summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhemanthnakkina <mail2hemanth.n@gmail.com>2018-11-29 10:21:00 +0530
committerGitHub <noreply@github.com>2018-11-29 10:21:00 +0530
commitecaef2b54975792271fe6705be52b20a047b3407 (patch)
tree78d46daaa79edf9dcbb8e544bd89a0e546b08565
parent0c9fb93e51dfcd83d44795eab981cc83e789920c (diff)
parent4a8e2720e189aaba7978e738d18736741e8b559d (diff)
Merge pull request #3 from purnendu15/master
Base Code for Tugboat Plugin and Addition of config files, templates
-rw-r--r--doc/requirements.txt3
-rw-r--r--doc/source/conf.py129
-rw-r--r--doc/source/getting_started.rst132
-rw-r--r--doc/source/index.rst34
-rw-r--r--spyglass/__init__.py0
-rw-r--r--spyglass/config/__init__.py0
-rw-r--r--spyglass/config/rules.yaml38
-rw-r--r--spyglass/data_extractor/base.py31
-rw-r--r--spyglass/data_extractor/plugins/formation.py4
-rw-r--r--spyglass/data_extractor/plugins/tugboat/check_exceptions.py35
-rw-r--r--spyglass/data_extractor/plugins/tugboat/tugboat.py350
-rw-r--r--spyglass/examples/SiteDesignSpec_v0.1.xlsxbin0 -> 17291 bytes
-rw-r--r--spyglass/examples/excel_spec.yaml63
-rw-r--r--spyglass/examples/site_config.yaml33
-rw-r--r--spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j226
-rw-r--r--spyglass/examples/templates/baremetal/nodes.yaml.j251
-rw-r--r--spyglass/examples/templates/deployment/deployment-strategy.yaml.j290
-rw-r--r--spyglass/examples/templates/networks/common_addresses.yaml.j2107
-rw-r--r--spyglass/examples/templates/networks/physical/networks.yaml.j2251
-rw-r--r--spyglass/examples/templates/pki/pki-catalogue.yaml.j2187
-rw-r--r--spyglass/examples/templates/profile/genesis.yaml.j240
-rw-r--r--spyglass/examples/templates/profile/hardware/dell_r720.yaml.j276
-rw-r--r--spyglass/examples/templates/profile/host/cp_r720.yaml.j2270
-rw-r--r--spyglass/examples/templates/profile/host/dp_r720.yaml.j2103
-rw-r--r--spyglass/examples/templates/profile/region.yaml.j235
-rw-r--r--spyglass/examples/templates/secrets/certificates/certificates.yaml.j22806
-rw-r--r--spyglass/examples/templates/secrets/certificates/ingress.yaml.j2135
-rw-r--r--spyglass/examples/templates/site-definition.yaml.j217
-rw-r--r--spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j296
-rw-r--r--spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j292
-rw-r--r--spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j228
-rw-r--r--spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j216
-rw-r--r--spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml16
-rw-r--r--spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j223
-rw-r--r--spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j225
-rw-r--r--spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j222
-rw-r--r--spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j255
-rw-r--r--spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2603
-rw-r--r--spyglass/examples/templates/software/config/common-software-config.yaml.j216
-rw-r--r--spyglass/examples/templates/software/config/endpoints.yaml.j21312
-rw-r--r--spyglass/examples/templates/software/config/service_accounts.yaml.j2443
-rw-r--r--spyglass/parser/engine.py166
-rw-r--r--spyglass/site_processors/site_processor.py6
-rw-r--r--spyglass/spyglass.py30
44 files changed, 7917 insertions, 78 deletions
diff --git a/doc/requirements.txt b/doc/requirements.txt
new file mode 100644
index 0000000..38d8f59
--- /dev/null
+++ b/doc/requirements.txt
@@ -0,0 +1,3 @@
1# Documentation
2sphinx>=1.6.2
3sphinx_rtd_theme==0.2.4
diff --git a/doc/source/conf.py b/doc/source/conf.py
new file mode 100644
index 0000000..981fdc8
--- /dev/null
+++ b/doc/source/conf.py
@@ -0,0 +1,129 @@
1# -*- coding: utf-8 -*-
2#
3# shipyard documentation build configuration file, created by
4# sphinx-quickstart on Sat Sep 16 03:40:50 2017.
5#
6# This file is execfile()d with the current directory set to its
7# containing dir.
8#
9# Note that not all possible configuration values are present in this
10# autogenerated file.
11#
12# All configuration values have a default; values that are commented out
13# serve to show the default.
14
15# If extensions (or modules to document with autodoc) are in another directory,
16# add these directories to sys.path here. If the directory is relative to the
17# documentation root, use os.path.abspath to make it absolute, like shown here.
18#
19import os
20import sys
21sys.path.insert(0, os.path.abspath('../../'))
22import sphinx_rtd_theme
23
24
25# -- General configuration ------------------------------------------------
26
27# If your documentation needs a minimal Sphinx version, state it here.
28#
29# needs_sphinx = '1.0'
30
31# Add any Sphinx extension module names here, as strings. They can be
32# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
33# ones.
34extensions = [
35 'sphinx.ext.autodoc',
36 'sphinx.ext.todo',
37 'sphinx.ext.viewcode',
38]
39
40# Add any paths that contain templates here, relative to this directory.
41# templates_path = []
42
43# The suffix(es) of source filenames.
44# You can specify multiple suffix as a list of string:
45#
46# source_suffix = ['.rst', '.md']
47source_suffix = '.rst'
48
49# The master toctree document.
50master_doc = 'index'
51
52# General information about the project.
53project = u'tugboat'
54copyright = u'2018 AT&T Intellectual Property.'
55author = u'Tugboat Authors'
56
57# The version info for the project you're documenting, acts as replacement for
58# |version| and |release|, also used in various other places throughout the
59# built documents.
60#
61# The short X.Y version.
62version = u'0.1.0'
63# The full version, including alpha/beta/rc tags.
64release = u'0.1.0'
65
66# The language for content autogenerated by Sphinx. Refer to documentation
67# for a list of supported languages.
68#
69# This is also used if you do content translation via gettext catalogs.
70# Usually you set "language" from the command line for these cases.
71language = None
72
73# List of patterns, relative to source directory, that match files and
74# directories to ignore when looking for source files.
75# This patterns also effect to html_static_path and html_extra_path
76exclude_patterns = []
77
78# The name of the Pygments (syntax highlighting) style to use.
79pygments_style = 'sphinx'
80
81# If true, `todo` and `todoList` produce output, else they produce nothing.
82todo_include_todos = False
83
84
85# -- Options for HTML output ----------------------------------------------
86
87# The theme to use for HTML and HTML Help pages. See the documentation for
88# a list of builtin themes.
89#
90html_theme = "sphinx_rtd_theme"
91html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
92
93# Theme options are theme-specific and customize the look and feel of a theme
94# further. For a list of options available for each theme, see the
95# documentation.
96#
97# html_theme_options = {}
98
99# Add any paths that contain custom static files (such as style sheets) here,
100# relative to this directory. They are copied after the builtin static files,
101# so a file named "default.css" will overwrite the builtin "default.css".
102html_static_path = []
103
104
105# -- Options for HTMLHelp output ------------------------------------------
106
107# Output file base name for HTML help builder.
108htmlhelp_basename = 'ucpintdoc'
109
110
111# -- Options for LaTeX output ---------------------------------------------
112
113latex_elements = {
114 # The paper size ('letterpaper' or 'a4paper').
115 #
116 # 'papersize': 'letterpaper',
117
118 # The font size ('10pt', '11pt' or '12pt').
119 #
120 # 'pointsize': '10pt',
121
122 # Additional stuff for the LaTeX preamble.
123 #
124 # 'preamble': '',
125
126 # Latex figure (float) alignment
127 #
128 # 'figure_align': 'htbp',
129}
diff --git a/doc/source/getting_started.rst b/doc/source/getting_started.rst
new file mode 100644
index 0000000..1e502f4
--- /dev/null
+++ b/doc/source/getting_started.rst
@@ -0,0 +1,132 @@
1..
2 Copyright 2018 AT&T Intellectual Property.
3 All Rights Reserved.
4
5 Licensed under the Apache License, Version 2.0 (the "License"); you may
6 not use this file except in compliance with the License. You may obtain
7 a copy of the License at
8
9 http://www.apache.org/licenses/LICENSE-2.0
10
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 License for the specific language governing permissions and limitations
15 under the License.
16
17===============
18Getting Started
19===============
20
21What is Spyglass?
22----------------
23
24Spyglass is a data extraction tool which can interface with
25different input data sources to generate site manifest YAML files.
26The data sources will provide all the configuration data needed
27for a site deployment. These site manifest YAML files generated
28by spyglass will be saved in a Git repository, from where Pegleg
29can access and aggregate them. This aggregated file can then be
30fed to Shipyard for site deployment / updates.
31
32Architecture
33------------
34
35::
36
37 +-----------+ +-------------+
38 | | | +-------+ |
39 | | +------>| |Generic| |
40 +-----------+ | | | |Object | |
41 |Tugboat(Xl)| I | | | +-------+ |
42 |Plugin | N | | | | |
43 +-----------+ T | | | | |
44 | E | | | +------+ |
45 +------------+ R | | | |Parser| +------> Intermediary YAML
46 |Remote Data | F |---+ | +------+ |
47 |SourcePlugin| A | | | |
48 +------------+ C | | |(Intermediary YAML)
49 | E | | | |
50 | | | | |
51 | H | | v |
52 | A | | +---------+|(templates) +------------+
53 | N | | |Site |+<--------------|Repository |
54 | D | | |Processor||-------------->|Adapter |
55 | L | | +---------+|(Generated +------------+
56 | E | | ^ | Site Manifests)
57 | R | | +---|-----+|
58 | | | | J2 ||
59 | | | |Templates||
60 | | | +---------+|
61 +-----------+ +-------------+
62
63--
64
65Basic Usage
66-----------
67
68Before using Spyglass you must:
69
70
711. Clone the Spyglass repository:
72
73 .. code-block:: console
74
75 git clone https://github.com/att-comdev/tugboat/tree/spyglass
76
772. Install the required packages in spyglass:
78
79 .. code-block:: console
80
81 pip3 install -r tugboat/requirements.txt
82
83
84CLI Options
85-----------
86
87Usage: spyglass [OPTIONS]
88
89Options:
90 -s, --site TEXT Specify the site for which manifests to be
91 generated
92 -t, --type TEXT Specify the plugin type formation or tugboat
93 -f, --formation_url TEXT Specify the formation url
94 -u, --formation_user TEXT Specify the formation user id
95 -p, --formation_password TEXT Specify the formation user password
96 -i, --intermediary PATH Intermediary file path generate manifests,
97 use -m also with this option
98 -d, --additional_config PATH Site specific configuraton details
99 -g, --generate_intermediary Dump intermediary file from passed excel and
100 excel spec
101 -idir, --intermediary_dir PATH The path where intermediary file needs to be
102 generated
103 -e, --edit_intermediary / -nedit, --no_edit_intermediary
104 Flag to let user edit intermediary
105 -m, --generate_manifests Generate manifests from the generated
106 intermediary file
107 -mdir, --manifest_dir PATH The path where manifest files needs to be
108 generated
109 -x, --excel PATH Path to engineering excel file, to be passed
110 with generate_intermediary
111 -e, --excel_spec PATH Path to excel spec, to be passed with
112 generate_intermediary
113 -l, --loglevel INTEGER Loglevel NOTSET:0 ,DEBUG:10, INFO:20,
114 WARNING:30, ERROR:40, CRITICAL:50 [default:
115 20]
116 --help Show this message and exit.
117
118
1191. Running Spyglass with Remote Data Source Plugin
120
121spyglass -mg --type formation -f <URL> -u <user_id> -p <password> -d <site_config> -s <sitetype> --template_dir=<j2 template dir>
122
1232. Running Spyglass with Excel Plugin
124
125spyglass -mg --type tugboat -x <Excel File> -e <Excel Spec> -d <Site Config> -s <Region> --template_dir=<j2 template dir>
126
127for example:
128spyglass -mg -t tugboat -x SiteDesignSpec_v0.1.xlsx -e excel_spec_upstream.yaml -d site_config.yaml -s airship-seaworthy --template_dir=<j2 template dir>
129Where sample 'excel_spec_upstream.yaml', 'SiteDesignSpec_v0.1.xlsx'
130'site_config.yaml' and J2 templates can be found under 'spyglass/examples'
131folder
132
diff --git a/doc/source/index.rst b/doc/source/index.rst
new file mode 100644
index 0000000..4c43fa2
--- /dev/null
+++ b/doc/source/index.rst
@@ -0,0 +1,34 @@
1..
2 Copyright 2018 AT&T Intellectual Property.
3 All Rights Reserved.
4
5 Licensed under the Apache License, Version 2.0 (the "License"); you may
6 not use this file except in compliance with the License. You may obtain
7 a copy of the License at
8
9 http://www.apache.org/licenses/LICENSE-2.0
10
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 License for the specific language governing permissions and limitations
15 under the License.
16
17=====================
18Spyglass Documentation
19=====================
20
21Overview
22--------
23Spyglass is a data extraction tool which can interface with
24different input data sources to generate site manifest YAML files.
25The data sources will provide all the configuration data needed
26for a site deployment. These site manifest YAML files generated
27by spyglass will be saved in a Git repository, from where Pegleg
28can access and aggregate them. This aggregated file can then be
29fed to Shipyard for site deployment / updates.
30
31.. toctree::
32 :maxdepth: 2
33
34 getting_started
diff --git a/spyglass/__init__.py b/spyglass/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/spyglass/__init__.py
diff --git a/spyglass/config/__init__.py b/spyglass/config/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/spyglass/config/__init__.py
diff --git a/spyglass/config/rules.yaml b/spyglass/config/rules.yaml
new file mode 100644
index 0000000..dfe4025
--- /dev/null
+++ b/spyglass/config/rules.yaml
@@ -0,0 +1,38 @@
1###########################
2# Global Rules #
3###########################
4#Rule1: ip_alloc_offset
5# Specifies the number of ip addresses to offset from
6# the start of subnet allocation pool while allocating it to host.
7# -for vlan it is set to 12 as default.
8# -for oob it is 10
9# -for all gateway ip addresss it is set to 1.
10# -for ingress vip it is 1
11# -for static end (non pxe) it is -1( means one but last ip of the pool)
12# -for dhcp end (pxe only) it is -2( 3rd from the last ip of the pool)
13#Rule2: host_profile_interfaces.
14# Specifies the network interfaces type and
15# and their names for a particular hw profile
16#Rule3: hardware_profile
17# This specifies the profile details bases on sitetype.
18# It specifies the profile name and host type for compute,
19# controller along with hw type
20---
21rule_ip_alloc_offset:
22 name: ip_alloc_offset
23 ip_alloc_offset:
24 default: 12
25 oob: 10
26 gateway: 1
27 ingress_vip: 1
28 static_ip_end: -2
29 dhcp_ip_end: -2
30rule_hardware_profile:
31 name: hardware_profile
32 hardware_profile:
33 foundry:
34 profile_name:
35 compute: dp-r720
36 ctrl: cp-r720
37 hw_type: dell_r720
38...
diff --git a/spyglass/data_extractor/base.py b/spyglass/data_extractor/base.py
index ce1513d..dd063a8 100644
--- a/spyglass/data_extractor/base.py
+++ b/spyglass/data_extractor/base.py
@@ -277,7 +277,6 @@ class BaseDataSourcePlugin(object):
277 """ 277 """
278 LOG.info("Extract baremetal information from plugin") 278 LOG.info("Extract baremetal information from plugin")
279 baremetal = {} 279 baremetal = {}
280 is_genesis = False
281 hosts = self.get_hosts(self.region) 280 hosts = self.get_hosts(self.region)
282 281
283 # For each host list fill host profile and network IPs 282 # For each host list fill host profile and network IPs
@@ -301,30 +300,19 @@ class BaseDataSourcePlugin(object):
301 300
302 # Fill network IP for this host 301 # Fill network IP for this host
303 temp_host['ip'] = {} 302 temp_host['ip'] = {}
304 temp_host['ip']['oob'] = temp_host_ips[host_name].get('oob', "") 303 temp_host['ip']['oob'] = temp_host_ips[host_name].get(
304 'oob', "#CHANGE_ME")
305 temp_host['ip']['calico'] = temp_host_ips[host_name].get( 305 temp_host['ip']['calico'] = temp_host_ips[host_name].get(
306 'calico', "") 306 'calico', "#CHANGE_ME")
307 temp_host['ip']['oam'] = temp_host_ips[host_name].get('oam', "") 307 temp_host['ip']['oam'] = temp_host_ips[host_name].get(
308 'oam', "#CHANGE_ME")
308 temp_host['ip']['storage'] = temp_host_ips[host_name].get( 309 temp_host['ip']['storage'] = temp_host_ips[host_name].get(
309 'storage', "") 310 'storage', "#CHANGE_ME")
310 temp_host['ip']['overlay'] = temp_host_ips[host_name].get( 311 temp_host['ip']['overlay'] = temp_host_ips[host_name].get(
311 'overlay', "") 312 'overlay', "#CHANGE_ME")
312 temp_host['ip']['pxe'] = temp_host_ips[host_name].get( 313 temp_host['ip']['pxe'] = temp_host_ips[host_name].get(
313 'pxe', "#CHANGE_ME") 314 'pxe', "#CHANGE_ME")
314 315
315 # Filling rack_type( compute/controller/genesis)
316 # "cp" host profile is controller
317 # "ns" host profile is compute
318 if (temp_host['host_profile'] == 'cp'):
319 # The controller node is designates as genesis"
320 if is_genesis is False:
321 is_genesis = True
322 temp_host['type'] = 'genesis'
323 else:
324 temp_host['type'] = 'controller'
325 else:
326 temp_host['type'] = 'compute'
327
328 baremetal[rack_name][host_name] = temp_host 316 baremetal[rack_name][host_name] = temp_host
329 LOG.debug("Baremetal information:\n{}".format( 317 LOG.debug("Baremetal information:\n{}".format(
330 pprint.pformat(baremetal))) 318 pprint.pformat(baremetal)))
@@ -412,8 +400,9 @@ class BaseDataSourcePlugin(object):
412 for net in networks: 400 for net in networks:
413 tmp_net = {} 401 tmp_net = {}
414 if net['name'] in networks_to_scan: 402 if net['name'] in networks_to_scan:
415 tmp_net['subnet'] = net['subnet'] 403 tmp_net['subnet'] = net.get('subnet', '#CHANGE_ME')
416 tmp_net['vlan'] = net['vlan'] 404 if ((net['name'] != 'ingress') and (net['name'] != 'oob')):
405 tmp_net['vlan'] = net.get('vlan', '#CHANGE_ME')
417 406
418 network_data['vlan_network_data'][net['name']] = tmp_net 407 network_data['vlan_network_data'][net['name']] = tmp_net
419 408
diff --git a/spyglass/data_extractor/plugins/formation.py b/spyglass/data_extractor/plugins/formation.py
index 18a5854..c91a8fb 100644
--- a/spyglass/data_extractor/plugins/formation.py
+++ b/spyglass/data_extractor/plugins/formation.py
@@ -433,8 +433,8 @@ class FormationPlugin(BaseDataSourcePlugin):
433 name_pattern = "(?i)({})".format(name) 433 name_pattern = "(?i)({})".format(name)
434 if re.search(name_pattern, vlan_name): 434 if re.search(name_pattern, vlan_name):
435 return network_names[name] 435 return network_names[name]
436 436 # Return empty string is vlan_name is not matched with network_names
437 return ("") 437 return ""
438 438
439 def get_dns_servers(self, region): 439 def get_dns_servers(self, region):
440 try: 440 try:
diff --git a/spyglass/data_extractor/plugins/tugboat/check_exceptions.py b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py
new file mode 100644
index 0000000..d11d58a
--- /dev/null
+++ b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py
@@ -0,0 +1,35 @@
1# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15
16class BaseError(Exception):
17 pass
18
19
20class NotEnoughIp(BaseError):
21 def __init__(self, cidr, total_nodes):
22 self.cidr = cidr
23 self.total_nodes = total_nodes
24
25 def display_error(self):
26 print('{} can not handle {} nodes'.format(self.cidr, self.total_nodes))
27
28
29class NoSpecMatched(BaseError):
30 def __init__(self, excel_specs):
31 self.specs = excel_specs
32
33 def display_error(self):
34 print('No spec matched. Following are the available specs:\n'.format(
35 self.specs))
diff --git a/spyglass/data_extractor/plugins/tugboat/tugboat.py b/spyglass/data_extractor/plugins/tugboat/tugboat.py
new file mode 100644
index 0000000..71144a8
--- /dev/null
+++ b/spyglass/data_extractor/plugins/tugboat/tugboat.py
@@ -0,0 +1,350 @@
1# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the 'License');
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an 'AS IS' BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import itertools
16import logging
17import pprint
18import re
19from spyglass.data_extractor.base import BaseDataSourcePlugin
20from spyglass.data_extractor.plugins.tugboat.excel_parser import ExcelParser
21
22LOG = logging.getLogger(__name__)
23
24
25class TugboatPlugin(BaseDataSourcePlugin):
26 def __init__(self, region):
27 LOG.info("Tugboat Initializing")
28 self.source_type = 'excel'
29 self.source_name = 'tugboat'
30
31 # Configuration parameters
32 self.excel_path = None
33 self.excel_spec = None
34
35 # Site related data
36 self.region = region
37
38 # Raw data from excel
39 self.parsed_xl_data = None
40
41 LOG.info("Initiated data extractor plugin:{}".format(self.source_name))
42
43 def set_config_opts(self, conf):
44 """
45 Placeholder to set confgiuration options
46 specific to each plugin.
47
48 :param dict conf: Configuration options as dict
49
50 Example: conf = { 'excel_spec': 'spec1.yaml',
51 'excel_path': 'excel.xls' }
52
53 Each plugin will have their own config opts.
54 """
55 self.excel_path = conf['excel_path']
56 self.excel_spec = conf['excel_spec']
57
58 # Extract raw data from excel sheets
59 self._get_excel_obj()
60 self._extract_raw_data_from_excel()
61 return
62
63 def get_plugin_conf(self, kwargs):
64 """ Validates the plugin param from CLI and return if correct
65
66
67 Ideally the CLICK module shall report an error if excel file
68 and excel specs are not specified. The below code has been
69 written as an additional safeguard.
70 """
71 try:
72 assert (len(
73 kwargs['excel'])), "Engineering Spec file not specified"
74 excel_file_info = kwargs['excel']
75 assert (kwargs['excel_spec']
76 ) is not None, "Excel Spec file not specified"
77 excel_spec_info = kwargs['excel_spec']
78 except AssertionError as e:
79 LOG.error("{}:Spyglass exited!".format(e))
80 exit()
81 plugin_conf = {
82 'excel_path': excel_file_info,
83 'excel_spec': excel_spec_info
84 }
85 return plugin_conf
86
87 def get_hosts(self, region, rack=None):
88 """Return list of hosts in the region
89 :param string region: Region name
90 :param string rack: Rack name
91 :returns: list of hosts information
92 :rtype: list of dict
93 Example: [
94 {
95 'name': 'host01',
96 'type': 'controller',
97 'host_profile': 'hp_01'
98 },
99 {
100 'name': 'host02',
101 'type': 'compute',
102 'host_profile': 'hp_02'}
103 ]
104 """
105 LOG.info("Get Host Information")
106 ipmi_data = self.parsed_xl_data['ipmi_data'][0]
107 rackwise_hosts = self._get_rackwise_hosts()
108 host_list = []
109 for rack in rackwise_hosts.keys():
110 for host in rackwise_hosts[rack]:
111 host_list.append({
112 'rack_name':
113 rack,
114 'name':
115 host,
116 'host_profile':
117 ipmi_data[host]['host_profile']
118 })
119 return host_list
120
121 def get_networks(self, region):
122 """ Extracts vlan network info from raw network data from excel"""
123 vlan_list = []
124 # Network data extracted from xl is formatted to have a predictable
125 # data type. For e.g VlAN 45 extracted from xl is formatted as 45
126 vlan_pattern = r'\d+'
127 private_net = self.parsed_xl_data['network_data']['private']
128 public_net = self.parsed_xl_data['network_data']['public']
129 # Extract network information from private and public network data
130 for net_type, net_val in itertools.chain(private_net.items(),
131 public_net.items()):
132 tmp_vlan = {}
133 # Ingress is special network that has no vlan, only a subnet string
134 # So treatment for ingress is different
135 if net_type is not 'ingress':
136 # standardize the network name as net_type may ne different.
137 # For e.g insteas of pxe it may be PXE or instead of calico
138 # it may be ksn. Valid network names are pxe, calico, oob, oam,
139 # overlay, storage, ingress
140 tmp_vlan['name'] = self._get_network_name_from_vlan_name(
141 net_type)
142
143 # extract vlan tag. It was extracted from xl file as 'VlAN 45'
144 # The code below extracts the numeric data fron net_val['vlan']
145 if net_val.get('vlan', "") is not "":
146 value = re.findall(vlan_pattern, net_val['vlan'])
147 tmp_vlan['vlan'] = value[0]
148 else:
149 tmp_vlan['vlan'] = "#CHANGE_ME"
150
151 tmp_vlan['subnet'] = net_val.get('subnet', "#CHANGE_ME")
152 tmp_vlan['gateway'] = net_val.get('gateway', "#CHANGE_ME")
153 else:
154 tmp_vlan['name'] = 'ingress'
155 tmp_vlan['subnet'] = net_val
156 vlan_list.append(tmp_vlan)
157 LOG.debug("vlan list extracted from tugboat:\n{}".format(
158 pprint.pformat(vlan_list)))
159 return vlan_list
160
161 def get_ips(self, region, host=None):
162 """Return list of IPs on the host
163 :param string region: Region name
164 :param string host: Host name
165 :returns: Dict of IPs per network on the host
166 :rtype: dict
167 Example: {'oob': {'ipv4': '192.168.1.10'},
168 'pxe': {'ipv4': '192.168.2.10'}}
169 The network name from get_networks is expected to be the keys of this
170 dict. In case some networks are missed, they are expected to be either
171 DHCP or internally generated n the next steps by the design rules.
172 """
173
174 ip_ = {}
175 ipmi_data = self.parsed_xl_data['ipmi_data'][0]
176 ip_[host] = {
177 'oob': ipmi_data[host].get('ipmi_address', '#CHANGE_ME'),
178 'oam': ipmi_data[host].get('oam', '#CHANGE_ME'),
179 'calico': ipmi_data[host].get('calico', '#CHANGE_ME'),
180 'overlay': ipmi_data[host].get('overlay', '#CHANGE_ME'),
181 'pxe': ipmi_data[host].get('pxe', '#CHANGE_ME'),
182 'storage': ipmi_data[host].get('storage', '#CHANGE_ME')
183 }
184 return ip_
185
186 def get_ldap_information(self, region):
187 """ Extract ldap information from excel"""
188
189 ldap_raw_data = self.parsed_xl_data['site_info']['ldap']
190 ldap_info = {}
191 # raw url is 'url: ldap://example.com' so we are converting to
192 # 'ldap://example.com'
193 url = ldap_raw_data.get('url', '#CHANGE_ME')
194 try:
195 ldap_info['url'] = url.split(' ')[1]
196 ldap_info['domain'] = url.split('.')[1]
197 except IndexError as e:
198 LOG.error("url.split:{}".format(e))
199 ldap_info['common_name'] = ldap_raw_data.get('common_name',
200 '#CHANGE_ME')
201 ldap_info['subdomain'] = ldap_raw_data.get('subdomain', '#CHANGE_ME')
202
203 return ldap_info
204
205 def get_ntp_servers(self, region):
206 """ Returns a comma separated list of ntp ip addresses"""
207
208 ntp_server_list = self._get_formatted_server_list(
209 self.parsed_xl_data['site_info']['ntp'])
210 return ntp_server_list
211
212 def get_dns_servers(self, region):
213 """ Returns a comma separated list of dns ip addresses"""
214 dns_server_list = self._get_formatted_server_list(
215 self.parsed_xl_data['site_info']['dns'])
216 return dns_server_list
217
218 def get_domain_name(self, region):
219 """ Returns domain name extracted from excel file"""
220
221 return self.parsed_xl_data['site_info']['domain']
222
223 def get_location_information(self, region):
224 """
225 Prepare location data from information extracted
226 by ExcelParser(i.e raw data)
227 """
228 location_data = self.parsed_xl_data['site_info']['location']
229
230 corridor_pattern = r'\d+'
231 corridor_number = re.findall(corridor_pattern,
232 location_data['corridor'])[0]
233 name = location_data.get('name', '#CHANGE_ME')
234 state = location_data.get('state', '#CHANGE_ME')
235 country = location_data.get('country', '#CHANGE_ME')
236 physical_location_id = location_data.get('physical_location', '')
237
238 return {
239 'name': name,
240 'physical_location_id': physical_location_id,
241 'state': state,
242 'country': country,
243 'corridor': 'c{}'.format(corridor_number),
244 }
245
246 def get_racks(self, region):
247 # This function is not required since the excel plugin
248 # already provide rack information.
249 pass
250
251 def _get_excel_obj(self):
252 """ Creation of an ExcelParser object to store site information.
253
254 The information is obtained based on a excel spec yaml file.
255 This spec contains row, column and sheet information of
256 the excel file from where site specific data can be extracted.
257 """
258 self.excel_obj = ExcelParser(self.excel_path, self.excel_spec)
259
260 def _extract_raw_data_from_excel(self):
261 """ Extracts raw information from excel file based on excel spec"""
262 self.parsed_xl_data = self.excel_obj.get_data()
263
264 def _get_network_name_from_vlan_name(self, vlan_name):
265 """ network names are ksn, oam, oob, overlay, storage, pxe
266
267
268 This is a utility function to determine the vlan acceptable
269 vlan from the name extracted from excel file
270
271 The following mapping rules apply:
272 vlan_name contains "ksn or calico" the network name is "calico"
273 vlan_name contains "storage" the network name is "storage"
274 vlan_name contains "server" the network name is "oam"
275 vlan_name contains "ovs" the network name is "overlay"
276 vlan_name contains "oob" the network name is "oob"
277 vlan_name contains "pxe" the network name is "pxe"
278 """
279 network_names = [
280 'ksn|calico', 'storage', 'oam|server', 'ovs|overlay', 'oob', 'pxe'
281 ]
282 for name in network_names:
283 # Make a pattern that would ignore case.
284 # if name is 'ksn' pattern name is '(?i)(ksn)'
285 name_pattern = "(?i)({})".format(name)
286 if re.search(name_pattern, vlan_name):
287 if name is 'ksn|calico':
288 return 'calico'
289 if name is 'storage':
290 return 'storage'
291 if name is 'oam|server':
292 return 'oam'
293 if name is 'ovs|overlay':
294 return 'overlay'
295 if name is 'oob':
296 return 'oob'
297 if name is 'pxe':
298 return 'pxe'
299 # if nothing matches
300 LOG.error(
301 "Unable to recognize VLAN name extracted from Plugin data source")
302 return ("")
303
304 def _get_formatted_server_list(self, server_list):
305 """ Format dns and ntp server list as comma separated string """
306
307 # dns/ntp server info from excel is of the format
308 # 'xxx.xxx.xxx.xxx, (aaa.bbb.ccc.com)'
309 # The function returns a list of comma separated dns ip addresses
310 servers = []
311 for data in server_list:
312 if '(' not in data:
313 servers.append(data)
314 formatted_server_list = ','.join(servers)
315 return formatted_server_list
316
317 def _get_rack(self, host):
318 """
319 Get rack id from the rack string extracted
320 from xl
321 """
322 rack_pattern = r'\w.*(r\d+)\w.*'
323 rack = re.findall(rack_pattern, host)[0]
324 if not self.region:
325 self.region = host.split(rack)[0]
326 return rack
327
328 def _get_rackwise_hosts(self):
329 """ Mapping hosts with rack ids """
330 rackwise_hosts = {}
331 hostnames = self.parsed_xl_data['ipmi_data'][1]
332 racks = self._get_rack_data()
333 for rack in racks:
334 if rack not in rackwise_hosts:
335 rackwise_hosts[racks[rack]] = []
336 for host in hostnames:
337 if rack in host:
338 rackwise_hosts[racks[rack]].append(host)
339 LOG.debug("rackwise hosts:\n%s", pprint.pformat(rackwise_hosts))
340 return rackwise_hosts
341
342 def _get_rack_data(self):
343 """ Format rack name """
344 LOG.info("Getting rack data")
345 racks = {}
346 hostnames = self.parsed_xl_data['ipmi_data'][1]
347 for host in hostnames:
348 rack = self._get_rack(host)
349 racks[rack] = rack.replace('r', 'rack')
350 return racks
diff --git a/spyglass/examples/SiteDesignSpec_v0.1.xlsx b/spyglass/examples/SiteDesignSpec_v0.1.xlsx
new file mode 100644
index 0000000..cdf8278
--- /dev/null
+++ b/spyglass/examples/SiteDesignSpec_v0.1.xlsx
Binary files differ
diff --git a/spyglass/examples/excel_spec.yaml b/spyglass/examples/excel_spec.yaml
new file mode 100644
index 0000000..62831a0
--- /dev/null
+++ b/spyglass/examples/excel_spec.yaml
@@ -0,0 +1,63 @@
1# Copyright 2018 The Openstack-Helm Authors.
2# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16# Important: Please modify the dictionary with appropriate
17# design spec file.
18---
19specs:
20 # Design Spec file name: SiteDesignSpec_v0.1.xlsx
21 xl_spec:
22 ipmi_sheet_name: 'Site-Information'
23 start_row: 4
24 end_row: 15
25 hostname_col: 2
26 ipmi_address_col: 3
27 host_profile_col: 5
28 ipmi_gateway_col: 4
29 private_ip_sheet: 'Site-Information'
30 net_type_col: 1
31 vlan_col: 2
32 vlan_start_row: 19
33 vlan_end_row: 30
34 net_start_row: 33
35 net_end_row: 40
36 net_col: 2
37 net_vlan_col: 1
38 public_ip_sheet: 'Site-Information'
39 oam_vlan_col: 1
40 oam_ip_row: 43
41 oam_ip_col: 2
42 oob_net_row: 48
43 oob_net_start_col: 2
44 oob_net_end_col: 5
45 ingress_ip_row: 45
46 dns_ntp_ldap_sheet: 'Site-Information'
47 login_domain_row: 52
48 ldap_col: 2
49 global_group: 53
50 ldap_search_url_row: 54
51 ntp_row: 55
52 ntp_col: 2
53 dns_row: 56
54 dns_col: 2
55 domain_row: 51
56 domain_col: 2
57 location_sheet: 'Site-Information'
58 column: 2
59 corridor_row: 59
60 site_name_row: 58
61 state_name_row: 60
62 country_name_row: 61
63 clli_name_row: 62
diff --git a/spyglass/examples/site_config.yaml b/spyglass/examples/site_config.yaml
new file mode 100644
index 0000000..25fa990
--- /dev/null
+++ b/spyglass/examples/site_config.yaml
@@ -0,0 +1,33 @@
1##################################
2# Site Specific Tugboat Settings #
3##################################
4---
5site_info:
6 ldap:
7 common_name: test
8 url: ldap://ldap.example.com
9 subdomain: test
10 ntp:
11 servers: 10.10.10.10,20.20.20.20,30.30.30.30
12 sitetype: foundry
13 domain: atlantafoundry.com
14 dns:
15 servers: 8.8.8.8,8.8.4.4,208.67.222.222
16network:
17 vlan_network_data:
18 ingress:
19 subnet:
20 - 132.68.226.72/29
21 bgp :
22 peers:
23 - '172.29.0.2'
24 - '172.29.0.3'
25 asnumber: 64671
26 peer_asnumber: 64688
27storage:
28 ceph:
29 controller:
30 osd_count: 6
31...
32
33
diff --git a/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2 b/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2
new file mode 100644
index 0000000..f7c37f2
--- /dev/null
+++ b/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2
@@ -0,0 +1,26 @@
1---
2schema: 'drydock/BootAction/v1'
3metadata:
4 schema: 'metadata/Document/v1'
5 name: promjoin
6 storagePolicy: 'cleartext'
7 layeringDefinition:
8 abstract: false
9 layer: site
10 labels:
11 application: 'drydock'
12data:
13 signaling: false
14 assets:
15 - path: /opt/promjoin.sh
16 type: file
17 permissions: '555'
18{% raw %}
19 location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% endif %}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
20
21{% endraw %}
22 location_pipeline:
23 - template
24 data_pipeline:
25 - utf8_decode
26...
diff --git a/spyglass/examples/templates/baremetal/nodes.yaml.j2 b/spyglass/examples/templates/baremetal/nodes.yaml.j2
new file mode 100644
index 0000000..f730378
--- /dev/null
+++ b/spyglass/examples/templates/baremetal/nodes.yaml.j2
@@ -0,0 +1,51 @@
1{% set control_count = [1] %}
2{% for rack in data['baremetal'].keys() %}
3{% for host in data['baremetal'][rack].keys()%}
4{% if data['baremetal'][rack][host]['type'] != 'genesis' %}
5---
6schema: 'drydock/BaremetalNode/v1'
7metadata:
8 schema: 'metadata/Document/v1'
9 name: {{ host }}
10 layeringDefinition:
11 abstract: false
12 layer: site
13 storagePolicy: cleartext
14data:
15 oob:
16 account: 'root'
17{% if data['baremetal'][rack][host]['host_profile'] == 'cp' %}
18{% if control_count.append(control_count.pop()+1) %} {% endif %}
19{% if control_count[0] < 4 %}
20 host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}}-primary
21{% else %}
22 host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}}-secondary
23{% endif %}
24{% else %}
25 host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}}
26{% endif %}
27 addressing:
28 - network: oob
29 address: {{ data['baremetal'][rack][host]['ip']['oob'] }}
30 - network: oam
31 address: {{ data['baremetal'][rack][host]['ip']['oam'] }}
32 - network: pxe
33 address: {{ data['baremetal'][rack][host]['ip']['pxe'] }}
34 - network: storage
35 address: {{ data['baremetal'][rack][host]['ip']['storage'] }}
36 - network: calico
37 address: {{ data['baremetal'][rack][host]['ip']['calico'] }}
38 - network: overlay
39 address: {{ data['baremetal'][rack][host]['ip']['overlay'] }}
40 metadata:
41 rack: RACK{{rack[-2:] }}
42 tags:
43{% if data['baremetal'][rack][host]['type'] == 'compute' %}
44 - 'workers'
45{% else %}
46 - 'masters'
47{% endif %}
48...
49{% endif %}
50{%endfor%}
51{%endfor%}
diff --git a/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2 b/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2
new file mode 100644
index 0000000..390ca95
--- /dev/null
+++ b/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2
@@ -0,0 +1,90 @@
1---
2# The purpose of this file is to provide Shipyard a strategy to aid in the site's
3# deployment. This WILL require modification for each particular site. A successful
4# strategy for large labs that has been used in the past has been to split the Control
5# Plane hosts up from the computes, as well as the computes by rack. The below strategy
6# differs slightly, as the size of the lab is smaller. As such, the Control Plane hosts
7# deploy first, followed by half of the computes, followed by the second half of the
8# computes. Shipyard deployment strategies can be very useful in getting around certain
9# failures, like misbehaving nodes that may hold up the deployment. See more at:
10# https://github.com/openstack/airship-shipyard/blob/master/doc/source/site-definition-documents.rst#deployment-strategy
11schema: shipyard/DeploymentStrategy/v1
12metadata:
13 schema: metadata/Document/v1
14 replacement: true
15 name: deployment-strategy
16 layeringDefinition:
17 abstract: false
18 layer: site
19 parentSelector:
20 name: deployment-strategy-global
21 actions:
22 - method: replace
23 path: .
24 storagePolicy: cleartext
25 replacement: true
26data:
27 groups:
28 - name: masters
29 critical: true
30 depends_on: []
31 selectors:
32 - node_names: []
33 node_labels: []
34 node_tags:
35 - masters
36 rack_names: []
37 success_criteria:
38 percent_successful_nodes: 100
39 # NEWSITE-CHANGEME: The number of "worker groups" should equal the number of site racks
40 - name: worker_group_0
41 critical: false
42 depends_on:
43 - masters
44 selectors:
45 # NEWSITE-CHANGEME: The following should be a list of the computes in the site's first rack
46 - node_names:
47{% for rack in data['baremetal'].keys() %}
48{% for host in data['baremetal'][rack].keys()%}
49{% if rack == 'rack03' or rack == 'rack04' %}
50 - {{ host }}
51{% endif %}
52{% endfor %}
53{% endfor %}
54 node_labels: []
55 node_tags: []
56 rack_names: []
57 - name: worker_group_1
58 critical: false
59 depends_on:
60 - masters
61 selectors:
62 # NEWSITE-CHANGEME: The following should be a list of the computes in the site's second rack
63 - node_names:
64{% for rack in data['baremetal'].keys() %}
65{% for host in data['baremetal'][rack].keys()%}
66{% if rack == 'rack05' or rack == 'rack06' %}
67 - {{ host }}
68{% endif %}
69{% endfor %}
70{% endfor %}
71 node_labels: []
72 node_tags: []
73 rack_names: []
74 - name: workers
75 critical: true
76 # NEWSITE-CHANGEME: Populate with each worker group (should equal the number of site racks).
77 # This group ensures a percent of success is achieved with the compute deployments.
78 depends_on:
79 - worker_group_0
80 - worker_group_1
81 selectors:
82 - node_names: []
83 node_labels: []
84 node_tags:
85 - workers
86 rack_names: []
87 success_criteria:
88 percent_successful_nodes: 60
89...
90
diff --git a/spyglass/examples/templates/networks/common_addresses.yaml.j2 b/spyglass/examples/templates/networks/common_addresses.yaml.j2
new file mode 100644
index 0000000..e52ec20
--- /dev/null
+++ b/spyglass/examples/templates/networks/common_addresses.yaml.j2
@@ -0,0 +1,107 @@
1---
2schema: pegleg/CommonAddresses/v1
3metadata:
4 schema: metadata/Document/v1
5 name: common-addresses
6 layeringDefinition:
7 abstract: false
8 layer: site
9 storagePolicy: cleartext
10data:
11 calico:
12 ip_autodetection_method: interface=bond1.{{ data['network']['vlan_network_data']['calico']['vlan']}}
13 etcd:
14 service_ip: 10.96.232.136
15 ip_rule:
16 gateway: {{ data['network']['vlan_network_data']['calico']['gateway']}}
17 overlap_cidr: 10.96.0.0/15
18 bgp:
19 ipv4:
20 public_service_cidr: {{ data['network']['vlan_network_data']['ingress']['subnet'][0] }}
21 ingress_vip: {{ data['network']['bgp']['ingress_vip'] }}
22 peers:
23{% for peer in data['network']['bgp']['peers'] %}
24 - {{ peer }}
25{% endfor %}
26 dns:
27 cluster_domain: cluster.local
28 service_ip: 10.96.0.10
29 upstream_servers:
30{% for server in (data['site_info']['dns']['servers']).split(',') %}
31 - {{ server }}
32{% endfor %}
33 upstream_servers_joined: {{ data['site_info']['dns']['servers']}}
34 ingress_domain: {{ data['site_info']['domain']|lower }}
35
36 genesis:
37 hostname: {{ (data|get_role_wise_nodes)['genesis']['name'] }}
38{% for rack in data['baremetal'] %}
39{% for host in data['baremetal'][rack] %}
40{% if data['baremetal'][rack][host]['type'] == 'genesis' %}
41 ip: {{ data['baremetal'][rack][host]['ip']['calico'] }}
42{% endif %}
43{% endfor %}
44{% endfor %}
45 bootstrap:
46 ip: {{ (data|get_role_wise_nodes)['genesis']['pxe'] }}
47
48 kubernetes:
49 api_service_ip: 10.96.0.1
50 etcd_service_ip: 10.96.0.2
51 pod_cidr: 10.97.0.0/16
52 service_cidr: 10.96.0.0/16
53 # misc k8s port settings
54 apiserver_port: 6443
55 haproxy_port: 6553
56 service_node_port_range: 30000-32767
57
58 # etcd port settings
59 etcd:
60 container_port: 2379
61 haproxy_port: 2378
62
63 masters:
64{% for host in (data|get_role_wise_nodes)['masters'] %}
65 - hostname: {{ host }}
66{% endfor %}
67 # NEWSITE-CHANGEME: Environment proxy information.
68 # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
69 # should be commented out.
70 # However if you are in a lab that requires proxy, ensure that these proxy
71 # settings are correct and reachable in your environment; otherwise update
72 # them with the correct values for your environment.
73 proxy:
74 http: ""
75 https: ""
76 no_proxy: []
77
78 node_ports:
79 drydock_api: 30000
80 maas_api: 30001
81 maas_proxy: 31800 # hardcoded in MAAS
82 shipyard_api: 30003
83 airflow_web: 30004
84 ntp:
85 servers_joined: {{ data['site_info']['ntp']['servers'] }}
86
87 ldap:
88 base_url: {{ (data['site_info']['ldap']['url']|string).split('//')[1] }}
89 url: {{ data['site_info']['ldap']['url'] }}
90 auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN={{ data['site_info']['ldap']['common_name'] }},OU=Application,OU=Groups,DC=test,DC=test,DC=com
91 common_name: {{ data['site_info']['ldap']['common_name'] }}
92 subdomain: {{ data['site_info']['ldap']['subdomain'] }}
93 domain: {{ (data['site_info']['ldap']['url']|string).split('.')[1] }}
94
95 storage:
96 ceph:
97 public_cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }}
98 cluster_cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }}
99
100 neutron:
101 tunnel_device: 'bond1.{{ data['network']['vlan_network_data']['overlay']['vlan'] }}'
102 external_iface: 'bond1'
103
104 openvswitch:
105 external_iface: 'bond1'
106...
107
diff --git a/spyglass/examples/templates/networks/physical/networks.yaml.j2 b/spyglass/examples/templates/networks/physical/networks.yaml.j2
new file mode 100644
index 0000000..cb727f9
--- /dev/null
+++ b/spyglass/examples/templates/networks/physical/networks.yaml.j2
@@ -0,0 +1,251 @@
1---
2schema: 'drydock/NetworkLink/v1'
3metadata:
4 schema: 'metadata/Document/v1'
5 name: oob
6 layeringDefinition:
7 abstract: false
8 layer: site
9 storagePolicy: cleartext
10data:
11 # MaaS doesnt own this network like it does the others, so the noconfig label
12 # is specified.
13 labels:
14 noconfig: enabled
15 bonding:
16 mode: disabled
17 mtu: 1500
18 linkspeed: auto
19 trunking:
20 mode: disabled
21 default_network: oob
22 allowed_networks:
23 - oob
24...
25---
26schema: 'drydock/Network/v1'
27metadata:
28 schema: 'metadata/Document/v1'
29 name: oob
30 layeringDefinition:
31 abstract: false
32 layer: site
33 storagePolicy: cleartext
34data:
35 cidr: {{ data['network']['vlan_network_data']['oob']['subnet'] }}
36 routes:
37 - subnet: '0.0.0.0/0'
38 gateway: {{ data['network']['vlan_network_data']['oob']['gateway'] }}
39 metric: 100
40 ranges:
41 - type: static
42 start: {{ data['network']['vlan_network_data']['oob']['static_start'] }}
43 end: {{ data['network']['vlan_network_data']['oob']['static_end'] }}
44...
45
46---
47schema: 'drydock/NetworkLink/v1'
48metadata:
49 schema: 'metadata/Document/v1'
50 name: pxe
51 layeringDefinition:
52 abstract: false
53 layer: site
54 storagePolicy: cleartext
55data:
56 bonding:
57 mode: disabled
58 mtu: 1500
59 linkspeed: auto
60 trunking:
61 mode: disabled
62 default_network: pxe
63 allowed_networks:
64 - pxe
65...
66
67---
68schema: 'drydock/Network/v1'
69metadata:
70 schema: 'metadata/Document/v1'
71 name: pxe
72 layeringDefinition:
73 abstract: false
74 layer: site
75 parentSelector:
76 network_role: pxe
77 topology: cruiser
78 actions:
79 - method: merge
80 path: .
81 storagePolicy: cleartext
82data:
83 cidr: {{ data['network']['vlan_network_data']['pxe']['subnet'] }}
84 routes:
85{% for other_subnet in data['network']['vlan_network_data']['pxe']['routes'] %}
86 - subnet: {{ other_subnet }}
87 gateway: {{ data['network']['vlan_network_data']['pxe']['gateway'] }}
88 metric: 100
89{% endfor %}
90 ranges:
91 - type: reserved
92 start: {{ data['network']['vlan_network_data']['pxe']['reserved_start'] }}
93 end: {{ data['network']['vlan_network_data']['pxe']['reserved_end'] }}
94 - type: static
95 start: {{ data['network']['vlan_network_data']['pxe']['static_start'] }}
96 end: {{ data['network']['vlan_network_data']['pxe']['static_end'] }}
97 - type: dhcp
98 start: {{ data['network']['vlan_network_data']['pxe']['dhcp_start'] }}
99 end: {{ data['network']['vlan_network_data']['pxe']['dhcp_end'] }}
100...
101
102---
103schema: 'drydock/NetworkLink/v1'
104metadata:
105 schema: 'metadata/Document/v1'
106 name: data
107 layeringDefinition:
108 abstract: false
109 layer: site
110 storagePolicy: cleartext
111data:
112 bonding:
113 mode: 802.3ad
114 hash: layer3+4
115 peer_rate: fast
116 mon_rate: 100
117 up_delay: 1000
118 down_delay: 3000
119 # NEWSITE-CHANGEME: Ensure the network switches in the environment are
120 # configured for this MTU or greater. Even if switches are configured for or
121 # can support a slightly higher MTU, there is no need (and negliable benefit)
122 # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
123 # 9100 for maximum compatibility.
124 mtu: 9100
125 linkspeed: auto
126 trunking:
127 mode: 802.1q
128 allowed_networks:
129 - oam
130 - storage
131 - overlay
132 - calico
133...
134
135---
136schema: 'drydock/Network/v1'
137metadata:
138 schema: 'metadata/Document/v1'
139 name: oam
140 layeringDefinition:
141 abstract: false
142 layer: 'site'
143 parentSelector:
144 network_role: oam
145 topology: cruiser
146 actions:
147 - method: merge
148 path: .
149 storagePolicy: cleartext
150data:
151 cidr: {{ data['network']['vlan_network_data']['oam']['subnet'] }}
152{% set flag = [0] %}
153{% for route in data['network']['vlan_network_data']['oam']['routes'] %}
154{% if flag[0] == 0 %}
155 routes:
156{% endif %}
157{% if flag.append(flag.pop() + 1) %} {% endif %}
158 - subnet: {{ route }}
159 gateway: {{ data['network']['vlan_network_data']['oam']['gateway'] }}
160 metric: 100
161{% endfor %}
162{% if flag[0] == 0 %}
163 routes:[]
164{% endif %}
165 ranges:
166 - type: reserved
167 start: {{ data['network']['vlan_network_data']['oam']['reserved_start'] }}
168 end: {{ data['network']['vlan_network_data']['oam']['reserved_end'] }}
169 - type: static
170 start: {{ data['network']['vlan_network_data']['oam']['static_start'] }}
171 end: {{ data['network']['vlan_network_data']['oam']['static_end'] }}
172...
173
174---
175schema: 'drydock/Network/v1'
176metadata:
177 schema: 'metadata/Document/v1'
178 name: storage
179 layeringDefinition:
180 abstract: false
181 layer: site
182 parentSelector:
183 network_role: storage
184 topology: cruiser
185 actions:
186 - method: merge
187 path: .
188 storagePolicy: cleartext
189data:
190 cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }}
191 ranges:
192 - type: reserved
193 start: {{ data['network']['vlan_network_data']['storage']['reserved_start'] }}
194 end: {{ data['network']['vlan_network_data']['storage']['reserved_end'] }}
195 - type: static
196 start: {{ data['network']['vlan_network_data']['storage']['static_start'] }}
197 end: {{ data['network']['vlan_network_data']['storage']['static_end'] }}
198...
199
200---
201schema: 'drydock/Network/v1'
202metadata:
203 schema: 'metadata/Document/v1'
204 name: overlay
205 layeringDefinition:
206 abstract: false
207 layer: site
208 parentSelector:
209 network_role: os-overlay
210 topology: cruiser
211 actions:
212 - method: merge
213 path: .
214 storagePolicy: cleartext
215data:
216 cidr: {{ data['network']['vlan_network_data']['overlay']['subnet'] }}
217 ranges:
218 - type: reserved
219 start: {{ data['network']['vlan_network_data']['overlay']['reserved_start'] }}
220 end: {{ data['network']['vlan_network_data']['overlay']['reserved_end'] }}
221 - type: static
222 start: {{ data['network']['vlan_network_data']['overlay']['static_start'] }}
223 end: {{ data['network']['vlan_network_data']['overlay']['static_end'] }}
224...
225
226---
227schema: 'drydock/Network/v1'
228metadata:
229 schema: 'metadata/Document/v1'
230 name: calico
231 layeringDefinition:
232 abstract: false
233 layer: site
234 parentSelector:
235 network_role: calico
236 topology: cruiser
237 actions:
238 - method: merge
239 path: .
240 storagePolicy: cleartext
241data:
242 cidr: {{ data['network']['vlan_network_data']['calico']['subnet'] }}
243 ranges:
244 - type: reserved
245 start: {{ data['network']['vlan_network_data']['calico']['reserved_start'] }}
246 end: {{ data['network']['vlan_network_data']['calico']['reserved_end'] }}
247 - type: static
248 start: {{ data['network']['vlan_network_data']['calico']['static_start'] }}
249 end: {{ data['network']['vlan_network_data']['calico']['static_end'] }}
250...
251
diff --git a/spyglass/examples/templates/pki/pki-catalogue.yaml.j2 b/spyglass/examples/templates/pki/pki-catalogue.yaml.j2
new file mode 100644
index 0000000..c8ccd03
--- /dev/null
+++ b/spyglass/examples/templates/pki/pki-catalogue.yaml.j2
@@ -0,0 +1,187 @@
1---
2schema: promenade/PKICatalog/v1
3metadata:
4 schema: metadata/Document/v1
5 name: cluster-certificates
6 layeringDefinition:
7 abstract: false
8 layer: site
9 storagePolicy: cleartext
10data:
11 certificate_authorities:
12 kubernetes:
13 description: CA for Kubernetes components
14 certificates:
15 - document_name: apiserver
16 description: Service certificate for Kubernetes apiserver
17 common_name: apiserver
18 hosts:
19 - localhost
20 - 127.0.0.1
21 - 10.96.0.1
22 kubernetes_service_names:
23 - kubernetes.default.svc.cluster.local
24{% for racks in data['baremetal'].keys()%}
25{% for host in data['baremetal'][racks].keys()%}
26{% if data['baremetal'][racks][host]['type'] == 'genesis' %}
27
28 - document_name: kubelet-genesis
29 common_name: system:node:{{ host }}
30 hosts:
31 - {{ host }}
32 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
33 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
34 groups:
35 - system:nodes
36{% endif %}
37{%endfor%}
38{%endfor%}
39{% for racks in data['baremetal'].keys()%}
40{% for host in data['baremetal'][racks].keys()%}
41 - document_name: kubelet-{{ host }}
42 common_name: system:node:{{ host }}
43 hosts:
44 - {{ host }}
45 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
46 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
47 groups:
48 - system:nodes
49{%endfor%}
50{%endfor%}
51 - document_name: scheduler
52 description: Service certificate for Kubernetes scheduler
53 common_name: system:kube-scheduler
54 - document_name: controller-manager
55 description: certificate for controller-manager
56 common_name: system:kube-controller-manager
57 - document_name: admin
58 common_name: admin
59 groups:
60 - system:masters
61 - document_name: armada
62 common_name: armada
63 groups:
64 - system:masters
65 kubernetes-etcd:
66 description: Certificates for Kubernetes's etcd servers
67 certificates:
68 - document_name: apiserver-etcd
69 description: etcd client certificate for use by Kubernetes apiserver
70 common_name: apiserver
71 # NOTE(mark-burnett): hosts not required for client certificates
72 - document_name: kubernetes-etcd-anchor
73 description: anchor
74 common_name: anchor
75{% for racks in data['baremetal'].keys()%}
76{% for host in data['baremetal'][racks].keys()%}
77{% if data['baremetal'][racks][host]['type'] == 'genesis' %}
78 - document_name: kubernetes-etcd-genesis
79 common_name: kubernetes-etcd-genesis
80 hosts:
81 - {{ host }}
82 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
83 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
84 - 127.0.0.1
85 - localhost
86 - kubernetes-etcd.kube-system.svc.cluster.local
87 - 10.96.0.2
88{% endif %}
89{%endfor%}
90{%endfor%}
91{% for racks in data['baremetal'].keys()%}
92{% for host in data['baremetal'][racks].keys()%}
93{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis'%}
94 - document_name: kubernetes-etcd-{{ host }}
95 common_name: kubernetes-etcd-{{ host }}
96 hosts:
97 - {{ host }}
98 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
99 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
100 - 127.0.0.1
101 - localhost
102 - kubernetes-etcd.kube-system.svc.cluster.local
103 - 10.96.0.2
104{% endif %}
105{%endfor%}
106{%endfor%}
107{% for racks in data['baremetal'].keys()%}
108{% for host in data['baremetal'][racks].keys()%}
109{% if data['baremetal'][racks][host]['type'] == 'genesis' %}
110 kubernetes-etcd-peer:
111 certificates:
112 - document_name: kubernetes-etcd-genesis-peer
113 common_name: kubernetes-etcd-genesis-peer
114 hosts:
115 - {{ host }}
116 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
117 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
118 - 127.0.0.1
119 - localhost
120 - kubernetes-etcd.kube-system.svc.cluster.local
121 - 10.96.0.2
122{% endif %}
123{%endfor%}
124{%endfor%}
125{% for racks in data['baremetal'].keys()%}
126{% for host in data['baremetal'][racks].keys()%}
127{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %}
128 - document_name: kubernetes-etcd-{{ host }}-peer
129 common_name: kubernetes-etcd-{{ host }}-peer
130 hosts:
131 - {{ host }}
132 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
133 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
134 - 127.0.0.1
135 - localhost
136 - kubernetes-etcd.kube-system.svc.cluster.local
137 - 10.96.0.2
138{% endif %}
139{%endfor%}
140{%endfor%}
141 ksn-etcd:
142 description: Certificates for Calico etcd client traffic
143 certificates:
144 - document_name: ksn-etcd-anchor
145 description: anchor
146 common_name: anchor
147{% for racks in data['baremetal'].keys()%}
148{% for host in data['baremetal'][racks].keys()%}
149{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %}
150 - document_name: ksn-etcd-{{ host }}
151 common_name: ksn-etcd-{{ host }}
152 hosts:
153 - {{ host }}
154 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
155 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
156 - 127.0.0.1
157 - localhost
158 - 10.96.232.136
159{% endif %}
160{%endfor%}
161{%endfor%}
162 - document_name: ksn-node
163 common_name: calcico-node
164 ksn-etcd-peer:
165 description: Certificates for Calico etcd clients
166 certificates:
167{% for racks in data['baremetal'].keys()%}
168{% for host in data['baremetal'][racks].keys()%}
169{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %}
170 - document_name: ksn-etcd-{{ host }}-peer
171 common_name: ksn-etcd-{{ host }}-peer
172 hosts:
173 - {{ host }}
174 - {{ data['baremetal'][racks][host]['ip']['oam'] }}
175 - {{ data['baremetal'][racks][host]['ip']['ksn']}}
176 - 127.0.0.1
177 - localhost
178 - 10.96.232.136
179{% endif %}
180{%endfor%}
181{%endfor%}
182 - document_name: ksn-node-peer
183 common_name: calico-node-peer
184 keypairs:
185 - name: service-account
186 description: Service account signing key for use by Kubernetes controller-manager.
187...
diff --git a/spyglass/examples/templates/profile/genesis.yaml.j2 b/spyglass/examples/templates/profile/genesis.yaml.j2
new file mode 100644
index 0000000..6cbb335
--- /dev/null
+++ b/spyglass/examples/templates/profile/genesis.yaml.j2
@@ -0,0 +1,40 @@
1---
2schema: promenade/Genesis/v1
3metadata:
4 schema: metadata/Document/v1
5 name: genesis-site
6 layeringDefinition:
7 abstract: false
8 layer: site
9 parentSelector:
10 name: genesis-global
11 actions:
12 - method: merge
13 path: .
14 storagePolicy: cleartext
15data:
16 labels:
17 dynamic:
18 - beta.kubernetes.io/fluentd-ds-ready=true
19 - calico-etcd=enabled
20 - ceph-mds=enabled
21 - ceph-mon=enabled
22 - ceph-osd=enabled
23 - ceph-rgw=enabled
24 - ceph-mgr=enabled
25 - ceph-bootstrap=enabled
26 - kube-dns=enabled
27 - kube-ingress=enabled
28 - kubernetes-apiserver=enabled
29 - kubernetes-controller-manager=enabled
30 - kubernetes-etcd=enabled
31 - kubernetes-scheduler=enabled
32 - promenade-genesis=enabled
33 - ucp-control-plane=enabled
34 - maas-control-plane=enabled
35 - ceph-osd-bootstrap=enabled
36 - openstack-control-plane=enabled
37 - openvswitch=enabled
38 - openstack-l3-agent=enabled
39 - node-exporter=enabled
40...
diff --git a/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2 b/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2
new file mode 100644
index 0000000..9e07875
--- /dev/null
+++ b/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2
@@ -0,0 +1,76 @@
1---
2schema: 'drydock/HardwareProfile/v1'
3metadata:
4 schema: 'metadata/Document/v1'
5 name: dell_r720
6 layeringDefinition:
7 abstract: false
8 layer: site
9 storagePolicy: cleartext
10data:
11 # Vendor of the server chassis
12 vendor: DELL
13 # Generation of the chassis model
14 generation: '8'
15 # Version of the chassis model within its generation - not version of the hardware definition
16 hw_version: '3'
17 # The certified version of the chassis BIOS
18 bios_version: '2.2.3'
19 # Mode of the default boot of hardware - bios, uefi
20 boot_mode: bios
21 # Protocol of boot of the hardware - pxe, usb, hdd
22 bootstrap_protocol: pxe
23 # Which interface to use for network booting within the OOB manager, not OS device
24 pxe_interface: 0
25 # Map hardware addresses to aliases/roles to allow a mix of hardware configs
26 # in a site to result in a consistent configuration
27 device_aliases:
28 ## network
29 # eno1
30 pxe_nic01:
31 address: '0000:01:00.0'
32 # type could identify expected hardware - used for hardware manifest validation
33 dev_type: 'I350 Gigabit Network Connection'
34 bus_type: 'pci'
35 # enp67s0f0
36 data_nic01:
37 address: '0000:43:00.0'
38 dev_type: 'Ethernet 10G 2P X520 Adapter'
39 bus_type: 'pci'
40 # enp67s0f1
41 data_nic02:
42 address: '0000:43:00.1'
43 dev_type: 'Ethernet 10G 2P X520 Adapter'
44 bus_type: 'pci'
45 # enp68s0f0
46 data_nic03:
47 address: '0000:44:00.0'
48 dev_type: 'Ethernet 10G 2P X520 Adapter'
49 bus_type: 'pci'
50 # enp68s0f1
51 data_nic04:
52 address: '0000:44:00.1'
53 dev_type: 'Ethernet 10G 2P X520 Adapter'
54 bus_type: 'pci'
55 ## storage
56 # /dev/sda
57 bootdisk:
58 address: '0:2.0.0'
59 dev_type: 'PERC H710P'
60 bus_type: 'scsi'
61 # /dev/sdb
62 cephjournal1:
63 address: '0:2.1.0'
64 dev_type: 'PERC H710P'
65 bus_type: 'scsi'
66 # /dev/sdc
67 cephjournal2:
68 address: '0:2.2.0'
69 dev_type: 'PERC H710P'
70 bus_type: 'scsi'
71 # /dev/sdc
72 ephemeral:
73 address: '0:2.3.0'
74 dev_type: 'PERC H710P'
75 bus_type: 'scsi'
76...
diff --git a/spyglass/examples/templates/profile/host/cp_r720.yaml.j2 b/spyglass/examples/templates/profile/host/cp_r720.yaml.j2
new file mode 100644
index 0000000..aa60287
--- /dev/null
+++ b/spyglass/examples/templates/profile/host/cp_r720.yaml.j2
@@ -0,0 +1,270 @@
1---
2# The primary control plane host profile for Airship for DELL R720s, and
3# should not need to be altered if you are using matching HW. The active
4# participants in the Ceph cluster run on this profile. Other control plane
5# services are not affected by primary vs secondary designation.
6schema: drydock/HostProfile/v1
7metadata:
8 schema: metadata/Document/v1
9 name: cp_r720-primary
10 storagePolicy: cleartext
11 layeringDefinition:
12 abstract: false
13 layer: site
14 parentSelector:
15 hosttype: cp-global
16 actions:
17 - method: replace
18 path: .interfaces
19 - method: replace
20 path: .storage
21 - method: merge
22 path: .
23data:
24 hardware_profile: dell_r720
25
26 primary_network: oam
27 interfaces:
28 pxe:
29 device_link: pxe
30 slaves:
31 - pxe_nic01
32 networks:
33 - pxe
34 bond0:
35 device_link: data
36 slaves:
37 - data_nic01
38 - data_nic02
39 - data_nic03
40 - data_nic04
41 networks:
42 - oam
43 - storage
44 - overlay
45 - calico
46
47 storage:
48 physical_devices:
49 bootdisk:
50 labels:
51 bootdrive: 'true'
52 partitions:
53 - name: 'root'
54 size: '30g'
55 bootable: true
56 filesystem:
57 mountpoint: '/'
58 fstype: 'ext4'
59 mount_options: 'defaults'
60 - name: 'boot'
61 size: '1g'
62 filesystem:
63 mountpoint: '/boot'
64 fstype: 'ext4'
65 mount_options: 'defaults'
66 - name: 'var_log'
67 size: '100g'
68 filesystem:
69 mountpoint: '/var/log'
70 fstype: 'ext4'
71 mount_options: 'defaults'
72 - name: 'var'
73 size: '>100g'
74 filesystem:
75 mountpoint: '/var'
76 fstype: 'ext4'
77 mount_options: 'defaults'
78
79 cephjournal1:
80 partitions:
81 - name: 'ceph-j1'
82 size: '10g'
83 - name: 'ceph-j2'
84 size: '10g'
85 - name: 'ceph-j3'
86 size: '10g'
87 - name: 'ceph-j4'
88 size: '10g'
89 cephjournal2:
90 partitions:
91 - name: 'ceph-j5'
92 size: '10g'
93 - name: 'ceph-j6'
94 size: '10g'
95 - name: 'ceph-j7'
96 size: '10g'
97 - name: 'ceph-j8'
98 size: '10g'
99
100 platform:
101 kernel: 'hwe-16.04'
102 kernel_params:
103 console: 'ttyS1,115200n8'
104
105 metadata:
106 owner_data:
107 openstack-l3-agent: enabled
108...
109---
110schema: drydock/HostProfile/v1
111metadata:
112 schema: metadata/Document/v1
113 name: cp_r740-secondary
114 storagePolicy: cleartext
115 layeringDefinition:
116 abstract: false
117 layer: site
118 parentSelector:
119 hosttype: cp-global
120 actions:
121 - method: replace
122 path: .interfaces
123 - method: replace
124 path: .storage
125 - method: replace
126 path: .metadata.owner_data
127 - method: merge
128 path: .
129data:
130 hardware_profile: dell_r720
131
132 primary_network: oam
133 interfaces:
134 pxe:
135 device_link: pxe
136 slaves:
137 - pxe_nic01
138 networks:
139 - pxe
140 bond0:
141 device_link: data
142 slaves:
143 - data_nic01
144 - data_nic02
145 - data_nic03
146 - data_nic04
147 networks:
148 - oam
149 - storage
150 - overlay
151 - calico
152
153 storage:
154 physical_devices:
155 bootdisk:
156 labels:
157 bootdrive: 'true'
158 partitions:
159 - name: 'root'
160 size: '30g'
161 bootable: true
162 filesystem:
163 mountpoint: '/'
164 fstype: 'ext4'
165 mount_options: 'defaults'
166 - name: 'boot'
167 size: '1g'
168 filesystem:
169 mountpoint: '/boot'
170 fstype: 'ext4'
171 mount_options: 'defaults'
172 - name: 'var_log'
173 size: '100g'
174 filesystem:
175 mountpoint: '/var/log'
176 fstype: 'ext4'
177 mount_options: 'defaults'
178 - name: 'var'
179 size: '>100g'
180 filesystem:
181 mountpoint: '/var'
182 fstype: 'ext4'
183 mount_options: 'defaults'
184
185 cephjournal1:
186 partitions:
187 - name: 'ceph-j1'
188 size: '10g'
189 - name: 'ceph-j2'
190 size: '10g'
191 - name: 'ceph-j3'
192 size: '10g'
193 - name: 'ceph-j4'
194 size: '10g'
195 cephjournal2:
196 partitions:
197 - name: 'ceph-j5'
198 size: '10g'
199 - name: 'ceph-j6'
200 size: '10g'
201 - name: 'ceph-j7'
202 size: '10g'
203 - name: 'ceph-j8'
204 size: '10g'
205
206 platform:
207 kernel: 'hwe-16.04'
208 kernel_params:
209 console: 'ttyS1,115200n8'
210
211 metadata:
212 owner_data:
213 control-plane: enabled
214 ucp-control-plane: enabled
215 openstack-control-plane: enabled
216 openstack-heat: enabled
217 openstack-keystone: enabled
218 openstack-rabbitmq: enabled
219 openstack-dns-helper: enabled
220 openstack-mariadb: enabled
221 openstack-nova-control: enabled
222 # openstack-etcd: enabled
223 openstack-mistral: enabled
224 openstack-memcached: enabled
225 openstack-glance: enabled
226 openstack-horizon: enabled
227 openstack-cinder-control: enabled
228 openstack-cinder-volume: control
229 openstack-neutron: enabled
230 openvswitch: enabled
231 ucp-barbican: enabled
232 # ceph-mon: enabled
233 ceph-mgr: enabled
234 ceph-osd: enabled
235 ceph-mds: enabled
236 ceph-rgw: enabled
237 ucp-maas: enabled
238 kube-dns: enabled
239 tenant-ceph-control-plane: enabled
240 # tenant-ceph-mon: enabled
241 tenant-ceph-rgw: enabled
242 tenant-ceph-mgr: enabled
243 kubernetes-apiserver: enabled
244 kubernetes-controller-manager: enabled
245 # kubernetes-etcd: enabled
246 kubernetes-scheduler: enabled
247 tiller-helm: enabled
248 # kube-etcd: enabled
249 calico-policy: enabled
250 calico-node: enabled
251 # calico-etcd: enabled
252 ucp-armada: enabled
253 ucp-drydock: enabled
254 ucp-deckhand: enabled
255 ucp-shipyard: enabled
256 IAM: enabled
257 ucp-promenade: enabled
258 prometheus-server: enabled
259 prometheus-client: enabled
260 fluentd: enabled
261 influxdb: enabled
262 kibana: enabled
263 elasticsearch-client: enabled
264 elasticsearch-master: enabled
265 elasticsearch-data: enabled
266 postgresql: enabled
267 kube-ingress: enabled
268 beta.kubernetes.io/fluentd-ds-ready: 'true'
269 node-exporter: enabled
270...
diff --git a/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2
new file mode 100644
index 0000000..d686571
--- /dev/null
+++ b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2
@@ -0,0 +1,103 @@
1---
2# The data plane host profile for Airship for DELL R720s, and should
3# not need to be altered if you are using matching HW. The host profile is setup
4# for cpu isolation (for nova pinning), hugepages, and sr-iov.
5schema: drydock/HostProfile/v1
6metadata:
7 schema: metadata/Document/v1
8 name: dp_r720
9 storagePolicy: cleartext
10 layeringDefinition:
11 abstract: false
12 layer: site
13 parentSelector:
14 hosttype: dp-global
15 actions:
16 - method: replace
17 path: .interfaces
18 - method: replace
19 path: .storage
20 - method: merge
21 path: .
22data:
23 hardware_profile: dell_r720
24
25 primary_network: oam
26 interfaces:
27 pxe:
28 device_link: pxe
29 slaves:
30 - pxe_nic01
31 networks:
32 - pxe
33 bond0:
34 device_link: data
35 slaves:
36 - data_nic01
37 - data_nic02
38 - data_nic03
39 - data_nic04
40 networks:
41 - oam
42 - storage
43 - overlay
44 - calico
45
46 storage:
47 physical_devices:
48 bootdisk:
49 labels:
50 bootdrive: 'true'
51 partitions:
52 - name: 'root'
53 size: '30g'
54 bootable: true
55 filesystem:
56 mountpoint: '/'
57 fstype: 'ext4'
58 mount_options: 'defaults'
59 - name: 'boot'
60 size: '1g'
61 filesystem:
62 mountpoint: '/boot'
63 fstype: 'ext4'
64 mount_options: 'defaults'
65 - name: 'var_log'
66 size: '100g'
67 filesystem:
68 mountpoint: '/var/log'
69 fstype: 'ext4'
70 mount_options: 'defaults'
71 - name: 'var'
72 size: '>100g'
73 filesystem:
74 mountpoint: '/var'
75 fstype: 'ext4'
76 mount_options: 'defaults'
77
78 cephjournal1:
79 partitions:
80 - name: 'ceph-j1'
81 size: '10g'
82 - name: 'ceph-j2'
83 size: '10g'
84 cephjournal2:
85 partitions:
86 - name: 'ceph-j3'
87 size: '10g'
88 - name: 'ceph-j4'
89 size: '10g'
90
91 ephemeral:
92 partitions:
93 - name: 'nova'
94 size: '99%'
95 filesystem:
96 mountpoint: '/var/lib/nova'
97 fstype: 'ext4'
98 mount_options: 'defaults'
99 platform:
100 kernel: 'hwe-16.04'
101 kernel_params:
102 console: 'ttyS1,115200n8'
103...
diff --git a/spyglass/examples/templates/profile/region.yaml.j2 b/spyglass/examples/templates/profile/region.yaml.j2
new file mode 100644
index 0000000..9f862ab
--- /dev/null
+++ b/spyglass/examples/templates/profile/region.yaml.j2
@@ -0,0 +1,35 @@
1---
2schema: 'drydock/Region/v1'
3metadata:
4 schema: 'metadata/Document/v1'
5 name: {{ data['region_name'] }}
6 layeringDefinition:
7 abstract: false
8 layer: site
9 storagePolicy: cleartext
10 substitutions:
11 - dest:
12 path: .authorized_keys[0]
13 src:
14 schema: deckhand/PublicKey/v1
15 name: jenkins_ssh_public_key
16 path: .
17 - dest:
18 path: .authorized_keys[1]
19 src:
20 schema: deckhand/PublicKey/v1
21 name: {{ data['region_name'] }}_ssh_public_key
22 path: .
23 - dest:
24 path: .repositories.main_archive
25 src:
26 schema: pegleg/SoftwareVersions/v1
27 name: software-versions
28 path: .packages.repositories.main_archive
29data:
30 tag_definitions: []
31 authorized_keys: []
32 repositories:
33 remove_unlisted: true
34...
35
diff --git a/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2
new file mode 100644
index 0000000..5cb4018
--- /dev/null
+++ b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2
@@ -0,0 +1,2806 @@
1---
2# Certs generated by Promenade, see docs at
3# TODO: move to https://github.com/openstack/airship-treasuremap/blob/master/docs/source/authoring_and_deployment.rst
4# https://github.com/att-comdev/treasuremap/blob/master/docs/source/deployment.rst#sitenew_sitepkipki-catalogyaml
5data: |
6 -----BEGIN CERTIFICATE-----
7 MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL
8 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
9 Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy
10 bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
11 DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5
12 SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ
13 1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK
14 N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ
15 uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B
16 qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE
17 AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY
18 /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG
19 9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85
20 YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G
21 CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB
22 yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/
23 YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV
24 FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA==
25 -----END CERTIFICATE-----
26metadata:
27 layeringDefinition:
28 abstract: false
29 layer: site
30 name: kubernetes
31 schema: metadata/Document/v1
32 storagePolicy: cleartext
33schema: deckhand/CertificateAuthority/v1
34---
35data: |
36 -----BEGIN CERTIFICATE-----
37 MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL
38 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
39 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK
40 S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
41 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN
42 mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S
43 8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU
44 Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu
45 93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa
46 BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO
47 BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC
48 0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX
49 x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY
50 sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI
51 d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub
52 /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp
53 zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR
54 t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8=
55 -----END CERTIFICATE-----
56metadata:
57 layeringDefinition:
58 abstract: false
59 layer: site
60 name: kubernetes-etcd
61 schema: metadata/Document/v1
62 storagePolicy: cleartext
63schema: deckhand/CertificateAuthority/v1
64---
65data: |
66 -----BEGIN CERTIFICATE-----
67 MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL
68 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
69 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD
70 VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
71 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt
72 +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs
73 8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA
74 fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC
75 3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs
76 1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C
77 AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
78 VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz
79 EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh
80 3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I
81 +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+
82 im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL
83 hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV
84 DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7
85 -----END CERTIFICATE-----
86metadata:
87 layeringDefinition:
88 abstract: false
89 layer: site
90 name: kubernetes-etcd-peer
91 schema: metadata/Document/v1
92 storagePolicy: cleartext
93schema: deckhand/CertificateAuthority/v1
94---
95data: |
96 -----BEGIN CERTIFICATE-----
97 MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL
98 BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
99 HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl
100 cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
101 ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ
102 48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F
103 qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW
104 /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX
105 T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr
106 OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/
107 BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ
108 a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG
109 SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt
110 YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ
111 SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp
112 qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un
113 XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg
114 KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS
115 -----END CERTIFICATE-----
116metadata:
117 layeringDefinition:
118 abstract: false
119 layer: site
120 name: calico-etcd
121 schema: metadata/Document/v1
122 storagePolicy: cleartext
123schema: deckhand/CertificateAuthority/v1
124---
125data: |
126 -----BEGIN CERTIFICATE-----
127 MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL
128 BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
129 cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT
130 Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
131 SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B
132 NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt
133 FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E
134 ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8
135 jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC
136 JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk
137 MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL
138 fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X
139 0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr
140 EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5
141 9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9
142 cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+
143 O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O
144 nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w==
145 -----END CERTIFICATE-----
146metadata:
147 layeringDefinition:
148 abstract: false
149 layer: site
150 name: calico-etcd-peer
151 schema: metadata/Document/v1
152 storagePolicy: cleartext
153schema: deckhand/CertificateAuthority/v1
154---
155data: |
156 -----BEGIN RSA PRIVATE KEY-----
157 MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF
158 eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE
159 kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD
160 Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6
161 ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP
162 wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn
163 lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy
164 0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3
165 zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G
166 9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y
167 MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE
168 vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94
169 79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL
170 ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ
171 SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH
172 pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1
173 8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO
174 AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd
175 SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC
176 nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj
177 XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H
178 fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT
179 RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43
180 RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0
181 ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ==
182 -----END RSA PRIVATE KEY-----
183metadata:
184 layeringDefinition:
185 abstract: false
186 layer: site
187 name: kubernetes
188 schema: metadata/Document/v1
189 storagePolicy: cleartext
190schema: deckhand/CertificateAuthorityKey/v1
191---
192data: |
193 -----BEGIN RSA PRIVATE KEY-----
194 MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB
195 6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO
196 RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe
197 jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF
198 jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI
199 0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw
200 qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy
201 bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK
202 y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn
203 hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv
204 Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr
205 V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv
206 meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm
207 Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN
208 qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq
209 /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa
210 wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn
211 h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g
212 ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd
213 +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY
214 OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67
215 PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF
216 o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z
217 JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w
218 VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t
219 -----END RSA PRIVATE KEY-----
220metadata:
221 layeringDefinition:
222 abstract: false
223 layer: site
224 name: kubernetes-etcd
225 schema: metadata/Document/v1
226 storagePolicy: cleartext
227schema: deckhand/CertificateAuthorityKey/v1
228---
229data: |
230 -----BEGIN RSA PRIVATE KEY-----
231 MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b
232 A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS
233 vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0
234 w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3
235 q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6
236 GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V
237 tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL
238 kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR
239 w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM
240 NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT
241 cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX
242 GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL
243 KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp
244 FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ
245 q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ
246 9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/
247 yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm
248 cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG
249 t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc
250 e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9
251 EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN
252 qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O
253 s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl
254 t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM
255 E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg==
256 -----END RSA PRIVATE KEY-----
257metadata:
258 layeringDefinition:
259 abstract: false
260 layer: site
261 name: kubernetes-etcd-peer
262 schema: metadata/Document/v1
263 storagePolicy: cleartext
264schema: deckhand/CertificateAuthorityKey/v1
265---
266data: |
267 -----BEGIN RSA PRIVATE KEY-----
268 MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj
269 wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq
270 IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9
271 6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP
272 mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7
273 EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm
274 fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t
275 aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN
276 iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO
277 QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA
278 2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f
279 8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8
280 uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE
281 rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV
282 CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ
283 LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u
284 3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ
285 qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc
286 ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy
287 Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n
288 +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ
289 +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C
290 N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY
291 JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf
292 SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg==
293 -----END RSA PRIVATE KEY-----
294metadata:
295 layeringDefinition:
296 abstract: false
297 layer: site
298 name: calico-etcd
299 schema: metadata/Document/v1
300 storagePolicy: cleartext
301schema: deckhand/CertificateAuthorityKey/v1
302---
303data: |
304 -----BEGIN RSA PRIVATE KEY-----
305 MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO
306 cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI
307 OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp
308 90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+
309 aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv
310 ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq
311 sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB
312 PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh
313 WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj
314 SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6
315 v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR
316 +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O
317 OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV
318 FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63
319 l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+
320 R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh
321 oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI
322 fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len
323 mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H
324 9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/
325 j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc
326 V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy
327 PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A
328 gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz
329 MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc=
330 -----END RSA PRIVATE KEY-----
331metadata:
332 layeringDefinition:
333 abstract: false
334 layer: site
335 name: calico-etcd-peer
336 schema: metadata/Document/v1
337 storagePolicy: cleartext
338schema: deckhand/CertificateAuthorityKey/v1
339---
340data: |
341 -----BEGIN CERTIFICATE-----
342 MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL
343 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
344 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
345 cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E
346 7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo
347 BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv
348 ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW
349 nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3
350 tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6
351 eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
352 BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK
353 o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw
354 gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
355 LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
356 YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
357 LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b
358 aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci
359 DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8
360 f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4
361 xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR
362 nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE
363 hZ31xtrZ
364 -----END CERTIFICATE-----
365metadata:
366 layeringDefinition:
367 abstract: false
368 layer: site
369 name: apiserver
370 schema: metadata/Document/v1
371 storagePolicy: cleartext
372schema: deckhand/Certificate/v1
373---
374data: |
375 -----BEGIN CERTIFICATE-----
376 MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL
377 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
378 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
379 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
380 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ
381 d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m
382 xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW
383 SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6
384 vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC
385 87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA
386 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
387 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P
388 0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
389 DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM
390 4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw
391 bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS
392 TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC
393 5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc
394 2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex
395 +dVrrs9WHz75bkI2WjM=
396 -----END CERTIFICATE-----
397metadata:
398 layeringDefinition:
399 abstract: false
400 layer: site
401 name: kubelet-genesis
402 schema: metadata/Document/v1
403 storagePolicy: cleartext
404schema: deckhand/Certificate/v1
405---
406data: |
407 -----BEGIN CERTIFICATE-----
408 MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL
409 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
410 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
411 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
412 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH
413 1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39
414 l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61
415 Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ
416 /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX
417 cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA
418 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
419 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO
420 FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
421 DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1
422 +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE
423 sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P
424 SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q
425 LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1
426 xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK
427 QijkMKvqKTOlnfNKDfc=
428 -----END CERTIFICATE-----
429metadata:
430 layeringDefinition:
431 abstract: false
432 layer: site
433 name: kubelet-cab23-r720-11
434 schema: metadata/Document/v1
435 storagePolicy: cleartext
436schema: deckhand/Certificate/v1
437---
438data: |
439 -----BEGIN CERTIFICATE-----
440 MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL
441 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
442 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
443 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw
444 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL
445 832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp
446 Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N
447 Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH
448 ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n
449 z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA
450 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
451 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf
452 zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
453 DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER
454 bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs
455 /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp
456 z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS
457 79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7
458 ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO
459 g4yoDBEEyyW9r5Eueog=
460 -----END CERTIFICATE-----
461metadata:
462 layeringDefinition:
463 abstract: false
464 layer: site
465 name: kubelet-cab23-r720-12
466 schema: metadata/Document/v1
467 storagePolicy: cleartext
468schema: deckhand/Certificate/v1
469---
470data: |
471 -----BEGIN CERTIFICATE-----
472 MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL
473 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
474 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
475 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw
476 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i
477 lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B
478 Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH
479 0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL
480 K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1
481 S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA
482 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
483 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf
484 UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
485 DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH
486 hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM
487 R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP
488 aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n
489 DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf
490 m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq
491 1IDSL9AZgtvpDsmvRCs=
492 -----END CERTIFICATE-----
493metadata:
494 layeringDefinition:
495 abstract: false
496 layer: site
497 name: kubelet-cab23-r720-13
498 schema: metadata/Document/v1
499 storagePolicy: cleartext
500schema: deckhand/Certificate/v1
501---
502data: |
503 -----BEGIN CERTIFICATE-----
504 MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL
505 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
506 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
507 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw
508 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ
509 Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g
510 CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X
511 Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF
512 lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i
513 V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA
514 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
515 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ
516 2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
517 DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim
518 WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5
519 AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF
520 242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9
521 iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn
522 W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd
523 nTuWAQKSi1NkrbMGPbM=
524 -----END CERTIFICATE-----
525metadata:
526 layeringDefinition:
527 abstract: false
528 layer: site
529 name: kubelet-cab23-r720-14
530 schema: metadata/Document/v1
531 storagePolicy: cleartext
532schema: deckhand/Certificate/v1
533---
534data: |
535 -----BEGIN CERTIFICATE-----
536 MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL
537 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
538 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
539 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw
540 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok
541 +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd
542 7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7
543 KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr
544 o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs
545 aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA
546 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
547 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE
548 vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
549 DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c
550 +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ
551 nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7
552 5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K
553 3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh
554 HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz
555 zr1W0czzU7eCi2O0qCU=
556 -----END CERTIFICATE-----
557metadata:
558 layeringDefinition:
559 abstract: false
560 layer: site
561 name: kubelet-cab23-r720-17
562 schema: metadata/Document/v1
563 storagePolicy: cleartext
564schema: deckhand/Certificate/v1
565---
566data: |
567 -----BEGIN CERTIFICATE-----
568 MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL
569 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
570 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
571 bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw
572 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk
573 kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK
574 vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO
575 35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP
576 rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK
577 mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA
578 AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
579 AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl
580 HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
581 DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g
582 CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2
583 cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9
584 kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5
585 ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01
586 5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9
587 84nzOVurqWynOCj0k3o=
588 -----END CERTIFICATE-----
589metadata:
590 layeringDefinition:
591 abstract: false
592 layer: site
593 name: kubelet-cab23-r720-19
594 schema: metadata/Document/v1
595 storagePolicy: cleartext
596schema: deckhand/Certificate/v1
597---
598data: |
599 -----BEGIN CERTIFICATE-----
600 MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL
601 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
602 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
603 bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
604 AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH
605 64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q
606 EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n
607 hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp
608 MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm
609 VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
610 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
611 BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY
612 /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK
613 5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f
614 jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl
615 tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY
616 nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR
617 n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA==
618 -----END CERTIFICATE-----
619metadata:
620 layeringDefinition:
621 abstract: false
622 layer: site
623 name: scheduler
624 schema: metadata/Document/v1
625 storagePolicy: cleartext
626schema: deckhand/Certificate/v1
627---
628data: |
629 -----BEGIN CERTIFICATE-----
630 MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL
631 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
632 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
633 bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
634 ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5
635 ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5
636 PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp
637 nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7
638 VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V
639 xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
640 AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
641 MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh
642 lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo
643 QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x
644 CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv
645 yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3
646 OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A
647 qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG
648 IoGdwQ==
649 -----END CERTIFICATE-----
650metadata:
651 layeringDefinition:
652 abstract: false
653 layer: site
654 name: controller-manager
655 schema: metadata/Document/v1
656 storagePolicy: cleartext
657schema: deckhand/Certificate/v1
658---
659data: |
660 -----BEGIN CERTIFICATE-----
661 MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL
662 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
663 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
664 bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
665 ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9
666 lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F
667 u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP
668 bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N
669 NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb
670 xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
671 AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
672 MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh
673 lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz
674 ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25
675 xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx
676 TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ
677 Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp
678 H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn
679 2BPjNA==
680 -----END CERTIFICATE-----
681metadata:
682 layeringDefinition:
683 abstract: false
684 layer: site
685 name: admin
686 schema: metadata/Document/v1
687 storagePolicy: cleartext
688schema: deckhand/Certificate/v1
689---
690data: |
691 -----BEGIN CERTIFICATE-----
692 MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL
693 BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
694 Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
695 bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
696 DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl
697 +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R
698 VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J
699 s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN
700 RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D
701 BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE
702 AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
703 ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr
704 4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2
705 8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj
706 VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq
707 rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG
708 mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3
709 ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg
710 syTdZ3I=
711 -----END CERTIFICATE-----
712metadata:
713 layeringDefinition:
714 abstract: false
715 layer: site
716 name: armada
717 schema: metadata/Document/v1
718 storagePolicy: cleartext
719schema: deckhand/Certificate/v1
720---
721data: |
722 -----BEGIN CERTIFICATE-----
723 MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL
724 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
725 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ
726 YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA
727 bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg
728 dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT
729 VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N
730 Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF
731 64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X
732 P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
733 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W
734 VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH
735 MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X
736 5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x
737 yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU
738 eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D
739 UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c
740 i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD
741 -----END CERTIFICATE-----
742metadata:
743 layeringDefinition:
744 abstract: false
745 layer: site
746 name: apiserver-etcd
747 schema: metadata/Document/v1
748 storagePolicy: cleartext
749schema: deckhand/Certificate/v1
750---
751data: |
752 -----BEGIN CERTIFICATE-----
753 MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL
754 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
755 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG
756 YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ
757 nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO
758 FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r
759 G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv
760 HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD
761 e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW
762 PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
763 BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9
764 kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G
765 CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU
766 2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN
767 hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M
768 yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO
769 1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD
770 PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9
771 -----END CERTIFICATE-----
772metadata:
773 layeringDefinition:
774 abstract: false
775 layer: site
776 name: kubernetes-etcd-anchor
777 schema: metadata/Document/v1
778 storagePolicy: cleartext
779schema: deckhand/Certificate/v1
780---
781data: |
782 -----BEGIN CERTIFICATE-----
783 MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL
784 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
785 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX
786 a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
787 ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6
788 92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA
789 yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO
790 xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0
791 kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA
792 gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD
793 AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
794 MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ
795 5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh
796 bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
797 b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
798 gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav
799 7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu
800 GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2
801 o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af
802 mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j
803 Tib+SzbWdTFqGbMPk9MEfA==
804 -----END CERTIFICATE-----
805metadata:
806 layeringDefinition:
807 abstract: false
808 layer: site
809 name: kubernetes-etcd-genesis
810 schema: metadata/Document/v1
811 storagePolicy: cleartext
812schema: deckhand/Certificate/v1
813---
814data: |
815 -----BEGIN CERTIFICATE-----
816 MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL
817 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
818 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
819 a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA
820 A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf
821 d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ
822 Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T
823 VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw
824 zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS
825 X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P
826 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
827 Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW
828 gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx
829 gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
830 c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
831 AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il
832 655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68
833 FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau
834 rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH
835 PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5
836 EQlDREoA0bLsv7s0L7v2Vwp5bFox7g==
837 -----END CERTIFICATE-----
838metadata:
839 layeringDefinition:
840 abstract: false
841 layer: site
842 name: kubernetes-etcd-cab23-r720-11
843 schema: metadata/Document/v1
844 storagePolicy: cleartext
845schema: deckhand/Certificate/v1
846---
847data: |
848 -----BEGIN CERTIFICATE-----
849 MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL
850 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
851 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
852 a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA
853 A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE
854 YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ
855 s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi
856 rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv
857 oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR
858 4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P
859 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
860 Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW
861 gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy
862 gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
863 c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
864 AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz
865 UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN
866 ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w
867 F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK
868 SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq
869 EWp+HehyXnaLegneQ+leO8NmE0fcNw==
870 -----END CERTIFICATE-----
871metadata:
872 layeringDefinition:
873 abstract: false
874 layer: site
875 name: kubernetes-etcd-cab23-r720-12
876 schema: metadata/Document/v1
877 storagePolicy: cleartext
878schema: deckhand/Certificate/v1
879---
880data: |
881 -----BEGIN CERTIFICATE-----
882 MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL
883 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
884 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
885 a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA
886 A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC
887 hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X
888 Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh
889 2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb
890 rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb
891 3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P
892 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
893 Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW
894 gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz
895 gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
896 c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
897 AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa
898 1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2
899 MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G
900 SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs
901 TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu
902 fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg==
903 -----END CERTIFICATE-----
904metadata:
905 layeringDefinition:
906 abstract: false
907 layer: site
908 name: kubernetes-etcd-cab23-r720-13
909 schema: metadata/Document/v1
910 storagePolicy: cleartext
911schema: deckhand/Certificate/v1
912---
913data: |
914 -----BEGIN CERTIFICATE-----
915 MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL
916 BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
917 dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
918 a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA
919 A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/
920 KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz
921 +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt
922 To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD
923 0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy
924 YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P
925 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
926 Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW
927 gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0
928 gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
929 c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
930 AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR
931 l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX
932 ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U
933 JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV
934 ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4
935 yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA==
936 -----END CERTIFICATE-----
937metadata:
938 layeringDefinition:
939 abstract: false
940 layer: site
941 name: kubernetes-etcd-cab23-r720-14
942 schema: metadata/Document/v1
943 storagePolicy: cleartext
944schema: deckhand/Certificate/v1
945---
946data: |
947 -----BEGIN CERTIFICATE-----
948 MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL
949 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
950 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD
951 VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
952 AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD
953 LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0
954 VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+
955 J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi
956 Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f
957 irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G
958 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
959 VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j
960 BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy
961 MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
962 LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN
963 AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT
964 7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4
965 5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL
966 4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI
967 hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz
968 hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo=
969 -----END CERTIFICATE-----
970metadata:
971 layeringDefinition:
972 abstract: false
973 layer: site
974 name: kubernetes-etcd-genesis-peer
975 schema: metadata/Document/v1
976 storagePolicy: cleartext
977schema: deckhand/Certificate/v1
978---
979data: |
980 -----BEGIN CERTIFICATE-----
981 MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL
982 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
983 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
984 VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq
985 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d
986 uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX
987 s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/
988 zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5
989 gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS
990 89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs
991 MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
992 AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw
993 HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
994 MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
995 ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ
996 KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M
997 sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN
998 2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q
999 biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO
1000 URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC
1001 NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ=
1002 -----END CERTIFICATE-----
1003metadata:
1004 layeringDefinition:
1005 abstract: false
1006 layer: site
1007 name: kubernetes-etcd-cab23-r720-11-peer
1008 schema: metadata/Document/v1
1009 storagePolicy: cleartext
1010schema: deckhand/Certificate/v1
1011---
1012data: |
1013 -----BEGIN CERTIFICATE-----
1014 MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL
1015 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
1016 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
1017 VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq
1018 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E
1019 RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh
1020 DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj
1021 UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV
1022 6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e
1023 WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs
1024 MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
1025 AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw
1026 HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
1027 MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
1028 ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ
1029 KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U
1030 Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk
1031 tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh
1032 QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u
1033 x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK
1034 1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM=
1035 -----END CERTIFICATE-----
1036metadata:
1037 layeringDefinition:
1038 abstract: false
1039 layer: site
1040 name: kubernetes-etcd-cab23-r720-12-peer
1041 schema: metadata/Document/v1
1042 storagePolicy: cleartext
1043schema: deckhand/Certificate/v1
1044---
1045data: |
1046 -----BEGIN CERTIFICATE-----
1047 MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL
1048 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
1049 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
1050 VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq
1051 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z
1052 LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi
1053 ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP
1054 e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4
1055 cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud
1056 s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs
1057 MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
1058 AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w
1059 HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
1060 MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
1061 ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ
1062 KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8
1063 gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7
1064 /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1
1065 ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v
1066 YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv
1067 N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs=
1068 -----END CERTIFICATE-----
1069metadata:
1070 layeringDefinition:
1071 abstract: false
1072 layer: site
1073 name: kubernetes-etcd-cab23-r720-13-peer
1074 schema: metadata/Document/v1
1075 storagePolicy: cleartext
1076schema: deckhand/Certificate/v1
1077---
1078data: |
1079 -----BEGIN CERTIFICATE-----
1080 MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL
1081 BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
1082 dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
1083 VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq
1084 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3
1085 15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3
1086 chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC
1087 jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW
1088 bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3
1089 zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs
1090 MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
1091 AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw
1092 HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
1093 MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
1094 ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ
1095 KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t
1096 mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5
1097 vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF
1098 kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB
1099 MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2
1100 2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ=
1101 -----END CERTIFICATE-----
1102metadata:
1103 layeringDefinition:
1104 abstract: false
1105 layer: site
1106 name: kubernetes-etcd-cab23-r720-14-peer
1107 schema: metadata/Document/v1
1108 storagePolicy: cleartext
1109schema: deckhand/Certificate/v1
1110---
1111data: |
1112 -----BEGIN CERTIFICATE-----
1113 MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL
1114 BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
1115 HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo
1116 b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD
1117 XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD
1118 xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB
1119 4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP
1120 CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K
1121 XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b
1122 7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
1123 AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ
1124 KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI
1125 hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU
1126 KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH
1127 ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg
1128 D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W
1129 VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g
1130 OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs=
1131 -----END CERTIFICATE-----
1132metadata:
1133 layeringDefinition:
1134 abstract: false
1135 layer: site
1136 name: calico-etcd-anchor
1137 schema: metadata/Document/v1
1138 storagePolicy: cleartext
1139schema: deckhand/Certificate/v1
1140---
1141data: |
1142 -----BEGIN CERTIFICATE-----
1143 MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL
1144 BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
1145 HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
1146 Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
1147 CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl
1148 UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z
1149 /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT
1150 0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR
1151 Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx
1152 c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
1153 oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
1154 BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf
1155 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo
1156 b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm
1157 IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY
1158 Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy
1159 sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U
1160 EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo
1161 okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ
1162 gqaXdbwIVm/8DnV2w2Da
1163 -----END CERTIFICATE-----
1164metadata:
1165 layeringDefinition:
1166 abstract: false
1167 layer: site
1168 name: calico-etcd-cab23-r720-11
1169 schema: metadata/Document/v1
1170 storagePolicy: cleartext
1171schema: deckhand/Certificate/v1
1172---
1173data: |
1174 -----BEGIN CERTIFICATE-----
1175 MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL
1176 BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
1177 HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
1178 Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
1179 CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF
1180 CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy
1181 PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq
1182 II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y
1183 ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL
1184 2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
1185 oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
1186 BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf