeksvMe7OGLnAKS3
-  hgzF9YKsTFzeieJpkgoUFsjtZqA5SrpA/UBrpvqZ3DOD/PXF09GCp0IUkj3knuka
-  ABHC3ps9pytInCIXPwTUV9w7JuTRwSXo/gPshEAD4DfC3LWajiLS1oqncUjEUk8L
-  DG4H9aS9FBBB2vIUajR0gO7nYxtz3a+S60aoawIDAQABAoIBAQCQB2lJm4H+jSdP
-  G6YtydbzJgXX+z/eECMpIy9gPyu6GXNm/dHrJ4kvmA66JNajkMw6t4ATDJigQFDb
-  VLMoNtibBu4Lo2zeo+YxjyUTBtALUh2MJiE7gMc+zhvbFNiA2yCPMD4iBJUGQEhh
-  HNi1bQnx8FvDxbyI5KS1FfrvIUIu6Z0Z5uprz9TSxw9Cbhv94nD40YeDw6sekZhy
-  E0kqc9qkbIwVOM2Sx1AcH0nYCboijMb67wTR6DrUXiNHo9ztXAF5q0YkrzZYoeLx
-  8eGPV1+wTlq0Xy1EiXv5JZNb2fPB5kJXxIAlfTIS4SoXhKUhiM4TU4AMvLvOg/1R
-  Zl7jZsxxAoGBANwKGRpW5fRNvLSCR8H987ctx7JNbjHg1M8GVAKclPTGNvqdgXkR
-  UGfOg2N8FQWr8dOlD2sOZGPmteJK6Ds8OYcAWysRM/Ny1dkzhkchZcQYWDldiLek
-  EtDP5VEcqaQLItNhHSLtk+o6Gw4Vp5wRNq3hnZm+zL3upY7Z58pzQJWTAoGBAOFN
-  G/2jpqZy7DUy6UKSRkva0kaIPRyUOor5LQbWtY2TaUITMt71OJUaDyJe5SLK+KPj
-  MBNOO81k/yQW0Zmbq/YJREAqzyZ2ytFE1M0dy8GDyUV7rER0RNDh8NMJLt3DgiD/
-  h1DXRoU9QwngbnlVdnmPnQzJuUlSrjUyEB+EbOjJAoGBAMknUhuKJV5ZUpGSKBdo
-  GUz0RQLzVjGy39kCZ/qbOnEqY0hohNwwv9imKebgoDc3ITPiSV4NIilR2CSvZe4A
-  +HY6FR4h8+QyrtyJBdAw7998geqvXzTCgZDy/ShRk6OrqoKi3Qf5OKd/xwvxL/C0
-  q8/52SGcE3/uktssyYGCKyCRAoGBAN7Ef4iq53xs5WE0la9dMmSOWJuk2cgISFph
-  RkQcyCbUOp86nHIXxXqn6Y7yhV2Bk5d4a3CrSjYsRppIdbaMVdtQDkvkCC7gBmok
-  xMSLUYxl4fzx68NDs0dWH+iKi+x6A5DdF863DONxT3fUkWcnOZ24gnDChJIbTmUK
-  uyZuqcEBAoGACZYIlF70WzfVGKEAlC6Aukg3XLnq16bNzvV4aB9YdTbhJLGQmDjg
-  /mkMLKhSTmvAaI1PJUx4eVIDXEUtnVUOXo5JJ+f97fmkQ2MPXRdoJPvxp768MYwy
-  g76RiyKzUIpAbvmBtuKsEe129tHD0q6igqzKKwDEkTfy8XkASPf44Uk=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA1OKejJg0gR95i4M2PrNHhrPDzpGQOpmqCgUbpvpcg7fieT4V
-  Fw5Y8yTVTHzkWV3wIEaoVjsaU6DloNcIw6rnbwqqUpsBlC5CH/7IdBL/gGgl0l31
-  GxUzvAssl4krXC4pt+lmKdfcmHxEZiesPn3lqr5GYhVUKf/CaUy0KZatjuwnU6Xx
-  R/PIVOHsaUp71wJROYwKGK6mwMsTxVb0wuyBewpSlyVFjRdEkg7itXTTp0bh77oe
-  CWcARnRKT9bOQx0P6x5SaS2E3ajKFAo8MadfL2LUpBtsFn+EP1pSBjxn6/QMrv0C
-  25xQ1cw/EPFcVXRHsKmAvtpCbvbIavnOSI4j5wIDAQABAoIBAQCXlg6jujWYxBq+
-  Nt5HY01JI3QIASqcL5Mes2hvS9LYj/WZs5U856B68f1YC45l/DfiI632SPuEFQut
-  rbC181n8fbGuRGWpaA75zWhbDrQUcRSNaQ4BDOXbvnEwLiJL7ysRpAZ1QRn5EnN5
-  8kH59Ze2LurbKKjXhyCd7lpTStGm9EDMu621Qq5FV4fG+STIW1fH1i6D9SUmT0Qh
-  6GiNvDIZW8YOi/qGns4RqtTKy4WUim+gFeyC2B6KxPJdenVKMS/lDXI7lEgBYih8
-  SHWP1F0ziKCTMov9sfFS8RrlEIMJbD8g50oN5vNkyZU2+8mFavu8dRzOFShdakQO
-  3uY0qSUhAoGBAOgondqt7plxcCG+cy5dk0QmAGS82Fg5zPHDPi8xjhG2dca0bk/H
-  8XcrEpJ04d+Sq0oKsovPd17gl0mNXPbRBiafiWkj6/rmfcg+crdvrxO1JFOqtXDF
-  xyNvpCV8sovlXpIwll3N3fmwvQJFGcHnd1cKhfjC/bMsk/1hDWNQiPlZAoGBAOq/
-  T1ioCjBTWxMIfUsHyhewvFBfQEwSmpXRW6bplllEgnftMT5SaRZZilwuLxaH60dv
-  6Q5SWvgGUIcMrugse69R8BbJOCvln5/3I0aGeK29VhpkDta+5bI6Bh/zsR2BJsLd
-  80BWxp3ptXfMX9LcYaGDlaliwNfKEWt1hD9p/x8/AoGAbubwOYW7JEvfYA9FoJGN
-  BxIMQBNCWisKbzdwnkTS9D0wWALba3s9K0tFLPdu60l6T/16O3WZNZaeTsGb9j/1
-  6z9s+e/yC8JNtfm2/U/517VBrEIxOLUSIyhyxoGiHVgt7DIPsrHkZyH5uHrgChQT
-  m13oj+Q+I3iZHYJeTeIr/MkCgYEAyzgpGagHggR3YIfF59Fre4zNyYpcID8uwioG
-  /P1U4hy0Edwt+DThsq57YAe/TfMGlMZl7LcQ94yH5BHvzSDNRl5ZyXATB7V2tcX+
-  LMy25jl1s80RJ4kFUoB20uxlVRR8mNAKCJXWxdgP+BDel62fe3JtesD6DxVodS27
-  +iXp7YMCgYEA0QGJknthhgvh1wcFpGpvM0+Hm0/0yAAWfvB1dSLxCER+wkp2z+kW
-  taccLynrWuw+I6OjnRMn3rGCCBO58RYOqW1REaFqPlR1Rabc0fK/bp+tcGBkqPiW
-  5S3gP9iBW16PCUeUrR2X2vwPIHikLTER1sPndG7A4ksaWRhblqG1E2M=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA02hlqJ4MQ4jUzf9ueaSpN3QMrcNxvy31QN75riH2CjAqH2ZU
-  tGPwfoZxmyMrh3nXrzi8sjzCPrPL7aJQu4ShNJtiYjfuRKSws2OGM3YHluWz1TFN
-  Ik7+lJgQOs6SL96Nc+UV1VFBL0/rTJLqvv9yjWzRVeyn7I7O7bce2D+585ly6lU3
-  qE5+XYkRC6ajIW60BwoE5QwIfVeMQtmOTTPyZpyZnsHIRQRLrxWpI296tKv0uOF/
-  5e/ElRzgcitfyGyS1V6sZT5MSjcio/CbhiCl9maMS4phezYYqZoCrBCzTyXHY4Tr
-  x9aokeEtbqEn0MCFWvZlOyW/aRBH/1ui4QYvRQIDAQABAoIBAQCmJ0Lex3j0CzLV
-  xI/bYyLrxnXAi/92NnSvS5AI4AAz+a7hhtfD/1gg2SGowHeRvp1ZxcnofABer4jz
-  d8Lj3lWktwsYDsVhhd6q3um2wGkum9I/GMR61oMX3nvC/F/A57VdBQun4HjO6o0Q
-  XdfJzZMGvCO62IkSTxsrkeTYKR3I6b/MocM15lTq+cMC4r14iaaALxXA9FYE0DSj
-  faUd3jb8fFi+lFbnmZWhCtk970ZpSYXkctBle8ft8XmENutlL6BFEDlS7jhv2ODi
-  ZbzeTaAWfFQpMlQwv7Gnc2XJBnBCfpniUjsw9J5yvKxZdvBb9xyfbugmrJvjuRea
-  KfcVDbPxAoGBAOil9ZItW27TCRevuw9nAZAfVafz4hYMQ9bce5dgbCh8f3rXLol/
-  JSG8+XumpooeSCkztHr4N2ITF8i+XYfLjAtuvVgwHuBh1zoscyDTNi+GDab+a63s
-  BeEF1QQG+9pXKvv/roSoG+34v5IAvwoWQriBtpTsWTjHPp7+ARtb6VnHAoGBAOig
-  ppSaffN7tyb2JMqFsB9Di0zl+w3kDeBc6Zn8h259sHe62KkDnisvZiQt9N+vsqom
-  rkcHi0Tlu6g0Y20CxDta28kMgmOqvSS/bJ/V1VZ4eex9iUX7rSJFxQxXIRZk/VZZ
-  dZj88IxR3UhgzjTvMm4+uKEGO06CEKofTjyx606TAoGBAMeYaoEIzOLdx3U83P2v
-  39VoLLK1OAi2aRVTf+01WlW5yhz3tANew9qYKGp/ZW4l4L8IjxTZE5reyo79U30H
-  kpTUYznfvv2+s0pDjFpjGp/XIKtep79FOR3/ROv5meWO11/v0igZmiymNqTqYvwi
-  cQeesag+xaVCu2TogsaYKjFNAoGBAMN4gqEp9B3NXggaGq4mieirW/kA4uU4NUTL
-  Leubm72HVeo1kerrRFPrXzuVdkcjntCE8jpzJ158YCQl6UnnYjax0S7uGP5gsNCZ
-  HVBtYPdpAqJqlhe9NC0xTTNiX0YvFAUj5MHqAMMX4wX3ei5WtByZDZEY6Gq+tfwN
-  lDNCGYSLAoGANO1aHD2BuQ+QuQPx1Zctvwm/7XVKAVhv+zPztMDaskkBF06odfK+
-  AdFx8dGZASQ+JBdjvJIbbqBKisanSwIteHdKAwcV7x/DqKh+4bzTa72mcgMnQHH2
-  6AK1wRurdBE6WxzpPFYGchidOtOTe7KGE7Q8UZYnzQzp+eLH5Gw4D14=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtgX9Z/mLsEEKAkiJDGyahK6hKWLhC/Elgm3ZIh3+FEL57Dm2
-  hl+UvO3j+ApapE5runYlhzmPzBsV42kwNgQLhKmf608Idd2dQjvV0jsje2lO70vf
-  pmADG5L4rTpc91tJkgobUHqqSEyLRXptYKUaeNFu5W37M2/7//PcDyxs72mNmacm
-  oRmHuR3objC9vCHn/wxJmlh6FCBrgXGeQ05dZKYpepc6I13kvT0oal3ZTy1mK31B
-  ThQuejkc+RDK71mHHeItpEl6qTo7KddWZ/l1N5h3HhxL0Jg6cjUSQUuVFW2QtpaG
-  owHg/QuDIs/qg78RaRO/7SdfNCOY7UDPLjcqtwIDAQABAoIBAEUpD3ijG41TmP73
-  GoOK/EbvpzJ3bHTCInNlU3wgEzsVm6pC33Q8+uGyLc0/+eK2HT6Sx32SxG1T2UQ3
-  4maTsOCuJqIcvGU0WB0jaQHhEIFCqQhJNugbUPL4K95973bYy6JejrRMd0jTNJOo
-  iciP0vgW82DfIfQQV5qPyIxHX/iy6V0Zagc+F0TzVKDVPd8XMeDvtt63AC/1GUJf
-  +BtfK2fW/geF3H1tsvAp6VeBYc6VUb87SgI4v9pxeZH2U0Iz7wgswEgjEcbMTcsc
-  Dephk6qJCIDiHgyvanxei1THkoD0ul0OdmpCdtY0avyLmmFWmfi/5VEZZMZFTvn9
-  VDFoFAkCgYEA13m2NZQXkR1ZosIkvYLqYEelHePGGS3gya0NDXOqEv1gpuQiwUjp
-  Ksq0EsuzEz6w5ADbAYawjP2IrCsCKJbCOfxZEJ1n40gAD2xZObwJJnlL5aE7c60U
-  8GyacUDwk7boPWZv226ga8ssMtoF8OQH839V84uDwXVujpLB6ezl/GsCgYEA2EGx
-  7ggkx2DiBMIJ5Xg8q7p4iXAhMvx2VWXiE/LHRJWc5cKsZiZWAPpuwBcbxAoZyigd
-  WRBtBC4PGFMZ1n6jUSjwoAugllfCA5w/EgbQrGEBNdYL+5v09hJh9FVgwndl0nJT
-  b7koRoYW27t22JUQjkxVtJonuYGeTAYL+dG83eUCgYAk4TcXioZSFxTtb488RHj7
-  C6guKnsQejK8MftG7yIP6AAv8GImdOU7psAVa3n19EfwblkNtNDpAMfwt9fBvLP3
-  msJfvqE2XG9uNFw9Lnrec+pSnjr/vIMV93Cjq7rBfY/YWn0QsKmSaY7iEUDtDwpx
-  Wb0LVziw1vmaO3InKJ3giwKBgQDHzdLecSnCCLJq4PiRykiMBepuWWpjGD0g49RA
-  yBPyOyVOZ1IvwwW9O6Tt16vwscBoNi3/ZxzCOuf5enYp5rFwQBoqVPPXVFfOTCM9
-  vYw5aBrdKdnCa7KlVBCq1eNjaTtrd/O9Ct66YhNmi0rgCsHUJ5UcGz3OuIKQDRot
-  g+ozPQKBgQCjKidVxaOKEgMJAEHwHIpsg0wgv9nRMvNXBWpvY0LIQPfG0NkTy4Yb
-  RJzZ/jL/agRfaoWuC8oeR7O6Rmldc6bukx71VbJ9pGbkp+ZZpYwUiQSPgulRiN5+
-  hAfeTbxSCrLmm40nN4O7z6X8xZlgJPiE4VK4XZGI52KOQcI5cUWhLw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-17
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAsFCmOJ9agALrS/1g1GIr2IGwkew3m1u9zyyTLSDS+zhVvXXd
-  L69dkweslnIkVGuV5wjMdz+BPWOEQGy9b1XpG15MNZSR2YCzBZbr/Y/BL4BM5Tv4
-  G/dzRcW6a0HLV+OYghOKgBo1XcdfWEs67Y8HYKpMmQ+uF5zYQKvMfarox0fLj6Oc
-  bcJ12hn/fi8/bas0611xxbM6YcPV1/C1kjfN7KKt/+45tqojV7tLzcKgRMp70DVp
-  S520+A0+33nsn3GGLXpDxvdJ5UJGpPljGT6LGqcVq1tkSlcqmXqHTLpKl/swuRNt
-  DEec+MdnY2YqGTanrBYasP8pu4wpEW7JJsW4aQIDAQABAoIBAQCoapEsWwMubhtm
-  PcSlepTZPaB08sd3Dh3z7Gc1XzpJH9m+nPxH1WIz1MvF9YfAX/gTdPMiITYJdqrY
-  g0Y8ODrvmpZ/Q8hBk87tUulfDlcBUbOh8DOiOy8QAbx9QZ7D+DIwZgwRK3e4eX4Y
-  r9u9Gbd5XZLHThQEmBx1QeWWUJAD8XmY3YSHVcMSrCLWAEzedRSTACHZ4G1Elut1
-  JwpbS8EZ5Ci0oVhFR0p54SkWBmKbLgDIkKEBYol/hAY1YwuGrRUcS4TD0lmilanS
-  fryroLuk8w+Rmtlj/eUySOCoRO0firVGjgB6NYAnh0jav8qIHHbXj2iZbhw0FZCm
-  q7eBRScBAoGBANasyVxIYmpUJe5cseyk/u64hatplcFt9Whs2ak0m5Nu6NDJ3Wh/
-  9K/iXrF6GQykkFegqufvochtLcINsUkH7hB+4z75hRh7f55ocIbuqEYBJpluWDwU
-  QSVZNNqMQhj0jheebwx0Bu6kEsKL9gZT4sTr5mTEzf8gIdbFjudTXO2JAoGBANJB
-  ewgUvxwDlS2+ZRT9dYJKuNbWAJzwXtkh8fSXuFZbkPe+eKKRS3FV2bGBNUer2tei
-  UgUyeG8mNNahBl9yhs01tHZOaJ0hzmqmSstuWtAqLfzmbyIluSMsIr1H0md+Zsjn
-  65To0mrPkdI4rVL1bVencMBzCnprQFx+jpSJT5vhAoGAAzQc5SWnYlLTJhV4CkIE
-  E+fpBr/SnkpXyTEmpmHEmJSlIMiCZ1bRffZw11EtIoUqKkSZiFCJJ4aJkkXGCYL2
-  yIQ8O+pZVB4zr1d7pmfVVwYZX1zIME1VE4ubQE+rhNfRbwTMP3FT0Sfdp82S5FFI
-  JwwmKgbN1CrUlnHoSgdycZECgYEAq/99EgNGwzf7FUynjCA7vLY7tyOhpMDOFno6
-  YIis95g4YzKhpPuO58v/JcI5P8RKZhQXXMEI3IQ4vUtE11ftBnpkglNqKQC6x2v5
-  y6kfCSM4M6aeSyTo6uj0Ejtq19cDZl6yzUIYv9/Fvl83CqJTLF2BUy3I6JRMNl4h
-  bUlWooECgYEAmtDh3aGqiqrrFUU0MKgXTK/wWfWOzSM2RqXlCbocIZ5e80ImTNb1
-  vaC7ob9lJEy91g0kJpjSuS5O8EjWNigWd4c08rZxnxAbj8hOQdQPlNFmLU/B+wId
-  bPtIUc3bx+bomZirGgjcvuJicdAGMoAT56JSKOl/8WWfFZkgk6CuKJ8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubelet-cab23-r720-19
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAx4QrAmFK97U51h7xwVH5DxUin9cAtpaW2fp/Uri9LD7Ng/8d
-  2gQ07udd1rPQ8J+GHKlfBs8YxDjHqLaMsgf8048ZTn1LlCvRWK3A5hqtMcDSKURI
-  zYvfaLCV+e/mqsFbFTEGT1B+sY/HoSXA91uRJ3At/9tbxVsvUbRv7uogCyI7xJrO
-  x3pFTspeT5LY8+CCMgL4ShUR3dwRaDBthGsYyIKohSOLHCtHeVEcV+9P406QBfLL
-  ZmEK+qi4cwq3K7cqpbO28wKrnuhaCwTEjQgkfvwDvgNvNV1RPyu0M0Nv8yvquqrM
-  RaCOwCbOAilf8ay84uzg+pjdbDD7GW/urquq0wIDAQABAoIBAAMX0XLf/0GH1bW0
-  FRtiIfJR6Y+AzcoG25/VelPV+VjOQHFjaxsOJaPugk3py7tvPa0EEy0P2Npx5uZ+
-  rf+0j/7XoRTObHWHmF8/klX+4+B5lMh+/oHxQS1mT2zogzLyfG7/q5FfNheamwWs
-  iClNihqKaqwkwm900m751SJnDsgdYL0P5JBpWDU6amVNVgHkR/P3M5wT7ZcoMlcp
-  HaEazf6IsszkffBN1Pzn0sGKMLA0oVbRrUCV4G2cdYkvfeiy8VUoNXuZZt9R336R
-  cwcJrs6wfAbWZlDqUBQzznFQHS3JUeIiIz8i3UneJ225wVLhNjnM4W7xmJ/35Cv8
-  R0+b+UECgYEA6TeS2DRbWfvVbWfINDBRY+3eArTuGvgDSN8jGKJhA2dyhFoxyJh3
-  /lH+pP0igixb9gR9kBrGTTQR1Xml7vilyCcsEYhptXhNk8d1vSMd0ULK5AVNLyLP
-  TE9JeIOraZN+Nmo2UmqTNFfOjLQWuBjAYMjE8RQIdJsGkyIordQVPoUCgYEA2wHJ
-  ELPmUnygX9e7sxGYu26wJyZnDEsxGVPFks/Jzn2c6E1j8a8YwWihKmmuAYU6x3+w
-  rZ96O+OYHAI0odopD9LNiDyELmjvvBLxZgf4+nLLpvKOpwxZW/0D1ZvM0HpC8/K3
-  p+WbWzshgNTUaDD6MQMzN4EDanBHmWH/3x5Ln3cCgYEAixuF8IZSUvse1BJKXa7Q
-  bW2ttimbuORkeSv3sDLy8Ofca8us1Dz1nfHklR8UXVb+R2FoT/NYgyZi2NWlv0P7
-  Bscuxwp6Gy81/sbDmNyAZZiUkqwC3PHDen30kfjf3qqGZwi1fDVrtpYFcvHcd1T0
-  MwauSior3Pm3Uz3Vy9GsFk0CgYAVO70Uw3xnLvIVmML3/5LBSWAGy7Bd/sRJ4ldb
-  fo3gWUlnNGmmOwW5ar2FcS2PtC0YvoaQrs+ZEt3iiUw1DQPCJvwKY2OlZEMqBuQk
-  sk0vawXXr9io1YesZYGDqlFXPSNUp4mq25YOaFM9PGVDnMwFCHxkuztrjGtEsb2v
-  Ei7ezQKBgAeT1JGgbC/gPX9xyUXcSXBpcoLlCGmb1ptDxeq1yvthuH91YVk8Ap76
-  GOMSkDPbDjVFCull/e3K5GsmneywjMDJSwsS2dQmdBNJOflC3cusEOufog4+aeMB
-  zaksmaHPunr9cWwLbVRWj494dTOOVt3OKyc0XcPopktTbmqPOFJQ
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAq5Y+9YkzF6GM3IAwvQvc2sNN8QVPM04+XiF9/AWB0sj92+Vo
-  INjh1rrhTvbxI1I6h0UV98a5ZY2X2RCQxvUit8WyljUfE30imPmveVlwZBIX2q5L
-  YqVZ3YODapPy+goVoxUO8nVKF+RmyuTlTTZ6AYpxI3x8o1yupfOb0Ot5fEn8V9iK
-  VLskrgy2NuQRraeba1Ufd4kTfKzo9Ur6HiuLPIB0hxcFR0EYZx+yWIokW1baLtIe
-  iq834E7aMz6yjOirBqvrn4GcbALF2JYTSegmO1+zT6clU5al7nba8ffYolv9/3SY
-  C4m/x0ClHlsuLXrZmQSgYoSZUwpY6MpoY4bndwIDAQABAoIBAGV88XIzG0gv4mwN
-  WkaGvLOb7v7O4CB9eAAfGTA2Zaox/YzRrHw5K6LhWCBniQsWOM4He83Y+ZFqZVUb
-  KjaziTxfL5kOhHn3er42eKZy0zotRXSvwKDxIi0V+2XPaligHFogO34HB7MIAhCh
-  wEqiHRnKM88Ec4gAasB3TUMN9AYhmJE/qIH5tGrXxjSMG6SCuwYyM89k7XVJBkpz
-  PLkJNy13XjZZkgSK0GtMPo/aifPZlDmFOmtz9hcIOCTuS5CVeetLU+V0tiaJLE/U
-  LKSiVzcXAqMZKQ2hdH4BQxPoD/fU7TO+4wTE8r9J3/WvDt4+11VB5O+CB+dbDNtd
-  bRQN4LECgYEA2LGWjT6cWac7RAXtKXNl1gSZ631K31Gv5yry30L+7j/6yWbOrIEl
-  fbNZj4iknq3Mkv4e6MMKvkebDEsW2KrMN7pT2eeSqtoylk76Dlpvvwdhl+AnfQlF
-  TplI2iPsPt0B+pnQLpKjlqewCm+ZvGOfAP5Q7esxwgpigU1N8vcZ7y8CgYEAyrYS
-  y94RmGAIk/GCSBxCDTJJGFJWr8jcAHdnmOjOSkU830FU5iS1QIpcbEOF2sBHirK1
-  Qf5BynjVuqeOhh2sqexiAeBY55Njtk22YVmKg1CCGep1KYldciZFfL0k5v60GEZz
-  KL8VHrT0hlFuWlrMGQjaPPleKhyQ6TETrEZwOjkCgYBM2R41VUEJon8oLpnfG2fA
-  ML2NgE+vRz8E0nxzpUTXpaUBDA67qslq/NIET0diZuyoLKs1jQYgWTCpeW/OwzPN
-  h6z5GGExalSKbdPMh1IeAzYfMIWQmFsV9tKZWigMW0C6aRYljiep5CpQaSeyYfof
-  1hFJbyGkWR56ELpWMj/mTQKBgQCL0Dzyo/4azNHdyIuFVQgxtec4gUINCErFf5XS
-  n2/5RfwQOC1odxUUqNnKSmA+WrR9c3kVRVr3XZR8oyjoU/tNUB7hEG4Be2UgzkTm
-  rC2fGJ5DZbTdq0Lqgn8W5BZZxH9O5vhyuCjG/yRQqEWmyE1RTwvHVm+eOAmy7QiW
-  oBaz8QKBgQDWcJt2WMH7jyZZQDSN2OUIYX9QavxVtYK3cLpP6ATwl0S4rCExF1g+
-  9fu23mwEvpQR/IavvH/75b9zrkaEcSIoVjA6LveoukWfGqdjDLFnCgPhHz6NGJfW
-  pkPNKEMKYmB6rU1BiwMGRchBTir1I68uMcw+HAwCGlz++idM5/6+bw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA2+LWW4piIXnno8MsWgzZMtF2GM2OnbRLpmrITCL9216DCVpu
-  O+5obOvbmAkrrZwjwAymlq7zbLEVG78eot1L5uLv/P1uw8VXJPalYddzNVmiD8Cw
-  V6MEIUrRnZwzV2KM/zNwQDdfiVF9bDjC+EeNDOcH9IE1yZMTWGbvVQbgJiAfZnni
-  fFBog2vahH4dVyMIRjz4VMy8eAMZc1w15cXqXavkGWdLvsVrW3sFrOJSc54hKCq+
-  vPrJGkUqccNUL1VjHJy42v+YxNx6ci+2CBztnWAXcaP0IXb1LnoSOiUoz55bze15
-  PZe1aymMV9lox+0Fj6w6Y2BY9hydv6Rhfk0lJwIDAQABAoIBAHDCerqm1HvmT+uj
-  AvOK8zckQzOk9iXZd5H34I9qwlPku73oKe+B6vswWIQ277cwAwVRd3x+a0ap6PE5
-  qTRL18inR/qs3Eh4wp+p/FWYbvRE6t65KbVHW67W93ejypBdcYDNmBrWSp/YskD1
-  OsanqqWbNHEmcbbVPW5wGvu3cusZSpokupczP46u15XYRNF1LcnjOAKGYo3CPVZN
-  HJBPEtlw2pK7ECCnDgl484qUrvOV+QPUqmEGgVTkSJsnAazS3x89ekcDXrt25nOE
-  qXA3AlInfjONzfndHB2rfEpl1c9x3pP35/HNQl/rhkTchmlKVzqUftXYPwtiZwp6
-  xTwGhcECgYEA5+26zbKf6NxfP/BxA8gTJEr5FNkyeJtTDN59j27smcxNEDqXFonF
-  m7wjGtd587avm6huPNBKq4LewbhN0iZ4kqvyLtJUTAjeMHdJ3dU94OcpD9C8SVud
-  soP6DWUl4Z00JUAT7vHBfLLUqX2HCtFNjArT4/Lm1J2f7z1VrrEfEBMCgYEA8rUk
-  FIOgmnNTPncq8Gmhia2+ml/jWhKkYu0macovJvGAjn7qRHlgtlRGkqEupnW4AgrQ
-  cqWRFIv2PdQXgUYxPnpR/CLj7Z6EdadzPlq4o7T7faRZD5ENj3zMuYdoNiexOIVE
-  4gikxOYNDd88hr9YuMu/lgppJfx1t15mtcvuwR0CgYEAraoME5RqOuIwjF8NMOiy
-  tJ1TD3JnYXnk4SEEYc+MaMla9wj4M08sYaWpn6KzVXN44RRony7UisKu692GoBJg
-  fGs2KCskJd8KCL552Bqhf/N3grkpE8D/Pzmlljwj9mFRN4dYpbXuzOHXbaZp5Qa+
-  i1tcODac852nsWt66hkEinMCgYEAmPezsr43BcEzsQX4aSeaKST5IWDX8NgZBUSE
-  Vl6Yk0nYhXbV/awmWSQKirXNqho9jAP21pslMjb4ToWS/uYXeVIsw+XVk9i5kVGl
-  X6JcBsm1S72+aAI68rlsam4+LwubNY1BGdjqyDJZ/ek5w49rwqSfrlgHZ2qTYqu7
-  vk62vr0CgYB4eeZetpXEcXq4Zkrn8OPDcs6kV0+Y9/qrd4hSTwpHo6Lma5OgLAcJ
-  E+iPrI4R8Sz6pXyQBVr9ShsFX7jVru37TNmLVNyjneUKhm8rAxjXlkq4OAW9L6uu
-  C+yVKIGFzDbhwZe02kbEYT6fnEBJMXFGotmOeQRZHlz8tyNR7UarZA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpgIBAAKCAQEAtYtDBipfqGMDEHq83CNoi8HNrdmpY4mkZpJO3VeZNHr2Y90I
-  unLe9RrCT45XV6uPgyl7UhYtnuH8V9Q1ErJNbFLBFi+mDhTneiGYA/HbosGOsRQ6
-  Tmoi1faMnRuxBhuQ62YIYppP8MSMID5vIqUY9WrND6A8Iwy4nSMCVeFQDx9QvXuQ
-  +b8NiMPwvUg/Z9VvwI62eGHMHVujzGBtJ3GCh3/ie/nJY0V+TgqXdkac2ANNKRT+
-  uTNw0KcnD8kZKX0ni2J1TxQNqaPdly8eU6vWqA8OLBcz5Y4Piaozds7s4DVlBzvX
-  D6UdBl1embhklSSqSvdmj6D+hZvP5Z4+nIdU+wIDAQABAoIBAQCMf9q/Ssv9ZaNZ
-  faPsOvsOLk8f3PRbNIsnVtPyOXk4RHGrl8TJh11GFA+NwnuWPhAzUkc+oCtuazcA
-  QhtQ/O0uiF0m7nl1LHh47MbZRrTUoTftk9oMFdgf/0+Tx3qZX3wosi6LISH9FB/e
-  VHNuPJe0V5OcJEZmWdIGyrFkBZwQFr5rgFGTvs1Z/UYe/znHoLoQw1tC7NAj3/mo
-  j8ktaqMX07LtmIhOILzua7qiAgEDEeL7fbgKVjINVu1x1/lLl2JkgsGd9h/hepJM
-  Y0Jx53ef8royOKYpl+Y0zoelB9i/aspadibLNry+Vq07neHqDD3fdg94DX8ozA7e
-  rmpyfC8BAoGBAN56BZEx1OPd0JSlBY0uV8DEAFvFUCXjRie/WRjILg4ZnmixNrwY
-  QcrF3Z8E1/ywZBK3aMZx0q91Zr1IhFEN014iKCuBH27dYTcKDIOZES0FMriHAi1K
-  TfmWUSFtmnwSUD/ElE6102TtpHC3wlTyONIm7zR+Ka2+kwCqZq/glU+FAoGBANDm
-  RgtPBPf1MYrKi5NXPL8MuHLlGPuVa2wt7gs4ZmuIk7uu7HNWHQDSGv8oSH42EBie
-  u024NFtsU6ji3DnLyoDpcaggC+OlM7EDvUKYzDMMHZ2nu5XbtEvVCkT5yGYbkMkr
-  t4QlBDufz85LiQ0sdbzJKRGxtBbXxnge9zqUqfp/AoGBAKLZZuHVPCRf5aIo+VtS
-  pOFxl2GVmQlix6OoqSs+vJeNoSq5LXuZte8bzxHrlb5dz6Lzpjo8byAIK+A6CMDc
-  AfBRyF2v8rZQTizfqjFaBfySZYI1MR692T3tDg4OEJrpPNywpG7JIagrW8c2e4V6
-  mKUb4tTl1NRdP3WpRelP13uRAoGBAJOZwPAImzggFSs9xbULtK5A7Kqx2R8aClbb
-  dRCUfzmHvOqlxAgSVlfYHJ8g9WfIB0N+FFXry4K1Xb882+Iybhj72QSz7/KfLZDr
-  VXSSxeVjsCFO/Kn8HL5f/uuRmdkbrQeXTgmepgkC+C+JC4M1YNNNRylraBWjzGXf
-  a0wG8rs9AoGBALOHRJhYMlUCoPo/K2i1iFy27ujOgByanRnnoztTjtQ4EZKL6ezg
-  du92vOLz8D1FnLk2RGe3P8ytBcFHACdY9B4rz/TS55FfdQUsbu+VkjSRSq1uG9cH
-  8WfSalamX3c36LP0TJ+kqr7Kb49p/DNwPGu017VUayKTMLLlaEFS9kpB
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAzjgDtPqXVPFzY9HySNZf3JxwzeSVzVlFWnbjaulSrwI4jIOL
-  KryF6mowd6tr8ZwPjkG9q0a3+bTivRTgxJNaHXeLtX7we7VO9g58BNjSOxKpjdxd
-  HpDJJ7MFduirxX0ktUfYg6V7Kf6jTYiAY9BCYKqC1QpJH4wcrg1hJFw/ZCz6yQsQ
-  t+04iB6eQAFUHi3u4a0zSAKf9NB/G64zUXmFQjTruNs61zzPKB/jaI+f54Ymeelh
-  TOJP1cmpaSwPr+v3nPbUsNeusVU1UrU/Wbndu2oLMDuRhuZb7vXTuZoaqb2qOEQA
-  NW59nCvv8bVXM+rqU97CMp5qN39K+b8nBEunswIDAQABAoIBAQCffrNfRnHFQPn+
-  OmMp8qQx/M1CcYlrSaBaV5mNFujccttJ0nPQmf75TygtZmgWdp2RaUdJMWkZuM2l
-  cIBniZApOkzUE1nsVE6+AHXrScdP6R86mTVsbo8mJVAUp+Ay3peFngvXxiV8VXX4
-  gZrLmEe+fCK0oz/rJnMIK1D2zmI5FyumxTseE0nA84VtvXevEBU/lbrDR6T9eQO3
-  FxEWcd8R6PRsPiXAePSA17deBhzLF7cmssJoQTn5kOEtXEfo+KNZpyPebhzHHaNb
-  rZzGQdiiJP8XC28uOmMXiyCuQ9QJsKIfzYvbIB4vyQTa0wW+f0L7C2NB2f4zXuTP
-  yq4a+DABAoGBAP4hhwQdh6yb8mkwF46zOkW/n6QB9Jm2GwMtrbNtP7gdDlT7qoaC
-  PjxjtAJ7MscJ1aCiDsTySbQcw9tnsLwNrw+gtRNevyUZNSPw4tZb6cwlLvteSoMC
-  tKFS5OTvEDQ83teasjLDPs1Rc7fUx4xzKX67QqpCxjD1g/AN2ajaP0mPAoGBAM+8
-  R28CulsDIs0i+CCq6Z5jIPtuH5lKMZlskuHsnWjsi2fDZkUlpb13G27gxPRA+trc
-  faKunkDrtx/K3ko7xT99LG8xCQvpSOdlSrDPb5bmZ4AAbxX7lIzxfUE/sAemYdVx
-  C8OLLSL1gvF3ovX6Q/+qUKCY6LVPu+EmfCE02EWdAoGBAJt2rz4ZQpKZpCYtQXwO
-  sKtSmrqeZ6BRAx1iqEyHnN9pBwd+HcfDjYcsB0ctTtbscT+fZCGfhu8kWbyzJi8k
-  v99zlNKQt6ZeUV/3UQ2JlPFKHf+woyyaTx4Rs+1JQkRyqHCFNlZPku/P0Fa5WInX
-  OZ9Jt3Ko/s2cpGYKUwk02lqJAoGBAJNLeAchkwuXdKSpp/BZ3557wVYmJmelsPeN
-  gbSJ9q8AEnS3mxtqb1OhUaVT4LMkI/rtnnOshu+Xc1gqm2VdbiXvVoNc7IIynovc
-  SZKG8yO3KSocpKecpB8v19VdGC7EbdhO+L1lQNLp7DfU0YrCMlbk55iH83EkIR6r
-  EBbnhnYNAoGABlmrukfAMbrbb9c2llVJAAl8cnEcIU/RxJW+bJlPlZNavGfa73ZX
-  Q44ZZKF+yLtQ6ccqfoQmPFUUmFU+WI+QOkUF1OPF4eszexLQBdvuaiJzico4a8l/
-  Ww+rX9Vv/oAVwa9Ofs881tsd0cIyjYRkYLgUp3GZDcz8B76HIHZEz1k=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAryjVV+EJMk9uSBti81l27euNTH3Q3Y33GcBBPOLt0Qz/NtpM
-  sQezUXNEdWsCdGeNsa2xCoBriuTlEhVUPLWH5p4lNXvln4NRq3AWhPiXYbyA1vLA
-  3iJeYcZR3vcqYBxNX9E+0j+FhXm+GpHIEi5k8zYPswxLnAS3w26VBBVm+dKW25A3
-  UxBraHddWLBAPbo1ppeTSRIGoqPN65n8VZqQ9JEiCceaWr+nwgWJl/6WarLKBi/L
-  xFl9IPK/vecUb4GhycvsGr7jYss3I14k+7lu/RJAVMYL74qbfFgYTlXcbqH+cPUg
-  waGuw4jFdHEtnNwtI2tGoFyOUwmeSwqGFd8geQIDAQABAoIBAQCOQ58L8kXS6/rJ
-  bBzxQ6+5zACGqQW0fTK+Yo1aE4JOsbyz45g4jOWS+QkYSSLEQrsuHcHWork2JXT8
-  PACgElzf7YCRMSEubq0tjitsMrBZfI40hxQpF0cLKNWkP6HWUAZ0FXJtt5QN9fR2
-  hgM26SGq/DTCGvFqNda/T5iOqYdqzcz6vdQHW15ZV6S9Ugiwk/DFqgudplC7pVs8
-  BJ8xnUnH/cEOjak75BH4Skdg5gsdXxKqag3Jh094xE6JwjXGp8exH4+E9+9jsyYf
-  Frm8LoT4OF5NHKiCBz13oNVu3lniGBaIgeZ+NT0LpwTbgp4P3QbXh2lItNmf04Uz
-  wQ83FlGVAoGBAM0RRYsgdXkxzFmbouQUj8ZE64G5LpxJQnX0V5ueUOsm8Bz6p089
-  Yf99QKUBVs/cBUCwKjI5XOCIUMpcu5UllVU9zjmwCanXKYLJVcCc96Nn0L6YWZ1I
-  6yaERJ82PdbvGu+YDE08hAONs1Cq/KnnHPH9RgfdDm4wyhgihjphKu17AoGBANqp
-  71aZU9coPqEfKksZUNOwPowi2E8EeD8g1lpHo8dlRtQlW0lhc4CW2tqx10cwEjO3
-  colmVXN674S0Vd2T7q7MeDL4QtOT/1gzyMdkOV20J5sJOGuZMQBsXH51Qgct5wWc
-  QYV3su10on+BKt2CR/WKLhJCyZsBkA16saJYvtWbAoGAax2/fsnosvLBNHlon8zh
-  wQZVIkDRyQ83aRfF/2K2D+8Z83k2ldyRaPxLHSXS6+aY085xbCSskBiEYwAHeAPW
-  ulz7cQS0N4RNiaSTZ3ZWoINk9XntLYxeUJM8qRGTQcdKAachneKjbpvA870tF67C
-  XuEWiJr+o65Wkj7OcIY6/ysCgYEA0HbSRq1G0Qj9LH6Zw58O/8I230MZFbwdJ5IW
-  yVsjOSXEsNwse3j8tMsdOwHxS1z4/XUXLQby0HWTg+CpO+Wc1+j3byBgFXYzKdO0
-  xuM2Da+DUrsnnu0dWln0lFsV5+JLLX4auTO00c0wXn62bxeVovFpmt8xdSW4QCGI
-  2E3jIaECgYAS+Aqmd2ZXye9fLI0Y7KgQBduyF+qGHXG0nn3PCB2IBPS4iwe457Fc
-  XrecWWVNYk8BJGqyLNHAvEep6R1PMuGQk7cN3W/rH5eaDCGb6j/bm0GrtpUwtG2O
-  sAkrRbmuRBf5mZ46SmFyNX45/t5EEpfFSdhfkuXi1/dpwVMEOPcAeg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA7xFIwflNcdGI8HC608aXgpApmbIw9/qrTpYKJLOWQMtu37DQ
-  y6jrKSG76YBMlRXxcgMZ9OYDQY45MJDyhyJIZEYqDA/1I7yi6OEP8mLiOHSZo2YT
-  sA/i+MTHkhwhAKZTcyQq8hTV532kxBe76InqSWRoTuiUFLPT1ENPU8/2QbnzK2no
-  E8nMks8uHI3tNpQUSIpWGMjtUwbALygi/mT5eFRXo80m/g1OQ2j3sUeY/GqX5ug6
-  06xH6f4vj+M3vk7rJmu6o3oyHzciEY0G97+m+260itEX4eHurCVOUQkF01V7P4ok
-  J8kDGtSu9jvfGsiAmH+GFGGMW5uuQ0ZFlTU9XwIDAQABAoIBAHfBI74vIPE78inn
-  fl7pYyn/Bye7kDYYNknmdOxPnZuVjFO3YdAzLKFtCZF9OF+SH2FqVk1MDyN+l/1R
-  DnxM2xCH6TYjpDujmcOoQfG8QO/g0Ll+P6x5OMw+3m29c3a82p6Z5n1fnIsacDfe
-  X72roFXlWy7z6IG6VwlEMm+chBIFmOv9pGS/CcBktPkG/WLNfA8sX3pXlrF6bMSm
-  UhSC2Jw+iZ9uhU4XoMFO/ZJ0xiytXe5rOGG+US7WCyNaCy75Rm/nGunZjdt8Y/6l
-  8ySTPpLSPjCe8BXtY0iS+gJas0KtnI7WGZdMvHx9KrQwBkB0cOZT7Xbijpnv1IvW
-  IDim0GkCgYEA/oRH+/F5mJClqqevf9EbAG6DAGDwmXWqk+3PWjerSQSuK5O0SRSg
-  ZPTRZV5VsxC6M4hB5k2L03G8Y36cJE0akMgSYFc7NR1jCFDUHjhKEDWlvwn6UP1V
-  Jo8sUyFPKZZcJ6I5jgn7KkH5l5nmtD+X/F5xqBzjKrNOv6HEmIAoZmUCgYEA8HX0
-  OyPil0ABH/jPn5/zd80UpBMSt/eFeBUPtiPxaac1Th3t/N9xzUgTL6cTHNSeTcXY
-  2NkjfyraO3llGBD3TKSI0gtFBLgSwO74+qHi6GDDeBjgEQ16VHwnGgpcP57a76AR
-  9Ru8LbH4UQwh7mULbzCKvt6wKPZU4eBAbg+HZnMCgYEAttGH72YVpMwJ49pNSq+G
-  CLpY6RW43VJS8603ayNfqrRs8ypGrtPdHodoPbsULeqPBWMTiv0auggRfRo9yCmG
-  Moc0A/XEtrNkJl4A77AZKymN4/qjzjcaSfc/rHrZpRK3IVT6qJdszX7UbNwEhmbD
-  omiolUwitNJVd3sYfz5XRq0CgYARtP3pJPlYnfP3QME5RfQNzGJKusTUGzwO3a4s
-  gXUTjKaWPAn8Zw/gSABxr+Hua5HEtF8FiOfeQ2+SlZvmK8mqMSuKHB5W/J8U6gQX
-  oLgu2IFMZLiLSOzLL+FJP54PaUlCAA2SeRpgWwyoGzaccYBoDbEJ4SgjvBAAGh1k
-  fWxBFQKBgQD1ZsF+U1fGAVdmebqv6n/mNqXcXHs+3ngTNw0E/gtVK9eyqM/NLqr4
-  Q6TPLKHUx74xiUAYbmPqSE3I1Rx4YXSeBpqJ/HNP+IoHyet9+DeVsY831TPOD4ib
-  5PgkmBR7w6RwT58A6oLosVp6OvKJ8pNblxym6nUZGNsr5mUM04P0dg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA20aVGxaUYWrVhUIKW3c6WNGE0O8u58zfjwQ7MFI24FaoJLH3
-  i6MeXOjV7fDCRWKpp/bIq2f9l8Iu1bHJLGjyHbBjibhYUn0MZ5OTr4+WOk6ZOrp9
-  eUq92OG29VccwBSSlCAxplER7PKq1u2H5oi+MUgRcj0EoHPj0B/FMWgTYLZdrLUh
-  o5cMjmWuzX/2NQnD2szg07f31O+x60CN4dy/x/DLcDXm/36QaODi8UKAuXHWmU2W
-  pMYFEMwXbqKmV2mR+U1uoD6wVcoJCBJyRB2vF5KKZjVlLv51in6c6M9PiZmazELw
-  osrFlhdc1cJSHTnojYeLoRNZSWeBK9hDQyP5RwIDAQABAoIBAF5h7jI/sNSRuKBo
-  Qa8HDd1HKeUI3ua1f5C+oH93E9nSUwOges3nA124dsS5OdXF1wLOLafh1fzpf2FJ
-  6i6saXKwBtgzugiffKRkmFAb/OzSAhCOTw3TRw5AcZD+0wg2krUhel19Tbrw5Ooo
-  SbPILh1mSOQkMYai+28NDcLralPYv0bT+SHh8sX/2btWYr5X9uuo3/CIsFw+AgSj
-  ImuUM739JWyTNEPY2rT+TdaxXY3j7ssgV6oal6U6VZ/FXQX/vGlAgZhcIYTGGEly
-  zbPQF7Dj6MvnA8kN5WxwnmqfvULopSIMuGp/OdbBo4JvQfdC2pBA/stmEkibBDEs
-  q0uY6/ECgYEA5tBYiGwH3yS/8cLGBI/SShcUp0W9Q3V0FilGlzvEipfMnrksx46+
-  x5VGkaBiddWsnap2Xa6lRouu1AwkJR36A3CRsYt1Q/okiaZkOW69XSnsbThBxuEm
-  I4OGi6RQ+GbZ8DMD3cLGkUF0kBewPaBj4fxraJuPSfFp7b+YylaPLMkCgYEA8zPs
-  3bL9Pljqk14ERwkeRYpnLbeJo35vSoeRTLOhBXXUhMOpmX3Asi9/UhiuIIy5/YIx
-  MfOOrGO30qloQSREBQvS/Y1TM+uzBy08EJIYXjBfbkRzWCvDAfj5jEmjP/qu0pYb
-  k6PTDO+I5/LxwojcuYSiuGmdmabE1w7WyV9lzY8CgYEAzKDtvJS6LdSw7y9UyvqO
-  3uyzfNDRSJs6veL+GFn+lziZSia1Un51GRB4rebZI8q57FYR9mA9Wtu/tXLGILoA
-  y0fjgto2rnt4JSkFNf29mHjwiKwVdLJrU5TplaepuW/Fy7QOu25RCLpVEuJNd3VY
-  2CMnPmibklybIxJ37PrsmDECgYEAgP3hfBUbTJ5MjK0pB6RGcgvefdkDH7xHuvf8
-  kPoVRZghh+lfYxHXyqp2lUyRzqHVZChRf3T3D2g0b3961FIv4Z1L4z+6CafR5NSR
-  LxjN4+c0NoAHzZQocjtj4IyOEbkcUIVdSwlxP0MtEhlBMTT2HU/EHpumA4D4ljhA
-  o739ePECgYEA4nxATFeM+0AgM3IlUc2dvY2G0DQQY502Fc1JjULGui40bSr945Gh
-  pT+DHx234UJ5YRtfpTILyHlKr2MtqykhppKfGU/wqfEE6Wqlfyx9XPoE4gbX9opG
-  evDzoZ3kRHOMUMcFmn5rv3YvepQsTfSk3Jnb9/+C66Z5Jk28fu3FIUs=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpgIBAAKCAQEAtlqtHJy1e5aleJj3zQr6E6831sFhgEsn92hAm8fh169FSoB+
-  aFqy1VXltc920KSdOqCTrmCh1B//sUdr4vumtolFzdAMs7haLQ9mWjccLVljrbEr
-  aVvkSwZst9Q+FX8NAINuoErDxXQ/m7jsQJK2h1KR0QcZsWasBRYlBbIgZGF3bMJF
-  G09bEME/EYPfShDI1+Hhf6dzPsSvnPruS+H7eh1kxkGry1N6GFhBPOWENWABKUoK
-  OcqzrG6QRZJxwyZo5I+Db6OJLSZvT+8S5xAALy05CCU2hOxmGxktqb8DwXEKVp93
-  /Ky68jtUZccxQ+cclrFKZuHvss86Uot9E8nDnQIDAQABAoIBAQC0QwTXwO4CQxRG
-  F+j2L4CwjshDKh0JJsJWZx9fH4NYpDF6CXVsESSxkV0nkfOhIukueGgku++dcxhf
-  FfxHgH73+NEhOCYmTvoNiyihy9K13aSUogwI9cbCh5JXUp8gvtyKgmKMX/wRJ+5t
-  MKuS1bVMJkpw+HTkkltAF/j3HXO55ZhQn00CM1Lm7Eo6b0uNq4poPxjHNUFAxMJX
-  vtmuRDjNeeivJ/yI0GK82ZDJO8YeraIFXfTOF2Ss7YEpSrfQ/VoSzy+Js3MWpMgS
-  QMUAS0baAcqIzHWaqjsiYHzxlfc/JSmXnqW+PVJ6bb4PDeuQFUcGhdo5gKyuVRUt
-  2Ov9/EMdAoGBANMe+wUnfmb/IbYeX43wf94V91tayW4H8/ROAEBhTDQDfvRp4QOl
-  5Te7jk6dJCArknkDKs8lGDggPcdKvACZ72Kv8wj+pU9t0FTJv6yn1gx+TturebXT
-  25Zb/xypK+Kz4bx4oZd9RwY+4liDW4ZMuCZuH4qOiUdwvhHHreI0i0E7AoGBAN0e
-  OyZTIj5wjNHlaYRdQaYj1UTDxCHOrDUMnMsQ+4Tbhr+0Ej5se8d5C4lmRTFWnh9e
-  vlu5aX2nC2IrcCLuAisVo1tFqyQ5GW/WbPOPuNC1964V496lkT64CruzQmhqzW5i
-  mqsY2tKOLbl92qr6NwOsaqhrRMS6lO+c7X2ikUEHAoGBAK7C1HPdz2qfA17oIZ0z
-  WgWTFWFP87Hbb3vqHZctc5ES28Ki6prEdsv9u70jo0XmC6eUkZlLUZMUTU9tc9bj
-  lh+RGpN1h44KjwvAvaPEgxFwdQKuHWAAcaMzoCgveZ593PzQtqLaFzL6Vw+CHP88
-  /qsBOabOeqDimNPLAQthB20FAoGBAMr/JAJtM/Tq0v0nhhV0n/5syzBUIU2ANWyG
-  ZbOvpZk1CKIaKN2SLpjUMZk0gLVo9cWK72u57nTi1HqNsmb+5pKzTMNQVGvu18Fq
-  s59vBJbnV7lEc2xFx/AyefgT/BVsZ6i9cY0+RjYjPSsbtZJeH/+JXGm+AOYy/OR1
-  xzod8wglAoGBALLJIsgTPkEf8LQtw78WBEyy6aoSPeDi9bI9ap99mDtf280o8I6I
-  sM/nABo9l4Ftl6JiN+L1HUNd9aLpevImsp39bJEqB9WguFDIHSBwQrcPnwWhU7n8
-  R0sSr1yc6/Cp9h/gEFkwLYqRw/nApRBNxKtxv+n94Umu4FdTAGjZfMdC
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAzQtab/9x5fIAypjHIYUPVZFr3f2G+OYb1T5aVytoyqFg8vJR
-  42hGcckYZCa3LyKAttJxUowQi/o6zdxP5GRxn3VeiS34TENHEVEv6Cd/xlmgCCyA
-  Zip35ttIuwHDfFscerKg1M3UunlQcx07mZs2+/zBwKFonPan/1BlotGMOjrLAA3T
-  LgZOWD1N1VvZ28jTVptWRpneynuzMpP5BRAKeakZ5jfMJykSBYv0RZDFetZqHTY4
-  k4XgzBdIIl6snZN8V0YWG/xYaXSnETulIdo7nuHpMvaR4qD2U3jYM3TI3toFbPka
-  jt0+dadA5JJO12HfcEwVR8gRDmf8C+L7TszzCQIDAQABAoIBAQDC/R/0z9QNmvTb
-  tSvxGWs6sT8F7VoUiic/w7r/mF1gDNV4U65B9uC+xkC2xQaBAWur8DYqDN6TbtPK
-  /s7O4CIZRPEwvRGZ3ITR2AYZ3K4q/wIro7466fn6BOCGTigLs01C9Wny1QaOil1S
-  CyOpcKx6N6Q9PoGQexPJvTfZ/TJAEAEy2UtbJLb2+T5zPBKt9ntyIJlEI46+ftLt
-  qmKMxkI4msnmXD/+Z20re8yVFLvmP0UTciwBR39Dxs0DC3aqcZn8MQtf4nTjRmKa
-  JoPS6es2M72yAS+1EpY6NTIEKlLES5Q9hPHPNJb79fLb/gqa/JwMzwtn5wIBgvEo
-  Jrw5lkwxAoGBAM/Cg2FkGdsz9XPQEJh6nm6ey1gTFyFjb6RP8jUg7Fak9O+DHUrI
-  rhYOKg/Co7vfo5Q12XFKGykpSvfaDS86oUxMuBTwnTywEGjUs+wBXLp9yUNrhiTv
-  ruO+FgiEXN1LLl9LRa89L68Ch2oLyeAzQfIgOtmrOOr4g6htWvyc/uCtAoGBAPyn
-  be/J4dwfLIzye6O5bxE4O7r/T8blIfZgi8Wk/ELQZAYJvteRtHjppYdUjKkD7RQS
-  7lni55uQMLR8FsbHKKtnCsNsfIUXFecgtnnxCSvvvTlzEq6vvlb/O9ydAZIklhxF
-  V48SPwswnBiLZk+Kx5zc8Tq6h+c9nwL+h/oXubtNAoGBAIigJ/nx9Db88ltY5rD/
-  YhTpBFxFIZ7pX0+061kY75MDI7gmhyrY0fLbGboHi9lO9qnOx9ICo93rs8tOcAEx
-  E0Wz5hKPMTfpqMDnr/Jx6uMROTvHCA5eOKq4JJExSkiU2kf8njThjewPQ7HvUrDH
-  xIRPwaPHP8T17M7kK0OYktx5AoGBAKV7UGFnXFzdukNTKzIwaZPgvhab1PfT6ivC
-  TqoUhvmIHotp5KqzD37GohmCgmLNZIHqaF1NZh+ZEJ2WTSDDH1sssXsQWnqdhUYO
-  QhaajkRN0SWIvmrWRxgaMm4sE/RRrFQ2AsR90fcVTpgw7cEZh+axO/sYY51M2hKO
-  /icLVSZdAoGAddpjuGf4Mft5PuLkwf0xYBvYfiKDmmEGTFPiYtSFtnSiaTBlujZM
-  Zz916CAdWf0/ycOhSUvAnXCR+RnbIRy3DJMsj+azwMQnaGB/IHa25A2zwyU8g8cy
-  fr20eH2kwdKc6ejzLECvVRa5eCUASmWGUiOuFgsoR/T5LB4JLvLdMKU=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAwzqChANcvgWcBHQIAk/LGzNFWNk9/tgnymHfBIA7wf926VtI
-  hzJBw/+tXCWib6EVD9v6rrwoSaYZAcL7c6VPuWKzrKC5Jk67BZdAehoYZeyzDKTY
-  zXMqXvjsgwi+JC3YVfgJNk3wFs0CBd8B199w7EV8NIBNiB25MSa44BE1KhfVb8oL
-  cvpNsckgsfdWBOxB+3hwHnlhdAannqVPFbbEGw1zbSkQe6HFR37yFjbPO9Shhy7I
-  ehdeoQpk7/UpNo+7Gh1RlwXOnk0o0AGhRxn2/KNuu6b3lHEOPBFWT9he3AdPv6pI
-  2rfbUBtIxMHNPrQPkD6aNQQHgtSACqNtCZMQewIDAQABAoIBAQC09agCy8cMT9DF
-  A/RkiCfgh46xA3UGor+HRV7eIirB8JT9SuKYhooVLgo4Dp5ZUHtgXuwnSTsiwTYO
-  vvgqwsF6OjYHPldAXdvXG9LlGwkgeN2iS662CRjuPVelQdZVXLVZQnbvgiCYUeCd
-  Jo/j1DYsm1+8nmy/TaXaHGVjNDAOWbVcjt/ZYU3v35hxm/0TGgINK3KNrqRi0com
-  qt3mXL+rvOqL/rCW2Plu4B1I91RzjzYqfZ5QcvjriAmYDjzuIJ8Rd9dW9O57ezhi
-  kH8UzcW97RybfmShd0V2f32FEM4TpA2CQJ4W8Iwg95xS8V2mFdZa+fFTCuCxvzbS
-  MakyYMfJAoGBAP4wuw5BtSD2o4yxwrBKa5Bt9ExGbOZhqbti+33Xg5+wQiNtySNk
-  xMuqkbuLI2m9e5Kv2SJSK/x7/KvuKtnw+IgbXZ+8Ehnjn+PGnTNfj2jrm6QINK6k
-  9gr03QKlv1auTqaDn7PFXzyENQsCFAhK+UypP0x+z08qE24p+LpHYLrvAoGBAMSe
-  Uc2vSWrGpSUT9tbLSIasLTTaFm0MlJJIgyqiNEequbAAaiSiaOowjUwU6lpEc04f
-  cdSJgakCM8058OQF64/8OqYoUtO5EGWKriQxT7jwWIEOJg3AeLZPm5MbXIjOhra3
-  /BE0wZIIoZ2xw6jcznPS2zqO6oWUbo2sFqF2nXM1AoGBAMCXPXL81/bEyIAWQzN8
-  /2ir1phgF6yqPIbM5U2gl4rLaiEb0nTtqanCb66QKmG4fkNS1wqJBejELFo8Ft2Q
-  FU5SpaocPf69l2xmFL9S3P6a3Q74ZKoaNI1yn22dFY7gfJjvS3ZSyei5JtNTXMg3
-  vhGWfm4/+mS5tYUXaewBnsmjAoGBAKgRwVF2FebtGPvh3e1r5XohMZ9tESB0UYfd
-  7imCb/gXCxVUtWbNYatWh2HSuyUgQAQ2wuHwDOLAnDFA5xazrNHuxN+Fto9/MXHr
-  IsKTWFd5M95VjtfQgB8vW4hbKjVTfToxeYnns9O2Bxi6fMsavGurgXTD99rpr7rw
-  sIOi1iJFAoGAIPViDcxypl0w85UJuejH2F96YohLkVyKIioKg9/NtWYv1T8O9GA5
-  H8dHWmSo7+mOFjsfD3z4/xKMa9yvpxiHocevuTz+sb8oscKAx5tLKgbc/857wVCv
-  OUQ0tObpDdO01fCxoX0dEm4hSTtsDYVCRLky4BrsocFfIC4l/Ibr7t0=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAwtW5/EEeumaQjfxrJbw1IkRYJlmYUH8cE36ceXCtgS3wgN1A
-  FKbnMZsPCASpVOKyHy7fjgCk6uJ3+Hm6gKues4t74ucQxTMnfY6ya5b8AgSadMz4
-  XsLjkfX5jcz9oAtqWqRJcuJA/8CszMkAIb9ye3SFckspaw+ONYpebz+4GUzP2aaH
-  QLORAn8yHxgp0Vzo360J7uBU2gtDhqwcB9Egst8wJj5Q8nZnqhIOgrS4DQM049lD
-  +rySZLh/voSF/bHEC7DX7E3wyc+lXgPXKElfWW9qOoHiaVMeKZGvj6qYcJyBIDja
-  1UevfM71CxaaHrGUBUhgN62diLwupSeTST+KqQIDAQABAoIBABjl5SGWVM3vQ3PR
-  mQO2fHfHkhg8hNlslPLs0CQ4wQNsEnr1SzYYah0NuqsEpXsCiU6w18K21Fxr2nb3
-  X10IEXzSS1+gtaTtt5M1BBn5rnS3j+FzPB4n+5rwexai5ppoOwwgSH6U6UeFoM9+
-  tDSb2Y5rQo5rinxy/XJcH1tKIkWhMRAz/QDLUQOkQYOrlLBY6vp//0oc0OQ1VAo/
-  jqlcEh2ljD8uYy9qSCsaG34hsS1vStU89/dbyOISLQUd9MUjSkVOez4YcrCwGgUT
-  S8OPRVYYaf9TdUeYRfSMsxbri757iY4wwHbG4Gm885a33zP5WASItkkVJwnjssnG
-  s30JnB0CgYEA7g0YsBc/XQFfdqU9ePCtpze/Wj1B0BtqPRR+ud82i8XrjpPCZlpf
-  qQe3CYrwDDtvK3HJx8OvOxYcqMKYS2usFd/mLpC+tz7Qsl9NGoKLvTN6W2JuPdH8
-  HD0GUJlDnoaPyKMgOslOg8R3uNpy4+pv/vwYzD+hM41WtRazy695OpMCgYEA0YZ2
-  RFLsfaRYJ5BRdsWNj74Hfc4LH6CycNz9wzY+tn850Q0hdPpJcBCaVh3JxDUXMUIj
-  Ijce8LpjAzyDDPYY5QVYgck+cTtvmR9CGPb05unHNFPMdszI8fFaoJoR6wb1Jvd6
-  TD76wSTneLkbmTstnz/BqfvLfFIvQi9P8mcXX1MCgYEAvCSjr4EgNkzAe5BLzotC
-  ZFgeJ58kpesVA2NwaU1u2fe6nfxQd/7Tfk+3rZYe9TwAODD9zqHtm+B1FDiAj5Nw
-  9fT5AzKpWUEPRvslgF9PPGE0QofAI6IUBOmCVS9dDyzA9U1gSrYSFPixuusERPhk
-  Pf5XRw6/RHRf5E4mGkT8pnsCgYEAiybXAtdj0qnEFjqFr/DR7GYTSZz+zDmIaOaL
-  7grnqYJjXpBu6OaUwUV1ir3r01BDH+bBuKaM+OmAepTEoGYM8IUVW9TQkJkdq78T
-  wcq5qWYXc4w33apxxiU5wDGytrl/NSrk4SBunrmotQeS6bhgu0O3lfHxGZbnZfhQ
-  CzgmUJsCgYEApuPG/S6NNDxcamrdIQ4e9KLtnBN/yw8VCVW4xRgqjLMQt3eRlwQG
-  B4LWCK85H+VKmncNLQz8NxsrHVsp/RuAG+9MOzcnGotD1X0VI+ftNZnADzTKeM4h
-  +CW94OYHB0DMxQCknGoZ1ZBaicfHKvPbGS7Eannlz/Imz7rTF8HwKhg=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA3hdTvMRTiNeZP7Ibd87+m9Wa7BWjBe1UJoEVTRZh664zeoXK
-  k/MKRQhmJMVBoO8Ygv6EUacnDxOEwKdml100DAzyEkQDYL93IrWBAx0wNiF4zcIu
-  WfNiYjZlxnNS5PkOSOH0zjHiPMX3H0+56DPGcZxKttxWTcDgZlSXo56cvh/lrkk3
-  DZMd0pZe9HcFI8ej+cvpjFUp4DMX+8j6265Fn9BHHpk3ROlx/g/tUlqO2Di1rIiC
-  fNdrEyYiY7BGlIHw+/W1R4snSVt8OlCToTySDENkahtw3mkpUg4HAFaglgyoB/MK
-  FDSyugF+Jq2JwOWIqZ0HdTq9wxsoUD/6o9P6cQIDAQABAoIBAQDHojRVNCzajuJk
-  TRc/xMM9FO8jU/esdj70NYgOORZgIcCIXAdSol8S2o/mcaGipglkhqAuPZBwjtz/
-  x/oCCXeldWWLYbOfnbvbaUfEotIZdlD+s5Oyq4I+QiOOFU/oHq/md6X0SwbQFisi
-  7ClyPkgdC55lbP3u+nc7xMJiA0tl4d12o1q8hepcMBN0JOz56ho/aC6Z/6w5opja
-  9++oz/ldnpCZEY5ZTzhpuFVmi32UMehK6sLzH7CRIGOUYncG3S2q0RRvtwSkPSK1
-  Svz88TLtpZsO7FKOJIrQcqH8HJAU3KO0ml9VvC+bFdKZRJo/HEBObCYqtv4/Dv9V
-  yxgHNmOBAoGBAOoJ3us47P1+Akxq+dmIbKeev1UQrJklWqhcFaSO6JmXv77MlS/Z
-  u4OHJa2174qq0Yla7/unr/l/suL0dYWx6kK9eLcV/9CzR/fEmuqPzaq5WannlVvr
-  sG4cBkRnkdF0vA0tdm346WQG5nhVCRIhZyPC8qPHZWU5DooFVc6jQKTZAoGBAPLu
-  c8OAKtrVvJ5X19CfnANGqFyJbs+qgJvsxVe0Yb+LiXqHbDIh3LRcDk/rrZloM43H
-  Th8n0ENp0KhyetYe5mdHv/ZKLXZ4CBoK54v80Rs3KxVf0og3wooeZICXpS5Pay4h
-  Kdfx+mmRPz2NDgY4n0r/jiYmbYHz5PDxV1NjuSNZAoGAGhC9Xg85/cWB9gbYCs0x
-  5L0+a/fucSQC48tVsb0k1K5c8aARYYHra2uq25zur8/0hEq3fZygcbYyMyqsyBYX
-  lBVME4AEvLaq5kJkSol3i3MXNGARd2pZfPnsDMRILj7FDuaoUPku7TADjRVTbEyC
-  Ey6MHYeAmHRxVRfhBaGS+okCgYEAsIkZ9QMJoXdbF1JMkd27GSJarMxui1ijFyxr
-  iD2cHv7+y9znglLbOPIAsJFa2TVA6ZHhMoDTNnoJ2K9AlqNj2b/pPshO212EvbAY
-  7cCuEHH5zBGTQ8wJgidt74jDz7CE+cO9zaCZ0edsJoV/oIO7NlwZ551bTOl5AKLR
-  S9cXLhkCgYEAt21dcABcmtJZ4J/dNDfpguSH0MD7tuMBoRGyKCq9en6buOojqYET
-  K6ue/o25M9FELPK/zouKeOx0C2WRmZbvG4JDAQBObyccDMnNitlpl2e2dCOzno3I
-  Q9mE8v/Ilj0PdPhj9Z63ZasXHpexmVU3dSfu2zsUjQkQV/nvSX0JmTE=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAsMy8INNxvbrnpVwbIUl9F4AemqSrMrin6rSREH42nDdgRz4a
-  neB+dobQsUpDVJmGnNnWwCkjKQtdBdU9yXeP5sL7haylWM3chEf0TU1BKw09jV/k
-  N4FEQNzfyLC19UoZXZxuE6VyGMr+jGshbBXsYCQte+kpoxG+pHpmzQyDldd14/yd
-  8PaDlY5mIGAAIopUWetFflqkZlz8I5VcoqYLseWhpWU0cqWAKhcnxIF3p93GXif4
-  5Ji06WzVuJkKpqaO1OQPmJnEbyojB1y/Ukt5rTy6RK28kMHYmDv0j5Y2UsWyxYw0
-  FK3S/jx+WgT4nNaSvgn5c0VJfJDRjjd79RhEHQIDAQABAoIBABkichhklwX3HVmH
-  15+K2ArQPwmTIXeLguu+EeV7W/4nbTuTm6sYMEJfdinOOfY8AUQpP/t/na0HHYln
-  wGn04nNXAvUFD1ipo5D2vceDlSEut7JykHpHmVFzVSkt3iBqEWMaixel7KuTqE6E
-  KHM6RqmAWysDgdTZ//VYJWc/QTG6/FJdO5A/eDCE6sD3NZlTyzluvOxDvMV97R/o
-  yDKgxldvBv6O73yO9bRAAcHozlUX0cvG8FC8LNGNJA1i+9KBAVW2swjixXebczFY
-  KoMWYSO3qgLy7TeZqnuq+zf0cdLhr3VsNZfo8JZd1K2vW7jBjv6H96GXpyow0Yqk
-  YxTLVCECgYEAzP8IJw29nqynDpqyPss7dfizVQTyodfTSBGN5BPNPCth7j0zC6Ns
-  UBjrpF1xI5JTQi0DUBnYCtpbOxJQTsbWs4hHmuy7fkZCFBYuvmiNDi8ZkVixPgFP
-  IAHOpH0aUMRxjL1iVds6gd92Wv4tUZq706IYtzv1L7w80axX/cl1jokCgYEA3MnD
-  6ka95YrEBuGk5Gn7Pfb+qxFxpz7dKRkX3x35O+M878jcWTy7qsytuZa/bjeboytT
-  T+n65kuSz2ru/UhkkJILMY6qeIqkqeN8iSmvW0BZBYPZ+qhteIC8M42duf8bPCzT
-  l0bDEWS30lDg0YLvUBLSO6lHO3gsxS31NP7BQ/UCgYAwlIOvFZ+JOetBF8IEBY+q
-  zmxZSpnhZs9INfjFQzgQ+Ur09YXiTTE+7hjx078bKfMXLKmrUuSS9dpG7nkfohmB
-  ZFtryIxKSYYhUnxzXT2ITfsmKbmfMxo4QJVi/867s0Ihk0P5isGbw4Q93hyJST0X
-  00M+MTRSwq47FjeoChUU2QKBgQCRp53S2VZ/rxsBOy0P7wbrax2492oWHnfCnCZO
-  cDSzGIdj3QvY5yMbW6okLFofuRm4/GUa7E40TZkNswr1FyQY5+/wgqDdowFcfpHy
-  3wgrV/kilUhhf2mwvKTsEboDMVPjT+NLAkjAGcTXP7oBHbMJDVGaQGOYzQAkGNyS
-  WJphXQKBgQCPwuSKiQQJCDJ1H9P6XkUQCiUJlBJigi/KC1Nu0Pg19Ryr5EodbIb+
-  PTR/ShtJFX4uL3v40zc87L80Co5H38Dz+VakWQx/PjWJh+Wj3aMEnFFUgHy4szx8
-  4QbJcIpi7QKuCJlCr6puIh2dddN5WiyCs2ohkhQyXizMqOxHpuKMZw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtn0jLvr2XJXoSf5IaFWo3mUcbTah8wsPjC0DJIOhZEbrCJAM
-  CMEiJKmEHU4Xedx2rTPuFbqNrEr9f0BV911CyLbxFidksOekwdcNq7kTHkIe+2d7
-  OEwzJSmNqNH+/QD4hXClxYEHboMGtuL1rusFL4C9pdKyPSKHzKxF8ssQKTCgc46P
-  aqlI2oKD8NYtVbbaPeP6v+nIKX7J9bWWinEu4vbYlLy5oqklA793pXfs2lfeWrDQ
-  T27v5O+N8JDdfSlfXwFyiyqLYGu+cTGqfh6I2eoEV4DNYkRnXEnWmvye8rgh5Z/D
-  ELBvTIGE7MSGKvfXhsgzmp4eM0n8WIg5O0jr8QIDAQABAoIBAQCfN0DqLWWi09vO
-  KwBLn2jtWDRcCQ11OpI/D8qtIfc+wS0w1FTbkn3SlN/Cna6X0MTuSt+Pr6sJxoez
-  bZNTddfdvNdNJ+OPARvbT2ELETdf7/qOB/QW40zAQKfqwgUCAsXRzr2jOvcb8U97
-  YztNeJmWn3FXayO9eRIYfbmtooOgGuVpLb/TPKHhdHDJ/eOWfLHBcnL1xjIg1byJ
-  2hPV3IaNd0thGkp+OGoDdUdKZsl3PM/KyTUYReU4TiGKYWtROFiOBJNcji2qjq2F
-  glYDuvyqWSOcAP5C/qQWeK7HYAuFljzVuC72TplS0vpTNtGx9ryKG38VhPwIWcXM
-  Es9XNz1NAoGBAOttT0RJozXDlpyyBY1C5Zli54DU78AmxcDHvOPnXvcO3p1cE8zY
-  la6I6zOvuKsYg2bSwQ4SlM6q0e0kz7oKlyU3bJPcfAUdwEJEtp8D8jAaZxTt9N2a
-  i6pdcbKBelqjTgaPxN8j6jAcDiuTixjPyx3ust+ugUIgkRW0YNXeHrRHAoGBAMZv
-  jvgZmBQ3pxMfyP5caW09zi0P0rVxS8hGoij234jg8wSOzC4T3n8yihx7UY7RbDT7
-  8u3aJNxIPn3ANmWYR4f2MXvlxDKLBPTYlWiViaUFBlzXtGQiA1veBxZlD9XZ5hrD
-  MkSm5GpnzOsn1gaGiL3xLcW1oBLz6CONxRAtkxIHAoGAG1rtLfMcer/KPVTWHk7a
-  nNMIMUkMvpgCvF65DQYyW6Snq0Mqrc+wvMH+ClhtrbvAcO8mLXttPQJOOC7h0C0w
-  2Msy249v/awyTcDsM1fjCUHYHm9z11gAyH/pGSPAUs3M4ChOaNskeAiagOe47t4e
-  LNEyiZkePc/I6+u0oMUZbjsCgYEAgWj3oC1w1J6Gwx4Tgm7aAngwIYsUK2g7t9z4
-  nCaEGUw6sFpAJjym+eUH1RNHWRCStOsqvptpNo+W0YOs9gydebnBA8AQd7XaAaPN
-  rGr5XTktsRarejIEZsEhdiVqclisi/+IpOUCSbJwHVvZZGAQhW7oHuwX/MQ8PBOU
-  1LwkEbkCgYBWsqZwXRo0urJz1gTukCp4P5f8w8hWBNBWtSc9udOrpTmLmSfoUYKD
-  AomxOkKEpd3fTmahjDneyeKNA5mGIELsaRPQbFr59/gPtifEQKalUqV99rzjQ7xQ
-  rDEqcBpewnCL6E5hz59u8DaSzxwij86aj0YACjZFSk0Afg8X8NFKVw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAlevTMHXJ/5k2FkR2ReY7fFg1l4hnFiDRLxQTmb7DgkfVgJqz
-  bDqn8fBCAEVnCByXcUK3ekZqBFOumUO5YpBdSduz80u0C1BTtI3F9geA86QS/CNj
-  FCQjMqPgW656tQ3iYANGajSpDAatyz6b9oGqvbxH51HgTXSTztsmq4IwmC58435d
-  MNtsGecpktBm1KKptjxaosfL5xV0sUVszN4wYZxoxWhKhB2PsGYBObfJ8I8OCnUU
-  KztLxOrBmanhB+aBmhXaiN/9bFU4yiZ4JUShhaSeC25HOLpB3ClSaVk1po6P8rE4
-  /HZbgDu0VgJ8X8gbTaO8IBJf7Ndj/QaUHckH7wIDAQABAoIBAGiO91Rl4gKETUeM
-  adxoLPaU4pOTiynQq3OlEeJ5PAuBo/K0cgw6gGTpBm7/+FKc9jYErMf3kfsAjdXQ
-  eNu4CYf4VXGKS8BUPny/H+Bt7U5/EMqOt4wVhALObiwi7OuXClmiDxsFLRz5D36f
-  ZNCwMG9xf8hhvwjmFCwBhd+5xcBsIl03FwP8SMWQKWVdkUISkzwSer4AP448jLSL
-  Ssa6JxHiSsxcf3VR7h6uEXlZe8zg9DMf5mGlK7+LqQil38128cB694XTVSReWqoN
-  eD2GbGTe93xyTkNkke0I1BuJM5a03ub0+iiuaX0Ummvjdto7ecvj3OOL+RtWxiKB
-  IN2rGFkCgYEAwTQdLUFl7llW/1o/IaTmQM+wPOcOQ+QhmI5qfhJkR5nOcP1KZHuX
-  GFkjRjJQuttFj7hR7rH5FePc/uTJ5OsmLw7b1pzgDdyg2IZFG4wWPN5eT51knYNe
-  RtoaX9T2DD7fywAUWEF5luJPx0Etfpqlc/V1CT5aBb2EPm9VJrkXDcUCgYEAxqZQ
-  mgnMW1jF+/AWJd+3inaNsOe/b+cPPjUO4QdN1kZh+SfmzyeYyjJx5/IbtCOxpx4I
-  GMpKDKzIr+cSFn8IEwKzaiaJFcRHA0hPU/eosdlPnPDaddFey8RIK81KapJoydJK
-  bSy6I4yb1J0p+Z8afMf+tLjcxW9CeF3h48fR7iMCgYAi0+gmjlF3o/dA1N3ojLdN
-  G6NjdytlJazAuXuM+nfFSH6kc6SDdJwKMZdgQhW3eWuSuuFaLA8A2TCvakLS12js
-  trr+dw0Usp70KVAv5RLlKhjKNU877cCC+TIj8FniXzssdvkz56mpf2ZuPtuapPoK
-  a0cLwYes3TsHnj41WsxDGQKBgAhHJ/azT9PCqEVuZM3hO7nGZPMpRR35p/X0qhEQ
-  h9rVBgIm+oRJZyGN5pc+zI6+KgoHw1idHWbX0GkcHPHZC1IXe7iBsJa6nibx3XRn
-  Tp1Sq/GjS8c7GVMuc793h5FXVoyKedWA1qTimB/NCNHBIo5umxuW1IRZtZBkgSRH
-  0GS3AoGAP26QDoQ2IF+3VS2Arc9YExOp5ru6ONHMJ6Kt23y50stT17FtvKWlWep8
-  zPS9lSQ1ktTNTsmJaYIhOyK7GkOipLodrkPtHgvLpcHDscH89/ZMWvNH0xMoZMrj
-  r0gF4YW7C2KIN0QsGulsq8imADw5ObtHrW6g+d/MActmoDyH7m8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: kubernetes-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAvrAJiGG3Ok2uDjMuDKbj6zzTWKe7zWw4DhEFedaq9MwWegxQ
-  w9ZlwuSsI4p/yTiaPG0BgiwRMnc3B2IY75gXjuhPvKTZzuLpxTZZxgI1lUjQIsKB
-  n2rWHaO+uqSLULQrSDC7mxm+TUJAchMJzc9cnoU/pj2MOAMHBS6YyOxaCixmLaHm
-  UfoeU6A4tMD8NdC+3k2iCL4fPghEyLVkH0VgiMvrZRtWEPXbGJG3EpBo4CqtIzTe
-  Ed4phpWRcMgUHCMdltoUqDKsZdryqaPiqgDiPI4IEGal1Set14zCCydOzgFCBH0O
-  m8U/oG1rvBwkiUlxqARFII0BiFS/ahZ/p+8PXwIDAQABAoIBAHZdvb0bsuoNGBMW
-  b+pImkgGXMa2b9xG5dDNfhGwUDRej0E5bdTyu/4rhjMVoNbePNdvbrVH93DVEaKS
-  oRnw1gbOa9iUl+NVdXkGkNlZu7ssFI7PIDk9zyVc5GLlCtmQzSElpv7TDw7UJj7p
-  VHed1UdNPUJLCEQolO4Bi7OFCysua/5nE0OtXoP5U6wZsK1nHIMxgv0GNZ27vyBW
-  Kb2n41agFDQpLa2ZGbJp3zapzfs9iVCQ9FyQK7btNyO4zoAORz9cVi9E/sLwJB8G
-  KIpAzyIQlCxI1VLkSjQyX0Xwvc9Uaby0R4hYQetzS0/UBrFW0lfCNEnruS5eCqKo
-  23vLlckCgYEA3PVnP+PU+pUxSAzirhZlVKtbiF600Gi9NtSvVJxmP+vEsP6duvVt
-  q8sgi3bmXGy7iRAWW4H8VHFKGGGGPfs3lwP55w3elGnCKMqb+EWAm04avWAUSp+q
-  n6pJ0LTyJr3mgy0Xr83FddmzCrkHJlmFHbMfA7med67Xf+pYBoB4u3MCgYEA3O2t
-  VvPz2kqaArnlKNSkj5U/EsuZ65OBW0ROY+mJJEkCc/J0QXX31lMQdsXgbXFKk20f
-  018qbm7xgnr8LEwyi4dLC+HB9eplRyehQ0oOZ7/g8YNw4qu9eY4fuZLe6hPnagaC
-  sytPov0o884OY2+8pxTqnd/7Mvai6sexi/wNuWUCgYEAwxUP0cLPmWX7msd1o4o2
-  cOjR6bbkIVU4KZ7iJevoAuugPzyt+hESgSjYVQnnHRcLBFplwuki5VMYvinsofCZ
-  BgYGr875A0PUnrsztaF3iKcOyMB5aeFKfamVfmUjnrzvNkWrshYVDpXkk8UE4QEM
-  nEo3ScyqcrS1o0Q974+iCK0CgYAIR3/vekTxMUqEP6Mu3IkuOFGcyrSB940pdm3Z
-  oK7bBUFqRvPEYD9hcMt1KAU5FL3OuJAww6g7azzxvtokbtaWFAPj9hnmtVoGSJ3q
-  f6P6j15Grr5UQEthesoFklN4Qjax6nyLalwZp5MZT+eKIm3XdRk1wWcQid2hHsqw
-  jEmXYQKBgDpRm9jnwdXRuAXVU4Ss1LB84j7RfNGzQzg42kZgIfRfv9b4auWAPjS1
-  pE3vs4QVXqJwQHJxYvrvFSVprPIDDNn22le5eYr5qtRQ7eK7kbHnYj9btdkJsLMg
-  aWx6X/XWrr2m3uYgXn8fAonfsALFFhMenLDDxhfTF2lTfoeM+IjR
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAxPWKhECo8V+5a/mUDcG4FXO2bX/mGQTk9uFL/lfKZT3uY7CK
-  239UYu2W79Tm1+AaoUs6TrHkyd1wAM3DBh4bvO+1U64+2PRoMj1qPKKLO1yAg9W2
-  QBcowsTxgKphTc4HP9FxsQ6nRKtAamFDBS0WkE0dbmQmdLhMB5UKhJDJYHbbrdkp
-  CIenmM0zAjWpzGoxxS1tHvdU2th2SVs3Wq4SWQrakDaSRYRj0Z+To8DtRonNFeGv
-  +ADXwmM02KUHK5Momd5+hNsmqnGn/UTtp484DA19YCPKKqCvdteOcTMVmgh1p+vV
-  NWWMQiWnbYSaHmtAqTDeESYm9RmKacpcCwZvPQIDAQABAoIBAHUQ4IDVEdVNqR8l
-  W7uFfc26Vh7lWzVZtGGM7adCNPlSAyRbpVzrZJPcVc89AuwitpFR7lkh4TOem1jO
-  8/Dp6mC1NViEg7ReKKRb3o4lqo3g4D37w3R6j26cslJgcq9VGvfynBm59O+avhG8
-  t6IW94dTXn/jpPvRIteK3ZKHoDnlwIpROBnGX2GR8lYhqly94XvbSZ1fSwhVe1jj
-  r8qqjBJw1G+nlC0Wroa/6Bb2rtD3ZYi3GQFNA1/bmgTkA1m9FBObVFXHfkl0cCRb
-  O1cGLftaaiH8FyUAR3d2qLrMKlngkLqRs8yNG03vZqIlB3+OFgW7sv4ppVUKwino
-  nKCWHV0CgYEA2nA36y1pO992QlaY0XkUQSufqeJn3M00ycnLeDYvIWSWx/CyTbEk
-  oQ5rwhSf7reNDkuOiDl7lf2txVd5+yE1N1ba1IM7S2gEkekVPUFbxwkdA+UaLfYw
-  dUh1YYpiIUxcF4NZ0DrAA7pOjjhZJ1kRlkpJ0aVpez4X3dTTIGQFWx8CgYEA5tPL
-  qvik0VCPSF3ubUcag54hH78gnbGWlZ5e9ULHC2umnMboxmLDRuI01OzBYtLZPWtZ
-  LwKgVEarrvlTANtGjcbM6AhKIxybHo0xyZuaDpXatG3VN5fYEZgUnHIQn4LJ+IFx
-  gVb9oCt/qRk6SlD2ZC0Wo2n6Yqfe3guNhL0PxiMCgYEAgf4QOQOAQaI9RUM1lEsi
-  05m7XaUfvBXemUteq75LE+tBk+DYq0WFD9d+JzSQ7MYMynoKa2UR9/PMaskhDWL4
-  wWMNvTQPoFNZjN+RxS9VB8CTpNK9XqbItbMWL6LjvP8tOszvMO0VgeJoh1hfLfxi
-  a/bvsTRn7nDIUTorHnaHfW8CgYAGm4F0/3EYXMn9NFMi5aooolooYnw4h2DcH5Bw
-  TN0NwqMeUcNQCnu0h70jazON9KMrUutWoSidwPghJhnuKFi4rjwnWDVnE+aM1VXb
-  g4zBZiDAkXRNBxe0STot0EYRitjlOC9bmHXiI9yfpo04m2CyNWg0fVAhitSiXopK
-  hm7xKQKBgEVJ07TlYJRH8IdJjp+snEADYxzsuEF8PGAaO5q5wl90s30CbU/JD1KM
-  lCQqUX/nzvrsTEsX672qhkMOaNbHwMDM35le1vaX4xpQw/XzJ5qo/6Y7zOUHyzk2
-  OA18D04QEHmwcFTOUbWqT+yuvcpRNBP+2YUNvqycKYfPzmz6C0Ap
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEA2DBz0wjhyQ3882zcjSv6SVOFrgJxIY0MY1PeGXsOiMQp/Tut
-  K75SZa4BR8oTKEcqm5W4PO10lclmXdwBtC2O9IKqY8HhB2n/kD+jHnSsK2KnpdN6
-  yyXhCRWYcDKC8ldb8DmsfefKpnDwlPNUUEG5mR5DpozAgBk2rmSglgpETT+yEAAk
-  +96XoB8jOJHPaU9te7nHY38OrKw/75hVm2iILf/HCjKx8q78mLEvY6R9al7Wt2bV
-  cl3GLAdAhz94nd49cqZEvOnXSwCdUDuwjZ/1ZVqteSBcmeioVd7MHVJIYCY/YvFB
-  GCLtfPFqR8IoJlejYKAmg/feWqatYc5/cpZT4wIDAQABAoIBABEJuIcgQxMiXBYf
-  NT6XAbG3uGhfXuUjBZ/qYy2k6h9TPm/rvRkedcX3sbgjr+DTwwLiCNQcbrzDU6MA
-  DM5TbNnOVnloNUDtVKvcqBFlZpBAxS+nfBz4jkS2A/6LrJBG3EMReIuvsePuMLe8
-  eZ+dnm/316MPorg1xH54BcPtaTahMlamxE4ULlAt55xBAv/LTSU5uCmak/qDegCH
-  0JO44ifvqqwKndHzEkvPxLlz+H+vQlKqe50QUa1qvDx1C4ezdIoAlPRFvsBPgodg
-  K7qYkudClGOQwPh/qX5SDTQzwVEW/TAUQ5S1IJYBK0oNSMNfgjkNCnHEIteIYYlE
-  KOxatcECgYEA3nbkOuZZWxBvUMv2ZTTD5EEUTNr1S3aITWG/8NX3F2BgdD5T7no5
-  rv2kVXjX6Dq3FKsx0yXHiMtvKp6WXSN9iQoZ6wV43gsH0WNPnui8dlaMJOWJg4wT
-  oM57MVyUTuOTtEjuiNWYLxFMJB/1QODw57OxMDu25annAhyd+nK+oMMCgYEA+Mdl
-  nmgrdL/aQm6PD4/HNu0VuQScUgB9PKcIdztu3ow0x4jxp4mplNXhQfEb413DHf5K
-  Aqsotx7Z7Jy2yajrX7rRsXPmY/WQEzRoqygSD+SnMmB7NsSLbTxfBMIudcCPQiOz
-  7ePWwtM/Tjk3+LwYMY+6GhPJMZtTasFDpFkgTmECgYAYXZk9wkEDMlee19gS2aai
-  92XLzSeUrlTbdNta+3RmwQ2PbcwvkH+E5Q78tZGgQ94Ni3qXj8m899sjJd9+MAbt
-  3YddMGo+l6KxklkEJKWPqIcM+38GQ29a64Kes28i/NYOpvZJUmuqrBBU3JM2Ge0I
-  06uShtfPa757grri1XJ/lQKBgC7AahxmvyPlmgK5/DCUeH+d9mMatrXCWca4LSMb
-  DC7Ocmy9E4zElhXeS8K0qOUFjdFpJEd0Guau6Y1JtiAXmoQW+6k5eqZ2U2kIhFMF
-  6L8L3U/eScl1Di6tFb4zL7/5O/LV+s5N7uIWCOOOZTJdRr6pn/OenESyR+7b+vY7
-  uZKBAoGALUPTCZC40dcgAZ6GzvOJRAi45DfdgYVaXq9ZD0EKuIfuez+trbgKkaQW
-  tebXHIQowhQvCx2e4bY8w7ipK9TeDN4SvGh8k6JdsKKyuXuluzJ21PMVxeA4u83c
-  hWphZ5dAQ5D1ujABfkpWIYEjyxPOTtwNc0TO6J3SOkEgL2y6uJ8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEArqfjiTlogGiQe7uwt7xl32AZGP9E3SYxJIX/mR/suK1BTftY
-  5K7RnLJisG6yrYSuVANCW9GTRkVsJ9bKsprsMyAIiCvIlgp7NJPbNgKLGPOiScgW
-  BjyZz2cQkEP2H5ePQmSWM0HjZklOP4uPkjnRRuREuXTVT61RNY7SU8fnJusWJs5+
-  Ih8rPsRvGV7eTYtXOCSLGbk9f3RxxVAkqiAQ7yEAtF777DWIkLTDfXKdIlYZYTov
-  L6MD3doGGtK7lJedcvxWlAsedAVJFLczaSfFWztgKMnOxiDyyiNorwrCMlF7sbRD
-  WgXrb7ioR3FlpSkZAra1T0WTlNKu30BSQqeoTQIDAQABAoIBADyaHKV8ufn0Tk3g
-  rkzSnjaHza2SxX5Gxj56EFo9bZIW69X3JL0Uu763Vu8JOg5jP2n/R4M8kPGNHR4l
-  tWeLwfFraAp3xr3pHR79Ps7ayxD5WJJpTtsTI/uHM4QbUMdde2P6KvPWJOVVAkWi
-  U0rVrPwAMKh5FZrz9H209N4FOvuRe4QY+Tog4zEPMsKmExz22jcIhzs0dS9NxWzH
-  TJYUMkSScqU5WdQUv1lnnee4VfMZAMLp0Mi5YuAjIMZeg/nKV4D+ufOiASKjah7S
-  KKn/1mJPdblNvOvt6Avdi39W4RojLseFmrx68BKoaB+CYqM3113wko26CMVoqubj
-  7TlSe4ECgYEAwzBr2IfiZ51o2lfTkmy25JS7uKKaIgfQf0O2E8TDePWPsaQ9gcNs
-  POVvI3m+fT5J2TIH+6aBzPnNd8uUM+EQ+dSWi7jkPmAfogBpIE1i+LUhZLZk3nHU
-  /XuoA8YIsDURN0hKgiO6kfXaIPtxPVc2SyqeSbOvxrPFpBGsoOx3CjkCgYEA5RHN
-  txWklx4zgXZJzUMzM6n/g8En1sDIO+Cy3NMpExST+XaTam1t47a4r7zYT36me5S2
-  JRjje1IJZLqyGQMdQKYHGsJXI8By59p7eLI2AKKdBXrpQltKKELvq7vQwbAcL+/1
-  9IYR7dWi92yqK2TAS6PcQPAOaN87x9jkkRSg3rUCgYBZHGIgGOlkJJkaFb6husBE
-  2yJYyONVZfvqHh+iJtKXBoTztOfftjhUFOsIZyxwQV+1qQG8AeiAjAsiBe9DQB1f
-  8Y5Je7+4Omo2q7lS5gGpSghU0nB6nb1/fFTYZDDTQWb6tiZOA8HJoVRUenbYalh/
-  OJXLUB2PucMhhHArh8lRAQKBgQDVS56hvCVmEVkkU2ClIM2sbb7ekBzoetn352Kk
-  /HpiqeafgyoBD6QjRSDzgoRogSXELNTt9h7b1aepg64SXDQA3pf+8rbxM2HLQkV2
-  PXrLXJ+ZWrmYcCi9FJbW8iuQLswQVwBOkAhhzWvRt/08KrRjulB8pwrD3BluHSe3
-  b93bgQKBgGZC4hUEAgCNm6B2ZDRhrY0kvG5vwKrG1KGM2epY+AF9v3gWh5cJ9+sA
-  cMyjDusVtZtuvwOrhPYq87qfXG3KKGpoIwR7Z6iN7/04SjJ7kdabkD8kNur1XIKa
-  iGUhyCDu+splNCYx78aXe2jUoreyj0Q4YYarAT7ugD8TgcvKLMso
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpgIBAAKCAQEA3i6kUMEWW8K9OBT6gv/qyD+obyahNam3gQ3h8kvtO1831noa
-  ohIvuMr8zFVnBBx56Lpqp6HvWVQNTncJwy3JYqBdKBARsYRooLj3ycvyxPt4DK5O
-  X6QiMozhH6gFrRWcqf5j075N0WVlyOZgYUKrR+xXp9CyEuuI3WAVme/0f/3tLLNZ
-  1MKdRpjManAGyAumdEBCxZCqJBRRWiXQJl8Y9CPZLuAMXI5TdJmgkjWPbev2T7mk
-  6cwDzrv3Q73C4zG0n7EsMUYnCpeK0pjoMh31rBVZnv9VJFt0F80JqIa9DmP8V9JE
-  qJdBhLkJPOY7l+q2SkptS6IsaKUKoCYu0CpaIwIDAQABAoIBAQCEzNQiAIdgqXF4
-  B/IEQvsOXh5K8YgCD0NDvAyFSqStjChP5gPtQ3mKtqmLaLB+YJbtaB8/uybY+chK
-  UhRfuQpaDQghXhl1RXNUPbq9v02IN9Z1nenyeKSIGnSk+0UJQ5W0df0tHt5cfoLs
-  JecNu0+tWbK69564eFgCGeBPdoFpzjs3lRaONmTk2DTFoEJRgiVlIerFYRrQxmks
-  aqIIy3YFaB353Bai/130CXD1p5rqF6eVi8JKnMrLAHbfdaJEAHIOloYdssAjO5ZF
-  BVGlmxxyclFKDEq0HsHGlAiB2XWJGjUUvABvxPm7KpeTDvJ9vqvmiOQxE+j39rnZ
-  zokqYxvBAoGBAN+dS1Yx3DAvp7dRaUmFmOlYGHbf9li46azgB/qxY/g4zPj9Th7u
-  rghu3cNHDPu6dWyaYVaYskAaQMbBqS6nAJ0lhZT/L5Pfej51LcnDjgmrpC3yj7aX
-  NDOiRFOSd4Zi1T1xHDXF47/ZE/tHIKUB9P5S91Ah844kQvI08Qg0k0hZAoGBAP5c
-  PwLN7BQVhd369RF5hkX2pb658qx7ZGbRWckYj/T99Ye+zAkycbxtLZ/DZ2qfSpwh
-  STKKGCJxGCDnAgihfz1+I9J0xL29RXD1YSREtI7t3SKZqAbnb2pAAuaeMIV4CP5T
-  lPSxkqMoBad532EfZvozKBFcPQWNMC4cyB93GGbbAoGBAI1np3NbVlU2XYWkOsNe
-  c0LkDZxmph6W2FYU2ZbjREd8i8nMTPFsl6sHiL7rGD+7OnQx7+nV56p3r4zAfF7f
-  BplZV+7PrGODR4dljE3xlslwvAK+R7j8Rut76l862NCngRc4htFOUWZJPMSCxxbx
-  dN660l/fCGhTb+5AIkfBD34JAoGBALQGNdKWS/ArC4QAilLD3/TEjKpgkRDihD0B
-  Drr1V23eEFjzARXBTh4+Z3wboKYl93hpVpUeh9ZYlOs0lIvnQVcUX+YkHtrriqpY
-  AVjaB7DhSRGkDvhT9NcOVv9CFrVgL31RSqukwlQXj2jpKOBkiU2rx0ACOG4lb2Qz
-  mrAqamrhAoGBAIT2Ao+1cKEyU5Aede8dZpFXrJPYlG6SVEm0Q0UB6I19dluLIGbH
-  8131dUwgzI9Gl5Vt+IKsA/EUHKyEYGCOVgUazxzSGyi1d97BfY0ImVbE6XSI8Jj4
-  lvgR+CSRKpZn24OOuRBXXYb+eC2Gmpzvksu6k6PhIIBzZYRZX8fvyij+
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAtZo86ICLXxuMe7oaETtsx3uaLJvC0AwACxCBGME/byiS7X6a
-  CGyIk753dXrO6kKqBKK1MIr5C7QUBIsJqF9cOVn/kndsxgw3UWBgcM71sNRb67uc
-  4/QhFz49bIWxyfoG4XcF9569VIQ6tvWsrls6pD9LsV3QVhhxqj2HIZXd62LPes9y
-  HONUqWqKO53adsU2pWCaIvbRSQ0mK9fD6QPpeDju69k/e0s12IFIR9SfYralq87w
-  kpZUTgbFgl3wCmel2bzr74cVy7KFtO4q1UUS29C3lKzB7KxccC62vnqTIbaT/4x4
-  Prg6szQW7WNWIHq3tF8Szp8DSkrv/IFNfL+mLwIDAQABAoIBAG6QBN0YxcGVqCX7
-  27r6DvQ0UF0wR58abzxNRAuqO9CVRz7IgUb3rP8mStx/dFIzXAeOd/mh4pY5gKZz
-  b+HOjPtty6eEhfjdnyAwKQcFOZf68ivHAXHXQ/4+qm7TxrZNPrsuF7f2MRavmn+h
-  ewx8BmvRDWhi0WBZaXpYE1ljQMT5T6LWefKUw3W+1hklQFdID/UeGeevOIrdEsla
-  sSSUFFgZ+hJt4eLGO9bDAUBzCqnb8ncsx9q9bQzaja30y+dD/W5+0dLpTb93GCZs
-  sW0bwT8It8yDljkwAQdmFrLHolfU0BL8tNdlpr6agvTy7GzIhQy6idHQKPO/P0L5
-  IRhsH6ECgYEA7ujdm+OVPpXU5YgvRchS0xmnRn7tT+TIt5nFNYEz9AdStCpv09jS
-  cqFSEWpGZLNNjebtWDFnoA3sFcMHa3jOc8L8BC86MEIWjro8udX8Zl9i7bgxuAEO
-  si6grxW1D0ehDIAuxyjU8E/MpqNQs5y+IErNbL+VNPZDUkdfZ++yJ50CgYEAwpfp
-  LtXdWyyKgZEY9KLlNxaApA+QD6kQA959qZaq0RlyV4W+L+jx2t8cyZC3F59G1ECW
-  WqkPPb6N2dvpdXpSW6yulDqYf7+ge+9/hoslXtWFsHizylHSapZNs7tc87mzi0wO
-  7fXRPCSfGBxaVOh2Y2IT4MAbujvaUz3XxzS8CTsCgYEA1i3bZkK77HSkfPX+8z9o
-  ySmJZdCqbWJ8cuSfAJ2I9u+NvEkDIdeSqwNmsIgm/WYlU96/zr3T2ZBBoyzJvRZ7
-  dxpJlnLEZrkIwgHCKRPmh9xhsx3bLMt94k2c7fm27TDY93z+8rrvU1Um8gkdczhE
-  1mxZB3IlkGpp5hxoMqSXgZ0CgYEAkD3QoGHw8ftjM8WdLQFuTNZGRtYuYB1efK+4
-  kDPZrKNjKVM+9f6DAE1v5k16Gm17MCwsB0nXvVn5herH88fXMpMe2UtR7SfbSuLt
-  sYqFCfXWYkgmZSsfgNinAjo5HYSifPfE/UjAbwdqUpH5t4SU9Pgnaeqc4wAoxplJ
-  0CTb2S8CgYEA0y9WvO/aWbhHc+hJ91FKxSqrsSBYYCx3fk+zjbQhelWbPVmfLjKJ
-  GEaZFkSn+UxpZCpKWgUj9lB2Nb8weB44LH0PcEC8lq92a97dQlojbswQBpQ9OtL+
-  I/NKoOa0/4usBPfc660PzfbryKi0pxPcldHxvHhxRhHQbFa/+JJS/0o=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA2QMshmozIyox5SePE0uRtcXIFpMUUJafhdTgbdQQyF5fovqT
-  l7rqVWz+dg2zHltY9H04Bu5xfDNvG/RkuN1J+VE50hqZm+0OO4rlm5hvb2bB140K
-  UrvviazH7ppX9yCg+s9JqZqlSrmIUJue41BgkDA/0uPeDBGJT5AI5GxpqUCLgGZH
-  beP/5nMDzErIKuV6aSQimApf0iYG1kFV/kw4duG84Yd7obpa9baGpVIcN0aTJi1Q
-  6c7QgeAjE71HRJr8Bhp+DP2B1eJz6tKl8ZrUZLAeWDFPKqyQx7vIcR199FxK+ncD
-  +0CtW+jV4kDZFLdDZROot1Yy+ZpSgqxQQe5IPwIDAQABAoIBAE0flqRSe8gEh+Tz
-  sSJfWfJqzthO/wpA7YKHjBccJba/62clfGyRDhS7/pb/+WdReYSyN8Ym2YgVU2hw
-  65bTdiW32z+zGmJS1hsNGtq4Suohb8RmKIQMrG2WTRucGKUIII3iO0CeaB3tX+ed
-  1tLcTuUPcK9HMjPBy7XN74sWiFqQoTi0WDvYzbx72qn199gdgEiuMnBa2j5phCPd
-  N37i7jaDdwGz6yUaXcAmb64DIcx59TVCtA411sAs06UaytDLYp5rFDiZOrZbzWQz
-  r+XX7MAI1XQj33EKR3mEYWDYUak4Qs9enAtNXAvU/NYpZj3wMB9/tiK0Gp+T68e9
-  0RbOs3ECgYEA7g9kjVCgjBJjaQ28dur2KbIqYyyAdBnny6Uc05rnKWLBMFAvG0Ov
-  JhzlJhFMjEEGLd7RzGr5/fsaITK6VAIdcXPqcuPmJO9ffSPQ6z2Houe2gWB1laCr
-  41cIGa7pDprgxrvIsAMLBH4Waxb4qPGO4B0nYVfJoEKKwT58zL+u7HcCgYEA6V27
-  jwxK2q60rqbaAY+3po4rmnBky90h/QJ1Vf40GizOanWuRpIELz8lPke7kg35Pa93
-  /iNL3s29B4St4L5qd3svoUBPoqJcA2gKWz+flF3zc98LCDdckhiQTXXlIz1HjI7y
-  QtiSbxf/t1u6XKjfwZRQlw5dPZzGQxakTIMYnHkCgYEAzglSfKAoo7KSiWzTDZUk
-  AkhqOTVd4548KNu5jEcIBKCtFXSAoLc+0ty1UvIr70Oj5nVv3N1FipUWM19lNqox
-  82xgoJkwKg1m9rbV7ZNuXgbvxR/IBP1vZy5/G0NwACz5l+cUtYmcsoGyQ3M5OXb/
-  smZpG+3P2r1cvA2qE8dezNcCgYEArco2MZOv8yeEO0Tauarz07+wzTTCe+fUtf0s
-  sLu8xXl0x2eYP8nh/+WAsN7u2xg48y1HqSVUDTseeQjgDK0B0LUWhXnFVJKg/5Bt
-  lgLNrspA0ZvbNWU1NT/Bx03zNMkgDZcu54UtmDpBH6XaJcNFz33KfpQd8BJeu/uS
-  o8BFhdECgYBb/qPHdOacADtJzJLbGMVAUzNM9DfTJSYJ++YY1JrRXTmntcWhcLDa
-  IMMXbKEjmlHQJNsrF6pJA2oPVvZOl6zDm5idqbjhhLVQ8Ygr3+ry2nhHD1wP7MZY
-  tthDbN7UbDQwdMclmT6NIywF5bKhKzLSu0Xx0pYAc1JsPjJSY7L6BA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAqNR+5Qxl9CteuzT3zLZr5MF2jur+iorkdXIeeX3qnh3OWDX2
-  dfLZE0+NbcS5UkkHoOWlutLBb+fjva2p7Z9lret9fvG6VMhwgLPt8nWzvHafLz4C
-  TjzDkd/rX0cOUnnhJ7f4pR6d5GBTyUB7uoTs/EUYQT3ap9f0J3a8hXdJ//wLn5Eh
-  xZjf5cWI9cn3qMOxERVbB9aYLAEGIlpJtDWoYsC+qKyoucf1c+wHH/2m7WhIhi5k
-  7boNxvhPsjYN1poY94xwwzV/5Z7reFIVQgDBTo3HPfzOceY2v/tZjcWkGFxnYSuC
-  wdcWoyafrnnYf/J83nddfh/UeaSwOaSHOd5BiwIDAQABAoIBAFJVDmz01uN0IwZ4
-  lj+m1ocAMakQwIEfqrn7pRDqbvgc4PvzlPWAMIxSR044mYefRbEZTPEGxn6kP1PI
-  1Q2kphlithiqGYwvE24wUOHktHo7/vUy8DznNRh2cnpMVJe0CDEubntXqvgsYa/L
-  WotjN47uwx1N5MvlbJOyO816lwPWQyRE6+603o5PHzPBcxhhJP7jKG0mjcVdLRhs
-  b2OmbFjU2ukBGlohXY5aODIamLpqlykfQZnXAcFJpGkREEAwcdm9p+CZJyrksm+G
-  vEsLLAJnXkAfvOVUYtzAa62TN1Zkm0YMaDZKJhynchTPItwSnFO935RWMlriuq4j
-  p5smdEECgYEAwTFtGMPsA5by5gj0zDi+nvd/1dS5CI5pjWU+QUjWBRgI4YRVLLj3
-  3t75EGoodcOTAmbLDnPlLu7on5JxfctBUg1GpicS+S2wa5Kf45tT2+vkU6LF1gSj
-  u+YRpr4W5HvV3v/wWuE7eGDlGtI3CUT0HkEY1FcnUhr9IR2HH2QqKPUCgYEA37dy
-  qOvhrzvwEbJShQHEoIy8Gh6NzlGRr0pEBTb5POXYtPsbKHscqpvvg9gX4HJH9vQ1
-  8oCOGOXwf9mezxbPweY9UeWgYaXUgSUgQMJ9jGXGWLJdHzf/tPZ3YErKEkMJwWPL
-  /aCCRXQQ1AeBWrUFvFAimCEX2tsOrvNfjehuMH8CgYEAoOrGcGZg4+yLjcfP/3sU
-  a9zDghyZsuLMUJYP8Nj2S2/lldJgD8xRyjX3RxDlepHYlZuBbxxhvWIKKUAVgC4Y
-  znt4aVUKnLrNxAxxWWg7xWcK3A8sskNTDmNoOHcFInNzhTexwEDzBCXRLzIB3Zqt
-  q7WVNOkTO3R3e2nY7vDDnTECgYAMuBNOw0preg7mEqtaYIVbU2UGXyJUzpJn0uMX
-  IM7+xVqSv4wFuyogEQmHB2wkGJs60RuYE/MAO2J3AlpjD7r0HTDzTQjXRGRWi1PQ
-  Gr6kksy6Ejn1ImvpT/HtiZL/gsw1MIVSgCOn6zdhtqOGErCmyi+NUqRWjwnArJmM
-  KeDJ5QKBgDBl0QzQKorYwt3NxpfJ+corhz+DZB+8e1QdJoVxnEsASn5Y9chBxZ4b
-  wgignZcb0Z8PSRNN5qRabMsW+AvAUzuy+srphC2gWnDPFk+xuV9WTX/fkLDN5RNU
-  VuOYfgwdf6Q98pbOFJoZQaXc0yL5Vx51KL+7tAPJQ1uftqIs5VHe
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA2fOUrylm9r2x7Fd+bGo8GBAXHLd5fjaIqbpabrso8ZyOPyqc
-  M1gvdA+1VGaTF5oHCe6sjZ6Eae0OyWSVaHVL52n1OQBnUywFpbiWbt35yvVZyISi
-  p96wV2aL5cWqkrUnayOvm466cpV4B8fPHSSEmPCKd+8hZ2RdFutiWz0t0Zcs4Gxu
-  aKsewoiw8Pta9PSia3SUTDr8LYULzJgh5iyQmp1CvtgvlkayjHTHJPKBoVyhC+1X
-  xMHu8W8Qthnj2jTk9EiHoreijmCYdJXhVcK0smglrkcteKEXLj06k1k+Wr/9Ot4+
-  0Rg/NVR8g9pcQ9tnuJcbD34EqELoAJ7A7QhMZQIDAQABAoIBAQCHmVpaGEItJRw7
-  VLwdK4Mz3V7jyOrXsYoZPw3gcqUonSSK/DGuaCEt7k/8sMy3FGdosIu+mG79kDVw
-  6xlhogiVc4DT9AJU5sCkuFEvrP8qXLd9X7frBUtlNTG4xOA44mgh6lPpTkWF4KSL
-  Aq9DDGNK2+zqbWa08uZPyiapaUjGakcHOtF4luxOcH/+DrwZ83N+SlUL5yNd/E23
-  JwDbyFoV9eRSLI6kCcFI9itCPdYsLdzy+lTs3kj+s24D1qymJxmFBbviM1JRZ2Js
-  AF+VH8FSfeZRoEQeHlLppaqx68a+USeFDHgX8++1b5qS0fgEqpy/RrLHNyjxH/go
-  woUUkkZBAoGBANr7Pf6blBCajrB1yCqa9tNfIcLuMYaEdRP5aGu5i3OfrnPI6VpS
-  kKGYQ35WaNRvNeyfpGVvO5IaX5luqgr+3DBFLuuHPds3041xo6wPazl9ZkJ7NCqY
-  uVgtjZWcAP0+1J2fSbCnzC2T1qVBa2zai3qeC1We6AouDFJbhEnVIBPdAoGBAP7L
-  xFaKRYxe68jc2fHzjddgBGQOlmd5+cGut110PAR3iUuzo4+oPX957aAzehDJGVMQ
-  KJmvwIPccdiABu4cVKblRpVW6b8SLgmlisDf1JJPeEuNJGETMqrZTbwzA0OlHjr9
-  fMpOioReRzSHyEkjzh2JbY8H34yNKymDCCuufrYpAoGAGXbf5ayn0ip271Qy+6lb
-  jIbigS17ut3KU5FMMEK6Ua6+9Z3mbOdvBCuVpapctF9eUO7biiQeNEY22bvBsFek
-  uURCSYdHjSd3xVnyo36DhILtkkuLbGyoGPXrIfurLcfRp6avRgitOJuZeUwbNuRP
-  Feos/T7mUtC6BBW6U2+iNE0CgYEA9CSyDC5P9/IYQg6E85bpad9CNdHYgmxZSiIs
-  52px++HCd/w4lHWj/9sIO8I3i4/2KSZJkQHcGT2JBOegPFZ/MrBs0rpGHeTAolOy
-  QZ/4Iv3tCY/DtRTdLuIr31KOJSo5blLoWT2q8q0X05jr7FFXteuyRCRKK3Y1ToCU
-  uq5oEgkCgYEAjDbIH6QZlOT6gUAOfUX1twK0IaUImUO0Ft/sstM0oYS0cbcowZG+
-  qIY5RMqTeNJos0swddZURJAvrsMEzyNf6iPZ2AW+BxPdKZAAxnNWrYk+YCQxdouE
-  ahGDDKgwAf8kvNAPhC+z54y2LBmT2TDPczQhdw4FjyaGKecDc1kTZHI=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA2oXxxCmKFaYBn5mm0SjRmVJuGNidJ+VEFgF77PmeOFufmKsK
-  BoGGyM3QerWONhovmPPfaTGYobtvOoGYq25wZoD72r/S2GKX9x+elCNxRzxLYxce
-  z+7LZJ6EfcfPD0N+Flz+Y5gASUKo/NHPoHRLtH2kCHriUluJcO5JNN0tpVbMJQqm
-  fmmHAGN7MmoPTZu28t02nzIgCmnt/m5Gt3jFbpe2bz0FLv4m3FuyDNwrQGiLrTHd
-  CUxH1py+g33h99fFiQ9I1Alszf00jlQmJPXr0hG7kZLhiHbHhrupQKdVlHKLA+5n
-  EJhKHUwrSMDodsYDeZc9P1VsFF8mMS8LPdZo0wIDAQABAoIBAQCUDT/5+XLWq/xZ
-  l46QEym+yTxSlSAU0Z5JkoPV0GFEKb99fhRyx/r7vYXMPYm2WhN5e3EYIkQY/5ai
-  ev9m1pJMwILieChv9oyjH8ce8sxiyRUCc72qf01KRKPbXC6LVtzsZeDstSUsfX9k
-  mvoi6egIxz8Fh8wipGYAH1F2AYxVgbKN3Q3R/YrKDj1aNpU5EfrF7mbefb+NtUym
-  p5E9hqj5K40vZcrr95MIfcJslgZicT31B2Cyh44pk06hd/o1T78/6tm4dXmLfYSq
-  j7HAhJVCVCkFXFPvuOKcDVn123IP8/eP9sJcvtxGYs0qoCV8eMBDfRNv520YHY7K
-  n6+HOfixAoGBAPDfUJfU5Dg1JJYDYYAHAhkVxeSnBQc3LxeDmhAQ2wgHkSuEJL2E
-  KjF8F5ZQYmBeDiwHkk5hqfUxQBhaP4VsiE2De0NYMcfFY4O5mjQbl506i36ggMoZ
-  C4Ldoi3L/0I/AvKDqVrn6VNMhSb5NTogXSTtu12SewOeXSYOvaIScniXAoGBAOg/
-  TmfTUwcwTCu9R8ajXyTPxBikxM9r/N46mZclx98NCNXUcTp0QqaD25MOobIc5ets
-  oRqeaGYI2sM2/Czj/uX+t3hHal2ATDORscqNnZodYTRF62urQp6V45v6Svl/BzJc
-  GFcCc3s1GkARVvvPk37HpqccJUAGO+R7bNISyT0lAoGAQeRVH7PVWqru/zqdiXBh
-  WotiP1KRRZALCduuYYa65E9tnwHfKxjkkfToXu5Oex4/sjvAAkElRTXb2s2VYuJ1
-  xv6Y0atmsseEmZxEWszRhOlnD5TIpoCDbaFDpFOR2IV0QPNTeNLIOUlNg4PY07XW
-  xStjfg18KVlBEhAmQBfbyLECgYA/PB1o/4z3xBq5Pgww9YKOT1OhMhu0Lj7ncyUm
-  lk7ZWH8zWWiK9eS/2d8LJ0y3Zk7jzuv+h2r9fSOzS2FWB637iWMDCM7ZLnmRAPZb
-  pDtpHt68kN0Mr9CvxTf33CpVzFR1TcYCytQOk+LV1uLMJTSPrGSf03YA/LGKAGEc
-  waixUQKBgQDG+hdGkQKZzO0E1PVEfX44/ThP9KKMxD0vLGdC+GupDK53Wpr9f7Px
-  3h5B1Qd+xhbS/0mGbytrBXcTfC+XcQrs4pvZJOcKRwdXIE+NQMTcxNsOBUybryQ6
-  XbZWIfZqCkTN+VNTFOEayzs3EEl41eNsH6xMiTghsoacT8ObXMWjsA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAr4QQ1HCNZYgb8+quNvCLfdrW8TwaT/4FOVNBM5zy7/tdnAfV
-  tWn3UQx1GdAqejtdz+wY1fb9aRhAr+yzP/mtsTiZn0noDh0f6T5WrYJHeOCFGSj3
-  YkIohx3t/y8Guo6+kLOgfgmeMwEDVWgSYiEIc1d3tm6YzK8QrISp9WSrPyWdbXze
-  NilPKJgxRePofPd2oPWeIHrkDVn8uPbkeXf+0hLlpbjtwc+WavdmCQ+Z3vjkBnvY
-  PMq0wKp1+VMXDl9rbMv6QXiHJO69S5fWkyev9YY74giekZ2AUNPQwXeDKnf32spm
-  Jr+nfe/UDhfQkl6NQS7HlzGKpcTBh8TG24kPzwIDAQABAoIBAEI4G3lrNY22+oTe
-  Z/hGbPqA1FOTj4HanvHv3UuxzV6JgdnaguC9KBgmERA6H6yaNVy7AOvJEfbStaUq
-  Mr7SXpvcdOlKIwkgJ+gCIwW3f2u1mcHSWPNzboL74c1DWtCMBo3ll4m16z/nA/D3
-  IOhw+hU6TOpBc9jVu/661rzEzG84C+aU9ZzQiao2ohyAzB+b3A1bXFNdtkAOfLff
-  aZsGs3aIM21PZ9lh9W9vjl80B2zL4yPLrrqSdDg4pEM+cJ36fwnn6ScJ7Xyzxt3W
-  DoiTKnTNl+85LvmDsE63JsT2vszQZgvLSW3fDfkMXgV90cwiYo/+fTr8bYp7S5Ck
-  eTBGUJECgYEA1eV1cWLiWmU6UJM5yifHG9J4LE3uDGOVDTTvN85pMDTB7KligfU9
-  2s1IlR0wBCBse0Q3zJhgdV/p0jrbctXFOrucySrrBZZyqmlUZlFizDZxGuYPivo8
-  tVbxAl4kthe2/R2Kx2BFsZSceFIBVi+oEHd1oVWxm9qlZgAzGKLVyB0CgYEA0hCP
-  zI5M/2DHILZHYZr9/7mPtiCNh5zMkYXvBJXZys/4DrEPKA76exlwI15boj4m3O2Y
-  0HWK/22KXJiblxasPHMTCkCzb45DtsM8IAgadfVgKca5TA1MG8U72fZD1RdmhcjP
-  VaBZk5gBg25wOrZTWyft0LM/HVVP35lga6QSK9sCgYAZ9o9J4xncpRrt+uDx4+As
-  RWDm59K0WEYYY0uCN6DXBCBh7LGTWsRWUcK0ruVMKu9gCwjG4dwbgzfrl89ZYg9d
-  sLY4SOhcNkXW35AqF0jpxtX10OUkFnnV/SamBe1o2PoSQUq+JrZu9r4DcNjOsFwz
-  G30Ax1kWtPSMrAuHuwQ+FQKBgCz15IFIt8w1H4mt2etXLCQuyEaYAxLSiapf+z+E
-  /z98ccBbPz44rn3ofOrlCEHagaDprbp4Xg67mFCnTS3yaVzq2Flqbb1jurSEZvsI
-  IPm8Uh++6+wOMIsFFQFaxzv1rTjXOSE/l8ySTUifO6AlZAPvsOPpaYnSt6zI/C0t
-  ycHfAoGBAIRiNUaTSllFE262LJ+AWNZ/Vw7ATQnfr+GEka7BOKFamd9UbrvOhslm
-  0FfigHN4RDZIbXm6b3pskUo1myanF0JE5a48zbiTAjP9ikCE/ir40dYrPXxBJLGj
-  9MV/kcx9P5rOEA/6lVruoZAql7GRXEgzOcDR8KzKhox1tKEh+ZIQ
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYLno3h6ZpjdFECNuc/L
-  /I2Vyr1IF3OP4YOZCg/rhactiINJVD61zacxnm9GLgKBCrsMHuesRxRxuI9LJ1gU
-  kkcvaP3jHpdB6XWK3QdVzCmW9BiQoWE1ocmF9EYrZz9bFFBwz7A2AcgT5q6SCANz
-  xXjMvWp0ulsqEFrXUhYYie5Mizj4PjrBVHt2v2zk/fXsQE6+m4zM1296q1yM2UjB
-  mk3ShVIDYaN4qodCfURjuIIxUcQzJ/JkEp1C5p3Euq2UVjrkI9XwmdXal/x+3lCC
-  NlLy7yEX1c8haBupgDzbgx0X2K+BEOXeClxtrC1N6GY1voINwvD4g1IfjpM5md3Z
-  nwIDAQAB
-  -----END PUBLIC KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PublicKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAzYLno3h6ZpjdFECNuc/L/I2Vyr1IF3OP4YOZCg/rhactiINJ
-  VD61zacxnm9GLgKBCrsMHuesRxRxuI9LJ1gUkkcvaP3jHpdB6XWK3QdVzCmW9BiQ
-  oWE1ocmF9EYrZz9bFFBwz7A2AcgT5q6SCANzxXjMvWp0ulsqEFrXUhYYie5Mizj4
-  PjrBVHt2v2zk/fXsQE6+m4zM1296q1yM2UjBmk3ShVIDYaN4qodCfURjuIIxUcQz
-  J/JkEp1C5p3Euq2UVjrkI9XwmdXal/x+3lCCNlLy7yEX1c8haBupgDzbgx0X2K+B
-  EOXeClxtrC1N6GY1voINwvD4g1IfjpM5md3ZnwIDAQABAoIBACRw8uwsv9+TeZhO
-  vhLVwwEchhQ2LiNibX/6mteK7SN8+nj7drRGjmxSGl1Ss+oSrZkeg86zG/xaprOo
-  TRZD6xnpH4IJiw1wmtJv8lixJUiXk1njRTooh58RofwnuSiMtnTKssZRI7J7LPQ5
-  vlFHc27vtbZcuygUZEgUI5w9qMpEMtBlnEQ4WZLwgEJan66EzPyH7gekbwKNdRa/
-  snnLsjao8YAcj0FV/C6NUgg6QsVax7dyVvf42tGEzF0sOWzyg2LrRstfYVfq1ysR
-  rdzj0XDrimgJyJz6pT6eVk4SfpelbjXbu0Td91vAvlRJxDh2AaVTfeh8FXcYDQcS
-  bSlOh0ECgYEA7TLvb2VjEjViLZEBFD9Gzh7R45wxaMNuCAXMhClwFHEx3Xni9Gr7
-  YlDtU77FDEREoigpJvBYAZT/LB286mgpzC5tQHQNvuVRLRNEAsuQYLIlttOJ9nAc
-  WvOCWhLhYkTx8kuf/oUZjBxonx1xP8DFfBC6NUhHJSSkHxcRoS6nDOECgYEA3cz8
-  7MCvYBjGV4woUUgL+y90vITG5ojhtjo4OJbck0pkRnDgXjRVLjIXktlHQW72n77U
-  VhLoEFuoOZdds1O6S+bkF+XWaL/QrR+4fHUNIyb416oXokAns19ZmpTWfcy9gtZ8
-  HEvBH9HMBUFM3QC90sjflnsEGhnwBTNLT4InNn8CgYEAwyDIubIFKyCBUIzd/2MC
-  g2P1NDH0r4M9jBoBIaPZEOgBpnmzi3BKtplucxsXjLzIXUF+gQrsyvhgZlFcbNUd
-  tVtoAsK14BlTiyozI72EWxeSUPF6qCGYIfX6gNDRWn7vLmyqBL5HwuxH4MVeuZyC
-  mUpFdLmt1U9sOCtJFHiFceECgYBzdtQwV7q0dxFB4CfY8H20PKczwJdeyeFeoP5F
-  j1uynaaH+RkEUZAKZW9aNhxfFunyjUAystL2ORDhMkhII403GDKjsjWlAD4c8gdz
-  WugE5bPjaZu2DlncigW2cEcc5Cm/4/JmNJWMAAaKsczWvB0Vjxa+Wrnu8JO/0U0i
-  Teol9wKBgEATKPVMWxl2pIFL3J5P4UkvgnDlq37jSWUprzno+lkklNp+pXCtBUjC
-  CDj5eHZmcaNrjDX50/8h2MHLTUbz7C9/uX3nvO29wnwAq9UECoq65KJ+iEvesxnj
-  vludCtRrExmMr015lv0cXcSc7EHkIqK1rg1MLhBxdWpzuD8O8aJU
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PrivateKey/v1
diff --git a/site/seaworthy/secrets/certificates/ingress.yaml b/site/seaworthy/secrets/certificates/ingress.yaml
deleted file mode 100644
index b799fdb9f..000000000
--- a/site/seaworthy/secrets/certificates/ingress.yaml
+++ /dev/null
@@ -1,135 +0,0 @@
----
-# Example manifest for ingress cert.
-# NEWSITE-CHANGEME: must be replaced with proper/valid set,
-# self-signed certs are not supported.
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: ingress-crt
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-crt-site
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
-  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
-  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
-  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
-  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
-  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
-  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
-  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
-  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
-  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
-  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
-  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
-  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
-  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
-  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
-  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
-  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
-  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
-  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
-  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
-  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
-  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
-  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
-  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
-  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
-  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
-  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
-  -----END CERTIFICATE-----
-...
----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: ingress-ca
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-ca-site
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
-  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
-  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
-  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
-  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
-  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
-  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
-  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
-  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
-  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
-  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
-  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
-  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
-  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
-  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
-  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
-  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
-  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
-  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
-  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
-  +g==
-  -----END CERTIFICATE-----
-...
----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: site
-  name: ingress-key
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-key-site
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
-  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
-  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
-  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
-  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
-  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
-  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
-  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
-  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
-  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
-  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
-  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
-  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
-  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
-  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
-  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
-  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
-  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
-  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
-  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
-  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
-  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
-  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
-  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
-  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
-  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
-  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
-  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
-  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
-  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
-  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
-  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
-  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
-  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
-  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
-  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
-  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
-  -----END RSA PRIVATE KEY-----
-...
diff --git a/site/seaworthy/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/seaworthy/secrets/passphrases/apiserver-encryption-key-key1.yaml
deleted file mode 100644
index e21876e35..000000000
--- a/site/seaworthy/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: apiserver-encryption-key-key1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
-# use head -c 32 /dev/urandom | base64
-data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
-...
diff --git a/site/seaworthy/secrets/passphrases/ceph_fsid.yaml b/site/seaworthy/secrets/passphrases/ceph_fsid.yaml
deleted file mode 100644
index 720150288..000000000
--- a/site/seaworthy/secrets/passphrases/ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 7b7576f4-3358-4668-9112-100440079807
-...
diff --git a/site/seaworthy/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ceph_swift_keystone_password.yaml
deleted file mode 100644
index 9a9af1f2c..000000000
--- a/site/seaworthy/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_swift_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ipmi_admin_password.yaml b/site/seaworthy/secrets/passphrases/ipmi_admin_password.yaml
deleted file mode 100644
index 6ab430ed8..000000000
--- a/site/seaworthy/secrets/passphrases/ipmi_admin_password.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    name: ipmi-admin-password-site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/maas-region-key.yaml b/site/seaworthy/secrets/passphrases/maas-region-key.yaml
deleted file mode 100644
index 73d4a6970..000000000
--- a/site/seaworthy/secrets/passphrases/maas-region-key.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-region-key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# openssl rand -hex 10
-data: 9026f6048d6a017dc913
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_barbican_oslo_db_password.yaml
deleted file mode 100644
index c5f866c85..000000000
--- a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
deleted file mode 100644
index bb19957a1..000000000
--- a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
deleted file mode 100644
index 9bf0217bf..000000000
--- a/site/seaworthy/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_barbican_password.yaml b/site/seaworthy/secrets/passphrases/osh_barbican_password.yaml
deleted file mode 100644
index 51221924c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_barbican_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 32f8dae0f..000000000
--- a/site/seaworthy/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_cinder_oslo_db_password.yaml
deleted file mode 100644
index b22f898b6..000000000
--- a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 040e65769..000000000
--- a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
deleted file mode 100644
index 5d76ba793..000000000
--- a/site/seaworthy/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_cinder_password.yaml b/site/seaworthy/secrets/passphrases/osh_cinder_password.yaml
deleted file mode 100644
index 26565dbe3..000000000
--- a/site/seaworthy/secrets/passphrases/osh_cinder_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index b1ac8ffdc..000000000
--- a/site/seaworthy/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_glance_oslo_db_password.yaml
deleted file mode 100644
index 073906900..000000000
--- a/site/seaworthy/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 57db7521f..000000000
--- a/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
deleted file mode 100644
index d103c2780..000000000
--- a/site/seaworthy/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_glance_password.yaml b/site/seaworthy/secrets/passphrases/osh_glance_password.yaml
deleted file mode 100644
index 93ae0f24b..000000000
--- a/site/seaworthy/secrets/passphrases/osh_glance_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 496fae3f6..000000000
--- a/site/seaworthy/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_oslo_db_password.yaml
deleted file mode 100644
index 3352d4ce9..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 074e688f5..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
deleted file mode 100644
index 39f132713..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_password.yaml
deleted file mode 100644
index 5777ebbf8..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 74e2a9906..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_stack_user_password.yaml
deleted file mode 100644
index 36db28bc2..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_stack_user_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_heat_trustee_password.yaml b/site/seaworthy/secrets/passphrases/osh_heat_trustee_password.yaml
deleted file mode 100644
index 58129ef5d..000000000
--- a/site/seaworthy/secrets/passphrases/osh_heat_trustee_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_trustee_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_horizon_oslo_db_password.yaml
deleted file mode 100644
index 7c78d4572..000000000
--- a/site/seaworthy/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_horizon_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
deleted file mode 100644
index 78c265edc..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_elasticsearch_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_grafana_admin_password.yaml
deleted file mode 100644
index 9232de761..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
deleted file mode 100644
index 6d5f49e5b..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
deleted file mode 100644
index bd4e57399..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_session_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_nagios_admin_password.yaml
deleted file mode 100644
index 52dbe16a0..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_nagios_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
deleted file mode 100644
index 64f78e1a4..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_openstack_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
deleted file mode 100644
index 9c68e9d5c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
deleted file mode 100644
index f134f46a9..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
deleted file mode 100644
index b3df5f659..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_prometheus_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
deleted file mode 100644
index 9f64719a0..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_access_key
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
deleted file mode 100644
index 3e06f913a..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: admin_secret_key
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
deleted file mode 100644
index 97c7d2312..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_access_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_access_key
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
deleted file mode 100644
index 60f0134e0..000000000
--- a/site/seaworthy/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: elastic_secret_key
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_admin_password.yaml
deleted file mode 100644
index 6c3f44695..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_ldap_password.yaml
deleted file mode 100644
index 2edf0f22c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_oslo_db_password.yaml
deleted file mode 100644
index 07b2206ab..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
deleted file mode 100644
index aec85c07c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
deleted file mode 100644
index be716f432..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index ee7e4bd25..000000000
--- a/site/seaworthy/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_neutron_oslo_db_password.yaml
deleted file mode 100644
index 4d0b15749..000000000
--- a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 4ac42c9b0..000000000
--- a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
deleted file mode 100644
index 6be02b9ce..000000000
--- a/site/seaworthy/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_neutron_password.yaml b/site/seaworthy/secrets/passphrases/osh_neutron_password.yaml
deleted file mode 100644
index dd0b2b68b..000000000
--- a/site/seaworthy/secrets/passphrases/osh_neutron_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 9e8ff8deb..000000000
--- a/site/seaworthy/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/seaworthy/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
deleted file mode 100644
index 37d5c627c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_metadata_proxy_shared_secret
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/osh_nova_oslo_db_password.yaml
deleted file mode 100644
index 2cd60f567..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
deleted file mode 100644
index 487bcc57f..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
deleted file mode 100644
index 13569ba02..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_password.yaml b/site/seaworthy/secrets/passphrases/osh_nova_password.yaml
deleted file mode 100644
index 4c2223d36..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 7a885e683..000000000
--- a/site/seaworthy/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/seaworthy/secrets/passphrases/osh_oslo_cache_secret_key.yaml
deleted file mode 100644
index 11747a726..000000000
--- a/site/seaworthy/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_cache_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_oslo_db_admin_password.yaml
deleted file mode 100644
index 48df9ee54..000000000
--- a/site/seaworthy/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/seaworthy/secrets/passphrases/osh_oslo_db_exporter_password.yaml
deleted file mode 100644
index 61b4144ad..000000000
--- a/site/seaworthy/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/seaworthy/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
deleted file mode 100644
index e7d97e27c..000000000
--- a/site/seaworthy/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_placement_password.yaml b/site/seaworthy/secrets/passphrases/osh_placement_password.yaml
deleted file mode 100644
index c72b59ac0..000000000
--- a/site/seaworthy/secrets/passphrases/osh_placement_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_placement_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index a3b5a2b69..000000000
--- a/site/seaworthy/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/osh_tempest_password.yaml b/site/seaworthy/secrets/passphrases/osh_tempest_password.yaml
deleted file mode 100644
index af90ec05b..000000000
--- a/site/seaworthy/secrets/passphrases/osh_tempest_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_tempest_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/tenant_ceph_fsid.yaml b/site/seaworthy/secrets/passphrases/tenant_ceph_fsid.yaml
deleted file mode 100644
index 18bd48556..000000000
--- a/site/seaworthy/secrets/passphrases/tenant_ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant_ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# uuidgen
-data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
-...
diff --git a/site/seaworthy/secrets/passphrases/ubuntu_crypt_password.yaml b/site/seaworthy/secrets/passphrases/ubuntu_crypt_password.yaml
deleted file mode 100644
index 4d6046803..000000000
--- a/site/seaworthy/secrets/passphrases/ubuntu_crypt_password.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ubuntu_crypt_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# Pass: password123
-data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
deleted file mode 100644
index 33c4125ef..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/seaworthy/secrets/passphrases/ucp_airflow_postgres_password.yaml
deleted file mode 100644
index 8a1d64884..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_armada_keystone_password.yaml
deleted file mode 100644
index 866efcce2..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_armada_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_barbican_keystone_password.yaml
deleted file mode 100644
index cb2da2244..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
deleted file mode 100644
index 95a76ed17..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_deckhand_keystone_password.yaml
deleted file mode 100644
index 5ee27f2a8..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/seaworthy/secrets/passphrases/ucp_deckhand_postgres_password.yaml
deleted file mode 100644
index e63319b71..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_drydock_keystone_password.yaml
deleted file mode 100644
index b8083b519..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/seaworthy/secrets/passphrases/ucp_drydock_postgres_password.yaml
deleted file mode 100644
index 2eff5255c..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/seaworthy/secrets/passphrases/ucp_keystone_admin_password.yaml
deleted file mode 100644
index 91f74fdc0..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/seaworthy/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
deleted file mode 100644
index a9cb15317..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_maas_admin_password.yaml b/site/seaworthy/secrets/passphrases/ucp_maas_admin_password.yaml
deleted file mode 100644
index 402c1299b..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_maas_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/seaworthy/secrets/passphrases/ucp_maas_postgres_password.yaml
deleted file mode 100644
index 96ec5745c..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
deleted file mode 100644
index b513af431..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_openstack_exporter_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/seaworthy/secrets/passphrases/ucp_oslo_db_admin_password.yaml
deleted file mode 100644
index b3c132542..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/seaworthy/secrets/passphrases/ucp_oslo_messaging_password.yaml
deleted file mode 100644
index 95d6c0e3c..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/seaworthy/secrets/passphrases/ucp_postgres_admin_password.yaml
deleted file mode 100644
index 546de05ba..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/seaworthy/secrets/passphrases/ucp_postgres_exporter_password.yaml
deleted file mode 100644
index abdaa5bc4..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/seaworthy/secrets/passphrases/ucp_postgres_replication_password.yaml
deleted file mode 100644
index 2176e714f..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_promenade_keystone_password.yaml
deleted file mode 100644
index ac40d1ec5..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_promenade_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/seaworthy/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 6a2aef93e..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/seaworthy/secrets/passphrases/ucp_shipyard_keystone_password.yaml
deleted file mode 100644
index 181a52a84..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/seaworthy/secrets/passphrases/ucp_shipyard_postgres_password.yaml
deleted file mode 100644
index de0eed714..000000000
--- a/site/seaworthy/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/site/seaworthy/site-definition.yaml b/site/seaworthy/site-definition.yaml
deleted file mode 100644
index 58fd705d7..000000000
--- a/site/seaworthy/site-definition.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# High-level pegleg site definition file
-schema: pegleg/SiteDefinition/v1
-metadata:
-  schema: metadata/Document/v1
-  layeringDefinition:
-    abstract: false
-    layer: site
-  # NEWSITE-CHANGEME: Replace with the site name
-  name: seaworthy
-  storagePolicy: cleartext
-data:
-  # The type layer this site will delpoy with. Type layer is found in the
-  # type folder.
-  site_type: foundry
-...
diff --git a/site/seaworthy/software/charts/kubernetes/container-networking/etcd.yaml b/site/seaworthy/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index 3e547eb50..000000000
--- a/site/seaworthy/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,159 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which calico etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[2].hostname
-      dest:
-        path: .values.nodes[3].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis hostname - cab23-r720-11
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-11
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-11
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-11-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-11-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - cab23-r720-12
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-12
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-12
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-12-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-12-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - cab23-r720-13
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-13
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-13
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-13-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-13-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-    # master node 3 hostname - cab23-r720-14
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-14
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-14
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-cab23-r720-14-peer
-        path: .
-      dest:
-        path: .values.nodes[3].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-cab23-r720-14-peer
-        path: $
-      dest:
-        path: .values.nodes[3].tls.peer.key
-
-data: {}
-...
diff --git a/site/seaworthy/software/charts/kubernetes/etcd/etcd.yaml b/site/seaworthy/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index b32495ee2..000000000
--- a/site/seaworthy/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,163 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which k8s etcd will run and will need certs. It is assumed
-    # that Airship sites will have 4 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[2].hostname
-      dest:
-        path: .values.nodes[3].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis Exception*
-    # *NOTE: This is an exception in that `genesis` is not the hostname of the
-    # genesis node, but `genesis` is reference here in the certificate names
-    # because of certain Promenade assumptions that may be addressed in the
-    # future. Therefore `genesis` is used instead of `cab23-r720-11` here.
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - cab23-r720-12
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-12
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-12
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-12-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-12-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - cab23-r720-13
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-13
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-13
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-13-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-13-peer
-        path: $
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-    # master node 3 hostname - cab23-r720-14
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-14
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-14
-        path: .
-      dest:
-        path: .values.nodes[3].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-cab23-r720-14-peer
-        path: .
-      dest:
-        path: .values.nodes[3].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-cab23-r720-14-peer
-        path: $
-      dest:
-        path: .values.nodes[3].tls.peer.key
-
-data: {}
-...
diff --git a/site/seaworthy/software/charts/kubernetes/ingress/ingress.yaml b/site/seaworthy/software/charts/kubernetes/ingress/ingress.yaml
deleted file mode 100644
index be619535e..000000000
--- a/site/seaworthy/software/charts/kubernetes/ingress/ingress.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# The purpose of this file is to define the environment-specific public-facing
-# VIP for the ingress controller
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-kube-system
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      ingress: kube-system
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .vip.ingress_vip
-      dest:
-        path: .values.network.vip.addr
-data:
-  values:
-    network:
-      ingress:
-        disable-ipv6: "true"
-      vip:
-        manage: true
-...
diff --git a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml b/site/seaworthy/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
deleted file mode 100644
index 6d379e82f..000000000
--- a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: elasticsearch
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: elasticsearch-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml b/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml
deleted file mode 100644
index b0f5a615c..000000000
--- a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentbit.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentbit
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: fluentbit-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentd.yaml b/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentd.yaml
deleted file mode 100644
index 676127ee3..000000000
--- a/site/seaworthy/software/charts/osh-infra/osh-infra-logging/fluentd.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: fluentd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/seaworthy/software/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644
index e4ca8951a..000000000
--- a/site/seaworthy/software/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# This file defines hardware-specific settings for neutron. If you use the same
-# hardware profile as this environment, you should not need to change this file.
-# Otherwise, you should review the settings here and adjust for your hardware.
-# In particular:
-# 1. logical network interface names
-# 2. physical device mappigns
-# TODO: Should move to global layer and become tied to the hardware profile
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: neutron-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy/software/charts/osh/openstack-compute-kit/nova.yaml b/site/seaworthy/software/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644
index 32f94b89b..000000000
--- a/site/seaworthy/software/charts/osh/openstack-compute-kit/nova.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# This file defines hardware-specific settings for nova. If you use the same
-# hardware profile as this environment, you should not need to change this file.
-# Otherwise, you should review the settings here and adjust for your hardware.
-# In particular:
-# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
-#    changes.
-# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
-#    slotting changes.
-# TODO: Should move to global layer and become tied to the hardware profile
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: nova-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml b/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
deleted file mode 100644
index ce93795ba..000000000
--- a/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# The purpose of this file is to define envrionment-specific parameters for the
-# ceph client
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-client
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: tenant-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          osd: 12
-...
diff --git a/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml b/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
deleted file mode 100644
index d00702c89..000000000
--- a/site/seaworthy/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for
-# ceph-osd
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-osd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: tenant-ceph-osd-global
-    actions:
-      - method: replace
-        path: .values.conf.storage.osd
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    labels:
-      osd:
-        node_selector_key: tenant-ceph-osd
-        node_selector_value: enabled
-    conf:
-      storage:
-        failure_domain: "rack"
-        # NEWSITE-CHANGEME: The OSD count and configuration here should not need
-        # to change if your HW matches the HW used in this environment.
-        # Otherwise you may need to add or subtract disks to this list.
-        # no need to create below jounal partitons as ceph charts will create them
-        # default size of  journal partions is 10GB
-        osd:
-          - data:
-              type: block-logical
-              location: /dev/sde
-            journal:
-              type: block-logical
-              location: /dev/sdb1
-          - data:
-              type: block-logical
-              location: /dev/sdf
-            journal:
-              type: block-logical
-              location: /dev/sdb2
-          - data:
-              type: block-logical
-              location: /dev/sdg
-            journal:
-              type: block-logical
-              location: /dev/sdc1
-          - data:
-              type: block-logical
-              location: /dev/sdh
-            journal:
-              type: block-logical
-              location: /dev/sdc2
-      overrides:
-        ceph_osd:
-          hosts:
-            - name: cab23-r720-14
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_1"
-            - name: cab23-r720-17
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_2"
-            - name: cab23-r720-19
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_3"
-...
diff --git a/site/seaworthy/software/charts/ucp/ceph/ceph-client-update.yaml b/site/seaworthy/software/charts/ucp/ceph/ceph-client-update.yaml
deleted file mode 100644
index 4b08d763a..000000000
--- a/site/seaworthy/software/charts/ucp/ceph/ceph-client-update.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for ceph
-# client update
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client-update
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-update-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
-          # your HW matches this site's HW. Verify for your environment.
-          # 8 OSDs per node x 3 nodes = 24
-          osd: 24
-...
diff --git a/site/seaworthy/software/charts/ucp/ceph/ceph-client.yaml b/site/seaworthy/software/charts/ucp/ceph/ceph-client.yaml
deleted file mode 100644
index ad4678063..000000000
--- a/site/seaworthy/software/charts/ucp/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# The purpose of this file is to define envrionment-specific parameters for the
-# ceph client
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
-          # change if your deployment HW matches this site's HW.
-          osd: 8
-...
diff --git a/site/seaworthy/software/charts/ucp/ceph/ceph-osd.yaml b/site/seaworthy/software/charts/ucp/ceph/ceph-osd.yaml
deleted file mode 100644
index c6be7e477..000000000
--- a/site/seaworthy/software/charts/ucp/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for
-# ceph-osd
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-osd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-osd-global
-    actions:
-      - method: replace
-        path: .values.conf.storage.osd
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      storage:
-        failure_domain: "rack"
-        # NEWSITE-CHANGEME: The OSD count and configuration here should not need
-        # to change if your HW matches the HW used in this environment.
-        # Otherwise you may need to add or subtract disks to this list.
-        # no need to create below jounal partitons as ceph charts will create them
-        # default size of  journal partions is 10GB
-        osd:
-          - data:
-              type: block-logical
-              location: /dev/sdd
-            journal:
-              type: block-logical
-              location: /dev/sdb1
-          - data:
-              type: block-logical
-              location: /dev/sde
-            journal:
-              type: block-logical
-              location: /dev/sdb2
-          - data:
-              type: block-logical
-              location: /dev/sdf
-            journal:
-              type: block-logical
-              location: /dev/sdb3
-          - data:
-              type: block-logical
-              location: /dev/sdg
-            journal:
-              type: block-logical
-              location: /dev/sdb4
-          - data:
-              type: block-logical
-              location: /dev/sdh
-            journal:
-              type: block-logical
-              location: /dev/sdc1
-          - data:
-              type: block-logical
-              location: /dev/sdi
-            journal:
-              type: block-logical
-              location: /dev/sdc2
-          - data:
-              type: block-logical
-              location: /dev/sdj
-            journal:
-              type: block-logical
-              location: /dev/sdc3
-          - data:
-              type: block-logical
-              location: /dev/sdk
-            journal:
-              type: block-logical
-              location: /dev/sdc4
-      overrides:
-        ceph_osd:
-          hosts:
-            - name: cab23-r720-11
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_1"
-            - name: cab23-r720-12
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_2"
-            - name: cab23-r720-13
-              conf:
-                storage:
-                  failure_domain_name: "cab23_rack_3"
-...
diff --git a/site/seaworthy/software/charts/ucp/divingbell/divingbell.yaml b/site/seaworthy/software/charts/ucp/divingbell/divingbell.yaml
deleted file mode 100644
index 2db2c169b..000000000
--- a/site/seaworthy/software/charts/ucp/divingbell/divingbell.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# The purpose of this file is to define site-specific parameters to the
-# UAM-lite portion of the divingbell chart:
-# 1. User accounts to create on bare metal
-# 2. SSH public key for operationg system access to the bare metal
-# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
-#    based auth is disabled.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-divingbell
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-divingbell-global
-    actions:
-      - method: merge
-        path: .
-  labels:
-    name: ucp-divingbell-site
-  storagePolicy: cleartext
-  substitutions:
-    - dest:
-        path: .values.conf.uamlite.users[0].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: airship_ssh_public_key
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[0].user_crypt_passwd
-      src:
-        schema: deckhand/Passphrase/v1
-        name: ubuntu_crypt_password
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[1].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: airship_ssh_public_key
-        path: .
-data:
-  values:
-    conf:
-      uamlite:
-        users:
-          - user_name: ubuntu
-            user_sudo: true
-            user_sshkeys: []
-          - user_name: airship
-            user_sudo: true
-            user_sshkeys: []
-...
diff --git a/site/seaworthy/software/charts/ucp/drydock/drydock.yaml b/site/seaworthy/software/charts/ucp/drydock/drydock.yaml
deleted file mode 100644
index 4aa454f94..000000000
--- a/site/seaworthy/software/charts/ucp/drydock/drydock.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-drydock
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-drydock-global
-    actions:
-      - method: merge
-        path: .
-  labels:
-    name: ucp-drydock-site
-  storagePolicy: cleartext
-  replacement: true
-data:
-  values:
-    network:
-      api:
-        ingress:
-          classes:
-            cluster: "maas-ingress"
-...
diff --git a/site/seaworthy/software/charts/ucp/promenade/promenade.yaml b/site/seaworthy/software/charts/ucp/promenade/promenade.yaml
deleted file mode 100644
index e245bd949..000000000
--- a/site/seaworthy/software/charts/ucp/promenade/promenade.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-# The purpose of this file is to provide site-specific parameters for the ucp-
-# promenade chart.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-promenade-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      env:
-        promenade_api: []
-          # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: http_proxy
-          #   value: 'http://proxy.example.com:8080'
-          # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: https_proxy
-          #   value: 'http://proxy.example.com:8080'
-          # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
-          # IPs / domain names which the proxy should not be used for (i.e. the
-          # cluster domain and kubernetes service_cidr defined in common-addresses)
-          # Otherwise comment out these lines.
-          # - name: no_proxy
-          #   value: '10.96.0.1,.cluster.local'
-          # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: HTTP_PROXY
-          #   value: 'http://proxy.example.com:8080'
-          # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: HTTPS_PROXY
-          #   value: 'http://proxy.example.com:8080'
-          # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
-          # IPs / domain names which the proxy should not be used for (i.e. the
-          # cluster domain and kubernetes service_cidr defined in common-addresses)
-          # Otherwise comment out these lines.
-          # - name: NO_PROXY
-          #   value: '10.96.0.1,.cluster.local'
-...
diff --git a/site/seaworthy/software/config/common-software-config.yaml b/site/seaworthy/software/config/common-software-config.yaml
deleted file mode 100644
index 620e4ace7..000000000
--- a/site/seaworthy/software/config/common-software-config.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# The purpose of this file is to define site-specific common software config
-# paramters.
-schema: pegleg/CommonSoftwareConfig/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-software-config
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  osh:
-    # NEWSITE-CHANGEME: Replace with the site name
-    region_name: seaworthy
-...
diff --git a/site/seaworthy/software/config/endpoints.yaml b/site/seaworthy/software/config/endpoints.yaml
deleted file mode 100644
index 0dc32749f..000000000
--- a/site/seaworthy/software/config/endpoints.yaml
+++ /dev/null
@@ -1,1201 +0,0 @@
----
-# The purpose of this file is to define the site's endpoint catalog. This should
-# not need to be modified for a new site.
-# #GLOBAL-CANDIDATE#
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.ingress_domain
-      dest:
-        - path: .ucp.identity.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .ucp.identity.host_fqdn_override.admin.host
-          pattern: DOMAIN
-        - path: .ucp.shipyard.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .ucp.physicalprovisioner.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .ucp.maas_region.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .ceph.object_store.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .ceph.ceph_object_store.host_fqdn_override.public.host
-          pattern: DOMAIN
-    - src:
-        schema: deckhand/Certificate/v1
-        name: ingress-crt
-        path: .
-      dest:
-        - path: .ucp.identity.host_fqdn_override.public.tls.crt
-        - path: .ucp.shipyard.host_fqdn_override.public.tls.crt
-        - path: .ucp.physicalprovisioner.host_fqdn_override.public.tls.crt
-        - path: .ceph.object_store.host_fqdn_override.public.tls.crt
-        - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: ingress-ca
-        path: .
-      dest:
-        - path: .ucp.identity.host_fqdn_override.public.tls.ca
-        - path: .ucp.shipyard.host_fqdn_override.public.tls.ca
-        - path: .ucp.physicalprovisioner.host_fqdn_override.public.tls.ca
-        - path: .ceph.object_store.host_fqdn_override.public.tls.ca
-        - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: ingress-key
-        path: .
-      dest:
-        - path: .ucp.identity.host_fqdn_override.public.tls.key
-        - path: .ucp.shipyard.host_fqdn_override.public.tls.key
-        - path: .ucp.physicalprovisioner.host_fqdn_override.public.tls.key
-        - path: .ceph.object_store.host_fqdn_override.public.tls.key
-        - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
-data:
-  ucp:
-    identity:
-      namespace: ucp
-      name: keystone
-      hosts:
-        default: keystone
-        internal: keystone-api
-      host_fqdn_override:
-        default: null
-        public:
-          host: iam-sw.DOMAIN
-        admin:
-          host: iam-sw.DOMAIN
-      path:
-        default: /v3
-      scheme:
-        default: "https"
-        internal: "http"
-      port:
-        api:
-          default: 443
-          internal: 5000
-    armada:
-      name: armada
-      hosts:
-        default: armada-api
-        public: armada
-      port:
-        api:
-          default: 8000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    deckhand:
-      name: deckhand
-      hosts:
-        default: deckhand-int
-        public: deckhand-api
-      port:
-        api:
-          default: 9000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    postgresql:
-      name: postgresql
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: postgresql+psycopg2
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    postgresql_airflow_celery:
-      name: postgresql_airflow_celery_db
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: db+postgresql
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9311
-          public: 80
-    airflow_oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /airflow
-      scheme: amqp
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /keystone
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-    oslo_cache:
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    physicalprovisioner:
-      name: drydock
-      hosts:
-        default: drydock-api
-      port:
-        api:
-          default: 9000
-          nodeport: 31900
-          public: 443
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "https"
-      host_fqdn_override:
-        default: null
-        public:
-          host: drydock-sw.DOMAIN
-    maas_region:
-      name: maas-region
-      hosts:
-        default: maas-region
-        public: maas
-      path:
-        default: /MAAS
-      scheme:
-        default: "http"
-      port:
-        region_api:
-          default: 80
-          nodeport: 31900
-          podport: 80
-          public: 80
-        region_proxy:
-          default: 8000
-      host_fqdn_override:
-        default: null
-        public:
-          host: maas-sw.DOMAIN
-    maas_ingress:
-      hosts:
-        default: maas-ingress
-        error_pages: maas-ingress-error
-      host_fqdn_override:
-        public: null
-      port:
-        http:
-          default: 80
-        https:
-          default: 443
-        ingress_default_server:
-          default: 8383
-        error_pages:
-          default: 8080
-          podport: 8080
-        healthz:
-          podport: 10259
-        status:
-          podport: 18089
-    kubernetesprovisioner:
-      name: promenade
-      hosts:
-        default: promenade-api
-      port:
-        api:
-          default: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    shipyard:
-      name: shipyard
-      hosts:
-        default: shipyard-int
-        public: shipyard-api
-      port:
-        api:
-          default: 9000
-          public: 443
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "https"
-      host_fqdn_override:
-        default: null
-        public:
-          host: shipyard-sw.DOMAIN
-    prometheus_openstack_exporter:
-      namespace: ucp
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-  ceph:
-    object_store:
-      name: swift
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-        public:
-          host: object-store-sw.DOMAIN
-      path:
-        default: /swift/v1
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8088
-          public: 443
-    ceph_object_store:
-      name: radosgw
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-        public:
-          host: object-store-sw.DOMAIN
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8088
-          public: 443
-    ceph_mon:
-      namespace: ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6789
-    ceph_mgr:
-      namespace: ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7000
-      scheme:
-        default: "http"
-    tenant_ceph_mon:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6790
-    tenant_ceph_mgr:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7001
-        metrics:
-          default: 9284
-      scheme:
-        default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.ingress_domain
-      dest:
-        - path: .osh.object_store.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.ceph_object_store.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.image.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.cloudformation.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.orchestration.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.compute.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.placement.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.network.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.identity.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.identity.host_fqdn_override.admin.host
-          pattern: DOMAIN
-        - path: .osh.dashboard.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.volume.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.volumev2.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh.volumev3.host_fqdn_override.public.host
-          pattern: DOMAIN
-    - src:
-        schema: deckhand/Certificate/v1
-        name: ingress-crt
-        path: .
-      dest:
-        - path: .osh.object_store.host_fqdn_override.public.tls.crt
-        - path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
-        - path: .osh.identity.host_fqdn_override.public.tls.crt
-        - path: .osh.orchestration.host_fqdn_override.public.tls.crt
-        - path: .osh.cloudformation.host_fqdn_override.public.tls.crt
-        - path: .osh.dashboard.host_fqdn_override.public.tls.crt
-        - path: .osh.image.host_fqdn_override.public.tls.crt
-        - path: .osh.volume.host_fqdn_override.public.tls.crt
-        - path: .osh.volumev2.host_fqdn_override.public.tls.crt
-        - path: .osh.volumev3.host_fqdn_override.public.tls.crt
-        - path: .osh.compute.host_fqdn_override.public.tls.crt
-        - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
-        - path: .osh.placement.host_fqdn_override.public.tls.crt
-        - path: .osh.network.host_fqdn_override.public.tls.crt
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: ingress-ca
-        path: .
-      dest:
-        - path: .osh.object_store.host_fqdn_override.public.tls.ca
-        - path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
-        - path: .osh.identity.host_fqdn_override.public.tls.ca
-        - path: .osh.orchestration.host_fqdn_override.public.tls.ca
-        - path: .osh.cloudformation.host_fqdn_override.public.tls.ca
-        - path: .osh.dashboard.host_fqdn_override.public.tls.ca
-        - path: .osh.image.host_fqdn_override.public.tls.ca
-        - path: .osh.volume.host_fqdn_override.public.tls.ca
-        - path: .osh.volumev2.host_fqdn_override.public.tls.ca
-        - path: .osh.volumev3.host_fqdn_override.public.tls.ca
-        - path: .osh.compute.host_fqdn_override.public.tls.ca
-        - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
-        - path: .osh.placement.host_fqdn_override.public.tls.ca
-        - path: .osh.network.host_fqdn_override.public.tls.ca
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: ingress-key
-        path: .
-      dest:
-        - path: .osh.object_store.host_fqdn_override.public.tls.key
-        - path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
-        - path: .osh.identity.host_fqdn_override.public.tls.key
-        - path: .osh.orchestration.host_fqdn_override.public.tls.key
-        - path: .osh.cloudformation.host_fqdn_override.public.tls.key
-        - path: .osh.dashboard.host_fqdn_override.public.tls.key
-        - path: .osh.image.host_fqdn_override.public.tls.key
-        - path: .osh.volume.host_fqdn_override.public.tls.key
-        - path: .osh.volumev2.host_fqdn_override.public.tls.key
-        - path: .osh.volumev3.host_fqdn_override.public.tls.key
-        - path: .osh.compute.host_fqdn_override.public.tls.key
-        - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
-        - path: .osh.placement.host_fqdn_override.public.tls.key
-        - path: .osh.network.host_fqdn_override.public.tls.key
-data:
-  osh:
-    object_store:
-      name: swift
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-        public:
-          host: object-store-sw.DOMAIN
-      path:
-        default: /swift/v1/KEY_$(tenant_id)s
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8088
-          public: 443
-    ceph_object_store:
-      name: radosgw
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-        public:
-          host: object-store-sw.DOMAIN
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8088
-          public: 443
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    prometheus_mysql_exporter:
-      namespace: openstack
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    oslo_messaging:
-      statefulset:
-        name: airship-openstack-rabbitmq-rabbitmq
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /VHOST_NAME
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    openstack_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    oslo_cache:
-      namespace: openstack
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    identity:
-      namespace: openstack
-      name: keystone
-      hosts:
-        default: keystone
-        internal: keystone-api
-      host_fqdn_override:
-        default: null
-        public:
-          host: identity-sw.DOMAIN
-        admin:
-          host: identity-sw.DOMAIN
-      path:
-        default: /v3
-      scheme:
-        default: "https"
-        internal: "http"
-      port:
-        api:
-          default: 443
-          internal: 5000
-    image:
-      name: glance
-      hosts:
-        default: glance-api
-        public: glance
-      host_fqdn_override:
-        default: null
-        public:
-          host: image-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 9292
-          public: 443
-    image_registry:
-      name: glance-registry
-      hosts:
-        default: glance-registry
-        public: glance-reg
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9191
-          public: 80
-    volume:
-      name: cinder
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public:
-          host: volume-sw.DOMAIN
-      path:
-        default: "/v1/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8776
-          public: 443
-    volumev2:
-      name: cinderv2
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public:
-          host: volume-sw.DOMAIN
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8776
-          public: 443
-    volumev3:
-      name: cinderv3
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public:
-          host: volume-sw.DOMAIN
-      path:
-        default: "/v3/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8776
-          public: 443
-    orchestration:
-      name: heat
-      hosts:
-        default: heat-api
-        public: heat
-      host_fqdn_override:
-        default: null
-        public:
-          host: orchestration-sw.DOMAIN
-      path:
-        default: "/v1/%(project_id)s"
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8004
-          public: 443
-    cloudformation:
-      name: heat-cfn
-      hosts:
-        default: heat-cfn
-        public: cloudformation
-      host_fqdn_override:
-        default: null
-        public:
-          host: cloudformation-sw.DOMAIN
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8000
-          public: 443
-    cloudwatch:
-      name: heat-cloudwatch
-      hosts:
-        default: heat-cloudwatch
-        public: cloudwatch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      type: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8003
-          public: 80
-    network:
-      name: neutron
-      hosts:
-        default: neutron-server
-        public: neutron
-      host_fqdn_override:
-        default: null
-        public:
-          host: network-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 9696
-          public: 443
-    compute:
-      name: nova
-      hosts:
-        default: nova-api
-        public: nova
-      host_fqdn_override:
-        default: null
-        public:
-          host: compute-sw.DOMAIN
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8774
-          public: 443
-        novncproxy:
-          default: 443
-    compute_metadata:
-      name: nova
-      hosts:
-        default: nova-metadata
-        public: metadata
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        metadata:
-          default: 8775
-          public: 80
-    compute_novnc_proxy:
-      name: nova
-      hosts:
-        default: nova-novncproxy
-        public: novncproxy
-      host_fqdn_override:
-        default: null
-        public:
-          host: nova-novncproxy-sw.DOMAIN
-      path:
-        default: /vnc_auto.html
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        novnc_proxy:
-          default: 6080
-          public: 443
-    compute_spice_proxy:
-      name: nova
-      hosts:
-        default: nova-spiceproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /spice_auto.html
-      scheme:
-        default: "http"
-      port:
-        spice_proxy:
-          default: 6082
-    placement:
-      name: placement
-      hosts:
-        default: placement-api
-        public: placement
-      host_fqdn_override:
-        default: null
-        public:
-          host: placement-sw.DOMAIN
-      path:
-        default: /
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        api:
-          default: 8778
-          public: 443
-    dashboard:
-      name: horizon
-      hosts:
-        default: horizon-int
-        public: horizon
-      host_fqdn_override:
-        default: null
-        public:
-          host: dashboard-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        web:
-          default: 80
-          public: 443
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.ingress_domain
-      dest:
-        - path: .osh_infra.kibana.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh_infra.grafana.host_fqdn_override.public.host
-          pattern: DOMAIN
-        - path: .osh_infra.nagios.host_fqdn_override.public.host
-          pattern: DOMAIN
-    - src:
-        schema: deckhand/Certificate/v1
-        name: ingress-crt
-        path: .
-      dest:
-        - path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
-        - path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
-        - path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
-    - src:
-        schema: deckhand/CertificateAuthority/v1
-        name: ingress-ca
-        path: .
-      dest:
-        - path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
-        - path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
-        - path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: ingress-key
-        path: .
-      dest:
-        - path: .osh_infra.kibana.host_fqdn_override.public.tls.key
-        - path: .osh_infra.grafana.host_fqdn_override.public.tls.key
-        - path: .osh_infra.nagios.host_fqdn_override.public.tls.key
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.base_url
-      dest:
-        path: .osh_infra.ldap.host_fqdn_override.public.host
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.auth_path
-      dest:
-        path: .osh_infra.ldap.path.default
-        pattern: AUTH_PATH
-data:
-  osh_infra:
-    ceph_object_store:
-      name: radosgw
-      namespace: osh-infra
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    elasticsearch:
-      name: elasticsearch
-      namespace: osh-infra
-      hosts:
-        data: elasticsearch-data
-        default: elasticsearch-logging
-        discovery: elasticsearch-discovery
-        public: elasticsearch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-    prometheus_elasticsearch_exporter:
-      namespace: null
-      hosts:
-        default: elasticsearch-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9108
-    fluentd:
-      namespace: osh-infra
-      name: fluentd
-      hosts:
-        default: fluentd-logging
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        service:
-          default: 24224
-        metrics:
-          default: 24220
-    prometheus_fluentd_exporter:
-      namespace: osh-infra
-      hosts:
-        default: fluentd-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9309
-    oslo_db:
-      namespace: osh-infra
-      hosts:
-        default: mariadb
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-    prometheus_mysql_exporter:
-      namespace: osh-infra
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    grafana:
-      name: grafana
-      namespace: osh-infra
-      hosts:
-        default: grafana-dashboard
-        public: grafana
-      host_fqdn_override:
-        default: null
-        public:
-          host: grafana-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        grafana:
-          default: 3000
-          public: 443
-    monitoring:
-      name: prometheus
-      namespace: osh-infra
-      hosts:
-        default: prom-metrics
-        public: prometheus
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9090
-        http:
-          default: 80
-    kibana:
-      name: kibana
-      namespace: osh-infra
-      hosts:
-        default: kibana-dash
-        public: kibana
-      host_fqdn_override:
-        default: null
-        public:
-          host: kibana-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        kibana:
-          default: 5601
-          public: 443
-    alerts:
-      name: alertmanager
-      namespace: osh-infra
-      hosts:
-        default: alerts-engine
-        public: alertmanager
-        discovery: alertmanager-discovery
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9093
-          public: 80
-        mesh:
-          default: 6783
-    kube_state_metrics:
-      namespace: kube-system
-      hosts:
-        default: kube-state-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 8080
-    kube_scheduler:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    kube_controller_manager:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    node_metrics:
-      namespace: kube-system
-      hosts:
-        default: node-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9100
-        prometheus_port:
-          default: 9100
-    process_exporter_metrics:
-      namespace: kube-system
-      hosts:
-        default: process-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9256
-    prometheus_openstack_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-    nagios:
-      name: nagios
-      namespace: osh-infra
-      hosts:
-        default: nagios-metrics
-        public: nagios
-      host_fqdn_override:
-        default: null
-        public:
-          host: nagios-sw.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "https"
-      port:
-        http:
-          default: 80
-          public: 443
-    ldap:
-      hosts:
-        default: ldap
-      host_fqdn_override:
-        default: null
-        public:
-          host: DOMAIN
-      path:
-        default: /AUTH_PATH
-      scheme:
-        default: "ldap"
-      port:
-        ldap:
-          default: 389
-...
diff --git a/site/seaworthy/software/config/service_accounts.yaml b/site/seaworthy/software/config/service_accounts.yaml
deleted file mode 100644
index 751f1b1f7..000000000
--- a/site/seaworthy/software/config/service_accounts.yaml
+++ /dev/null
@@ -1,435 +0,0 @@
----
-# The purpose of this file is to define the account catalog for the site. This
-# mostly contains service usernames, but also contain some information which
-# should be changed like the region (site) name.
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-    ucp:
-        postgres:
-            admin:
-                username: postgres
-            replica:
-                username: standby
-            exporter:
-                username: psql_exporter
-        oslo_db:
-            admin:
-                username: root
-        oslo_messaging:
-            admin:
-                username: rabbitmq
-        keystone:
-            admin:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: admin
-                project_name: admin
-                user_domain_name: default
-                project_domain_name: default
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-            oslo_db:
-                username: keystone
-                database: keystone
-        promenade:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: promenade
-        drydock:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: drydock
-            postgres:
-                username: drydock
-                database: drydock
-        shipyard:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: shipyard
-            postgres:
-                username: shipyard
-                database: shipyard
-        airflow:
-            postgres:
-                username: airflow
-                database: airflow
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                user:
-                    username: airflow
-        maas:
-            admin:
-                username: admin
-                email: none@none
-            postgres:
-                username: maas
-                database: maasdb
-        barbican:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: barbican
-            oslo_db:
-                username: barbican
-                database: barbican
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-        armada:
-            keystone:
-                project_domain_name: default
-                user_domain_name: default
-                project_name: service
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                username: armada
-        deckhand:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: deckhand
-            postgres:
-                username: deckhand
-                database: deckhand
-        prometheus_openstack_exporter:
-            user:
-                region_name: RegionOne
-                role: admin
-                username: prometheus-openstack-exporter
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-    ceph:
-        swift:
-            keystone:
-                role: admin
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: swift
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.keystone.admin.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.cinder.cinder.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.glance.glance.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_trustee.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_stack_user.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.swift.keystone.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.neutron.neutron.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.nova.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.placement.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.barbican.barbican.region_name
-data:
-  osh:
-    keystone:
-      admin:
-        username: admin
-        project_name: admin
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: keystone
-        database: keystone
-      oslo_messaging:
-        keystone:
-          username: keystone-rabbitmq-user
-      ldap:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        username: "test@ldap.example.com"
-    cinder:
-      cinder:
-        role: admin
-        username: cinder
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: cinder
-        database: cinder
-      oslo_messaging:
-        cinder:
-          username: cinder-rabbitmq-user
-    glance:
-      glance:
-        role: admin
-        username: glance
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: glance
-        database: glance
-      oslo_messaging:
-        glance:
-          username: glance-rabbitmq-user
-      ceph_object_store:
-        username: glance
-    heat:
-      heat:
-        role: admin
-        username: heat
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_trustee:
-        role: admin
-        username: heat-trust
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_stack_user:
-        role: admin
-        username: heat-domain
-        domain_name: heat
-      oslo_db:
-        username: heat
-        database: heat
-      oslo_messaging:
-        heat:
-          username: heat-rabbitmq-user
-    swift:
-      keystone:
-        role: admin
-        username: swift
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-oslodb-exporter
-    neutron:
-      neutron:
-        role: admin
-        username: neutron
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: neutron
-        database: neutron
-      oslo_messaging:
-        neutron:
-          username: neutron-rabbitmq-user
-    nova:
-      nova:
-        role: admin
-        username: nova
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      placement:
-        role: admin
-        username: placement
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: nova
-        database: nova
-      oslo_db_api:
-        username: nova
-        database: nova_api
-      oslo_db_cell0:
-        username: nova
-        database: "nova_cell0"
-      oslo_messaging:
-        nova:
-          username: nova-rabbitmq-user
-    horizon:
-      oslo_db:
-        username: horizon
-        database: horizon
-    barbican:
-      barbican:
-        role: admin
-        username: barbican
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: barbican
-        database: barbican
-      oslo_messaging:
-        barbican:
-          username: barbican-rabbitmq-user
-    oslo_messaging:
-      admin:
-        username: admin
-    tempest:
-      tempest:
-        role: admin
-        username: tempest
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh_infra.prometheus_openstack_exporter.user.region_name
-data:
-  osh_infra:
-    ceph_object_store:
-      admin:
-        username: s3_admin
-      elasticsearch:
-        username: elasticsearch
-    grafana:
-      admin:
-        username: grafana
-      oslo_db:
-        username: grafana
-        database: grafana
-      oslo_db_session:
-        username: grafana_session
-        database: grafana_session
-    elasticsearch:
-      admin:
-        username: elasticsearch
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-infra-oslodb-exporter
-    prometheus_openstack_exporter:
-      user:
-        role: admin
-        username: prometheus-openstack-exporter
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    nagios:
-      admin:
-        username: nagios
-    prometheus:
-      admin:
-        username: prometheus
-    ldap:
-      admin:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        bind: "test@ldap.example.com"
-...
diff --git a/test-requirements.txt b/test-requirements.txt
deleted file mode 100644
index 063e41278..000000000
--- a/test-requirements.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-yapf==0.27.0
-flake8-import-order==0.18.1
-bandit==1.6.0
diff --git a/tools/airship b/tools/airship
deleted file mode 100755
index 2f904b8a0..000000000
--- a/tools/airship
+++ /dev/null
@@ -1,212 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright 2019 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-DEFAULT_TERM_OPTS=' '
-# Set an interactive mode only if there is a TTY available.
-test -t 1 && test -t 0 && DEFAULT_TERM_OPTS='-it'
-: ${TERM_OPTS:=${DEFAULT_TERM_OPTS}}
-
-# Python YAML module required to read versions.yaml
-if grep -iq suse /etc/os-release; then
-    sudo rpm -q python3-pyaml --quiet || sudo zypper --non-interactive install python3-pyaml
-else
-    sudo dpkg -s python3-yaml &> /dev/null || sudo apt -y install python3-yaml
-fi
-
-TMP_DIR=$(mktemp -d)
-trap "{ rm -rf $TMP_DIR; }" EXIT
-
-ENV_FILE=${TMP_DIR}/ENV
-
-export OS_PASSWORD=${OS_PASSWORD:-password123}
-# If shipyard password is defined, provide it to shipyard component
-if [ "$1" = "shipyard" ] && [ -n "$OS_SHIPYARD_PASSWORD" ]; then
-    export OS_PASSWORD=${OS_SHIPYARD_PASSWORD}
-fi
-
-# prepare docker environment file
-cat > $ENV_FILE << EOF
-PEGLEG_PASSPHRASE=${PEGLEG_PASSPHRASE:-password123}
-PEGLEG_SALT=${PEGLEG_SALT:-password123}
-
-OS_AUTH_URL=${OS_AUTH_URL:-http://keystone.ucp.svc.cluster.local:80/v3}
-OS_PASSWORD=${OS_PASSWORD}
-OS_PROJECT_DOMAIN_NAME=${OS_PROJECT_DOMAIN_NAME:-default}
-OS_PROJECT_NAME=${OS_PROJECT_NAME:-service}
-OS_USERNAME=${OS_USERNAME:-shipyard}
-OS_USER_DOMAIN_NAME=${OS_USER_DOMAIN_NAME:-default}
-OS_IDENTITY_API_VERSION=${OS_IDENTITY_API_VERSION:-3}
-EOF
-
-REPO_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../ >/dev/null 2>&1 && pwd )"
-
-USER=$(id -u)
-GROUP=$(id -g)
-
-# Key/value lookups from manifests
-manifests_lookup(){
-
-  local file="$1"
-  local schema="$2"
-  local mdata_name="$3"
-  local key_path="$4"
-  local oper="$5"
-  local allow_fail="$6"
-
-  FAIL=false
-  RESULT=`python3 -c "
-
-import yaml,sys
-y = yaml.load_all(open('$file'))
-for x in y:
-  if x.get('schema') == '$schema':
-    if x['metadata']['name'] == '$mdata_name':
-      if isinstance(x$key_path,list):
-        if '$oper' == 'get_size':
-          print(len(x$key_path))
-          break
-        else:
-          for i in x$key_path:
-            print(i)
-          break
-      else:
-        if '$oper' == 'dict_keys':
-          print(' '.join(x$key_path.keys()))
-          break
-        else:
-          print(x$key_path)
-          break
-else:
-  sys.exit(1)" 2>&1` || FAIL=true
-
-  if [[ $FAIL = true ]] && [[ $allow_fail != true ]]; then
-     echo "error: Lookup failed for schema '$schema', \
-metadata.name '$mdata_name', key path '$key_path'" >&2
-     exit 1
-  fi
-}
-
-versions_lookup() {
-  manifests_lookup "${REPO_DIR}/global/software/config/versions.yaml" \
-                   'pegleg/SoftwareVersions/v1' \
-                   'software-versions' "$1"
-  IMAGE_URL=$RESULT
-}
-
-
-help() {
-  echo -n "Usage: airship <pegleg|promenade|shipyard> [OPTION]...
-
-Examples:
-  tools/airship pegleg site -r /target collect airsloop -s collect
-  tools/airship promenade generate-certs -o /target/certs /target/collect/*.yaml
-  tools/airship promenade build-all -o /target/bundle /target/collect/*.yaml /target/certs/*.yaml
-  tools/airship shipyard get actions
-"
-}
-
-pegleg() {
-
-  versions_lookup "['data']['images']['ucp']['pegleg']['pegleg']"
-
-  cat >> $ENV_FILE << EOF
-USER=pegleg
-EOF
-
-  docker run --rm --net=host $TERM_OPTS \
-      -u "${USER}:${GROUP}" \
-      -w /target \
-      -v $(pwd):/target \
-      -v ${HOME}/.ssh:/target/.ssh \
-      --env-file $ENV_FILE \
-      $IMAGE_URL $@
-}
-
-promenade() {
-
-  versions_lookup "['data']['images']['ucp']['promenade']['promenade']"
-  IMAGE_PROMENADE=$IMAGE_URL
-  versions_lookup "['data']['images']['kubernetes']['hyperkube']"
-  IMAGE_HYPERKUBE=$IMAGE_URL
-
-  # 'cache' is hardcoded in Promenade source code
-  # it's a shared directory between init and main containers in Promenade pod
-  # the purpose for it is to transfer Hyperkube binary and store file cache
-  PROMENADE_TMP_LOCAL="cache"
-  PROMENADE_TMP=${TMP_DIR}/promenade
-  mkdir $PROMENADE_TMP
-
-  # support proxy for pulling k8s binary
-  cat >> $ENV_FILE << EOF
-http_proxy=${http_proxy:-}
-https_proxy=${https_proxy:-}
-no_proxy=${no_proxy:-}
-HTTP_PROXY=${HTTP_PROXY:-}
-HTTPS_PROXY=${HTTPS_PROXY:-}
-NO_PROXY=${NO_PROXY:-}
-# Promenade specific variables for downloading hyperkube image to generate genesis.sh
-PROMENADE_TMP=${PROMENADE_TMP:-}
-PROMENADE_TMP_LOCAL=${PROMENADE_TMP_LOCAL:-}
-EOF
-
-  # extract Hyperkube binary before running Promenade container
-  # this is replacing internal extraction step in Promenade
-  # no need to share Docker socket
-  docker run --rm $TERM_OPTS \
-      -v "${PROMENADE_TMP}:/tmp/${PROMENADE_TMP_LOCAL}" \
-      --env-file $ENV_FILE \
-      --entrypoint /bin/cp \
-      "${IMAGE_HYPERKUBE}" \
-          /hyperkube "/tmp/${PROMENADE_TMP_LOCAL}"
-
-  docker run --rm --net=host $TERM_OPTS \
-      -u "${USER}:${GROUP}" \
-      -w /target \
-      -v $(pwd):/target \
-      -v "${PROMENADE_TMP}:/tmp/${PROMENADE_TMP_LOCAL}" \
-      --env-file $ENV_FILE \
-      $IMAGE_PROMENADE $@
-}
-
-shipyard() {
-
-  versions_lookup "['data']['images']['ucp']['shipyard']['shipyard']"
-
-  SHIPYARD_IMAGE=$RESULT
-  docker run --rm --net=host $TERM_OPTS \
-    -u "${USER}:${GROUP}" \
-    -w /target \
-    -v $(pwd):/target \
-    --env-file $ENV_FILE \
-    $IMAGE_URL $@
-}
-
-
-case "$1" in
-'pegleg')
-  pegleg $@
-  ;;
-'promenade')
-  promenade $@
-  ;;
-'shipyard')
-  shift;
-  shipyard $@
-  ;;
-*) help
-   exit 1
-  ;;
-esac
diff --git a/tools/deployment/aiab/README.rst b/tools/deployment/aiab/README.rst
deleted file mode 100644
index 1407d4285..000000000
--- a/tools/deployment/aiab/README.rst
+++ /dev/null
@@ -1,44 +0,0 @@
-..
-    Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-        http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-
-Airship in a Bottle
--------------------
-
-Use the airship-in-a-bottle.sh script to automatically deploy a demonstration
-version of Airship. It will attempt to detect the required environment settings
-and deploy an instance of Airship, including running a demo instance of
-OpenStack (using OpenStack Helm), and creating a simple Virtual Machine.
-
-To get started, run the following in a fresh Ubuntu 16.04 VM
-(minimum 4vCPU/20GB RAM/32GB disk). This will deploy Airship and Openstack Helm
-(OSH):
-
-.. code-block:: bash
-
-    sudo -i
-    mkdir -p /root/deploy && cd "$_"
-    git clone https://opendev.org/airship/treasuremap/
-    cd /root/deploy/treasuremap/tools/deployment/aiab/
-    ./airship-in-a-bottle.sh
-
-This demonstration uses the images pinned in the versions file:
-./global/software/config/versions.yaml
-
-By default, files will be downloaded into and built in the /root/deploy
-directory of the virtual machine being used to install this demo.
-
-Note that this process will result in the contents of the VM to be modified
-outside of that directory, and the VM should be intended to be discarded after
-demo use.
diff --git a/tools/deployment/aiab/airship-in-a-bottle.sh b/tools/deployment/aiab/airship-in-a-bottle.sh
deleted file mode 100755
index ef55e2a4c..000000000
--- a/tools/deployment/aiab/airship-in-a-bottle.sh
+++ /dev/null
@@ -1,165 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###############################################################################
-#                                                                             #
-# Set up and deploy an Airship environment for demonstration purposes.        #
-# Many of the defaults and sources used here are NOT production ready, and    #
-# this should not be used as a copy/paste source for any production use.      #
-#                                                                             #
-###############################################################################
-
-AIAB_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-
-usage ()
-{
-  echo "Usage: $(basename $0) {-y|-h}" 1>&2
-  echo "       -y                     don't ask questions, trust autodetection" 1>&2
-  echo "       -h                     this help" 1>&2
-}
-# See how we were called.
-case "$1" in
-  ""     ) ;;
-  "-y"   ) ASSUME_YES=1;;
-  "-h"|* ) usage; exit 1;;
-esac
-
-echo ""
-echo "Welcome to Airship in a Bottle"
-echo ""
-echo " /--------------------\\"
-echo "|                      \\"
-echo "|        |---|          \\----"
-echo "|        | x |                \\"
-echo "|        |---|                 |"
-echo "|          |                  /"
-echo "|     \____|____/       /----"
-echo "|                      /"
-echo " \--------------------/"
-echo ""
-echo ""
-echo "A prototype example of deploying the Airship suite on a single VM."
-echo ""
-sleep 1
-echo ""
-echo "This example will run through:"
-echo " - Setup"
-echo " - Genesis of Airship (Kubernetes)"
-echo " - Basic deployment of Openstack (including Nova, Neutron, and Horizon using Openstack Helm)"
-echo " - VM creation automation using Heat"
-echo ""
-echo "The expected runtime of this script is greater than 1 hour"
-echo ""
-sleep 1
-echo ""
-echo "The minimum recommended size of the Ubuntu 16.04 VM is 4 vCPUs, 20GB of RAM with 32GB disk space."
-CPU_COUNT=$(grep -c processor /proc/cpuinfo)
-RAM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
-# Blindly assume that all storage on this VM is under root FS
-DISK_SIZE=$(df --output=source,size / | awk '/dev/ {print $2}')
-source /etc/os-release
-if [[ $CPU_COUNT -lt 4 || $RAM_TOTAL -lt 20000000 || $DISK_SIZE -lt 30000000 || $NAME != "Ubuntu" || $VERSION_ID != "16.04" ]]; then
-  echo "Error: minimum VM recommendations are not met. Exiting."
-  exit 1
-fi
-if [[ $(id -u) -ne 0 ]]; then
-  echo "Please execute this script as root!"
-  exit 1
-fi
-sleep 1
-echo "Let's collect some information about your VM to get started."
-sleep 1
-
-# IP and Hostname setup
-get_local_ip ()
-{
-  ip addr | awk "/inet/ && /${HOST_IFACE}/{sub(/\/.*$/,\"\",\$2); print \$2}"
-}
-HOST_IFACE=$(ip route | grep "^default" | head -1 | awk '{ print $5 }')
-LOCAL_IP=$(get_local_ip)
-
-if [[ $ASSUME_YES -ne 1 ]]; then
-  read -p "Is your HOST IFACE $HOST_IFACE? (Y/n) " YN_HI
-  if [[ ! "$YN_HI" =~ ^([yY]|"")$ ]]; then
-    read -p "What is your HOST IFACE? " HOST_IFACE
-  fi
-  LOCAL_IP=$(get_local_ip)
-
-  read -p "Is your LOCAL IP $LOCAL_IP? (Y/n) " YN_IP
-  if [[ ! "$YN_IP" =~ ^([yY]|"")$ ]]; then
-    read -p "What is your LOCAL IP? " LOCAL_IP
-  fi
-fi
-
-# Shells out to get the hostname for the single-node deployment to avoid some
-# config conflicts
-set -x
-export SHORT_HOSTNAME=$(hostname -s)
-set +x
-
-# Updates the /etc/hosts file
-HOSTS="${LOCAL_IP} ${SHORT_HOSTNAME}"
-HOSTS_REGEX="${LOCAL_IP}.*${SHORT_HOSTNAME}"
-if grep -q "$HOSTS_REGEX" "/etc/hosts"; then
-  echo "Not updating /etc/hosts, entry ${HOSTS} already exists."
-else
-  echo "Updating /etc/hosts with: ${HOSTS}"
-  cat << EOF | tee -a /etc/hosts
-$HOSTS
-EOF
-fi
-
-# x/32 will work for CEPH in a single node deploy.
-CIDR="$LOCAL_IP/32"
-
-# Variable setup
-set -x
-# The IP address of the genesis node
-export HOSTIP=$LOCAL_IP
-# The CIDR of the network for the genesis node
-export HOSTCIDR=$CIDR
-# The network interface on the genesis node
-export NODE_NET_IFACE=$HOST_IFACE
-
-export TARGET_SITE="aiab"
-set +x
-
-# Changes DNS servers in common-addresses.yaml to the system's DNS servers
-get_dns_servers ()
-{
-  if hash nmcli 2>/dev/null; then
-    nmcli dev show | awk '/IP4.DNS/ {print $2}' | xargs
-  else
-    cat /etc/resolv.conf | awk '/nameserver/ {print $2}' | xargs
-  fi
-}
-
-if grep -q "10.96.0.10" "/etc/resolv.conf"; then
-  echo "Not changing DNS servers, /etc/resolv.conf already updated."
-else
-  DNS_CONFIG_FILE="${AIAB_DIR}/../../../site/${TARGET_SITE}/networks/common-addresses.yaml"
-  declare -a DNS_SERVERS=($(get_dns_servers))
-  NS1=${DNS_SERVERS[0]:-8.8.8.8}
-  NS2=${DNS_SERVERS[1]:-$NS1}
-  echo "Using DNS servers $NS1 and $NS2."
-  sed -i "s/8.8.8.8/$NS1/" $DNS_CONFIG_FILE
-  sed -i "s/8.8.4.4/$NS2/" $DNS_CONFIG_FILE
-fi
-
-echo ""
-echo "Starting Airship deployment..."
-sleep 1
-${AIAB_DIR}/common/deploy-airship.sh demo
diff --git a/tools/deployment/aiab/common/creds.sh b/tools/deployment/aiab/common/creds.sh
deleted file mode 100644
index dc8a4cf08..000000000
--- a/tools/deployment/aiab/common/creds.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Credentials that can be exported to work with Shipyard.
-# To set your environment variables to the values in this script, run using:
-# source creds.sh
-#
-
-SHIPYARD_KEYSTONE_PASSWORD=$(awk '
-## format we are looking for:
-#schema: deckhand/Passphrase/v1
-#metadata:
-#  schema: metadata/Document/v1
-#  name: ucp_shipyard_keystone_password
-#  layeringDefinition:
-#    abstract: false
-#    layer: site
-#  storagePolicy: cleartext
-#data: password18
-    /^schema: deckhand\/Passphrase\/v1/ {
-        getline
-        getline
-        getline
-        if ($2=="ucp_shipyard_keystone_password") {
-            getline
-            getline
-            getline
-            getline
-            getline
-            print $2
-            exit
-      }
-      else {
-          getline
-      }
-}' treasuremap.yaml)
-
-export OS_USER_DOMAIN_NAME=default
-export OS_PROJECT_DOMAIN_NAME=default
-export OS_PROJECT_NAME=service
-export OS_USERNAME=shipyard
-export OS_PASSWORD="${SHIPYARD_KEYSTONE_PASSWORD}"
-export OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3
diff --git a/tools/deployment/aiab/common/deploy-airship.sh b/tools/deployment/aiab/common/deploy-airship.sh
deleted file mode 100755
index cfe8e6bfc..000000000
--- a/tools/deployment/aiab/common/deploy-airship.sh
+++ /dev/null
@@ -1,434 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###############################################################################
-#                                                                             #
-# Set up and deploy an Airship environment for development/testing purposes.  #
-# Many of the defaults and sources used here are NOT production ready, and    #
-# this should not be used as a copy/paste source for any production use.      #
-#                                                                             #
-###############################################################################
-
-set -x
-
-# The last step to run through in this script. Valid Values are "collect",
-# "genesis", "deploy", and "demo". By default this will run through to the end
-# of the genesis steps
-LAST_STEP_NAME=${1:-"genesis"}
-
-if [[ ${LAST_STEP_NAME} == "collect" ]]; then
-  STEP_BREAKPOINT=10
-elif [[ ${LAST_STEP_NAME} == "genesis" ]]; then
-  STEP_BREAKPOINT=20
-elif [[ ${LAST_STEP_NAME} == "deploy" ]]; then
-  STEP_BREAKPOINT=30
-elif [[ ${LAST_STEP_NAME} == "demo" ]]; then
-  STEP_BREAKPOINT=40
-else
-  STEP_BREAKPOINT=20
-fi
-
-# The directory of the repo where current script is located.
-REPO_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../../../../ >/dev/null 2>&1 && pwd )"
-
-# The directory that will contain the copies of designs and repos from this
-# script. By default it is a directory where the repository is cloned.
-export WORKSPACE=${WORKSPACE:-"${REPO_DIR}/../"}
-
-# The site to deploy
-TARGET_SITE=${TARGET_SITE:-"aiab"}
-
-# Setup blank defaults for proxy variables
-http_proxy=${http_proxy:-""}
-https_proxy=${https_proxy:-""}
-no_proxy=${no_proxy:-""}
-
-# The host name for the single-node deployment. e.g.: 'genesis'
-SHORT_HOSTNAME=${SHORT_HOSTNAME:-""}
-# The host ip for this single-node deployment. e.g.: '10.0.0.9'
-HOSTIP=${HOSTIP:-""}
-# The cidr for the network for the host. e.g.: '10.0.0.0/24'
-HOSTCIDR=${HOSTCIDR:-""}
-# The interface on the host/genesis node. e.g.: 'ens3'
-NODE_NET_IFACE=${NODE_NET_IFACE:-""}
-# Allowance for Genesis/Armada to settle in seconds:
-POST_GENESIS_DELAY=${POST_GENESIS_DELAY:-60}
-
-# Command shortcuts
-PEGLEG="${REPO_DIR}/tools/airship pegleg"
-SHIPYARD="${REPO_DIR}/tools/airship shipyard"
-PROMENADE="${REPO_DIR}/tools/airship promenade"
-
-function check_preconditions() {
-  set +x
-  fail=false
-  if ! [ $(id -u) = 0 ] ; then
-    echo "Please execute this script as root!"
-    fail=true
-  fi
-  if [ -z ${HOSTIP} ] ; then
-    echo "The HOSTIP variable must be set. E.g. 10.0.0.9"
-    fail=true
-  fi
-  if [ -z ${SHORT_HOSTNAME} ] ; then
-    echo "The SHORT_HOSTNAME variable must be set. E.g. testvm1"
-    fail=true
-  fi
-  if [ -z ${HOSTCIDR} ] ; then
-    echo "The HOSTCIDR variable must be set. E.g. 10.0.0.0/24"
-    fail=true
-  fi
-  if [ -z ${NODE_NET_IFACE} ] ; then
-    echo "The NODE_NET_IFACE variable must be set. E.g. ens3"
-    fail=true
-  fi
-  if [[ -z $(grep $SHORT_HOSTNAME /etc/hosts | grep $HOSTIP) ]]
-  then
-    echo "No /etc/hosts entry found for $SHORT_HOSTNAME. Please add one."
-    fail=true
-  fi
-  if [ $fail = true ] ; then
-    echo "Preconditions failed"
-    exit 1
-  fi
-  set -x
-}
-
-function setup_workspace() {
-  # Setup workspace directories
-  mkdir -p ${WORKSPACE}/collected
-  mkdir -p ${WORKSPACE}/genesis
-  # Open permissions for output from Promenade
-  chmod -R 777 ${WORKSPACE}/genesis
-}
-
-function configure_docker() {
-  if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]]
-  then
-    echo "Configuring Docker to use a proxy..."
-    mkdir -p /etc/systemd/system/docker.service.d/
-    cat << EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
-[Service]
-Environment="HTTP_PROXY=${http_proxy}"
-Environment="HTTPS_PROXY=${https_proxy}"
-Environment="NO_PROXY=${no_proxy}"
-EOF
-    systemctl daemon-reload
-    systemctl restart docker
-  fi
-}
-
-function configure_apt() {
-  if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]]
-  then
-    echo "Configuring apt to use a proxy..."
-    mkdir -p /etc/apt/
-    cat << EOF > /etc/apt/apt.conf
-Acquire::http::proxy "${http_proxy}";
-Acquire::https::proxy "${https_proxy}";
-EOF
-  fi
-}
-
-function configure_dev_configurables() {
-  cat << EOF >> ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/deployment/dev-configurables.yaml
-data:
-  hostname: ${SHORT_HOSTNAME}
-  hostip: ${HOSTIP}
-  hostcidr: ${HOSTCIDR}
-  interface: ${NODE_NET_IFACE}
-  maas-ingress: '192.169.1.5/32'
-EOF
-}
-
-function install_dependencies() {
-    apt -qq update
-    # Install docker
-    apt -y install --no-install-recommends docker.io jq nmap nfs-common
-}
-
-function run_pegleg_collect() {
-  pushd ${WORKSPACE}
-  # Make sure certificates generated during prior runs are deleted.
-  rm -f treasuremap/site/${TARGET_SITE}/secrets/certificates.yaml
-  # Run pegleg collect to get the documents combined.
-  ${PEGLEG} site -r /target/treasuremap collect ${TARGET_SITE} -s /target/collected
-  popd
-}
-
-function generate_certs() {
-  # Runs the generation of certs by Promenade and builds bootstrap scripts
-  # Note: In the really real world, CAs and certs would be provided as part of
-  #   the supplied design. In this dev/test environment, self signed is fine.
-  # Moves the generated certificates from /genesis to the design, so that a
-  # Lint can be run
-  set +x
-  echo "=== Generating updated certificates ==="
-  set -x
-  pushd ${WORKSPACE}
-  # Copy the collected yamls into the target for the certs
-  cp collected/*.yaml genesis/
-  # Generate certificates
-  ${PROMENADE} generate-certs -o /target/genesis /target/genesis/treasuremap.yaml
-  # Copy the generated certs back into the deployment_files structure
-  cp genesis/certificates.yaml treasuremap/site/${TARGET_SITE}/secrets/
-  popd
-}
-
-function lint_design() {
-  # After the certificates are in the deployment files run a pegleg lint
-  pushd ${WORKSPACE}
-  ${PEGLEG} site -r /target/treasuremap lint -x P001 ${TARGET_SITE}
-  popd
-}
-
-function generate_genesis() {
-  # Generate the genesis scripts
-  pushd ${WORKSPACE}
-  ${PROMENADE} build-all -o /target/genesis --validators \
-    /target/genesis/treasuremap.yaml \
-    /target/genesis/certificates.yaml
-  popd
-}
-
-function run_genesis() {
-  # Runs the genesis script that was generated
-  ${WORKSPACE}/genesis/genesis.sh
-}
-
-function validate_genesis() {
-  # Vaidates the genesis deployment
-  ${WORKSPACE}/genesis/validate-genesis.sh
-}
-
-function genesis_complete() {
-  # Setup kubeconfig
-  if [ ! -d "$HOME/.kube" ] ; then
-    mkdir ~/.kube
-  fi
-  cp -r /etc/kubernetes/admin/pki ~/.kube/pki
-  cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config
-
-  set +x
-  echo "-----------"
-  echo "Waiting ${POST_GENESIS_DELAY} seconds for Genesis process to settle. This is a good time to grab one more coffee :)"
-  echo "-----------"
-  sleep ${POST_GENESIS_DELAY}
-  echo " "
-  echo "Genesis complete. "
-  print_shipyard_info1
-  set -x
-}
-
-function print_shipyard_info1() {
-  SHIPYARD_KEYSTONE_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml)
-  set +x
-  # signals that genesis completed
-  echo " "
-  echo "The .yaml files in ${WORKSPACE} contain the site design that may be suitable for use with Shipyard. "
-  echo "The Shipyard Keystone password ${SHIPYARD_KEYSTONE_PASS} may be found in ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml"
-  echo " "
-  set -x
-}
-
-function setup_deploy_site() {
-  # creates a directory /${WORKSPACE}/site with all the things necessary to run
-  # deploy_site
-  mkdir -p ${WORKSPACE}/site
-  cp ${WORKSPACE}/treasuremap/tools/deployment/aiab/common/creds.sh ${WORKSPACE}/site
-  cp ${WORKSPACE}/genesis/*.yaml ${WORKSPACE}/site
-  print_shipyard_info2
-}
-
-function print_shipyard_info2() {
-  set +x
-  echo " "
-  echo "${WORKSPACE}/site is set up with creds.sh which can be sourced to set up credentials for use in running Shipyard"
-  echo "${WORKSPACE}/site contains .yaml files that represent the single-node site deployment. (treasuremap.yaml, certificates.yaml)"
-  echo " "
-  echo "----------------------------------------------------------------------------------"
-  echo "The following commands will execute Shipyard to setup and run a deploy_site action"
-  echo "----------------------------------------------------------------------------------"
-  echo "cd ${WORKSPACE}/site"
-  echo "source creds.sh"
-  echo "${SHIPYARD} create configdocs design --filename=/home/shipyard/host/treasuremap.yaml"
-  echo "${SHIPYARD} create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append"
-  echo "${SHIPYARD} commit configdocs"
-  echo "${SHIPYARD} create action deploy_site"
-  echo " "
-  echo "-----------"
-  echo "Other Notes"
-  echo "-----------"
-  echo "If you need to run Armada directly to deploy charts (fix something broken?), the following may be of use:"
-  echo "export ARMADA_IMAGE=quay.io/airshipit/armada"
-  echo "docker run -t -v ~/.kube:/armada/.kube -v ${WORKSPACE}/site:/target --net=host \${ARMADA_IMAGE} apply /target/your-yaml.yaml"
-  echo " "
-  set -x
-}
-
-function execute_deploy_site() {
-  set +x
-  echo " "
-  echo "This is an automated deployment using Shipyard, running commands noted previously"
-  echo "Please stand by while Shipyard deploys the site"
-  echo " "
-  pushd ${WORKSPACE}/site
-  source creds.sh
-  set -x
-  ${SHIPYARD} create configdocs design --filename=/target/treasuremap.yaml
-  ${SHIPYARD} create configdocs secrets --filename=/target/certificates.yaml --append
-  ${SHIPYARD} commit configdocs
-  ${SHIPYARD} create action deploy_site
-  ${REPO_DIR}/tools/gate/wait-for-shipyard.sh
-  popd
-}
-
-function execute_create_heat_stack() {
-  # TODO: (bryan-strassner) prevent this running unless we're running from a
-  #     compatible site defintion that includes OpenStack
-  set +x
-  echo " "
-  echo "Performing basic sanity checks by creating heat stacks"
-  echo " "
-  set -x
-  # Switch to directory where the script is located
-  pushd ${WORKSPACE}/treasuremap/tools/deployment/aiab/common/
-  bash test_create_heat_stack.sh
-  popd
-}
-
-function publish_horizon_dashboard() {
-  kubectl -n openstack expose service/horizon-int --type=NodePort --name=horizon-dashboard
-}
-
-function print_dashboards() {
-  AIRFLOW_PORT=$(kubectl -n ucp get service airflow-web-int -o jsonpath="{.spec.ports[0].nodePort}")
-  HORIZON_PORT=$(kubectl -n openstack get service horizon-dashboard -o jsonpath="{.spec.ports[0].nodePort}")
-  MAAS_PORT=$(kubectl -n ucp get service maas-region-ui -o jsonpath="{.spec.ports[0].nodePort}")
-  MASS_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_maas_admin_password.yaml)
-  HORIZON_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/osh_horizon_oslo_db_password.yaml)
-  set +x
-  echo " "
-  echo "OpenStack Horizon dashboard is available on this host at the following URL:"
-  echo " "
-  echo "  http://${HOSTIP}:${HORIZON_PORT}"
-  echo " "
-  # TODO: (roman_g) can we source it from somewhere?
-  echo "Credentials:"
-  echo "  Domain: default"
-  echo "  Username: admin"
-  echo "  Password: ${HORIZON_PASS}"
-  echo " "
-  echo "OpenStack CLI commands could be launched via \`./openstack\` script, e.g.:"
-  echo "  # cd ${WORKSPACE}/treasuremap/tools/"
-  echo "  # ./openstack stack list"
-  echo "  ..."
-  echo "  "
-  echo "Other dashboards:"
-  echo " "
-  echo "  MAAS: http://${HOSTIP}:${MAAS_PORT}/MAAS/ admin/${MASS_PASS}"
-  echo "  Airship Shipyard Airflow DAG: http://${HOSTIP}:${AIRFLOW_PORT}/"
-  echo " "
-  echo "Airship itself does not have a dashboard."
-  echo " "
-  # TODO: (roman_g) endpoints.yaml path below does not seem to be a reliable location
-  echo "Other endpoints and credentials are listed in the following locations:"
-  echo "  ${WORKSPACE}/type/sloop/config/endpoints.yaml"
-  echo "  ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/"
-  echo "Exposed ports of services can be listed with the following command:"
-  echo "  # kubectl get services --all-namespaces | grep -v ClusterIP"
-  echo "  ..."
-  echo " "
-  set -x
-}
-
-function your_next_steps() {
-  set +x
-  echo " "
-  echo "---------------------------------------------------------------"
-  echo " "
-  echo "Airship has completed deployment of OpenStack (OpenStack-Helm)."
-  echo " "
-  echo "Explore Airship Treasuremap repository and documentation"
-  echo "available at the following URLs:"
-  echo " "
-  echo "  https://opendev.org/airship/treasuremap/"
-  echo "  https://airship-treasuremap.readthedocs.io/"
-  echo " "
-  echo "---------------------------------------------------------------"
-  echo " "
-  set -x
-}
-
-function clean() {
-  # Perform any cleanup of temporary or unused artifacts
-  set +x
-  echo "To remove files generated during this script's execution, delete ${WORKSPACE}."
-  echo "This VM is disposable. Re-deployment in this same VM will lead to unpredictable results."
-  set -x
-}
-
-function error() {
-  # Processes errors
-  set +x
-  echo "Error when $1."
-  set -x
-  exit 1
-}
-
-trap clean EXIT
-
-
-# Common steps for all breakpoints specified
-check_preconditions || error "checking for preconditions"
-configure_apt || error "configuring apt behind proxy"
-setup_workspace || error "setting up workspace directories"
-configure_dev_configurables || error "adding dev-configurables values"
-install_dependencies || error "installing dependencies"
-configure_docker || error "configuring docker behind proxy"
-
-# collect
-if [[ ${STEP_BREAKPOINT} -ge 10 ]]; then
-  echo "This is a good time to grab a coffee :)"
-  run_pegleg_collect || error "running pegleg collect"
-fi
-
-# genesis
-if [[ ${STEP_BREAKPOINT} -ge 20 ]]; then
-  generate_certs || error "setting up certs with Promenade"
-  lint_design || error "linting the design"
-  generate_genesis || error "generating genesis"
-  run_genesis || error "running genesis"
-  validate_genesis || error "validating genesis"
-  genesis_complete || error "printing out some info about next steps"
-  setup_deploy_site || error "preparing the /site directory for deploy_site"
-fi
-
-# deploy
-if [[ ${STEP_BREAKPOINT} -ge 30 ]]; then
-  execute_deploy_site || error "executing deploy_site from the /site directory"
-fi
-
-# demo
-if [[ ${STEP_BREAKPOINT} -ge 40 ]]; then
-  execute_create_heat_stack || error "creating heat stack"
-  publish_horizon_dashboard || error "publishing Horizon dashboard"
-  print_shipyard_info1
-  print_shipyard_info2
-  print_dashboards || error "printing dashboards list"
-  ## Done
-  your_next_steps
-fi
diff --git a/tools/deployment/aiab/common/test_create_heat_stack.sh b/tools/deployment/aiab/common/test_create_heat_stack.sh
deleted file mode 100755
index 90ecaf5db..000000000
--- a/tools/deployment/aiab/common/test_create_heat_stack.sh
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/bash
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -e
-
-AIAB_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" >/dev/null 2>&1 && pwd )"
-OPENSTACK="${AIAB_DIR}/../../openstack"
-
-# External subnet is local to the environment and generally can be anything
-# other then clash with default all-in-one OSH setup that uses 127.24.4.0/24
-export OSH_BR_EX_ADDR="172.24.8.1/24"
-export OSH_EXT_SUBNET="172.24.8.0/24"
-
-# Install curl if it's not already installed
-apt -y install --no-install-recommends curl
-
-pushd "${AIAB_DIR}"
-
-printf "\nCreating KeyPair\n"
-${OPENSTACK} keypair create heat-vm-key > id_rsa
-chmod 600 id_rsa
-
-printf "Downloading heat-public-net-deployment.yaml\n"
-curl -LO https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/gate/files/heat-public-net-deployment.yaml
-
-printf "Creating public-net Heat Stack\n"
-${OPENSTACK} stack create --wait \
-    --parameter subnet_cidr=${OSH_EXT_SUBNET} \
-    --parameter subnet_gateway=${OSH_BR_EX_ADDR%/*} \
-    -t /target/heat-public-net-deployment.yaml \
-    public-net
-
-printf "Downloading heat-basic-vm-deployment.yaml\n"
-curl -LO https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/gate/files/heat-basic-vm-deployment.yaml
-
-printf "Creating test-stack-01\n"
-${OPENSTACK} stack create -t /target/heat-basic-vm-deployment.yaml test-stack-01 --wait
-popd
-
-printf "Heat Stack List\n"
-${OPENSTACK} stack list
-
-printf "Nova Server List\n"
-${OPENSTACK} server list
-
-FLOATING_IP=$(${OPENSTACK} stack output show \
-    test-stack-01 \
-    floating_ip \
-    -f value -c output_value)
-
-printf "Configuring required network settings\n"
-sudo ip addr add ${OSH_BR_EX_ADDR} dev br-ex
-sudo ip link set br-ex up
-sudo iptables -P FORWARD ACCEPT
-DEFAULT_ROUTE_DEV="$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')"
-sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_ROUTE_DEV} -s ${OSH_EXT_SUBNET} -j MASQUERADE
-
-function wait_for_ssh_port {
-  # Default wait timeout is 300 seconds
-  set +x
-  end=$(date +%s)
-  if ! [ -z $2 ]; then
-   end=$((end + $2))
-  else
-   end=$((end + 300))
-  fi
-  while true; do
-      # Use Nmap as its the same on Ubuntu and RHEL family distros
-      nmap -Pn -p22 $1 | awk '$1 ~ /22/ {print $2}' | grep -q 'open' && \
-          break || true
-      sleep 1
-      now=$(date +%s)
-      [ $now -gt $end ] && echo "Could not connect to $1 port 22 in time" && exit -1
-  done
-  set -x
-}
-wait_for_ssh_port $FLOATING_IP
-
-install -m 0700 -d ~/.ssh
-ssh-keyscan "${FLOATING_IP}" >> ~/.ssh/known_hosts
-printf "The test VM is accessible via SSH:  ssh -i id_rsa cirros@${FLOATING_IP}\n"
diff --git a/tools/deployment/airskiff/common/os-env.sh b/tools/deployment/airskiff/common/os-env.sh
deleted file mode 100755
index a70d8c3d9..000000000
--- a/tools/deployment/airskiff/common/os-env.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2019, AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-export OS_PROJECT_DOMAIN_NAME=`grep -m 1 project_domain_name /etc/openstack/clouds.yaml | cut -d "'" -f 2`
-export OS_USER_DOMAIN_NAME=`grep -m 1 user_domain_name /etc/openstack/clouds.yaml | cut -d "'" -f 2`
-export OS_PROJECT_NAME=`grep -m 1 project_name /etc/openstack/clouds.yaml | cut -d "'" -f 2`
-export OS_USERNAME=`grep -m 1 username /etc/openstack/clouds.yaml | cut -d "'" -f 2`
-export OS_PASSWORD=`grep -m 1 password /etc/openstack/clouds.yaml | cut -d "'" -f 2`
-export OS_AUTH_URL=`grep -m 1 auth_url /etc/openstack/clouds.yaml | cut -d "'" -f 2`
diff --git a/tools/deployment/airskiff/common/setup-proxy.sh b/tools/deployment/airskiff/common/setup-proxy.sh
deleted file mode 100755
index 97fe3cb8f..000000000
--- a/tools/deployment/airskiff/common/setup-proxy.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# Copyright 2017 The Openstack-Helm Authors.
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-CURRENT_DIR="$(pwd)"
-: "${INSTALL_PATH:="../"}"
-
-# Update Pegleg versions file
-sed -i -e "/\s      type:/a\        proxy_server: ${PROXY}" \
-  global/software/config/versions.yaml
-
-cd "${CURRENT_DIR}"
diff --git a/tools/deployment/airskiff/developer/000-clone-dependencies.sh b/tools/deployment/airskiff/developer/000-clone-dependencies.sh
deleted file mode 100755
index 46d01f0cd..000000000
--- a/tools/deployment/airskiff/developer/000-clone-dependencies.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-
-# Copyright 2017 The Openstack-Helm Authors.
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-CURRENT_DIR="$(pwd)"
-: "${INSTALL_PATH:="../"}"
-: "${OSH_INFRA_COMMIT:="8ba46703ee9fab0115e4b7f62ea43e0798c36872"}"
-: "${CLONE_ARMADA:=true}"
-: "${CLONE_DECKHAND:=true}"
-: "${CLONE_SHIPYARD:=true}"
-
-cd ${INSTALL_PATH}
-
-# Clone Airship projects
-if [[ ${CLONE_ARMADA} = true ]] ; then
-    git clone https://opendev.org/airship/armada.git
-fi
-if [[ ${CLONE_DECKHAND} = true ]] ; then
-    git clone https://opendev.org/airship/deckhand.git
-fi
-if [[ ${CLONE_SHIPYARD} = true ]] ; then
-    git clone https://opendev.org/airship/shipyard.git
-fi
-
-# Clone dependencies
-git clone https://opendev.org/openstack/openstack-helm-infra.git
-
-cd openstack-helm-infra
-git checkout "${OSH_INFRA_COMMIT}"
-
-cd "${CURRENT_DIR}"
diff --git a/tools/deployment/airskiff/developer/010-deploy-k8s.sh b/tools/deployment/airskiff/developer/010-deploy-k8s.sh
deleted file mode 100755
index e8e90a2d5..000000000
--- a/tools/deployment/airskiff/developer/010-deploy-k8s.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-# Copyright 2019, AT&T Intellectual Property
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-CURRENT_DIR="$(pwd)"
-: "${OSH_INFRA_PATH:="../openstack-helm-infra"}"
-
-# Configure proxy settings if $PROXY is set
-if [ -n "${PROXY}" ]; then
-  . tools/deployment/airskiff/common/setup-proxy.sh
-fi
-
-# Deploy K8s with Minikube
-cd "${OSH_INFRA_PATH}"
-bash -c "./tools/deployment/common/005-deploy-k8s.sh"
-
-kubectl label nodes --all --overwrite ucp-control-plane=enabled
-
-# Add user to Docker group
-# NOTE: This requires re-authentication. Restart your shell.
-sudo adduser "$(whoami)" docker
-sudo su - "$USER" -c bash <<'END_SCRIPT'
-if echo $(groups) | grep -qv 'docker'; then
-    echo "You need to logout to apply group permissions"
-    echo "Please logout and login"
-fi
-END_SCRIPT
-
-cd "${CURRENT_DIR}"
diff --git a/tools/deployment/airskiff/developer/020-setup-client.sh b/tools/deployment/airskiff/developer/020-setup-client.sh
deleted file mode 100755
index fa9043f20..000000000
--- a/tools/deployment/airskiff/developer/020-setup-client.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-# Copyright 2017 The Openstack-Helm Authors.
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-# Install OpenStack client and create OpenStack client configuration file.
-sudo -H -E pip install "cmd2<=0.8.7"
-sudo -H -E pip install python-openstackclient python-heatclient
-
-sudo -H mkdir -p /etc/openstack
-sudo -H chown -R "$(id -un)": /etc/openstack
-tee /etc/openstack/clouds.yaml << EOF
-clouds:
-  airship:
-    region_name: RegionOne
-    identity_api_version: 3
-    auth:
-      username: 'admin'
-      password: 'password123'
-      project_name: 'admin'
-      project_domain_name: 'default'
-      user_domain_name: 'default'
-      auth_url: 'http://keystone-api.ucp.svc.cluster.local:5000/v3'
-  openstack:
-    region_name: RegionOne
-    identity_api_version: 3
-    auth:
-      username: 'admin'
-      password: 'password123'
-      project_name: 'admin'
-      project_domain_name: 'default'
-      user_domain_name: 'default'
-      auth_url: 'http://keystone-api.openstack.svc.cluster.local:5000/v3'
-EOF
diff --git a/tools/deployment/airskiff/developer/030-armada-bootstrap.sh b/tools/deployment/airskiff/developer/030-armada-bootstrap.sh
deleted file mode 100755
index 94f478dad..000000000
--- a/tools/deployment/airskiff/developer/030-armada-bootstrap.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-# Copyright 2017 The Openstack-Helm Authors.
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-: "${INSTALL_PATH:="$(pwd)/../"}"
-: "${PEGLEG:="./tools/airship pegleg"}"
-: "${PL_SITE:="airskiff"}"
-: "${TARGET_MANIFEST:="cluster-bootstrap"}"
-
-# Render documents
-${PEGLEG} site -r . render "${PL_SITE}" -o airskiff.yaml
-
-# Set permissions o+r, beacause these files need to be readable
-# for Armada in the container
-AIRSKIFF_PERMISSIONS=$(stat --format '%a' airskiff.yaml)
-KUBE_CONFIG_PERMISSIONS=$(stat --format '%a' ~/.kube/config)
-
-sudo chmod 0644 airskiff.yaml
-sudo chmod 0644 ~/.kube/config
-
-# In the event that this docker command fails, we want to continue the script
-# and reset the file permissions.
-set +e
-
-# Download latest Armada image and deploy Airship components
-docker run --rm --net host -p 8000:8000 --name armada \
-    -v ~/.kube/config:/armada/.kube/config \
-    -v "$(pwd)"/airskiff.yaml:/airskiff.yaml \
-    -v "${INSTALL_PATH}":/airship-components \
-    quay.io/airshipit/armada:latest \
-    apply /airskiff.yaml --target-manifest $TARGET_MANIFEST
-
-# Set back permissions of the files
-sudo chmod "${AIRSKIFF_PERMISSIONS}" airskiff.yaml
-sudo chmod "${KUBE_CONFIG_PERMISSIONS}" ~/.kube/config
diff --git a/tools/deployment/airskiff/developer/100-deploy-osh.sh b/tools/deployment/airskiff/developer/100-deploy-osh.sh
deleted file mode 100755
index 39fb133bb..000000000
--- a/tools/deployment/airskiff/developer/100-deploy-osh.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2017 The Openstack-Helm Authors.
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-set -xe
-
-# Lint deployment documents
-: "${AIRSHIP_PATH:="./tools/airship"}"
-: "${PEGLEG:="${AIRSHIP_PATH} pegleg"}"
-: "${SHIPYARD:="${AIRSHIP_PATH} shipyard"}"
-: "${PL_SITE:="airskiff"}"
-
-# Source OpenStack credentials for Airship utility scripts
-. tools/deployment/airskiff/common/os-env.sh
-
-# NOTE(drewwalters96): Disable Pegleg linting errors P001 and P009; a
-#  a cleartext storage policy is acceptable for non-production use cases
-#  and maintain consistency with other treasuremap sites.
-${PEGLEG} site -r . lint "${PL_SITE}" -x P001 -x P009
-
-# Collect deployment documents
-: "${PL_OUTPUT:="peggles"}"
-mkdir -p ${PL_OUTPUT}
-
-TERM_OPTS="-l info" ${PEGLEG} site -r . collect ${PL_SITE} -s ${PL_OUTPUT}
-
-# Start the deployment
-${SHIPYARD} create configdocs airskiff-design \
-             --replace \
-             --directory=${PL_OUTPUT}
-${SHIPYARD} commit configdocs
-${SHIPYARD} create action update_software --allow-intermediate-commits
diff --git a/tools/files/heat-basic-vm-deployment.yaml b/tools/files/heat-basic-vm-deployment.yaml
deleted file mode 100644
index 352cac559..000000000
--- a/tools/files/heat-basic-vm-deployment.yaml
+++ /dev/null
@@ -1,118 +0,0 @@
-heat_template_version: '2016-10-14'
-
-parameters:
-  public_net:
-    type: string
-    default: public
-
-  image:
-    type: string
-    default: Cirros 0.3.5 64-bit
-
-  ssh_key:
-    type: string
-    default: heat-vm-key
-
-  cidr:
-    type: string
-    default: 10.11.11.0/24
-
-  dns_nameserver:
-    type: comma_delimited_list
-    description: address of a dns nameserver reachable in your environment
-    default: 8.8.8.8
-
-resources:
-  flavor:
-    type: OS::Nova::Flavor
-    properties:
-      disk: 1
-      ram: 64
-      vcpus: 1
-
-  server:
-    type: OS::Nova::Server
-    properties:
-      image:
-        get_param: image
-      flavor:
-        get_resource: flavor
-      key_name:
-        get_param: ssh_key
-      networks:
-        - port:
-            get_resource: server_port
-      user_data_format: RAW
-
-  router:
-    type: OS::Neutron::Router
-    properties:
-      external_gateway_info:
-        network:
-          get_param: public_net
-
-  router_interface:
-    type: OS::Neutron::RouterInterface
-    properties:
-      router_id:
-        get_resource: router
-      subnet_id:
-        get_resource: private_subnet
-
-  private_net:
-    type: OS::Neutron::Net
-
-  private_subnet:
-    type: OS::Neutron::Subnet
-    properties:
-      network:
-        get_resource: private_net
-      cidr:
-        get_param: cidr
-      dns_nameservers:
-        get_param: dns_nameserver
-
-  port_security_group:
-    type: OS::Neutron::SecurityGroup
-    properties:
-      name: default_port_security_group
-      description: 'Default security group assigned to port.'
-      rules:
-        - remote_ip_prefix: 0.0.0.0/0
-          protocol: tcp
-          port_range_min: 22
-          port_range_max: 22
-        - remote_ip_prefix: 0.0.0.0/0
-          protocol: icmp
-
-  server_port:
-    type: OS::Neutron::Port
-    properties:
-      network:
-        get_resource: private_net
-      fixed_ips:
-        - subnet:
-            get_resource: private_subnet
-      security_groups:
-        - get_resource: port_security_group
-
-  server_floating_ip:
-    type: OS::Neutron::FloatingIP
-    properties:
-      floating_network:
-        get_param: public_net
-      port_id:
-        get_resource: server_port
-
-outputs:
-  floating_ip:
-    value:
-      get_attr:
-        - server_floating_ip
-        - floating_ip_address
-  instance_uuid:
-    value:
-      get_attr:
-        - server
-        - show
-        - id
diff --git a/tools/files/heat-public-net-deployment.yaml b/tools/files/heat-public-net-deployment.yaml
deleted file mode 100644
index 9c494df23..000000000
--- a/tools/files/heat-public-net-deployment.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-heat_template_version: 2016-10-14
-
-parameters:
-  network_name:
-    type: string
-    default: public
-
-  physical_network_name:
-    type: string
-    default: public
-
-  physical_network_interface:
-    type: string
-    default: external
-
-  physical_network_vlan:
-    type: string
-    default: 27
-
-  subnet_name:
-    type: string
-    default: public
-
-  subnet_cidr:
-    type: string
-    default: 172.24.4.0/24
-
-  subnet_gateway:
-    type: string
-    default: 172.24.4.1
-
-  subnet_pool_start:
-    type: string
-    default: 172.24.4.11
-
-  subnet_pool_end:
-    type: string
-    default: 172.24.4.99
-
-resources:
-  public_net:
-    type: OS::Neutron::ProviderNet
-    properties:
-      admin_state_up: true
-      name:
-        get_param: network_name
-      network_type: vlan
-      physical_network:
-        get_param: physical_network_interface
-      port_security_enabled: true
-      router_external: true
-      segmentation_id:
-        get_param: physical_network_vlan
-      shared: true
-
-  private_subnet:
-    type: OS::Neutron::Subnet
-    properties:
-      name:
-        get_param: subnet_name
-      network:
-        get_resource: public_net
-      cidr:
-        get_param: subnet_cidr
-      gateway_ip:
-        get_param: subnet_gateway
-      enable_dhcp: false
-      allocation_pools:
-        - start:
-            get_param: subnet_pool_start
-          end:
-            get_param: subnet_pool_end
-      dns_nameservers:
-        - 10.96.0.10
-
diff --git a/tools/files/heat-vm-volume-attach.yaml b/tools/files/heat-vm-volume-attach.yaml
deleted file mode 100644
index 1cad39ce0..000000000
--- a/tools/files/heat-vm-volume-attach.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-heat_template_version: 2016-10-14
-
-parameters:
-  instance_uuid:
-    type: string
-
-resources:
-  cinder_volume:
-    type: OS::Cinder::Volume
-    properties:
-      name: vol1
-      size: 1
-
-  cinder_volume_attach:
-    type: OS::Cinder::VolumeAttachment
-    properties:
-      instance_uuid:
-        get_param: instance_uuid
-      volume_id:
-        get_resource: cinder_volume
diff --git a/tools/fixes/force_delete_statefulset.sh b/tools/fixes/force_delete_statefulset.sh
deleted file mode 100755
index 41ecb6031..000000000
--- a/tools/fixes/force_delete_statefulset.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/bash
-set -e
-
-# This script should be run manually to forcefully evict statefulset
-# pods from a failed control node. Statefulset pods in kubernetes are not
-# evicted automatically if a node goes down. Those pods would go to
-# an 'unknown' status.
-
-INITIAL_WAIT=${INITIAL_WAIT:-300}
-LOOP_WAIT=${LOOP_WAIT:-10}
-
-if [[ -z "${1}" ]]; then
-    echo "ERROR: Failed control plane node name is not provided"
-    echo "Please provide an argument with the name of the failed control plane node"
-    exit 1
-fi
-
-failed_cp_node=$1
-
-node_present=$(kubectl get nodes -l control-plane=enabled | grep "${failed_cp_node}" || true)
-
-if [[ -z "${node_present}" ]]; then
-    echo "The node name provided is incorrect."
-    echo "Please provide the name of failed control plane node."
-    exit 1
-fi
-
-# The idea here is to find out the names of the statefulset pod that is running on the provided
-# failed control plane node and invoke a force delete action.
-
-for ns in $(kubectl get ns | awk '{print $1}');do
-  for ss in $(kubectl get statefulset -n "${ns}" --ignore-not-found --no-headers | \
-    awk '{print $1}');do
-      label=$(kubectl -n "${ns}" get statefulset "${ss}" --show-labels --no-headers | \
-        awk '{print $5}')
-      pod_name=$(kubectl -n "${ns}" get pod -l "${label}" -o wide --no-headers | \
-        grep "${failed_cp_node}" | awk '{print $1}')
-      if [[ -z "${pod_name}" ]]; then
-          continue
-      else
-          kubectl -n "${ns}" delete pod "${pod_name}" --grace-period=0 --force --ignore-not-found
-      fi
-  done
-done
-
-# The Logic below is to wait for StatefulSet pods to be ready.
-# During testing it took approx 20 mins for all the evicted
-# statefulset pods to be ready. This time could be either less or
-# more. We will wait for 5 mins before we start checking on
-# pods to be ready.
-echo "waiting for ${INITIAL_WAIT} seconds before starting to check on pod readiness."
-echo "This is the initial wait time."
-sleep ${INITIAL_WAIT}
-
-for attempt in {1..180};do
-  echo "waiting for pods to be Ready"
-  echo "Trying attempt $attempt"
-
-  # Statefulset pods are sequentially numbered. For example: 'mariadb-server-0', 'mariadb-server-1'.
-  # We do not have more than 3 replicas for a statefulset pod.
-  ss_not_ready_count=$(kubectl get --all-namespaces pods -o wide --no-headers | \
-    grep '\-0 \|\-1 \|\-2 ' | egrep "0/1|0/2|0/3|1/2|1/3|2/3" | wc -l)
-
-  # We would want the count of this variable to be '0' to determine that all the
-  #  statefulset pods are ready.
-  if [ "$ss_not_ready_count" == 0 ]; then
-      echo "All the statefulset are now ready"
-      exit 0
-  else
-      sleep "${LOOP_WAIT}"
-  fi
-done
-echo "Statefulset pods are not ready in the specified time limit"
-echo "Manual intervention is needed to recover the statefulset pods"
-exit 1
diff --git a/tools/fixes/hanging-cgroup-release.sh b/tools/fixes/hanging-cgroup-release.sh
deleted file mode 100755
index 7b3eb1c45..000000000
--- a/tools/fixes/hanging-cgroup-release.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/bash
-set -ex
-
-CLUSTER_DNS=${CLUSTER_DNS:-10.96.0.10}
-
-KUBECTL_IMAGE=${KUBECTL_IMAGE:-gcr.io/google-containers/hyperkube-amd64:v1.11.6}
-UBUNTU_IMAGE=${UBUNTU_IMAGE:-docker.io/ubuntu:16.04}
-
-cat > /tmp/hanging-cgroup-release.yaml << 'EOF'
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: hanging-cgroup-release
-  namespace: kube-system
-  labels:
-    hotfix: 'true'
-data:
-  singleshot.sh: |+
-    #!/bin/bash
-    set -ex
-
-    while [ 1 ];
-      do
-        cgroup_count() {
-          echo "Current cgroup count: $(find /sys/fs/cgroup/*/system.slice -name tasks | wc -l)"
-        }
-
-        DATE=$(date)
-        echo "$(cgroup_count)"
-        echo   # Stop systemd mount unit that isn't actually mounted
-        echo "Stopping Kubernetes systemd mount units that are not mounted to the system."
-        systemctl list-units --state=running| \
-          sed -rn '/Kubernetes.transient.mount/s,(run-\S+).+(/var/lib/kubelet/pods/.+),\1 \2,p' | \
-          xargs -r -l1 sh -c 'test -d $2 || echo $1' -- | \
-          xargs -r -tl1 systemctl stop |& wc -l
-        echo "$(cgroup_count)"
-
-        sleep 3600
-
-      done;
-EOF
-cat >> /tmp/hanging-cgroup-release.yaml << EOF
----
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: hanging-cgroup-release
-  namespace: kube-system
-spec:
-  template:
-    metadata:
-      labels:
-        name: hanging-cgroup-release
-    spec:
-      hostNetwork: true
-      hostPID: true
-      nodeSelector:
-        ucp-control-plane: enabled
-      containers:
-        - resources:
-            requests:
-              cpu: 0.1
-          securityContext:
-            privileged: true
-          image: ${UBUNTU_IMAGE}
-          name: hanging-cgroup-release
-          command: ["/bin/bash", "-cx"]
-          args:
-            - >
-              cp -p /tmp/singleshot.sh /host/tmp;
-              nsenter -t 1 -m -u -n -i /tmp/singleshot.sh;
-          volumeMounts:
-            - name: host
-              mountPath: /host
-            - name: hanging-cgroup-release
-              subPath: singleshot.sh
-              mountPath: /tmp/singleshot.sh
-      volumes:
-        - name: host
-          hostPath:
-            path: /
-        - name: hanging-cgroup-release
-          configMap:
-            name: hanging-cgroup-release
-            defaultMode: 0555
-EOF
-
-docker run --rm -i \
-        --net host \
-        -v /tmp:/work \
-        -v /etc/kubernetes/admin:/etc/kubernetes/admin \
-        -e KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml \
-        ${KUBECTL_IMAGE} \
-            /kubectl apply -f /work/hanging-cgroup-release.yaml
-
diff --git a/tools/fixes/rbd-roomba-scanner.sh b/tools/fixes/rbd-roomba-scanner.sh
deleted file mode 100755
index 06095b01b..000000000
--- a/tools/fixes/rbd-roomba-scanner.sh
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/bash
-set -ex
-
-CLUSTER_DNS=${CLUSTER_DNS:-10.96.0.10}
-
-KUBECTL_IMAGE=${KUBECTL_IMAGE:-gcr.io/google-containers/hyperkube-amd64:v1.11.6}
-UBUNTU_IMAGE=${UBUNTU_IMAGE:-docker.io/ubuntu:16.04}
-
-cat > /tmp/rbd-roomba-scanner.yaml << 'EOF'
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rbd-roomba-scanner
-  namespace: ceph
-  labels:
-    hotfix: 'true'
-data:
-  singleshot.sh: |+
-    #!/bin/bash
-    set -ex
-
-    while [ 1 ];
-
-      do
-
-        # don't put it in /tmp where it can be p0wned (???)
-        lsblk | awk '/^rbd/ {if($7==""){print $0}}' | awk '{ printf "/dev/%s\n",$1 }' > /var/run/rbd_list
-
-        # wait a while, so we don't catch rbd devices the kubelet is working on mounting
-        sleep 60
-
-        # finally, examine rbd devices again and if any were seen previously (60s ago) we will
-        # forcefully unmount them if they have no fs mounts
-        DATE=$(date)
-        for rbd in `lsblk | awk '/^rbd/ {if($7==""){print $0}}' | awk '{ printf "/dev/%s\n",$1 }'`; do
-          if grep -q $rbd /var/run/rbd_list; then
-            echo "[${DATE}] Unmapping stale RBD $rbd"
-            /usr/bin/rbd unmap -o force $rbd
-            # NOTE(supamatt): rbd unmap -o force will only succeed if there are NO pending I/O
-          else
-            echo "[${DATE}] Skipping RBD $rbd as it hasn't been stale for at least 60 seconds"
-          fi
-        done
-        rm -rf /var/run/rbd_list
-
-      done;
-EOF
-cat >> /tmp/rbd-roomba-scanner.yaml << EOF
----
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: rbd-roomba-scanner
-  namespace: ceph
-spec:
-  template:
-    metadata:
-      labels:
-        name: rbd-roomba-scanner
-    spec:
-      hostNetwork: true
-      hostPID: true
-      nodeSelector:
-        openstack-control-plane: enabled
-      containers:
-        - resources:
-            requests:
-              cpu: 0.1
-          securityContext:
-            privileged: true
-          image: ${UBUNTU_IMAGE}
-          name: rbd-roomba-scanner
-          command: ["/bin/bash", "-cx"]
-          args:
-            - >
-              cp -p /tmp/singleshot.sh /host/tmp;
-              nsenter -t 1 -m -u -n -i /tmp/singleshot.sh;
-          volumeMounts:
-            - name: host
-              mountPath: /host
-            - name: rbd-roomba-scanner
-              subPath: singleshot.sh
-              mountPath: /tmp/singleshot.sh
-      volumes:
-        - name: host
-          hostPath:
-            path: /
-        - name: rbd-roomba-scanner
-          configMap:
-            name: rbd-roomba-scanner
-            defaultMode: 0555
-EOF
-
-docker run --rm -i \
-        --net host \
-        -v /tmp:/work \
-        -v /etc/kubernetes/admin:/etc/kubernetes/admin \
-        -e KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml \
-        ${KUBECTL_IMAGE} \
-            /kubectl apply -f /work/rbd-roomba-scanner.yaml
diff --git a/tools/gate/README.md b/tools/gate/README.md
deleted file mode 100644
index b7a241144..000000000
--- a/tools/gate/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Jenkins code in this directory imports many Groovy methods from
-[att-comdev/cicd](https://github.com/att-comdev/cicd/tree/master/vars)
-repository on Github: `redfish.*`, `ssh.*`, and others.
diff --git a/tools/gate/aiab/Jenkinsfile b/tools/gate/aiab/Jenkinsfile
deleted file mode 100644
index 9f4c25825..000000000
--- a/tools/gate/aiab/Jenkinsfile
+++ /dev/null
@@ -1,54 +0,0 @@
-// pipeline for treasuremap installation of airship-in-a-bottle,
-// more info at http://www.airshipit.org/
-
-ARTF_BASE = "cicd/logs/${JOB_NAME}/${BUILD_ID}"
-
-REPO_URL = 'https://review.opendev.org/airship/treasuremap'
-REPO_HOME = '/root/deploy/treasuremap'
-
-publicNet = 'public'
-if (env.AIRSHIP_VM_PUBLIC_NET) {
-    publicNet = env.AIRSHIP_VM_PUBLIC_NET
-}
-
-vm(flavor: 'm1.xxlarge', artifactoryLogs: true, publicNet: publicNet) {
-
-    stage('Checkout'){
-
-        sh 'sudo mkdir /root/deploy'
-        sh 'sudo setfacl -m u:ubuntu:rwx /root/deploy'
-        sh 'sudo setfacl -m u:ubuntu:rwx /root'
-
-        gerrit.cloneToBranch(REPO_URL, GERRIT_PATCHSET_REVISION, REPO_HOME)
-
-        if(GERRIT_EVENT_TYPE != 'change-merged') {
-            dir(REPO_HOME) {
-                gerrit.rebase()
-            }
-        }
-        currentBuild.displayName = "#${BUILD_NUMBER} ${GERRIT_EVENT_TYPE}"
-    }
-
-    stage('Run Airship') {
-        dir("${REPO_HOME}/tools/deployment/aiab/"){
-            try {
-                timeout(120){
-                    sh 'sudo TERM_OPTS=-i ./airship-in-a-bottle.sh -y'
-                }
-            } catch (err) {
-                try {
-                    sh 'sudo debug-report.sh'
-                    def hostname =  sh (script: 'hostname', returnStdout: true).trim()
-                    artifactory.upload("debug-${hostname}.tgz",
-                                   "${ARTF_BASE}/debug-${hostname}.tgz")
-                } catch (lerr){
-                    // pipeline may not yet deployed basic k8s
-                    // cause of the issue will be found in Jenkins console log
-                    print "Failed to publish debug report: ${lerr}"
-                }
-                error(err)
-            }
-        }
-    }
-}
-
diff --git a/tools/gate/aiab/seed.groovy b/tools/gate/aiab/seed.groovy
deleted file mode 100644
index 9e056a1a8..000000000
--- a/tools/gate/aiab/seed.groovy
+++ /dev/null
@@ -1,55 +0,0 @@
-JOB_BASE = 'tools/gate/aiab'
-
-pipelineJob("treasuremap-aiab") {
-
-    logRotator{
-        daysToKeep(90)
-    }
-
-    configure {
-        node -> node / 'properties' / 'jenkins.branch.RateLimitBranchProperty_-JobPropertyImpl'{
-            durationName 'hour'
-            count '3'
-        }
-    }
-
-    triggers {
-        gerritTrigger {
-            serverName('ATT-airship-CI')
-            gerritProjects {
-                gerritProject {
-                    compareType('PLAIN')
-                    pattern("airship/treasuremap")
-                    branches {
-                        branch {
-                            compareType("ANT")
-                            pattern("**")
-                        }
-                    }
-                    disableStrictForbiddenFileVerification(false)
-                }
-            }
-            triggerOnEvents {
-                patchsetCreated {
-                   excludeDrafts(false)
-                   excludeTrivialRebase(false)
-                   excludeNoCodeChange(false)
-                }
-                changeMerged()
-                commentAddedContains {
-                   commentAddedCommentContains('^recheck\$')
-                }
-            }
-        }
-
-        definition {
-            cpsScm {
-                scm {
-                    git('https://review.opendev.org/airship/treasuremap')
-                    scriptPath('tools/gate/aiab/Jenkinsfile')
-                    lightweight(true)
-                }
-            }
-        }
-    }
-}
diff --git a/tools/gate/airsloop/Jenkinsfile b/tools/gate/airsloop/Jenkinsfile
deleted file mode 100644
index 3a813471e..000000000
--- a/tools/gate/airsloop/Jenkinsfile
+++ /dev/null
@@ -1,333 +0,0 @@
-// shared libaries used within the pipeline
-// https://github.com/att-comdev/cicd/blob/master/vars
-
-
-import org.yaml.snakeyaml.Yaml
-import org.yaml.snakeyaml.DumperOptions;
-
-import groovy.json.JsonSlurperClassic
-import groovy.json.JsonOutput
-
-COLLECT_DIR = 'airsloop'
-BUNDLE_DIR = 'bundle'
-
-KEYSTONE_URL = 'http://keystone.ucp.svc.cluster.local'
-SHIPYARD_URL = 'http://shipyard-api.ucp.svc.cluster.local/api/v1.0'
-SHIPYARD_CREDS = 'airsloop-shipyard-iam-pw'
-
-uuid = UUID.randomUUID().toString()
-
-SITE_NAME='airsloop'
-IPMI_CREDS = 'airsloop-ipmi'
-
-GENESIS_IP = '10.22.71.21'
-GENESIS_CREDS = 'airsloop-key'
-
-GENESIS_IPMI_IP = '10.22.104.21'
-
-IPMI_IPS = ['10.22.104.22']
-
-AIRSHIP_MANIFESTS_REPO = 'https://review.opendev.org/airship/treasuremap'
-DISPLAY_NAME = 'manual'
-
-if (env.GERRIT_REFSPEC) {
-    AIRSHIP_MANIFESTS_REF = GERRIT_REFSPEC
-    DISPLAY_NAME = GERRIT_EVENT_TYPE
-} else if (AIRSHIP_MANIFESTS_REF == 'uplift') {
-    DISPLAY_NAME = 'uplift'
-}
-
-ARTF_BASE = "cicd/logs/${JOB_NAME}/${BUILD_ID}"
-
-currentBuild.displayName = "#${BUILD_NUMBER} ${DISPLAY_NAME}"
-
-
-//// git utils
-
-def clone(String ref){
-
-    def refspec = ''
-
-    // override refspec if patchset provided
-    if (ref.contains('refs')) {
-        refspec = "${ref}:${ref}"
-    }
-
-    // base uplift on latest master
-    if (ref == 'uplift') {
-        ref = 'master'
-    }
-
-    checkout poll: false,
-    scm: [$class: 'GitSCM',
-         branches: [[name: ref]],
-         doGenerateSubmoduleConfigurations: false,
-         extensions: [[$class: 'CleanBeforeCheckout']],
-         submoduleCfg: [],
-         userRemoteConfigs: [[refspec: refspec,
-         url: AIRSHIP_MANIFESTS_REPO ]]]
-}
-
-
-
-//// bare-metal utils
-
-def reset_bare_metal = {
-    stage ('Bare-Metal Reset') {
-
-        withCredentials([usernamePassword(credentialsId: IPMI_CREDS,
-                                      usernameVariable: 'IUSER',
-                                      passwordVariable: 'IPASS')]) {
-
-            def auth = redfish.getBasicAuth(IUSER, IPASS)
-
-            // power cycle genesis
-            redfish.powerOff(GENESIS_IPMI_IP, auth)
-            redfish.powerOn(GENESIS_IPMI_IP, auth)
-
-            // shutdown all other nodes
-            IPMI_IPS.each() {
-                redfish.powerOff(it, auth)
-            }
-        }
-
-    }
-}
-
-
-//// manifest utils
-
-def pegleg_site_collect = {
-    stage('Pegleg Site Collect') {
-
-        configFileProvider([configFile(fileId: 'airsloop-site-definition',
-            targetLocation: "site/${SITE_NAME}/site-definition.yaml")]) {
-        }
-
-        withCredentials([sshUserPrivateKey(credentialsId: 'jenkins-attcomdev-key',
-                keyFileVariable: 'SSH_KEY',
-                usernameVariable: 'SSH_USER')]) {
-
-            sh "cp ${SSH_KEY} ssh-key"
-
-            sh "sudo -E tools/airship pegleg site" +
-                 " -u ${SSH_USER}" +
-                 " -k /target/ssh-key" +
-                 " -r /target collect ${SITE_NAME}" +
-                 " -s /target/${COLLECT_DIR}"
-
-            sh "sudo chown -R ubuntu:ubuntu ${COLLECT_DIR}"
-        }
-
-        sh "tar czf ${COLLECT_DIR}.tar.gz ${SITE_NAME}"
-        archiveArtifacts "${COLLECT_DIR}.tar.gz"
-    }
-}
-
-def prom_config_gen = {
-    stage ("Promenade Config Gen") {
-
-        withEnv(['TERM_OPTS=-t']) {
-            sh "mkdir -p promenade-bundle"
-            sh "sudo -E tools/airship promenade build-all --validators" +
-               " -o promenade-bundle /target/${SITE_NAME}/*.yaml"
-        }
-
-        sh 'tar czf promenade-bundle.tar.gz promenade-bundle'
-        archiveArtifacts 'promenade-bundle.tar.gz'
-    }
-}
-
-
-//// genesis utils
-
-def genesis_cleanup = {
-    stage('Genesis Cleanup') {
-
-        dfiles = ['promenade',
-                  'promenade-bundle',
-                  'promenade-bundle.tar.gz',
-                  SITE_NAME,
-                  'airsloop.tar.gz',
-                  'debug-cab23-r720-11.tgz',
-                  '/var/lib/docker',
-                  '/var/lib/kubelet']
-
-        dfiles.each() {
-           ssh.cmd (GENESIS_CREDS, GENESIS_IP, "sudo rm -rf ${it}")
-        }
-
-        ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-                'git clone https://opendev.org/airship/promenade')
-        ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-                'sudo -S promenade/tools/cleanup.sh -f')
-
-    }
-}
-
-def debug_report = {
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP, 'sudo debug-report.sh')
-    ssh.get (GENESIS_CREDS, GENESIS_IP, 'debug-airsloop-control-1.tgz', '.')
-
-    archiveArtifacts 'debug-airsloop-control-1.tgz'
-
-    artifactory.upload("debug-airsloop-control-1.tgz",
-        "${ARTF_BASE}/debug-airsloop-control-1.tgz")
-}
-
-def genesis_deploy = {
-    stage('Genesis Deploy') {
-
-        try {
-
-            ssh.put(GENESIS_CREDS, GENESIS_IP, 'promenade-bundle.tar.gz', '.')
-            ssh.cmd(GENESIS_CREDS, GENESIS_IP, 'tar xvzf promenade-bundle.tar.gz')
-
-            timeout (90) {
-                ssh.cmd(GENESIS_CREDS, GENESIS_IP,
-                           'sudo promenade-bundle/genesis.sh')
-
-                // fixme: there is notable initial slowness likely due to coredns
-                // going out of service and taking time to recover
-                // this is a long time issue and needs to be taken look at
-                retry(2) {
-                    ssh.cmd(GENESIS_CREDS, GENESIS_IP,
-                            'sudo -S promenade-bundle/validate-genesis.sh')
-                }
-            }
-
-            sleep 120 // wait for k8s to calm down
-
-        } catch (err) {
-            debug_report()
-            error(err)
-        }
-    }
-}
-
-def shipyard_deploy = { action ->
-    try {
-        def req = keystone.retrieveToken(SHIPYARD_CREDS, KEYSTONE_URL)
-        def token = req.getHeaders()["X-Subject-Token"][0]
-        shipyard2.uploadConfig(uuid, token, SHIPYARD_URL, SITE_NAME)
-
-        shipyard2.waitAction(action: action,
-                             uuid: uuid,
-                             shipyardUrl: SHIPYARD_URL,
-                             keystoneCreds: SHIPYARD_CREDS,
-                             keystoneUrl: KEYSTONE_URL)
-
-    } catch (err) {
-        debug_report()
-        error(err)
-    }
-}
-
-
-//// uplift utils
-
-def uplift_versions = {
-    stage('Uplift Versions') {
-        sh 'sudo apt-get install python3-yaml python3-git -y'
-
-        def cmd = 'tools/updater.py --in-file global/software/config/versions.yaml --tag-filter ubuntu_xenial'
-
-        if (!UPLIFT_BLACKLIST.isEmpty()) {
-           cmd += " --skip ${UPLIFT_BLACKLIST}"
-        }
-
-        sh cmd
-        sh 'git diff'
-    }
-}
-
-//// test utils
-
-def sanity_tests = {
-    stage('Sanity Tests') {
-
-        sh 'sudo apt-get install nmap -y'
-
-        withEnv(['TERM_OPTS=-i',
-                 'OSH_EXT_SUBNET=',
-                 'OSH_BR_EX_ADDR=',
-                 'OSH_KEYSTONE_URL=http://keystone.openstack.svc.cluster.local',
-                 'OSH_EXT_NET_VLAN=75',
-                 'OSH_EXT_SUBNET=10.22.75.0/24',
-                 'OSH_EXT_GATEWAY=10.22.75.1',
-                 'OSH_EXT_SUBNET_POOL_START=10.22.75.11',
-                 'OSH_EXT_SUBNET_POOL_END=10.22.75.99',
-                 'OSH_REGION_NAME=airsloop',
-                 'OSH_ADMIN_PASSWD=airsloop123']) {
-            sh 'tools/tests.sh'
-        }
-    }
-}
-
-
-//// main flow
-
-vm(image: 'ubuntu-16.04-server-cloudimg-amd64',
-   timeout: 360,
-   publicNet: 'foundry',
-   buildType: 'flat',
-   initScript: 'cloud-config',
-   artifactoryLogs: ARTIFACTORY_LOGS.toBoolean()) {
-
-    // wait and make sure genesis is up
-    ssh.wait (GENESIS_CREDS, GENESIS_IP, 'hostname')
-
-    // disable docker/kubelet services
-    // this is done to be able to properly cleanup genesis after reboot
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo systemctl disable kubelet')
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo systemctl disable docker')
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo touch /forcefsck')
-
-    reset_bare_metal()
-
-    sh 'sudo apt-get update'
-    sh 'sudo apt-get install docker.io -y'
-
-    sh 'cat /etc/hosts > hosts'
-    sh 'echo "10.22.71.21 keystone.ucp.svc.cluster.local ' +
-        'shipyard-api.ucp.svc.cluster.local ' +
-        'keystone.openstack.svc.cluster.local ' +
-        'heat.openstack.svc.cluster.local ' +
-        'cinder.openstack.svc.cluster.local ' +
-        'cloudformation.openstack.svc.cluster.local ' +
-        'glance.openstack.svc.cluster.local ' +
-        'glance-reg.openstack.svc.cluster.local ' +
-        'horizon.openstack.svc.cluster.local ' +
-        'metadata.openstack.svc.cluster.local ' +
-        'neutron.openstack.svc.cluster.local ' +
-        'nova.openstack.svc.cluster.local ' +
-        'placement.openstack.svc.cluster.local" >> hosts'
-    sh 'sudo mv hosts /etc/hosts'
-
-    clone(AIRSHIP_MANIFESTS_REF)
-
-    // use updater tool to pull latest charts/images
-    if (AIRSHIP_MANIFESTS_REF == 'uplift') {
-        uplift_versions()
-    }
-
-    pegleg_site_collect()
-    prom_config_gen()
-
-    stage ('Genesis Wait') {
-        ssh.wait (GENESIS_CREDS, GENESIS_IP, 'hostname')
-    }
-
-    genesis_cleanup()
-    genesis_deploy()
-
-    timeout(240) {
-        shipyard_deploy('deploy_site')
-    }
-
-    sanity_tests()
-}
-
diff --git a/tools/gate/airsloop/seed.groovy b/tools/gate/airsloop/seed.groovy
deleted file mode 100644
index 37ec9a26a..000000000
--- a/tools/gate/airsloop/seed.groovy
+++ /dev/null
@@ -1,93 +0,0 @@
-
-pipelineJob('airsloop') {
-
-    displayName('Airsloop')
-    description('Bare-metal minimalistic deployment pipeline')
-
-    logRotator {
-        daysToKeep(30)
-    }
-
-    parameters {
-        string {
-            defaultValue("uplift")
-            description("Reference to treasuremap, e.g. refs/changes/12/12345/12")
-            name("AIRSHIP_MANIFESTS_REF")
-            trim(true)
-        }
-        booleanParam {
-            defaultValue(true)
-            description('Flag to publish the console log from the pipeline run to artifactory. ' +
-                        'Set this value to false, if you should want to suppress uploading ' +
-                        'and publishing of the pipeline logs to the artifactory.')
-            name("ARTIFACTORY_LOGS")
-        }
-
-    }
-
-    concurrentBuild(false)
-
-    triggers {
-        gerritTrigger {
-            serverName('OS-CommunityGerrit')
-            silentMode(true)
-
-            gerritProjects {
-                gerritProject {
-                    compareType('PLAIN')
-                    pattern("airship/treasuremap")
-                    branches {
-                        branch {
-                            compareType("ANT")
-                            pattern("**")
-                        }
-                    }
-                    disableStrictForbiddenFileVerification(false)
-
-                    filePaths {
-                        filePath {
-                            compareType('ANT')
-                            pattern('global/**')
-                        }
-                        filePath {
-                            compareType('ANT')
-                            pattern('type/sloop/**')
-                        }
-                        filePath {
-                            compareType('ANT')
-                            pattern('site/airsloop/**')
-                        }
-                        filePath {
-                            compareType('ANT')
-                            pattern('tools/**')
-                        }
-                    }
-                }
-            }
-
-            triggerOnEvents {
-                patchsetCreated {
-                    excludeDrafts(false)
-                    excludeTrivialRebase(false)
-                    excludeNoCodeChange(false)
-                }
-                commentAddedContains {
-                    commentAddedCommentContains('recheck')
-                }
-            }
-
-            cron('H H * * *')
-        }
-
-        definition {
-            cpsScm {
-                scm {
-                    git('https://review.opendev.org/airship/treasuremap')
-                    scriptPath('tools/gate/airsloop/Jenkinsfile')
-                    lightweight(true)
-                }
-            }
-        }
-    }
-}
-
diff --git a/tools/gate/debug-report.sh b/tools/gate/debug-report.sh
deleted file mode 100755
index d277ec0f2..000000000
--- a/tools/gate/debug-report.sh
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/usr/bin/env bash
-
-set -ux
-
-SUBDIR_NAME=debug-$(hostname)
-
-# NOTE(mark-burnett): This should add calicoctl to the path.
-export PATH=${PATH}:/opt/cni/bin
-
-TEMP_DIR=$(mktemp -d)
-export TEMP_DIR
-export BASE_DIR="${TEMP_DIR}/${SUBDIR_NAME}"
-export HELM_DIR="${BASE_DIR}/helm"
-export CALICO_DIR="${BASE_DIR}/calico"
-
-mkdir -p "${BASE_DIR}"
-
-PARALLELISM_FACTOR=2
-
-function get_namespaces () {
-    kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
-}
-
-function get_pods () {
-    NAMESPACE=$1
-    kubectl get pods -n "${NAMESPACE}" -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo "${NAMESPACE}" {}
-}
-export -f get_pods
-
-function get_pod_logs () {
-    NAMESPACE=${1% *}
-    POD=${1#* }
-    INIT_CONTAINERS=$(kubectl get pod "${POD}" -n "${NAMESPACE}" -o json | jq -r '.spec.initContainers[]?.name')
-    CONTAINERS=$(kubectl get pod "${POD}" -n "${NAMESPACE}" -o json | jq -r '.spec.containers[].name')
-    POD_DIR="${BASE_DIR}/pod-logs/${NAMESPACE}/${POD}"
-    mkdir -p "${POD_DIR}"
-    for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do
-        kubectl logs "${POD}" -n "${NAMESPACE}" -c "${CONTAINER}" > "${POD_DIR}/${CONTAINER}.txt"
-    done
-}
-export -f get_pod_logs
-
-function list_namespaced_objects () {
-    export NAMESPACE=$1
-    cat | awk "{ print \"${NAMESPACE} \" \$1 }" <<OBJECTS
-configmaps
-cronjobs
-daemonsets
-deployment
-endpoints
-ingresses
-jobs
-networkpolicies
-pods
-podsecuritypolicies
-persistentvolumeclaims
-rolebindings
-roles
-serviceaccounts
-services
-statefulsets
-OBJECTS
-}
-export -f list_namespaced_objects
-
-function name_objects () {
-    input=($1)
-    export NAMESPACE=${input[0]}
-    export OBJECT=${input[1]}
-    kubectl get -n "${NAMESPACE}" "${OBJECT}" -o name | awk "{ print \"${NAMESPACE} ${OBJECT} \" \$1 }"
-}
-export -f name_objects
-
-function get_objects () {
-    input=($1)
-    export NAMESPACE=${input[0]}
-    export OBJECT=${input[1]}
-    export NAME=${input[2]#*/}
-    echo "${NAMESPACE}/${OBJECT}/${NAME}"
-    DIR="${BASE_DIR}/objects/namespaced/${NAMESPACE}/${OBJECT}"
-    mkdir -p "${DIR}"
-    kubectl get -n "${NAMESPACE}" "${OBJECT}" "${NAME}" -o yaml > "${DIR}/${NAME}.yaml"
-}
-export -f get_objects
-
-function get_releases () {
-    helm list --all --short
-}
-
-function get_release () {
-    input=($1)
-    RELEASE=${input[0]}
-    helm status "${RELEASE}" > "${HELM_DIR}/${RELEASE}.txt"
-
-}
-export -f get_release
-
-if which helm; then
-    mkdir -p "${HELM_DIR}"
-    helm list --all > "${HELM_DIR}/list" &
-    get_releases | \
-        xargs -r -n 1 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'get_release "$@"' _ {}
-fi
-
-kubectl get --all-namespaces -o wide pods > "${BASE_DIR}/pods.txt" &
-
-get_namespaces | \
-    xargs -r -n 1 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'get_pods "$@"' _ {} | \
-    xargs -r -n 2 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'get_pod_logs "$@"' _ {} &
-
-get_namespaces | \
-    xargs -r -n 1 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \
-    xargs -r -n 1 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'name_objects "$@"' _ {} | \
-    xargs -r -n 1 -P "${PARALLELISM_FACTOR}" -I {} bash -c 'get_objects "$@"' _ {} &
-
-iptables-save > "${BASE_DIR}/iptables" &
-
-if which calicoctl; then
-    mkdir -p "${CALICO_DIR}"
-    for kind in bgpPeer hostEndpoint ipPool nodes policy profile workloadEndpoint; do
-        calicoctl get "${kind}" -o yaml > "${CALICO_DIR}/${kind}.yaml" &
-    done
-fi
-
-wait
-
-tar zcf "${SUBDIR_NAME}.tgz" -C "${TEMP_DIR}" "${SUBDIR_NAME}"
diff --git a/tools/gate/lint-site.sh b/tools/gate/lint-site.sh
deleted file mode 100755
index c6f57185e..000000000
--- a/tools/gate/lint-site.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -xe
-
-# TODO(drewwalters96): make Treasuremap sites P001 and P009 compliant.
-TERM_OPTS=" " ./tools/airship pegleg site -r . lint "$1" -x P001 -x P009
diff --git a/tools/gate/manifests/full-site.yaml b/tools/gate/manifests/full-site.yaml
deleted file mode 100644
index f2f65731d..000000000
--- a/tools/gate/manifests/full-site.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: full-site
-  labels:
-    name: full-site-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: full-site-global
-    actions:
-      - method: replace
-        path: .chart_groups
-  storagePolicy: cleartext
-data:
-  chart_groups:
-    - openstack-ingress-controller
-    - openstack-memcached
-...
diff --git a/tools/gate/playbooks/airskiff-deploy-gate.yaml b/tools/gate/playbooks/airskiff-deploy-gate.yaml
deleted file mode 100644
index 5fa9710cc..000000000
--- a/tools/gate/playbooks/airskiff-deploy-gate.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    # Stop systemd-resolved service before starting docker.
-    - name: stop systemd-resolved service
-      systemd:
-        state: stopped
-        enabled: no
-        masked: yes
-        daemon_reload: yes
-        name: systemd-resolved
-      become: yes
-
-    - name: Clone dependencies
-      shell: |
-        ./tools/deployment/airskiff/developer/000-clone-dependencies.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-
-    - name: Deploy Kubernetes with Minikube
-      shell: |
-        ./tools/deployment/airskiff/developer/010-deploy-k8s.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-
-    - name: Setup OpenStack Client
-      shell: |
-        ./tools/deployment/airskiff/developer/020-setup-client.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
-
-    - name: Deploy Airship components using Armada
-      shell: |
-        mkdir ~/.kube
-        cp -rp /home/zuul/.kube/config ~/.kube/config
-        export PL_SITE="{{ site }}"
-        ./tools/deployment/airskiff/developer/030-armada-bootstrap.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
-
-    - name: Deploy Software using Airship
-      shell: |
-        export PL_SITE="{{ site }}"
-        ./tools/deployment/airskiff/developer/100-deploy-osh.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
-
-    - name: Wait for deployment completion
-      shell: |
-        . ./tools/deployment/airskiff/common/os-env.sh
-        ./tools/gate/wait-for-shipyard.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
diff --git a/tools/gate/playbooks/airskiff-reduce-site.yaml b/tools/gate/playbooks/airskiff-reduce-site.yaml
deleted file mode 100644
index 35e27e426..000000000
--- a/tools/gate/playbooks/airskiff-reduce-site.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Replace Armada manifest
-      shell: |
-        mv tools/gate/manifests/full-site.yaml \
-            type/skiff/manifests/full-site.yaml
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
diff --git a/tools/gate/playbooks/debug-report.yaml b/tools/gate/playbooks/debug-report.yaml
deleted file mode 100644
index eadd0af78..000000000
--- a/tools/gate/playbooks/debug-report.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Build debug report
-      shell: |
-        ./tools/gate/debug-report.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-
-    - name: Extract debug report
-      shell: |
-        mkdir -p /tmp/debug
-        tar -xf debug-* -C /tmp/debug
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-
-    - name: Pull logs to executor
-      synchronize:
-        src: /tmp/debug
-        dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
-        mode: pull
diff --git a/tools/gate/playbooks/generate-certs.yaml b/tools/gate/playbooks/generate-certs.yaml
deleted file mode 100644
index 20ddf3185..000000000
--- a/tools/gate/playbooks/generate-certs.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright 2019 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Generate site certificates
-      shell: |
-        set -xe;
-        SITE="{{ site }}"
-
-        mkdir collected
-        ./tools/airship pegleg site \
-          -r . collect ${SITE} \
-          -s /target/collected
-        ./tools/airship promenade generate-certs \
-          -o /target/site/${SITE}/secrets \
-          /target/collected/treasuremap.yaml
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
diff --git a/tools/gate/playbooks/git-config.yaml b/tools/gate/playbooks/git-config.yaml
deleted file mode 100644
index 7d86b30e3..000000000
--- a/tools/gate/playbooks/git-config.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Git config
-      shell: |
-        set -xe;
-
-        tee .git/config << EOF
-        [remote "origin"]
-        url = https://opendev.org/airship/treasuremap.git
-        EOF
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
diff --git a/tools/gate/playbooks/install-docker.yaml b/tools/gate/playbooks/install-docker.yaml
deleted file mode 100644
index cd74bf9db..000000000
--- a/tools/gate/playbooks/install-docker.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Install Docker CE
-      shell: |
-        set -xe;
-
-        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-        apt-add-repository \
-        "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
-        $(lsb_release -cs) \
-        stable"
-
-        apt-get update
-        apt-get install --no-install-recommends -y docker-ce
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
diff --git a/tools/gate/playbooks/site-lint.yaml b/tools/gate/playbooks/site-lint.yaml
deleted file mode 100644
index e98ebbd19..000000000
--- a/tools/gate/playbooks/site-lint.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Lint site
-      shell: |
-        set -xe;
-        ./tools/gate/lint-site.sh "{{ site }}"
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes
diff --git a/tools/gate/seaworthy/Jenkinsfile b/tools/gate/seaworthy/Jenkinsfile
deleted file mode 100644
index 9a81e82a8..000000000
--- a/tools/gate/seaworthy/Jenkinsfile
+++ /dev/null
@@ -1,357 +0,0 @@
-// Pipeline expects genesis to be setup according to the documentation
-// including networks, disks, ntp, ip rules, etc.. manually.
-// https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
-
-// shared libaries used within the pipeline
-// https://github.com/att-comdev/cicd/blob/master/vars
-
-import org.yaml.snakeyaml.Yaml
-import org.yaml.snakeyaml.DumperOptions;
-
-import groovy.json.JsonSlurperClassic
-import groovy.json.JsonOutput
-
-COLLECT_DIR = 'seaworthy'
-BUNDLE_DIR = 'bundle'
-
-KEYSTONE_URL = 'https://iam-sw.atlantafoundry.com'
-SHIPYARD_URL = 'https://shipyard-sw.atlantafoundry.com/api/v1.0'
-SHIPYARD_CREDS = 'seaworthy-shipyard-iam-pw'
-
-SITE_NAME='seaworthy'
-IPMI_CREDS = 'seaworthy-ipmi'
-
-GENESIS_IP = '10.23.21.11'
-GENESIS_CREDS = 'seaworthy-key'
-
-GENESIS_IPMI_IP = '10.23.104.11'
-GENESIS_CEPH_DISKS = ['b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k']
-
-IPMI_IPS = ['10.23.104.12',
-            '10.23.104.13',
-            '10.23.104.14',
-            '10.23.104.17',
-            '10.23.104.19']
-
-AIRSHIP_MANIFESTS_REPO = 'https://review.opendev.org/airship/treasuremap'
-
-if (env.GERRIT_REFSPEC) {
-    AIRSHIP_MANIFESTS_REF = GERRIT_REFSPEC
-    DISPLAY_NAME = GERRIT_EVENT_TYPE
-} else if (AIRSHIP_MANIFESTS_REF == 'uplift') {
-    DISPLAY_NAME = 'uplift'
-} else {
-  DISPLAY_NAME = "manual ${AIRSHIP_MANIFESTS_REF}"
-}
-
-currentBuild.displayName = "#${BUILD_NUMBER} ${DISPLAY_NAME}"
-
-
-//// git utils
-
-def clone(String ref){
-
-    def refspec = ''
-
-    // override refspec if patchset provided
-    if (ref.contains('refs')) {
-        refspec = "${ref}:${ref}"
-    }
-
-    // base uplift on latest master
-    if (ref == 'uplift') {
-        ref = 'master'
-    }
-
-    checkout poll: false,
-    scm: [$class: 'GitSCM',
-         branches: [[name: ref]],
-         doGenerateSubmoduleConfigurations: false,
-         extensions: [[$class: 'CleanBeforeCheckout']],
-         submoduleCfg: [],
-         userRemoteConfigs: [[refspec: refspec,
-         url: AIRSHIP_MANIFESTS_REPO ]]]
-}
-
-
-//// bare-metal utils
-
-def reset_bare_metal = {
-    stage ('Bare-Metal Reset') {
-
-        withCredentials([usernamePassword(credentialsId: IPMI_CREDS,
-                                      usernameVariable: 'IUSER',
-                                      passwordVariable: 'IPASS')]) {
-
-            def auth = redfish.getBasicAuth(IUSER, IPASS)
-
-            // power cycle genesis
-            redfish.powerOff(GENESIS_IPMI_IP, auth)
-            redfish.powerOn(GENESIS_IPMI_IP, auth)
-
-            // shutdown all other nodes
-            IPMI_IPS.each() {
-                redfish.powerOff(it, auth)
-            }
-        }
-
-    }
-}
-
-
-//// manifest utils
-
-def pegleg_site_collect = {
-    stage('Pegleg Site Collect') {
-
-        configFileProvider([configFile(fileId: 'seaworthy-site-definition',
-            targetLocation: 'site/seaworthy/site-definition.yaml')]) {
-        }
-
-        withCredentials([sshUserPrivateKey(credentialsId: 'jenkins-attcomdev-key',
-                keyFileVariable: 'SSH_KEY',
-                usernameVariable: 'SSH_USER')]) {
-
-            sh "cp ${SSH_KEY} ssh-key"
-
-            sh "sudo -E tools/airship pegleg site" +
-                 " -u ${SSH_USER}" +
-                 " -k /target/ssh-key" +
-                 " -r /target collect ${SITE_NAME}" +
-                 " -s /target/${COLLECT_DIR}"
-
-            sh "sudo chown -R ubuntu:ubuntu ${COLLECT_DIR}"
-        }
-
-        sh "tar czf ${COLLECT_DIR}.tar.gz ${COLLECT_DIR}"
-        archiveArtifacts "${COLLECT_DIR}.tar.gz"
-    }
-}
-
-def prom_config_gen = {
-    stage ("Promenade Config Gen") {
-
-        withEnv(['TERM_OPTS=-t']) {
-            sh "mkdir -p ${BUNDLE_DIR}"
-            sh "sudo -E tools/airship promenade build-all --validators" +
-              " -o ${BUNDLE_DIR} /target/${COLLECT_DIR}/*.yaml"
-        }
-
-        sh "tar czf ${BUNDLE_DIR}.tar.gz ${BUNDLE_DIR}"
-        archiveArtifacts "${BUNDLE_DIR}.tar.gz"
-    }
-}
-
-
-//// genesis utils
-
-def genesis_cleanup = {
-    stage('Genesis Cleanup') {
-
-        dfiles = ['promenade',
-                  BUNDLE_DIR,
-                  "${BUNDLE_DIR}.tar.gz",
-                  SITE_NAME,
-                  'seaworthy.tar.gz',
-                  'debug-cab23-r720-11.tgz',
-                  '/var/lib/docker',
-                  '/var/lib/kubelet']
-
-        dfiles.each() {
-           ssh.cmd (GENESIS_CREDS, GENESIS_IP, "sudo rm -rf ${it}")
-        }
-
-        ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-                'git clone https://opendev.org/airship/promenade')
-        ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-                'sudo -S promenade/tools/cleanup.sh -f')
-
-        GENESIS_CEPH_DISKS.each() {
-            ssh.cmd(GENESIS_CREDS, GENESIS_IP,
-                    "sudo parted -s /dev/sd${it} mklabel gpt")
-        }
-    }
-}
-
-def debug_report = {
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP, 'sudo debug-report.sh')
-    ssh.get (GENESIS_CREDS, GENESIS_IP, 'debug-cab23-r720-11.tgz', '.')
-
-    archiveArtifacts 'debug-cab23-r720-11.tgz'
-}
-
-def genesis_deploy = {
-    stage('Genesis Deploy') {
-
-        try {
-            ssh.put(GENESIS_CREDS, GENESIS_IP, "${BUNDLE_DIR}.tar.gz", '.')
-            ssh.cmd(GENESIS_CREDS, GENESIS_IP, "tar xvzf ${BUNDLE_DIR}.tar.gz")
-
-            timeout (90) {
-                ssh.cmd(GENESIS_CREDS, GENESIS_IP,
-                           "sudo ${BUNDLE_DIR}/genesis.sh")
-
-                // fixme: there is notable initial slowness likely due to coredns
-                // going out of service and taking time to recover
-                // this is a long time issue and needs to be taken look at
-                retry(2) {
-                    ssh.cmd(GENESIS_CREDS, GENESIS_IP,
-                            "sudo -S ${BUNDLE_DIR}/validate-genesis.sh")
-                }
-            }
-
-            sleep 120 // wait for k8s to calm down
-
-        } catch (err) {
-            debug_report()
-            error(err)
-        }
-    }
-}
-
-def shipyard_deploy = { action ->
-    try {
-        uuid = UUID.randomUUID().toString()
-        def req = keystone.retrieveToken(SHIPYARD_CREDS, KEYSTONE_URL)
-        def token = req.getHeaders()["X-Subject-Token"][0]
-        shipyard2.uploadConfig(uuid, token, SHIPYARD_URL, SITE_NAME)
-
-        shipyard2.waitAction(action: action,
-                             uuid: uuid,
-                             shipyardUrl: SHIPYARD_URL,
-                             keystoneCreds: SHIPYARD_CREDS,
-                             keystoneUrl: KEYSTONE_URL)
-
-    } catch (err) {
-        print err
-        debug_report()
-        throw err
-    }
-}
-
-
-//// uplift utils
-
-def uplift_versions = {
-    stage('Uplift Versions') {
-        sh 'sudo apt-get install python3-yaml python3-git -y'
-
-        def cmd = 'tools/updater.py --in-file global/software/config/versions.yaml --tag-filter ubuntu_xenial'
-
-        if (!UPLIFT_BLACKLIST.isEmpty()) {
-           cmd += " --skip ${UPLIFT_BLACKLIST}"
-        }
-
-        sh cmd
-        sh 'git diff'
-    }
-}
-
-def uplift_review = {
-    withCredentials([sshUserPrivateKey(credentialsId: 'jenkins-uplifter-key',
-            keyFileVariable: 'SSH_KEY',
-            usernameVariable: 'SSH_USER')]) {
-
-        sh 'sudo apt-get install git-review -y'
-
-        sh "cp ${SSH_KEY} ~/.ssh/id_rsa"
-
-        sh "ssh-keyscan -p 29418 review.opendev.org >> ~/.ssh/known_hosts"
-
-        sh "git clone ssh://${SSH_USER}@review.opendev.org:29418/airship/treasuremap"
-        sh "scp -p -P 29418 ${SSH_USER}@review.opendev.org:hooks/commit-msg treasuremap/.git/hooks/"
-
-        sh "cp global/software/config/versions.yaml treasuremap/global/software/config/versions.yaml"
-
-        dir ('treasuremap') {
-            sh "git config --global user.name 'Jenkins Uplifter'"
-            sh "git config --global user.email ${SSH_USER}@gmail.com"
-            sh "git config --global gitreview.username ${SSH_USER}"
-
-            sh 'git checkout -b versions/uplift'
-
-            sh 'git add global/software/config/versions.yaml'
-            sh 'git status'
-            sh 'git commit -m "Auto chart/image uplift to latest"'
-
-            sh 'git review -s'
-            sh 'git review'
-        }
-    }
-}
-
-
-//// test utils
-
-def sanity_tests = {
-    stage('Sanity Tests') {
-
-        sh 'sudo apt-get install nmap -y'
-
-        withEnv(['TERM_OPTS=-i',
-                 'OSH_EXT_SUBNET=',
-                 'OSH_BR_EX_ADDR=',
-                 'OSH_KEYSTONE_URL=https://identity-sw.atlantafoundry.com/v3',
-                 'OSH_REGION_NAME=seaworthy',
-                 'OSH_ADMIN_PASSWD=password123']) {
-            sh 'tools/tests.sh'
-        }
-    }
-}
-
-
-//// main flow
-
-vm(image: 'ubuntu-16.04-server-cloudimg-amd64',
-    timeout: 360,
-    publicNet: 'foundry',
-    buildType: 'flat',
-    initScript: 'cloud-config',
-    artifactoryLogs: ARTIFACTORY_LOGS.toBoolean()) {
-
-    // wait and make sure genesis is up
-    ssh.wait (GENESIS_CREDS, GENESIS_IP, 'hostname')
-
-
-    // disable docker/kubelet services
-    // this is done to be able to properly cleanup genesis after reboot
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo systemctl disable kubelet')
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo systemctl disable docker')
-    ssh.cmd (GENESIS_CREDS, GENESIS_IP,
-             'sudo touch /forcefsck')
-
-    reset_bare_metal()
-
-    sh 'sudo apt-get update'
-    sh 'sudo apt-get install docker.io -y'
-
-    clone(AIRSHIP_MANIFESTS_REF)
-
-    // use updater tool to pull latest charts/images
-    if (AIRSHIP_MANIFESTS_REF == 'uplift') {
-        uplift_versions()
-    }
-
-    pegleg_site_collect()
-    prom_config_gen()
-
-    stage ('Genesis Wait') {
-        ssh.wait (GENESIS_CREDS, GENESIS_IP, 'hostname')
-    }
-
-    genesis_cleanup()
-    genesis_deploy()
-
-    timeout(240) {
-        shipyard_deploy('deploy_site')
-    }
-
-    sanity_tests()
-
-    if (AIRSHIP_MANIFESTS_REF == 'uplift') {
-        uplift_review()
-    }
-}
-
diff --git a/tools/gate/seaworthy/seed.groovy b/tools/gate/seaworthy/seed.groovy
deleted file mode 100644
index ac262e397..000000000
--- a/tools/gate/seaworthy/seed.groovy
+++ /dev/null
@@ -1,46 +0,0 @@
-
-pipelineJob('Seaworthy') {
-
-    displayName('Seaworthy')
-    description('Bare-metal continuous deployment pipeline')
-
-    logRotator {
-        daysToKeep(30)
-    }
-
-    parameters {
-        string {
-            defaultValue("uplift")
-            description("Reference to treasuremap, e.g. refs/changes/12/12345/12")
-            name("AIRSHIP_MANIFESTS_REF")
-            trim(true)
-        }
-        booleanParam {
-            defaultValue(true)
-            description('Flag to publish the console log from the pipeline run to artifactory. ' +
-                        'Set this value to false, if you should want to suppress uploading ' +
-                        'and publishing of the pipeline logs to the artifactory.')
-            name("ARTIFACTORY_LOGS")
-        }
-
-    }
-
-    concurrentBuild(false)
-
-    triggers {
-
-            cron('H H * * *')
-        }
-
-        definition {
-            cpsScm {
-                scm {
-                    git('https://review.opendev.org/airship/treasuremap')
-                    scriptPath('tools/gate/seaworthy/Jenkinsfile')
-                    lightweight(true)
-                }
-            }
-        }
-    }
-}
-
diff --git a/tools/gate/wait-for-shipyard.sh b/tools/gate/wait-for-shipyard.sh
deleted file mode 100755
index f13ce7585..000000000
--- a/tools/gate/wait-for-shipyard.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License
-
-set -e
-set -o pipefail
-
-REPO_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../../ >/dev/null 2>&1 && pwd )"
-: "${SHIPYARD:=${REPO_DIR}/tools/airship shipyard}"
-
-ACTION=$(${SHIPYARD} get actions | grep -i "Processing" | awk '{ print $2 }')
-
-# Exit earlier if there is nothing to wait for.
-if [ -z "${ACTION}" ]; then
-        echo "No actions in Processing state, exiting..."
-        exit 0
-fi
-
-echo -e "\nWaiting for $ACTION..."
-while true; do
-        # Print the status of tasks
-        ${SHIPYARD} describe "${ACTION}"
-
-        status=$(${SHIPYARD} describe "$ACTION" | grep -i "Lifecycle" | \
-                awk '{print $2}')
-
-        steps=$(${SHIPYARD} describe "$ACTION" | grep -i "step/" | \
-                awk '{print $3}')
-
-        # Verify lifecycle status
-        if [ "${status}" == "Failed" ]; then
-                echo -e "\n$ACTION FAILED\n"
-                ${SHIPYARD} describe "${ACTION}"
-                exit 1
-        fi
-
-        if [ "${status}" == "Complete" ]; then
-                # Verify status of each action step
-                for step in $steps; do
-                  if [ "${step}" == "failed" ]; then
-                    echo -e "\n$ACTION FAILED\n"
-                    ${SHIPYARD} describe "${ACTION}"
-                    exit 1
-                  fi
-                done
-
-                echo -e "\n$ACTION completed SUCCESSFULLY\n"
-                ${SHIPYARD} describe "${ACTION}"
-                exit 0
-        fi
-
-        sleep 10
-done
diff --git a/tools/openstack b/tools/openstack
deleted file mode 100755
index f88491e5f..000000000
--- a/tools/openstack
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-# Utility to execute OpenStack CLI using Heat container.
-# This is an example, and should be adjusted to ones needs.
-#
-# Usage: openstack endpoint list
-
-set -e
-
-OS_CLOUD_CFG=${HOME}/.openstack/clouds.yaml
-
-: ${TERM_OPTS:=-it}
-
-: ${OSH_KEYSTONE_URL:='http://keystone.openstack.svc.cluster.local:80/'}
-: ${OSH_REGION_NAME:='RegionOne'}
-: ${OSH_ADMIN_PASSWD:='password123'}
-
-if [ ! -f $OS_CLOUD_CFG ]; then
-    echo " => Creating OpenStack client config"
-    mkdir -p $(dirname $OS_CLOUD_CFG)
-    tee $OS_CLOUD_CFG << EOF
-clouds:
- openstack_helm:
-   region_name: '${OSH_REGION_NAME}'
-   identity_api_version: 3
-   auth:
-     username: 'admin'
-     password: '${OSH_ADMIN_PASSWD}'
-     project_name: 'admin'
-     project_domain_name: 'default'
-     user_domain_name: 'default'
-     auth_url: '${OSH_KEYSTONE_URL}'
-EOF
-fi
-
-exec sudo docker run --rm ${TERM_OPTS} --net host \
-   -v $(pwd):/target \
-   -v ${OS_CLOUD_CFG}:/etc/openstack/clouds.yaml:ro \
-   -e OS_CLOUD=openstack_helm \
-   docker.io/openstackhelm/heat:ocata openstack "$@"
-
diff --git a/tools/openstack-user-add b/tools/openstack-user-add
deleted file mode 100755
index 400b2ab24..000000000
--- a/tools/openstack-user-add
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-if [ -z "$2" ]; then
-    echo "Usage: openstack-user-add <user> <email>"
-    exit 1
-fi
-
-
-OS_USER=$1
-OS_PROJ="${OS_USER}-proj"
-OS_EMAIL=$2
-
-OS_PASSWD=`openssl rand -hex 10`
-OS_DOMAIN='default'
-
-openstack domain create --or-show --enable ${OS_DOMAIN}
-
-openstack project create --or-show --enable \
-    --domain ${OS_DOMAIN} ${OS_PROJ}
-
-openstack user create --or-show --enable \
-    --domain ${OS_DOMAIN} \
-    --email ${OS_EMAIL} ${OS_USER}
-
-openstack user set --domain ${OS_DOMAIN} \
-    --password=${OS_PASSWD} ${OS_USER}
-
-openstack role add --project-domain ${OS_DOMAIN} \
-    --user-domain ${OS_DOMAIN} \
-    --project ${OS_PROJ} \
-    --user ${OS_USER} member
-
-openstack quota set --floating-ips 4 ${OS_PROJ}
-openstack quota set --cores 36 ${OS_PROJ}
-openstack quota set --ram 98304 ${OS_PROJ}
-
-echo https://dashboard-sw.atlantafoundry.com/
-echo "Domain: ${OS_DOMAIN}"
-echo "User: ${OS_USER}"
-echo "Passwd: ${OS_PASSWD}"
-
diff --git a/tools/tests.sh b/tools/tests.sh
deleted file mode 100755
index ff8a46318..000000000
--- a/tools/tests.sh
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/bash
-
-# Copyright 2017 The Openstack-Helm Authors.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-set -xe
-
-export OS_CLOUD=openstack_helm
-
-: ${OSH_EXT_NET_NAME:="public"}
-: ${OSH_EXT_NET_VLAN:="27"}
-: ${OSH_EXT_SUBNET_NAME:="public-subnet"}
-: ${OSH_EXT_SUBNET:="10.23.27.0/24"}
-: ${OSH_EXT_GATEWAY:="10.23.27.1"}
-: ${OSH_EXT_SUBNET_POOL_START:="10.23.27.11"}
-: ${OSH_EXT_SUBNET_POOL_END:="10.23.27.99"}
-tools/openstack stack create --wait \
-  --parameter network_name=${OSH_EXT_NET_NAME} \
-  --parameter physical_network_name=${OSH_EXT_NET_NAME} \
-  --parameter physical_network_vlan=${OSH_EXT_NET_VLAN} \
-  --parameter subnet_name=${OSH_EXT_SUBNET_NAME} \
-  --parameter subnet_cidr=${OSH_EXT_SUBNET} \
-  --parameter subnet_gateway=${OSH_EXT_GATEWAY} \
-  --parameter subnet_pool_start=${OSH_EXT_SUBNET_POOL_START} \
-  --parameter subnet_pool_end=${OSH_EXT_SUBNET_POOL_END} \
-  -t /target/tools/files/heat-public-net-deployment.yaml \
-  heat-public-net-deployment
-
-: ${OSH_VM_KEY_STACK:="heat-vm-key"}
-: ${OSH_PRIVATE_SUBNET:="10.0.0.0/24"}
-# NOTE(portdirect): We do this fancy, and seemingly pointless, footwork to get
-# the full image name for the cirros Image without having to be explicit.
-IMAGE_NAME=$(tools/openstack image show -f value -c name \
-  $(tools/openstack image list -f csv | awk -F ',' '{ print $2 "," $1 }' | \
-    grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"'))
-
-rm -rf ${OSH_VM_KEY_STACK}*
-ssh-keygen -t rsa -N '' -f $OSH_VM_KEY_STACK
-chmod 600 $OSH_VM_KEY_STACK
-
-# Setup SSH Keypair in Nova
-tools/openstack keypair create --public-key \
-    /target/"${OSH_VM_KEY_STACK}.pub" \
-    ${OSH_VM_KEY_STACK}
-
-: ${OSH_EXT_DNS:="8.8.8.8"}
-tools/openstack stack create --wait \
-    --parameter public_net=${OSH_EXT_NET_NAME} \
-    --parameter image="${IMAGE_NAME}" \
-    --parameter ssh_key=${OSH_VM_KEY_STACK} \
-    --parameter cidr=${OSH_PRIVATE_SUBNET} \
-    --parameter dns_nameserver=${OSH_EXT_DNS} \
-    -t /target/tools/files/heat-basic-vm-deployment.yaml \
-    heat-basic-vm-deployment
-
-FLOATING_IP=$(tools/openstack stack output show \
-    heat-basic-vm-deployment \
-    floating_ip \
-    -f value -c output_value)
-
-function wait_for_ssh_port {
-  # Default wait timeout is 300 seconds
-  set +x
-  end=$(date +%s)
-  if ! [ -z $2 ]; then
-   end=$((end + $2))
-  else
-   end=$((end + 300))
-  fi
-  while true; do
-      # Use Nmap as its the same on Ubuntu and RHEL family distros
-      nmap -Pn -p22 $1 | awk '$1 ~ /22/ {print $2}' | grep -q 'open' && \
-          break || true
-      sleep 1
-      now=$(date +%s)
-      [ $now -gt $end ] && echo "Could not connect to $1 port 22 in time" && exit -1
-  done
-  set -x
-}
-wait_for_ssh_port $FLOATING_IP
-
-# SSH into the VM and check it can reach the outside world
-touch ~/.ssh/known_hosts
-ssh-keygen -R "$FLOATING_IP"
-
-ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
-ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_EXT_GATEWAY}
-
-# Check the VM can reach the metadata server
-ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254
-
-# Check to see if cinder has been deployed, if it has then perform a volume attach.
-if tools/openstack service list -f value -c Type | grep -q "^volume"; then
-  INSTANCE_ID=$(tools/openstack stack output show \
-      heat-basic-vm-deployment \
-      instance_uuid \
-      -f value -c output_value)
-
-  # Get the devices that are present on the instance
-  DEVS_PRE_ATTACH=$(mktemp)
-  ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} lsblk > ${DEVS_PRE_ATTACH}
-
-  # Create and attach a block device to the instance
-  tools/openstack stack create --wait \
-    --parameter instance_uuid=${INSTANCE_ID} \
-    -t /target/tools/files/heat-vm-volume-attach.yaml \
-    heat-vm-volume-attach
-
-  # Get the devices that are present on the instance
-  DEVS_POST_ATTACH=$(mktemp)
-  ssh -i ${OSH_VM_KEY_STACK} cirros@${FLOATING_IP} lsblk > ${DEVS_POST_ATTACH}
-
-  # Check that we have the expected number of extra devices on the instance post attach
-  if ! [ "$(comm -13 ${DEVS_PRE_ATTACH} ${DEVS_POST_ATTACH} | wc -l)" -eq "1" ]; then
-    echo "Volume not successfully attached"
-    exit 1
-  fi
-fi
diff --git a/tools/updater.py b/tools/updater.py
deleted file mode 100755
index d00432ac9..000000000
--- a/tools/updater.py
+++ /dev/null
@@ -1,584 +0,0 @@
-#!/usr/bin/env python3
-
-# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# versions.yaml file updater tool
-#
-# Being run in directory with versions.yaml, will create versions.new.yaml,
-# with updated git commit id's to the latest HEAD in references of all
-# charts.
-#
-# In addition to that, the tool updates references to the container images
-# with the tag, equal to the latest image which exists on quay.io
-# repository and is available for download.
-#
-
-import argparse
-import copy
-import datetime
-from functools import reduce
-import json
-import logging
-import operator
-import os
-import requests
-import sys
-import time
-
-try:
-    import git
-    import yaml
-except ImportError as e:
-    sys.exit(
-        "Failed to import git/yaml libraries needed to run "
-        "this tool %s" % str(e))
-
-descr_text = (
-    "Being run in directory with versions.yaml, will create "
-    "versions.new.yaml, with updated git commit id's to the "
-    "latest HEAD in references of all charts. In addition to "
-    "that, the tool updates references to the container images "
-    "with the tag, equal to the latest image which exists on "
-    "quay.io repository and is available for download.")
-parser = argparse.ArgumentParser(description=descr_text)
-
-# Dictionary containing container image repository url to git url mapping
-#
-# We expect that each image in container image repository has image tag which
-# equals to the git commit id of the HEAD in corresponding git repository.
-#
-# NOTE(roman_g): currently this is not the case, and image is built/tagged not
-# on every merge, and there could be a few hours delay between merge and image
-# re-built and published due to the OpenStack Foundation Zuul infrastructure
-# being overloaded.
-image_repo_git_url = {
-    # airflow image is built from airship-shipyard repository
-    "quay.io/airshipit/airflow": "https://opendev.org/airship/shipyard",
-    "quay.io/airshipit/armada": "https://opendev.org/airship/armada",
-    "quay.io/airshipit/deckhand": "https://opendev.org/airship/deckhand",
-    # yes, divingbell image is just Ubuntu 16.04 image,
-    # and we don't check it's tag:
-    #"docker.io/ubuntu": "https://opendev.org/airship/divingbell",
-    "quay.io/airshipit/drydock": "https://opendev.org/airship/drydock",
-    # maas-{rack,region}-controller images are built
-    # from airship-maas repository:
-    "quay.io/airshipit/maas-rack-controller": "https://opendev.org/airship/maas",
-    "quay.io/airshipit/maas-region-controller": "https://opendev.org/airship/maas",
-    "quay.io/airshipit/pegleg": "https://opendev.org/airship/pegleg",
-    "quay.io/airshipit/promenade": "https://opendev.org/airship/promenade",
-    "quay.io/airshipit/shipyard": "https://opendev.org/airship/shipyard",
-    # sstream-cache image is built from airship-maas repository
-    "quay.io/airshipit/sstream-cache": "https://opendev.org/airship/maas"
-}
-
-logging.basicConfig(level=logging.INFO)
-LOG = logging.getLogger(__name__)
-
-# Dict of git url's and cached commit id's:
-# {"git_url": "commit_id"}
-git_url_commit_ids = {}
-# Dict of image repo's and (latest) tag of that image on quay.io:
-# {"image": "tag"}
-image_repo_tags = {}
-# Path in yaml dictionary
-dict_path = None
-
-
-def __represent_multiline_yaml_str():
-    """Compel ``yaml`` library to use block style literals for multi-line
-    strings to prevent unwanted multiple newlines.
-
-    """
-
-    yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str
-
-    def repr_str(dumper, data):
-        if "\n" in data:
-            return dumper.represent_scalar(
-                "tag:yaml.org,2002:str", data, style="|")
-        return dumper.org_represent_str(data)
-
-    yaml.add_representer(str, repr_str, Dumper=yaml.SafeDumper)
-
-
-__represent_multiline_yaml_str()
-
-
-def inverse_dict(dic):
-    """Accepts dictionary, returns dictionary where keys become values,
-    and values become keys"""
-    new_dict = {}
-    for k, v in dic.items():
-        new_dict[v] = k
-    return new_dict
-
-
-git_url_image_repo = inverse_dict(image_repo_git_url)
-
-
-# https://stackoverflow.com/a/35585837
-def lsremote(url, remote_ref):
-    """Accepts git url and remote reference, returns git commit id."""
-    git_commit_id_remote_ref = {}
-    g = git.cmd.Git()
-    LOG.info("Fetching %s %s reference...", url, remote_ref)
-    hash_ref_list = g.ls_remote(url, remote_ref).split("\t")
-    git_commit_id_remote_ref[hash_ref_list[1]] = hash_ref_list[0]
-
-    return git_commit_id_remote_ref[remote_ref]
-
-
-def get_commit_id(url):
-    """Accepts url of git repo and returns corresponding git commit hash"""
-    # If we don't have this git url in our url's dictionary,
-    # fetch latest commit ID and add new dictionary entry
-    LOG.debug("git_url_commit_ids: %s", git_url_commit_ids)
-    if url not in git_url_commit_ids:
-        LOG.debug(
-            "git url: %s " + "is not in git_url_commit_ids dict; "
-            "adding it with HEAD commit id", url)
-        git_url_commit_ids[url] = lsremote(url, "HEAD")
-
-    return git_url_commit_ids[url]
-
-
-def get_image_tag(image):
-    """Get latest image tag from quay.io,
-    returns 0 (image not hosted on quay.io), True, or False
-    """
-    if not image.startswith("quay.io/"):
-        LOG.info(
-            "Unable to verify if image %s "
-            "is in containers repository: only quay.io is "
-            "supported at the moment", image)
-        return 0
-
-    # If we don't have this image in our images's dictionary,
-    # fetch latest tag and add new dictionary entry
-    LOG.debug("image_repo_tags: %s", image_repo_tags)
-    if image not in image_repo_tags:
-        LOG.debug(
-            "image: %s " + "is not in image_repo_tags dict; "
-            "adding it with latest tag", image)
-        image_repo_tags[image] = get_image_latest_tag(image)
-
-    return image_repo_tags[image]
-
-
-def get_image_latest_tag(image):
-    """Get image tags from quay.io,
-    returns latest image tag matching filter, or latest image tag if filter is not
-    matched or not set, or 0 if a problem occured.
-    """
-
-    attempt = 0
-    max_attempts = 10
-
-    hash_image = image.split("/")
-    url = "https://quay.io/api/v1/repository/{}/{}/tag/"
-    url = url.format(hash_image[1], hash_image[2])
-    LOG.info("Fetching tags for image %s (%s)...", image, url)
-
-    while attempt < max_attempts:
-        attempt += 1
-        try:
-            res = requests.get(url, timeout=5)
-            if res.ok:
-                break
-        except requests.exceptions.Timeout:
-            LOG.warning(
-                "Failed to fetch url %s for %d/%d attempt(s)", url, attempt,
-                max_attempts)
-            time.sleep(5)
-        except requests.exceptions.TooManyRedirects:
-            logging.error("Failed to fetch url %s, TooManyRedirects", url)
-            return 0
-        except requests.exceptions.RequestException as e:
-            logging.error("Failed to fetch url %s, error: %s", url, e)
-            return 0
-    if attempt == max_attempts:
-        logging.error(
-            "Failed to connect to quay.io for %d attempt(s)", attempt)
-        return 0
-
-    if res.status_code != 200:
-        logging.error(
-            "Image %s is not available on quay.io or "
-            "requires authentication", image)
-        return 0
-
-    try:
-        res = res.json()
-    except json.decoder.JSONDecodeError:  # pylint: disable=no-member
-        logging.error("Unable to parse response from quay.io (%s)", res.url)
-        return 0
-
-    try:
-        possible_tag = None
-        for tag in res["tags"]:
-            # skip images which are old (have "end_ts"), and
-            # skip images tagged with "*latest*" or "*master*"
-            if "end_ts" in tag or \
-            any(i in tag["name"] for i in ("latest", "master")):
-                continue
-
-            # simply return first found tag is we don't have filter set
-            if not tag_filter:
-                return tag["name"]
-
-            # return tag matching filter, if we have filter set
-            if tag_filter in tag["name"]:
-                return tag["name"]
-
-            LOG.info(
-                "Skipping tag %s as not matching to the filter %s",
-                tag["name"], tag_filter)
-            if not possible_tag:
-                possible_tag = tag["name"]
-
-        if possible_tag:
-            LOG.info("Couldn't find better tag than %s", possible_tag)
-            return possible_tag
-
-    except KeyError:
-        logging.error("Unable to parse response from quay.io (%s)", res.url)
-        return 0
-
-    logging.error("Image without end_ts in path %s not found", image)
-    return 0
-
-
-# https://stackoverflow.com/a/14692747
-def get_by_path(root, items):
-    """Access a nested object in root by item sequence."""
-    return reduce(operator.getitem, items, root)
-
-
-def set_by_path(root, items, value):
-    """Set a value in a nested object in root by item sequence."""
-    get_by_path(root, items[:-1])[items[-1]] = value
-
-
-# Based on http://nvie.com/posts/modifying-deeply-nested-structures/
-def traverse(obj, dict_path=None):
-    """Accepts Python dictionary with values.yaml contents,
-    updates it with latest git commit id's.
-    """
-    LOG.debug(
-        "traverse: dict_path: %s, object type: %s, object: %s", dict_path,
-        type(obj), obj)
-
-    if dict_path is None:
-        dict_path = []
-
-    if isinstance(obj, dict):
-        # It's a dictionary element
-        LOG.debug("this object is a dictionary")
-
-        for k, v in obj.items():
-            # If value v we are checking is a dictionary itself, and this
-            # dictionary contains key named "type", and a value of key "type"
-            # equals "git", then
-            if isinstance(v, dict) and "type" in v and v["type"] == "git":
-
-                old_git_commit_id = v["reference"]
-                git_url = v["location"]
-
-                if skip_list and k in skip_list:
-                    LOG.info(
-                        "Ignoring chart %s, it is in a "
-                        "skip list (%s)", k, git_url)
-                    continue
-
-                new_git_commit_id = get_commit_id(git_url)
-
-                # Update git commit id in reference field of dictionary
-                if old_git_commit_id != new_git_commit_id:
-                    LOG.info(
-                        "Updating git reference for "
-                        "chart %s from %s to %s (%s)", k, old_git_commit_id,
-                        new_git_commit_id, git_url)
-                    v["reference"] = new_git_commit_id
-                else:
-                    LOG.info(
-                        "Git reference %s for chart %s is already "
-                        "up to date (%s)", old_git_commit_id, k, git_url)
-            else:
-                LOG.debug(
-                    "value %s inside object is not a dictionary, "
-                    "or it does not contain key \"type\" with "
-                    "value \"git\", skipping", v)
-
-            # Traverse one level deeper
-            traverse(v, dict_path + [k])
-    elif isinstance(obj, list):
-        # It's a list element
-        LOG.debug("this object is a list")
-
-        for elem in obj:
-            # TODO: Do we have any git references or container image tags in
-            # versions.yaml which are inside lists? Probably not.
-            traverse(elem, dict_path + [[]])
-    else:
-        # It's already a value
-        LOG.debug("this object is a value")
-        v = obj
-
-        # Searching for container image repositories, we are only intrested in
-        # strings; there could also be booleans or other types
-        # we are not interested in.
-        if isinstance(v, str):
-            for image_repo in image_repo_git_url:
-                if image_repo in v:
-                    LOG.debug("image_repo %s is in %s string", image_repo, v)
-
-                    # hash_v: {"&whatever repo_url", "git commit id tag"}
-                    # Note: "image" below could contain not just image,
-                    # but also "&ref host.domain/path/image"
-                    hash_v = v.split(":")
-                    image, old_image_tag = hash_v
-
-                    if skip_list and image in skip_list:
-                        LOG.info(
-                            "Ignoring image %s, it is in a "
-                            "skip list", image)
-                        continue
-
-                    new_image_tag = get_image_tag(image)
-                    if new_image_tag == 0:
-                        logging.error("Failed to get image tag for %s", image)
-                        sys.exit(1)
-
-                    # Update git commit id in tag of container image
-                    if old_image_tag != new_image_tag:
-                        LOG.info(
-                            "Updating git commit id in "
-                            "tag of container image %s from %s to %s", image,
-                            old_image_tag, new_image_tag)
-                        set_by_path(
-                            versions_data_dict, dict_path,
-                            image + ":" + new_image_tag)
-
-                    else:
-                        LOG.info(
-                            "Git tag %s for container "
-                            "image %s is already up to date", old_image_tag,
-                            image)
-                else:
-                    LOG.debug(
-                        "image_repo %s is not in %s string, "
-                        "skipping", image_repo, v)
-        else:
-            LOG.debug("value %s is not string, skipping", v)
-
-
-def debug_dicts():
-    """Print varioud dictionary contents on debug"""
-    LOG.debug("git_url_commit_ids: %s", git_url_commit_ids)
-    LOG.debug("image_repo_tags: %s", image_repo_tags)
-    LOG.debug("image_repo_git_url: %s", image_repo_git_url)
-
-
-def print_versions_table():
-    """Prints overall Git and images versions table."""
-    debug_dicts()
-
-    table_format = "{:48s} {:60s} {:54s} {:41s}\n"
-    table_content = "\n"
-    table_content += table_format.format(
-        "Image repo", "Git repo", "Image repo tag", "Git repo Commit ID")
-
-    # Copy dicts for later modification
-    image_repo_tags_copy = copy.deepcopy(image_repo_tags)
-    git_url_commit_ids_copy = copy.deepcopy(git_url_commit_ids)
-
-    # Loop over
-    #   image_repo_git_url ({"image_repo", "git_repo"}),
-    # and verify it's contents against the copies of
-    #   git_url_commit_ids ({"git_repo": "commit_id"})
-    # and
-    #   image_repo_tags ({"image_repo": "tag"})
-    # dictionaries
-    for image_repo in image_repo_git_url:
-        git_repo = image_repo_git_url[image_repo]
-        if not image_repo in image_repo_tags_copy:
-            image_repo_tags_copy[image_repo] = get_image_latest_tag(image_repo)
-        if not git_repo in git_url_commit_ids_copy:
-            git_url_commit_ids_copy[git_repo] = lsremote(git_repo, "HEAD")
-
-        table_content += table_format.format(
-            image_repo, git_repo, image_repo_tags_copy[image_repo],
-            git_url_commit_ids_copy[git_repo])
-
-    LOG.info("")
-    for line in table_content.splitlines():
-        LOG.info(line)
-    LOG.info("")
-
-
-def print_missing_references():
-    """Prints possibly missing references in versions.yaml."""
-    debug_dicts()
-
-    missing_references = {}
-
-    # Loop over
-    #   image_repo_git_url ({"image_repo", "git_repo"}),
-    # and verify it's contents against the contents of
-    #   git_url_commit_ids ({"git_repo": "commit_id"})
-    # and
-    #   image_repo_tags ({"image_repo": "tag"})
-    # dictionaries
-    for image_repo in image_repo_git_url:
-        git_repo = image_repo_git_url[image_repo]
-        if not image_repo in image_repo_tags:
-            missing_references[image_repo] = \
-                image_repo + " is not in image_repo_tags"
-        if not git_repo in git_url_commit_ids:
-            missing_references[git_repo] = \
-                git_repo + " is not in git_url_commit_ids"
-
-    if missing_references:
-        LOG.warning("")
-        LOG.warning("Missing references:")
-        for ref in missing_references:
-            LOG.warning(missing_references[ref])
-        LOG.warning("")
-        LOG.warning(
-            "Refs which are not in git_url_commit_ids mean that "
-            "we have not been updating chart references (or "
-            "there are no charts referred in versions.yaml)")
-        LOG.warning(
-            "Refs which are not in image_repo_tags mean that we "
-            "have not been updating image tags (or there are no "
-            "images referred in versions.yaml)")
-        LOG.warning("")
-
-
-def print_outdated_images():
-    """Print Git <-> image tag mismatches."""
-    debug_dicts()
-
-    possibly_outdated_images = []
-
-    # Copy dicts for later modification
-    image_repo_tags_copy = copy.deepcopy(image_repo_tags)
-    git_url_commit_ids_copy = copy.deepcopy(git_url_commit_ids)
-
-    # Loop over
-    #   image_repo_git_url ({"image_repo", "git_repo"}),
-    # and verify it's contents against the contents of
-    #   git_url_commit_ids ({"git_repo": "commit_id"})
-    # and
-    #   image_repo_tags ({"image_repo": "tag"})
-    # dictionaries
-    for image_repo in image_repo_git_url:
-        git_repo = image_repo_git_url[image_repo]
-        if not image_repo in image_repo_tags_copy:
-            image_repo_tags_copy[image_repo] = get_image_latest_tag(image_repo)
-        if not git_repo in git_url_commit_ids_copy:
-            git_url_commit_ids_copy[git_repo] = lsremote(git_repo, "HEAD")
-
-        # This is where we check if there is tag matching commit_id exists,
-        # and if not, then we append that image_repo to the list of
-        # possibly outdated images
-        if git_url_commit_ids_copy[git_repo] not in image_repo_tags_copy[
-                image_repo]:
-            possibly_outdated_images.append(image_repo)
-
-    if possibly_outdated_images:
-        LOG.warning("")
-        LOG.warning("Possibly outdated images:")
-        for image in possibly_outdated_images:
-            LOG.warning(image)
-        LOG.warning("")
-
-
-if __name__ == "__main__":
-    """Main program
-    """
-
-    parser.add_argument(
-        "--in-file",
-        default="versions.yaml",
-        help="/path/to/versions.yaml input file; "
-        "default - \"./versions.yaml\"")
-    parser.add_argument(
-        "--out-file",
-        default="versions.yaml",
-        help="name of output file; default - "
-        "\"versions.yaml\" (overwrite existing)")
-    parser.add_argument(
-        "--skip",
-        help="comma-delimited list of images and charts "
-        "to skip during the update; e.g. \"ceph\" "
-        "will skip all charts and images which have "
-        "\"ceph\" in the name")
-    parser.add_argument(
-        '--tag-filter',
-        help="e.g. \"ubuntu\"; update would use image ref. "
-        "tags on quay.io matching the filter")
-
-    args = parser.parse_args()
-    in_file = args.in_file
-    out_file = args.out_file
-    if args.skip:
-        skip_list = tuple(args.skip.strip().split(","))
-        LOG.info("Skip list: %s", skip_list)
-    else:
-        skip_list = None
-
-    tag_filter = args.tag_filter
-    LOG.info("Tag filter: %s", tag_filter)
-
-    if os.path.basename(out_file) != out_file:
-        logging.error(
-            "Name of the output file must not contain path, "
-            "but only the file name.")
-        print("\n")
-        parser.print_help()
-        sys.exit(1)
-
-    if os.path.isfile(in_file):
-        out_file = os.path.join(
-            os.path.dirname(os.path.abspath(in_file)), out_file)
-        with open(in_file, "r") as f:
-            f_old = f.read()
-            versions_data_dict = yaml.safe_load(f_old)
-    else:
-        logging.error("Can't find versions.yaml file.")
-        print("\n")
-        parser.print_help()
-        sys.exit(1)
-
-    # Traverse loaded yaml and change it
-    traverse(versions_data_dict)
-
-    print_versions_table()
-    print_missing_references()
-    print_outdated_images()
-
-    with open(out_file, "w") as f:
-        if os.path.samefile(in_file, out_file):
-            LOG.info("Overwriting %s", in_file)
-        f.write(
-            yaml.safe_dump(
-                versions_data_dict,
-                default_flow_style=False,
-                explicit_end=True,
-                explicit_start=True,
-                width=4096))
-        LOG.info("New versions.yaml created as %s", out_file)
diff --git a/tools/upgrades/postgresql/README.md b/tools/upgrades/postgresql/README.md
deleted file mode 100644
index 3c6f2d461..000000000
--- a/tools/upgrades/postgresql/README.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# PostgreSQL Patroni Upgrade Scripts
-
-Upgrading a live site from the old, unclustered PostgreSQL chart to the newer,
-Patroni-managed version takes a small amount of out-of-band scripting to ensure
-a smooth hands-free upgrade.
-
-## Prior to upgrade
-
-The ``patroni_endpoint_cleaner_unit.sh`` script should be run prior to upgrading
-the postgresql chart.  It installs a systemd unit which in turn will run
-the ``patroni_endpoint_cleaner.sh`` script.  During chart upgrade, the script
-will delete the postgresql endpoints, allowing Patroni to recreate them with the
-appropriate annotations for it to manage them ongoing.
-
-This documentation project outlines a reference architecture for automated
-cloud provisioning and management, leveraging a collection of interoperable
-open-source tools.
-
-## Post upgrade
-
-After the chart upgrade is complete, the ``patroni_endpoint_cleaner_remove.sh``
-script should be run.  This will simply clean up the systemd unit that was
-created previously.
-
diff --git a/tools/upgrades/postgresql/patroni_endpoint_cleaner.sh b/tools/upgrades/postgresql/patroni_endpoint_cleaner.sh
deleted file mode 100755
index 3e6d23324..000000000
--- a/tools/upgrades/postgresql/patroni_endpoint_cleaner.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# This script should be run as a one-time fix DURING an upgrade of
-# "vanilla" postgres to patroni (in either a single or HA multi-replica
-# configuration).
-#
-# This addresses an issue where the previous version of the chart had a
-# service-managed `endpoints` object, while patroni needs to manage its
-# own kubernetes `endpoints`.  Patroni won't successfully manage
-# (i.e. apply annotation to, etc) the postgresql endpoints until the
-# service-managed endpoints are out of the way; however deletion of the
-# postgresql endpoints must be done with care during an upgrade.
-#
-# This script watches for the right moment and deletes the endpoints.
-
-export KUBECONFIG=${KUBECONFIG:-"/etc/kubernetes/admin.conf"}
-
-while true; do
-  echo "Checking to see if patroni is deployed..."
-  # Wait for the patroni-based chart to get deployed
-  if [ $(kubectl describe pod -n ucp postgresql-0 | grep -c "patroni") -gt 0 ]; then
-    echo 'Detected that patroni is deployed'
-
-    # The port name used by the single-node postgres chart is "db",
-    # while the new port name is "postgres"
-    FIRST_PORT_NAME=$(kubectl get -n ucp endpoints postgresql -o jsonpath='{.subsets[0].ports[0].name}')
-    if [ "x${FIRST_PORT_NAME}" == "xdb" ]; then
-      echo "matched the old endpoints: deleting old postgresql endpoints"
-      kubectl delete endpoints -n ucp postgresql
-      echo "done."
-      exit 0
-    fi
-  fi
-
-  sleep 5
-done
diff --git a/tools/upgrades/postgresql/patroni_endpoint_cleaner_remove.sh b/tools/upgrades/postgresql/patroni_endpoint_cleaner_remove.sh
deleted file mode 100755
index 03343c543..000000000
--- a/tools/upgrades/postgresql/patroni_endpoint_cleaner_remove.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -x
-
-echo "Cleaning up the patroni_endpoint_cleaner"
-sudo systemctl stop patroni_endpoint_cleaner
-sudo systemctl disable patroni_endpoint_cleaner
-sudo rm -f /opt/patroni_endpoint_cleaner.sh
-sudo rm -f /lib/systemd/system/patroni_endpoint_cleaner.service
-sudo rm -f /etc/systemd/system/multi-user.target.wants/patroni_endpoint_cleaner.service
-sudo systemctl daemon-reload
-sudo systemctl reset-failed
diff --git a/tools/upgrades/postgresql/patroni_endpoint_cleaner_unit.sh b/tools/upgrades/postgresql/patroni_endpoint_cleaner_unit.sh
deleted file mode 100755
index 83736fa9e..000000000
--- a/tools/upgrades/postgresql/patroni_endpoint_cleaner_unit.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-set -ex
-
-sudo chmod 700 patroni_endpoint_cleaner.sh
-sudo cp patroni_endpoint_cleaner.sh /opt
-
-cat > ./patroni_endpoint_cleaner.service << EOF
-[Unit]
-Description=Helper script for initial upgrade to HA Postgres
-
-[Service]
-ExecStart=/opt/patroni_endpoint_cleaner.sh
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-sudo mv patroni_endpoint_cleaner.service /lib/systemd/system/
-
-sudo systemctl restart patroni_endpoint_cleaner
-sudo systemctl enable patroni_endpoint_cleaner
-sudo systemctl daemon-reload
diff --git a/tools/wipe-ceph-disks.sh b/tools/wipe-ceph-disks.sh
deleted file mode 100755
index 20c33433a..000000000
--- a/tools/wipe-ceph-disks.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-if ([[ -z $1 ]] || [[ $1 == "help" ]] || [[ $1 == "--help" ]] || [[ $1 == "-h" ]]); then
-  echo "Must pass the disk labels as an string argument with spaces"
-  echo "Exmaple: ./wipe-ceph-disks.sh \"b c d e\""
-  exit 1
-fi
-
-read -p "Are you sure you wish to proceed format disks $1?" input
-case $input in
-    [Yy]*)
-        for disk in $@; do
-           sudo parted -s /dev/sd$disk mklabel gpt
-        done
-        sudo rm -rf /var/lib/openstack-helm/ceph
-        sudo rm -rf /var/lib/ceph/journal/*
-        ;;
-     *)
-        echo Exitting.
-        exit 1
-esac
-
diff --git a/tox.ini b/tox.ini
deleted file mode 100644
index 2ccf04f48..000000000
--- a/tox.ini
+++ /dev/null
@@ -1,54 +0,0 @@
-[tox]
-# Allows docs to be built without setup.py having to exist. Requires that
-# usedevelop be False as well (which it is by default).
-envlist = pep8
-minversion = 2.3.1
-skipsdist = True
-
-[testenv]
-setenv = VIRTUAL_ENV={envdir}
-         LANGUAGE=en_US
-         LC_ALL=en_US.utf-8
-passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
-
-[testenv:venv]
-commands = {posargs}
-
-[testenv:docs]
-basepython = python3
-whitelist_externals = rm
-deps =
-    -r{toxinidir}/doc/requirements.txt
-commands =
-    rm -rf doc/build
-    sphinx-build -W -b html doc/source doc/build/html
-
-[testenv:fmt]
-basepython = python3
-deps =
-    -r{toxinidir}/test-requirements.txt
-commands =
-    yapf -ir {toxinidir}/tools
-
-[testenv:pep8]
-basepython = python3
-deps =
-    -r{toxinidir}/test-requirements.txt
-commands =
-    bandit -r {toxinidir}/tools -n 5
-    flake8 {toxinidir}/tools
-    yapf -dr {toxinidir}/tools
-
-[flake8]
-filename = *.py
-show-source = true
-# [H106] Don't put vim configuration in source files.
-# [H201] No 'except:' at least use 'except Exception:'
-# [H904] Delay string interpolations at logging calls.
-enable-extensions = H106,H201,H904
-# [W503] line break before binary operator
-ignore = W503
-exclude=.venv,.git,.tox,build,dist,*lib/python*,*egg,tools,*.ini,*.po,*.pot
-max-complexity = 24
-application-import-names = treasuremap
-import-order-style = pep8
diff --git a/type/foundry/charts/ucp/comps/chart-group.yaml b/type/foundry/charts/ucp/comps/chart-group.yaml
deleted file mode 100644
index 02236b539..000000000
--- a/type/foundry/charts/ucp/comps/chart-group.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-drydock-scaled
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  description: Drydock
-  chart_group:
-    - ucp-maas-scaled
-    - ucp-drydock
diff --git a/type/foundry/charts/ucp/comps/maas-scaled.yaml b/type/foundry/charts/ucp/comps/maas-scaled.yaml
deleted file mode 100644
index 6e7b7925b..000000000
--- a/type/foundry/charts/ucp/comps/maas-scaled.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-maas-scaled
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-maas-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .vip.maas_vip
-      dest:
-        path: .values.network.maas_ingress.addr
-data:
-  values:
-    pod:
-      replicas:
-        region: 2
-        rack: 2
-...
diff --git a/type/foundry/charts/ucp/comps/maas.yaml b/type/foundry/charts/ucp/comps/maas.yaml
deleted file mode 100644
index 94b93e9a9..000000000
--- a/type/foundry/charts/ucp/comps/maas.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-# This file defines site-specific deviations for MaaS.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-maas
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-maas-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .vip.maas_vip
-      dest:
-        path: .values.network.maas_ingress.addr
-data:
-  values:
-    network:
-      region_api:
-        # Enable NodePort for initial genesis deployment.
-        # This helps with early deployment of bare-metal servers
-        # and is later removed by maas-scaled overrides
-        node_port:
-          enabled: true
-...
diff --git a/type/foundry/network/KubernetesNetwork.yaml b/type/foundry/network/KubernetesNetwork.yaml
deleted file mode 100644
index 1124d63d8..000000000
--- a/type/foundry/network/KubernetesNetwork.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-schema: promenade/KubernetesNetwork/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-network
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    # DNS
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.cluster_domain
-      dest:
-        path: .dns.cluster_domain
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.service_ip
-      dest:
-        path: .dns.service_ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.upstream_servers
-      dest:
-        path: .dns.upstream_servers
-
-    # Kubernetes IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .kubernetes.service_ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .kubernetes.pod_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .kubernetes.service_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.apiserver_port
-      dest:
-        path: .kubernetes.apiserver_port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.haproxy_port
-      dest:
-        path: .kubernetes.haproxy_port
-
-    # etcd IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .etcd.container_port
-      dest:
-        path: .etcd.container_port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .etcd.haproxy_port
-      dest:
-        path: .etcd.haproxy_port
-
-    # proxy
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .proxy.http
-      dest:
-        path: .proxy.url
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .proxy.no_proxy
-      dest:
-        path: .proxy.additional_no_proxy
-
-data:
-  dns:
-    bootstrap_validation_checks:
-      - calico-etcd.kube-system.svc.cluster.local
-      - kubernetes-etcd.kube-system.svc.cluster.local
-      - kubernetes.default.svc.cluster.local
-...
diff --git a/type/skiff/charts/osh/openstack-compute-kit/libvirt.yaml b/type/skiff/charts/osh/openstack-compute-kit/libvirt.yaml
deleted file mode 100644
index 07221bafd..000000000
--- a/type/skiff/charts/osh/openstack-compute-kit/libvirt.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: libvirt
-  replacement: true
-  labels:
-    name: libvirt-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: libvirt-global
-      component: libvirt
-    actions:
-      - method: merge
-        path: .values
-  storagePolicy: cleartext
-data:
-  values:
-    labels:
-      agent:
-        libvirt:
-          node_selector_key: openstack-compute-node
-          node_selector_value: enabled
-    conf:
-      ceph:
-        enabled: false
-...
diff --git a/type/skiff/charts/osh/openstack-compute-kit/neutron.yaml b/type/skiff/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644
index 0a840ae5e..000000000
--- a/type/skiff/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron
-  labels:
-    name: neutron-type
-    component: neutron
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: neutron-global
-      component: neutron
-    actions:
-      - method: merge
-        path: .values.pod
-      - method: replace
-        path: .values.labels.agent.l3
-      - method: replace
-        path: .values.network
-      - method: replace
-        path: .values.conf.neutron
-      - method: replace
-        path: .values.conf.plugins
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-    labels:
-      agent:
-        l3:
-          node_selector_key: openstack-control-plane
-          node_selector_value: enabled
-    network:
-      interface:
-        tunnel: docker0
-    conf:
-      neutron:
-        DEFAULT:
-          l3_ha: False
-          max_l3_agents_per_router: 1
-          l3_ha_network_type: vxlan
-          dhcp_agents_per_network: 1
-      plugins:
-        ml2_conf:
-          ml2_type_flat:
-            flat_networks: public
-        openvswitch_agent:
-          agent:
-            tunnel_types: vxlan
-          ovs:
-            bridge_mappings: public:br-ex
-        linuxbridge_agent:
-          linux_bridge:
-            bridge_mappings: public:br-ex
-...
diff --git a/type/skiff/charts/osh/openstack-compute-kit/nova.yaml b/type/skiff/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644
index 55e452286..000000000
--- a/type/skiff/charts/osh/openstack-compute-kit/nova.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova
-  labels:
-    name: nova-type
-    component: nova
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: nova-global
-      component: nova
-    actions:
-      - method: replace
-        path: .values.labels.agent
-      - method: delete
-        path: .values.ceph_client
-      - method: merge
-        path: .values.conf
-      - method: replace
-        path: .values.pod
-  storagePolicy: cleartext
-data:
-  values:
-    labels:
-      agent:
-        compute:
-          node_selector_key: openstack-compute-node
-          node_selector_value: enabled
-        compute_ironic:
-          node_selector_key: openstack-compute-node
-          node_selector_value: enabled
-    conf:
-      ceph:
-        enabled: false
-      nova:
-        libvirt:
-          virt_type: qemu
-    pod:
-      replicas:
-        api_metadata: 1
-        placement: 1
-        osapi: 1
-        conductor: 1
-        consoleauth: 1
-        scheduler: 1
-        novncproxy: 1
-...
diff --git a/type/skiff/charts/osh/openstack-glance/glance.yaml b/type/skiff/charts/osh/openstack-glance/glance.yaml
deleted file mode 100644
index 9f4cdc2b4..000000000
--- a/type/skiff/charts/osh/openstack-glance/glance.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: glance
-  replacement: true
-  labels:
-    name: glance-type
-    component: glance
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: glance-global
-      component: glance
-    actions:
-      - method: merge
-        path: .
-      - method: replace
-        path: .values.pod
-      - method: delete
-        path: .values.ceph_client
-  storagePolicy: cleartext
-data:
-  test:
-    enabled: false
-  values:
-    bootstrap:
-      enabled: false
-    pod:
-      replicas:
-        api: 1
-        registry: 1
-    storage: pvc
-...
diff --git a/type/skiff/charts/osh/openstack-ingress-controller/ingress.yaml b/type/skiff/charts/osh/openstack-ingress-controller/ingress.yaml
deleted file mode 100644
index 933a2d765..000000000
--- a/type/skiff/charts/osh/openstack-ingress-controller/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-ingress-controller
-  replacement: true
-  labels:
-    name: openstack-ingress-controller-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-ingress-controller-global
-      component: ingress
-    actions:
-      - method: replace
-        path: .values.pod
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/skiff/charts/osh/openstack-keystone/keystone.yaml b/type/skiff/charts/osh/openstack-keystone/keystone.yaml
deleted file mode 100644
index 2a337adc3..000000000
--- a/type/skiff/charts/osh/openstack-keystone/keystone.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: keystone
-  replacement: true
-  labels:
-    name: keystone-type
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: keystone-global
-      component: keystone
-    actions:
-      - method: replace
-        path: .values.pod
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/skiff/charts/osh/openstack-mariadb/mariadb.yaml b/type/skiff/charts/osh/openstack-mariadb/mariadb.yaml
deleted file mode 100644
index 9f30a54f3..000000000
--- a/type/skiff/charts/osh/openstack-mariadb/mariadb.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-mariadb
-  replacement: true
-  labels:
-    name: openstack-mariadb-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-mariadb-global
-      component: mariadb
-    actions:
-      - method: merge
-        path: .values.pod
-      - method: delete
-        path: .values.labels.prometheus_mysql_exporter
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/skiff/charts/osh/openstack-rabbitmq/rabbitmq.yaml b/type/skiff/charts/osh/openstack-rabbitmq/rabbitmq.yaml
deleted file mode 100644
index 25b7a1e4d..000000000
--- a/type/skiff/charts/osh/openstack-rabbitmq/rabbitmq.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-rabbitmq
-  replacement: true
-  labels:
-    name: openstack-rabbitmq-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-rabbitmq-global
-    actions:
-      - method: delete
-        path: .values.labels.prometheus_rabbitmq_exporter
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  test:
-    enabled: false
-  values:
-    pod:
-      replicas:
-        server: 1
-    monitoring:
-      prometheus:
-        enabled: false
-...
diff --git a/type/skiff/charts/ucp/armada/armada.yaml b/type/skiff/charts/ucp/armada/armada.yaml
deleted file mode 100644
index 284a84171..000000000
--- a/type/skiff/charts/ucp/armada/armada.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-armada
-  replacement: true
-  labels:
-    name: ucp-armada-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-armada-global
-    actions:
-      - method: replace
-        path: .source
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 1800
-  source:
-    type: local
-    location: /airship-components/armada
-    subpath: charts/armada
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/skiff/charts/ucp/armada/chart-group.yaml b/type/skiff/charts/ucp/armada/chart-group.yaml
deleted file mode 100644
index 7af12c4ed..000000000
--- a/type/skiff/charts/ucp/armada/chart-group.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-armada
-  replacement: true
-  labels:
-    name: ucp-armada-chart-group-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-armada-chart-group-global
-    actions:
-      - method: replace
-        path: .chart_group
-  storagePolicy: cleartext
-data:
-  chart_group:
-    - ucp-armada
-...
diff --git a/type/skiff/charts/ucp/core/ingress.yaml b/type/skiff/charts/ucp/core/ingress.yaml
deleted file mode 100644
index 9cc0392bc..000000000
--- a/type/skiff/charts/ucp/core/ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ingress
-  replacement: true
-  labels:
-    name: ucp-ingress-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ingress-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/skiff/charts/ucp/core/mariadb.yaml b/type/skiff/charts/ucp/core/mariadb.yaml
deleted file mode 100644
index e9d3799d4..000000000
--- a/type/skiff/charts/ucp/core/mariadb.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-mariadb
-  replacement: true
-  labels:
-    name: ucp-mariadb-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-mariadb-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 1800
-  test:
-    timeout: 600
-  values:
-    pod:
-      replicas:
-        server: 1
-        ingress: 1
-...
diff --git a/type/skiff/charts/ucp/core/postgresql.yaml b/type/skiff/charts/ucp/core/postgresql.yaml
deleted file mode 100644
index 8e7a3e3b1..000000000
--- a/type/skiff/charts/ucp/core/postgresql.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-postgresql
-  replacement: true
-  labels:
-    name: ucp-postgresql-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-postgresql-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/skiff/charts/ucp/core/rabbitmq.yaml b/type/skiff/charts/ucp/core/rabbitmq.yaml
deleted file mode 100644
index 207daba11..000000000
--- a/type/skiff/charts/ucp/core/rabbitmq.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-rabbitmq
-  replacement: true
-  labels:
-    name: ucp-rabbitmq-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-rabbitmq-global
-    actions:
-      - method: replace
-        path: .test
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  timeout: 1800
-  test:
-    enabled: false
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/skiff/charts/ucp/deckhand/barbican.yaml b/type/skiff/charts/ucp/deckhand/barbican.yaml
deleted file mode 100644
index 3508c255f..000000000
--- a/type/skiff/charts/ucp/deckhand/barbican.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-barbican
-  replacement: true
-  labels:
-    name: ucp-barbican-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-barbican-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/skiff/charts/ucp/deckhand/deckhand.yaml b/type/skiff/charts/ucp/deckhand/deckhand.yaml
deleted file mode 100644
index 80b421d51..000000000
--- a/type/skiff/charts/ucp/deckhand/deckhand.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-deckhand
-  replacement: true
-  labels:
-    name: ucp-deckhand-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-deckhand-global
-    actions:
-      - method: replace
-        path: .source
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 1800
-  source:
-    type: local
-    location: /airship-components/deckhand
-    subpath: charts/deckhand
-  values:
-    pod:
-      replicas:
-        deckhand: 1
-...
diff --git a/type/skiff/charts/ucp/keystone/keystone.yaml b/type/skiff/charts/ucp/keystone/keystone.yaml
deleted file mode 100644
index 0dd47c6ac..000000000
--- a/type/skiff/charts/ucp/keystone/keystone.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-keystone
-  replacement: true
-  labels:
-    name: ucp-keystone-type
-    component: keystone
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-keystone-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/skiff/charts/ucp/shipyard/shipyard.yaml b/type/skiff/charts/ucp/shipyard/shipyard.yaml
deleted file mode 100644
index 07f9c3348..000000000
--- a/type/skiff/charts/ucp/shipyard/shipyard.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-shipyard
-  replacement: true
-  labels:
-    name: ucp-shipyard-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-shipyard-global
-    actions:
-      - method: replace
-        path: .source
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 1800
-  source:
-    type: local
-    location: /airship-components/shipyard
-    subpath: charts/shipyard
-  values:
-    pod:
-      replicas:
-        shipyard:
-          api: 1
-        airflow:
-          worker: 1
-          scheduler: 1
-    conf:
-      shipyard:
-        # NOTE(drewwalters96): Since Drydock and Promenade are not deployed,
-        # temporarily alias those validations to Armada.
-        drydock:
-          service_type: armada
-        promenade:
-          service_type: armada
-...
diff --git a/type/skiff/config/endpoints.yaml b/type/skiff/config/endpoints.yaml
deleted file mode 100644
index f5c89559f..000000000
--- a/type/skiff/config/endpoints.yaml
+++ /dev/null
@@ -1,961 +0,0 @@
----
-# The purpose of this file is to define the site's endpoint catalog. This should
-# not need to be modified for a new site.
-# #GLOBAL-CANDIDATE#
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_endpoints
-  labels:
-    name: ucp_endpoints-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  ucp:
-    identity:
-      namespace: ucp
-      name: keystone
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    armada:
-      name: armada
-      hosts:
-        default: armada-api
-        public: armada
-      port:
-        api:
-          default: 8000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    deckhand:
-      name: deckhand
-      hosts:
-        default: deckhand-int
-        public: deckhand-api
-      port:
-        api:
-          default: 9000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    postgresql:
-      name: postgresql
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: postgresql+psycopg2
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    postgresql_airflow_celery:
-      name: postgresql_airflow_celery_db
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: db+postgresql
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9311
-          public: 80
-    airflow_oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /airflow
-      scheme: amqp
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /keystone
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-    oslo_cache:
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    physicalprovisioner:
-      name: drydock
-      hosts:
-        default: drydock-api
-        public: drydock-api
-      port:
-        api:
-          default: 9000
-          nodeport: 31900
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-    maas_region:
-      name: maas-region
-      hosts:
-        default: maas-region
-        public: maas-region
-      path:
-        default: /MAAS
-      scheme:
-        default: "http"
-      port:
-        region_api:
-          default: 80
-          nodeport: 31900
-          podport: 80
-          public: 80
-        region_proxy:
-          default: 8000
-      host_fqdn_override:
-        default: null
-    maas_ingress:
-      hosts:
-        default: maas-ingress
-        error_pages: maas-ingress-error
-      host_fqdn_override:
-        public: null
-      port:
-        http:
-          default: 80
-        https:
-          default: 443
-        ingress_default_server:
-          default: 8383
-        error_pages:
-          default: 8080
-          podport: 8080
-        healthz:
-          podport: 10259
-        status:
-          podport: 18089
-    kubernetesprovisioner:
-      name: promenade
-      hosts:
-        default: promenade-api
-      port:
-        api:
-          default: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    shipyard:
-      name: shipyard
-      hosts:
-        default: shipyard-int
-        public: shipyard-api
-      port:
-        api:
-          default: 9000
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-    prometheus_openstack_exporter:
-      namespace: ucp
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-  ceph:
-    object_store:
-      name: swift
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_mon:
-      namespace: ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6789
-    ceph_mgr:
-      namespace: ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7000
-      scheme:
-        default: "http"
-    tenant_ceph_mon:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6790
-    tenant_ceph_mgr:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7001
-        metrics:
-          default: 9284
-      scheme:
-        default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  osh:
-    object_store:
-      name: swift
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1/KEY_$(tenant_id)s
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    prometheus_mysql_exporter:
-      namespace: openstack
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    oslo_messaging:
-      statefulset:
-        name: airship-openstack-rabbitmq-rabbitmq
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /VHOST_NAME
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    openstack_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    oslo_cache:
-      namespace: openstack
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    identity:
-      namespace: openstack
-      name: keystone
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    image:
-      name: glance
-      hosts:
-        default: glance-api
-        public: glance
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9292
-          public: 80
-    image_registry:
-      name: glance-registry
-      hosts:
-        default: glance-registry
-        public: glance-reg
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9191
-          public: 80
-    volume:
-      name: cinder
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev2:
-      name: cinderv2
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev3:
-      name: cinderv3
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v3/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    orchestration:
-      name: heat
-      hosts:
-        default: heat-api
-        public: heat
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(project_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8004
-          public: 80
-    cloudformation:
-      name: heat-cfn
-      hosts:
-        default: heat-cfn
-        public: cloudformation
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8000
-          public: 80
-    cloudwatch:
-      name: heat-cloudwatch
-      hosts:
-        default: heat-cloudwatch
-        public: cloudwatch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      type: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8003
-          public: 80
-    network:
-      name: neutron
-      hosts:
-        default: neutron-server
-        public: neutron
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9696
-          public: 80
-    compute:
-      name: nova
-      hosts:
-        default: nova-api
-        public: nova
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8774
-          public: 80
-        novncproxy:
-          default: 80
-    compute_metadata:
-      name: nova
-      hosts:
-        default: nova-metadata
-        public: metadata
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        metadata:
-          default: 8775
-          public: 80
-    compute_novnc_proxy:
-      name: nova
-      hosts:
-        default: nova-novncproxy
-        public: novncproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /vnc_auto.html
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        novnc_proxy:
-          default: 6080
-          public: 80
-    compute_spice_proxy:
-      name: nova
-      hosts:
-        default: nova-spiceproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /spice_auto.html
-      scheme:
-        default: "http"
-      port:
-        spice_proxy:
-          default: 6082
-    placement:
-      name: placement
-      hosts:
-        default: placement-api
-        public: placement
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8778
-          public: 80
-    dashboard:
-      name: horizon
-      hosts:
-        default: horizon-int
-        public: horizon
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        web:
-          default: 80
-          public: 80
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.auth_path
-      dest:
-        path: .osh_infra.ldap.path.default
-        pattern: AUTH_PATH
-data:
-  osh_infra:
-    ceph_object_store:
-      name: radosgw
-      namespace: osh-infra
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    elasticsearch:
-      name: elasticsearch
-      namespace: osh-infra
-      hosts:
-        data: elasticsearch-data
-        default: elasticsearch-logging
-        discovery: elasticsearch-discovery
-        public: elasticsearch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-    prometheus_elasticsearch_exporter:
-      namespace: null
-      hosts:
-        default: elasticsearch-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9108
-    fluentd:
-      namespace: osh-infra
-      name: fluentd
-      hosts:
-        default: fluentd-logging
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        service:
-          default: 24224
-        metrics:
-          default: 24220
-    prometheus_fluentd_exporter:
-      namespace: osh-infra
-      hosts:
-        default: fluentd-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9309
-    oslo_db:
-      namespace: osh-infra
-      hosts:
-        default: mariadb
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-    prometheus_mysql_exporter:
-      namespace: osh-infra
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    grafana:
-      name: grafana
-      namespace: osh-infra
-      hosts:
-        default: grafana-dashboard
-        public: grafana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        grafana:
-          default: 3000
-          public: 80
-    monitoring:
-      name: prometheus
-      namespace: osh-infra
-      hosts:
-        default: prom-metrics
-        public: prometheus
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9090
-        http:
-          default: 80
-    kibana:
-      name: kibana
-      namespace: osh-infra
-      hosts:
-        default: kibana-dash
-        public: kibana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        kibana:
-          default: 5601
-          public: 80
-    alerts:
-      name: alertmanager
-      namespace: osh-infra
-      hosts:
-        default: alerts-engine
-        public: alertmanager
-        discovery: alertmanager-discovery
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9093
-          public: 80
-        mesh:
-          default: 6783
-    kube_state_metrics:
-      namespace: kube-system
-      hosts:
-        default: kube-state-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 8080
-    kube_scheduler:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    kube_controller_manager:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    node_metrics:
-      namespace: kube-system
-      hosts:
-        default: node-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9100
-        prometheus_port:
-          default: 9100
-    process_exporter_metrics:
-      namespace: kube-system
-      hosts:
-        default: process-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9256
-    prometheus_openstack_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-    nagios:
-      name: nagios
-      namespace: osh-infra
-      hosts:
-        default: nagios-metrics
-        public: nagios
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        http:
-          default: 80
-          public: 80
-    ldap:
-      hosts:
-        default: ldap
-      host_fqdn_override:
-        default: null
-      path:
-        default: /AUTH_PATH
-      scheme:
-        default: "ldap"
-      port:
-        ldap:
-          default: 389
-...
diff --git a/type/skiff/config/service_accounts.yaml b/type/skiff/config/service_accounts.yaml
deleted file mode 100644
index 4541cdc2f..000000000
--- a/type/skiff/config/service_accounts.yaml
+++ /dev/null
@@ -1,437 +0,0 @@
----
-# The purpose of this file is to define the account catalog for the site. This
-# mostly contains service usernames, but also contain some information which
-# should be changed like the region (site) name.
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_service_accounts
-  labels:
-    name: ucp_service_accounts-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-    ucp:
-        postgres:
-            admin:
-                username: postgres
-            replica:
-                username: standby
-            exporter:
-                username: psql_exporter
-        oslo_db:
-            admin:
-                username: root
-        oslo_messaging:
-            admin:
-                username: rabbitmq
-        keystone:
-            admin:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: admin
-                project_name: admin
-                user_domain_name: default
-                project_domain_name: default
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-            oslo_db:
-                username: keystone
-                database: keystone
-        promenade:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: promenade
-        drydock:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: drydock
-            postgres:
-                username: drydock
-                database: drydock
-        shipyard:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: shipyard
-            postgres:
-                username: shipyard
-                database: shipyard
-        airflow:
-            postgres:
-                username: airflow
-                database: airflow
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                user:
-                    username: airflow
-        maas:
-            admin:
-                username: admin
-                email: none@none
-            postgres:
-                username: maas
-                database: maasdb
-        barbican:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: barbican
-            oslo_db:
-                username: barbican
-                database: barbican
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-        armada:
-            keystone:
-                project_domain_name: default
-                user_domain_name: default
-                project_name: service
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                username: armada
-        deckhand:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: deckhand
-            postgres:
-                username: deckhand
-                database: deckhand
-        prometheus_openstack_exporter:
-            user:
-                region_name: RegionOne
-                role: admin
-                username: prometheus-openstack-exporter
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-    ceph:
-        swift:
-            keystone:
-                role: admin
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: swift
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.keystone.admin.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.cinder.cinder.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.glance.glance.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_trustee.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_stack_user.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.swift.keystone.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.neutron.neutron.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.nova.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.placement.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.barbican.barbican.region_name
-data:
-  osh:
-    keystone:
-      admin:
-        username: admin
-        project_name: admin
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: keystone
-        database: keystone
-      oslo_messaging:
-        keystone:
-          username: keystone-rabbitmq-user
-      ldap:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        username: "test@ldap.example.com"
-    cinder:
-      cinder:
-        role: admin
-        username: cinder
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: cinder
-        database: cinder
-      oslo_messaging:
-        cinder:
-          username: cinder-rabbitmq-user
-    glance:
-      glance:
-        role: admin
-        username: glance
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: glance
-        database: glance
-      oslo_messaging:
-        glance:
-          username: glance-rabbitmq-user
-      ceph_object_store:
-        username: glance
-    heat:
-      heat:
-        role: admin
-        username: heat
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_trustee:
-        role: admin
-        username: heat-trust
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_stack_user:
-        role: admin
-        username: heat-domain
-        domain_name: heat
-      oslo_db:
-        username: heat
-        database: heat
-      oslo_messaging:
-        heat:
-          username: heat-rabbitmq-user
-    swift:
-      keystone:
-        role: admin
-        username: swift
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-oslodb-exporter
-    neutron:
-      neutron:
-        role: admin
-        username: neutron
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: neutron
-        database: neutron
-      oslo_messaging:
-        neutron:
-          username: neutron-rabbitmq-user
-    nova:
-      nova:
-        role: admin
-        username: nova
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      placement:
-        role: admin
-        username: placement
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: nova
-        database: nova
-      oslo_db_api:
-        username: nova
-        database: nova_api
-      oslo_db_cell0:
-        username: nova
-        database: "nova_cell0"
-      oslo_messaging:
-        nova:
-          username: nova-rabbitmq-user
-    horizon:
-      oslo_db:
-        username: horizon
-        database: horizon
-    barbican:
-      barbican:
-        role: admin
-        username: barbican
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: barbican
-        database: barbican
-      oslo_messaging:
-        barbican:
-          username: barbican-rabbitmq-user
-    oslo_messaging:
-      admin:
-        username: admin
-    tempest:
-      tempest:
-        role: admin
-        username: tempest
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh_infra.prometheus_openstack_exporter.user.region_name
-data:
-  osh_infra:
-    ceph_object_store:
-      admin:
-        username: s3_admin
-      elasticsearch:
-        username: elasticsearch
-    grafana:
-      admin:
-        username: grafana
-      oslo_db:
-        username: grafana
-        database: grafana
-      oslo_db_session:
-        username: grafana_session
-        database: grafana_session
-    elasticsearch:
-      admin:
-        username: elasticsearch
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-infra-oslodb-exporter
-    prometheus_openstack_exporter:
-      user:
-        role: admin
-        username: prometheus-openstack-exporter
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    nagios:
-      admin:
-        username: nagios
-    prometheus:
-      admin:
-        username: prometheus
-    ldap:
-      admin:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        bind: "test@ldap.example.com"
-...
diff --git a/type/skiff/manifests/bootstrap.yaml b/type/skiff/manifests/bootstrap.yaml
deleted file mode 100644
index 7551e69fe..000000000
--- a/type/skiff/manifests/bootstrap.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: cluster-bootstrap
-  labels:
-    name: cluster-bootstrap-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: cluster-bootstrap-global
-    actions:
-      - method: replace
-        path: .chart_groups
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - osh-infra-nfs-provisioner
-    - ucp-core
-    - ucp-keystone
-    - ucp-shipyard
-    - ucp-armada
-    - ucp-deckhand
-...
diff --git a/type/skiff/manifests/full-site.yaml b/type/skiff/manifests/full-site.yaml
deleted file mode 100644
index ce4c24d75..000000000
--- a/type/skiff/manifests/full-site.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: full-site
-  labels:
-    name: full-site-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: full-site-global
-    actions:
-      - method: replace
-        path: .chart_groups
-  storagePolicy: cleartext
-data:
-  chart_groups:
-    - openstack-ingress-controller
-    - openstack-mariadb
-    - openstack-rabbitmq
-    - openstack-memcached
-    - openstack-keystone
-    - openstack-glance
-    - openstack-compute-kit
-    - openstack-heat
-...
diff --git a/type/skiff/networks/common-addresses.yaml b/type/skiff/networks/common-addresses.yaml
deleted file mode 100644
index 62a1d7b92..000000000
--- a/type/skiff/networks/common-addresses.yaml
+++ /dev/null
@@ -1,154 +0,0 @@
----
-schema: pegleg/CommonAddresses/v1
-metadata:
-  schema: metadata/Document/v1
-  name: common-addresses
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  calico:
-    # NEWSITE-CHANGEME: The interface that calico will use. Update if your
-    # logical bond interface name or calico VLAN have changed from the reference
-    # site design.
-    # This should be whichever
-    # bond and VLAN number specified in networks/physical/networks.yaml for the
-    # Calico
-    # network. E.g. VLAN 22 for the calico network as a member of bond0, you
-    # would set "interface=bond0.22" as shown here.
-    ip_autodetection_method: interface=bond0.22
-    etcd:
-      # etcd service IP address
-      service_ip: 10.96.232.136
-
-  dns:
-    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
-    cluster_domain: cluster.local
-    # DNS service ip
-    service_ip: 10.96.0.10
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    upstream_servers:
-      - 8.8.8.8
-      - 8.8.4.4
-    # Repeat the same values as above, but formatted as a common separated
-    # string
-    upstream_servers_joined: 8.8.8.8,8.8.4.4
-    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
-    # Choose FQDN according to the ingress/public FQDN naming conventions at
-    # the top of this document.
-    ingress_domain: ucp.svc.cluster.local
-
-  genesis:
-    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
-    # the Genesis role. Refer to the hostname naming stardards in
-    # networks/physical/networks.yaml
-    # NOTE: Ensure that the genesis node is manually configured with this
-    # hostname before running `genesis.sh` on the node.
-    hostname: cab23-r720-11
-    # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
-    # the calico network defined in networks/physical/networks.yaml for this IP.
-    ip: 10.23.22.11
-
-  bootstrap:
-    # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
-    # defined for the pxe network in networks/physical/networks.yaml
-    ip: 10.23.20.11
-
-  kubernetes:
-    # K8s API service IP
-    api_service_ip: 10.96.0.1
-    # etcd service IP
-    etcd_service_ip: 10.96.0.2
-    # k8s pod CIDR (network which pod traffic will traverse)
-    pod_cidr: 10.97.0.0/16
-    # k8s service CIDR (network which k8s API traffic will traverse)
-    service_cidr: 10.96.0.0/16
-    # misc k8s port settings
-    apiserver_port: 6443
-    haproxy_port: 6553
-    service_node_port_range: 30000-32767
-
-  # etcd port settings
-  etcd:
-    container_port: 2379
-    haproxy_port: 2378
-
-  # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
-  # control plane servers. Ensure that this matches the nodes with the 'masters'
-  # tags applied in baremetal/nodes.yaml
-  masters:
-    - hostname: cab23-r720-12
-    - hostname: cab23-r720-13
-    - hostname: cab23-r720-14
-
-  # NEWSITE-CHANGEME: Environment proxy information.
-  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy
-  # section
-  # should be commented out.
-  # However if you are in a lab that requires proxy, ensure that these proxy
-  # settings are correct and reachable in your environment; otherwise update
-  # them with the correct values for your environment.
-  proxy:
-    http: ""
-    https: ""
-    no_proxy: []
-
-  node_ports:
-    drydock_api: 30000
-    maas_api: 30001
-    maas_proxy: 31800  # hardcoded in MAAS
-
-  ntp:
-    # comma separated NTP server list. Verify that these upstream NTP servers
-    # are
-    # reachable in your environment; otherwise update them with the correct
-    # values for your environment.
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
-
-  # NOTE: This will be updated soon
-  ldap:
-    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
-    # relevant for your type of deployment (test vs prod values, etc).
-    base_url: 'ldap.example.com'
-    # NEWSITE-CHANGEME: As above, with the protocol included to create a full
-    # URI
-    url: 'ldap://ldap.example.com'
-    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
-    # deployment (test vs prod values, etc)
-    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
-    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
-    # relevant for this deployment (test users vs prod users/values, etc)
-    common_name: test
-    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
-    # deployment (test vs prod values, etc)
-    subdomain: test
-    # NEWSITE-CHANGEME: Update to the correct domain for your type of
-    # deployment (test vs prod values, etc)
-    domain: example
-
-  storage:
-    ceph:
-      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
-      # used for the `storage` network in networks/physical/networks.yaml
-      public_cidr: '10.23.23.0/24'
-      cluster_cidr: '10.23.23.0/24'
-
-  neutron:
-    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
-    # VLAN number are consistent with what's defined for the bond and the
-    # overlay
-    # network in networks/physical/networks.yaml
-    tunnel_device: 'docker0'
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'docker0'
-
-  openvswitch:
-    # bond which the overlay is a member of. Ensure the bond name is consistent
-    # with the bond assigned to the overlay network in
-    # networks/physical/networks.yaml
-    external_iface: 'docker0'
-...
diff --git a/type/skiff/secrets/certificates/certificates.yaml b/type/skiff/secrets/certificates/certificates.yaml
deleted file mode 100644
index a4b37ef2e..000000000
--- a/type/skiff/secrets/certificates/certificates.yaml
+++ /dev/null
@@ -1,2805 +0,0 @@
----
-# Certs generated by Promenade, see docs at
-# https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#building-the-promenade-bundle
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy
-  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5
-  SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ
-  1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK
-  N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ
-  uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B
-  qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE
-  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY
-  /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG
-  9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85
-  YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G
-  CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB
-  yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/
-  YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV
-  FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK
-  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN
-  mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S
-  8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU
-  Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu
-  93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa
-  BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO
-  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC
-  0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX
-  x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY
-  sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI
-  d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub
-  /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp
-  zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR
-  t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD
-  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
-  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt
-  +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs
-  8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA
-  fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC
-  3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs
-  1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C
-  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
-  VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz
-  EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh
-  3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I
-  +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+
-  im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL
-  hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV
-  DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl
-  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ
-  48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F
-  qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW
-  /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX
-  T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr
-  OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/
-  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ
-  a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG
-  SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt
-  YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ
-  SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp
-  qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un
-  XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg
-  KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT
-  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
-  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B
-  NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt
-  FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E
-  ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8
-  jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC
-  JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk
-  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL
-  fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X
-  0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr
-  EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5
-  9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9
-  cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+
-  O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O
-  nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF
-  eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE
-  kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD
-  Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6
-  ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP
-  wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn
-  lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy
-  0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3
-  zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G
-  9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y
-  MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE
-  vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94
-  79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL
-  ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ
-  SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH
-  pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1
-  8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO
-  AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd
-  SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC
-  nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj
-  XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H
-  fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT
-  RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43
-  RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0
-  ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB
-  6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO
-  RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe
-  jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF
-  jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI
-  0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw
-  qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy
-  bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK
-  y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn
-  hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv
-  Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr
-  V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv
-  meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm
-  Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN
-  qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq
-  /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa
-  wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn
-  h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g
-  ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd
-  +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY
-  OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67
-  PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF
-  o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z
-  JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w
-  VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b
-  A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS
-  vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0
-  w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3
-  q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6
-  GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V
-  tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL
-  kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR
-  w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM
-  NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT
-  cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX
-  GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL
-  KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp
-  FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ
-  q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ
-  9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/
-  yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm
-  cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG
-  t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc
-  e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9
-  EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN
-  qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O
-  s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl
-  t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM
-  E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj
-  wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq
-  IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9
-  6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP
-  mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7
-  EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm
-  fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t
-  aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN
-  iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO
-  QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA
-  2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f
-  8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8
-  uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE
-  rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV
-  CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ
-  LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u
-  3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ
-  qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc
-  ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy
-  Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n
-  +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ
-  +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C
-  N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY
-  JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf
-  SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO
-  cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI
-  OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp
-  90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+
-  aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv
-  ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq
-  sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB
-  PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh
-  WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj
-  SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6
-  v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR
-  +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O
-  OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV
-  FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63
-  l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+
-  R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh
-  oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI
-  fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len
-  mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H
-  9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/
-  j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc
-  V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy
-  PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A
-  gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz
-  MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
-  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E
-  7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo
-  BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv
-  ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW
-  nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3
-  tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6
-  eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK
-  o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw
-  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
-  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
-  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
-  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b
-  aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci
-  DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8
-  f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4
-  xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR
-  nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE
-  hZ31xtrZ
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ
-  d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m
-  xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW
-  SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6
-  vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC
-  87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P
-  0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM
-  4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw
-  bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS
-  TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC
-  5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc
-  2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex
-  +dVrrs9WHz75bkI2WjM=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH
-  1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39
-  l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61
-  Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ
-  /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX
-  cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO
-  FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1
-  +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE
-  sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P
-  SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q
-  LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1
-  xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK
-  QijkMKvqKTOlnfNKDfc=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL
-  832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp
-  Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N
-  Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH
-  ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n
-  z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf
-  zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER
-  bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs
-  /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp
-  z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS
-  79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7
-  ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO
-  g4yoDBEEyyW9r5Eueog=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i
-  lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B
-  Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH
-  0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL
-  K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1
-  S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf
-  UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH
-  hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM
-  R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP
-  aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n
-  DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf
-  m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq
-  1IDSL9AZgtvpDsmvRCs=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ
-  Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g
-  CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X
-  Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF
-  lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i
-  V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ
-  2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim
-  WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5
-  AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF
-  242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9
-  iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn
-  W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd
-  nTuWAQKSi1NkrbMGPbM=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok
-  +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd
-  7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7
-  KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr
-  o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs
-  aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE
-  vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c
-  +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ
-  nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7
-  5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K
-  3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh
-  HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz
-  zr1W0czzU7eCi2O0qCU=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-17
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw
-  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk
-  kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK
-  vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO
-  35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP
-  rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK
-  mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA
-  AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-  AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl
-  HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
-  DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g
-  CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2
-  cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9
-  kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5
-  ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01
-  5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9
-  84nzOVurqWynOCj0k3o=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-19
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
-  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-  AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH
-  64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q
-  EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n
-  hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp
-  MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm
-  VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
-  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-  BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY
-  /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK
-  5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f
-  jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl
-  tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY
-  nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR
-  n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
-  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5
-  ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5
-  PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp
-  nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7
-  VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V
-  xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh
-  lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo
-  QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x
-  CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv
-  yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3
-  OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A
-  qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG
-  IoGdwQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9
-  lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F
-  u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP
-  bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N
-  NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb
-  xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh
-  lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz
-  ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25
-  xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx
-  TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ
-  Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp
-  H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn
-  2BPjNA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
-  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl
-  +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R
-  VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J
-  s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN
-  RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D
-  BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE
-  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
-  ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr
-  4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2
-  8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj
-  VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq
-  rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG
-  mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3
-  ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg
-  syTdZ3I=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ
-  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA
-  bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg
-  dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT
-  VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N
-  Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF
-  64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X
-  P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W
-  VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH
-  MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X
-  5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x
-  yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU
-  eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D
-  UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c
-  i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG
-  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ
-  nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO
-  FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r
-  G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv
-  HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD
-  e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW
-  PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
-  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9
-  kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G
-  CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU
-  2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN
-  hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M
-  yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO
-  1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD
-  PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX
-  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-  ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6
-  92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA
-  yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO
-  xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0
-  kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA
-  gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ
-  5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh
-  bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
-  b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
-  gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav
-  7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu
-  GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2
-  o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af
-  mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j
-  Tib+SzbWdTFqGbMPk9MEfA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf
-  d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ
-  Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T
-  VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw
-  zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS
-  X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW
-  gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il
-  655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68
-  FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau
-  rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH
-  PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5
-  EQlDREoA0bLsv7s0L7v2Vwp5bFox7g==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE
-  YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ
-  s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi
-  rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv
-  oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR
-  4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW
-  gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz
-  UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN
-  ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w
-  F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK
-  SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq
-  EWp+HehyXnaLegneQ+leO8NmE0fcNw==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC
-  hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X
-  Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh
-  2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb
-  rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb
-  3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW
-  gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa
-  1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2
-  MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G
-  SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs
-  TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu
-  fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL
-  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
-  a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/
-  KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz
-  +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt
-  To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD
-  0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy
-  YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P
-  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW
-  gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0
-  gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
-  c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR
-  l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX
-  ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U
-  JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV
-  ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4
-  yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD
-  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
-  AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD
-  LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0
-  VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+
-  J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi
-  Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f
-  irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G
-  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
-  VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j
-  BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy
-  MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
-  LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN
-  AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT
-  7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4
-  5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL
-  4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI
-  hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz
-  hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d
-  uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX
-  s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/
-  zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5
-  gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS
-  89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw
-  HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M
-  sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN
-  2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q
-  biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO
-  URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC
-  NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E
-  RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh
-  DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj
-  UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV
-  6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e
-  WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw
-  HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U
-  Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk
-  tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh
-  QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u
-  x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK
-  1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z
-  LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi
-  ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP
-  e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4
-  cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud
-  s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w
-  HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8
-  gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7
-  /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1
-  ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v
-  YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv
-  N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL
-  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
-  VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq
-  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3
-  15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3
-  chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC
-  jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW
-  bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3
-  zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs
-  MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-  AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw
-  HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
-  MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
-  ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ
-  KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t
-  mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5
-  vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF
-  kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB
-  MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2
-  2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo
-  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD
-  XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD
-  xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB
-  4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP
-  CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K
-  XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b
-  7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ
-  KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI
-  hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU
-  KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH
-  ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg
-  D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W
-  VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g
-  OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl
-  UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z
-  /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT
-  0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR
-  Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx
-  c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf
-  6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo
-  b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm
-  IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY
-  Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy
-  sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U
-  EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo
-  okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ
-  gqaXdbwIVm/8DnV2w2Da
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF
-  CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy
-  PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq
-  II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y
-  ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL
-  2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf
-  6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo
-  b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAS
-  W5+GtNrnYWY+o/YFB9hN50wUQJSarBHXxcH++eKrLMgqCWYoPQXLHnDzFmgl4TcK
-  J/6AEjofznb9Dnjek06Lvk4NvkaVk/cjQmAhOrZ1DuEzzPl//kV/Fi1a6R8tureM
-  SFsPZF7nLOqNNQ2ppvzwnxxMY4JKokcv1Q4XlK3w3cC1xrfizOlgaUJoZjfKXoal
-  1yXLhfFB8RfOtBzNiKpU27tT7/v8rYQtnsCwd+ilAdcQg+WV2xzrvy8ndVfclSnK
-  FVL75ztSraPeIFJEPmBEP42MhodHkkr6QIVN8LhsqLJLAzJ08Xmn7WUYqvxHzMox
-  GPqg3xx+jfE63J0cOg/M
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUB3Gqls8WVWB8MTJQ7RV8De5J/sswDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U40OZNRDy
-  6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGHnTGWId3w
-  ZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG2FZrv2MB
-  v+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqjcmwLakRE
-  2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPkKHS62+rS
-  lA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQUqkG3vzyHafavr43HYS2IuavXme0wHwYDVR0jBBgwFoAU8vuH+Tuf
-  6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo
-  b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCS
-  /fjOtyHhUKjt/bM7rjJDEHRCZbBa6Crm9gc0xiCMSFdmcNaykmBQbjAiMKNiXBGT
-  y7TBmRrgTQPwuistOjmLdcZRDTNt6nq99HXsCtuEgj4yYRoV5CvSCbavnIsTWBw3
-  nD8rnhAwJ36fkd5WmDScfGJCEFbRzZt3fU8Jh4QRfxPo8zdw0zRYk+DrudAl+8te
-  mUIXSXhLpb+rce3dSySj2pQnbVewpX2njiq4PC+kkWf7/lIacqfsoKPEkvfDvlWC
-  Ycamy+Fn4ShIqDVOZI9t4ZbXfY/FhWDUpsJFpQfqygdhxNTGeciqICwwJ20JQxhV
-  gB1V+8wQ7jrTcffaY3S3
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIULb78kNXKxBQESfNKmX5f1Dkn7IAwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
-  Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-  CgKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZhd0AnXF2J
-  WW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4YoeeV7SUxt8
-  9ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/CrhjwcccR7G
-  KQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ43rEQLHY
-  fq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEEtstsAAhS
-  H6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
-  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
-  BgNVHQ4EFgQU9T+pH6iYmK3RQ1XZCA6pQQzQoWwwHwYDVR0jBBgwFoAU8vuH+Tuf
-  6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo
-  b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAF
-  9dw0unYs+fXtnfMnoxDbHQOM9/PvryNQGbNYBj+lUkR4VmG6E5hO2PdnxW6g4SG3
-  pT5ZGCzpsJYGEdWuGGy8J5OHUehDYqIE7o60pXU8Nq4BdYRvwJhzV09sF5/3TrI7
-  gDpKYbkRHoJLSUFTkbn9MsvHEioYDf1Vg9553ViOFWOcZSZUxqTJKCpTbRWJlUf+
-  +HoSfMfFN1vcFnNMHGelAdDJ7S754omqyjb9iMiwX+A7wXEfEeoBGsL5yx8ZggjU
-  ZQh0LD7xsJzK7AXA2eek3IstvQUq2x0S7+XhRBv5UyST491iry7cblvRbz/vR+5N
-  MHGzukAVu/e2/W+FKXfw
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDTzCCAjegAwIBAgIUMhGorPD2GdueaYnEJTPT+UjVG7AwDQYJKoZIhvcNAQEL
-  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAXMRUwEwYDVQQDEwxjYWxj
-  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUFwU/K/O0
-  X+4T9/R9tyol3mgT0Ovh909wyqP36L0ZHaVzOhTjYL3i4o6nJvJb6+jJdgjh50Fb
-  IxXnDWdZGdtZ20OJzvgjAIvpiEy8M9+QSxjAvkX0CkIJgwyZppjJlgHLpbnha1mW
-  V7tApu/rNDWtH3Bp13zorgBniMOxhh1gdjTUh1OEcK3BsH0KJvb/FoH/DxHX+gZE
-  ywBAojAh1k24Ii8ADPvc/6X10HtHYqP+svbu22bssK9CNMTRJV9kKg/K75XrMKh8
-  +/3QcKXN6CO+sRLcAgRRE7FmHBxq2pp68aGHIiqYLp0FOPC39PXVrmIgdvkYuSej
-  ne+1F+zvkSmpAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7wdpGoJq
-  uWefd5h5DGld/AeElB8wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXsw
-  DQYJKoZIhvcNAQELBQADggEBABLzGwaacGbF1EioZFTemH572oRQCDFVfxcvUsAQ
-  hH4wVS4LBWq/DRBEHRy0eahIvXcflDO7JXaVryISi4kBCErA5ckLc6lonrX4gG4N
-  5z8NhwunpA3i6+kUY1GmuQM3Qqamye5c6VjiKN06GAAHjThcqk+18xTzeCP760o5
-  3FSfPJFudUmVNAe5sX8wml1vb5IkYSySUhQNrrzSStGxVkGVGag0ClzQX4AozLfS
-  v7NahVJ6cofbWP/UjXsp9LX86doCCLL4r45rTCUDoGJ3PcrCsFLkg1SoJclCZ4hO
-  eVITmfRdeHsRYfZwEoIEzi5bgpNLORkBsHA1gF1yHiSboJA=
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUbfCuuzB4Pe1LTQ3Pskfs9Y8o8+QwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBALq3J5Ng7EC0667Ta3R7DbDAfweUy1Pt+UD8pJy8qpfY
-  mTR7LvfBMPKyQOsGKp6tcmUeqRsL3pcX5EXFjK8PaxMmoWEFNrL9jWMYXa0BZV2t
-  RWauAyjFXH17wDGT1Yqqz4efdiyEoHpqdeGx29HmRdUQRsY2b5DWnFJpZKZ4WVnN
-  GhWp+DgOo38YrNqg4ksqOY4JNmEq0AH0sjYKQKeeDop69JiLbFkeJVcXrugsbWT9
-  qElJKs/fSqXV/VVWBK+OIptEpduW39bBmpgnyRJLKeHN07Juzs9Kg3pq5VDVjya4
-  +CvKmyfZnl8FfHM/7U47aXbxXu6Fcb/UF4t/zJD5GaMCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFBV4PR9yIeXI73RNuQFPFtkFDwXNMB8GA1UdIwQY
-  MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAbulfprS3spW8OdeIjYTMV6+Hgop7xW2ZFHjjXkMoUAK/1mOhcbmS
-  vVUasb+v7Juj75kiCLPAZgdo2aIdg3FQRhpHyPp4ki99m6fIqoWPpSAzsKEFtxO6
-  zFsgpnoUQRzUsWb8FPBwWznms7gfm/04Mv+8mcpZw0eDR3aJrYqoDlDSlrL1kKg3
-  VGgrkobxxufBLT1PCR+ZsmbrzAtJl+3XgRNESiS7/XhIT4jeZezlOHKGxGbxSNxw
-  OL9XtWmrg1lpw7TfzODUZm45pjr+UZTKREIN4Ogw6DLNQz0p4M6OYOQFJAd7cc3R
-  1d830c3UQu+7YyYfcfehmE9rpgHix52hcQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUGpWyiTwfzPI0ek24/GJQPcnaGBowDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBAMO5C7zxX11lixThzBLqK3gtMiHMIDEB/I36qqQ6jFtW
-  phAUAOQzBLZf1W7679/xAT0auJ00nkF2VIjoBfQafvKksQJ9Y/2Xw0H+/nbQ6+g3
-  9FTA5cG3mW7VKGR4ITHHFBWXmQGecL80+4rMxTYsplgXR54S2G104oJwHmXhdCsM
-  Yn+VMm24zxXLjNZO5Py+uHzMW7sVfGZoK8klllS0IGp03jS4KLo3sx5IF64O2GH9
-  OG8e45KOQe6Z14YTBFisjTswSlNcyenlQX71mXL+dITX9ZQtnuYzaPNaT9ze/hPC
-  cufofK0fmCVX8btZuSinyZZegCiA+oOUrMouqfUPSsUCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFPiJ7mhmVtYse4a1RNPKfKzbOTC2MB8GA1UdIwQY
-  MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAQPYErYGdJH30Ls4SEL6V3hnxKk09izMzBL1VmKtiWo2gnizPUzSi
-  ex+4VsSoHW1xOgU6I7Pshp6uIJSGh2dYpAinYkdmxcEREjDxGe3TOCnhRDltqD13
-  LwESCNymvXNLgxJp0+dkrx6r97rTaaeS79fJpjr/ROXOnhp8pFVu5NJ4bCAPmIJh
-  RB7ZLqNexNSwwwRaJcnOYKWpq+nZcR6RRQdcFcAs+Jxmy/2fm+wwuen0iIccIuHC
-  EslQ8dUcaTdwRMubVcCc5OlEXcdkXP9k0jjITd/B6SCISvcT9SZmHouX3pKtjKBW
-  s1kP9qWNQ+EUpRVr3FojxAsPiDj4RxPb0w==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUd+FMs/P3piVhkMLoxxDYI7zB+ukwDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBAJzH9c5wHgQgzcUaYjAPEyTTRhf/jH0feZNdz3MY5xw6
-  ylyLBthr7qfjEkIywgUjUUj5LA8gKFpqeqU4ejee7a/KopmqiMrf9DnjlU9sf6t6
-  Ci5CgURnDbUdqm2ePbfGRUvvUD5g0CzJe849jeZIXXMjIpjT1XnStr2ufLGWr9Dh
-  8oNlz887DNhuRiDsd6AaIv5zv6Gy3GlARzfJWXhTKZ0sfpEq8IyvQbAZ7KXubKUm
-  cns30UQ1gmzXJsavV/YqrIBBRSYxqDDMlmELDmrOg3Q9bQL1f3eYSFkkCE2ubuxO
-  cIrmLpGMO1YiwexUFjBQ/30+VA0JK0ypjIdbG1qXuu0CAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFCAuHTuZgMXSFEmPOTyCp76Hu6MaMB8GA1UdIwQY
-  MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAkxVOj5i21py4hoiCMbFJy+wZr2iMTHjwdeM55e49f/xDN/GSMU1C
-  d40kfAj3BG/WQD1S3wKI1z0WvPsxQnTns8KHKrStni+vy9M79yWcvgr62ae6GhfH
-  E/DgBxOFm+uGt5iPB3O4GcDncsry6AP1Awbi/XsAOHNkv2c3sl6uOH9B3U5wo8rb
-  6iEg+thkIrKTNxd1ErT0KSFkAr1+oYhw41LPSjEGykI6NmPLpszgyALOZAIG8/MH
-  4m5WlTdGszEvLGHyTR9UGIpXG3o7eu8+nN9Edzt4CugREmaStz8dNhvkmZBC4ROY
-  AIxRnNa+cTbN2Qlz+y9ah9/f8VqvuNiMEg==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDpTCCAo2gAwIBAgIUQyouqBJjNbpLH4WSz+SG2Iel350wDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
-  HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB
-  BQADggEPADCCAQoCggEBANKWus3FABiJCZNbXZ/zoxYwoSCqeYZ4K1XSbp4N10JY
-  yv4yweyI+sGh0M0fvX3YUjgXqDtFoIJteCe+nLnErhwuhX3yY+Yeci/ZUrn+F0NP
-  5KJ0XlehTl7S8uiIl7nhfwYuvUgW1CFjeMBqI+I6ovj9zI9D5zk6tf/rQf6ZIfB5
-  Bb7fmZXmWX4nx86UevofGGTKIGajITRMOugM3aRL038tAd7oHH5FNa8UOMhUB+lF
-  0YYx6OOXNRriHIANYYYPnUtCcPXmsCUvDnLTN0Ka7iqETbga+9WurXxDEdSr83lu
-  htRWvgHCHRk1uUmxOWJGY+ASxqtqkWBZBHkNMHOHUskCAwEAAaOBvTCBujAOBgNV
-  HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
-  EwEB/wQCMAAwHQYDVR0OBBYEFGxndUTeXVH/wHeR2LW0SXIcHCIfMB8GA1UdIwQY
-  MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
-  MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B
-  AQsFAAOCAQEAkXpwJIbr27QBTsPMcuGNRFFjejJmefxO6TP93PV/UusnXAlFMZVZ
-  lOPj6C6fzY4yLVB7i7ctJjYhGp6UUYULzmCeAjZsSRId3HSyOgUDol1BeblCL5OG
-  u0Th/SX5LELJK8N7L3DGVIYHuJBwkPVSAg4CNjT9kuhhnu1ld1fkgCb3suLg9m/f
-  Pc5u99E2LzfuVgJZB4whJWja7aJ1VgEk/bzsCIK1shxGBBPv21NQFKPdg0RGp4if
-  hRZo+BWonZhRLgfr76Mo+tqXUdeYmIjqa4gH2e2wpSJtUc6CnrJLqHVRg+18WGz7
-  KqW2r2YUTk2R+4AdJP2m/mUGFMTrduRERQ==
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDWTCCAkGgAwIBAgIUT1UJXPl56W5pfCKaC7hPjRXbkPowDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBwxGjAYBgNVBAMT
-  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGytoPe9i3QSImqbF
-  rmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4VnuCl4w38XhH
-  wkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeagw2wREaRd1wdE
-  MweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+26mgdoqGQ1jZ
-  TYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8iifEKt100wOQH1
-  5hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
-  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-  BBYEFABa6Hqh29OxXGpp19Od2TiSyGrIMB8GA1UdIwQYMBaAFEt8pjwm7JWWYSbh
-  rpUHrlfTHlphMA0GCSqGSIb3DQEBCwUAA4IBAQCD4xsFhmigJ6KkkJ/ANREHFOcC
-  k0WusFQylK9c3/HWVhkVMW/UlvUBi1ZyJD8bk6H6qfBvi7ACuUWZHTrAWo89cv0t
-  z7VA39mD+yY048Yv5c80cnCogxhQtM4MXiggMAbrTgTzHExxRRDS2Mai4Uz7V2Jb
-  calUCe/YEeDDZUJu1Z16qSQ5lqXmVomkhMnqI0yTNoYbYkfI9c/gOqz5HLPOti5O
-  Cj3AKM/VqoLWHCSdck2CLqPT4ayDRQEuaYWLznOyRWmcJy72a4WZOHeyFI5O5t9h
-  lT8EGbgF7FS5++Te5Qpalti99sPkBfiwZB0FE/NCH+pWg16186czTuRwbZEF
-  -----END CERTIFICATE-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA73TXkNg4A/nHn0TsmUsWmvpE0jxUZFc+RMCio5h526Vhb4Qu
-  kO6TIqVZ49wfPEuv8GVdZtJV+WkaUmgFD2G8wiZGKIWs0CaEbSp9u8ycmW2W1tdJ
-  NDbKra4syqyAAWpphWxZz4GpVgPsO68BNeHb1ObV9aywwq0tPbKO3Lyhlv3kNB/c
-  3m0vSTSqpAzonvK6m27t/wUH7aJTuZaeGRE56MPsRFK9a4ftnZqdyisUdSQJa49V
-  z/L8tG2SHqV2shecEnGddq+1Gr6xoLe0r4qAdAI8anRN3zPDJCZjfV0nm2xlzjth
-  PidS5TU5CI3Q7at7X12KlFIwdr1V8zp4XzkTLQIDAQABAoIBABgI0EI3kZfEkGbK
-  Ej1orgIsMJAxgf74SsW32Bs3iLOlK9x3lfzyFU6a7iTSyUfSCPzGD9PsNLjt9bhj
-  vG5IzxtloBEdKbVSyGP0qd4ZsXYs68DwpuZYwYshOlm1aru5pJHByFntl8OMbT+o
-  VyTDYL9D1CHujWdc3nec3n4FaOqwq2uqy1rXF3EtvJE3GmJ0wu/82WVn/tvu/dc9
-  Kv4XBgmhG0LWTyyqKKUDb7/cE7+qomLQeEIHgLn7E/43qxYhiM1kT7C50sX4wXy/
-  T1tPm8r0EzPR1rWK4EH/g0A1k0AKxagkCA4BdwLBrMbx1rSITi4xwUIFhhv2dpg4
-  +fIdjgECgYEA+5Hx6voY/DsgVkYPcmMs8lPsTih6ZTaj7ei10aBheh8Yc6o5nd+Y
-  7dnYEnwqQs+8S5inAQ6UjghSS5VHIzRYD7QrHQD39W4bPPGViMa5qwDZ25HWl/Ap
-  u+tkEKZvWOtWLsQGkn6FQh5ScwSdxU8K0VyRqcXF9e8+0FUq2Hgtm0ECgYEA86xK
-  KMerDXM4JMXVyA4xw2ylXOPMFa4gV7gCah3aKhXTcZlWJUS9hdRCAi+7Z7jtTf8B
-  vdA+pWkZGN/vNF1sJoYVbGpzWd+3ewITJTECXzI/kS+YZbWw1jq2wWBakG8/ymya
-  JDXOPIL8oggJ+mdTRKZolO0bSN71brUKA5EiWO0CgYAxT4Qp2Of42OYXwxfYBhST
-  U1voXgrPuAwd4BVzh4pT07CJS36LsX5acO7ngKsP+YQhFUT28hKwXHU1F4egIOx5
-  94jT4JK56uEv6vKyorFWEY6ieU2k7pBfo14z3UvKFCcKd6YKJP6d3S+wF+GNAVdP
-  fmOW8YtCD6kyUN9bGwNlgQKBgQDhTy+LIYSCfUUui1cvEiDlaDJG/8MXUNhLA7QH
-  1u6A94l5gqTq9PKhKjCWwPfx4kZaVi6QClvCqrkwDO+rZa64uEZa5tseAQQw0yxM
-  uVJOH7IzVuT9NtD6ZXPSvns/Df7X9y9XyACYZy2dzP0c8ilGUvBktBEEglRCN1e5
-  EJvHyQKBgAh6ITrOmsOmLYgdGrvEq6IAojdJ0ab6Fv76r8PoW8H2aSy/7u1XD2Iv
-  IViMkTwg2czlfMQ8nFIkzn5dZQwCPm0luCzX4C/bFv4MBGg2gW4sCKpXB1YmlSXm
-  XtlpL4MQsa7EbrBQvP6KI++j992WuM1Fb/LlyeSHNqqTy89Syfz8
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: apiserver
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAuvQWWgNqV6uCMfn5SfkdGq48NlB35AeKKVnHj+Gz1xeoH0W2
-  acwDHvIV7QnB4RkvRp6fsz6it6f/PhcnP8ezXXuyT+bFCCUm6e4CldVnMO0JtHaO
-  j+j70qtGPDsbncyeNq9PYuJ/kL9b2xAuoe3xs3/KcRZKRGQuI3+a7L+SZaDrO2x1
-  a3kCkOAjQEXvKySwzOUAHtSiaXh+Wx4AhcW/NjtmQfq8RLvCVAnfKG6DOiU22KdR
-  ZQ1NP5N3aw4if7Y/JUt/ekjceM6vOvj/4HTJhInKYQLzt1N+0KBOwAWGpiLiMBg+
-  GAA1hGXRTduerks0uGCcq1VP3ayxhANHZVdGKQIDAQABAoIBAGtTKu273jW8MP7t
-  yW3tBAdIFSr9IQaYSXmZn9X6tVp6qzpgs+qigvwl7+5nVpUZ9yjscTPedl1GpWII
-  urCDvXWiSGhUS7J0WZWb3IIVw6qzuYmPMiJtlvuG9cgoCp+ZUw6Dr+hNrPv0zw/A
-  h3TQe5wXdalcKYB/nnkkjVTyWWHbdxqITEPkKmXAyAe142CFfk+raKUfoRzRv3Vs
-  1kjpKoRL7wRjovdiipVDSCkPovZKUxwvQCz8ld2IZMPkJzmXcAT4G3GtVa8EZDM1
-  L+3cMYVyNO6IMcx6I+HCK/ny20aytEJ483AvW2OSqleinM8wnFzVXhKfbc4S2GzA
-  Nf5xzx0CgYEA0MvgGp05jKpTDVH+o+6hGqRse23eGvui3B1K+4mitRzuFzcPsKD8
-  9Pb6tcmL14VUNBIBdyhM5ti7STXkfggsutgvqM7xS/dZaAVdvw9oiSrUWKSNC7JG
-  qB/Tz+aMkQbg34EiM9R4uezTOH6nSNmsa5xoHe/zw2mihHrS2LfbLkMCgYEA5TgM
-  nHrdTkzCDVxaXaqkrV+YPq87muuiXi7oOwiXsnSnc1ywOC5Fh0zrlCtbhAtU8AiI
-  K2JlFHFLTtwbn+xiPOn9KyWR78AlZMUs8mxiLJDaYey1l8BFr8ABk/nnNXMt7l8K
-  5yANgQ5zd7RF6+bcH36G1fo1gE3ZbRoBVZlkkSMCgYEAxr0H9s0odge5PbiKFCeT
-  GPTgfSu6eRyDi9gmAv6i7Jk41sgGGy1hGRns0ROiE+ZIm7d3xZ+Kc0BgI/M0JfJK
-  AR69XoR7kL9DToutC6ry6Xzm2ejmh/eM4YJJ7l2X9oMBkDwt/f+DWhVdhyymteTb
-  BSK+x6AZ+iqWEluGTdnSulkCgYBqe6A4LUeTsUrQhB+itbwsomUKccNB08co86eE
-  jRhTmaeUivF+F9jK4uvpeD7aV51MqNoBNYN5fKwcZVob7+cvHxAyNBDYjK2SY5re
-  v4TX6S7aIOm3JmX5IDxbbtN+3BPxUYuyFQzQ8FKpwEBfN2743oFq9AJYqVGhQlxu
-  VIUIewKBgQDPkVEdOw18HfwSM0BPZJYsSPn61ijoFGJruO2xHtDSTtrYezrvA386
-  hAy9ezPVj6NiT9agbHdnNVlKflW4B7GbT6wgYp4Mi81j4WWmQvXuruU07IMExlYc
-  QnCkn4BoQUst+rBSR+xX+DJiVJW7CVPEto3YnHeX1EBapsPswyuQtQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAu9dXP+k6eAfX/wj7EzOUCCPrmMfW/t1db5MnHtHu8wDbqWVx
-  I6i4H3V1S4E3g1P05likijkhskXNyPJu3svDyJqj7f2Xyt/nmVWJafUoPs464grE
-  KjhCo1hYrT9vViAPpEvNyhYMqIi3ulBjClfFWD+A/rUGeKDbnEXQJ2emvwgCYtiY
-  D9QLYm9GFj4aHfrTQ8sXH3/Fkh0BqyzdH9YUVvPuwtn8SNt7O2Da0anR0O9IL3qk
-  789XEKJi09If+19bLl2wP6d+UX7y4Ld0Yd4ukBc72ZdwRypgcQZSd8ndOKxCLWyi
-  lR+tTJSTpr+T2zvPAbMjZqvvrdCk8xNUhAEFOQIDAQABAoIBAGZMxOu9rWYpf20a
-  CwNOF9THG0w9qc1r6bMWRTv3wVb+pKMA6DkvbfdUFOlmGkGfu8SnihTtQHjCo2xI
-  /DDCcIIUFitK7RxEDPHpL8lRBvYNguwQSP1lXoVvW/wejBgvpdUoo47nq0UuEEGb
-  /hRn8MY675nIJRoVIQVe0BplzN5EIteAGElvn2es0vmt1keFIgc9Fzd4hh9ZsaEv
-  as6FRM8jPn7EncrwbuiNfWVX8Nt/PRFWQSrAiH0ilnj+vCkN7k8wkv1QXScDMh2f
-  wGCgjgXQ13OrSfBEcgoMYgPYh+D5+O8YpRsR1LeFv3LNKmpHGqW4Tug7QzDE/o8v
-  VyZfwDECgYEA7N3b6UVNnHPm2E618EK9ON9BFFYTZTzMKsRi22BL1JRaboMsHLEk
-  iRNg19PmfdjzeofJQJRgKLRvjcnvjgstzHadDNI0wLkYfixZTaMavAKpdxzAi6BU
-  ca70zHPwF0YWg0M5e+u33yUUnk5dEgUChPaLPZctMOvilwAHGdCgKvsCgYEAywOw
-  dIolSIVh/nkshzt4hWOZQZ0ZbCAu8xyalR1E977emm2eO79vJol08BB1kAVLh02j
-  48pdr4nv2BUuIYhg5oA3g4LE+hP+aw8SZUlUOfV+xcROzjDRJ1ER+2mYcsPHR46j
-  ldZQFIyzPA/aMVZBhD/d341gxLI03bETeJno2lsCgYBtwAaLOV9SpKlLhHzsjB/c
-  4CTpZVCrUdZP4prjhuTb5LlaB1FDIhkJon72wepEWWfHWG85iwZbFe+yROTIbgmU
-  eUkfja5/tcPRgn8GaBKVFq6q0BmvGGTIIAaxTO7r+b+opldWQcv6itXY2/pnxQZ7
-  0TiHGysHReTBjnO71FzCTQKBgQCWy96+Mf8Pp0Pq6ccRjDMxoZGtEyxXDHDTVGPe
-  bydTfwuKWfI3HzNIxMF/sDojCEvZ7OnXwfFk+miVcOYbMloH3SVfIjt+JmvMyh03
-  7wgJJTlNXUvMDKbPNYDN5tm+JX5YwLLyEYbaPMjFzGCeVRvFSEteSn2enWB3a5iy
-  9F/qEQKBgEEh+k7wtEDVPeEo3syrq8tjavexVOsmz1zgLhUDIkNfSNWu4ZLXTLHC
-  slASf16VCVhPhZZHTzro2lIdyR+NIIaoq4aVggSYryIGLZJ9G4JomAn+54xErDUf
-  1CfiuMFlITDCky8uL6MwdhVkU0ecJ5D94eIRaJnESWLz7BqdgPAE
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAzFx6tEfd6wm8IJJhov7U8u2bkEvzfYX1GcCA/qNrYp+WqIoB
-  CQZuyvVbGcYB4OrYXFjrK8BzNiYvVQgn5UnS5C04hSkat2/cgnDHk17iFlygPYLb
-  U2cVR1sn5PQVD+yyKlOdlUgUcqv/hDRVIOtMnFxZDs0t78njkf4I2BAfh5FvZ+hw
-  1fuiBrTL49oAkRtmf8B1NeZT0r+7lc0usW6cRnLHVUdk46UxqHWZqK9vzsxcboNw
-  EWnNKVl8b32HAwaR03rWFWxARwYTT/ktM5VyeNMGfWfP7Qv5gy5tThGwsoyXFAIJ
-  JZlpJ/IK1SdkXAJa13KeVOxylyNWnT0P2xkCAwIDAQABAoIBAHNptxKhk77tnIV4
-  phN7f6BCeJyhiD3XrXiBs1gbysXEAz3j0nnaXC/bKTwBC4aOmupsfUQUR/zIy+pl
-  1MI1UxjyQP1THXeDgTFZqByedWjTntueT2dmzCmkXX98KXj44BXvawunzYSFhqSP
-  OZSBzp5vuQwW7F6D0jXdFfmQAX55reooHC+xpytDLkjjsXv98ST3Mxp37CR9JY8A
-  6s5y4GdBHjR0bO/AbEvJ0S/ZLfd6PvWux0Qq6+mjcs9sGCPOg4Fg1C+DGhlnNaJS
-  oFj9W5MV+c42TH/UIKrxOkDv9J5q1VlxNm9PblNKaRmcPJ6Set65UhGVMHEmeUGB
-  yeUXzkECgYEA44m4LSKxerHnCWPTtEdOiupIdMaTcaV0Guh5c++pSJzAXYPVjOnA
-  oYgVlFHo/SUfqErPsBuRuZhgoi+IJpvhGNWBCO0HyxxbF7vAoRP5FEewb4trr050
-  QrsVwTdEF+UvAuQtVybkvXSxnJ094jQ2aPgRPpPry+W60Llj+sd5FCsCgYEA5eyW
-  wN2pjmk7slCI7HsNCWE7TOv4EDYjzRTBeIb3qRU6FK1EIO6YbISY0FiAd1yQ6NE+
-  TFIgAmGjhnudkMPW0imhrBDohwIZdmiWtNLoK7mMhO7UhIJeRkSAHBi5ePEBCQyQ
-  1Gig7tsrbcaNaw/fBl2C9LgSQsW5IIwKXGGpJYkCgYAeK7rCMWF7NW+/LP97XiEq
-  BlrJMTOH1DqK/txr5RF7UV2oiLyeTLiAMr05x4qvVmbWN+VGIsG17GCT4N2a0PyO
-  AHF1r4hjBEWH5htqwG08pSzd/Yyv2CVOW+RMlHlw+bC8H2lrrvqRrJGIhMkZ33Z/
-  gLU4qQCRLssQtiRtsll5tQKBgQDMqvffIvHmBSLQrgPUjgyixtyksoCU3byst8co
-  5OvcpTqYYUv+DKW+I6JsA/wHRGzx8iEEiy5XMFcCRVOTI+E8Hzb9FegHFgVYc+2D
-  dSKamYbOZlLiybHl1uA7In8ne1Eynu7lRWXMeWiFRXNpVC1xWxhRgvEuYxdSM5ad
-  eYm6EQKBgGNUKKRlnR3wtbtVyrYhQHsgthXK1kH59B2IoMhbdd8RT0Oqv33Ykfom
-  vim0bsHLoxaTJVN0V8vj7OLv2FD7MoUfTb5R58fnRq8spPyAnHcFTvnqwE44UKRu
-  4FYt3jp6TqdORkb6E/IITG7Yp6xyck4gkrWgW9jQK5Ibheg235nP
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAxLFuHbk7jwcIfi5S5OTiilwJHeKWuAGGcv2o4GKhA9tK2698
-  ZXnHR/ObTpyxrOX7quGXtfsNF31nYKP9t7cytzOgTsEKbOH7V+fV6Qhr+qGDFq+f
-  cp42HNYpGli6nE+3bkCYYl7yqVx6NQ7LlVlKvaAK0YfQ/EMMLRR89yCdxAxTYUni
-  sRSJltwHpBpP8EZ3L/wOVSArm5iStKp6yJSMCCuuBksr6jjGr8Snv79Edg+u+p9F
-  D1B3wCCorcx+Is/t3IbM17d/nJjqw/hij9Fbs614oLVLWNSwvvn7atke4QbA/ME+
-  YP2liD5pmdm+cCxgIzPOniLjtP5cAyX3D35qTwIDAQABAoIBAHiMXfatngkMwHHF
-  JlzOwuEVgyjjxIfFt4cmW6gaCqD4d6qopM70keRRMzA87NAQq+uRE5Ae62koHIGo
-  QEmmZ9jMNUXPHfqZjZfUqM+Hr9YNwu/WdxyiRnvp7YsOMmC2oq9Zu4sesg6GdQer
-  p65C6YHKYpcEbFsPJJlEY0p6nPaXm1f1IdWuoIwqPr+X34iU4uO3HB8vi38+EPjo
-  1A+FwgrVvqLglCOIApMijLcTSxKrLKZHXv/rM2a16oVnCuTAru86lft0LAr9afkP
-  yAhXQjCTth/UxpG7sP+69+q6K5RcnB8FVitk4eH96n9nbepJUtBKKm6F6m5SJjJ3
-  XAk54dECgYEAzw0a8mTjFlJAQPjAjOk94kLIYhqno5cS/tx48JZvBCYNyWceEdvO
-  5r1Jk1rQP3USwfnOg7yQkduGavNS+xlBZHszqLdS0qNNthf9eymD5lKOPvnSa714
-  MP8NZmTWm3RN13ejXACOLD8iwsNyRBB6rSeY0jeCQkhV1NnRNLdDkA0CgYEA8zFx
-  ySip/4TwJK4jZqi6UWN7cKJChHtQliH83NVFu5Tr9Aqz9amiUXpyaZ+vXA3V4sIM
-  cRJwb9r7mHq3aO69VU8PrP3sk2IKR1Sc8CSyoPz+f7nCShFB8TCYkXgOvGNaG+LZ
-  gFJER0kvjz85XQTgO1dNQySVIGjX3g30AWab8MsCgYBUq1dJqFf02M3Nw+t5tCfK
-  TuUCuUO0ciMidaY/PEVJvQYGRlTVmL2TPfTIfWqLiKSTDkSVOpckDlF5iud0J2/G
-  V1tYsx77ZCxzOnw90UxO85OXzTFvPZvY7XPdW38nMvhiFFqJVPDOx0K/wo0HqHWC
-  OZ8U1/48fLgcwrX6iLboQQKBgFgt3nc08mb++eAi8B0iIuSt8K1HeFz3JaI6Uqh0
-  AGPivKdxVg1GY9+tSVz5FKmJLruY5s/9Ap3cRgvkuyomHqqXDzUHoUdTbiytBnag
-  p9Bty43eeg9HMKTWnQtp/9XZJGwmFf1MVwuOAtuq7g7HXNLHdfFZi2UD/vm6D3aO
-  kQ5/AoGATAcH1KOpUVPTcDU2NFcDAY4iQp/bb7UqEiL5jQNXRAzX/cBINQ+CE9MX
-  /tnj0oR1u+njTZPXe+FYgkjRQOeossC2nY8p6zPvccCyZp8g9HM2tK4UdlF0spbw
-  SNcmdx781iNauZdUwWUFPk+ieTiqzvQhDjwbvabImKhDPd4DrrM=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAvU7PJjD5H2MY43qepZ9OxDY/2IlDUTeaKQAFEZKe0Gz6NK00
-  P2hD8qZohaswKWX876ISqxcjE7X9vecMWwlsdHq2D+AJExLDLyKgQY+vlC/GVdnd
-  oHDYFZj2svPmGTef2yFxhREvss6+v1wLEMJmQ7lbX9cWngCbe1IxWQKXPRPOEz0h
-  f8VoksOSGt1oFKw3UN0J8zeKB451tAPnAjGnM2Pq8gWW54HrRH9tmJZnrYgWihKY
-  +oG1nAbDp3bUXvdacgQmf2n2sQ3UcXya2oLXqLNynSJXroPbNFxdw3M+ynUHuGnX
-  utKtz+Fu6Vxffb4WB4kCccek3INuEINZBdV6dwIDAQABAoIBAQCcRvDvIEKoTJCB
-  Sfqp00ec5wPx5+6wn2weKKwGg7mjajNrRQj6x0JAkGt83YNWyaDy2iL7JpCIdxbP
-  rGsgxDjKN3sQw+v52OVUhgsx1EIn3QCoYsB48G8R9ULDHGF5s9e9eHBUX4m23MHP
-  C1b/MNxnUB9EkTVUnj+8oG+ogWEEw2WRVyQl1sUoYgQ0z5lgBGHVoY/iHLUHIyG8
-  NJ1scRAKULxPYWxGp8kqWKDaHirvTZaqYNsNkujjdQx58wf5uQflmi2AtyP/LV/U
-  aqHntVhynIDpRQq/fSUNwLFXUdVUN7VlO5zotMYE2qmcN1/t571kZf7iv+aptWlm
-  anOtamqBAoGBAMfVSzB5wa6lhZUBCyt9iKfwXTSXBH5BRLw0yAtvJlbzfI0GRYCv
-  rhiGdH5m5WePVyzzxefDq0e/qwQ/wA/ZOFZUz7toM9oEcICyRrbWLFx1fr2Q86Az
-  lCj2DpOu2CpIi43Nuo8mqbR9LAZ1DuMtveiY2p7lQ2l97nrFUbMVeYuhAoGBAPKE
-  LjyOrwDcRx5GvvLv3IINWHK90E6KgXEyvOLif5JT1Jj7kyLjtIS5SJMZqJKnqCxG
-  /MPr9jSro9nocLMRZ8EDnWSTUtI7Z4f/GN1CIRY7pwLKzHS9iD88xZ8w/bTswE+2
-  zOnT3txp3ONTWu7EzVU1DP2OW7O6vPKh0KVTC48XAoGBALG7mmleEY609y+EwxuG
-  RnIfzbZFjyCACpNeWoIY9L+nRiLj7hM7rZtwktIN0IGgMsfvdRjipkdlSMS5sqgl
-  6f6W5j/nuR5yjmFYrp5VtRTzB6uw7Y6R8XfRCTv+6ZIJ/d08mm5R0+SM5AhGOtyB
-  xYPH18I1ZRTBhcc6EqU2N2mhAoGBAJBffkMQ0kAZ4sC0byKjBsvpc/lC5MqNDAg+
-  o1IScs3C2DKGug4wLpxAzWK9CKzd4HEThZCBXZ33fGDSTp1bxD+UjlN8nPaI5NaC
-  V+QIZTgeJQu1fUgWOREkdaWSfccClm4eLhkZx3fCEfzG98BjKrYKEgS0hgUWKzvq
-  dxKkwKHbAoGAbYLffwmj6GKoChkyraObCK96GTYccMs6OO5RO6hctkbSD7TYHOl3
-  Mvy0/3V9gVkPCo3mTDJzxI2wtm7W5Ib9pnW4FCJ5mfxJuQ4xJ65VVWPDkevngwFs
-  iSyvDY5lzMabXa36CoKufRx2kveKd8DPWGb/NCzxR2535A4ibFDb86o=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA2ELPFVG9c6Kbm1mPdvdaO/Ci+iT5MYHRmX2b+V0FzYEZ1/fI
-  RbhVuVvrblRi5WwBPJIgtLarIKu4Yyc7nU7duhx7pB3ugef4JrHKYOnv2UUWKiIx
-  wkbZvP0vr1GihdFaC7FP87hMQz8znzUSJUM4aEdKJTsocSnXDpDkIQ0QzRWpIr0c
-  YhsQJFa5gwKz7GPH5MUq+Bi0pAMbx9a1S97rzFMgQeujxODP3bSS0k3sGhdsTKXz
-  bdSHwSJAbTQBvhgaBVUXuapfLH7jgvpKHvxAvzn48qxpjtWWWi1exW3ux99ioJf7
-  FkqL7TUC+dgWChfBIbORTWWsg5kD58uUtOk6pQIDAQABAoIBAQDA/m48AmRl67me
-  W8CyVHAMieWIArL4QXhB2Fz3ntJs4Uek+pWZ0rV949Ao99oCD+7SlT3myBXT5Ct7
-  ISoMarNpQb39alDNUaydK5EGB/9qEEOFelqZnAz4oaKKfPnjHj+Tq7tELzav1JlG
-  /V+iLWkLdoNu0mp3AvXPI/LSpAxYV9XFxG23Ij+MZg2WGQC6g1ZCKnrLmPf6KvDR
-  h2jyL1Fplu3bH6gkqVABAlVkwUCDNoCBD/uE3AuykrpMiwEhNo4ZY7yyvV1abyUx
-  b5kGqnWwFSrjwjGTn8m5rgkXDbXkRQE9hYJKhq1Zy7f40jq6Q3UJXQAReZz1G2I4
-  a4xybkjJAoGBAN+jW3EelZea39nTZ2ZHw70sx1Dz92hB4DklXhJeg8wjcdV8wGY4
-  bLWjfUcC8fifDlbBYz/OPQrKljafAV/FaK307jGPPL3hOpKCQdu/7ea9VnUXh8DN
-  KwBxBMY3wHdMtWdvqBuq7QKer3pjtRl5LqdI6bGpHyNbKxwS+PzMVGZXAoGBAPeO
-  KqInC0R9f8JnA5SAfwR85bZFs0bsqwAiZVTOYd/8dsXjtK9g51Ke6hl8ZHsd3Bjv
-  DEPqbMGcbdmSpVLFXE2/l6RrW6y6WN0+OWV+TVqwFd+4CLN7MpOg1QiM4KGN1TUW
-  31P7WcpC1H0tZnCeZmdBxOdX5XDRaSetQ2WJaTFjAoGBAJMcm59q9g63k39v4HnY
-  xXshBLBM/Df59azB1wMQZ3SW8F/2Y34aqfBGbreSyWe6Aa2yIz6qxV7e6zddG4NL
-  kdO05id1yQhDK8uKohYTSETb0g7Ofr+mdx4gOnrF2/beYAp92cDxjF2H03kYM95g
-  5/6lKQ10agZRB6e9F0r8gpybAoGAcrPesS9iGyQDNHJCyGYZdFzimugEv1IdkXxe
-  c0MFOqFh7yMorzI5PKEBWzm13Q3i03K/viA6sCLpCyzViVqFAElL3BUabxgQ4MJa
-  GdrBwMlh+TzuWys0Lg8RZlrQIkrzhRvJ8sG9wufgSPfmRTw/uoxQzdh+KR3+mTHA
-  zqUypn0CgYEAoqClS/TJabzTnc7IsFfjjTBNgnUDOLgXSIo67erocVBtcFczaX8i
-  COR/YBImr2KOhb8jQ9ucaLBXucOBJyPrahAjeVh31Q/wM41XsoytgBERG5ppU2QV
-  2l5I64XvRuecEEKPDsmFFSa871xJNebfu1spt5D6TWyXvL7fJYxGfnY=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-17
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAveJOaETPs8E4ZLPvLfs/qdDk8aSRHVqY4ewYf2nWOo13Dwjc
-  X9I4u0xC9sShRxgJsDBmjNTPkOyjPDoof1xz/1xT5cq8wkSJNhfVIr3wBWqIfKwT
-  Gb309lW15B9zocr3kJ0VkL50jVCJU0SQz3IV/h4roo7fkIeIg+dAyPMobaYEYIf+
-  xbHjIHYemCj8IKV1Bwttb8swqVg1QkNOydwJaQ0rBc+t7H1sZCm4k92y31NIO20e
-  NqdV6eUJQbJjoXJzvkQb2O5cOdJH7ryas0pjaBYBMIqYUWyl1nZmwmQtqe5TILpV
-  TgXs/6u/zJ41Da9yeELYtd0no6+gKKwLse6d3QIDAQABAoIBAD2om+9N0Og86PQC
-  Xbtfp6eb9ovk9V5DyfsqsDXHh1ISF8QhC3ZuDA/9zozVAs3UJ2k3/kTi4dfcj5EC
-  DZ51xhD4ySGIOM0YdjnDeWlDpgoMMu/Q7I7iWQYYhOzjraevAb7K03Lh9XTh3wXT
-  8PX7xNp0r5SkskH7UMAMOsRF+S3JOEtJ8f2jDGs8Clw6NmXxELbyEw5fE3U/kb+R
-  IwgR7Yk1rtsS8VRU7XeFha+RGiiY8HXpOO+Q+2EyEK628gDma+2TqKdiM+U9hFnd
-  8lPIsJeDnwc83LoIwwGjPlQwdkj4rHH03sNXWmtPn6+CoJK0x7WqG0/uhTA12pDW
-  i7PtVWECgYEA8LOH2n+rleKklnGWknPx+Sfz6j6+aY0m4Q1sRF0g/un2u0LXU4J7
-  zLc0R5pj7vBejuERu1IKUjKsrHgLtWzNTeM6J72i4SErqmTzSFZAHpsqOTh11JEm
-  YGFjWG+4+0PC4YZQfmTBA4M83ViXqJFGAphyJymCBbsAfknwsPGAmBkCgYEAyfPs
-  dULfVmR84pLCKZRcHiAW/sPwz6vWNJdZ3dEa+BPdsU0hqFysr4+qwnYammxWnpbP
-  H8JFI7xymUlosiEOUu4iepup2VeYp28Ty0mNVngolXJi7s5Rr9RYW71ZVJHZbv9K
-  A0YD62QJamvRVEe00il8c3/lOtNFZUZsxW+K/GUCgYAwdzXHnSVjjLsvP7fdzVLP
-  pGfMps2YWz+U2SsPqODX8ywnEJJi0kczNUBlmoS8u9GOW2tCmIZTfrieEZ3p7fp4
-  0GQJVHnTcuZj7Oe/jP5kK0IZO3EeWAuuJG3ohLZugXpgBrd2e7sRhf9fYlNHMdky
-  9Jcno4f2t2ymASVhu371IQKBgQCTa1vQvWAK0I/ZVQgnEgWseABROPcwoV9cRJ91
-  LI9jSB0ssAFBxWTJQzaDfXMuBqe0XKIVrNqLm6SMAOpMHZU3NF424iq6XRcyIgNx
-  AeAKnuwBK97MNA+tKnTVgwMSmOUAAZsliJaT3hKBfPLxcuasA1y1c0cCCfc+VopQ
-  FXx/gQKBgQCtsAaX+5MEe2KvELiVol+soyi57IdfW24yzQw3vAnhPYgw99q8lVH7
-  QpqrwNPnvS62LZisI5ELqkRjKqinpMszuXRzBHPytoM3lWwML+Jtvfz41POIAK+z
-  PEI2NsZUVp10ZwZ/KuhcAeaJed43EPvyTyKJmtL8RFWJYtm6HbIkKw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubelet-cab23-r720-19
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEArdA3hVMLYwQ8kDRRZMNdCkue2f0015NnmPOqTSa5m/5NceHp
-  TEojrzN4MxwlugfrjKSUmt5NokUP0fY9fFAwI86MWd+xT1dg1DugEDORS7T/DmFH
-  QGZ5ZhNLJ+Xz/hAQd8xoUe1mCC6Z4EYjB37i+Ov0Ek28POk8hAH6sDEWdwP6op8i
-  DZwhEqgrdMikPSeEikxnZ5tQdPnPT17mYAyYIqLYYyDb7tFlokGc/BfDHX+ifDL2
-  +tpnsDINk4AOdWkyU1UG5Zh8Z9m8rVo9C3O8R5vI5T/8lr1YMG6TfFCtnOQlOeac
-  wsA58rMbmP0hZSZW8Z3A184g4nB6CVmwXjVHmQIDAQABAoIBAGqW69VpDeyU5ocQ
-  bnG6lM4BfdL0wnkJPli/5MoXW2/cTaXvAmD0flms2KOPOVuSC9NeAnvOpBFFBOSf
-  eylHC56Jxew/j762OP0t64TD+vBQeLFa2pUVwpDkeAxpqm09cLvmsHq9ePq/iUHO
-  ASFRoONB35Vx8mPwLFpP1GpEUCB/XucIwwata2F5FLsrcC0dpUlkkAj3TlzgrSmq
-  qOAp2DEkvdG39Pt2jlwez/k78/tk5ZM63VCM0CQO0GMkcntLvL2tRa7TpRqJ1EMh
-  R5ZOJA+02+88BbYl6yZzzurEbKobkkqMWmYlLa+EjbWhxg/hV2kt8APFfWtcoj8b
-  ntfLUwECgYEA4UVzfuN/watxmCaG9GD/5dpust+h1HynLHfiOTx8SN8C6IckpqTS
-  7Pp50i7yb9lvfNMKd7WdD/6to58LkNNyT9h4A2awFE3Q5y7Ly/GbnR1bz//NnipM
-  E6VxdKCtgs4EvWAE5I2+HtLUlfNsUq4NdJMSzF0FsK5dfvegbb6pG8kCgYEAxYXW
-  SEwcFExXuOX4Vk+DD7SBEToGnDZlTJfd/WR3gOqYY5g5q/YH8Bi1Yg6WycKPgqU+
-  jvggbqg8n8EIfN60crHViibHxL35GHj0NocF+0dkWIStiakL6rblSfo6pLI1E4CP
-  ogzHlPKhOX0ox13i6Vwm5DaQ8AAiicQQie4MFVECgYEA1GirLXMPzKp+kquJRraL
-  s8zR4mHRcs0SyHBF5BgvTHrTgDOlkGgL5p2K7m+L84D/iaBo11Vswl8ulQBrZGSr
-  /bOr/fD+iDaTitjqGuQ3Cd9b6fVWiRNy5ndyUjkLQjJF79aw5lzsbp33C2kas58g
-  WtIuwHnZ2q2exRByueg0BlkCgYBFZG+TlqmGuAtZefF04Ro6Oj/dvXT1DGcqMXBb
-  xR/2unQvCRu5vgWr5AJVIKr41tF0JHmF4MYEGjayKS7CL7tVUASlNFqaU+NfJZ8m
-  SOlhDgPC1VniMvFs1DRZeP+BPNpIr7HGTJcRTOw3NjFNWT6OnUFMi57/sgxwOeFV
-  k7vLAQKBgQCzefkNjxN/NOBNeAVgPO9xbgNHiCsV8F3EpaII2jh3UYDaca2QlcQe
-  MDM2/Z+zO+luZWlemlYLk9Z6aSKpuTC9LOdarrzWrVn/WPs+SsUFffQolQMSTet4
-  DFsv8tZ7J6u6p0QNVnp0Wio5INnOYLErTpsjo9ELAPh87gKJP7ePMA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: scheduler
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAwl47DPZVsFP70E55VqXnP8SXzINwYpA5tbemj3l1OLb4x+Mk
-  F7llLY29VIcRwtGMSmiLU5z8S9eUcTxe54eEHRekYQ5s2iuTHWhAvV0zFeYrgaFE
-  xnk9d9HSk5sHAQw7euQxtkO+5GCzJEcggB9hpTO6vDBytsqFSuYGY4StscnUuK/A
-  dumdVmtwQkcZqpCer9LqCrQf/euDj51TB4Q3ZFCg7wN+M8VuNWUq50FMloDqVvmp
-  2jtWEqIl2PbKYmtZMg+epmKTumsKPELMUMavCLRAvbRdC3Pnrvro1ayzKYUE3j/y
-  TZXEjMcarNtQdPvRBxzt4oNGuCj8bM/U6TSTPQIDAQABAoIBACtEiMao64hWGb9U
-  SMSWJ/VVESmwtMrsKjyehlB4DDU03gq5MKarWa+bVuNDMhv5Q86omSNi1fMYKW5P
-  rxzBWRKU2b3VVTv36Ubpl0fQQHgGhfbUbJf2E03iAotjPlroWzFPLRXS3OK/+AEC
-  aGS9F6KL8mzEKDUyvhtfO1raBUSHMqjeMwZXH0ZDtCVdeobF00/QpWl4JLpHiTd7
-  YgmjIMCk1n6bZsPDCiDzTmpYsSBI3x/dxPwg0w9qG7yBIdJkIzjszJtl69TZYIVQ
-  MYltqlhMbnyqkn4Moq3iAkiDGs7M8UWkdWU89c8LVkyKTkQXDib8/NnNGUbK8g23
-  AIq/Eq0CgYEAydSkgs2nSa9xF37Pq0ViWiZd7KoyyhCDoOT+NDm25DPGSoW8sxSG
-  LQmVmlGnKOV2QYUb5VAT4B3QvC64OW96uFuFNSKWv+9/j86z10Lwe0i4IvOZb4vu
-  WNQG5OXLkjL9dBRIS7/u83E1/b8bFW7PMMXdtRoQYd6QTP8PCK8/rScCgYEA9oja
-  KZhOP426PRcIvmPFUJkuJYqFiyixrm1nzTU01KQq9vH5HzBpdUmLzr5c7PGiR6oA
-  E11b2qyx6ZNG7j1cBorFNFMyr8EScdXLnxh8B5nkqL8DnzU9tLawI4xlYN9fDBWw
-  frVWd1Wy9L9GS+7UnwaZ0nwnPtXWXggv+VhogvsCgYEAiTnSDLllB32IqA/phKqt
-  P1wcuj/SPn7R8EAh8kJXbnshVCPv89Z9j/uXQxBHVlAFgnDNUbGLgfLjrD8btLlu
-  OBDJ1iHJW4CsO4uvzSlPNpNv1xvHdAcxLCYk9daj/ag7mYP8z7wU7GJJ8lfQQ1dO
-  +fteTbcF8nUPqbo1b5Mv+TsCgYEA6qHiqDW5OwlDF8MlYjYIY6X14mrMoF2xhWXA
-  pfAegMZh0bcHtyRXKfY+JhzMygFKxlPIUKXItv0nMjsmBbXGML+/4gXQtq7VRBwK
-  +DbQTFet5OAurUZ5nNVGG/8RuTm99v1phZ5GVbrtX7vvRnNeTp90pHveyhGwPLwk
-  FHaMuSMCgYEAwp8JVVI1wLceG8IaAPVOlRe+rImvByqcD4MKkAEO6CGZvOPzikTi
-  TZl5G6/VyhXem+KX+W39wk3gNWG8P8wJrRQVupM79SczYR/MDttkK+cfbYVqbVRI
-  I4VeyTFBygYABeY5kz8/mV344s8fqzsBid5Jjb6YI7SGwqRaISVlLN8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: controller-manager
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAzlWVrjnSnTNnBDOalL/BGNWinKEeEu5L9kxIO9mfLQNnp8hV
-  Nn2W8GbWNLRTNOTR9Yor6zkx5cSeQaht582kvAmKT4/M/lFpvfpbs10pQbz/LGEf
-  jQW7nIEknyzTYt+4eizmUMYS6il3VNAc4oYGOn34iYWTXYn76/M6xU4SZEQRmbCF
-  Vo9swa/m5Ke1/kbpeCd/q6v2kip24TOt0z7e0PkGLhDY/fHnqwzSZ9bC24W9dNaa
-  To02EhvR2heHF/ZaCX2W+PF2RgIi1QYyRTqix0Pfwrp/qsYsDu31N9dNGXj3tV8B
-  QtvHPnC0rVu2J9kQO0QGGsgLVLLJChilI1jHQwIDAQABAoIBAAGJUZwCgjb5cwLs
-  /3GsG9v7e0J/UKIDdD1ZRBBuBmlnZRYyv6+wL7eKjH3H+fai3Y1eggU2X9C+Lg9/
-  GZJoTZm42HbPM0+Re6AWhShIwU3kAmJqNrnuGP+JVqR4yPorgEwomW5wiyODO4g+
-  JHjrVpCI75jWjcpchKu1G/LsKeblN24+px80EpuFesVaofIBTjt+MlMwuCcY+rXy
-  i8o6W00aRph4YYCWymSkfh4lQBL/EVidKLzo2MhZ3CwCMnL0TCxvb3UTfbfnbz4d
-  4nB+OVfH3GJthpLLCn4Vybq+aJeHoTar62fSRBOoERF9nHdOhbzEVfVhmtUhTv5+
-  CKxIkkECgYEA9VHl7fc8h/Ao+STekAbrUXwzPL02G1LdRRyxeHA2cCmOYgHJe/hY
-  Zx5MzYHG/FSaPlctwBXK/mvXQNeHq5gGH6IS8tGa1Pbc2CchSLh9GL7GA+KSK+tE
-  2c910d//o7zcOauRSwQXrC5Y0TFzRQ3EJGtkbRnhq3U6TYkC7yxLvi0CgYEA11Ew
-  sa1iuxBupOsdc0Vj3M+p3XuNSHVD2jMP/FM35HIhW2NfgkiX8A9u1VnNj9cblEQ2
-  1PCVQ5x88qcW9iypV2WF+esJn4cyVFt3gXubAJaMdfQjmuzSe5/Ywoohc+LKhCzh
-  mxo3kakyyXyZxqcz2UywAQVTYIldI3pAHarbcS8CgYEA1GjSJmZhEe7++yJSVvC2
-  xfo9PwUxmRz5m8LJY1f9usYwk2mqtF2G5dpVc8c/rPHwD7RaV6xG9F4Zpfo4bXoX
-  K0KhF4AniOgqtjnDVvzuzAM63thJ6h8uoU1BXbSO245GPOTxy7tCaAJFQvSHMy5F
-  O6eE7/Zt8JBzJ/lPAhofhw0CgYEAjzfp88UojtT3Q6tAA5R8QDvA+RldeHzHjTO5
-  xlR0MPfZSDhpJveyWHNrfW4mVS73oT9eWXVNU5ObaKvLkiNS4FcfLoUv+XSr/YB5
-  lR7qkxGQjETACiTMPH6uZ3gJmFOZ8SEJT2m43KJ2rZ67im9dBYUE7SjltKip0xdV
-  3mXvYPECgYEAu9ZP2pvwe8wpE9J8948hD3HuaMoaZkQ2/eNWlo1Lr9faAVomCm7/
-  EToupvUI9aAg9ZE9Oe5ZJq9IM0euUyAxcNgKAsjWxdYVxdnGmX6zO9oGlFYkuhEC
-  g1vMI1+pZUPg6u/KVxwjq0T2kUxlY5acYbg1pyrFVZ/26R4pElUF1ts=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: admin
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAz3nmXK4+ehS731zGx3qfpIZbed1SpZTn3eGKRV7gXzzSku7F
-  pfkVEkfN+iLipaqFvOrqui02JO0Dyv5vgRVzog3KIbyoFD2tUSlN7i9YGZhPJnwP
-  0VZgq79K9ptjqHE8+q0uBo/KiqnH87mVTEJkZ6sYr3KXBSHJt1FZokUoxIYP7PNf
-  ybOOQ+tDO6AYiU1NRSLcQc7pQPqXgOuDcCMOdnKeat7O9OVWcQGyNkVD3d5ws9HD
-  DUUozmHje2mBdTgEqyV8ZeHiuAM8dEmVTt+4a7xT9tjhelhfAIhwZGW32WhzVoId
-  AwQ7c/pTREPP9A7zfXBFupdlSI0vnwoXLMsRGwIDAQABAoIBAQCxt8AcOWDo36PC
-  A01+B0qB+liW/X7SuMcYJx5yp39X9NiG5aJFtiNXgkwsa/9qWrOuDCe+DAYqAR/T
-  nLhUgNSIxnkTBu+OTvqL3+6SDNnRKsb5tyExdmTeGMCUlqv51+2c6ATZuAeNWTse
-  SSRaqzAoIMXHW0eDLNsFfNhjiAwQsR4WVxro3Gt88u07jY9kyHJ9TQ2hfZDweUUS
-  JW0dDNaaWfRMsBWMLpMm3I9VOXm8/SROSAj2OdFg7dlCU2bkCToMUb8VGpNAijx/
-  4J5RLCIZgNmxeoPi/dy0eN84i51jcceZqae+WF5BbrtC71oGDqa7ZQarr3bKcDyG
-  GinTzuc5AoGBAN5qMQIXccU3Mxj1MVWoTRFaDEu6mS8zo0NT9ieAhrPPqCPxHEQB
-  sCxJXvm713y3PYJr40GNyLXbq5PM/Vb1fJ8UPZTGUnG/gqoSlVmNg6UOPujpKbKO
-  TUahko7JcmvR/xbgpZsB30CV530FkZPj8KyNqrYsQnYayt0SMLLe35GFAoGBAO7O
-  OxpF2UMnYs9IJfTtJB4auhGhrUI3k9F+m5tzA+WMJIlI0mgpvlA2fosIE4jtrQqh
-  WRG1+lLNy7Pf0P4dy4oxOfcNJlf4hKva1VznpnT+P7UqXhKXYOOUZ3vN7i9q43nX
-  GCUs8gL41Cly1xPGkS7oh/cBz5lQVuj0np6NiEofAoGBANnUcy8zOvAGQfs9mRXl
-  gaVu5f/9Py4lis7UGo9Rp5vP00NwT1ijtqGJMoWwXTn+VTW46Jg5fsvt2zskVzKl
-  t2ot7qoZGoHhKN3c2X0dxkMPkrmWMop4KGL2t4006uWChC0p08feq4Kbzl5557xK
-  UFsPXJSTAHyffPPLbvqgoaHpAoGANEvVhZtmSN6HNP2H0mtcTXts5A+T8bxaEra3
-  PQOjBtH57laUPVtm4goNDEVogcQK8RkEeGxxtVB8G5gYHI5J1KmTGBc5Hmq+IyR5
-  NS9FtLk5GmN81nVwMmZ9gw9F6fxudHA2SW3eUehMDgeoMhx6Dtu9aspqvBhr7/gi
-  BHbaMeECgYEAxC9bPwaZamG79d3zTPG8l51nQY7dW6Jn7WkLkiSMy29VGF29nSgh
-  kTTlQqWjjPBeIpUC4YTL2dB7PvkOFofGHwPox2xUTmi7U3SmsSRN1aBJRgQb+by3
-  9raGql1VFeUuHsZ5x2YA5b+an590U3OxDzkGDBOU2RdWy9ZLRC7Iox8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: armada
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA2RPKuABAbQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4a
-  KSftWM6U8+LMDHyT0p48BwCgdlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+
-  f/OtmgbLtVXX1bkLfcM85YPTVTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4
-  wo+pALsfes6Mm6ygM/n/+z1NUxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZk
-  zYqGNAZr/BZS8mgEGapcp4tF64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceH
-  lF2xYlK/tg0134IZMJ2CRl4XP439p+yN3H/bNQIDAQABAoIBAEcnj6lkm7mirkGC
-  XYx4sioaKx6zJeN9c9+xW1AH7aAvkEip4NVguxIDFRwkWVI2e5XsPCznbbGbVIM7
-  zYzOE7aSP84JlT8gtwjNYo2IuA5oogwZ9somK99zHs7fxpHNyBB/MLTi0yD7fXoM
-  sxQ8XhcjFOrMg4EJNUsu27+/C5S+5SE5uffKE0H6VmeeyqteHZmPAimidQS2jwq/
-  tHqDQ63QTMhZvac2b0szS4dDcr2/tmUSvlph6gaCmqy86QYwpuAPGmF6hADoQXAq
-  Y2aTIM+MiELXwrmQBaVRZ7JWyCIj2JEOltVoZMeNSDSWrJ2WYljxFC6iROFV9Vqj
-  PADko4ECgYEA7iF3LPLI0s7PeK2auhB5hH2azSJZ8qAtMgA/y6fjRt9+BPE3TcX6
-  DxoaI0sbqpmkDDVXQgAIGxZAHIkM517PI4glxwxkZRnC8lBY4ijR5LP3cwYMIRym
-  mky2bV0DbnFNvzU+CXHonD1Psaw7zJYfadgFDaRVc9zQWDPXpd6avMUCgYEA6V3i
-  7u5Cf5T6o3cfuhyyQCiHbv8QCPt97CIIUrubzVxgjFqr2G1CwzIOu9hQbSCHWqwL
-  rrHDeunC9aCQg34gboneE1KvpLGDjnOBCXBUGLTMnEbFHncw+TlGoBJUb56G0dHq
-  /5/PH/dABl2JOlSrvJT5QWrUO7aByogqqK/5a7ECgYAo/We3O/9nkiPSYQe+OXHB
-  ZaGM5/nVss60yagxlS+hFn1pul/LqmV1zgdrxdT4U8QSOehQOxMqHnVgtBKdjQtY
-  0Wm3TqHFaV7OORhjraUbmgLhMMxLstPWwZexUY5yp1w7qp2IIKxqoH8kVUJh4AF+
-  RanxBDWVYRAX7qyTJ7M5BQKBgF3T/+AtL9N4JOYAiWMdEpY1NW7tYpcZ9uEwNcR9
-  5gDFuZP1CM717zfoMoBYUs3tnD5amj/c/Um4H0j/C9uypHuNNxrxzekb7lciHamb
-  3lQorXPQCIVdSvWJj9ngRM60IGTQT/oDWRXzJWzpwrkPPhWOmEEzIK35jWnPIce9
-  KT2hAoGBAOgmzSvdvzdMcXeUGn0+AaT219vR1RBfpyk0/jkYVemWQosLSEQqbxgw
-  1Th1Z0JO6277uIbi/BBqgWLhRjjQUIavKHnpoNzUa6pIRh9lNywX7vEbRnRTXpsV
-  t1XJYhUX/5XzT+6ANUCjYcNUeQi1OpUmg6UD724jcF+2naRBDLHF
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: apiserver-etcd
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtMEFupWKyrzQnR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoF
-  z/WY9OI/oMvvsr4am56CN+m1sSPOFrJji0+fkMuO94/QkLZEioBgzJb1icI58QIY
-  W8jWvoUYoxJPVNWE2tEm4081Bs4rG7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv0
-  7sVXLyIHelVEAlTu6Q6OH4rV0mzvHY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZc
-  MzjylQN2Svgt0TcgvzhTQOenfOkDe7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4
-  sJP/T0KZ7MHs0gm7jQBL5+O0AZoWPZgjq03OJwIDAQABAoIBAQCGqsSU5bNZJuGa
-  HbplevFToB4hlMZs8rwaStMCU4WhyAPpDudDr+w8jo/vQeGc3wu945OLCsGGb3Gs
-  8U0+zpzIaRBkGy69kj5wngMAinv3HdDDYdc6EuEDYvAfFpYqU0Y/LNJ3SlzsbBAr
-  /+nsyXukfMCR9JkWgDoq+68Ja/oCBxtw0rLxrLla5qaYCzNd9W07/je5nknaKkmU
-  h3UM6eUQBOUDEzX1bqYIUb2XMgdrmBGeZ2D0R/t6huc7qjfm1KXktQbrkWCUisXj
-  00AtKHhIDOIemdb6rt4DBc6mZFcncTOq94+0IoYBm5T6bomngg+bgbwYxprrvVeF
-  2SL9T6uZAoGBAMV+M2MV9Babhb43TsFSTfLe05xMAl/VkA0ODRJvAOayX0beWhyp
-  UQBbij+pDzIkt4ylPr4jTGv3yQLeORhZSKUnUc4pYfho2iaRP9/IoV5ChF99xJ2N
-  VUG8GSeYAsWWlBBzMBkpXy/CcX35HyytYhhq0XieyudlZC7XgVY5rKSLAoGBAOpN
-  V+JqB38F0EHoUT341SoeVbTV2FtEXGOQS4T3KzgVhNtJwiovHFfhTIwmC+R3ZP+K
-  d4bDm22o+dOwRMcEZ4eGSiY7fizWX08tvYrhsh+ZMPIhRB24m7RTBavBvSIKGOIX
-  w7xNUS9kNOrIY4ZWv3n/zCokxmGBHlyIG4GfWwRVAoGANEfNSKy2Ggn/pLQ1d/3W
-  vrV4JUcF1eLOKHaQxVF3Vprfl/4isrWryMFy3pldeXO411WjP2hOwcIth0HWsXhp
-  P7ch88aGteDj5xPKae5NsYtASZscomyYpjcqHY4jJbVP6u7jS7XlCdqaerOpKgWY
-  E0irvRekNQ9lLvVDutS3vDMCgYEAksBOw2lVuKGThzRTblVkbjUByXoHQWLX2ySN
-  qIKHd2FDDXZtPq6zOffLUhyiZj7B66x2oNnziAPGNmi5K03+6kuaNcgdh0fd+mHT
-  ziD+x/vTRFTBrTvrik5VxvZZ1/ArFbF8z3w91UkWO9e3PnUnCOrGnb7a4kdVFO/L
-  Cq0c/OECgYA3obLPD4vXhSmAUCUI0TD+CvA5gUUmk2k5Q3ZaDQsSBbfMPvpq7F5k
-  yPCPD68j8MPJ2vkr5j09gIvGpgMpRvpaH3QFH36wxcYiL2Q8IZEfy89kTDtrLNP7
-  t4EfrgquO5hcsbfmxtu4xVyVrhRnejOUjoaVLB48bO9Fp9bQKFBUgw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAuPeKvd0k9+0Qt/NUFpmdWz7ztQAHLyQix9YDrcnXbNV8DiSa
-  Q/GTOvdnKLZgQXa10RXpA9s84fSxJO6nBN9PP6EjS38nIZMpybjb6wnqW5Dv/aOB
-  s1rswMkv7vFLtnQQNMGQu+W4t+9iSea2vrX/49z5QPZkYS0J+6GGmktfBZt8J1XK
-  ZYjYDsSD1OIRfEyafVJT1pARzXagnH3YwYuVvpaqcpICsnSIBi0QWr5zDXgfQQ5C
-  89U1NJAPt8DwWV4hCzjgkzqz2DEBwuFSopNjCZDXX5bqgypJUP3aI59nYyEJ3PvG
-  40KlQILIN05UmknnMItxwTuw+IqXHb7tOTbhQwIDAQABAoIBAEZ7ZW3179ldh4pg
-  +YDnJlQXx+wHx7UJ8wrtHVfC2wkIzI3jGrmbOzwz/CZCYKlxX9T9oV4r06ZShJIL
-  Mq+jnGIlt/pTyIh9uGW6wGpuy9P6hcjD3m+GzUKlJ1PItM4gqfBAdjNzVREZ8f0x
-  Ih/H4Gtmz8AWY6e37t7o7Q6se9f5giJIT37TMnct87AxAauIrOljP/WiuJCTFPZK
-  YwtXpP0ETNtrAdcJpgGPFsgsvgMpuLybVyjzXFaT1EBNjV0HdYLRSnikiyd3zlKr
-  lWyeOBw4IrF53ArZf7oRZtuMH6yjWQfNzdgXRvooPGy6lBhHJehpXgPZJuMp3ZN/
-  zoy0ubECgYEAxhYrI+17haRa89tcnoLQk7qbqz3LBd9yS9Ep0E3eQPyx3kvuc2iK
-  5e5CLDgNvaYDSTorUUuE+auDqJt4jyuPh5v/aRBECFVXrIPy2ey7dC4ynaPwH+8f
-  kYK3t0dsPBBk07RVfh//EmZ3Bh9LwnvT+xhXY/Mu8mQjp7vKbAMDTZkCgYEA7wtu
-  g79Hlgci/tFsFuI2BGw2m+BYkVWLzctInsF/A2sqrijAhC+0tNnLijXdWaCT/XWb
-  hvN6q0XMuZGZFvcpDzyocSV2oDwd8g/ULTLpA5xfamDaJNTqVDX2VRSnGKiOk8J/
-  02jZKBUXBKTj9n+7BdbpVFm9SoYqd3jcwKPdVzsCgYAHqLfGTdpm0nIJ18N/BYPX
-  EnIObvc4pOkgcVfyi/A6BwtBkyIHKFWmik3Ys9okKRUbcbpXDFp55N3UWR6SOpb0
-  IV4Ay/Y1dEdNjlSHhJXC6j5exgX01iQcVjeQSJywvdmILgLYO5h7N6cGf5NIU81g
-  ehJ29OIt0R1n0OUExCEOkQKBgFr/Sw60Hhgql1PRfQgpDM8aMp+cA5svqYypufdV
-  SXiPryulL8QiNPQzhJwUbTLVQgDWaGIzBZt1cr2hg1mOtP6r5KNN056jw/KFvAuI
-  udM6D8h7Hg+vTZTJBgDVX9avM7dj7y0XWLM9dAm8i1smvJc4fJIzpy9ba4cXZ1Ge
-  D4BJAoGBALYT9u2Rk7bNEoJbInZhmtqd9kyO+PBPzLA/ZOzzafIMQM59xJwy4Cui
-  vqA7EHvYJSAXP0CiUxP+X0MITbGTyCzR48fiFi8sY1C+MQaOO06IFapxtQda9r7Z
-  2NfJxVxgMFh9Y0a8nCGT92BlNs/Mn5Zo378Y80Rra0av/69w6HNF
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-genesis
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAn6CZw9xwsNzdud2OVb8Ixgwe5OiS0mgBKU3bo3bn/v16X3dy
-  vBs93Ar7IPegW64SOaeDzDG+yR79dObL8HAc8jRCGgnJgyfVqsABanZSyzZXmQmo
-  vn8lLPWW1yAF9/mWTduEs4YnFsSDIoD3Ptc9W3OYL1BetSlUTYXIHI7Y8wS/01cC
-  GPFTZZ/xKY2N9sdoFohsKTZuyWWtbMb4ysAIx7ogtEnBCZRz5LoL6JutN2swsM2H
-  BqKFxPom9YxWnnFiXNG5623abzvrWT9oppswqkEeE7NYD+BiNOYRb2OQYlezEl/d
-  0RUJGTpJLFN1oNWu953+tonATz0GiuL9G2TwfQIDAQABAoIBADH5EEpd57Wm349B
-  ij7T2IZP4xgcq2JNhxeMNVeecRDGABqFBZlYGeyaT3ZJr50kCLad98fkRusl1YlU
-  e8IhBx7YN115dOmnfd+/znGq606NC61wdbB1k4jYtclRUC0KqQBk2c1uESyyhq81
-  mrHEpoPL03f0fEHQ14CRgk1WdxrVAiwjfCiX90WI2GEdpIOsjvR9r6ZAzm0HSFY+
-  qBSaF593Uo0wmthS1YO/gnRdHQv3XtCxbj0HuQ0/8Mjd9aeNvTBGfkZtL38J84qk
-  IAiKWcoqIEPMePFaYiZQDSG7EmbrWTwj48qqSSNav50xo5mrglmWb+j/BAsKfwAn
-  87E1F00CgYEA0DkaqkU3/aOsL56KCWQ2f623gfisZ7EMSdinbA7cGtpPqbwmZxpi
-  66n8TiugpQoetNHSDvkake5oUOT8DzCPfJZ3cCLLOnIHuWS3Ni74LK8/fYZvT6gs
-  eRHicj8YWfCps8VcZvsAme3LQPfQS+uE9M4M3GPElDmdUGF4Jt9/Y/cCgYEAxEED
-  gSn0QVaYPCWiVecjKSeDdykiZNpQnN5W2ITQDM1ZeF9zEcDOacooIkh75N1gHRdq
-  LqrMJAn25ARTjqTnMPOJm7yWuPDyCExNeEU5Gk8H1egHsfBAg0yvtJPmF/yYJbZ7
-  4o9IIX1P7Rei6HwXpIATZ64bKpYijLdMkYTEiisCgYAsmE5RsUlwlSFHgZjmsgPK
-  DJaEy5GBE7YiCriwt+4EAkWVgKpo4onVFy7mPwnEzwoMh/OJKWi7YGgPCzvAtRHG
-  CSPDbHBCMDHfTua+QAj+6PmcFLK6SLZdp6rr9P9uI9D0o4xKse9LCFbDr095MxPi
-  qk6u1N9BL6W1lWp6SNuruQKBgQC/dCU1FnagXxf4ZUZuwyP7+/42ezyAYrINtqHG
-  bBqCwrmrwoIBKbS0Y3CvsUKcTJJ9DuCZUioAZnAilU3mdFzN1mfCNEJdfUDAc5+H
-  2xAP6FVeihMntZdZ/6/RXA82C0dqUxGcPedCNHuKcmqMnrJ52jAUDzeVXg2qdQ8P
-  TxRlLQKBgQCJ33OZGG0TgPcSW3gbYD9prbsJND/jiaaV12cXYLpeUT2uNMPEBFse
-  /ywgQZ5MObDclpYMih9sMRYU3PXtt/uWgSbWHFyzIZe4wzRDvr+pTNztI3+W5CWF
-  alT7i5sKrAnaD5xG6bNlX4soA5gHXlBVLbkpnVGTCWk3wqbK9HQN1A==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAv+w6qElJ+K4JAOcfd86igVl8AONU8BIeZGMWq47AK3sLxGJx
-  87jMkjeGg3xEGJ4BvQ1/OqOjmvxvfpPMcRQFZqDEE3Mzr+lZ/po5+5kPqNlz0LN5
-  AU7yx0f1gf/mLVOwSh3te2/cEKVVeau0fDKtt8AdTe+FLAfsklINPQD9ycwsoq66
-  qJQEhdFOuJGRlgNOTiHkqF+4xw7+gChPUTs+WfRTUknC3nQHYt8dPLRHY/Eqb6Cr
-  lw7+1iD252qGIKMlIHl8/FmFDtNM/BBmmg5xeQsAqvu9bGS5M4rOB3Yqo7FhUeDw
-  rJJcYcSbB6Z1U7mffT0F125Wpmi2bssfxdmMMQIDAQABAoIBAQC6GdoDJxX4cuG+
-  I19rME55uQi6X7YUGK2p0D/CWWjUgLs3UfKHT5Hm0rq3sv7hFA5BgN33QYg6mD+Q
-  8MZUfAKEsq2O4q2jDVa7wFcrNg9uPnXEUNOsRh66yHcy+K39E+Kk7AJFKIGvDnMk
-  yS/5Irc6r6p60SBEQubON4wotFZjns3iVPOQaXbtPXHbDH0PVGi1/Rx2Zo/8VHap
-  6FvhekXwy26J8xwdAN7AD+5VpwKTbS6Ef+QJpr6gCp+l7FEFLkAiGidUkGx87fba
-  0hOSnuqSH3jE6b613OCztFbFGhfU/UL3wn9d1PQueHu2CPkWhq2ex+6MuScnWMnm
-  Qx4wPW4lAoGBAPEL9RSp5JqpOZykxI/40Mhtik2iXcQzGvH0M5vz4CrCp93CyQnA
-  EHEajAw9F9F7YX4cz9osDCUAdZNlY6F5IYUboEFkb+UAHidt+LCSl2CR/+Fx88TG
-  W9+6Wndyx5Z+ihM9ZWTxiBWv0gYkTQGJYFzt7gw8xdkDhXD2RvjiiDmTAoGBAMvU
-  I3yV6i+zdhMFxL9nehdUJaxiSjLs/KdXDAOGtegsOw4kaui96ckkJI2T+rUzYaYn
-  PjX00bIG6E+umN6+H+lHHEBXCVIDmoIB5Z7Y1aTL6oZR2yQQZ+KMCJBj8Wr/tIxq
-  Sha7m1q9GHGUygFE+D5mkTNLyqXgu1hT01oq+u2rAoGABqGolW/zHRoovpl92uQi
-  glEZK/eakspBJITuYoz8DtEaIyy3sS/6g9ISJkgL/rRhQ0HxqfPqRZ5UncB9VDTr
-  6iiPaR0lQuyU58rLu7fcuEhr/LzQ0woN/wK2eHDM8uP6Unsu7e8DKm2S3p5jC/bG
-  kufs06NcYhMJucjcvP4md0cCgYA763crLt8TesxhNzbplb/cj84raRGq+uQjRYGw
-  n69mO2p489fB5+KMUOW2ASSYlCxGrg6pyfjDPyiYFBm4kWfMKi1x9KQ2yfxn76rT
-  EadstM2TAwlLBs+jV8tEtzzHWbh39t8k46399Mz0xurDiMT5gyl4TPWb4f7xLmNZ
-  hH0T1QKBgQCrH2f+Ezv13tOCKuVJcbAql9aKZiXy9dgyrNDZIjwEgbFAhND4gqg8
-  EnA+/jC33ti87GI6QmXylvGCbANuE9Q/jA2unWutHcYewzoatC9PLWKfw2r1IhB+
-  9aEaz+5+vlfdV4eVo1wO8yR/WRQH96ZIhclirVUGn/OUTid0vq3YvA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwNtoLXFPSdhYnDbtaXokXiXyMKMiTQyndp0IUD5/VqyrQobA
-  WMgoHMbMDk0jJBISPVvo9cQ3WvdjxdE+UdkfcK1H99B76j2LO7etLd0OYjhNVy44
-  ePAoO7mMBBs0ia62jneNubXtOZMVd4wDNK+WYGKbVDarlwKifc5OMAQFhq5HYdiB
-  ULi2I4suzMkVgQt+M/73vUQoruZj3uePwVEf1JnRXhq96q/LAIaqCrZgJfwpG65B
-  x8nQDRyhjt6LgVXQcHozz9P+Y8B6XiO7MzbIsErepEBYTiNL5Q4/xYI0iYICG96g
-  1vE0ng4qBeo/APUAcvja9zWzu6OzsPR2VbiT+wIDAQABAoIBAGEjoluRQTCeyjMU
-  74w7O2o4jr60zKgmgYsbGX7hm94aZsDBgsy1NI8aCtoBPHwEpi9FxhdUV9V32kdf
-  V5Z+WHm2rhNCbcfUa/cOUypQt9f9J+eLnmI8BOfgU4gV8+aNm+Iyka5C1lQzo5Jt
-  cYfuET5HLJnEV7VeXF4ltfg1blshONFdol2jgxXDFoOuImIMfjKwfU6OYcWe0oD0
-  30DZMnHOj1Pn2Z8LGHEZwWtad16FZo1PDFZMoBMucpdgBM+TyiQS5LT61wkFlb2z
-  VLyUzu+kyfnJbR84lH7e5O6nEbCE1yTn3hNlPlXSfOEYX/n/VVcwXw39/MWxuHoj
-  1gfAjfECgYEA79bw8yhVDhGuE98Z7brRjMBMgUByBRpUcLq306/LaT+0PDrO2Z45
-  D96RhJIUDVjaZ9SU+5gKg+dYAgJa+3ZSnunOeI/iRYzrEROplsXFkRcfRntekttQ
-  o8Vk0RiCSuWSwzGRJdrqiBBA/vCpCMMfLyreNHcBMGYxqAqS7V1Y3WUCgYEAzdoN
-  A99KGu4oREX67GYd5fsFPf2LZK19pUfVlhXkjLIUZlrQkmWF63I5ACT8sn49Xuui
-  /oSNCmptxDeK/aCjG8AdD20NWJUYdQHBfKrKJHB9Duc7FsPKLLoOv4UPa6L7+4JA
-  Liq7usjECu7fRUSuQWcUqVYeAF2xd2bw2aydxd8CgYBjU0ukF87pra6+8gUl69l+
-  heDpIkxWCqpvqRQaKdJ+uvAkhWJGw3z0MoNnOKvvPx3sJCCy9StdpwBOjLUrMLxU
-  rZVhXo0hqpNrFg6Er1D7nmzIXq0y+nqx6DyxT4oeBGc8SRnIaJn6UWjpa7dFNrGC
-  cill5ubqKVhlNEPW43K69QKBgFSzQeOz/rPyBpOBD+wxYF/+13tYVgDI+ggF9LZa
-  r73MkGRFPcjfCSmFyDps/aUcGHh0EI8VT0tX225/RCtz62lBtTNhtbobLwMGA+0e
-  ASrZNjvpnQCS8x9QNz1KrLunRnOIdowIfVIvxaqR+0BvMBwtI+1BR/ryklEFBFks
-  k4aVAoGBAJXtXsza1imjQrwn4bmBs9eadcdnFr1fuukzoRJi0PK6TQiek6Zf0SGN
-  XMZO+HMUuSnWAHapxOX73t+/qHrfisQta54zjsTQfjNJ22RLucBZ5VyUiWsullGf
-  vZIcMtRevKUaFccBzwjry+FzJPzPHPtDiH07qBqjkHdOgqW4YxEv
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEApD2DU1DArQK4PKOQHzfr+/81s+qoss/0+GFLD1nvCDSZvyjQ
-  2YcAq1UASatCqaTBbnInmmshwJES2WYh690ApMS2CQS3q0vQcaH0XqD4v1km8/lA
-  XFTwr/EO8ocGz54lh8e6aUyk+TznYgq1E9xWxzo/WCjs4GIf31leeUicG02sbU6N
-  ADw3W6z56Y4Th2Wcvjw9fqvJ5tCeBD3cPbvv4gW14E/82DOPFrj7gxeF8BznQ9IK
-  qxLxncM0CtnKsqgkJZYaqdQ2z6E10D0ytCxLenLgg/GINrXyDdAFpLUX6TZQMmI7
-  k+rOj7IOFCgaPDaS9rG7RPonTyS2/bMIHt3k+wIDAQABAoIBAH0n1uxla/4rRWQI
-  LCpt/elRKIZK+nUQnZes5Hr1SH6TPtn563ToOK1XH9oDpNALmc9lNCKrItRQePGr
-  r4vCJNxqfmFO8/uX0WbWSJbXydZexJ1EQjRaEfOxGXfdR2ZtGCJpI/dcDZdUPupq
-  SGSzEnnNPDodLa0reShFPQXlO/hdNtUDNqDyml5FL21AHbJB6FQav2T/g2FCDT/2
-  h4ocpTxmZb7mB3DoxVJ5Nt6GtXFjpSExaCHUNkh/yxO6d2aeW2zcqr1RJEaGswsU
-  FncCr566P9FOsLuw+UyLRpl1n0ToCmbw0f+bhb+YuXhrjjvDG8t9P+peG1QakOgF
-  oODHV1ECgYEAzheOH+BLbbDguNJur2B4TwOSQtuYB0k0lMoIKXUfuQhAaLIDwaKv
-  2SnuRru+tkkbrtrIvVg9W2lE6yj04s7oBPxtD2HXGUN9Ne0thykl8L3n8T+/GPrq
-  01Pj6hGK8M3dkq5mYkaXesdVTH6ZhxlfTiylVblR6MqVGRxkd0MODWMCgYEAzANo
-  FfXqgblGr7VN+M45BHpU6OMGbji4trP67PdT/IgIWXYayJ8lWWIWpEYu0ubauJfV
-  m/tI5tl624fmAduXTtJYWBr6PeZNhdOdohsCdzWmwttI4ZqgeKpOLwTySQx+sSWB
-  Ivyfmd7aXqKmEweFvb2NBxRdGl96zg6L8heyyYkCgYAEHcpT7qnzBe5nIqTdUeL1
-  SQ/5z+MIejjXo/VnxpQcoQKQVMXobzRt9P1yYjub7nfkFTCfP4zyL3cV71p80T8n
-  IleXUA/4zDVLB3K6WWMNnO1uDyTk/dYE5I8P1MvepW4AiQU4f0p1RFf60CiG30Xd
-  DN08ihgNu0YhG0UScL9uGwKBgQCKl3HZIVMqxxue99K9SBLx2Mzf3IIc1ImfDEtV
-  OXujnSHW7GWrjnmH7Bung0oB2fQR3IuvSBixQmK0yfBVqMB0Om7rg4AmFtLpK+X1
-  HtYg96CO1PsAz9NdxYwRYxHY0BUs8GZ2xxkBJaRBD8s0ODMBv8gTXCEXbm91leo6
-  DyFUyQKBgQDAW8r4Mp7x/i/nlgAGhBNIgvkvOA9NdVPIY86ZTrXGs9xif+puPFGH
-  mhFuolJyZI/Yvl54t4apy/Y319CV46L8oOedRD9H85rYtojXJXzUbu04MQeEDTfF
-  Sdxqg0YKbhU7SYHMQu9yRfynUkBJ6XC7mn6ZJ0yDwLUguDJhLPPuMQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TDLyjizuRy
-  zyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0VWHfa9fv
-  ag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+J4OuLLCh
-  Et7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDiXiw2tk61
-  yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8firAtDlkP
-  3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABAoIBAAR9fDRgiLXGH98I
-  R6ext5pRYFHA/iqgqXpJoYDXvmA2txfc16POF4MHIJfvdi/Lj5Uzhde3OhSKUykB
-  LILTJx73b8h95T7droIFdnpgmsUx46chmgfvVpAyOzmcmW0EUzUcmpEIoNRJd22U
-  pE0NY2rGzMk0tI0ZLj9AvUzf3VWXy3OWl9v0y0XrGUEcdMwWP2MuUWI0yTh+GbVX
-  G+dtrPdN4spR3+NgrSb5pcrgM5UsD/u2fDOfqd5u/piL5d6adb55csTnTXUj98LJ
-  rEUyH8X/lu+yEIQKdUgdyftvS42VQmMhhqCLT0bFjW91LDECjRgh8IjuMn8zjQJQ
-  U990mlkCgYEAwymfVcriPr0X7od0Rg8bhgvj4Qqo//S2nimf0A8UPbHeYePQHq6z
-  zSw70m1qh6HS80gLrf1IxYyo3kmlaTIh+CxMwAx23VaCRNSwIb4Eq7gjXd9aXB9B
-  +G5Ig4QaL1jzI5RW5/nYA5D79nfYelR2/Nw9RzGtSZlY1eCigOU3HwsCgYEA4mVo
-  KWpsQ4DWdhOmv97GzOSIX2kO/omG0ubuX0ASsWxp/82Lm5GmsrOGcbLdoiZBXePo
-  De7mtCQGq+kSbghvAJpSvxbuVrR7cwDOHt/lVkV/YfGe118xGzfg0OQo/nn8tCJ8
-  aVcyCBRexPmUhMbbJ/4f8StIT9dCUmBvvFpVQd0CgYEAifXKZONeu+sAF+Y5E61q
-  T3/oPxVCEm3zCityhamjLVmnUpuwa4AkKk2ynDYssGR8su2jFAOQhdXBKiH1hD+k
-  M8NdHgWxoRWeUPno6HFi6+DnX1yci7Ks9+k96Xpg6EeA2Q3rwWCkiyDafIiLxy4e
-  TvGBf+pmDTkRy19YgLWIGbECgYBw6NxLE32NKPtMhj56oLOLSkrNMss8nQA1vOCT
-  dpQcEpLG9g8zdi+qHijmGau5i9S768c287fxjaoaILKFWAVsSosMLHaPnZGX6IXk
-  Fgv9u8ls4qEyjpIiHfssky3yxIoImM5thwQ3zVj6afLtSXPRfUcW81wsHZJBHUF8
-  sZylrQKBgQCm/64/562C4cHumLeGA2QsXr18E9jWbRrTVtzrNNBU7RpSbZpBLdDr
-  bGl4S4c2VKCDj1HK7doFQ3Ko+jeJEiCwbW3Sj9CP8zDSPJb4BZV6cgw+1nzyXtjT
-  el0b75sbT4J2n5DZHR14Tos6vX4QDHCsrCRclh/9vdqouW8XyJ3I+g==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-genesis-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5duX2fa5VM2nVn9xxt
-  +0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXXs0xhmkT9Cw41ca7k
-  aK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/zHLUMeH2CS7jwxcD
-  AQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5gLmtYKAn6KTrDb4t
-  RVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS89/lCZM16e2A7e+u
-  sJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABAoIBAQCxt4/xF5lnUxgm
-  z0S4NkwsDfvlpZkNXxGNcPTQKhwzRkIhRGvfy+VxLhMl+jaRYVvg10WBAt0XT+ly
-  FyC5JIHUDD4bxfSgtapEHJhFc/rhDzLYxerAktjTsrywyN6jp3aKA1nH060eufkh
-  rscgLD48Lat6FoelkfkQtcnnQZBjulNelaHZ/poAcb4bONNpoISUeo3H6UUEhfO1
-  ezl1TrCew4JkRupHA3b30MFA16Jrt04TfHjCCP5kPJOp9nPOzn9kbjqFo/Omol1j
-  ZgNpXxfX51GWsFPqj3szJWp3Y7u/7/dN75LeRKRSO7W6/lDjWHcJoiWOqReRdgOf
-  qONF8k41AoGBAOyugjyUMF+FXiFnPEze6/mzTGqoi1+czHdsFEgDw//R5AV8SVqj
-  smJSIEUpd+NsGZqaoQJo7vO7Whm3AykWArRVUnn2F+eTH+UJKBNh6HYM674KbADX
-  kKXrzS35HEWH+2qol8/+G47IXajBupYrdPLZ/BGztNxq6bsbSmyc9my/AoGBAP9J
-  stNS5AtwjkfzFAjp0T+S1xLfTS9ajeXwQvW1INNg5ZPDXlrrkw1B+MSbMXwblicN
-  b7QLDYye3wCquKlxfjv9jFsVHRz9ZPRmsIW+eBYUcJrkm8dklaGbLH67RTK3BBEF
-  eOa+iCwFvtq/bGXFywoOG2TekbsHg1T3BhI6DjXjAoGBALCCGFhrP4QNJz0MC3lc
-  imlm4OduGLrOaeHp9VobjNE8y6uXm/D/wan3i19o5KLzXEjjZo4wiXu1TiV9Sdsb
-  Mhsgwmh4Mi2emBur73o8+ysGycypYxBhsts6doMBk6b7GXHal5Ui8ZRTMx4GlEsn
-  z4jJLmZZOdlj1jmWybMkf9ZrAoGBAM5Y1sfDj3rDru3vSDlwLWeynE+v2Sa2jk3W
-  53jNwEu7XbYTS7g4BDPKKHdabiQ/9B162dhwurH4VI6ob/zeNMfuyL1ykoa1Nx3p
-  xzND4rMOMHqy4EvKPLxUviFt45/7mLjdcH0qcs0Kk9sisU6OEvD8uB3PXYIMr5ZE
-  2U5wSL47AoGAS70CpQdWI+Er76oDZY0UWEaSbbECf9WRsI2WxsWjL1cuqbSCUFNO
-  mw4iQ5swS2e6YyTCI6FdxNh3d/3g99v/txN1upaLP96I/GhsaMhycgqu6LDNI3ci
-  OJZb3lkvlQmxDYCoZa/5uMV+TWq01oy6syRRk7IEek77KeXjaidTu8o=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5ERkxbMkn99HLAuBFc
-  y9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMhDCMkjWPbr2Qt8R9S
-  gZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRjUT3EipdpFj8SzC5L
-  e7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV6d+s6TEyASordstT
-  4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42eWA8ubiiFcTv6DD24
-  JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABAoIBADMT6pcAa/DUYR2/
-  DDFv2XvzOMjDBHaBe620ZCfwBq2uyXPtMCoyLynmtMNih5k5wjvdp9gj0tbKDVc6
-  VWzExFBqmv90AL0H0ZA1a2jA1laUkZwpdpY6+v84zrXsHcLFDUAJtRufRKBeHAV/
-  JQ/he1BZ4yhAbBkUAI2UFFegIppLuzI2IluRahVbg2GC37o4PoNiqDZJ97+XHD06
-  8UQSogwjHr17f5euAtUYSkfJGQzQvk7Vzyn4ypMNk7MjWrQfq0CdFdU2f83/PnsJ
-  0TsxBEYtEqU7FpfX7JmEN6C60cnqATMH9UWMMPqQ3jlD4pgJ5wPxDB9v2B+MEvgf
-  +gukVZECgYEA0TDxYYaAYJ27rOEhk8KNikUfonrEuNm5fm6pf3m3/5h7489EZmrE
-  SoNieVt/rA91oJv4KpKBf68G9684cYeUGLMBuK5rdX+buX7HhWH/z0VDwfQ0WS4W
-  QR7w2iQPN/qRPECO3pO+M1J0q8L8JwsbyH41ac6pfMZtA4Frr93ycYMCgYEA87IP
-  rM11Y6oS7f04JB+em7gXkccT3LNvom1QtvPd1swx8AmuNl85VTTLfPTNrye9sXOZ
-  x0SxHt6yGhWwa17L9QC4R/xJ+CY1IKYQFY2k0253Pk2TRoMl+TUV58iNy/mjx63B
-  bLjsTazm9459jfdiJLIYT1SHbbp90g+snbjzktUCgYBn/M5gzn2OiZo7jAYm73Vw
-  oH/jQuf7g6+j29rCFX2TvvcG/Ydg6f39lGYlMYi7vUuZtS6d6woYsKbkBOQn+19x
-  D7rxVTLxy6dbhFwmP9rr6+CMz5oeIrzJTlon9fjiuNnte6IJnqPT209H+rthpTIA
-  bkya9jJmZjTWo0UmvUvBhQKBgFYJjaMyvrk7OIexmPqX90V/D0M2h/qpl0Y/Vfnh
-  y3akjRT0Nf+YSwOcKiOpwlyOqVhXOfmydN4zPaob8jdWNqf/YxB3MB5eTu+B8bfK
-  VGEZZRwoA1EnyGZdqag1lGppbrt2yw15lGQwITNRqV5P8uSFxDNt4oqJBxb81bKx
-  s70pAoGAWp9hgP3+dawp7WedJmu+j7WRQ2QsS/vm09Vq1Q46BaEBlFbDYCb1Av0R
-  CtKbPdTCeG0+uK8EvAVFEoxdrv0pYSJz1/o2zeFW8UVj6b1B1IbKLxzp4+gdQ9lJ
-  65VAekhHfknCYBSqL44yFNSjGWVxG2FFUMUzgZgxL5xv4SNjxQ4=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1zLIjpz0UmJcNKXFjO
-  /2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZiceF7GcEIcT16vbHv
-  6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oPe8RoKniMrQz7Z2OY
-  0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4cGTdS4rKCgdqxPZs
-  VwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6uds3V0o4bdE9SMSQoG
-  BRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABAoIBAE123zenw3emRmeQ
-  73cvder28hz+Mxx8dFve2zX9LP3wbpwQlgknwVqhWhY7P0T6SPoP1A+9It6tNEsH
-  /LgGih53U3Sd8geLVgxXB9Y9XAaAn2beDYKc/QMN+QADJ8/CJ10cgBjgkIlSuEPT
-  +NTotjp+55q/Qbo1R2elUJ0NztJuFwzQX6OSqz2PBmRRIdZGJwojHvfKNimgfl04
-  dEwt5afFpLBa0SuNqjSSEhO1Z4u7OYMwfq4SqeDsp0/DC4d0kIFe7q3NTNT9Advo
-  mJLycCtkgGMGqAC6FUXBnpukLCXNsc2+SHNk36zCI84ammxPSZnK3oI+f+Fr9N8T
-  mygtZeUCgYEAyv3ZLf29z6tQD8URXYOtRI2c72iR4PeRTP1URG5/KDt3UBhGP+NZ
-  dtR0z9OqdLfUu6JzNOmM3vshlmxsk2R4NrSBMyxM4sOaxVGsT9DjhEfe5XqjQ7UZ
-  s7VtX4RiuYSVAblsk0+mepmCSGYvrFVpd7SGFcCjgtzH6EljKW3Cnm8CgYEA10LW
-  9L3h4dK2f7ZqyUPu54WxJd+QtNZbeBlgxddTMpQ95cW0qBrg9S/mQI/MwAEn44XA
-  gjE+kD255xj9opxT4nRqaZ6llW+zAPhMIGiZLHXuGlNNwopRwcgOvcH2g8CaPL/U
-  wWOEjd+uvtvV3XxV8a6o3ft8wVRY3wswbqL6wsMCgYEAthv0ukD5B5Tud6dZg+a9
-  DFJrp5DNxuDzdvmSnu3un/5xdObCJ1DkkynZPhXrx1igvlDoQGECo4zzPgs5gSXS
-  f2mCu5ETzSCk+j7icpy5cJQ10PQsAnM3grTSUa3oD/103J4oXSRI+5Y6fo9GV7os
-  q1rGLD+tsZo2shscni89OXsCgYBbvqUXEobfVItryzegKE/+ZUCnP63RJTs+6LIS
-  ID/ZYs0uzSC+NRaD6bJc+ezuOI/jrPHri0l6+JPvJvuS/sXR0oQ4F+HC2yST2T+4
-  4FvIU0rz9WVC8Oj/imCeB7klVkVmduwasGuifB9iQRfZmlCW/TYDxlfZnjVyerZd
-  sSDnOQKBgF2z6Loc+I01D5TjD2MH2BwR/e0P4cuse1o67CZhLXcRSR5cHb5LdpBr
-  6VFODs9DAi6jjUoQqWAih3+kaTJwjpqHO6DdZJeNEzq1wxOSvM3TK9rg3a7ViUZP
-  sjLpQkKYtviHru/142X6p4SHsho1/S5DU/nj1pYyjgReez/fevCc
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o315a63jSqpl/ZtpMQ
-  VamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3chY3KtJVnhLwZeT9
-  IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DCjTymd2kaupM7HT2c
-  dBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBWbsNE3Ffxf4xlGNDH
-  te2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3zMET2NbBOgMpGR1c
-  oNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABAoIBAF27bz4Wf3NHF3Cd
-  IVEqd4IpvBuPZS3CVAL3NYTKVbp4dtsMz7Dzl2xavXNfkA3UZHNemVMvBWiZtrk9
-  1G02f9dEMUkgJXljoBljtgfVKjFXjBcmfmE99LZqkwPImquF2Y8Ohw1LLrp8WotM
-  B0RN9zLJ5G+0QGEIf6v4jT2EPAam42AgWbGXZNX0hU8LA2C5m0kG2i6pbxWIYCG3
-  JQDrqoc4wV/f7wsjXxEPVxi1GCK2nTUTThStDm27/N6IluR7E/S88wqZfuvUmAYk
-  j7sTNVA5PXPO0t8quOEh/wcrQZXh4GNlcqAubo53qXBoM4teKehDBEhpoCIXui+s
-  w5MeuYUCgYEAwsieNo/dQmZzNGt8Oje/Kqqay105791CPqpxkTsL349JkxzRnv5M
-  oOMqmOduvHjXLBDWcignRc6b+biIHtGZO89loWvkhJVG3mZhpy4vmSIWBfUWSyxp
-  Gdeiyq+QrCbvMATZxsGa1NAw9w7xvVVw1BT0vP2dpz/uiH+w76tYWtsCgYEA0Sy3
-  Q3Epu3lVQLdziZQhMPfRtbFBlPnyPZ4kyW/pz4OEPVAbTy0UyHqHI/5vJc/siGtW
-  ikUoyWYs9Se8MK7nll0LpYOJlTMfOWx7zaExEKW0XtZ1YfM8dEVJsE+aFhoGpW0u
-  qMjAMU1kAfA7IrufljsiS9m1xEZmKd+DfJnmFwMCgYAeeR5vcNBvy/FoGQzFWuVY
-  enpfKIWg5h+wCCBeVTuFTTh4gIC2/Bfm78NBSqvDZrBbH4M9NtT2Ed3LEriRAb+U
-  YN0IhQWqTGRa9O+AJTSjI3cIlZBYUGlc9qRsS0058ZloDMo5Ux6y/qM6c6cUNOLC
-  +0hSrObWPKVHy5pV1JutEwKBgQCcUsC7RE0d8HWIIhHUlcGgaPRuxwPuJEWnSxLP
-  ADZKgU1IzR87ssM/eGKawcGrDpME+ML6Hul2akfbB1EbSPuGYg8cKQufV09UiQCV
-  EowqlswPvFKJW1CozEdf3n2XWufwpYIjXbRUpDPDRxfKw1Fm4takvRWck8gyLvqD
-  GjjcpQKBgQCVYXNaCfBbRTi+MoUoYHW7qWfSNnkdjghYXBvPRWc2dmusaK470FQC
-  qZ47j7WBcpbN5gsMJrYt4+/nS1Vae9HQg8YxB488hDmi3zae/g7jNI8vyIyt5BoB
-  lewcKaGmZ5saAYxSyBP1s/t8W7L/7f369ZL7Qr6XFGMocfc6eP36pw==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: kubernetes-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA0pU7YYKa3dcHpGZGg1yKzYHt8METRU23ovOU3By4Nx5Zgi+C
-  b4s2S+y5lBBszoDYnmrxLCt0hV7/8Atqg8cZCDt1KVGEAKkMTi87YjVs3bFNjevi
-  Nt2IToCsnpXAe5cVl7O1TzKz+XGtuiuDwePh5TJXWv+n8cXuvbPOmcU3ay+KZ2Xa
-  9OAUxv+/idEmXsipOTFCySC2mOGxz8C8TwlKrmmjQkm9bDdjsgCzqP+7opGXemeP
-  TZGNvAW9vpWcWebUVi5hcrJtta4iTpFNyl6M3H6V2qeK92T7rjX1snDi1i1+VP5K
-  oLghqpX7a5XdJcSf8PrHNTcFXk2HdHStG+5I0wIDAQABAoIBAGkSRPq2bAdcj1ec
-  IHrS5f78YXjLHY5q5MHNv+zD97ao0gh/JBn74C+qAj66o0+2Ql9pBMUBObaCXDmt
-  uIvf/8F3yVHAdpjNwHISZxLtjVBgc03o8IpnpudklLzcA5qnHAMBi+nkZqCD9Cb8
-  J1XLGp99qtCg129vT1wgJ2naWXiE6+p435tSzPETJePYILCJJRAlmHiulrTZhU41
-  2QbAwL2rHOnHzc8jsEQS6drY4K8F93KnCBq16wy0/S4wHwYKNWono95cL2ShQwnl
-  /f+b3FN6w1HLhxI1Ph0fC9lGXE4dBoFT1i++RR5gI7qzmVT5MJu6DW4w0fiH5TkR
-  CzSN3iECgYEA2lqhYaxvb3xpBeTUtANU5+DQ+I5SScbrinGorWtVmMZrhjMdBE76
-  rAPVrpXjQTXg/SOwzKXs+4iZJ+p/5gMeaNULgDcLRd4JpjkE57XXKVnuwnP1vixc
-  y/FjwGNsT69UqD6jBLqRSwcvQfMxhPpiW36V4X+TyEa78Mg5j+vcSwcCgYEA9uOd
-  CCv0suoTReGAj3mYGXSZ96JfUwVhA9PAQcWIG8Ni9XhbKpuk4DQr2aiGY6DG+Ufp
-  8FRsUMttQmlqcO2WEdjHVIzqN/aTm8gRLNLoz2UyC/ujO1JHaK5YMozpCVyyyKKB
-  Cu+q+x19ESFHaLsJiiWWxeQ/f8hLvg87LK0aRNUCgYBrLftzPzn/xlii3P0PU2dU
-  3oSUzP9VWX/6l+nNHheJAzR6ThKbL81ZrBQyOz6unqzOdLtu6K9XlGhhMHkRRUyi
-  9phLmjk9VUz1O53NwvNXR96rslHYxFvUe6uUHvlmb9ClOQG5634wDtnCjIYtGN44
-  vP0DECVRNG9CNHYU0Bh09wKBgQCG300325tv6gPhVxF+T7TRoytBZsigd/3Js3IB
-  /EEguZpj8v4KxsBJYvbZjwDriDdqkuivy87oTFlBwIjPbFthIIW0IM8LB38XyTHo
-  xMc+FVBDz5IapBYyj5vK8cOUw7k/ddb8/HTxfeiG5SE3i4XonCRDsy8lRWxrRbLT
-  8zS4iQKBgAvYsplJ+g1Cn80rztTYPh1D1mxYIp4TNIIERDiP1b604UjJ2CrYTwYp
-  YWYpOe2MU+fzGpRUd83TALd/Yd2IerEFaW17HBM3J3hJoEqbRZnFE+46fTv9wFrh
-  PggsHOwQpGVkk4FSiadyIFeuzZVaTf756fFX702xyY2K7Ywhi1UA
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-anchor
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9
-  CrALCublUMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub1
-  2q3Xic5z/Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDio
-  wSiJ1FQT0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5i
-  jb5xZpdRWjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrf
-  VdlGJ2Qxc3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABAoIBAFVOvB+eCfQ3Y3VI
-  dxihrpaAyTioj1lLAqz/EDYDOwO4Nr/45HSf0Y5dy0xxKxXA9AkFR9b7mArTELXI
-  h8LE9H8414TLpN67ksos7n1zYcg15QSK03ozg3aKodx9tjISwngNxUvupEnyU2p4
-  6zhpXFyNwMDiL0IRmeEh7qttV8hqcjaEBP/wtT6doGZJ8y86GMXI0siqd+b1EpAD
-  8huErkwq4CPUy5JbEJQS1oefdC9yxJq26DIlsKy4XWCIIyY1Na5vONGXg3mdU12f
-  whsVm47HlFP05YLNh4New3G7oFITbHL7mXHXC6AW4cM0EYOS177hJIaDG5xuoQNn
-  I/898tECgYEA7Bk5F6IudxOkfnqdEG2fUMj+MIxoVoTALLudT6ndGlSy+9HdrXhy
-  kajrVAFdw6TA+X4rCP/uAQWnANWWqYPM4wbo7DOxVClh2K8eXkhj/mlQ1ZOWFBbf
-  yLiqHRHbAj0fa74hdr4FDfyufNcmw+dDHK2dB5sibFZYHhzpUTGBfE0CgYEA8L1f
-  ZnaVafTsECgTxg6S+YBXbp6TWRCSswhHeoha9qWq1+lhU0J3kObdzmGTqx8DiDOL
-  UrYgCJNafcpGv44p3zCs4ztZFKJFkA62j5prIUuT4OIU6lgRs835qbnTQEEIPTsu
-  7S3CDB1OKYskL0AXbpRCNJP80jgtWLpxFEJH1y0CgYB3yKxAo1XzsBGK4eaCCTwF
-  HpRoSTQ+gQeHKoC7hDDbRRGx1V4kvrFR2WPbsP3DXvlRG4P2AvLbreR29eaEhowS
-  utS90dQsIPq1ltNPfmbNEt2iHkjMVHahPZ+BNCfrUNt6LHKJ7gpeeE6GpBnU1qYk
-  DKlYzIqAcKYwUPbG7NkHGQKBgQCXDSur3eIYTp5D8PGfRwu/U2EIvqUTsEtr3FkF
-  MENrGT3eJch0dnMRT1qDIUSHjXko37aemjn1R4fy/5VuoePx79e66EUXpk3heunf
-  pvNrO8G4zAJ1m/bXi/kIHtnHKkbiLJ1gImLsOQMPHAgDQcKyFoKH/QcYXDlPwAQt
-  wvzSrQKBgQDJpkuCxh+aeOlYLidbxWxmmBGeyYj3INTomLi9DX9Upy7pnVOiQp7s
-  DpQypBVsyGPI22qkHAKG7goOVlWm4IlJg3sgaie5ZBhac1k51oJnkm+nIXzhunIw
-  u2dRGdGRpIf6VtQn3ZCLa+SZMt9cRcmbx1hh6BiH6Ed80BdiPF+kMQ==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-11
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum
-  /ne7a8qFCThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWp
-  ukgTHgGyPnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctP
-  W4HvviwqII/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58
-  vZLxNm3YZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9
-  J1vIeFvL2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABAoIBAAhBgQc/YPHX/W4B
-  dP4mi9A1X5V5LHoflbcBedQGA7SHHGB23zFuUvG0mkzt7rsfYMXRiVe/A+p7HrZt
-  KpKi8fBUVFM6aOePss84t59N84GB/RaXGRn2cHSiEu9E+K9KE7q74R0JMIoJgnqV
-  /gGYeHcrdCauUyEOSP4BVBUv0itzg64CDsfQrwNNRr2wQ+eHC3kflqxRqiT9rf41
-  xgIsWmNhpMfDKNGlKnWC5N5N4Rbr6HEE0gzTNK+A/PTP86HmlUDFjoT5SQCdYFId
-  0Dlxah1cW2A6Nel3DNPqlLTaISHjRv1Sv/4BoSLpRFq7l1pWG3tBEis8NEeV0VF+
-  Lu7o+JUCgYEA1r/O5M/T1mvRmgJVPdgamYSJaorifdu/LYzpjl339hifUVlNfm3x
-  nCl6/RKI1mRvvtYNjra7qnn0J7i1Yk5PvumUoyCDDHI/Hdf56rlHkkqUZHbpxEY9
-  kXIceEvfB+nw7VSwodXpYO0SBNb/rhbVwFKLO3N+0fyzQ7DeJmBwQbsCgYEAxifo
-  YKVcjeEn/SCWd75GOrD7Hh6/NB8PP5S/7qXDWxf/ytV2Eok8GGMzYaQDrTN59sOA
-  UJnQeO/HmCWifVRI/g/3vc4KO1gwrOKtEuv/BHPURh8T1zcqFvF5tawtBylviA04
-  z/P2whq1+fm9mvCEA4FBSj+pNHOgPqfMrnm7XL8CgYAh+uO/7Oq2KQVXezsFuCYt
-  WH1t8F/6TkUn7f4e2tubgzXiZ2ENulPaw+2EEeS5F9deuPwYMu3rAbUSe/WngoC3
-  0roEPea+l21JSZ1v+LVMfqSQaQiAWCTx2L6MgmTeGbRXuWjhkrmE7r5FKcf3QgG8
-  ltMVKydMDtJGybu9EtFwdQKBgQCZuj4qND+Ahou6cbyp+wCK6eB3do0Jh4sR3Xml
-  UA4lrpGwLzhhmvv3Q4aKGm8LwKK/EN6MKTg1ingDDjdoGapjB8pAAwenEHz6swRo
-  aJO4RZAKMnP3BAHwOLgefAuWwcuX9gH8Op1V6tkArIIvIKaZ/X3Ed2zylz1bPlyp
-  gyEbCwKBgHdMPmQdJIdxrv1yqWRlHrXCS5nr+z98UEdlGqK4ALYsDxA1cGQMZrnR
-  bD3/3P8N9Wg3KUUNDhHRm5hpXvIpttnQ44zT3hk9JDylqKHJ3hn5evzum12SE3Z/
-  jQhAm/W4+ikyKFU18Tq4dEZanAk9+3AabsKd67beTvZ0IpYHwFjj
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-12
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U
-  40OZNRDy6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGH
-  nTGWId3wZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG
-  2FZrv2MBv+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqj
-  cmwLakRE2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPk
-  KHS62+rSlA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABAoIBAQCb/+ekW0WiBHFA
-  bZt8D6MYyLfpgGfcyK03tcmXm7a3fXP/W90WU3gQBJ0S5vcZTTCkzd2+O1yJQ4sR
-  n6CkPRa7IuKzMsIPzoM6foZH1jmp0/HCcHCZIfFE/8GDYOMfFK1YDdEO4khhU1h9
-  bfH5dH3icO7orYiSfKnFBJDLa2LGyClbC146r+GNA3cdh3A3YRyKLo4hbg2PqaZu
-  nAt0Za/VOti3fVyeC0pIJD0s7hes1MoT1bPj9Szw/JXBL+6MwxBm575Hi/NtN0Ad
-  akgZ/w9sWoLpF5xQu1wjE9UE9suo7jKDKmyHK5JyQrFKcdzrC+H/2+CeeSbVdegK
-  BtGCw7pJAoGBAPB1XhYbLTUSBpXvElBjhYUBlKOQi50pX4CyVTCxUo21uAbrefNj
-  Vqg3HqRvIkpvaBU2c2jonTJxi9UkUW/u1v8h07GEB/duq1dVxSrnEJCeOa/PsOkX
-  EDKJSO34MrVlxRJTNT/WOkSSzjpGfeET8Ko80XqNK/EbUbZzUqiVuSO9AoGBAP4X
-  jEJVFHBoSF7UZmGacaGBOa85vGDFLc8VmNa2ZiJNpYlWLK0eC9MU+mMDSSa7RWau
-  UB0kyXIab0ixu5CFrxYlSi7oD1Ji7wrI5Qjim2HeFo7cWGIfpRmg8yGTFMheg88S
-  bcBDGJ8XeRip6NypwMUrP5vYt5WjDmQ+XeRN9fBXAoGBAIuz5OH7EBzRSDo8F+vU
-  pnJMJMuS40qACxh+g7gyjb//X9fFX6jkgihhPdBTMR0F9Pa+F/dPjmUMSy2eWCIs
-  JYU9ZfywtOAw0COBlXgDn0AmbWWTyTjjSWnTESgRF4UEh6bJ6RoZoOjOUjrRUbk/
-  GIgPpbUJ6AnA0YyrG88Oje4RAoGBALEH/QwWNQhgT9PqTm7AaV0qKOOh6VLO7qyy
-  kms+aAiMasI2DSiMn5Zwrkcf+e6HWcJBvsWfZM8gBdrzIgh+a8+VKYtm2Y4AKiYs
-  dA7tu27Dipn8gYPUInapwdvpmvhDibhTUa470UK+2vtJHlnn18xH5qiRpM8X7SYA
-  ofA4NRs/AoGAErCHYYRwxUr/F2PebRe7NyRfMBThpsI5AVrFUIkjEVl6KnKozCyi
-  q9csEDDtfpL4SmAeLk/GWUzrjsmlCR9AyHmI5pj1WPZXvl/NLu7DysU2c7RtT5a5
-  ylKFPtH5XMLMoZ91o8HB1z2BHgmBHNVED1y/sW2hnOs809yXwiujMxY=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-13
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZh
-  d0AnXF2JWW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4Yoe
-  eV7SUxt89ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/Crh
-  jwcccR7GKQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ
-  43rEQLHYfq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEE
-  tstsAAhSH6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABAoIBAHHZpmCsBhGEbDOS
-  LDBC2odhVK8X8nPsrHvgSfutbFVhDMYuEhCUjSf4ErBZbjeUI2pWKvnp02u41tt8
-  PvgnhGNMP9M/QM1dk0wO+68BIWeFV6Eq3M1feSa1vBZiIJ12kKjWIRTBU6yQCKFs
-  xO1MalGXsZIg4CULcWTnNrQQPz1oCrjdKGGW/IbsLDQaWeiz9xWxsSVjrpIiGdgr
-  0VE4k8b7BoGUcK5AWgeKQky1+CwwlYqh9r+YYwo77bjdWEqoBjn57kgfYjFUDzZi
-  maqIs6mbjUxmAEUBqU0u0jV0nPSYv0tGrcrIc+lSf3J4YGPdSmMzjGeXthj0RgHN
-  rKe5wuUCgYEA7cBDtYtUbzr02MtSBe+8k9AzF8kxfy4mYDNZSXY9SKKYW2j1UyOl
-  bYfQzf7oeuwCQmnBhwcbiV/lMVs1FF/eG1OAnywyRfDbKgwC/P3VbvGsr8uaZVxx
-  8AGiJwQmIS+RjP4yvIa7v0ORgBgA0ANvhl9zqcTmOyy8ERlfVmxkxw8CgYEA959c
-  Y0+91SETUAwxft/Xnt+62J6XCGUtIYQXKtzziJKMAqJJbZHUiOreyWgHP6Z0vs28
-  SCvHVlDLU+HMS0e+aRN36uQ/pjdPlvYler+0J/IOPaVCUXzyhId6opruIstadvDj
-  nYJxERwzltZY6x4UXUGKQFyhMUEb+X/ZHO3hoFcCgYEAuu0qjycvyJBbB8S8Baza
-  4ICWW0I1Z2AajhJxRf/v6RbloSEhmS9ylm5tLjkYAeVjVWIe5ZIiBV1fLvIeBpnl
-  YCjD/OHb2P+o4SM2ikDsuWDMPB9hkgYgEurF2dU6QWdMEcWekHmCTbvLPyIgKWw6
-  GDUeFEGaHrZqWytOuP1aMuMCgYAiNZPv7G5PaXhfkK+t1YLWYhZQIui+siuf+72v
-  oELM1WIeYwk95+2y1K/ep06JDpgGXCns1o99b0AH4KP2qny1y4i/nLTmY7HNK0hW
-  QvHCqwAoqBIXa+mdQZJBsKHBkNJ4qCLp+cFhGcJOzmIOaWNq1skgxytFwLb6qxz1
-  kC+hlQKBgD9Q7W63LHvI5U/v+8rSQ+uCYvjV4AvmGEJ0ofjCvD97iUQKgKNlAiII
-  1ZIQgWGXgJ2t0tA1Jm+dBmY19jiX6dYCr/7tgP8GJitReiWnoFGI6pyAQKpvoT+H
-  iQD58VsBZApM69KqjvuD670tjArBMeo5wnyA4miE5e3LuxO+b2C3
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-14
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA1BcFPyvztF/uE/f0fbcqJd5oE9Dr4fdPcMqj9+i9GR2lczoU
-  42C94uKOpybyW+voyXYI4edBWyMV5w1nWRnbWdtDic74IwCL6YhMvDPfkEsYwL5F
-  9ApCCYMMmaaYyZYBy6W54WtZlle7QKbv6zQ1rR9wadd86K4AZ4jDsYYdYHY01IdT
-  hHCtwbB9Cib2/xaB/w8R1/oGRMsAQKIwIdZNuCIvAAz73P+l9dB7R2Kj/rL27ttm
-  7LCvQjTE0SVfZCoPyu+V6zCofPv90HClzegjvrES3AIEUROxZhwcatqaevGhhyIq
-  mC6dBTjwt/T11a5iIHb5GLkno53vtRfs75EpqQIDAQABAoIBAQDIURHgj5e3dp+7
-  9obSskw5xi2RAdO48kfy5UInJYhtD2Y0Rdhyxe2zPH61+4APN+r/VN+g1jYRaTsH
-  ps5FBrn5zbGlmHkfPiXnpZesbmYqt/MiINSbYZDrwP4GpaZLR8ZcXSQKd8T+zdAL
-  iWCzSvWjlT0sip3semPhZfhHVL+sWV/RWr5KwGXwaGs65uzFbVcIue7my5V0Gn/i
-  XxixBh/fLnORYZrdpI7ph0ESv+vzNQIgJblUNvjlBJ2zWOid2vPor2B3CHn4KSqm
-  Bu/HZzfXlqoTzMXKs1/GLeiIDcLsjIoyFvYWDodoi55psOu6ypj6/IHB+9udOehM
-  pUPLI7UtAoGBANjYXkwKUfAxsQ0hCs8MlJOBfsvT3wrdQp3x5/HuoSjLw6JmCrfm
-  6PNlv1WLEdK1NnPfYEv88SLn6wvOA8MgxCOG+gf3EIB07zlIrxIuC2tvMfsdzQus
-  1FhkGQ4V98CGplSOWLn9WuTNdQOGBbx19I0x+swGILJM1noMVsRsQEYrAoGBAPpi
-  10EMjWtJSoxhQOIOM0A1eR1e7dSw1ubSf1IFs9Xv53G5Uv2T5kxmj0kv+gV4vvju
-  8xT5FecVTzuTEfG63JMx5JnzJUsBSH9NBH11n6NEvtjWBXP0tDsYfsuWtKi4hac+
-  qxdCevW9wYHdzaLDRtNCIQVHxlzonMwGMQ7WH9l7AoGAWLDemLFb5Cce6GTMW/Uk
-  S9SaPNnyjyoCVkGcAar9hYcaBDFCTweF3g+Om3lfF9SAahJB+7KAGivLSi/AAC5F
-  qtZJK7rUqAWr1r0wxfnJN+7p/XCp7g2JaIHAca9wfvFT1J/IEIJci9qw8nj9naCN
-  HrcDgjE7bFHbI14qmvo/q7MCgYBnXkbfY/8+O5O7QKs4qAQgjfLiXT5ygE84G87U
-  XeZQfCpgmNHaPiTlhbHB1Tyy5ZZxzrQsBGk2bWW4go717N8DJaXqqKbMwErdwz4H
-  TXgKP2dKvZCivnNpskMmaaFLxmHnGcgoYhnBOgWZR6iNeXDT5okbVPZfhOi2khfO
-  uDeN4QKBgB7g5yg8dJF0hx+npEZ3zEXtb5fWabUvM6o72udnmLtTD9Kl3LvyjGTH
-  grCF+HHIwhtA5HCCGScfBTFs7RvqQeeOvjlTJ5z2ZPTEJkxDDneraDSLFS2mgAKB
-  RezSPkJX/jx1uaP2u1Rm9OP0Ir43zr1pCxV0k4z4I8cAQiySPQKY
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-node
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAurcnk2DsQLTrrtNrdHsNsMB/B5TLU+35QPyknLyql9iZNHsu
-  98Ew8rJA6wYqnq1yZR6pGwvelxfkRcWMrw9rEyahYQU2sv2NYxhdrQFlXa1FZq4D
-  KMVcfXvAMZPViqrPh592LISgemp14bHb0eZF1RBGxjZvkNacUmlkpnhZWc0aFan4
-  OA6jfxis2qDiSyo5jgk2YSrQAfSyNgpAp54Oinr0mItsWR4lVxeu6CxtZP2oSUkq
-  z99KpdX9VVYEr44im0Sl25bf1sGamCfJEksp4c3Tsm7Oz0qDemrlUNWPJrj4K8qb
-  J9meXwV8cz/tTjtpdvFe7oVxv9QXi3/MkPkZowIDAQABAoIBAEGuWD+h4rnIavfu
-  62foOaKptIXoM7ZsijfwJ7/zJleQHCS4CIei8CMPzYJfgvKatRkZNgeLn1urTeO1
-  YI3ccKAmALLucJV6WBg55AoN6aiQYU+Dex0GgEisFanbBU1oVOSylZGHfiRR+vHP
-  7THjPUF8HklvsMNUm1zqMjvVLilGQUpujwFMm3DJcW/uphMh54TauCnptGWna1ln
-  S3cBoTy6Ytk5K6m2pQH2WtePnqdChkl6kQRB5A6XVlVN73UBr1Atn+RQG2VXyj18
-  VRDh1SrOxT/XlZAsCKrtI8s5bCaE5vbKQmzg/DhoJuZHXUdo9SMKU4yhEjHvFoWW
-  Lfcw0WECgYEA3DPde5B0ZAN9bE6fXj9axPGbvGIM4BZvjSVctRrONGM4aCVXY5q2
-  Hp52n/aLTPElSNn49qrGs6jmfGWTisBzykv2Wc9XQ+c5MkJ+ePTQ7Epi2hZX9KtT
-  t/NQPfuaPnzDVMtzuj2Az7aw5TEnEQthNqwwf9L1qaK2OPccCT/gKAsCgYEA2RGp
-  Bp3sgDpenqym3BV+XT0xqDpkvDP3jZH9/2jdtSv+nekQlEV59oCJdrnnD0aBDZh6
-  kouI6wU/k/wJwgNYNwU6tUuy5do4tH8TBTa9tczaTodytslyHFta5T8v6CDJZ3Xp
-  pH663mkIC4nOYJJ3zsOQURJ+XGPnYun5brsRm8kCgYA3Rz3eexD82nNt8P7I5haf
-  QhfaXrLkvj0arbpsLGJ/fDj4zAb4FiqJ3TXiSj4F/rNhana5VX20ND5IFCfJuS5Y
-  JmGdghNiFHWjTFX7f1nDN5lBLkK+RRQrJYWLSdIaxa8zZi+THUVs32vg3Un1WWn6
-  E5fJPug0wYgFHOOI3uQiqQKBgQCTDnrTR8QEbwbROqhka49LPXzZuo2qTw6D84b/
-  NJ0W8zIw6sdXm+XvkM8QBwu5dotRmZ5Yj313svuKlvJJZRirVbibQCh3vaoy5fAN
-  1TMa6ihvkSWvHbRX77AZpQAgo62ukNxzm4Ofz8oqfva4yCGwix7HPd8rWmdUxKw+
-  Ty+zuQKBgQDN1iFVSRcsXg9ygFBDOk/BaDq81WOUpIIfgW2i+Ho61Dy/AmzBcDEr
-  5e9g4E3cJG/W68MT0ScgLdSEK2MjqbCHVg7k3zjDahcEyqjCCL9XMynzaqK93jRD
-  Z9mJGgHZHmijs3bh9Xrdx92A5zR3axTqVomWO9jwsPW0trd15+ZviA==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-11-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAw7kLvPFfXWWLFOHMEuoreC0yIcwgMQH8jfqqpDqMW1amEBQA
-  5DMEtl/Vbvrv3/EBPRq4nTSeQXZUiOgF9Bp+8qSxAn1j/ZfDQf7+dtDr6Df0VMDl
-  wbeZbtUoZHghMccUFZeZAZ5wvzT7iszFNiymWBdHnhLYbXTignAeZeF0Kwxif5Uy
-  bbjPFcuM1k7k/L64fMxbuxV8ZmgrySWWVLQganTeNLgoujezHkgXrg7YYf04bx7j
-  ko5B7pnXhhMEWKyNOzBKU1zJ6eVBfvWZcv50hNf1lC2e5jNo81pP3N7+E8Jy5+h8
-  rR+YJVfxu1m5KKfJll6AKID6g5Ssyi6p9Q9KxQIDAQABAoIBABHo4+8VM0HLoe92
-  PgNZFEM594VqNWPmp6KiVm0Swnc1NZrxCafYF01M9a3jHoIifpeF03DnOLgKyO+C
-  M9FDf2xar6vnp3e0JHTsjYJ32a51OFFtGVkhoNOog7q112vDqM3VAnZIdk643W+1
-  DzLG4S3ca3xGgzF46aU/9zghakzp+yN7H1zAuY09CuwtwaMBcYQTRPCiOh/1c4fv
-  y7ZVU+reVAU/2saDhIucASEvT8DOrgapTu74QnpDv8SxJP3fQvcpPUhe4cH6fIBS
-  B+kZv+uUGCk+XLhLrF4FrU76ZqgKmhLff46ZjMvjUaH1LSoGnHyb+W2D1Ws7DRNI
-  rq0Zs6ECgYEA0HP3xWeM/CbYT1VUYyJ7BUWnIIAyaItdug3vSuIPHG40xzOSk2mI
-  RWVcfB5Uxa6cyScjgOW9jaNpfk/1Mm9PZpdk90LIspHZX+AE2h22pEaXkD7/QW65
-  c3zX6p4ULgeJegItbPqp5wvazvEV7mh4IzLtPzgVSAbpQrRNZFm1v00CgYEA8F28
-  S8aFB2YGOsMonkASanPxPJmls9ek0212mQyTatrmiP/fGrMRkNlh6EOCieFrKBAh
-  vJBrYvNetM0QpJOB6YkFJdUFjOmlEXCO+2O5PA8flHIk2ORxLfPBDCCfzHxaWW/5
-  BqSfztWcJdoRSXCq/xWwFr4UkuUmV8INEk4cbVkCgYEAykUNUs71PiPPV8Pb+8oU
-  h3wb/OyIfWtmikhFP2t18Ed8DSOdAk+v/G6rvICOD7gsyP+icsv7D/pWPkwGCGd8
-  K3eScF+scaIWxPKSorecZ3FcVorakzqG12p39WBpAnUr0GlWfN4KiXi2XIIRnuJe
-  WQFstyCLffW+2IwuYMawFi0CgYA1zAT0wL3NZhxG0p8orBZzFPgNJCZeFgmh+IHu
-  x03HQK8QQpRgmWt5C+5J2bJBwd4F3XZvibM/NlEgDjWHYCxXZH9udDsFytVTDeoy
-  gaNXudrLkrCEirx6GHBAkpyxW7OtCM6nmfjahhyorCHqWfkrlmMO9AQOzJLEWX4r
-  dqgOIQKBgGFFVxxbVK7QVnZoZ6j/W7Ede+qVM9tAkTvmQP8boeX6yD6GGZ4Y8Xtw
-  532QYK2dkjrRcShyDbvp+1tZyhjxIRRkjMWqUUCExLiZCWteEUd7vEDfCuExf8fg
-  pwR0ZPHNQkio+mXqUyrESzXhqbla2t5QyTYyHGN2b6NEvxKQ/ok2
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-12-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAnMf1znAeBCDNxRpiMA8TJNNGF/+MfR95k13PcxjnHDrKXIsG
-  2Gvup+MSQjLCBSNRSPksDyAoWmp6pTh6N57tr8qimaqIyt/0OeOVT2x/q3oKLkKB
-  RGcNtR2qbZ49t8ZFS+9QPmDQLMl7zj2N5khdcyMimNPVedK2va58sZav0OHyg2XP
-  zzsM2G5GIOx3oBoi/nO/obLcaUBHN8lZeFMpnSx+kSrwjK9BsBnspe5spSZyezfR
-  RDWCbNcmxq9X9iqsgEFFJjGoMMyWYQsOas6DdD1tAvV/d5hIWSQITa5u7E5wiuYu
-  kYw7ViLB7FQWMFD/fT5UDQkrTKmMh1sbWpe67QIDAQABAoIBAGQHmKdsFVqg62i0
-  mqz7EUXPnss0+xfh+xmxIujWnK4APJirA2UWCCEJ2d5usCfDDtu2Twwfgl+dzD6a
-  ODBAsHoWmYPdsIVwOkytDdis6xAnP1OgjwVrku1ZziE+czZLxG7cc6A4+Nl6fAls
-  cJra1PTfF/XWQkAF1x5Ss7BC6k4ku3rag6eXReTggdSkZ3iKkdsrJNVydgVANeIb
-  aekK2lh4iu7lG0k5go0G52/kHcRCze5XH1msRJPML0TWOnpehcB5x1ibT5ZNfUAT
-  0rcBTpLkVdVUlh6Xau07ahhHCnW3x4YjLDlso93xLH2mUYlmGmHssy1mZp6qHaal
-  l5+v6sECgYEAxID4T6fs/TJgyRcF0xmUnzQ3md76jzphzFXz6pcR4YtUzx+DInEE
-  1Lbo1plotxRGSIOmy+RCcOXrg/eAB1QLJLhE5DfFKygqIf8tV3UAMhJufRIQWksj
-  +55eViiEXLwp+kpDrMtHtg3rv/Eku+Cg7Q7zk0Fo1mqQvyOy3RB4/YkCgYEAzEAU
-  cReHL5HVkALMLmH+zvMW4wkeeXx2WzpIEWOIskWrPZ7jHgoaGUcPJBa2btm3Q/Sf
-  Dilgjx7cPOPxUwFOrxrlycro/coFVVUWmUYhjDd16fFxi9zd1vsEo0UOCdUgR2R7
-  pvuDu2yynYhpESnEpPmqtUXFEMisIO4jHgRT/UUCgYBuH7kJKxrtauZCy9w/yf44
-  mpLucMAKtLVKRoFD3xXuSJ9m1EoxaxVCAJ/MZH0C3SHmUaGQcoOpsbCjbHkbokX8
-  dihlnbupzACQvOk0MiXB6gJxpUX01Fd+E+rabip/rhP4aNY0aFfv9y0/jG0BvYly
-  UQbAZ8/RGje0ZtU+fpTPwQKBgCNatC8fM3c4dw8GbPFaZRDNYxjJa0z8DkCcRf08
-  jVzOUmXIKuf4N6xIcIZ+p/VoGiDZJu78moorfVPM4OjNQSFuNnhHdyz22xV6NP8y
-  9Hug3fgwosbi5ENiD9tzCIsLKRsyeXTd9F9s4T4DbqxZ3n/v92yJNyNAmQraLZn0
-  hdVBAoGAUGklBpYg5ina4Br+ciWGEWrm2+yGsr0/m2T67oLkM6c/zcvMW3sUrggc
-  /G4IqCj2VtCKaH0ZuTqLTIPA4xcpj0ouMnNi0Nvgkug+eLCOY+lWa//aWFH9U66a
-  xXpYX8uKwQYx4y3CJCmtRyo4MhGol+1rR8OBh/LMzmli++6MJS8=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-13-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA0pa6zcUAGIkJk1tdn/OjFjChIKp5hngrVdJung3XQljK/jLB
-  7Ij6waHQzR+9fdhSOBeoO0Wggm14J76cucSuHC6FffJj5h5yL9lSuf4XQ0/konRe
-  V6FOXtLy6IiXueF/Bi69SBbUIWN4wGoj4jqi+P3Mj0PnOTq1/+tB/pkh8HkFvt+Z
-  leZZfifHzpR6+h8YZMogZqMhNEw66AzdpEvTfy0B3ugcfkU1rxQ4yFQH6UXRhjHo
-  45c1GuIcgA1hhg+dS0Jw9eawJS8OctM3QpruKoRNuBr71a6tfEMR1KvzeW6G1Fa+
-  AcIdGTW5SbE5YkZj4BLGq2qRYFkEeQ0wc4dSyQIDAQABAoIBAQDNMmg1ptbwEV/O
-  QUHaYPmx3pKylMozmBaJ2rFEuzHcCU9LIERL6jGEydr+dQYcgNOkqpCXqMG9NVPW
-  TmrCrP4GoeIbljt3eIVFUJrGdutOAKRFE+T1uEz4Is7kfGxziGFQsexoOS5clmOM
-  AiCTCRXSTuOrWbwNzMKY6zD0F1y1xkIEb+mjseUYioWlka8RMlssp0U8AAeG2qSC
-  aQbvnylHs/mjirB5O9hN/x/SxGjhUMjv95koAhG+su2ms1JwhMh6eY9Vt0KJ6NIx
-  1rE2HkAHHELu9y4pDJQr5iQy2DziBOJ4zFWCrKOCCVCExScL+5Rjd/Q1lOayODTt
-  WES9R6v9AoGBAPUvVGLW/9S3rzNCJEBrSUYe1cCEsST0obASfH9uEsImnddGHbRI
-  Sg/0qsRcqhxctvZ5inP3z5xS9bsvG8HNh8SLd2fE4rZOz5kGkjNt6vszPf8hrJ9Q
-  7NONKeKpg4Qpi5pu9PY+nKi1WUHlP0u07H4L7g8Ha+BkxqPbMYpFkfFnAoGBANvg
-  vCY8Il0DkTCSbBjbLob+0Oq4KgXPaw+eWiaz8pCYRkvmb7gehSQoR7/Nlihxvooq
-  Cm0gGyZdpYK3GuLhpPNoKfUxviUi2As/DgnYRfqiJFT7FZr4pD7FLUCH6JZVP0Xd
-  zM6PrSMIOmADNEDW/xSICM0W974v85pfqQJdSwxPAoGBAN97fJd7EUV7CB7YsuJk
-  6C0Z/gu05yKgOKCcuQ4N7ts5B7YpGvowyhExGlZRgFzJxZtzvVdnEb2TgJhVoB9O
-  j+n+lZ/oPh2eSGtbKffmwMCnPGNI9mdhA/zwNrV7fX0BwVXKvU2WVIUSh4EgzEjd
-  aJKbnSnlwdaPBOBl8wntz9ERAoGBAJnsxuphWJES6TY+msv/zJ+WjTxz9n8gyEsj
-  yOqlOJ7+6t9Bj14uh3hbdncQfhkMH55rdecU/cyq7C4I7xp7alU3y3+p9fnbXbDp
-  0HMV409k6NhQ+bwGajzDHj25pxpuzR+k+TZ1oHgQz4TdWVw25lVCMh8ZABA1U2zz
-  oMZV9y7DAoGAaPzOfLlPeseRARCz0mso4Y5elTgVlTv5bOHjtk7ozS66tyjVlyMN
-  zq1fKj07TG4zIX8aWAID8Nt3dw+03ucGyHV0euvav71H+6CXzdmDb7Oh81f+aSbA
-  X7SEof3XfLWlt9iigJD6AZEuRlB9/D9tn5phhrDfzTmX3Z8abiVUgxE=
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-etcd-cab23-r720-14-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGyto
-  Pe9i3QSImqbFrmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4
-  VnuCl4w38XhHwkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeag
-  w2wREaRd1wdEMweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+
-  26mgdoqGQ1jZTYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8ii
-  fEKt100wOQH15hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABAoIBAB3jpG+D45sUCDPz
-  4oWPEyApNSGO11KHSg2g/BeFYZsUW35+BsqgVqZpHuOPhuQqHQm7HL6lE4O+TUhf
-  g6uhPC+exy4AM5NN0lynqDJaUEc1n4hsRJSCyW3LjaFIgzVOS3oxrQQ6v1w6ZaCG
-  oEZcrzQBi6Qc1+PQzQkLUBJoIo2jhHhRJ5ygNLUnhZPQuYtjmTz6OLmc70uCQGpr
-  q85cyJIvGLPFJJG84AfZfYGE+5rGAmH0DJNJUa6NPLEw8RR7a5fZyIBDhb+yji22
-  rj1+udMy60ZV8ROJW7wywqR+726ELAaDHFEU/OeSwUtszWBIZpIfLobYHFpZdpDF
-  Mc8moNkCgYEA0N8Y30SKLhzbq3Ig7VPS4msEGNUjJvMlct8YniFuHcN4zaWIFtEf
-  aDRoWnqa8CtVWl8FiuL+umpQ0eVkzH0R/vTVUq1wu06Y7XwYyLRNMnssw1PSyBED
-  2QZF/j4Hk8JRAvva2RKXLwne+Lljeb9PmZuzxpdXjYNGmD9OiTdME98CgYEA69Cr
-  z+JPTwUSdBoPnkFeO1IZC+rflBFJzj3R50xjSiAp/Q+KvNogEvYzb5mbZW5RcyyV
-  uAYY+9OTdzQyZwxr8SDGK7ilwsQwnl/+uuLLn6HWOjqPAeLpbmB04mljl5Ft2ADN
-  6Eks0NYJ5F1x25lmj7QXRtGYo+2WU7w2pp662kUCgYBnwIowTXF+GmObtCNbACpe
-  wd3VH/pIHLtbZipqUhzKuBBHxpPlEZfSQUYcu44/AqdxLoYoST1TCACBYrtBQFcy
-  GBfm67R1tkMMpHoDKFy4WKsRk4++RYVtxkn6UoGdCgcHvmclMLDccsDJN/2LulYl
-  7UvNt9uLtcvZUIkIa+lkbQKBgQCj+iK/F9uWUyyV11ls7n+cOGZ6RwTZbXwpEgvY
-  DuIsNVl9Q0VyNSuAg/sYa3QHgELbF/G0WWkeE+3DQmSaC6Uzs1qaJHf/i3VTa+Uy
-  B2sYwey56OZwpV01B5W/qxE54ELFpSmJkPi871lJl0EJNw5+dviIok7GDvwtlf9a
-  tZ2xEQKBgFWMUupdVMl9DZJTN2RNP/4q6/FUTFfGRRoKUoVgN8e2X+nHikUvDTHd
-  08mJqSHTFmQn/7bv4MH5mVbBAhgitcVXCvYooR6BNIL0SXbjgr2VNz/ZqVIsWGvW
-  fW8SM6qMR4CyZkEcW161Zvz4XzGnaIQ3MbkFtfJy/i+wfspdUFZr
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: calico-node-peer
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
-  -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Ndu2d3Wp0Th24IOVyt
-  wmhCWSTyCsY/+PZ6CO1JwhvxA/LLR+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEK
-  O0erydvCT/MKkk/+oKoLTum7TEoWredGPHlri6xMqktFjlW4O2487JvBx5q1wObV
-  nb1vpv9pnW8isSBRWiQAlsol3Bai3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQ
-  KPSl1qnQ7h3rNzj7J7Aw5soo7cJKWl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ
-  2FzisZs3Jz4izLgi8r6hB/NbIOOc5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcM
-  PQIDAQAB
-  -----END PUBLIC KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PublicKey/v1
----
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAz8Ndu2d3Wp0Th24IOVytwmhCWSTyCsY/+PZ6CO1JwhvxA/LL
-  R+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEKO0erydvCT/MKkk/+oKoLTum7TEoW
-  redGPHlri6xMqktFjlW4O2487JvBx5q1wObVnb1vpv9pnW8isSBRWiQAlsol3Bai
-  3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQKPSl1qnQ7h3rNzj7J7Aw5soo7cJK
-  Wl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ2FzisZs3Jz4izLgi8r6hB/NbIOOc
-  5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcMPQIDAQABAoIBABhHwa2EEvvA/aZH
-  IqjpftkIbDCU08CUmKdUzsA6UvNfZpRKjJ0z/Afoo9EPYlu0xKuGZTcVrCWJ9uI3
-  sP5/960j3By0FQpY4fRlauGF3dp0EFKDGhFqxNeObRYepbsFHvTaabRwVqhkL4pP
-  N0x67Z4IpILEuKgQc+J1X2yEZpk4gq5j7AWvpVIjt1TdznLgpsmcUWT/MAh2uTiu
-  Fcre+xC3C9a8M2/Df3I5CRff1g4rIRIdOWG+5cqBu8tPEDBllyKZe+9KouhoxJIx
-  cd+ooLHhKKtR4nV8X7w6UiRLd6MYfcAEQKpkc8InP4oE93moSdyPGGUZf09kimfC
-  d5v+U/UCgYEA8IX/Y0DYaIy7XXtyDxAusDhYUewFIW7LVqmphSUVolgcSbILWki1
-  OtfLMZJ/Ft+p7f+PSVFFi7Cm9E0nc8t/As4MhPNMMQxgzs0qaFfXVfEY1gY4KBwr
-  8RpZn3/dHZSlZVjD5hp2ZagHEOmN3b7ZdqTYr2k1uAJe++YVHHcQKzcCgYEA3SG6
-  P0RKGNpeJajIiUh7ehdA17FRw9vB8ui6tzh+2PxTtkv988GOBHH/NTaitvTvyi5D
-  u7ayyYcuQANQaKlWRB8zLq3Rwl7uXRF0fqKgK3yDGoZVdljBd0zjzIcuyzHJq4/W
-  KCVGDSFmmeAo+8r/zJkzsFX3kpLFEWRZlxIHhisCgYEAnEy3dWxCNU6ew1Tg/eDq
-  NiGnYzUY8GzrPlnqi1daA7F2UH2e2wC8pIxuwrwMUnTuHHciSebCZtBY7hDlPl5T
-  HyN/BzaDoKwGjNzOXhgXGwYduZc5DvefpoIVE40nx309LerNAs7XeaADV34ubpcD
-  AhKFrReVjQodZ1xRA7pri2kCgYAfWyH6yKctIQHKm0VcWh/QLy3tp+ItQKMe26tm
-  QaeTAyyno9ztzJtju/pxRD8MbGz4IVlPa9esRfPj9dRYEvL9k+MBEnq08hsgrVH0
-  hwDpSa2ZfETwFCPS099VaDHVdEjhf/LhHG/zerH+zc9h7OYaz/qJXZdOfGtfTPh7
-  OH5CowKBgQCeoKwc5o+WXZl+ebFpwX3eLE3mlGDGwLnJ3N8bue7IIHZOes3Zihbq
-  G1Bx31npUYt8Ylr7z7wbcLMuEGxWzdLJr6C+J6XwmI+l2j1q1knn0N7scptv54HH
-  BM1Yk/elAaeuAdKDrdud9daBhGuoBVgyAbpQiq0iXgomcPjvU2jvrg==
-  -----END RSA PRIVATE KEY-----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: service-account
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: deckhand/PrivateKey/v1
diff --git a/type/skiff/secrets/certificates/ingress.yaml b/type/skiff/secrets/certificates/ingress.yaml
deleted file mode 100644
index 78c063b23..000000000
--- a/type/skiff/secrets/certificates/ingress.yaml
+++ /dev/null
@@ -1,135 +0,0 @@
----
-# Example manifest for ingress cert.
-# Shall be replaced with proper/valid set.
-# Self-signed certs are not supported.
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: ingress-crt
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-crt-site
-  storagePolicy: cleartext
-schema: deckhand/Certificate/v1
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
-  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
-  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
-  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
-  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
-  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
-  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
-  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
-  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
-  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
-  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
-  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
-  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
-  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
-  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
-  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
-  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
-  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
-  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
-  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
-  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
-  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
-  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
-  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
-  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
-  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
-  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
-  -----END CERTIFICATE-----
-...
----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: ingress-ca
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-ca-site
-  storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
-data: |
-  -----BEGIN CERTIFICATE-----
-  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
-  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
-  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
-  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
-  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
-  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
-  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
-  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
-  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
-  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
-  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
-  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
-  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
-  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
-  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
-  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
-  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
-  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
-  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
-  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
-  +g==
-  -----END CERTIFICATE-----
-...
----
-metadata:
-  layeringDefinition:
-    abstract: false
-    layer: type
-  name: ingress-key
-  schema: metadata/Document/v1
-  labels:
-    name: ingress-key-site
-  storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
-data: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
-  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
-  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
-  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
-  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
-  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
-  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
-  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
-  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
-  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
-  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
-  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
-  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
-  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
-  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
-  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
-  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
-  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
-  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
-  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
-  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
-  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
-  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
-  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
-  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
-  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
-  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
-  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
-  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
-  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
-  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
-  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
-  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
-  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
-  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
-  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
-  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
-  -----END RSA PRIVATE KEY-----
-...
diff --git a/type/skiff/secrets/passphrases/apiserver-encryption-key-key1.yaml b/type/skiff/secrets/passphrases/apiserver-encryption-key-key1.yaml
deleted file mode 100644
index c3bf5ed98..000000000
--- a/type/skiff/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: apiserver-encryption-key-key1
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-# head -c 32 /dev/urandom | base64
-data: AH/KZrduGOc8NRs5Dkp1maqaOrVY+HZ9pAD/fCweMqw=
-...
diff --git a/type/skiff/secrets/passphrases/ceph_fsid.yaml b/type/skiff/secrets/passphrases/ceph_fsid.yaml
deleted file mode 100644
index 9964d0c47..000000000
--- a/type/skiff/secrets/passphrases/ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-# uuidgen
-data: 7b7576f4-3358-4668-9112-100440079807
-...
diff --git a/type/skiff/secrets/passphrases/ceph_swift_keystone_password.yaml b/type/skiff/secrets/passphrases/ceph_swift_keystone_password.yaml
deleted file mode 100644
index b45ed1398..000000000
--- a/type/skiff/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ceph_swift_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ipmi_admin_password.yaml b/type/skiff/secrets/passphrases/ipmi_admin_password.yaml
deleted file mode 100644
index d086faa2f..000000000
--- a/type/skiff/secrets/passphrases/ipmi_admin_password.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  labels:
-    name: ipmi-admin-password-site
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/maas-region-key.yaml b/type/skiff/secrets/passphrases/maas-region-key.yaml
deleted file mode 100644
index 58aa1410e..000000000
--- a/type/skiff/secrets/passphrases/maas-region-key.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: maas-region-key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-# openssl rand -hex 10
-data: 9026f6048d6a017dc913
-...
diff --git a/type/skiff/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_barbican_oslo_db_password.yaml
deleted file mode 100644
index d1aedc00e..000000000
--- a/type/skiff/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_barbican_password.yaml b/type/skiff/secrets/passphrases/osh_barbican_password.yaml
deleted file mode 100644
index 3848e24f0..000000000
--- a/type/skiff/secrets/passphrases/osh_barbican_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_barbican_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_cinder_oslo_db_password.yaml
deleted file mode 100644
index c12d3f73f..000000000
--- a/type/skiff/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_cinder_password.yaml b/type/skiff/secrets/passphrases/osh_cinder_password.yaml
deleted file mode 100644
index 15543fba0..000000000
--- a/type/skiff/secrets/passphrases/osh_cinder_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_cinder_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_glance_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_glance_oslo_db_password.yaml
deleted file mode 100644
index 21a1681e5..000000000
--- a/type/skiff/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_glance_password.yaml b/type/skiff/secrets/passphrases/osh_glance_password.yaml
deleted file mode 100644
index 04218f59d..000000000
--- a/type/skiff/secrets/passphrases/osh_glance_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_glance_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_heat_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_heat_oslo_db_password.yaml
deleted file mode 100644
index e1723600a..000000000
--- a/type/skiff/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_heat_password.yaml b/type/skiff/secrets/passphrases/osh_heat_password.yaml
deleted file mode 100644
index 74eae91fc..000000000
--- a/type/skiff/secrets/passphrases/osh_heat_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_heat_stack_user_password.yaml b/type/skiff/secrets/passphrases/osh_heat_stack_user_password.yaml
deleted file mode 100644
index d812f4347..000000000
--- a/type/skiff/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_stack_user_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_heat_trustee_password.yaml b/type/skiff/secrets/passphrases/osh_heat_trustee_password.yaml
deleted file mode 100644
index 0fe586dcf..000000000
--- a/type/skiff/secrets/passphrases/osh_heat_trustee_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_heat_trustee_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_horizon_oslo_db_password.yaml
deleted file mode 100644
index 36e67095b..000000000
--- a/type/skiff/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_horizon_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/type/skiff/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
deleted file mode 100644
index 2b09bc0da..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_elasticsearch_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/type/skiff/secrets/passphrases/osh_infra_grafana_admin_password.yaml
deleted file mode 100644
index a676f215b..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
deleted file mode 100644
index a267fcb1e..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
deleted file mode 100644
index e09b0c61f..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_grafana_oslo_db_session_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/type/skiff/secrets/passphrases/osh_infra_nagios_admin_password.yaml
deleted file mode 100644
index e53b1c826..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_nagios_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/type/skiff/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
deleted file mode 100644
index cd39defe7..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_openstack_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/type/skiff/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
deleted file mode 100644
index e89876a5d..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/type/skiff/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
deleted file mode 100644
index 74a628b5e..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/type/skiff/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
deleted file mode 100644
index 335107e7f..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_prometheus_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
deleted file mode 100644
index 3eecfb8c3..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_access_key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: admin_access_key
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
deleted file mode 100644
index 4c123bdd9..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_admin_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: admin_secret_key
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
deleted file mode 100644
index a8f1f4f5a..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_access_key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: elastic_access_key
-...
diff --git a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
deleted file mode 100644
index fc3ca2ff0..000000000
--- a/type/skiff/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_rgw_s3_elasticsearch_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: elastic_secret_key
-...
diff --git a/type/skiff/secrets/passphrases/osh_keystone_admin_password.yaml b/type/skiff/secrets/passphrases/osh_keystone_admin_password.yaml
deleted file mode 100644
index 212940618..000000000
--- a/type/skiff/secrets/passphrases/osh_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_keystone_ldap_password.yaml b/type/skiff/secrets/passphrases/osh_keystone_ldap_password.yaml
deleted file mode 100644
index 681f3cec1..000000000
--- a/type/skiff/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_keystone_oslo_db_password.yaml
deleted file mode 100644
index 5782a8c33..000000000
--- a/type/skiff/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_neutron_oslo_db_password.yaml
deleted file mode 100644
index 773c2463c..000000000
--- a/type/skiff/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_neutron_password.yaml b/type/skiff/secrets/passphrases/osh_neutron_password.yaml
deleted file mode 100644
index 41e3fd10f..000000000
--- a/type/skiff/secrets/passphrases/osh_neutron_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_neutron_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/type/skiff/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
deleted file mode 100644
index 7177cbeb7..000000000
--- a/type/skiff/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_metadata_proxy_shared_secret
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_nova_oslo_db_password.yaml b/type/skiff/secrets/passphrases/osh_nova_oslo_db_password.yaml
deleted file mode 100644
index 34c3a9ddd..000000000
--- a/type/skiff/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_nova_password.yaml b/type/skiff/secrets/passphrases/osh_nova_password.yaml
deleted file mode 100644
index 1d115e3bd..000000000
--- a/type/skiff/secrets/passphrases/osh_nova_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_nova_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/type/skiff/secrets/passphrases/osh_oslo_cache_secret_key.yaml
deleted file mode 100644
index a6406a31b..000000000
--- a/type/skiff/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_cache_secret_key
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_oslo_db_admin_password.yaml b/type/skiff/secrets/passphrases/osh_oslo_db_admin_password.yaml
deleted file mode 100644
index 9082d3e7d..000000000
--- a/type/skiff/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/type/skiff/secrets/passphrases/osh_oslo_db_exporter_password.yaml
deleted file mode 100644
index dd06f0b46..000000000
--- a/type/skiff/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_db_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_oslo_messaging_password.yaml b/type/skiff/secrets/passphrases/osh_oslo_messaging_password.yaml
deleted file mode 100644
index df7f34bcc..000000000
--- a/type/skiff/secrets/passphrases/osh_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_oslo_messaging_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_placement_password.yaml b/type/skiff/secrets/passphrases/osh_placement_password.yaml
deleted file mode 100644
index d278e7725..000000000
--- a/type/skiff/secrets/passphrases/osh_placement_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_placement_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/type/skiff/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index 0f0712e22..000000000
--- a/type/skiff/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/osh_tempest_password.yaml b/type/skiff/secrets/passphrases/osh_tempest_password.yaml
deleted file mode 100644
index a5dcdb842..000000000
--- a/type/skiff/secrets/passphrases/osh_tempest_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_tempest_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/tenant_ceph_fsid.yaml b/type/skiff/secrets/passphrases/tenant_ceph_fsid.yaml
deleted file mode 100644
index ff4ad65c0..000000000
--- a/type/skiff/secrets/passphrases/tenant_ceph_fsid.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant_ceph_fsid
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-# uuidgen
-data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
-...
diff --git a/type/skiff/secrets/passphrases/ubuntu_crypt_password.yaml b/type/skiff/secrets/passphrases/ubuntu_crypt_password.yaml
deleted file mode 100644
index 98a1f7ee4..000000000
--- a/type/skiff/secrets/passphrases/ubuntu_crypt_password.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ubuntu_crypt_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-# Pass: password123
-data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
-...
diff --git a/type/skiff/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/type/skiff/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
deleted file mode 100644
index 3ce573f79..000000000
--- a/type/skiff/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_airflow_postgres_password.yaml b/type/skiff/secrets/passphrases/ucp_airflow_postgres_password.yaml
deleted file mode 100644
index d7bb0b644..000000000
--- a/type/skiff/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_airflow_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_armada_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_armada_keystone_password.yaml
deleted file mode 100644
index a886fceb1..000000000
--- a/type/skiff/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_armada_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_barbican_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_barbican_keystone_password.yaml
deleted file mode 100644
index 0a52e8830..000000000
--- a/type/skiff/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/type/skiff/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
deleted file mode 100644
index ad9513d9f..000000000
--- a/type/skiff/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_barbican_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_deckhand_keystone_password.yaml
deleted file mode 100644
index 941fbb0af..000000000
--- a/type/skiff/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/type/skiff/secrets/passphrases/ucp_deckhand_postgres_password.yaml
deleted file mode 100644
index de43f1ab4..000000000
--- a/type/skiff/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_deckhand_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_drydock_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_drydock_keystone_password.yaml
deleted file mode 100644
index 36bafd04b..000000000
--- a/type/skiff/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_drydock_postgres_password.yaml b/type/skiff/secrets/passphrases/ucp_drydock_postgres_password.yaml
deleted file mode 100644
index c7b0eeb42..000000000
--- a/type/skiff/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_drydock_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_keystone_admin_password.yaml b/type/skiff/secrets/passphrases/ucp_keystone_admin_password.yaml
deleted file mode 100644
index 1731fe5ed..000000000
--- a/type/skiff/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/type/skiff/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
deleted file mode 100644
index 55d48d16f..000000000
--- a/type/skiff/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_keystone_oslo_db_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_maas_admin_password.yaml b/type/skiff/secrets/passphrases/ucp_maas_admin_password.yaml
deleted file mode 100644
index 7a0548534..000000000
--- a/type/skiff/secrets/passphrases/ucp_maas_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_maas_postgres_password.yaml b/type/skiff/secrets/passphrases/ucp_maas_postgres_password.yaml
deleted file mode 100644
index a59cd8b48..000000000
--- a/type/skiff/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_maas_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
deleted file mode 100644
index 7e699d594..000000000
--- a/type/skiff/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_openstack_exporter_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/type/skiff/secrets/passphrases/ucp_oslo_db_admin_password.yaml
deleted file mode 100644
index 4aa313278..000000000
--- a/type/skiff/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_db_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_oslo_messaging_password.yaml b/type/skiff/secrets/passphrases/ucp_oslo_messaging_password.yaml
deleted file mode 100644
index 2f31b5532..000000000
--- a/type/skiff/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_oslo_messaging_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_postgres_admin_password.yaml b/type/skiff/secrets/passphrases/ucp_postgres_admin_password.yaml
deleted file mode 100644
index 24633530d..000000000
--- a/type/skiff/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_postgres_exporter_password.yaml b/type/skiff/secrets/passphrases/ucp_postgres_exporter_password.yaml
deleted file mode 100644
index cd858bfe8..000000000
--- a/type/skiff/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_postgres_replication_password.yaml b/type/skiff/secrets/passphrases/ucp_postgres_replication_password.yaml
deleted file mode 100644
index 45161017c..000000000
--- a/type/skiff/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_promenade_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_promenade_keystone_password.yaml
deleted file mode 100644
index 948ff306f..000000000
--- a/type/skiff/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_promenade_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/type/skiff/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
deleted file mode 100644
index d0ef66676..000000000
--- a/type/skiff/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_rabbitmq_erlang_cookie
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/type/skiff/secrets/passphrases/ucp_shipyard_keystone_password.yaml
deleted file mode 100644
index 8ab3ea06d..000000000
--- a/type/skiff/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_keystone_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/skiff/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/type/skiff/secrets/passphrases/ucp_shipyard_postgres_password.yaml
deleted file mode 100644
index 9c4316573..000000000
--- a/type/skiff/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_shipyard_postgres_password
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data: password123
-...
diff --git a/type/sloop/charts/kubernetes/ingress/ingress.yaml b/type/sloop/charts/kubernetes/ingress/ingress.yaml
deleted file mode 100644
index 40fd48b68..000000000
--- a/type/sloop/charts/kubernetes/ingress/ingress.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ingress-kube-system
-  labels:
-    name: ingress-kube-system-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      ingress: kube-system
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/type/sloop/charts/osh-infra/elasticsearch.yaml b/type/sloop/charts/osh-infra/elasticsearch.yaml
deleted file mode 100644
index d31443a0f..000000000
--- a/type/sloop/charts/osh-infra/elasticsearch.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: elasticsearch
-  labels:
-    name: elasticsearch-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      hosttype: elasticsearch-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        master: 2
-        data: 1
-        client: 2
-    storage:
-      requests:
-        storage: 50Gi
-    conf:
-      elasticsearch:
-        env:
-          java_opts:
-            client: "-Xms768m -Xmx768m"
-            data: "-Xms768m -Xmx768m"
-            master: "-Xms768m -Xmx768m"
-...
diff --git a/type/sloop/charts/osh-infra/fluentbit.yaml b/type/sloop/charts/osh-infra/fluentbit.yaml
deleted file mode 100644
index 1d176cd8a..000000000
--- a/type/sloop/charts/osh-infra/fluentbit.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentbit
-  labels:
-    name: fluentbit-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      hosttype: fluentbit-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        fluentd: 1
-...
diff --git a/type/sloop/charts/osh-infra/fluentd.yaml b/type/sloop/charts/osh-infra/fluentd.yaml
deleted file mode 100644
index 906b26d74..000000000
--- a/type/sloop/charts/osh-infra/fluentd.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentd
-  labels:
-    name: fluentd-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      hosttype: fluentd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        fluentd: 1
-...
diff --git a/type/sloop/charts/osh-infra/grafana.yaml b/type/sloop/charts/osh-infra/grafana.yaml
deleted file mode 100644
index d12f7d26e..000000000
--- a/type/sloop/charts/osh-infra/grafana.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: grafana
-  labels:
-    name: grafana-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: grafana-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        grafana: 1
-...
diff --git a/type/sloop/charts/osh-infra/ingress.yaml b/type/sloop/charts/osh-infra/ingress.yaml
deleted file mode 100644
index 96753c94d..000000000
--- a/type/sloop/charts/osh-infra/ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: osh-infra-ingress-controller
-  labels:
-    name: osh-infra-ingress-controller-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: osh-infra-ingress-controller-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/sloop/charts/osh-infra/mariadb.yaml b/type/sloop/charts/osh-infra/mariadb.yaml
deleted file mode 100644
index ddb442452..000000000
--- a/type/sloop/charts/osh-infra/mariadb.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: osh-infra-mariadb
-  labels:
-    name: osh-infra-mariadb-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: osh-infra-mariadb-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-        ingress: 1
-...
diff --git a/type/sloop/charts/osh-infra/prometheus.yaml b/type/sloop/charts/osh-infra/prometheus.yaml
deleted file mode 100644
index 4b02c0453..000000000
--- a/type/sloop/charts/osh-infra/prometheus.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: prometheus
-  labels:
-    name: prometheus-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: prometheus-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        prometheus: 1
-      resources:
-        enabled: true
-        prometheus:
-          limits:
-            memory: "4Gi"
-            cpu: "2000m"
-          requests:
-            memory: "2Gi"
-            cpu: "1000m"
-    storage:
-      requests:
-        storage: 50Gi
-...
diff --git a/type/sloop/charts/osh/ceph/ceph-client.yaml b/type/sloop/charts/osh/ceph/ceph-client.yaml
deleted file mode 100644
index 0f431e69b..000000000
--- a/type/sloop/charts/osh/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,102 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-client
-  labels:
-    name: tenant-ceph-client-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: tenant-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        mds: 1
-        mgr: 1
-    conf:
-      ceph:
-        global:
-          osd_pool_default_size: 1
-      pool:
-        default:
-          crush_rule: same_host
-        spec:
-          # RBD pool
-          - name: rbd
-            application: rbd
-            replication: 1
-            percent_total_data: 10
-          # Cinder volumes  pool
-          - name: cinder.volumes
-            application: cinder-volume
-            replication: 1
-            percent_total_data: 40
-          # RadosGW pools
-          - name: .rgw.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.control
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.data.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.gc
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.intent-log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.meta
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.usage
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.keys
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.email
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.swift
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.uid
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.extra
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.index
-            application: rgw
-            replication: 1
-            percent_total_data: 3
-          - name: default.rgw.buckets.data
-            application: rgw
-            replication: 1
-            percent_total_data: 30
-...
diff --git a/type/sloop/charts/osh/ceph/ceph-ingress.yaml b/type/sloop/charts/osh/ceph/ceph-ingress.yaml
deleted file mode 100644
index e1c53bca3..000000000
--- a/type/sloop/charts/osh/ceph/ceph-ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: tenant-ceph-ingress
-  labels:
-    name: tenant-ceph-ingress-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: tenant-ceph-ingress-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/sloop/charts/osh/ceph/ceph-osd.yaml b/type/sloop/charts/osh/ceph/ceph-osd.yaml
deleted file mode 100644
index b07c05baa..000000000
--- a/type/sloop/charts/osh/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: tenant-ceph-osd
-  labels:
-    name: tenant-ceph-osd-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: tenant-ceph-osd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/type/sloop/charts/osh/comps/cinder.yaml b/type/sloop/charts/osh/comps/cinder.yaml
deleted file mode 100644
index de00b1f79..000000000
--- a/type/sloop/charts/osh/comps/cinder.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: cinder
-  labels:
-    name: cinder-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: cinder-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-        volume: 1
-        scheduler: 1
-        backup: 1
-...
diff --git a/type/sloop/charts/osh/comps/glance.yaml b/type/sloop/charts/osh/comps/glance.yaml
deleted file mode 100644
index 646dc5211..000000000
--- a/type/sloop/charts/osh/comps/glance.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: glance
-  labels:
-    name: glance-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: glance-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-        registry: 1
-...
diff --git a/type/sloop/charts/osh/comps/heat.yaml b/type/sloop/charts/osh/comps/heat.yaml
deleted file mode 100644
index 55b90bc4d..000000000
--- a/type/sloop/charts/osh/comps/heat.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: heat
-  labels:
-    name: heat-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: heat-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-        cfn: 1
-        cloudwatch: 1
-        engine: 1
-...
diff --git a/type/sloop/charts/osh/comps/horizon.yaml b/type/sloop/charts/osh/comps/horizon.yaml
deleted file mode 100644
index af57f9274..000000000
--- a/type/sloop/charts/osh/comps/horizon.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: horizon
-  labels:
-    name: horizon-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: horizon-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/sloop/charts/osh/comps/ingress.yaml b/type/sloop/charts/osh/comps/ingress.yaml
deleted file mode 100644
index be48672e3..000000000
--- a/type/sloop/charts/osh/comps/ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: openstack-ingress-controller
-  labels:
-    name: openstack-ingress-controller-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-ingress-controller-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/sloop/charts/osh/comps/keystone.yaml b/type/sloop/charts/osh/comps/keystone.yaml
deleted file mode 100644
index dfe6cf170..000000000
--- a/type/sloop/charts/osh/comps/keystone.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: keystone
-  labels:
-    name: keystone-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: keystone-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/sloop/charts/osh/comps/mariadb.yaml b/type/sloop/charts/osh/comps/mariadb.yaml
deleted file mode 100644
index da7c0ab46..000000000
--- a/type/sloop/charts/osh/comps/mariadb.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: openstack-mariadb
-  labels:
-    name: openstack-mariadb-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-mariadb-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-        ingress: 1
-...
diff --git a/type/sloop/charts/osh/comps/neutron.yaml b/type/sloop/charts/osh/comps/neutron.yaml
deleted file mode 100644
index cd49fd6cd..000000000
--- a/type/sloop/charts/osh/comps/neutron.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: neutron
-  labels:
-    name: neutron-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: neutron-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/sloop/charts/osh/comps/nova.yaml b/type/sloop/charts/osh/comps/nova.yaml
deleted file mode 100644
index 1d259db56..000000000
--- a/type/sloop/charts/osh/comps/nova.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova
-  labels:
-    name: nova-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: nova-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api_metadata: 1
-        compute_ironic: 1
-        placement: 1
-        osapi: 1
-        conductor: 1
-        consoleauth: 1
-        scheduler: 1
-        novncproxy: 1
-        spiceproxy: 1
-...
diff --git a/type/sloop/charts/osh/comps/openstack-rabbitmq.yaml b/type/sloop/charts/osh/comps/openstack-rabbitmq.yaml
deleted file mode 100644
index 75d389892..000000000
--- a/type/sloop/charts/osh/comps/openstack-rabbitmq.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: openstack-rabbitmq
-  labels:
-    name: openstack-rabbitmq-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: openstack-rabbitmq-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/sloop/charts/ucp/ceph/ceph-client.yaml b/type/sloop/charts/ucp/ceph/ceph-client.yaml
deleted file mode 100644
index 4effe6cf3..000000000
--- a/type/sloop/charts/ucp/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client
-  labels:
-    name: ucp-ceph-client-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          osd: 1
-        spec:
-          # RBD pool
-          - name: rbd
-            application: rbd
-            replication: 1
-            percent_total_data: 40
-          - name: cephfs_metadata
-            application: cephfs
-            replication: 1
-            percent_total_data: 5
-          - name: cephfs_data
-            application: cephfs
-            replication: 1
-            percent_total_data: 10
-          # RadosGW pools
-          - name: .rgw.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.control
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.data.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.gc
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.intent-log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.meta
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.usage
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.keys
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.email
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.swift
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.uid
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.extra
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.index
-            application: rgw
-            replication: 1
-            percent_total_data: 3
-          - name: default.rgw.buckets.data
-            application: rgw
-            replication: 1
-            percent_total_data: 34.8
-...
diff --git a/type/sloop/charts/ucp/ceph/ceph-ingress.yaml b/type/sloop/charts/ucp/ceph/ceph-ingress.yaml
deleted file mode 100644
index 6f4edc501..000000000
--- a/type/sloop/charts/ucp/ceph/ceph-ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-ceph-ingress
-  labels:
-    name: ucp-ceph-ingress-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ceph-ingress-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/sloop/charts/ucp/ceph/ceph-osd.yaml b/type/sloop/charts/ucp/ceph/ceph-osd.yaml
deleted file mode 100644
index 56249e7a1..000000000
--- a/type/sloop/charts/ucp/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-osd
-  labels:
-    name: ucp-ceph-osd-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ceph-osd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...
diff --git a/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml b/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml
deleted file mode 100644
index 22ddc965e..000000000
--- a/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-ceph-provisioners
-  labels:
-    name: ucp-ceph-provisioners-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ceph-provisioners
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        cephfs_provisioner: 1
-        rbd_provisioner: 1
-...
diff --git a/type/sloop/charts/ucp/comps/armada.yaml b/type/sloop/charts/ucp/comps/armada.yaml
deleted file mode 100644
index bd4790087..000000000
--- a/type/sloop/charts/ucp/comps/armada.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-armada
-  labels:
-    name: ucp-armada-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-armada-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/sloop/charts/ucp/comps/barbican.yaml b/type/sloop/charts/ucp/comps/barbican.yaml
deleted file mode 100644
index 60dd0ffa9..000000000
--- a/type/sloop/charts/ucp/comps/barbican.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-barbican
-  labels:
-    name: ucp-barbican-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-barbican-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/sloop/charts/ucp/comps/deckhand.yaml b/type/sloop/charts/ucp/comps/deckhand.yaml
deleted file mode 100644
index 36cfd4800..000000000
--- a/type/sloop/charts/ucp/comps/deckhand.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-deckhand
-  labels:
-    name: ucp-deckhand-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-deckhand-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        deckhand: 1
-...
diff --git a/type/sloop/charts/ucp/comps/drydock.yaml b/type/sloop/charts/ucp/comps/drydock.yaml
deleted file mode 100644
index 32ff1951b..000000000
--- a/type/sloop/charts/ucp/comps/drydock.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-drydock
-  labels:
-    name: ucp-drydock-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-drydock-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-
-    # MaaS IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.ip
-      dest:
-        path: .values.conf.drydock.maasdriver.maas_api_url
-        pattern: 'MAAS_IP'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.conf.drydock.maasdriver.maas_api_url
-        pattern: 'MAAS_PORT'
-
-data:
-  values:
-    network:
-      api:
-        nodeport:
-          enabled: true
-    replicas:
-      drydock: 1
-    conf:
-      drydock:
-        database:
-          pool_size: 200
-        maasdriver:
-          maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS
-...
diff --git a/type/sloop/charts/ucp/comps/keystone.yaml b/type/sloop/charts/ucp/comps/keystone.yaml
deleted file mode 100644
index f4eceb63b..000000000
--- a/type/sloop/charts/ucp/comps/keystone.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-keystone
-  labels:
-    name: ucp-keystone-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-keystone-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-...
diff --git a/type/sloop/charts/ucp/comps/maas.yaml b/type/sloop/charts/ucp/comps/maas.yaml
deleted file mode 100644
index 39dbac0ae..000000000
--- a/type/sloop/charts/ucp/comps/maas.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
----
-# This file defines site-specific deviations for MaaS.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-maas
-  labels:
-    name: ucp-maas-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-maas-global
-    actions:
-      - method: merge
-        path: .values.manifests
-      - method: merge
-        path: .values.network
-      - method: merge
-        path: .values.conf
-      - method: replace
-        path: .values.dependencies.static
-      - method: replace
-        path: .values.endpoints.maas_ingress.hosts
-  storagePolicy: cleartext
-  substitutions:
-
-    # Drydock IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .bootstrap.ip
-      dest:
-        path: .values.conf.drydock.bootaction_url
-        pattern: '(DRYDOCK_IP)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.drydock_api
-      dest:
-        path: .values.conf.drydock.bootaction_url
-        pattern: '(DRYDOCK_PORT)'
-
-    # MaaS IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .bootstrap.ip
-      dest:
-        path: .values.conf.maas.url.maas_url
-        pattern: '(MAAS_IP)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.conf.maas.url.maas_url
-        pattern: '(MAAS_PORT)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.endpoints.maas_region.port.region_api.nodeport
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_proxy
-      dest:
-        path: .values.endpoints.maas_region.port.region_proxy.default
-data:
-  values:
-    manifests:
-      maas_ingress: false
-
-    network:
-      region_proxy:
-        node_port:
-          enabled: true
-      region_api:
-        ingress:
-          public: false
-        node_port:
-          enabled: true
-
-    conf:
-      drydock:
-        bootaction_url: http://DRYDOCK_IP:DRYDOCK_PORT/api/v1.0
-      maas:
-        images:
-          default_os: 'ubuntu'
-          default_image: 'xenial'
-          default_kernel: 'ga-16.04'
-        credentials:
-          secret:
-            namespace: ucp
-        url:
-          maas_url: http://MAAS_IP:MAAS_PORT/MAAS
-
-    dependencies:
-      static:
-        maas_ingress: {}
-        rack_controller:
-          services:
-            - service: maas_region
-              endpoint: internal
-          jobs:
-            - maas-export-api-key
-        region_controller:
-          jobs:
-            - maas-db-sync
-          services:
-            - service: maas_db
-              endpoint: internal
-        db_init:
-          services:
-            - service: maas_db
-              endpoint: internal
-        db_sync:
-          jobs:
-            - maas-db-init
-        bootstrap_admin_user:
-          jobs:
-            - maas-db-sync
-          services:
-            - service: maas_region
-              endpoint: internal
-            - service: maas_db
-              endpoint: internal
-        import_resources:
-          jobs:
-            - maas-bootstrap-admin-user
-          services:
-            - service: maas_region
-              endpoint: internal
-            - service: maas_db
-              endpoint: internal
-        export_api_key:
-          jobs:
-            - maas-bootstrap-admin-user
-          services:
-            - service: maas_region
-              endpoint: internal
-            - service: maas_db
-              endpoint: internal
-
-    endpoints:
-      maas_ingress:
-        hosts:
-          default: maas-ingress
-          error_pages: maas-ingress-error
-...
diff --git a/type/sloop/charts/ucp/comps/promenade.yaml b/type/sloop/charts/ucp/comps/promenade.yaml
deleted file mode 100644
index 817fe66a8..000000000
--- a/type/sloop/charts/ucp/comps/promenade.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-# The purpose of this file is to provide site-specific parameters for the ucp-
-# promenade chart.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade
-  labels:
-    name: ucp-promenade-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-promenade-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        api: 1
-      env:
-        promenade_api: []
-          # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: http_proxy
-          #   value: http://proxy.example.com:8080
-          # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: https_proxy
-          #   value: http://proxy.example.com:8080
-          # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
-          # IPs / domain names which the proxy should not be used for (i.e. the
-          # cluster domain and kubernetes service_cidr defined in common-addresses)
-          # Otherwise comment out these lines.
-          # - name: no_proxy
-          #   value: 10.36.0.1,.cluster.local
-          # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: HTTP_PROXY
-          #   value: http://proxy.example.com:8080
-          # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
-          # Otherwise comment out these lines.
-          # - name: HTTPS_PROXY
-          #   value: http://proxy.example.com:8080
-          # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
-          # IPs / domain names which the proxy should not be used for (i.e. the
-          # cluster domain and kubernetes service_cidr defined in common-addresses)
-          # Otherwise comment out these lines.
-          # - name: NO_PROXY
-          #   value: 10.36.0.1,.cluster.local
-...
diff --git a/type/sloop/charts/ucp/comps/shipyard.yaml b/type/sloop/charts/ucp/comps/shipyard.yaml
deleted file mode 100644
index 83218b602..000000000
--- a/type/sloop/charts/ucp/comps/shipyard.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-shipyard
-  labels:
-    name: ucp-shipyard-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-shipyard-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        shipyard:
-          api: 1
-        airflow:
-          worker: 1
-          scheduler: 1
-...
diff --git a/type/sloop/charts/ucp/core/ingress.yaml b/type/sloop/charts/ucp/core/ingress.yaml
deleted file mode 100644
index 386bc00f6..000000000
--- a/type/sloop/charts/ucp/core/ingress.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-ingress
-  labels:
-    name: ucp-ingress-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-ingress-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        ingress: 1
-        error_page: 1
-...
diff --git a/type/sloop/charts/ucp/core/mariadb.yaml b/type/sloop/charts/ucp/core/mariadb.yaml
deleted file mode 100644
index 02860408d..000000000
--- a/type/sloop/charts/ucp/core/mariadb.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-mariadb
-  labels:
-    name: ucp-mariadb-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-mariadb-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-        ingress: 1
-...
diff --git a/type/sloop/charts/ucp/core/postgresql.yaml b/type/sloop/charts/ucp/core/postgresql.yaml
deleted file mode 100644
index 8e7a3e3b1..000000000
--- a/type/sloop/charts/ucp/core/postgresql.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-postgresql
-  replacement: true
-  labels:
-    name: ucp-postgresql-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-postgresql-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/sloop/charts/ucp/core/rabbitmq.yaml b/type/sloop/charts/ucp/core/rabbitmq.yaml
deleted file mode 100644
index 4be903cdb..000000000
--- a/type/sloop/charts/ucp/core/rabbitmq.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: ucp-rabbitmq
-  labels:
-    name: ucp-rabbitmq-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: ucp-rabbitmq-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      replicas:
-        server: 1
-...
diff --git a/type/sloop/config/endpoints.yaml b/type/sloop/config/endpoints.yaml
deleted file mode 100644
index f5c89559f..000000000
--- a/type/sloop/config/endpoints.yaml
+++ /dev/null
@@ -1,961 +0,0 @@
----
-# The purpose of this file is to define the site's endpoint catalog. This should
-# not need to be modified for a new site.
-# #GLOBAL-CANDIDATE#
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_endpoints
-  labels:
-    name: ucp_endpoints-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  ucp:
-    identity:
-      namespace: ucp
-      name: keystone
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    armada:
-      name: armada
-      hosts:
-        default: armada-api
-        public: armada
-      port:
-        api:
-          default: 8000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    deckhand:
-      name: deckhand
-      hosts:
-        default: deckhand-int
-        public: deckhand-api
-      port:
-        api:
-          default: 9000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    postgresql:
-      name: postgresql
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: postgresql+psycopg2
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    postgresql_airflow_celery:
-      name: postgresql_airflow_celery_db
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: db+postgresql
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9311
-          public: 80
-    airflow_oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /airflow
-      scheme: amqp
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    oslo_messaging:
-      namespace: null
-      statefulset:
-        name: airship-ucp-rabbitmq-rabbitmq
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /keystone
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-    oslo_cache:
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    physicalprovisioner:
-      name: drydock
-      hosts:
-        default: drydock-api
-        public: drydock-api
-      port:
-        api:
-          default: 9000
-          nodeport: 31900
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-    maas_region:
-      name: maas-region
-      hosts:
-        default: maas-region
-        public: maas-region
-      path:
-        default: /MAAS
-      scheme:
-        default: "http"
-      port:
-        region_api:
-          default: 80
-          nodeport: 31900
-          podport: 80
-          public: 80
-        region_proxy:
-          default: 8000
-      host_fqdn_override:
-        default: null
-    maas_ingress:
-      hosts:
-        default: maas-ingress
-        error_pages: maas-ingress-error
-      host_fqdn_override:
-        public: null
-      port:
-        http:
-          default: 80
-        https:
-          default: 443
-        ingress_default_server:
-          default: 8383
-        error_pages:
-          default: 8080
-          podport: 8080
-        healthz:
-          podport: 10259
-        status:
-          podport: 18089
-    kubernetesprovisioner:
-      name: promenade
-      hosts:
-        default: promenade-api
-      port:
-        api:
-          default: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-      host_fqdn_override:
-        default: null
-    shipyard:
-      name: shipyard
-      hosts:
-        default: shipyard-int
-        public: shipyard-api
-      port:
-        api:
-          default: 9000
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      host_fqdn_override:
-        default: null
-    prometheus_openstack_exporter:
-      namespace: ucp
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-  ceph:
-    object_store:
-      name: swift
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_mon:
-      namespace: ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6789
-    ceph_mgr:
-      namespace: ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7000
-      scheme:
-        default: "http"
-    tenant_ceph_mon:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6790
-    tenant_ceph_mgr:
-      namespace: tenant-ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7001
-        metrics:
-          default: 9284
-      scheme:
-        default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-  osh:
-    object_store:
-      name: swift
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1/KEY_$(tenant_id)s
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: openstack
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    prometheus_mysql_exporter:
-      namespace: openstack
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    oslo_messaging:
-      statefulset:
-        name: airship-openstack-rabbitmq-rabbitmq
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /VHOST_NAME
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    openstack_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    oslo_cache:
-      namespace: openstack
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    identity:
-      namespace: openstack
-      name: keystone
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-        internal: "http"
-      port:
-        api:
-          default: 80
-          internal: 5000
-    image:
-      name: glance
-      hosts:
-        default: glance-api
-        public: glance
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9292
-          public: 80
-    image_registry:
-      name: glance-registry
-      hosts:
-        default: glance-registry
-        public: glance-reg
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9191
-          public: 80
-    volume:
-      name: cinder
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev2:
-      name: cinderv2
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev3:
-      name: cinderv3
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v3/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    orchestration:
-      name: heat
-      hosts:
-        default: heat-api
-        public: heat
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v1/%(project_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8004
-          public: 80
-    cloudformation:
-      name: heat-cfn
-      hosts:
-        default: heat-cfn
-        public: cloudformation
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8000
-          public: 80
-    cloudwatch:
-      name: heat-cloudwatch
-      hosts:
-        default: heat-cloudwatch
-        public: cloudwatch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      type: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8003
-          public: 80
-    network:
-      name: neutron
-      hosts:
-        default: neutron-server
-        public: neutron
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 9696
-          public: 80
-    compute:
-      name: nova
-      hosts:
-        default: nova-api
-        public: nova
-      host_fqdn_override:
-        default: null
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8774
-          public: 80
-        novncproxy:
-          default: 80
-    compute_metadata:
-      name: nova
-      hosts:
-        default: nova-metadata
-        public: metadata
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        metadata:
-          default: 8775
-          public: 80
-    compute_novnc_proxy:
-      name: nova
-      hosts:
-        default: nova-novncproxy
-        public: novncproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /vnc_auto.html
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        novnc_proxy:
-          default: 6080
-          public: 80
-    compute_spice_proxy:
-      name: nova
-      hosts:
-        default: nova-spiceproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /spice_auto.html
-      scheme:
-        default: "http"
-      port:
-        spice_proxy:
-          default: 6082
-    placement:
-      name: placement
-      hosts:
-        default: placement-api
-        public: placement
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        api:
-          default: 8778
-          public: 80
-    dashboard:
-      name: horizon
-      hosts:
-        default: horizon-int
-        public: horizon
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        web:
-          default: 80
-          public: 80
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .ldap.auth_path
-      dest:
-        path: .osh_infra.ldap.path.default
-        pattern: AUTH_PATH
-data:
-  osh_infra:
-    ceph_object_store:
-      name: radosgw
-      namespace: osh-infra
-      hosts:
-        default: ceph-rgw
-        public: radosgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8088
-          public: 80
-    elasticsearch:
-      name: elasticsearch
-      namespace: osh-infra
-      hosts:
-        data: elasticsearch-data
-        default: elasticsearch-logging
-        discovery: elasticsearch-discovery
-        public: elasticsearch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-    prometheus_elasticsearch_exporter:
-      namespace: null
-      hosts:
-        default: elasticsearch-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9108
-    fluentd:
-      namespace: osh-infra
-      name: fluentd
-      hosts:
-        default: fluentd-logging
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        service:
-          default: 24224
-        metrics:
-          default: 24220
-    prometheus_fluentd_exporter:
-      namespace: osh-infra
-      hosts:
-        default: fluentd-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9309
-    oslo_db:
-      namespace: osh-infra
-      hosts:
-        default: mariadb
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-    prometheus_mysql_exporter:
-      namespace: osh-infra
-      hosts:
-        default: mysql-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: 'http'
-      port:
-        metrics:
-          default: 9104
-    grafana:
-      name: grafana
-      namespace: osh-infra
-      hosts:
-        default: grafana-dashboard
-        public: grafana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        grafana:
-          default: 3000
-          public: 80
-    monitoring:
-      name: prometheus
-      namespace: osh-infra
-      hosts:
-        default: prom-metrics
-        public: prometheus
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9090
-        http:
-          default: 80
-    kibana:
-      name: kibana
-      namespace: osh-infra
-      hosts:
-        default: kibana-dash
-        public: kibana
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        kibana:
-          default: 5601
-          public: 80
-    alerts:
-      name: alertmanager
-      namespace: osh-infra
-      hosts:
-        default: alerts-engine
-        public: alertmanager
-        discovery: alertmanager-discovery
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9093
-          public: 80
-        mesh:
-          default: 6783
-    kube_state_metrics:
-      namespace: kube-system
-      hosts:
-        default: kube-state-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 8080
-    kube_scheduler:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    kube_controller_manager:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    node_metrics:
-      namespace: kube-system
-      hosts:
-        default: node-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9100
-        prometheus_port:
-          default: 9100
-    process_exporter_metrics:
-      namespace: kube-system
-      hosts:
-        default: process-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9256
-    prometheus_openstack_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-    nagios:
-      name: nagios
-      namespace: osh-infra
-      hosts:
-        default: nagios-metrics
-        public: nagios
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-        public: "http"
-      port:
-        http:
-          default: 80
-          public: 80
-    ldap:
-      hosts:
-        default: ldap
-      host_fqdn_override:
-        default: null
-      path:
-        default: /AUTH_PATH
-      scheme:
-        default: "ldap"
-      port:
-        ldap:
-          default: 389
-...
diff --git a/type/sloop/config/service_accounts.yaml b/type/sloop/config/service_accounts.yaml
deleted file mode 100644
index 4541cdc2f..000000000
--- a/type/sloop/config/service_accounts.yaml
+++ /dev/null
@@ -1,437 +0,0 @@
----
-# The purpose of this file is to define the account catalog for the site. This
-# mostly contains service usernames, but also contain some information which
-# should be changed like the region (site) name.
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_service_accounts
-  labels:
-    name: ucp_service_accounts-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-data:
-    ucp:
-        postgres:
-            admin:
-                username: postgres
-            replica:
-                username: standby
-            exporter:
-                username: psql_exporter
-        oslo_db:
-            admin:
-                username: root
-        oslo_messaging:
-            admin:
-                username: rabbitmq
-        keystone:
-            admin:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: admin
-                project_name: admin
-                user_domain_name: default
-                project_domain_name: default
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-            oslo_db:
-                username: keystone
-                database: keystone
-        promenade:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: promenade
-        drydock:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: drydock
-            postgres:
-                username: drydock
-                database: drydock
-        shipyard:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: shipyard
-            postgres:
-                username: shipyard
-                database: shipyard
-        airflow:
-            postgres:
-                username: airflow
-                database: airflow
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                user:
-                    username: airflow
-        maas:
-            admin:
-                username: admin
-                email: none@none
-            postgres:
-                username: maas
-                database: maasdb
-        barbican:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: barbican
-            oslo_db:
-                username: barbican
-                database: barbican
-            oslo_messaging:
-                admin:
-                    username: rabbitmq
-                keystone:
-                    username: keystone
-        armada:
-            keystone:
-                project_domain_name: default
-                user_domain_name: default
-                project_name: service
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                username: armada
-        deckhand:
-            keystone:
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                role: admin
-                project_name: service
-                project_domain_name: default
-                user_domain_name: default
-                username: deckhand
-            postgres:
-                username: deckhand
-                database: deckhand
-        prometheus_openstack_exporter:
-            user:
-                region_name: RegionOne
-                role: admin
-                username: prometheus-openstack-exporter
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-    ceph:
-        swift:
-            keystone:
-                role: admin
-                # NEWSITE-CHANGEME: Replace with the site name
-                region_name: RegionOne
-                username: swift
-                project_name: service
-                user_domain_name: default
-                project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.keystone.admin.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.cinder.cinder.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.glance.glance.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_trustee.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.heat.heat_stack_user.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.swift.keystone.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.neutron.neutron.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.nova.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.nova.placement.region_name
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh.barbican.barbican.region_name
-data:
-  osh:
-    keystone:
-      admin:
-        username: admin
-        project_name: admin
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: keystone
-        database: keystone
-      oslo_messaging:
-        keystone:
-          username: keystone-rabbitmq-user
-      ldap:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        username: "test@ldap.example.com"
-    cinder:
-      cinder:
-        role: admin
-        username: cinder
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: cinder
-        database: cinder
-      oslo_messaging:
-        cinder:
-          username: cinder-rabbitmq-user
-    glance:
-      glance:
-        role: admin
-        username: glance
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: glance
-        database: glance
-      oslo_messaging:
-        glance:
-          username: glance-rabbitmq-user
-      ceph_object_store:
-        username: glance
-    heat:
-      heat:
-        role: admin
-        username: heat
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_trustee:
-        role: admin
-        username: heat-trust
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      heat_stack_user:
-        role: admin
-        username: heat-domain
-        domain_name: heat
-      oslo_db:
-        username: heat
-        database: heat
-      oslo_messaging:
-        heat:
-          username: heat-rabbitmq-user
-    swift:
-      keystone:
-        role: admin
-        username: swift
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-oslodb-exporter
-    neutron:
-      neutron:
-        role: admin
-        username: neutron
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: neutron
-        database: neutron
-      oslo_messaging:
-        neutron:
-          username: neutron-rabbitmq-user
-    nova:
-      nova:
-        role: admin
-        username: nova
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      placement:
-        role: admin
-        username: placement
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: nova
-        database: nova
-      oslo_db_api:
-        username: nova
-        database: nova_api
-      oslo_db_cell0:
-        username: nova
-        database: "nova_cell0"
-      oslo_messaging:
-        nova:
-          username: nova-rabbitmq-user
-    horizon:
-      oslo_db:
-        username: horizon
-        database: horizon
-    barbican:
-      barbican:
-        role: admin
-        username: barbican
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-      oslo_db:
-        username: barbican
-        database: barbican
-      oslo_messaging:
-        barbican:
-          username: barbican-rabbitmq-user
-    oslo_messaging:
-      admin:
-        username: admin
-    tempest:
-      tempest:
-        role: admin
-        username: tempest
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-...
----
-schema: pegleg/AccountCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_service_accounts
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonSoftwareConfig/v1
-        name: common-software-config
-        path: .osh.region_name
-      dest:
-        path: .osh_infra.prometheus_openstack_exporter.user.region_name
-data:
-  osh_infra:
-    ceph_object_store:
-      admin:
-        username: s3_admin
-      elasticsearch:
-        username: elasticsearch
-    grafana:
-      admin:
-        username: grafana
-      oslo_db:
-        username: grafana
-        database: grafana
-      oslo_db_session:
-        username: grafana_session
-        database: grafana_session
-    elasticsearch:
-      admin:
-        username: elasticsearch
-    oslo_db:
-      admin:
-        username: root
-    prometheus_mysql_exporter:
-      user:
-        username: osh-infra-oslodb-exporter
-    prometheus_openstack_exporter:
-      user:
-        role: admin
-        username: prometheus-openstack-exporter
-        project_name: service
-        user_domain_name: default
-        project_domain_name: default
-    nagios:
-      admin:
-        username: nagios
-    prometheus:
-      admin:
-        username: prometheus
-    ldap:
-      admin:
-        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
-        # authenticate to the active directory backend to validate keystone
-        # users.
-        bind: "test@ldap.example.com"
-...
diff --git a/type/sloop/manifests/bootstrap.yaml b/type/sloop/manifests/bootstrap.yaml
deleted file mode 100644
index e015410c2..000000000
--- a/type/sloop/manifests/bootstrap.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: cluster-bootstrap
-  labels:
-    name: cluster-bootstrap-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: cluster-bootstrap-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-...
diff --git a/type/sloop/manifests/full-site.yaml b/type/sloop/manifests/full-site.yaml
deleted file mode 100644
index 070ef8c84..000000000
--- a/type/sloop/manifests/full-site.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-schema: armada/Manifest/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: full-site
-  labels:
-    name: full-site-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-    parentSelector:
-      name: full-site-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  release_prefix: airship
-  chart_groups:
-    - podsecuritypolicy
-    - kubernetes-proxy
-    - kubernetes-container-networking
-    - kubernetes-dns
-    - kubernetes-etcd
-    - kubernetes-haproxy
-    - kubernetes-core
-    - ingress-kube-system
-    - ucp-ceph
-    - ucp-ceph-config
-    - ucp-core
-    - ucp-keystone
-    - ucp-divingbell
-    - ucp-armada
-    - ucp-deckhand
-    - ucp-drydock
-    - ucp-promenade
-    - ucp-shipyard
-    - ucp-prometheus-openstack-exporter
-    - osh-infra-ingress-controller
-    - osh-infra-ceph-config
-    - osh-infra-radosgw
-    - osh-infra-logging
-    - osh-infra-monitoring
-    - osh-infra-mariadb
-    - osh-infra-dashboards
-    - openstack-ingress-controller
-    - openstack-ceph-config
-    - openstack-tenant-ceph
-    - openstack-mariadb
-    - openstack-rabbitmq
-    - openstack-memcached
-    - openstack-keystone
-    - openstack-radosgw
-    - openstack-glance
-    - openstack-cinder
-    - openstack-compute-kit
-    - openstack-heat
-    - osh-infra-prometheus-openstack-exporter
-    - openstack-horizon
-...
diff --git a/type/sloop/network/KubernetesNetwork.yaml b/type/sloop/network/KubernetesNetwork.yaml
deleted file mode 100644
index 56a3c97b4..000000000
--- a/type/sloop/network/KubernetesNetwork.yaml
+++ /dev/null
@@ -1,99 +0,0 @@
----
-schema: promenade/KubernetesNetwork/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-network
-  labels:
-    name: kubernetes-network-type
-  layeringDefinition:
-    abstract: false
-    layer: type
-  storagePolicy: cleartext
-  substitutions:
-    # DNS
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.cluster_domain
-      dest:
-        path: .dns.cluster_domain
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.service_ip
-      dest:
-        path: .dns.service_ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .dns.upstream_servers
-      dest:
-        path: .dns.upstream_servers
-
-    # Kubernetes IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .kubernetes.service_ip
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .kubernetes.pod_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.service_cidr
-      dest:
-        path: .kubernetes.service_cidr
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.apiserver_port
-      dest:
-        path: .kubernetes.apiserver_port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.haproxy_port
-      dest:
-        path: .kubernetes.haproxy_port
-
-    # etcd IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .etcd.container_port
-      dest:
-        path: .etcd.container_port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .etcd.haproxy_port
-      dest:
-        path: .etcd.haproxy_port
-
-    # proxy
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .proxy.http
-      dest:
-        path: .proxy.url
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .proxy.no_proxy
-      dest:
-        path: .proxy.additional_no_proxy
-
-data:
-  dns:
-    bootstrap_validation_checks:
-      - calico-etcd.kube-system.svc.cluster.local
-      - kubernetes-etcd.kube-system.svc.cluster.local
-      - kubernetes.default.svc.cluster.local
-...