Create initial set of site artifacts for pod18

Change-Id: If297227865597354c85467b918405cf5cf170355
Signed-off-by: Roy Tang <roy.s.tang@att.com>

diff --git a/site/intel-pod18/baremetal/nodes.yaml b/site/intel-pod18/baremetal/nodes.yaml
new file mode 100644 (file)
index 0000000..1a9de66
--- /dev/null
+++ b/site/intel-pod18/baremetal/nodes.yaml
@@ -0,0 +1,220 @@
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only three bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a difference
+# place (profiles/genesis.yaml).
+# NOTE: The host profiles for the control plane are further divided into two
+# variants: primary and secondary. The only significance this has is that the
+# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
+# standby nodes. For Ceph quorum, this means that the control plane split will
+# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
+# of the 3 primary profiles. Other control plane services are not affected by
+# primary vs secondary designation.
+#
+# TODO: Include the hostname naming convention
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+  # after (excluding) genesis.
+  name: pod18-node2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+  # node. In the reference Airship deployment, this is all logical Networks defined
+  # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+  # (what could possibly go wrong!) The instructions differ for each logical
+  # network, which are laid out below.
+  addressing:
+    # The iDrac/iLo IP of the node. It's important that this match up with the
+    # node's hostname above, so that the rack number and node position encoded
+    # in the hostname are accurate and matching the node that IPMI operations
+    # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+    # reconfigure identity, etc - very important to get right for these reasons).
+    # These addresses should already be assigned to nodes racked and stacked in
+    # the environment; these are not addresses which MaaS assigns.
+    - network: oob
+      address: 10.10.180.12
+    # The IP of the node on the PXE network. Refer to the static IP range
+    # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
+    # IPs from this network, starting with the second IP (inclusive) from the
+    # allocation range of this subnet (Genesis node will have the first IP).
+    # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
+    # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
+    # so on with incrementing IP addresses with each additional node.
+    - network: dmz
+      address: 10.10.180.22
+    # Genesis node gets first IP, all other nodes increment IPs from there
+    # within the allocation range defined for the network in
+    # networks/physical/networks.yaml
+    - network: admin
+      address: 10.10.181.22
+    # Genesis node gets first IP, all other nodes increment IPs from there
+    # within the allocation range defined for the network in
+    # networks/physical/networks.yaml
+    - network: private
+      address: 10.10.182.22
+    # Genesis node gets first IP, all other nodes increment IPs from there
+    # within the allocation range defined for the network in
+    # networks/physical/networks.yaml
+    - network: storage
+      address: 10.10.183.22
+    # Genesis node gets first IP, all other nodes increment IPs from there
+    # within the allocation range defined for the network in
+    # networks/physical/networks.yaml
+    - network: management
+      address: 10.10.184.22
+  # NEWSITE-CHANGEME: Set the host profile for the node.
+  # Note that there are different host profiles depending if this is a control
+  # plane vs data plane node, and different profiles that map to different types
+  # hardware. Control plane host profiles are further broken down into "primary"
+  # and "secondary" profiles (refer to the Notes section at the top of this doc).
+  # Select the host profile that matches up to your type of
+  # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+  # 'cp' refers to a control plane profile, and the "primary" means it will be
+  # an active member in the ceph quorum. Refer to profiles/host/ for the list
+  # of available host profiles specific to this site (otherwise, you may find
+  # a general set of host profiles at the "type" or "global" layers/folders.
+  # If you have hardware that is not on this list of profiles, you may need to
+  # create a new host profile for that hardware.
+  # Regarding control plane vs other data plane profiles, refer to the notes at
+  # the beginning of this file. There should be one control plane node per rack,
+  # including Genesis. Note Genesis won't actually be listed in this file as a
+  # BaremetalNode, but the rest are.
+  # This is the second "primary" control plane node after Genesis.
+  host_profile: cp-intel-s2600wt
+  metadata:
+    tags:
+      # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+      # plane node, and 'workers' tag for data plane hosts.
+      - 'masters'
+    # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+    # documentation for the specific rack name. This should be a rack name that
+    # is meaningful to data center personnel (i.e. a rack they could locate if
+    # you gave them this rack designation).
+    rack: pod18-rack
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod18-node3
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.180.13
+    - network: dmz
+      address: 10.10.180.23
+    - network: admin
+      address: 10.10.181.23
+    - network: private
+      address: 10.10.182.23
+    - network: storage
+      address: 10.10.183.23
+    - network: management
+      address: 10.10.184.23
+  # NEWSITE-CHANGEME: The next node's host profile
+  # This is the third "primary" control plane profile after genesis
+  host_profile: cp-intel-s2600wt
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod18-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod18-node4
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.180.14
+    - network: dmz
+      address: 10.10.180.24
+    - network: admin
+      address: 10.10.181.24
+    - network: private
+      address: 10.10.182.24
+    - network: storage
+      address: 10.10.183.24
+    - network: management
+      address: 10.10.184.24
+  # NEWSITE-CHANGEME: The next node's host profile
+  # This is the one and only appearance of the "secondary" control plane profile
+  host_profile: dp-intel-s2600wt
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod18-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod18-node5
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.180.15
+    - network: dmz
+      address: 10.10.180.25
+    - network: admin
+      address: 10.10.181.25
+    - network: private
+      address: 10.10.182.25
+    - network: storage
+      address: 10.10.183.25
+    - network: management
+      address: 10.10.184.25
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: dp-intel-s2600wt
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod18-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...

diff --git a/site/intel-pod18/networks/common-addresses.yaml b/site/intel-pod18/networks/common-addresses.yaml
new file mode 100644 (file)
index 0000000..d113560
--- /dev/null
+++ b/site/intel-pod18/networks/common-addresses.yaml
@@ -0,0 +1,155 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    # NEWSITE-CHANGEME: The interface that calico will use. Update if your
+    # logical bond interface name or calico VLAN have changed from the reference
+    # site design.
+    # This should be whichever
+    # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
+    # network. E.g. VLAN 22 for the calico network as a member of bond0, you
+    # would set "interface=bond0.22" as shown here.
+    ip_autodetection_method: interface=ens785f0
+    etcd:
+      # etcd service IP address
+      service_ip: 10.96.232.136
+
+  vip:
+    ingress_vip: '10.10.180.100/32'
+    maas_vip: '10.10.181.100/32'
+
+  dns:
+    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+    cluster_domain: cluster.local
+    # DNS service ip
+    service_ip: 10.96.0.10
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    upstream_servers:
+      - 8.8.8.8
+      - 8.8.4.4
+    # Repeat the same values as above, but formatted as a common separated
+    # string
+    upstream_servers_joined: 8.8.8.8,8.8.4.4
+    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+    # Choose FQDN according to the ingress/public FQDN naming conventions at
+    # the top of this document.
+    ingress_domain: intel-pod18.opnfv.org
+
+  genesis:
+    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+    # the Genesis role. Refer to the hostname naming stardards in
+    # networks/physical/networks.yaml
+    # NOTE: Ensure that the genesis node is manually configured with this
+    # hostname before running `genesis.sh` on the node.
+    hostname: pod18-node1
+    # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
+    # the calico network defined in networks/physical/networks.yaml for this IP.
+    ip: 10.10.182.21
+
+  bootstrap:
+    # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
+    # defined for the pxe network in networks/physical/networks.yaml
+    ip: 10.10.181.21
+
+  kubernetes:
+    # K8s API service IP
+    api_service_ip: 10.96.0.1
+    # etcd service IP
+    etcd_service_ip: 10.96.0.2
+    # k8s pod CIDR (network which pod traffic will traverse)
+    pod_cidr: 10.97.0.0/16
+    # k8s service CIDR (network which k8s API traffic will traverse)
+    service_cidr: 10.96.0.0/16
+    # misc k8s port settings
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-32767
+
+  # etcd port settings
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
+  # control plane servers. Ensure that this matches the nodes with the 'masters'
+  # tags applied in baremetal/nodes.yaml
+  masters:
+    - hostname: pod18-node2
+    - hostname: pod18-node3
+
+  # NEWSITE-CHANGEME: Environment proxy information.
+  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+  # should be commented out.
+  # However if you are in a lab that requires proxy, ensure that these proxy
+  # settings are correct and reachable in your environment; otherwise update
+  # them with the correct values for your environment.
+  proxy:
+    http: ""
+    https: ""
+    no_proxy: []
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+    maas_proxy: 31800  # hardcoded in MAAS
+
+  ntp:
+    # comma separated NTP server list. Verify that these upstream NTP servers are
+    # reachable in your environment; otherwise update them with the correct
+    # values for your environment.
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+  # NOTE: This will be updated soon
+  ldap:
+    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+    # relevant for your type of deployment (test vs prod values, etc).
+    base_url: 'ldap.example.com'
+    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+    url: 'ldap://ldap.example.com'
+    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+    # deployment (test vs prod values, etc)
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+    # relevant for this deployment (test users vs prod users/values, etc)
+    common_name: test
+    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+    # deployment (test vs prod values, etc)
+    subdomain: test
+    # NEWSITE-CHANGEME: Update to the correct domain for your type of
+    # deployment (test vs prod values, etc)
+    domain: example
+
+  storage:
+    ceph:
+      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+      # used for the `storage` network in networks/physical/networks.yaml
+      public_cidr: '10.10.183.0/24'
+      cluster_cidr: '10.10.183.0/24'
+
+  neutron:
+    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
+    # VLAN number are consistent with what's defined for the bond and the overlay
+    # network in networks/physical/networks.yaml
+    tunnel_device: 'ens785f0'
+    # bond which the overlay is a member of. Ensure the bond name is consistent
+    # with the bond assigned to the overlay network in
+    # networks/physical/networks.yaml
+    external_iface: 'ens785f1.1183'
+
+  openvswitch:
+    # bond which the overlay is a member of. Ensure the bond name is consistent
+    # with the bond assigned to the overlay network in
+    # networks/physical/networks.yaml
+    external_iface: 'ens785f1.1183'
+...

diff --git a/site/intel-pod18/networks/physical/networks.yaml b/site/intel-pod18/networks/physical/networks.yaml
new file mode 100644 (file)
index 0000000..f76d4d3
--- /dev/null
+++ b/site/intel-pod18/networks/physical/networks.yaml
@@ -0,0 +1,365 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations). The following is standard
+# for the logical networks in Airship:
+#
+# https://wiki.opnfv.org/display/pharos/Intel+POD18
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |        |            |                                   |          |          |                |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G  | dmz        | OoB & OAM (default route)         | VLAN 180 | untagged | 10.10.180.0/24 |
+# |IF1 1G  | admin      | PXE boot network                  | VLAN 181 | untagged | 10.10.181.0/24 |
+# |IF2 10G | private    | Underlay calico and ovs overlay   | VLAN 182 | untagged | 10.10.182.0/24 |
+# |        | management | Management (unused for now)       | VLAN 184 | tagged   | 10.10.184.0/24 |
+# |IF3 10G | storage    | Storage network                   | VLAN 183 | untagged | 10.10.183.0/24 |
+# |        | public     | Public network for VMs            | VLAN 185 | tagged   | 10.10.185.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+# TODO: Given that we expect all network broadcast domains to span all racks in
+# Airship, we should choose network names that do not include the rack number.
+#
+# TODO: FQDN naming standards for hosts
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # MaaS doesnt own this network like it does the others, so the noconfig label
+  # is specified.
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+  cidr: 10.10.180.0/24
+  routes:
+    # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+    - subnet: '0.0.0.0/0'
+      gateway: 10.10.180.1
+      metric: 100
+  # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
+  # FIXME: Is this IP range actually used/allocated for anything? The HW already
+  # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
+  # network either, as they should be routable via the default gw on OAM network
+  ranges:
+    - type: static
+      start: 10.10.180.20
+      end: 10.10.180.39
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: dmz
+  allowed_networks:
+    - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+  cidr: 10.10.180.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+      gateway: 10.10.180.1
+      metric: 100
+  # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
+  # The remainder of the range is divided between two subnets of equal size:
+  # one static, and one DHCP.
+  # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
+  # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
+  # its IP address). However, when MaaS installs the operating system
+  # ("Deploying/Deployed" states), it will write a static IP assignment to
+  # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
+  ranges:
+    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+    - type: reserved
+      start: 10.10.180.1
+      end: 10.10.180.19
+    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+    # excluding the 10 reserved IPs.
+    - type: static
+      start: 10.10.180.20
+      end: 10.10.180.39
+    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+    # excluding the 10 reserved IPs.
+    - type: dhcp
+      start: 10.10.180.40
+      end: 10.10.180.79
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod18.opnfv.org
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: admin
+  allowed_networks:
+    - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+  cidr: 10.10.181.0/24
+  # routes:
+  #   - subnet: 0.0.0.0/0
+  #     # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+  #     gateway: 10.10.181.1
+  #     metric: 100
+  # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
+  # The remainder of the range is divided between two subnets of equal size:
+  # one static, and one DHCP.
+  # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
+  # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
+  # its IP address). However, when MaaS installs the operating system
+  # ("Deploying/Deployed" states), it will write a static IP assignment to
+  # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
+  ranges:
+    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+    - type: reserved
+      start: 10.10.181.1
+      end: 10.10.181.19
+    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+    # excluding the 10 reserved IPs.
+    - type: static
+      start: 10.10.181.20
+      end: 10.10.181.39
+    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+    # excluding the 10 reserved IPs.
+    - type: dhcp
+      start: 10.10.181.40
+      end: 10.10.181.79
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod18.opnfv.org
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '10.10.181.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater. Even if switches are configured for or
+  # can support a slightly higher MTU, there is no need (and negliable benefit)
+  # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
+  # 9100 for maximum compatibility.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - private
+    - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: private
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
+  vlan: '0'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the storage network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.182.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+    # 10 reserved IPs.
+    - type: static
+      start: 10.10.182.1
+      end: 10.10.182.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: management
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
+  vlan: '184'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the OAM network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.184.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+      gateway: 10.10.184.1
+      metric: 100
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+    # 10 reserved IPs.
+    - type: static
+      start: 10.10.184.1
+      end: 10.23.21.19
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod18.opnfv.org
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater. Even if switches are configured for or
+  # can support a slightly higher MTU, there is no need (and negliable benefit)
+  # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
+  # 9100 for maximum compatibility.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+    default_network: storage
+  allowed_networks:
+    - storage
+    - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
+  vlan: '0'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the storage network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.183.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+    # 10 reserved IPs.
+    - type: static
+      start: 10.10.183.1
+      end: 10.10.183.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: public
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '1183'
+  mtu: 1500
+  cidr: 10.10.185.0/24
+...

diff --git a/site/intel-pod18/pki/pki-catalog.yaml b/site/intel-pod18/pki/pki-catalog.yaml
new file mode 100644 (file)
index 0000000..6722c2d
--- /dev/null
+++ b/site/intel-pod18/pki/pki-catalog.yaml
@@ -0,0 +1,292 @@
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            # FIXME: Repetition of api_service_ip in common-addresses; use
+            # substitution
+            - 10.96.0.1
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+
+        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+        # the environment (genesis, control plane, data plane, everything).
+        # Add/delete from this list as necessary until all nodes are listed.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        # NOTE: The genesis node needs to be defined twice (the first two entries
+        # on this list) with all of the same paramters except the document_name.
+        # In the first case the document_name is `kubelet-genesis`, and in the
+        # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
+        - document_name: kubelet-genesis
+          common_name: system:node:pod18-node1
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod18-node1
+          common_name: system:node:pod18-node1
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod18-node2
+          common_name: system:node:pod18-node2
+          hosts:
+            - pod18-node2
+            - 10.10.182.22
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod18-node3
+          common_name: system:node:pod18-node3
+          hosts:
+            - pod18-node3
+            - 10.10.182.23
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod18-node4
+          common_name: system:node:pod18-node4
+          hosts:
+            - pod18-node4
+            - 10.10.182.24
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod18-node5
+          common_name: system:node:pod18-node5
+          hosts:
+            - pod18-node5
+            - 10.10.182.25
+          groups:
+            - system:nodes
+        # End node list
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+        # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   4. 127.0.0.1
+        #   5. localhost
+        #   6. kubernetes-etcd.kube-system.svc.cluster.local
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml, except for the kubernetes
+        # service_cidr where it should start with the second IP in the range.
+        # NOTE: The genesis node is defined twice with the same `hosts` data:
+        # Once with its hostname in the common/document name, and once with
+        # `genesis` defined instead of the host. For now, this duplicated
+        # genesis definition is required. FIXME: Remove duplicate definition
+        # after Promenade addresses this issue.
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node1
+          common_name: kubernetes-etcd-pod18-node1
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node2
+          common_name: kubernetes-etcd-pod18-node2
+          hosts:
+            - pod18-node2
+            - 10.10.182.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node3
+          common_name: kubernetes-etcd-pod18-node3
+          hosts:
+            - pod18-node3
+            - 10.10.182.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    kubernetes-etcd-peer:
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node1-peer
+          common_name: kubernetes-etcd-pod18-node1-peer
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node2-peer
+          common_name: kubernetes-etcd-pod18-node2-peer
+          hosts:
+            - pod18-node2
+            - 10.10.182.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod18-node3-peer
+          common_name: kubernetes-etcd-pod18-node3-peer
+          hosts:
+            - pod18-node3
+            - 10.10.182.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+        #   3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   4. 127.0.0.1
+        #   5. localhost
+        #   6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        - document_name: calico-etcd-pod18-node1
+          common_name: calico-etcd-pod18-node1
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod18-node2
+          common_name: calico-etcd-pod18-node2
+          hosts:
+            - pod18-node2
+            - 10.10.182.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod18-node3
+          common_name: calico-etcd-pod18-node3
+          hosts:
+            - pod18-node3
+            - 10.10.182.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node
+          common_name: calcico-node
+        # End node list
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: calico-etcd-pod18-node1-peer
+          common_name: calico-etcd-pod18-node1-peer
+          hosts:
+            - pod18-node1
+            - 10.10.182.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod18-node2-peer
+          common_name: calico-etcd-pod18-node2-peer
+          hosts:
+            - pod18-node2
+            - 10.10.182.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod18-node3-peer
+          common_name: calico-etcd-pod18-node3-peer
+          hosts:
+            - pod18-node3
+            - 10.10.182.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
+        # End node list
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...

diff --git a/site/intel-pod18/profiles/region.yaml b/site/intel-pod18/profiles/region.yaml
new file mode 100644 (file)
index 0000000..e37aad0
--- /dev/null
+++ b/site/intel-pod18/profiles/region.yaml
@@ -0,0 +1,60 @@
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the site name
+  name: intel-pod18
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .repositories.main_archive
+      src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .packages.repositories.main_archive
+    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+    # list of authorized keys which MaaS will register for the build-in "ubuntu"
+    # account during the PXE process. Create a substitution rule for each SSH
+    # key that should have access to the "ubuntu" account (useful for trouble-
+    # shooting problems before UAM or UAM-lite is operational). SSH keys are
+    # stored as secrets in site/seaworthy/secrets.
+    - dest:
+        # Add/replace the item in the list
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        # This should match the "name" metadata of the SSH key which will be
+        # substituted, located in site/intel-pod18/secrets folder.
+        name: grego_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[1]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: kasparss_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[2]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: miniroy_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  # This is the list of SSH keys which MaaS will register for the built-in
+  # "ubuntu" account during the PXE process. This list is populated by
+  # substitution, so the same SSH keys do not need to be repeated in multiple
+  # manifests.
+  authorized_keys: []
+  repositories:
+    remove_unlisted: true
+...

diff --git a/site/intel-pod18/secrets/certificates/certificates.yaml b/site/intel-pod18/secrets/certificates/certificates.yaml
new file mode 100644 (file)
index 0000000..4179ea4
--- /dev/null
+++ b/site/intel-pod18/secrets/certificates/certificates.yaml
@@ -0,0 +1,2456 @@
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSDCCAjCgAwIBAgIUfRKmWCzUMEz+Qyn9PzxOdl+Oqv8wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yNDA5MDIxNTIzMDBaMCoxEzARBgNVBAoTCkt1YmVy
+  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQDXTmY4VfQA0JxVmtZRtiNl0rmDGNx9mzxGyDdibTqlXLHq2Lfs
+  UlfHZ8ttoMIn49EQAGVQCyO5Ci2Q1EvYcnuHDHRCywKYmRIFkwD3/OBdRfVOK/4Y
+  3unI7UUb7LwoKghOdEELARTVhC3Vog4qSg9VWeNWbG/qTAE0uX2HVNBj4643DLru
+  KlyopTix0PzlCffAn8MoKGvIp2h2GeqCiwJYDCbrZ4c4iMspwhfshBqULZXD72kj
+  GhgqUkLmB7AeyKjfPPTrcAdN3kuRWM0uDVFlkqVLRm7oKkXTT6EWSkNpUN1sY5q5
+  fkaCnS2emZJGtH/zoCBwVSum6lSr/PGFDdD3AgMBAAGjZjBkMA4GA1UdDwEB/wQE
+  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRaM0cZ12BKgOZkl0kt
+  mxrhi+mOnDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG
+  9w0BAQsFAAOCAQEAIDSTd7lbaCpJDSRae/CZiN89noPLX5EPULSrS54Hs30z4HDI
+  2qmw2WXkspHNDcu04jrD1mEi5CD5stoqw//cCqUQapLNj+5HHuDrjosjSm8roeKa
+  U5PtnEK+X9EVMWtLQQPh1QzRzXWJlXQ5koAwnPEldy15meJaYDV0LKbu61mnkDDw
+  xYAUf/QGeoc6umWClRVQnysMRYcVuxRheV+hd2JHHq6nkQd6eWcRWI7KLxQJ0Iau
+  Vy3QXvPS2Cr8IxWOM5SIImJmKGwozd1MI1S5HnxFYSz9iMot/O+JXsAxy+n4/Y37
+  JsLtsq7FCloO67BsouZCyiD1yUMkidp+DlFQ1w==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUjCCAjqgAwIBAgIUPXOFh+9MEbYSITM1XKvIQvgf0ekwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTI0MDkwMjE1MjMwMFowLzETMBEGA1UEChMK
+  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo3RL5oIQZr2V/umlH4XouKvwiltFU4722TV
+  AbCRzPt/mBBREqldSuDFzdG05YSrPhKfaQt7dLSkVDLZwFV/KgoG+7spqbcxbjN+
+  6nwHC2aNmQqHDurIcCV6rrTB8yeItf/wsInUOCpNCK+YBPC4bqrcP4l5zxwtBdVw
+  uxOjgDIyYLSGEZpkfioKs4phvI9TJuyRIXLHSg1HriQx3deqFlUff8wSssFsnAcX
+  w4COjPj/leZNR1a6jMbftkNSWZ97JkLtMxATzp3Xc3kEWiiIdCO4WOYuKkOCn3Ka
+  Vlo5tzWXhK4OOKM6x7f9Oa+rwiKvRKNNCqSmFGjB287gFXiEMQIDAQABo2YwZDAO
+  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU+wqZ
+  YW7lVOt64grfuZGKRq++3YowHwYDVR0jBBgwFoAU+wqZYW7lVOt64grfuZGKRq++
+  3YowDQYJKoZIhvcNAQELBQADggEBABxrOxdjNYX7R6TR2Lh5l3nGiTk9u5RXDofj
+  f0PLkxuEouMlKGUd5ZItnSFrCbY5A5gBobq4WF1aGjfOmNHGTR6n247VKQ1wWDF6
+  9pVNg6Ofsf88IMhQFNpJxUDLQKWcVCAYYNUbZeUKF6f8n4OPh0YSstNXwew/Lz/e
+  UsXzYnNCkl5Pw1d9rfaGdP61B1+v3YmNzxS7czXSAFLfbFEY2gsHJ26XJh0UYD7x
+  YdAtZsgQIYSnhAWobqkcYVvOJTDYBMNlJ2pShK9iQA9LfnphMLpsZZX/jX3YEvjj
+  0+jMd6Ee7y8GrVXJJlwsd2trc9HVIasUwCy2ZYWORwK0AfLyANw=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDXDCCAkSgAwIBAgIUPL/XyQgomwsvj/MpOFE6x50YB+8wDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjQwOTAyMTUyMzAwWjA0MRMwEQYD
+  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpp0AmFwNFeHAxRO12HdkTA
+  Z3/CMy2zwE9fKoGgSlgXBrRVNUi1VTfqPRIqTRuYQqOb/XSGcrx94CTUiYPbuPtX
+  DuDyGY0s+SG6pmlorl4vWbeIMvM5gLJ8Esf1DWmqXTfbpy4C4sOKe0n2LAkiEe1b
+  WL19xRMIoIjZLKV1jcbeukbu+b2QFm4NLnv6V3qSkh96fyMq228AxGIZCR+QCm6s
+  eED8Dt9a4CWF7xabNAKAP8/KhcpTbJjJr8FqUT8U8rgWc4RrzAjKuF6QLHtBwfXP
+  sGd0AjPhkvm2arMnp30Ifcryqq4JhOTfEtS/YfuKH0ruiR5cJmt7Gm4Lt/oRmusC
+  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+  VR0OBBYEFIvAW619jE0GKHShWAPPwa3N80RUMB8GA1UdIwQYMBaAFIvAW619jE0G
+  KHShWAPPwa3N80RUMA0GCSqGSIb3DQEBCwUAA4IBAQBqwa3Fus93joazQeLTTT2l
+  ynlWvcpPZEhLKz3z2D1o3s0pIWFB+MTRYRxIG/JDhWzfQij1jSncDea9OZ+l/hKB
+  MQMm68P4apu2wCSkySQ4Y1/Kc7/g7OIxNBkYCgX9J+UJ9TsJY0mJ00mISSXljxHt
+  GuZv5RbGsvHwQSLoLL08Skt6qe2olROTw08U7QlSaWDjX0BAqWU5opBggihNz6WN
+  QMC+koEgTbKCveyx+4gla9qvU6YcqaoBsJW24tFbw7X/pA5q+OiNVK559i/gXI43
+  J04ole8q8sx0u8+fXwXbw8Zmlp9NhiHanxnlIuT51OKI2Ui7F6Rf1fJ9Ir+pLQ46
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSjCCAjKgAwIBAgIUOrPCKoVJ0Cb5Kjg9rZN43n0N4KowDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjQwOTAyMTUyMzAwWjArMRMwEQYDVQQKEwpLdWJl
+  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+  ggEPADCCAQoCggEBAN1/1OJVjY1yxR06cdlcSNj2GNQ9Pb0cI6/tPspvxVfMNH9v
+  WXL4n3+2NAOX4lJmkaB2bMZBl3co5PkJELsTLO1/4ZZH9yP2QKyZNVuWZPz5wfpR
+  s/hEZh3dFzonwtV8AdnHqppqSecj1VL+VQ3jaDMQ7FvSS3XZ7IYejbUAKlWQ7t6X
+  +xVDBJJd+mAVfU9HpcPZPZa1OfiZiN0gL/LXCgNY2hdaMABz8myMAPusyuxDpQAn
+  28/Yye+pAfToCEropHGZEfJOrdgtQsP0bd3a3zu6tVRoeiQQBn3AYcyYzSJYFEmL
+  FwbehL0KekvQn6CXa8gHtMLy6L9yvX3DBuhImGECAwEAAaNmMGQwDgYDVR0PAQH/
+  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFHigYePDM9vCks/F
+  oyR/jNHAlH6PMB8GA1UdIwQYMBaAFHigYePDM9vCks/FoyR/jNHAlH6PMA0GCSqG
+  SIb3DQEBCwUAA4IBAQBK1AhrXwOLXWUD4fn3i1SetYETUvb3Mu3qqagqPPOMRTWv
+  O3K5t6CE5EJH6yI+tcjriHfarey6h0FdJ4HFuqtvlMhEK6pyCvxNQC7W1tLgoUdt
+  yGLKfUXASVP0EWmwJ9gx72qm5cG2Uzuggvhl+Q4ZvjhNIHt+VjeFxzUgjHLvLym2
+  I272egyHzewplG0TG3F1VVjiilEiYP1Hr+pn0rwTSyIocysgiHFqV/859aVTzxeF
+  KaqDC5VBToFYrQqpDJxqMfFSJN7F3S2oUdGK5f9dX3FAgdVrQyOXEqEqznqeAB+W
+  ggW1v6c5imhEhFaVdqQXJx4ujqMDuLlqTr5LFrPz
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVDCCAjygAwIBAgIUVJfxgYGUHcBl7L/MZEWKtjEOeD4wDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yNDA5MDIxNTIzMDBaMDAxEzARBgNVBAoT
+  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDx8kEN7bJVKbJxiCxzBlxoXQB/ScTTyLXl
+  aefQJLx3tX/6VTBCnMlEbl1fgolnujuxn5DHb4KnvZ29YkAlfafmw25iARNKpgVv
+  Q5EUZZHFMc5Klb0uA/2SSyXi/M5uzVH8tEuay9P6iyPeUZp+cpCx/PcLerDL0AzZ
+  PL9tZhbXigxzWdKXwmxfBn3l3OcgP0SVONvNDvKiIDkj0VdOW31Mfn+e4sk8mQ+S
+  IUeJbJwY+VSy8mANcUZ+WVSC30MF35gMvaB6+RJkk6akzmzpv00KoEIEmA93QJ+W
+  7JukqIUP25OmGbw3O3hTEwyqgEQqKhVwiZRLBmoctsIcxxBEqeTtAgMBAAGjZjBk
+  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRk
+  og4B28If3kz5RH66owjWIWRnPzAfBgNVHSMEGDAWgBRkog4B28If3kz5RH66owjW
+  IWRnPzANBgkqhkiG9w0BAQsFAAOCAQEAW7346oJ6+wJ7JsEd7M6s/A5lWA4BwBb3
+  8FNaeRjpDQl/tdZhF5Rv+t3R2cWPoB1Z8+EEZy11R3oRXraRAbzA3B7Q0oWrgnAp
+  /Aii8MUo4aSBS5ycyLiIgf6yRlyLedZTIhIwvJk1LJWMqFc0X4RcVN/3bwae/8Y8
+  kZ9o2s28KQkuk3ZnzdvENK4QiAjb/mkYDnhQOFBYjUkge9FN38KVSjUccR9Xi5NO
+  DV8UVBGiL8NumPI9tuBkSe1Ck0YRpdRzki8Be8E67cNY2wIH5YGU1t7ageti1W1g
+  eNI60d31LPdZt/LEeGkZ4I546biHBa5mQyxqTE06mY5WfK2bjvWzBA==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA105mOFX0ANCcVZrWUbYjZdK5gxjcfZs8Rsg3Ym06pVyx6ti3
+  7FJXx2fLbaDCJ+PREABlUAsjuQotkNRL2HJ7hwx0QssCmJkSBZMA9/zgXUX1Tiv+
+  GN7pyO1FG+y8KCoITnRBCwEU1YQt1aIOKkoPVVnjVmxv6kwBNLl9h1TQY+OuNwy6
+  7ipcqKU4sdD85Qn3wJ/DKChryKdodhnqgosCWAwm62eHOIjLKcIX7IQalC2Vw+9p
+  IxoYKlJC5gewHsio3zz063AHTd5LkVjNLg1RZZKlS0Zu6CpF00+hFkpDaVDdbGOa
+  uX5Ggp0tnpmSRrR/86AgcFUrpupUq/zxhQ3Q9wIDAQABAoIBAGfjzZErcGSgRH9O
+  ClI9R9FPH/KxIVt+d1RUMd1NhXnbQ4JldkIS7YYrgE5yvpzO4ccN2dUIuwEDdz8m
+  IT7c5twgV00Pdj45xidoapQ+sehv5FEHC0Hm9fnc+3bhAV2EAqQQln3/1JS+hftK
+  ifk/6SwvBnJiOpJcgEx3oKmXdEJt7LUAhXMuzboRRqZNVspb7nJhkB4mHDjruNSd
+  zIy7MpC2YRIscBlyCP/AoXu9oKHBNbOmabO6GPjPCTlK0Eh1VQ53EFq1DE3ckTYk
+  epMdT/p85TPcJrkpnhpE4KXvRjypXUeVSwOWSHw0JdXR4T6II1w25L4pOSFDbg0x
+  HPBqd4ECgYEA8HVTHWbOt7wqDOqcNa6vT5jKArL4qpugRTuv6AEqqOrKrropoGvB
+  1QeQkUJHzOWMRqu69f5f1Fw+ykrbTwcUqOpvfTm22sFrkfVT63yzn1EThDgpJU4U
+  VgKnYwop/C/dQmw236BxSs3gGBCv2rHm4/qgjbctDZuEIl/Aa8BMtsECgYEA5Tjn
+  PsyQMzu+L9I3SXglwVJT1164VCGGWa7aVO2dEgCE5cqIHBGDkFom1IPjCnR/ntO3
+  k2cDnpZW33itvRo3PvbVZPagvfmCkz9xYMsebbuBU1dAE6K2bOfb06bBpmb5n/as
+  mbzf18RGz3smcrXo/y24sL2PlPxk2Z/Hgs0nbbcCgYEA42SQLQXEB00SFxTmlH2V
+  nBhJMTQ+pFh3wAEp4KT5yrP+6C10oBhHPUXiGPwtGj8Z4NsV+vuLdC+n0XXo31s6
+  1mKc/DdQDJ9NMsJlkhRjaQ4q/qZ9gqHL6WqpEKfT/IDnJKFhYyk++hanDRr6sj36
+  sy2YF2xaVrvywO778OnxogECgYEAog0EjsUX/OBzqGM5atth9bY6R7xTHEdHMAgJ
+  mpkRvjRXwAzbBNzs4hSZ9wv2auHJh4Ot+KuPR4KJkBtE2Le77uuaGXKyWRwYT/k+
+  Mmvm6zTwTPcV+cvCpGOWaZ8usHGEcK53f4ijx2qflPc/S0GHoz+znl+lLnLw6Vmo
+  NrTK9ykCgYBdueBsGJPbJsv7JvVmhIYQUHalXHrJcztM3PrzE8t/mkUWfNKx7pKk
+  Me+e4znXjy4ybSPKlcB87R3/Hil6xD6gkuphPamMeXnpdbt4em5EkGsTulb0MZ6T
+  +alWN2xROE2NiB0Dmtyh9IGxoHWDpG/KjH9e4tCP8khQJi9W0yfSQA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAxo3RL5oIQZr2V/umlH4XouKvwiltFU4722TVAbCRzPt/mBBR
+  EqldSuDFzdG05YSrPhKfaQt7dLSkVDLZwFV/KgoG+7spqbcxbjN+6nwHC2aNmQqH
+  DurIcCV6rrTB8yeItf/wsInUOCpNCK+YBPC4bqrcP4l5zxwtBdVwuxOjgDIyYLSG
+  EZpkfioKs4phvI9TJuyRIXLHSg1HriQx3deqFlUff8wSssFsnAcXw4COjPj/leZN
+  R1a6jMbftkNSWZ97JkLtMxATzp3Xc3kEWiiIdCO4WOYuKkOCn3KaVlo5tzWXhK4O
+  OKM6x7f9Oa+rwiKvRKNNCqSmFGjB287gFXiEMQIDAQABAoIBADZRi93S7NlN1IDj
+  ZoIPMNYt39llTeNbQMLXhfJtZKXIU/K83AEX9l7KuTKCYVO9BL/5hkTNkFuwI5ip
+  RKr6eMx+a8SoQlCcvlggnGL3xVGYH7qzh5lMH8OWbUaoSrsDoMHxn94cBsPKxsJO
+  j28ij8Iu2gxDxuAjHCoRZ0K2r68dEQrf/eZkgIBqpvrsLzOxfu6Fck9D2phtj6z9
+  /sToFf9ICOfy0PVXfHIJ0Kix0vK+hL5bPA4daxxijdkRvmprYiq5m8qi7lVc6TVX
+  czAx8bYwWA1rnFeaNg3kG7fJ4B9y4nZ7q5JQbJU9CJQ179GY/5y6wsV0Hvs6hnvp
+  2mwbwUECgYEA3NYqSoBhgHVQqtJQFXafVLlsS7LLpZFV81e9XNoHB/bT3HQKoVI/
+  B+oKSM5xkcNyu8ZGWsjHK7e+O5ewgYaZlt00+lcppjrWdsl4/oj+bXvMpGqnZ0qu
+  MTV0wTnzX0HeD9WL5fekhD/ihK3XhkHYXF1ZqxlNkGeb04IOV4pV5wkCgYEA5itb
+  1KRdMDY1uPSWSvYYnyWTG2Z7ssma/CyDXTDWWJj8f1DeJOJzt9FEokIVmn/4Enr/
+  Ba4EEU/yv66xUnFNtFYjB9v2ED+eGr0Jy8P7xdbpzPvi05BfTqR9DAPyzHJM7B04
+  FpsXt1lreDbhLzPyEK73vO0WMl6wjKaJirqJlekCgYEAxpY4laJ5C4FztwlFRufT
+  Q+cygagZBZx6REfkW3kc1Yaa4iXf4U4KrF1EPlCXRFMT+9PDNKRUpvWmtgQkj3Ww
+  7D+kAnMbWwaSEWP/0DT1RxMK5debDoHTvyCpC5HHTyP2QxrvoS9e3CZu1o1VwL+5
+  huXTWs94NqFVOZA8wW/+67ECgYBG13OFKC2SaCzyxzz2x3XejccQOOO7rHdqRB0O
+  criWPkgAu5gTzCsHmX5BXoudqONmdLrHOb8AwRWaz56+HCdpaNWRVq8OYzY7TpGU
+  SLbWNoZxU9mFejsLTm86YoC5UjjAt2GK+6M6CGiecG2whJFtdxzC5kndqO037Q4K
+  R82O+QKBgQDI/63n3PhtnnaayOME00djusD8O4kAgmNQYy+WI2ORQn5iX1bzB7tB
+  ePe419KjX19S6HFM3vw0rWSZcdp9VBF//6oPADe/MXPUx34HXUtFAD4oDILd2Cb+
+  frW3JhadxINPr6y57NB4Gd1R6kfecRP8/C15SYgx5JLIQS6bCFUpCw==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAumnQCYXA0V4cDFE7XYd2RMBnf8IzLbPAT18qgaBKWBcGtFU1
+  SLVVN+o9EipNG5hCo5v9dIZyvH3gJNSJg9u4+1cO4PIZjSz5IbqmaWiuXi9Zt4gy
+  8zmAsnwSx/UNaapdN9unLgLiw4p7SfYsCSIR7VtYvX3FEwigiNkspXWNxt66Ru75
+  vZAWbg0ue/pXepKSH3p/IyrbbwDEYhkJH5AKbqx4QPwO31rgJYXvFps0AoA/z8qF
+  ylNsmMmvwWpRPxTyuBZzhGvMCMq4XpAse0HB9c+wZ3QCM+GS+bZqsyenfQh9yvKq
+  rgmE5N8S1L9h+4ofSu6JHlwma3sabgu3+hGa6wIDAQABAoIBAQCitIyiYx4jIBM3
+  JQe94Oh3pcAwoN5uu3/VR2kgbzm0nZR6fgzeA3f4L/lSC531wfYYO6UDuf4XS38C
+  ZogIkRVqO1h/OpDWyjRBHlr1kirvhkC2kqh15vDP2L/Dy74DRnHKuWu4G0i2B/8I
+  VVemORiQpbRU4JvMuzDzgSsY1/wBYRPzXnVimoXLUR1B0r32WluO8Pm5aCXuzxgh
+  Jhkqr53MFC16eewOyhrfh6GZOaHORq24pvOl8kUvjpqsqwI7fDFx7s24r+qaZcJi
+  JnM3YmT8J/9hSRRM8FhKRfdXxJd0qFca6cpHKAa7+pJxPoN3zR31DELg/latDXzI
+  r0GL6KuBAoGBAOjNJSEnmLAWgQWH65bDC6LXJ0GZJhD8iT3v1CcTHdEJupW6qT/u
+  t4Rm11dZA6+reOFhDFhA7UD6IHxCHGjUZgSX0l1GKLsWZAW+2g6AsDqWDFwPC82X
+  CoJbPC/ikWt/SyousrkuEnAVAHsKP3aObbbFuHSSNPpHx24g4HY8LvxhAoGBAMz9
+  SnSukD2ifzSoHp1NijzoDHR6H25gJirxIHhRquzJTPXouLpeNllP18CLDO2XkgQK
+  xy5UTb9qQ6duM211UJyzXHqsOTARMvM2eU8C++E6YV2hZfOoNq4dCisSVtlEleZQ
+  9gy5SMi7D+jb0Kk5pEEy8/hvwX5Ygq1tr9M7EbrLAoGAbzWIliT/OKcXbVf3v+Ze
+  yaR0GU8asySgPxkxRJVKOhCmtF4d+e+EdVhXaF+adjG4phmhNwuVCuQx3ooKXj2Q
+  moMYN/yK+oyArYn1StZI2UPSlauOXODZYVpKDynxg+OkOXtjXzjWD/rIZv6HQJBb
+  cuNS8UTiz+i4KTDFaVXosCECgYEAiaWfpIA/XRPLhSlK/We+5q0PB/ulNXGcz4MA
+  wapdMwjtA8dUm9h9eDVz89erQ7NemhY+r25ukpUhfsEyCVMYYVDTTZBuCkfSRZyT
+  kqm3RwLztHKXSijvJrVbSZbT+KrkWTaOMfcM17U8tqk8ERYipKE5T96DOHrorNoV
+  kap9ekcCgYEA5vIoK83A4VOcgp7BoQXmH3+LdntebT8+9hP2iO0EHVF0+s3UZF1c
+  sGfaSKyX+zVjofWnBVwT97VPBlQHMKjyN8/UYqjGmmLaN0eWoD5RwlIy/Jyv52/Q
+  LWgXISDY+UGT2P5rEJ9T7C1JK4fTz4ZuWCMO5Te42bsI0CNO66krotM=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA3X/U4lWNjXLFHTpx2VxI2PYY1D09vRwjr+0+ym/FV8w0f29Z
+  cviff7Y0A5fiUmaRoHZsxkGXdyjk+QkQuxMs7X/hlkf3I/ZArJk1W5Zk/PnB+lGz
+  +ERmHd0XOifC1XwB2ceqmmpJ5yPVUv5VDeNoMxDsW9JLddnshh6NtQAqVZDu3pf7
+  FUMEkl36YBV9T0elw9k9lrU5+JmI3SAv8tcKA1jaF1owAHPybIwA+6zK7EOlACfb
+  z9jJ76kB9OgISuikcZkR8k6t2C1Cw/Rt3drfO7q1VGh6JBAGfcBhzJjNIlgUSYsX
+  Bt6EvQp6S9CfoJdryAe0wvLov3K9fcMG6EiYYQIDAQABAoIBABajO/St3bu5ISAt
+  mvkmD2PtMvhuEeND/vm5+5Lg/YBNpIfpr3CqrFJ3IrXDTiQxy2xk7hUNGxfYnB4/
+  qPAVs5/KVBnx3PZV8qIxPlzP8B5SwFp/Ay+6fd1LfVY6PhVniSDi4TLK7iaraOAE
+  kljLBxlA/4ca5Q90aFIEyWLYU3tPFg325nveaKW47dcMKWpaIVMlgaI5gtotNPqK
+  KjtDtUCZ+uvgekDTCBpkC4xgqth3Q6n3oFn4O+q1g5kmSiF1mx/h6G7v/fd1xWAe
+  kDHiX2VM5eHWrHofuG/MINgeE5mtPNCQIn1MzFxouDsRaL2a6lXIdF5YYeNwCejf
+  co9lLkkCgYEA7UrHDM1/pAX8Bd9jQk52eBwQqr/15YphgKjlPhxj6ZgqxSecb38N
+  r8qOxpwYSbAAJpUmOXB+T1iha82XWZDSyEqq+gHcgpk++Ex6JgaJ9gRz9cn6vo+b
+  Q+9ALqdi/R81pfujnemzFh160wrBS7huXrhEIC3nGWqwlujevr/PtosCgYEA7vZP
+  ziVUq9ZkuUMVvRXuntC5VQIyymP5OuTXUBxlMdXYGqzNV0X0tdnclxRuPNqlBvhy
+  6EE2oeu/aiy/KrktnFf3LYom6qyiH72Tfnql8MvKGshmnJdG38aCnxH9ByKsKIWE
+  SgxNsMZaCz8poXSYWduZ6ha8wuDM9CwdteUPtkMCgYBFB4DaR5m/JIKJTs/4RQ0P
+  qdJracZlzRjKLdfqdqXWGY8vpXNLuCFKJ1nbiyNBpHKWxsLE6OXFvVnQG5HQ22GG
+  JLqSWiJE18HKx6ytDS/rIqZ9NRG9h9c6Lwpzx/vy+LZJn+ecE5UmdNL7O+C5X2C0
+  K1SeK9xTt4bBj+LkiLYrOwKBgE8DduPtCBBBtdBkVD3PkLVGwuFO9shhQjmtDVzZ
+  5sQRt4EqfkNLSF0RCpWSFdldWo/xet09IvlrYEGVRii0TlaR55NRSQjzyC/CmZCK
+  sW/rkopElVlV1AOOOgarBgVj+5TygQmTA+Vd0MxDOFrAmNetezkiB4xQlLRwGerZ
+  MNbNAoGBAOFCsYWUBh17XdqTdfr9+ia31ucvM3lSdbH0YAnQP1E80k/m+B4q8f0z
+  40z2ncTLBH0kHg6UI5VNzf0xPLTG0dGToyi/TUSxvjfaKMrDo/pI4BYd3mzr/Cxs
+  hfmWvYPBV6+KvF0AH9AXb/1XqLWqNDgHURNNL909RcguEEgslymL
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA8fJBDe2yVSmycYgscwZcaF0Af0nE08i15Wnn0CS8d7V/+lUw
+  QpzJRG5dX4KJZ7o7sZ+Qx2+Cp72dvWJAJX2n5sNuYgETSqYFb0ORFGWRxTHOSpW9
+  LgP9kksl4vzObs1R/LRLmsvT+osj3lGafnKQsfz3C3qwy9AM2Ty/bWYW14oMc1nS
+  l8JsXwZ95dznID9ElTjbzQ7yoiA5I9FXTlt9TH5/nuLJPJkPkiFHiWycGPlUsvJg
+  DXFGfllUgt9DBd+YDL2gevkSZJOmpM5s6b9NCqBCBJgPd0CfluybpKiFD9uTphm8
+  Nzt4UxMMqoBEKioVcImUSwZqHLbCHMcQRKnk7QIDAQABAoIBAQCBu1lgo5TdD2es
+  cs0KvF1uZHfwyNhuiw/lvJzdQeWA9uRxkZ44CaPuOpN8tB0Dbpu1iY7zMXrIgOcE
+  9prYv4D5Ps+AY305qL3/RCaV3kSEjUlFOvdepisgd4UQKmhyh0uwCekETskSbetE
+  uVLy/HFTzwWUtSv5jUxma6llerlCxqskj4S2TAo5B+DIwa3oV7SEb9L8tS4b8wYs
+  jb4ybK08tmVRe/ScAoBALKkClnhDo+Q35jvbZ7JhsEIw/EAAZfNIDkmM8YB/z6x0
+  pQH0Eq13kWOBEGtu6uLRffRYBtf3wv7pcyL/ViqpVZLjoIH40MbJC2lOQzQ94/OM
+  e5wFc3MtAoGBAPPYnhMJyuuyTi+Z4sh6Yh1xzKKFQPZZtXsysmxUnPeQ8VMErk7u
+  H4m/NqJVkCzCgxcZKaQHUY8naUnZ+S25GMJ7gnYSD6SlUT+pv9rFC8qRCrivjyh9
+  lFZp+/OeCtEUo0Wl3SuAEZuzGiY8W3zJtkuV5Cx3lAJA321wdMb2btebAoGBAP4B
+  ZSwM7Fh5055RNEj84MRpb5B/ycTSWzWmq1gaS1QAt6NN0+S0DDtycVtng9vCODQA
+  LYuTDeQ4I7qpfi996BtdP7qZUeJa1dNbPJBI/Xv5mJpW1a99oUmaREvBRPNgswsw
+  AOm4KusLoJrkKf9surA7+LEUEV+6YyW5z94i7PIXAoGBAM1t9N49JcMjWFMp5bDX
+  ycjcknVopa3lLcs4jrBNKGA4r9Ys31yHp/I4MSLZyriqth3DiR0zPTbJER6ykAZB
+  JebSfrpRxPQEgkqMC6GW17Q0NUAaRxTplwqmByjaQGqcZGDMt2NqZWsynBkSSFD8
+  7qMHCE+d/gdX9+MPFpJ4EjF5AoGBAOKDxAGAlNRh8EHjEMl2GcuOaxtlmj2XihdS
+  RsMOz9ZdvWY4ZZoypiXtbQGiUoiLrytQbU1nGqBHIDW6KPmZQoAErGxvhgJiFwWg
+  +2WAce05LMmWXoFde5PzqqwT8rVHquNzL509y6hIejUm+/z4rZO0J5di2guQYBKo
+  naLvanaJAoGAainYZgCZcXNoV5vB9ytOboQf/R8HWg2Z0qxhcvgnUVu5tbOUmYXG
+  I0t2HuwGlYgbF1kSLuswBlu6LXpIUA2T6UmQaJ1Zrs5PJmx7XQkRnOY9oUgdd+gS
+  lvcLepknuSZcS4IgD4frNPoTbIXT02fV1+G5AuudA3dFALbI8EMcZfs=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID8jCCAtqgAwIBAgIUY6zuoy7YspuXh72XlWUICQW6VuYwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
+  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKicQ+yTRkoJGZUY
+  K9cNEioxicHSFoqQexkZN3de7T6ai2sVZrozezTNGxVN/b+1HeT/WKQobnrczBCe
+  K8uMW8FcaoG7NV8T9LwzWhmSQr3HJMQw7YYkYBCAo+pKRZSwCGmzAj/zwdFTxjU9
+  FkD3wT0pPIFCQTn4I581yGafZdYe7yMu/hor77lmkLu8es3kNcoY+Cqx6JKvIw/C
+  eMQFVe2KuCGP/Odmcj5cFRhunf6+Fzm+qFolnPn0X0MQ0Jb+/kH47KdqeFan7QuP
+  lBfFunGq2cMEAabg2iyrhGOR5gCW+cGc27qp5D1Wfwq+CnJ+Oe539EZxwL7lr9PT
+  aAjz5ysCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUaYFal6LY
+  wOcJBe9pXLnxR3kdvRUwHwYDVR0jBBgwFoAUWjNHGddgSoDmZJdJLZsa4Yvpjpww
+  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQDSmMYgqN9Qkq+Y
+  JUEziVz+MjashKirjBmWXDW78YT4RajIiKQUgnnrkdxMdVLBLa+XHcjnsziwOsZ9
+  GRF1T23rqpvSdLDWkEQBazAjysqzVq0vVZEJ6hadfoz33GkXLBKFS1F6vXPcS1m0
+  GtNXlmNkKVrk3tMZ9R5MD1RfEjPBeHvvyOR8gh8f18EOqmvWcfFzC6zRV5jFnDkW
+  kfWI0l/VZ6cJh+jUSaBJI+AMXpw8s230KclfURrtyL14ulLXHwhAupLj+HIbnz7k
+  u2UpgUTjHfieJY9/q2UZeLbEuLCDrGT9INI3SAVVmMXcmjx7Hjr3Cye2TXBxpp4v
+  LktPZyr2
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUJbMAVW8nIBnN++wycGzsZB+xiIAwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4GnbvNgDR/cHgqgmhCXtyuRICJoPV
+  TVU5rHNrL8SuYpbSoNcrl1hJdbYB6PpARon7LuyhaWJuEgGKYXgkQQ7QwPLC8O4H
+  78nPKkYfhsTMlQEdmaJO958QlakDnmxkGaX0QwBdx0HSMaPE15VsqXlPh3srEt2V
+  CcN1j0mS7kfbuXJ6fgzM8afel5z+gW/yp0rIjnAj9MIG20f6tpX3KF+wB+EKJiem
+  VpxhJ26JDE6Q4Las8mE4AcNJCw6/CA/0/V58w67Uv59e6b2EzA4NfDvs9N5cc2gL
+  EV56ZMpUQuBaP8Aorir+GN58NWv5LQUDZI0RMHAwd8MHdhcbgRpddaDdAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTI+A+b+/KlGp29DR2VmboWjfwq
+  RzAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAhommF62uJp2AcHmW
+  43XUg+hCI7AmcndtnJCme2/XjWPcojneJ2o3CFHo0wpgW2B3hPrypGuQ4T6+rZXT
+  179BjUO5yTRuc/Tx5Xk6PtYbAXcD3ez/nodQfyxhBIuUKvq8ON+0o1qCYNSQbPZn
+  ULUi49k/ONmWc8lHOx+p0UZH7HDPPybBUBrkUvy208MHjvPeOJmcPwCtWaJSwe2m
+  GyUFDO8wbn1S+bNeXUEGfFPp3bhqu0zLEX/MZ6DqoqHqcu8HMeSDuQ+8ZFnR7WaQ
+  +8azLj+PBaIeIybNuNfp7RBattgmnFDXiyaFROj/UqU646+b/MnnetUSF9H0fh0/
+  84RLJQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUY+VLaTuWchrs5fudFJywl4KrcDUwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqpLC84cUExAIqC4mmfIvl9wsXp18o
+  7xc9PHqey+xM8f2MuBQDjP8lgO7gRo7pY0rN+5DoDFixoqXBUybJs2ebs05yTIX+
+  Fd0np4tAZVAXghNP++Lc7a/sz1gKnsyk4LKEtowWF2uGP0wAtq5IUeisaWlpLq1X
+  1pFX4myV2uDKCF37e+wWs/L6WCM+E5+x6HHbRWLqOM5P/IwrdPuPXCPdOEBhn6Rj
+  YiIalHrDNHGUAnZ/le8yAAY7pmhNUmJhM3fyUdCBFEd9v7/juka57fNVPGPVsPlZ
+  dGKZaFC3jqlPOdGeKUFd40nSNJkz/KRsw5fUBGmRQzxaYg+1GxH7DSURAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRvmQ5O90PIFB4HTE2BeS3VxdOf
+  JDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAtxPKkcY3CIvfzr+l
+  k1K4xCvDuGJIvFxbnftTA3G4uJDav+i+9FG/wt9KRXQdrvwp8abdt7O8JdlTuKqS
+  ABkbS2dcJ48qd9Y0lzc3ijniULOtK2IRalqGccSRzrfog9GNkVh6uySl7qvPYtp0
+  cB0mhDvJtoN7xiucnvmPIQcDMNz+X7SXFxLrDQ8q5i1pLTzrC0cvKBu9igkxeQzm
+  rc0wjRANxnzXXRS5B7lXXnfM2kdL6t6htAA5NhC+vEuUaxr4iQGhSnzvBWMF+gQF
+  zGmwmD6Ze+/vHShu2TEfJ0ADsjdeFpsM/2bOSDhvZqQgDbKEkEA9CTOr6fx60KVj
+  AujQIQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUS4ybhWAn2ul0kdRon9o0Gqcj0dUwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTIwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDid3ZrOh36OIIYkTM+8m49tew+Tch4
+  DyBZbww6+1ZIpD5CsXf2kMBLmoe5lDYcjMPWfigwlX6AjLrOJTBnibx/SGwpKSFv
+  fj1VtVi4RNw+KcGJPU5MO0o3Kvai+Ch4kgDm2z1GuKmkQN8lepTS6qeNTKKc9LOa
+  nZkxBcAz3O6bmFZwAHlO8+Ig85hl+wMejF/BKPRGAO6dnLS7vDmHV2rIA5vTPzeD
+  oR2SKPmBwkf9U1kt1+F2EBOBv0RcgzFIrS+I4WAWNapI9dEiKu6e8ty0lQkxp4vH
+  CBkxpitBzQrYZvhJNb137mbzxjxK1bzsy+JX1UKYX2FaoWoUWjm00s7hAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSfnhRZlVizKtR+6A9A6Uf/gCHG
+  BDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMocECgqsFjANBgkqhkiG9w0BAQsFAAOCAQEAv4vdBQJDZ2zBy3FH
+  0JaVSwQ0BaWBkBkj76sP5Z1KYLUy7sV/qf0P2QHwU0oi9ZULhtyxrheAWBucbW20
+  ZVZkVF/hH54u13WhQLx+pjy/aahm8lvpiduf2Xr8gbFY6MVLCoP2JroZoTlZGPFJ
+  CL1mZBWQ18GfVUH4k2Wzbofp7W9ei81/I/3cSvq4HvmdVeehNORYL3VYbyMgWmAN
+  VnyFXYpp7FzZHw6UdnIol5fmXH7QG+9ldmYGT6URF0LlK0+ThbKwERtBUULXn1ys
+  HJSnywhPbPu1R/3Y9Q8Nii3HULGpqrbvKwUQ9oaOzMm0G9EY8UbWzkztfPEW3oRV
+  QGF7FQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUQaJdvhhNGVfd6aKFeSt5QKyUAFgwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTMwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOkfuOqtogUj+IVz27FIiHapHuAxK
+  +yVEhjjlGl7Pv3NpPw6jJWcIQZewTMV2oc44yELnLL4Nnbv3JuKaXTM5EmZKu9IQ
+  i+ybDLqRRXN8Cfpr/nf3FrqKffD9SHC0vUIH2YVC9nblYCxZoJ8M8uzhnu5F1MzO
+  T1ROrqno98W6etVJ9fPet/CZId5wztJcRHHRWlHqY2BwO39MpepZQ53I9qByKrLS
+  g4TT837MWCEIEXL5nRkzoKPJKi9KZQf0/eU6+BArpNNaQvwDEaPo9ktaJxP7cjEn
+  2jSOHFRbirL6LsO+UoI+qNCrA9OArP+QBT+wF+89XkGLJoxgKqe7GZlfAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTsvkdp9Y77gMsZAcj5OqrdKehs
+  4DAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlM4cECgqsFzANBgkqhkiG9w0BAQsFAAOCAQEAL4dKt+X1UT2ONUni
+  kiEiyWpvQOPycEQY6zvONYCLImM3Ska4UDZ6tK7tG/eEqzju+jNPdlNQEKBt436W
+  HgPckPHxD3fnsj0SgbQ6JHSBaU75qSXFSkTxG4na4acQetoDpYdYIE7Q6mqjUYEK
+  /CzVLPG2AFSDAntnmQjWc1hTKJqaF86gzlrC8h/La9aoldsZMprQrNPMSYeJe5O+
+  SltKx8rcYMtv57tYevKKuADUzXYS/ZcUzBMU+gcV5pntFgnl59NPTn4oDmEqHZYv
+  CUjUzMh2tBCxGtXvpxaicehCbKyYbLr2hh0wFFCcRKMUZ4L2Vay4yBuPMGzHikGC
+  ing5Pg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUMfsgZ5GHfSJ1o1vQY06+DbK0yKwwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTQwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8RE4jZkWHyd+w7JndS+7LkEwrGmly
+  0b+U/d/hrZdC/x4IZMr9OvPTTtPpVn1R8lOUov5dwssrZ8zpSJVNmowVLB7Z01wF
+  AxxAxUfFUBEdzoA7GvpcbqTI8SUHfMjrd3PYrvFgYidsTkAxBYfC0zEn0gYaAOfl
+  FLlLS36csWJXun863o/2A6dAQbtZS/3zK0lG3X+ZMSEd+VciWsW6kvblTVqydewu
+  c7mNSj5mKW+CxL+GZ+aZApE1xGZt7eKZGm74kRCmnmWPa/Gp1aLUnn7L0uG9kmQj
+  YsDIlGk12OvAmAr++bhvuR8XszlHj4ruGaFvLdm09pAFEnTiMq75rd5rAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZC7bCPP7UuV3cPAXKe+ET9j7l
+  DjAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlNIcECgqsGDANBgkqhkiG9w0BAQsFAAOCAQEA0rde3nCEuxbDznCE
+  tcaIHDyLJKJGoA/Yo7jxmYHCSgo7CpAiVL+f+yCQZ81gKyb0xgWd/gQvfa5ZhsTX
+  1IQw/8XBE/qjaLZfsVGkR3I3jtD3GWSG1xLx9jnaxOJuIZtxTG16JFRwX9f5Zpbn
+  X406rArVnw5brHF+In7uagc1wsffIVXrFm9xfv/e8PqaU/x/UU5onwHkzVDk+Oez
+  fTZPjx9aF3k3p5IKIN05li1HNyppnqiILayJTNvhga0TzPT/DxCM+pCzitbhWE9n
+  b1gwwVZZPPHrJx18PvWcDaSae4uOPx/t8LTAumpF7jXBoXRADXjU/R2N+jWXFyrW
+  gkJWgw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUMo9BJfD/2nc+Z4U/s9+9nFab3+AwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTUwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0n2GbE7V+KzIiq3adpd7oSVYzJeR+
+  gXUDfXqOrxuGtwFkklR4LmFMnno4TNh/xiv6t/kPrPDW1K8YgxhtVU5QE4vU4rBN
+  GiT60rnHGMDtepNOIoklF0THJmOPQ1zMbMivVK0imnPNEQGCQCl0bb68PrSoZTZg
+  R1YGNHwuNvVJMubLjgiHpFgIrADb9/AlVDsoSiVUI/8m2FQKpAcjhS/yL21aWGTV
+  dK0ddN1D2IjyUq/AyFaAAc0qZDbnWVQ5YVf8TCirNWoiR9uLPAH3lRONCNHMWp1N
+  W6i8wxeW13WRfQNwRSCz4XkrrTqpwPVwGelmGm/IYdgo+Qd+rR56Wp6dAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT3PeuL49Gx89TnQj9wgmwEqyGP
+  5zAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlNYcECgqsGTANBgkqhkiG9w0BAQsFAAOCAQEASFtX+vOtGs7Eb8tJ
+  F6H+KDrPWwOtWRXxJDys+omRLXtsIrepCE/qrXr5cl5DKOV7f8HlfewHO5eqV16Q
+  whGAOz0tLvOje6LHuAp6xXDxabbWSit6864ro8TbQLkf453Vp4PrBxkIlxSkmrTG
+  CX0Iu6q78tdS2dFqBWN31wUKyXK+xKXeeKFVMvoiVK/SNo44uYi9+OKVvbdEni0V
+  oActentkNIbJhwNpgQyFdmWW17BcBprx60aZQjJVGixaLh78vbqVXUeG95WbtDOH
+  CVECRTd/sqsXGMQrN7SulGr2zU/Y6Vrcmo9UcraePd/EOHeR5QpDFeZhYwA6hpAT
+  aZ9HqQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVzCCAj+gAwIBAgIUdANeJE8ljUjmV5Hp65SOSeKxaOAwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+  ALWjoL+bP6neihd1/6yhLgB30pyNyMHIWA4HSpxln/7IvziZY9XH1NuJ3ztFgTuB
+  riAg/jYEjqeK4L79BiMv4AxK8cGSCYcRZzLfdq2bJILsG+gQqmYvMaiUgx/yDMBv
+  2YltX5InDK0RNj4/oeHs+eQpkw5DA3k374czdhb765vzCJ6kH7TS5aEl+DJjrFLX
+  CuZviqHYTGGKcEQaqN3F9oPyec0B1YBDsHiQet7tknW0kebBK0xEcHBeQRStiz25
+  kg0n1I78dmdq9HQWue8sPxe+VKLWPblKTvZYMrgXPjpNiVXACtUz3ftzUaOvq3OU
+  Xi9GhvgeNwsXEsTd7zCjFFsCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+  BBQtFWNeRnICxihONdRZOBHqBGLWrDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0kt
+  mxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAWi8hn0bB3lpgs9AldNGECvvqttOI
+  myNSR5EPhz21ylaUJl7fiZKYK2X3TVZ1wSsYBERYtXxF1SiKTWg9PoqDseF5o97N
+  jRNujC7w3mM9JKZo4vlZT6dbY7KBxSw2PwA7IcUkSbU/wdFpCdHALT+rJYC9Px1/
+  ZBzKeDu8HVik81cdOiH5r64qZ0YTzIYL3+ARnfiCq5f/XdNS4L8c/QFoY3kbzUHN
+  /TzYGkSmZucGhMP+nuLMyWqh4WBr+MuYCeSn6fxPArWokkgt8918YS1J66mAqVpS
+  5oQ2iOaA6Y1bs9lKUb4+bdDOF/6sU5fIzekUtm8OGgOu/Dwt2ej2sSSBWQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIUIBIki+x+3WYc+Ojs0hPtefTRRlMwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBAK8+fcuOH1BiIZ9oNhSWh/VxNYZQptOuLsZ7l+1o0/OdXBVmDNEg
+  LHTT3duNPgRz8d0FoIeEr8r8SbJC6YgqnRgT7icZBmy6PRH5qCCFXm+7RW1nbQCe
+  AQBjGaQ99b+Jg7mH8Gkn/bU5/PaKOsxtbISn/Z+qJ34CuVks2HWQpjgBeb6KPlsv
+  XH29R8H+ZDXI44t7499opZkyYDMNi75MXGdDBbjaTCZNVqP2BfrdDZ5S/DAW0i6E
+  +gcydlr92BjhSfDXJ3MXF+JHhD00slyUfmp6OYywlNdK6ZaG6G0bWYvxWWXm0ib6
+  jHduUDBIfBPZFWMIntLaTaG9QHsDONbRfjcCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBSc7Kr5cBGsRfNZx/J7h4xuas6LpDAfBgNVHSMEGDAWgBRaM0cZ
+  12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAmSAOjQCEtfUCcyub
+  KbnVzvA8A7OEFhxid9p70l9wFaAMB5sA7hhX8u5ERfcRtBNK51sW6TSuqAT29amX
+  PWykBeSglq1mE+jtyiUoknXXnTMIMoGHC+oR+2bfLqiOOCcFDHVWptt1TyANVACl
+  0SdQvHUBBdiAyJ/2CaqSkJ3A95iUPZsAuj7zJa/0g1WFFhDzTACN4TKWgudLKISt
+  aSNegUJHiIh+5pxl3GH51CU1rxdLC2TI3jrz1snlTxQLNJ7NMKbHDHDj20dElf68
+  65PrT9xTiyxghZiFANZGMuT7aAF2SIKvko6nAu7mzIOPeIFUi4Xnjd5huSFqnlat
+  WvV4Zg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIUcC62P1LOxZR3gRBd2a8vicle1o4wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBAM/1/HvXestZlloGb1hW6TJ/SLcWkgbHPkobv8dsLvD7jl7g19Zx
+  IAmIlBJmtWe8BWb8L5UDSEUQ3YuwGQ4nW1EcJLS7s+X0X8nw6iRWERr1E+qwNsix
+  HC34W4sfoN2/aZLQWVhr7U0Lj8htrnNWwjLuSCWrVki599bXZeIYBqrWEst3kFqK
+  sJrcvTfhlk+Q2Jy8uFzF73Pqf80TAcWBLuwAp0yc0U8I2/pfkO/vNuzIes8KMbIW
+  dg97celLiuvc0faxKBFH8BTFa7D21WQPyNeE82h+LFg6Z+9XY+bb5mP+unNxVC7T
+  LALbUOAKGv3DR90y3wfZezNiyXtQyoJ6qRsCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBTbkpexepJLkJJrOZBUN26bptUWVjAfBgNVHSMEGDAWgBRaM0cZ
+  12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAmjPjiRVuU5fLxdXf
+  pKQkvUbpdiJ3e5n4IaP3tlO7oZBg6xSIDQ2vcYgIVtMvmBu0FtPE7lOjW5a6e77y
+  Mn1qWLryiqvnwNn38nN+IEwkktLVgcbYxUxNqA8MYx6Grj0wTj3o/emDH9bW0Hvo
+  F3e987CgNA/B7UdOtbY1ni+SzGX2fT5ZzxarhUwOmAEzoXr25SbU6iegGWx5xwY3
+  IWhPq+ZtkD6yz3yL6G5IpWBxMaJyHhEfZ+X/9Z9tZtSURtXApiJpnY5a3Y8jLvni
+  8D5YTLwODCQcDP8kDgfQo+kupYz2zZMJ20NoUuJrxBL4iFBys/MIjNo41+XlvGRJ
+  +itGpg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYTCCAkmgAwIBAgIUZmcwpoYd+/0q73sPH/f8rAUb7FYwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQDmCkPOCT230f9da6ZctuRYJs3t8qgO33OQsVPKamOKkTQnrAF2
+  A8jTQgD8gSYmORFrnrtRmRwXDm4c0Ff1KBogAEVersHaZT3dhsL+ATSONsvixMA8
+  JEW8P6avaUP3ZJaQkgpq4WG50VAsR32hv97QWyOYxhbovuKHEtxOPAHiOev16Knh
+  2VqHpgoa1btXaMTlWAJa9eX++pY5TwIccGwdLwTB1dXnEs9Ts/5M7RXaJLKLuSfK
+  F4jWAkjRg/9RXf8ZqmQrXC+bS/cbeFbQ3wPMuPSKnjyX+fflISisMqAuUVrQC508
+  NS8EBdERUzwelzHad3d2ekvO02OI2fvL1ZkfAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+  ADAdBgNVHQ4EFgQUJ4vrlNY68btmrQdGdH2veBcAEFwwHwYDVR0jBBgwFoAUWjNH
+  GddgSoDmZJdJLZsa4YvpjpwwDQYJKoZIhvcNAQELBQADggEBAHm9ITTPb2ISBeR0
+  OywVEVmCnKGAvkLJZ+xzzXAeiRZ4EbKAs6RBriD6k+rNzZsl7n8pfAZcjQjoteTq
+  qga7qAtskU1YWYNfZt23ywzDGWSOFHW7I+PyK7jDXWTMXLfEvlMBCblITOnPg8Dv
+  z9NB01PYDIWZ4UrVdDvqBe7X33UW2y0rfKjEpsbnwxzWhJdWVKcu1a4mSWxUMYwj
+  qMEHmrVLxo9WkZYylDxN/TOQVptPRee8qjwvDdslJbw+GZGrkpJ1g9DMpS2o//qk
+  puRo9h+GfRpCLXlqdEqc+BoklmEZpyc0ZXKXcOy6d7kadEZSH49gvsgBuAPQPp1f
+  aXVztl0=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUDCCAjigAwIBAgIUAyOHMCp041+x7gW0UsC76+W6rZYwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowFDESMBAGA1UEAxMJ
+  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQJM8mAj
+  V8nHY0GuLluLDNLzCujY5hPPSeIhY+0hhcgwOrMUG7hQW2+xwhW1otLUCPMz2xrW
+  ACXjLRGmjj3dMA3D8X4eg/aI+yH0BlZ3cYX8VY2wKYEdDdiaworJNOAebKNiQS3e
+  petmVDPO33teqUwKn7JdyuaKjpHeJ3zud2YUKFOcuIzWwfZsurhmU2bMOZPS204l
+  YCPU4T1xZqQ3NPRNOR/g2+z7ta3tI+40LSFmEj3B94hXbIRO//RoWkUeLLqyYKqh
+  lpexB4YccXfaPG1gn7UmUmA1oI9Vm0NHpjGyRj0N9NOdYBXIcp5NItHPB7ovZbMR
+  HltiDw+C1ZY+LQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFiyW/oW
+  i5TizXKs+iGHJcf2UI1/MB8GA1UdIwQYMBaAFPsKmWFu5VTreuIK37mRikavvt2K
+  MA0GCSqGSIb3DQEBCwUAA4IBAQAWEmNkvx72BsS3ybrmlaLcPfoXOQ4J5fdZcV5H
+  eBD5Hlg4E++6wdsoN53Li1lz6BZHvBeKS/C+m5+p8ThSI4kebN0ap1OI9eXaSEw4
+  RMCk7xAo/6DetwnqNlbNOd/zU27u8VVWmRoTS0WuQW6hyklhNgxd5P93nV4aNL9J
+  AHFE8HOALZkYQqdfwdHpVh1c4aJwS9oNZC6iYbeZES5L/GT+GpcmoREb58Iq+I/B
+  gYv2vIZZByyY0q6aBn5albW6bGgQ1Lo3UZlpy8Nkw2Kf8FLI+MECQgqlyg3v4p7P
+  b1rEqXRgTIQbxMVJrfOAumVTlQ0FgjrkOjXq9HNJoTTz6TtZ
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTTCCAjWgAwIBAgIUU3erVbxk5JoPoPSupaOPCn8cL+wwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowETEPMA0GA1UEAxMG
+  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvayGQGKWLAr1
+  a1/L0QTuIPkDK7G6Ec1IOdykJttLbjVCKBZ5DurV0h86bk9tfYJYOY0FmX0Pyc11
+  D7LtJUMmrVv0VeR25Mlxm72JABAoNlRXsLPJvXEIIjk6DyooLwQnTb+Qa1fcXzpi
+  ceUBBKwDNYj80cRsGMHTxMIVkxDEiKM0Vb9XAKaCqmkhqWrgx7luQICboCBm0N2u
+  qrFEl7Z9movu+DlKcKir4GQT/DWZxT68+oQGkT7880s/MmQmkKRNUwf/ViCs6oxV
+  nUrSwsj5KaC1swIWdcfIwySxS3DMeFNLMohf8so1h6yvMf6QrB6Fw24LQrivFvhx
+  /COGQBDStwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEl/BcA8+GQz
+  BtZFTnDDP3pEreJSMB8GA1UdIwQYMBaAFPsKmWFu5VTreuIK37mRikavvt2KMA0G
+  CSqGSIb3DQEBCwUAA4IBAQBVJzvYvrRsqEdN0ogq3FDSad2dtqTzYkN3B+pWyHiW
+  q+dsZt4yt2UyZbeJMoTtCBIPSf85g8KtDjYYxDl2XquOBR96R1WPVyDcUhwOX0kV
+  am/m4SGUyccEj6otwVr0XiZGTjWsGi0Kr5bAlYUoLiYzvfPeWO4+Qvcr5lVZ8koN
+  NJh/P3uPFAAU8QGaPG8OFyPG86BGDfXXKBuRlxUYViJko8N7sOxhVBmoP13rUfbG
+  YEFNA5OP4G5o9KSPwgOd6VKOnKGTsU5a53LeB6jiT0SVHuHZYPBvbhUzvYXQrQsp
+  +zl9N5zYd7j/DIZNH9I+c1F5v5bIC7isk9C+T6gRwfyH
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDxDCCAqygAwIBAgIUHv/dMYKu0vefmwR5xfaMtJmQfPUwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowIjEgMB4GA1UEAxMX
+  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+  ggEKAoIBAQDepls1Xn0Vbixtybe2IXqPUWC+5JrdPZHSKDhEDk+yDcEkK8eLTi/E
+  rLJPyNUuC8S0mDUpufR/OpO87LMgobdxZdMJfknZt74oo9r1tfH6tq1EAezVCMpy
+  wyMm7VWWacPoQnD8vXrD9RbjqByXDiksdSioDQyz1+jzGnFUxDsWJmZSb1yjLoE8
+  S9h+NT6XXGY9AzvbtXf2fU6/6BeGMgyxvJVLtwlf2LgXeOBrpQH/J9jn4lsGazDe
+  s68XRQMNHOr5SCJOvLlsks8sPwE7EzuxibWv/ItgT+SsYRv7h1a0vFGfvUqIaLc6
+  Z08HIZBFogcqEYHMrSR5LyVs6bg1cT4BAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBQpUyWr5A6tBqT+YBZXmyD4doxdJTAfBgNVHSMEGDAWgBT7Cplh
+  buVU63riCt+5kYpGr77dijBiBgNVHREEWzBZggtwb2QxNy1ub2RlMYIJbG9jYWxo
+  b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j
+  YWyHBAoKrBWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAFSUhchQuhaU
+  TLHOr3zsyaoRQ4TXNRYWJGwDYgR+RhyzmKL/DIp/7DFou/4sGqTFsR+bqQgOpdG0
+  p0/FmYXgTSFKSNkaZzmWG51mfy6mdKQhEHeZw+ZnABn6PcJL30itTz7zeDWruq02
+  6zVXLWYiSWtmppqRJltnQkUwqdrDOBQwX8Dh40Nb56NaCZJ6Xc9LuIp2blBNGQH2
+  8y9ccV21FBktDqAwmMJXyvfF2mhqeqhmBbxaRgmcaGlkZhzWx2Umw/2v5zQyvM22
+  KSrW+5/4UvMGOIIJxkRO5UZj1xuow6/szayNhE2b+6r/DAaGg9x4kmpe3ahYYhXy
+  TG5QIhlMe1M=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUJMAodb7+QU61HEMjnP5btUZUAVEwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEA4dhLOL41j6N+qdWkAFVTObTMuqPLdmZw/yVEuoDUY8/TF/Jw
+  dJpOu52OvHRxNi/+5NXarOSrZbF4w6p7QbMrC7hCOBAhoqm6Vgy9ON9i4xThNxly
+  GtFCeRyiJhRA6eCyoA6gyzAARMqbRvswZickwrq/CvZbgVK/9bdJuMD6ehjQ78uT
+  zD2dkUX/ifelGD1/ZshiM+0wF90EZpYMWwPN4VThAmEIU8FmO+PJEsZyp4BGrr4I
+  roZeQ8N48ep/vY03KqoOXzDUMsQuoZaxk8subJa/ZdmvAuS0GtFPzf9s/NruNmYU
+  jaQmYbdB5lvpe9hJQldtPJhcwBfJVN/F8PhLowIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUzjhJCoBb1eCRc/AfeVUm0qsuRRcwHwYDVR0jBBgwFoAU
+  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTGCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCevsfP
+  9TggL9p5ENDNNmMg5md3gSSHwZsBZ9ZxrzCdaFBFy8bSxzt6CE9ngdj2G/fYzk4Q
+  UgLDwpIw52NGCklzfszapomfqIViEQbeHnB8oYCoGS+n7pIjYdMRnO8Vu74noEPB
+  vNDcB/RYh38ARZHCTNbGuPqwcC2TYr741S+lR4aRNJHv6QHpYmqfXs/b0WblPlR2
+  bucwJTeXHsenDiXsevZoxSGRLaiSSXkYUsuoaDHjMd40AWW86aK+h1nY0PFM5IcU
+  KBQsiaRPN7avd9A0kLK4ozTQ8dMIhs+TWIn7dnJNlkziMeeLUQsUMy2yPCrjctEH
+  /1JzyJjzXQf7w+33
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUI6pAybIRlbmXEHaBfpBzVIcdtxQwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAux+xSWNsUUyGLvhlh1Hbr5VFhmCI4biss7irvqvX2eD9Znve
+  bNKDBwv9oTndTI+Y65BZKGnfxhVKfn6RdCx7dgDrslwYissk/xrhL7bZbXqvDjDF
+  aTbGr8ZIaMMVbWC+IMss2cBZKZ8jrTWcRjZ+6wYVWi97a5JA9Ggy9YwCe1FGfEJU
+  SfG3QDh0npdxl07MBQowYADmKJOky++7O2Q8w/paA/Jv40gguUTliJopYHxTyfBd
+  Ffxc20dmFg2VbjKN0fPEnhXapDoAhwxL5Jjknl2QXNMSAaFjN9/aRGfdyR+1lzbO
+  EuUjVyyWB21kTs69Etljwj2KMz/gp4fCyDzPowIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQU6fWNQW4fBLLsnFdbgKKT9RL207AwHwYDVR0jBBgwFoAU
+  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTKCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCqwWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBTL7kX
+  HDfygdH/mw398Cf2CgXpudM8B2LWuAxRhVbQZ2nns06BsT5trHCSVLxX/+z6R+el
+  XKoSY9YEm7cKa1rffVJavcHYA21bd8qxaPQWlTw0YWShbcmKwqRefSPDyPTOytYf
+  PNtVtVjQUg/maX4eBog0rYzBmKvqMGv7IYx8g3P5iKD0DIdMD1MdZOUB48/JDpuU
+  JAdJP0ULCr+i+GeMuTS8Pi9ecFjlZV/t1TnxG1X1tIZjlTXJm1/tQ1VoWOU3PsP4
+  L9UKSwJdTLPj0G7pNTYkGwKq38yro2nzA08Obiil+WveS9nXJVwTX/FXc0WvXpv3
+  gh+cno/nlkrOj80s
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUbiiJWxGEnVn3sODZ8MYbAO2UT3MwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEA7Fl5RnxJmm4r3cdTLkppA73Z4M7kHI6HDFsmjLP4C54aWcrb
+  zAw6sRGjsFPT4Tw4HzuHpC4DV2rFCZ03u95U8ZzBPpTBoKyhVXEz8atYTze+0Tap
+  gLxNMQo2mhenshuuIi6xWK/sJDgR7ASsqpq5RX/H7I13BfjyA99okil9c5j842xT
+  zhEkO3bZkDei1Hcs8yrbsQifY9bnEdNADYMWnrXIRb9Xyy2Fz0g7gYjoWbRThom+
+  x2pRul/RRpxjrCe4zlfrrn/W0YLzGngXI0G8Kv10XUo8p2Rvc+2j5ep5Gz0kAeLA
+  t8sdOAckw3ervruCtngrotqP6wIxrOSiFe2YEQIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUA5r2w09PQgXPwYyiSl9jqBjcHgQwHwYDVR0jBBgwFoAU
+  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTOCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCqwXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCQFfcm
+  jLfRdKFg1XXFXSfrTZAb7KTHG/4C1oC7APC3Rhqxryue1R9QZSVES28o9U9rCVim
+  YB3HRYu4u5soJddhGtm5qk9QTG1tXWg9LrhhEXNdQr075kMjQzd5ysFUVxyChHZl
+  qw+xgl0j1B7SINt3re3H4V55VBpgiH0Cox1juWYUoerGif3CCik5kmhwlA2qphmC
+  xkvrvAQXHgDRsLlXvrnc1jWEb86HuXUdEDnBmPC7WBM+u6uMCNFRXZDFMP1tLPZV
+  q2l838WadhIJh3g2eF0lyc5NazsP/frbYr+SxiZ22kNh2rZ8tN/q4gWvkZCuM78y
+  MdPeZBuM94qYYQb/
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDzjCCAragAwIBAgIUJPSMB26Kdp+OJFGAo5ybtZzWaZMwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAnMSUwIwYD
+  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+  AQEFAAOCAQ8AMIIBCgKCAQEArs0iErZfH9UxosjE3NJWRJNsYm2ty7r2Ruk+hdyn
+  n0evCzXP2kZRgddqQSSKZsignr6Fl2pmugh/GQWBB6FiJCC6QS9kdaTk6tyN2zH2
+  MRlax3ArwRfgigltFD4jNBA74rkXNSGJkXijXPCRyzGipqRrljEzJksvZxkg8fgF
+  JfCKze573sz1k178gI8WhqPq2YdItk5/AOcj/m1fEdWjQSpxy+bm6KWnu5EykpoE
+  0wvpHsNYtfKf74fXkwyx6+9OZCpOOYIJ4buBuRgEhOQbAi1Qajt2qXjXE6qYTYyS
+  zxqSSIf/X6agvGkiIYJY06HLc+3lhpSg62vvj7/ayTvj7wIDAQABo4HkMIHhMA4G
+  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+  VR0TAQH/BAIwADAdBgNVHQ4EFgQUlcyw2AfuALCYYXhQc4W6enqMyHwwHwYDVR0j
+  BBgwFoAUi8BbrX2MTQYodKFYA8/Brc3zRFQwYgYDVR0RBFswWYILcG9kMTctbm9k
+  ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j
+  bHVzdGVyLmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB
+  AQBZ0Qo+27gkR5K6+pFRG+XVi+HlO9RtwjTrQAY/V93XPsg6pWsBh1equ+KxEPLT
+  9Dj6TqQtkHzsZvSrI0eai9bj5KmYXmf4u5n/4wMPbpAtdUKBPMfsNhmaaAnpmh+a
+  DIArqvObndKCH1DDVtV/GZ0Z1BgEheM0GePDPMEpJZZXFU/9vkwm70g5Ayaetblb
+  iU/iNV1K3niLle1tYwwOwAjkZBsYRMoMG58lFuLudXFZAo/CLx1EHgubgR0VpjCK
+  OxMSH6TYum/ko8S2FGp8gH5EVuj4sBj33OXCOu5etuyKsEraqzJ49GhrztqEMHNR
+  V6WKtYphPBqyIiZgaWu51BqM
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUCbCjBspRcoJukAC+f6sIaTTDV94wDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTEtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAMu40wgd7p0a59IdUyVKPhgm1ykpLg0BP9+w
+  +O1Kn3hUtbmv+6Nn0OYGX0o4G1x6csrAxPAWSBEhYOuWNaEhvsD9WN5l0s5D6bLF
+  KRpH4XHgXwtndgWrNDYE/QYHcga9JqIsR6K7vtG0/tgW7XQsBjYONDCRXCBy3aM+
+  uk7InfpO1g98yMxQUwUXB+rihPAU4sSLd1+vhJJnI4Hp4aCPnECPiuKx2p5EPcDT
+  dDcHjkGzUanj1wL9PLj6uECtRZVqpv4UkD25tnR41qmw+vPHO/UThCNqtEKOoptr
+  O9lPv/Y9zKS58y1y+wyL1cszRGmIV/cE7m3cpoWMtp6DjsHnGAUCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDgIm78p9oba84MR59zoB+Zvt9W3MB8G
+  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
+  LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqsFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAhZpNuZQ+g8CUMUmGSZJr4cYjQra29HmJRRf897BH3qXGhPTldEziSV4k
+  s74BRyEDS8pTsCuJ8RQgRX2LtGdrIMR4cuvGcMZkX/0Hab7F5u49AZT5bPe0v3en
+  yTzQF4jDHBv1MsjNVHEw2XbP1LAlX4BCLtCqtVITKUHTik1ee2Mq6/xrwF62l6u0
+  NXmoBUx39rVDOsRceQPHgc6KDTzp7GvV3sFpeimuwry/G/23PbbbUxhVksY0TtbY
+  4/jYrKnp+E4xPZB29r2iicbUNZJQZndUkXSKjG5B0UwghxzuQrw0RalXsvU5AkI0
+  4CJTEkP+xZtsUGbeeg6VCgl4DNBduA==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUXWuF69CeVDhjVKXF5g25ojeTopUwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTItcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAMjOSPr5rLVY7yTlmA9FgTaIvuj81kQXYHfJ
+  07BT55vJ34zqqIp8vDy+ioyOT2ZhWy98Ngc7mUzbQLHe6K43kHR62VuMIOXO9KUg
+  pX4jfv40rmlrZZy2+w0/3hJptAIG1og9BSuSpAP1CRMSy+fjrqCJ+EnkTgth/kQ0
+  yGKgMbMM/DgEBVj6aqmaBxhZEtwFup9VX4Uc/SuwaoID522+DHVsctCM7kF6OnLK
+  ZltC7Cnx17koFBCV6yKTGu+XxGbgAAGpx6cLu7Aqbt2H1hZswd0MErgQeD6Z2Qvx
+  3P1zRvueFhjEMYIGafaQtXre27i4xXJOTZ/oRuQ3qyk5am7D4XcCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNlFMf1eHoTuvKg7GcIdwMr2G1suMB8G
+  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
+  LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqsFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAlfvCu66v1KUVCyJgc9ur6BetavU7DnBQbXsmXwO9pmlEDei6fGGNYF2i
+  D51qv2Txbbnjjvg+d4mc1LbMBSlmNBHv+RF24yXokNZSseR5MLaphAxy4Ma5Uwp7
+  kRBAlq5JDwLTI2jJ8xNDTTwX/yXp/g6ErqH7xE7YAiP+qOMSzTnIBI0G7VB1dnUO
+  e2mv0Qu94mbzHYZ86OT3C/RA0wkLok4ESQiL1+Mv7KcrAyIUsAeWc/bbBhV7m6zW
+  iHDnY+XiRh/4obl9zZONnYYH0ZX1cokCkSlxuobfrh6fiDRjAkIScS8GGZe/WtPz
+  uKsHXyzfuiDzSZZwfR7qy30TvUbLsg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUXbtrSK1U14OboeGYYoNge+jMP0QwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTMtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAMvKgPa7nRujdtHxJ4gRJgWGAP0BV5B+Xf4y
+  TCNEdpk+pN2G0v/1XFyw5P5sLDR+yGpOjZ4xu2/ABbbOSq9R1n6l0gw8AnrNVGEi
+  zpybKGTsHBYKdFyrl2e7WmrY7nz16ZYBLJukCKYiXQ64m0hePxj5ouKBebKxaNnJ
+  T57DVwBjggTtD9ne7RkU6GfTnzEk8TQk/nM9yl/Qc2ye444FnJGA/Syh2RWWJEzs
+  l+NAmk8np35uM8wlpuOMdIyOW6A13f+rLj2Num0g1EfJoVx6vSB4aEah7AmJmZSQ
+  S24S4TPA2/WachAxrXvCGBra3ySR3Np6LlQUoj2omTDgrap3np8CAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJc/R1cLhxRvMqZPkdxxnBJ1MWFMB8G
+  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
+  LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqsF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAt78o2ANU6uz0eNPTEBMgNLdw1BD1ELqI6dXrRjZf2SRJn6VPvrD0j3lF
+  mzzlent/2yEjF9Ic/GgycWaF2ee4qtjuFMQvA1H5IXZxmHED/8J+RxuDvuUtbz9J
+  5NT1nWuraG0g0zK+tcESS5u5RkPx/ldLXq1m/4sNXTOs8+jehQNjzAaMjlgWXyCO
+  rUxRPwPZLC+fXfjPPRKzW/S/I8qJfCiJj1Cd+AD2PchUw+yGaS+ps85fQ3CKLlcQ
+  er3+ac9DBNBc2UmvkusxONE89IOBKF++RLk17Qzd8YR5ftNmGSzAe+WkTeyE6k/7
+  khPHUj6fxyQYuu+IoskvqJ49E+EYgQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSTCCAjGgAwIBAgIUYfltxN+AOAMMCWrW4Vss/qiwTb8wDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjARMQ8wDQYDVQQDEwZhbmNo
+  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1xv25ydmOBO3rw2HA
+  mOhHnn90/vo6/ZOgu29hfWmhgqUpovLkCSCdrh27XFTQHN1YDmWTLXHxwOT9NWFL
+  cQaZAWN2/j7UpU3Zlw1i3/AQZQjSIIh6MwEXB5y1OgajlE5o/gSsL+I1ZmodXzO7
+  c3H8hgGywSzwQ0PqPJE3G40xx5EyQ61ILMlPMaVROWrWO7rzOjztm2RxC84nJkxt
+  0jF6dYg8wq4tPoyAgFm/YWMC9V8iQxoYPDwXCd1z6Jnusm4aOUl3cckOdB6JG0Lk
+  /JdZSoXr9m9x7ZgRSkA7lZHd2XLEvQCMHO6L6Dz0sMp0GCg3M4q2VcnguJMePV2k
+  1tJzAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7Yq+ryvq/dBgvzqW
+  d30XFfP77/wwHwYDVR0jBBgwFoAUeKBh48Mz28KSz8WjJH+M0cCUfo8wDQYJKoZI
+  hvcNAQELBQADggEBACfroZik3fVeKvtaOhSh+iuzzV6NeYWBcMMuaJYh2WDBKHBA
+  /5mZ24839Z+OS5DLXCBKG7S8kgrrl5LzZ9Quyz0yXvjtYkjV/1JF3ZmgK1FCtKvw
+  4QI9lgxzfoNxEd82PZuL8867FCH6JYRBM9hrSzm32lY0DhSvFS5BReDnjnv4Mj2K
+  m7HuCWEh7HQ1xb5aFymHTIPd1EpPt1YNCsyFKoD5LpPv5+DND6j9i8pL+RmL5yab
+  KXbSA7KZS9wdcxaxyIvOub4P8MxExZ9me788YIR3NAwqpcJ+M9yjeg6vWWl8m3+d
+  iHBDtimDNS9DAJJ1FrdNc33b4aGGBSRQa2wTA34=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUIqLAYpCR0ldgk+pIkqVwiwuQfGwwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAMx+CCs8wO3RAoFwRqipFSV0v/iqOUXGuwmEl1FLwE6B7kH1X4fCXOa/DSF4
+  mwEkZTSE5m0dnlUabcWkFaloqiBpfPrGeJQQrBFofBXt3RuVYvWWTHznW804NQjL
+  XxwksMWmkjUUgcjjsI6OWAPL4t7hCLfJnvCk/fuSJLRyOo1ZCyqXRxtb5ooHpPOk
+  G0r9wP+z7Sn38x9xFA4RafO4T2g/ttRHTdYYx+dKloZcSMj+w6JlSpV3Duqr69UM
+  1PLoPtRqTXgOKHFo7O5paEgWZU3DIfPV45Cng8Fg1+x+7Z023IDcGfv5y09Td82x
+  UylomnlfoU7Q63VnkvvYb110CLsCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFDqLDUlEF0Pv0NSZejC3wT0/Rqy7MB8GA1UdIwQYMBaAFHigYePDM9vC
+  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUxgglsb2NhbGhvc3SH
+  BAoKrBWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAMOy9hLVCkPFspSD
+  3TAVEafJilarSeTGbPzYEGdDMXEPj8lzrUTmc7jr2T/9J/axfqo3QBZtbLPNn+tR
+  TPsjC3o3oZo1p73EkTKAnd1Mv7QCVBec6RUbA5NlkZ6mDjVa8eTsPaEqHnqa7zW3
+  P/sqhtY+cpqzyIML5/D0lC38i99UV3jEgg4dCncQBFC8TbZAaz16mVGq+lFqd6CI
+  6R55TOlfXU37OFLIkdV+TFOgwXUfheAra1BNxG4aREPJ4xsvX3Jzvu9XUClj4F0K
+  J8XGaMXHJ7Tu9p3Cund0zvJAzQ818LOR2tErCRyWX+4SjJEH51Zi547CW6zva0+/
+  k/HWGtY=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUVDjRkMbx8tWfi23wAXiszJz56rswDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAM3MOeeUh3cT0nvqSfsn8uc8wZGwtXEgFNB4Cs26oxXsjXbOiqJ0sQLsXjQM
+  jsvY7NJeFIUDxZu+y6ERD4aeQeYSpX074413+CSWoOxz5Ctbfjuu9o8szX+Bm8Yk
+  bEgEPyHy7phrRHGY5OK9YG2OtyplcP+e5jtCrhMzCpHsHnv0i6+/xvyGIoM88EWy
+  3TeBw27ZjdleSwHGAi5RNLdWZVgIZssSeI70vsbin746dVKuaK62EpBjAA5OOqfn
+  80bWgRHWuMg3KOCtL8Pa2KXxRc+qFJvFEy7QdDXFKhL+t+frtFnru5DogRWMem4Z
+  8m5EJDAWAQA+SAI2D18QP/4vOJMCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFIIOXUcKJhWjdY7odNmbde/b8S5YMB8GA1UdIwQYMBaAFHigYePDM9vC
+  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUygglsb2NhbGhvc3SH
+  BAoKrBaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBABZ6qlx0nY6nafC4
+  V8rxfDZpOo6xaHxVoxxk9xBwDEHLxX3jfdhczVaYnm+AIZzuwBGNmHMDB0ya/BCH
+  i4S1g6i2/SlcOM2UtgoiGM2RaVVFEbloGJM+Jrp9bQWUNUCTHYAWaiQgF68OcNB5
+  02Tz1ANg2jyNca0E0eMLLrpPPP4p1x+9D20+qcmgYRy+c4ehKeKrqhvfOqV9LHec
+  +GQcSt0JvP13fyeA5/X/JDW3u6kJbhaI2dYXzBua8Vq+J9dmmhCB16paD/7YZ13T
+  SbxjL0oKx3MqIqCMnkLHTNZIbZvF3ERQseTh59SPmmeozP91uqs1eO1x6k7FDK4K
+  y72QA7M=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUR9PiLN91r3HmtXJeCbYv+14ziJowDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAOtjFIHYSXlfCPZxg7uONY/k6hzK8Y8W3/SSGie7GWQ159FDIsrkbg3D1UaK
+  5FpNHtWpsk+6jNFXrSLIi/fEwE4HMJdAb8MBoBXyKsWi+yau2d5DTWeNMmeF4XY7
+  Yde9xatWJVgK/R57TWNci+p9bwU6jW+WlgwOqGdbRQ+h8VYMIWholYY5R5Fu2DH5
+  GP9t4dc/cigtzUBIbz06DFTNqZSo7LH805dtXIbmm8siQmla6gZ6bR4fuHevht3J
+  qX01Eq0z9jFptw0B+SMZyWLNbLWayFfH4tbHbscs+UFIJ9ZQQ0SCeuFULzu6LQ3A
+  3WX4Sgy9LYeeuT7JlrAY5CuwUDkCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFBK4qABDpWl+wMve+Bu1HidsPzEcMB8GA1UdIwQYMBaAFHigYePDM9vC
+  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUzgglsb2NhbGhvc3SH
+  BAoKrBeHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBADLUjHLJQl6jyT5f
+  ZiRa7HyUD9rDDCK0kcSqK7Zb/DuQ4iZsuGHSyYsLVw8l49bLDWnoLaWRCQYel9jR
+  t/nY3Nu4modRX41Rnnr1y30+B3IwAmcXgGfJNBlaX6S3CtAmwObthcV1Wxf8nbiU
+  KHEaymhlcMxXqfI8TykssNz+0IjylC4X6Hpf1zoDq9RHuX4vt2JijFVgU7Cx6//f
+  smG9C8oJdz1sYOwpjKVbYmG0MYBQrPzAAXh4+YVplgTL+JDsYF92SHMNx8uEz9CG
+  qVApOWE+GArHRN28l1Wpeb0s5VseNcvoz8ZZtFB+Szg4Qg/npDNp/ZsUGzrLAfYJ
+  nSc7UzY=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTzCCAjegAwIBAgIUZYezY8b9NtLNI9H5WYjW1bR86xswDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAXMRUwEwYDVQQDEwxjYWxj
+  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg0chcziiU
+  H/68TxYAntIkJywRjm61+1h5qfYpiUu3xB3HN9bZ4vmybdbHMOPn3OcolovLXf2B
+  3zduUJOB32rLFKXxU+2I47gN6RAJVd8mjjutD7cxWuyRK4x4vFCitQnrKM1IV/23
+  hUHRyNDo9uN7FgIJ8RP+gVBBe6xtENMtPYi7a58bB/Y+et6YYB01WoBNJG430Q5m
+  ExeqqjOZGO2gGLn/oV1vN0OB+jKh7vtmUssDi6yWd8k5+eZSTHrTxOYi4XqnJi6/
+  Y7sadIb2eDbswz2MDtLnGrPvp+US9QKa+B7vDebI1+6h5ASMKU5AAc9/mZe0czjx
+  wCJnBZ4gvVmNAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYhnpEr16
+  GSrugQcpNf6vf5XLuFUwHwYDVR0jBBgwFoAUeKBh48Mz28KSz8WjJH+M0cCUfo8w
+  DQYJKoZIhvcNAQELBQADggEBAKKRyefSUXivcFdWxOOA9ZLxl3Xofhi0oi0LmUpe
+  7OJB/UJjqXMDQX5lDeGUK2lMxtqfHO1AAWqOb9X1em1NZxi2gkn+/a3Ji4ifU4+r
+  BJfZ5P4/RRtpC5d8lkpWgg7gWIbh7mZrVAP3NK8S+nNiP+VDIN4Gl7fwIW+nmtq4
+  8YfSjdKotEcWD0935f/rNPPPJ9wSYP66rF3erK+fFYHj4gRAh9AlxzAw4vv6hJQx
+  Oo8tVljjjNd2h23s1oQWYNf3Bw95fOVjMHD8KSIJfPMmLJcm7PbkQ7WsYgcYDO4e
+  tSrhHDc64d7jtw36llSkjLteDhx/KJpJpPvJis3cKBKkq14=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUa3PV/q9gHVnyMm9wlctg3TkV3ccwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE3LW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDBeSQu0v7sLQ2i/TNMFkz4HOeBWrcbidPQ+iAsbTMZkCuf
+  KYRO/dLcDcQ2yEpZfTx1WymbT0RgmMPNnLIe4P9Pv+0pt+SuhESQB/zwhlcz5AgI
+  xeKbspnUCFKxeQX0xNF7VpC6EJ+8xIUEO8Dh3CiVa9ejO4NXfuR2raGUtdQKEdFW
+  EXwnrKV9/E3XL1FmJyb9oqrnRcwC4EBYPA6u5plYLQ0/Xe8KGd18y0sy7+O625BQ
+  K8uV1TkMRsK4EPdqAo9cwOb/ME1xHgd51PTBbhquaruE7C5lJkBbajbQCcWFESAZ
+  4u0NSA1DEni+Wch+wdIOQLI60yi/FjmjRC4rO3RPAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBTUXKnhSpZUKRBXxTZ7seMGEsxArDAfBgNVHSMEGDAW
+  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlMYIJ
+  bG9jYWxob3N0hwQKCqwVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQDv
+  HhgplVcK+iLZjmqrBirR31gH63q2ZqprwV6FwDLIAHnv/Ohr8qD6Z5/rWb7oRWeb
+  DMi7ss2elRytQ4JNUNx8OMVCjoQa9kUTe5JvY5OlX1Et6lXotb2b6eGzO7fgXfRT
+  N/RbFCCrMseuEq5TGg+uMKP85vsZnvigZE5EmSlE8/okeOArNWNLzirxisqTwDXJ
+  EYQcDIz0dGqLr9GsztpV8IRQ6xGcg58K9tEu0wLku6ikN26o4SagCG88/A/4f050
+  5vfge6RySqwy8Y+Mtrnm4EXCfBFX2YuFMOvyBL59zjPLxI+iAfJTZqU2xZCnA1wC
+  SU5ZJH0lUiQ83epsgTrq
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUIWAI+JwApwXSqKFVL+X9/yDc+/gwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE3LW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDGVswTun6glxqcoTfAWUm4LTJyH5MGhFo6kBnuiL28vJtD
+  vCeApqnvNYcB4egrtuF/K8+3mTtndQKalfC8hEm05tUfwqlPagQ3kSpoqaCDooLm
+  zZyfGxMink+lLm6j4K8DjdsYGLgYyV62nZPjcuBtizpSVyrHFFuP7ZJskgNiDhLW
+  ANgj0dTr0X1DPPg+h+fkNG8mzzVpYE5ogBokjyhqLCvNSy5ukfBD94WMUQOvJfCy
+  2juqKyp4AugypJOh79u9IOXTtx6LMjcA/O8MXUnq9R2efpxsFcFdMq8pDCf53g2T
+  hBiXt0Lne+CoEAcU/yF5WB2otWnI88kqiEdIlOB5AgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBSslKpCSulK1U0OG+fQhOCH5aegMTAfBgNVHSMEGDAW
+  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlMoIJ
+  bG9jYWxob3N0hwQKCqwWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQB9
+  sD/EwvHH/+bja0G54wswfwLf6IyFkNQ1U26iNuTsfbyRQAm2JTt93IcW5DJdSzWf
+  4w6OFTsPiMfiXPnPdB/BBPLx303T/n+VFKoa9rOEom/qEylHm51W8LAIfRQ4FhVh
+  CyW8ZDEqshEC0KfwJ2UHwJu4mmZ3lUPa1uSC5LDnE6fXuLdI1xE2lONgcEImCwXF
+  uE+hRSvI2cUJt8sDvclH7eBf0uTZN+oJCPXDVa94k8zAq2OWg60F9/Bu1sI9jVnD
+  y4yX55CMOAhoYQSTP/WKKTg+iSHf2DSrHoIBlq2AaoispKj7p6ODAATUToJWA8Eg
+  QRGkaI+oq7tzhngcAO+n
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUfWTdS+pFhTFeuJtZmXO4uPY0c4QwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE3LW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQC497jmAo4Oh/EHL1/X19gToBV0WI48gv7FBhiDRCjDfA4W
+  d3WdT/HGkbps4Hid0UPCQBSVD6IS4CMF0BQ1GFd7tOU8E7Zv79HCqD+8ml5LWsua
+  twzMuHDhGqrL71691JrSrLNg3Vg8lOMmtCblb9O0eN7zxzMhH0vnxsIosKYQt6JQ
+  wDq294QO5Vi/YydzzwDO8VTGSsce6qbD9wqWODDa6qvMLP2feOmimvtoFvcZ2Yga
+  Ozfcg8lGCaLurvk/wXQLUTNtbIwu676lwcfFN04BPyTgMINuiAd7V8yXsGgWpWPN
+  OMf40hpUJ1SITdBSfk4WjdCUXYfaTeK7hm01ora3AgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBQK9+JumUrrRmYiz3ZWerJdFqh8jjAfBgNVHSMEGDAW
+  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlM4IJ
+  bG9jYWxob3N0hwQKCqwXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAE
+  0NvMse1y9qbcaLFnkH+w4E2QLF7NZS7AxaBjYsjVCluwCE4TBBAnQ/+Zu50I2WIL
+  +Cl0RHwDsEuhnAiBHcX45JxLU3oB5ZllLfiyRcckt4B+ePvRHlRabPtMPuT3QyVv
+  8MBmor9WL+YxMmVyBWdfe1inXHnxUGPFFFnt7mXHz455ys4Hq4Q7QzPYt2I8xQ0L
+  zqs2fIsQ5+17eVcCUt92JzkFJIGrSmCSdvMWFzbgCWf9JgDb01l2V80cA1c1zFF7
+  pFi2M+TnmEMM4vogOSOxYwn521WTuEr7wPGe3lKm6DjpvAazBcl+bQoKqNqKwHaI
+  55lfOSpS5imkbdT+wDsb
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWTCCAkGgAwIBAgIUKD7BTtQKeJTABTYFwq2SWKF4kgowDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMBwxGjAYBgNVBAMT
+  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+  AQEAoHdWmHeeNXLHssgpq4q6KaCMUUY86jZ9+qnXig4BLUmVshe+yGZ06eSO52q7
+  I190uiGTsnIrSJAx2pUffzDDJzY3OhgCgSfQ9UMmYlEPAP+KUakbw6nc1y27wScU
+  G7EQmDC9Rgv+vCK7JVwA95UVTuRb/WoZ7izUqLjWYABLQiV2YGHXr1VHDso9gcgr
+  j1g0ybwdEqUy5rldYEIrpuSPwVccnq7PMjd+b0MqYroGobQDS6/3vrR5i8f4dZkm
+  0VWl6hlTyIXyZOFmfzh013JpFys9STIsLqVz5Uqu/U6uDEjIc35dufh12X4f/xe1
+  5YzEHT2EaT4zSeIaih8lZRhMeQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+  BBYEFIQkwQwaFGqeAIpUPaXGawhS7fYlMB8GA1UdIwQYMBaAFGSiDgHbwh/eTPlE
+  frqjCNYhZGc/MA0GCSqGSIb3DQEBCwUAA4IBAQBDej+PSFlXPvOia8N0lnZyaPcL
+  CxHSp6EdHe7SkkYf6bh0ktCGSVnZOzONodsQLihPAv9d7WxpE7hjokty6s+KFpwk
+  6knmSertXdqSmHPP2sW/iwWJmpJ+Yh6AW+BHW/hMLmCXa44kTFQQ31vcgO4WdZF6
+  nO+PzQxjz/Un8F4H/DuMugVYz5O6YDK/37jacIXmEVf4cqMltr4kGMTTvY9JjEC0
+  CSEAUgf+25Kli/gWrFinUTLK+bkBfTeSEJmvjLEtWzEx+dLd0fOpqG9io71PHsFv
+  /HyF1ToLZFXup0i30n+f5v3quoyiWfsKo+hkFTHrBNqSjjPqcQYrlT07iaC8
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAqJxD7JNGSgkZlRgr1w0SKjGJwdIWipB7GRk3d17tPpqLaxVm
+  ujN7NM0bFU39v7Ud5P9YpChuetzMEJ4ry4xbwVxqgbs1XxP0vDNaGZJCvcckxDDt
+  hiRgEICj6kpFlLAIabMCP/PB0VPGNT0WQPfBPSk8gUJBOfgjnzXIZp9l1h7vIy7+
+  GivvuWaQu7x6zeQ1yhj4KrHokq8jD8J4xAVV7Yq4IY/852ZyPlwVGG6d/r4XOb6o
+  WiWc+fRfQxDQlv7+Qfjsp2p4VqftC4+UF8W6carZwwQBpuDaLKuEY5HmAJb5wZzb
+  uqnkPVZ/Cr4Kcn457nf0RnHAvuWv09NoCPPnKwIDAQABAoIBAEzN6c7xAzqkTIfy
+  2715EcYwjJzCc0wpJjm3l+GDVzSGN23O8N1up/fUWjrpLOZPvU9b1WfplvHWdAo5
+  0p9Ez2MUEtwHh/dIYtn71lYBnu9NsHzCAOBy32OFBaWqsWlaimqDhUnWYnpU29vS
+  eLmdYePXTd1fbdDXLHrQh/nfMAdJkMPDEZWGOruLM38jrG3wUmAuTgW3GHMap6pU
+  HNhPBfIbqn/LJ0VAnv30/5wZQiA8sw6Lee5Kqiodbx0ERwke2yluufI//3sXkEiV
+  hPak9uzclCx/bHS0lC69WA8OolihShamt/hzGWahVjNYLBgesLb0h4Me66QUXYvO
+  td3kvGECgYEAz1i6oEVLKa/IejBZGamj76XoX19vDqscgf+tG+1Z0+v5ff0hv8XO
+  xHQvDaOH2YUznT8fn30c9fHDRP0TQPvwg9WVviViRXvdfeddhShB2J2S1t9OUNG8
+  s7PrChJgObbHRo0YZAHcBrjxihwaiVrogbAmNYrmPtheKShYB6cJF7ECgYEA0Cyp
+  MkFObthndnT2UmMB9EbYd1mV0yvU6Peg4dSAY4c3rZadSoxUsddHdBjSB8UXXfPg
+  XbxUtA9SRSelxBvx7a6mb1Z6cRo0gg6ugfsrcIyw6wg+gspYNCEmbpDECJ3r6CH6
+  rG7iT2rVX10WBjsFIdFQ3/t0Dk4ERmEC6aj+P5sCgYBG3B7jeOrn8zADOhSpJYVl
+  +AAC3/13ONkEQFlrquDBAOsBuIlZHYO9NauC8LkTiGcMPS9UdRB5qMbAA/EZi0A1
+  /b8v/VypPFyEk5YtVIW0Pp2ZGzWLfzILA9i2V3NVJfbSUJPeUZhdH8VEGrii6lN9
+  RrK4J6DqJ01+qU/0RYxg8QKBgG+3+BlbSN9dzbCZtnOiZLMWribm8ewBMuLPugxY
+  AYroTy4ejU0roGxMjzEz/Mtkr1Shg8BqSL7VFh681042fRBEUVeg/lbibFl7zZU+
+  GSLurieEJiAEvW9Edx6RHFNPhQHv8lpFq7hZKidiimZPmEJ81b1OcgsXPV4Tw/9n
+  zQKPAoGAajWZK0pvEgZk07M6r0o5NVa+CepqAaisCjdJvDNkiBfAQz8D7eczZuTt
+  1Hr4IDDvrrLPX+r8Rof+dEkVv+fpZx/RVlfimjLmdfvoeUmCp3w2S6I6FikYrHGS
+  FALCC7cukRHdgdczTl3YNSGyMnFWzdjKE6aW6rPgqc1XvMs2pbs=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAuBp27zYA0f3B4KoJoQl7crkSAiaD1U1VOaxzay/ErmKW0qDX
+  K5dYSXW2Aej6QEaJ+y7soWlibhIBimF4JEEO0MDywvDuB+/JzypGH4bEzJUBHZmi
+  TvefEJWpA55sZBml9EMAXcdB0jGjxNeVbKl5T4d7KxLdlQnDdY9Jku5H27lyen4M
+  zPGn3pec/oFv8qdKyI5wI/TCBttH+raV9yhfsAfhCiYnplacYSduiQxOkOC2rPJh
+  OAHDSQsOvwgP9P1efMOu1L+fXum9hMwODXw77PTeXHNoCxFeemTKVELgWj/AKK4q
+  /hjefDVr+S0FA2SNETBwMHfDB3YXG4EaXXWg3QIDAQABAoIBAQCBvlTXHC3Tz4uU
+  swB6Nt6C6R5h2ZbK+eb38Cqe/VkUtHIqGiPJmq0jiAsuqWvDZHLVTCqDTmuJurLP
+  PQWYNykjwPbUn0qA2WJV1yr4CNgkfVX98EnMcQHuhCpKXJlyqgikbZuSe1xNr6IE
+  lRG/NGhDvez1XCRAZlMTRFnLbJXDqGk9kw42NNIl6fgOmdmvUruj0z8lDhyCnXJk
+  ZzGWbQnEohgW4FjDV9W44H4ErhV7afU/z0WXiP5BDTYWHifP9GhnYw4HNjbIa0I1
+  /KZ7kneZyKrdGdhGen6q6zRpVV68pFsN/TdOZQS0+MYwavGXqJw+eg+cu+wTfgAu
+  RuR9J6vBAoGBAM5uqNlZzqSfGnUHoMz5+osgnr04ZED03gMgbUfcscUyhWd+uy/t
+  +jJdsUcYtUnJK6rR13kx+M+Hd0jSCuCb3aWTNt8gFynaBS5M4i6dYerohK15R8v4
+  S9CjGi+2ye8wguqfrcijxGUlyj8uZ36MhuC04szEnppTDq6+ytwzNkrZAoGBAORP
+  QPzQGFAn6L37luHosrftHeBNkL1IhQo4wp1vIbhKS39K61oj0lNqxzqwIxTploNL
+  JPyJ33W8FOzfinMDm7lVrp1XoFJ/BGeodgO1cvkB3Wn1F4PQ88CmSzH5ngMOHgjQ
+  tnr3Dnkr3SaZheTPhDOtNFF+hN7gtnMrSUoJlpulAoGBAIsqwx40k0EcGeQHznoh
+  lKyywxFhsQSxj/Kfq8yklhwRYSpSn7NCRkgqLdd2atFhk9THPvJvpAOUmfA32ilu
+  KtDzHCz0H2mRl6iNIHa4l0iclMW2W5bAv6vaKU89dYmRNNEj8S6waTifb2eEyzTf
+  XBalG7lcXGhB0kYwTeaBh/qRAoGAMP6RA6/kh88Iszx6dKBrOe04rBn5JaWaZ0cm
+  /IIMym+nI/n/56goSp5vgripzqMSGbrWhRtRSQLDutF99JChqnQotLtJPGrllxkf
+  ukwGEEnGKibelPsSVBVbra3TqvQsndesUVcTVA2Ft/LaOPAPfsd8osBz4yB2BuET
+  KUBFgcECgYAOdiDDHX5xZnUvQBBYSf6CwyxWbv7f18I4l77lfeDZpIHOaBmCcgOV
+  xwWNN2fbcrPDD+joEEL40FGh5mZuGzeUhCFDa3VFvY6CMJRcsx5JzHP2Q0Bc8rBr
+  reVyVHwQaIbVnbPVlk6qSMN4XKJd1vxg2sQcMfjyoGEn0TzHilmoIQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA6qSwvOHFBMQCKguJpnyL5fcLF6dfKO8XPTx6nsvsTPH9jLgU
+  A4z/JYDu4EaO6WNKzfuQ6AxYsaKlwVMmybNnm7NOckyF/hXdJ6eLQGVQF4ITT/vi
+  3O2v7M9YCp7MpOCyhLaMFhdrhj9MALauSFHorGlpaS6tV9aRV+Jsldrgyghd+3vs
+  FrPy+lgjPhOfsehx20Vi6jjOT/yMK3T7j1wj3ThAYZ+kY2IiGpR6wzRxlAJ2f5Xv
+  MgAGO6ZoTVJiYTN38lHQgRRHfb+/47pGue3zVTxj1bD5WXRimWhQt46pTznRnilB
+  XeNJ0jSZM/ykbMOX1ARpkUM8WmIPtRsR+w0lEQIDAQABAoIBAEP7q2lOUHLtB2N/
+  LEacVzwts30K9Ts66pTHbQ+NLc2tXzTiMIpG07XeAVfhmY5tQkMj2/wfd6Mf6L52
+  hQpzfFVUQipDmZ7gXs8ab/IcaHQnL8lAxZ4VD5+hA3UwRUKQB6kD6tqLto+Sz0Z1
+  p1E0yiEJ+YyMBZUpibrY03UnkXF3JRQKq1DkK7RwMY9QtN/grjMIH166wLBhGtV8
+  vJPtRyTczkmBZduwrTGHudr73J7zwaYNoinJTESYytE9aeQkq/tg0pLm2klsrfvP
+  SVl9XaIunodKVSaWRMvkjfiqK2YgzqJ5DUvRn+kZ4AGyxO9hHwmTI1mZ8y1iglTM
+  UuJGmvECgYEA71jRolBZ0K/X77sd+Gr6e59Vzvwcyh8THCu11LTeJQ0/TxU3fg97
+  RNdY9EVv3D3SCnZEXArlvEiUDn+L5Vt2lg5mBLwn+0JiDc+eSW9K7tDmYmmZFQKX
+  nzBKYc1z4xvQ6KYagsZQaB5Ae5urDvv8QvJ0D62k1CunqQoF/RvVcGMCgYEA+vgX
+  gK4lHSjZwACw5EM9zWn1sX+id/zme2WfvMQ/nL2w9YcV6rjEtyi9t77kB3dL3RnG
+  0Cdu+7opmh0MLRQ1yf/KmntmG15hNX8WQeDmVSWGlfhnifE24vvWxqrKT8ToK/VP
+  u1g40v9gOlhEjSkUXPzuLL2iqCarhUFYmsvIfPsCgYEAmIHwucsXH6kcH64MD8Ei
+  r+i8BXKRaZzZUWbsqodA0T0arOpo/JMiyZ+qF6Oy/hQKJQ5synVLI2jfpklRO6jG
+  7CBqkvPNSgVnc0NqqYIXrgo/8k808rU/JXjgvGbsQ7byq3tDgzaX/2/fSKPNIHQh
+  rgrNNzw+vc6/Oy+e10OIAd8CgYEAhDYAQ6T6HlNv6wsyJP4bZ8RjT5+6mlVbojQW
+  I56LGGqB98azUBUIZKkM0Oi6PgilqZOzveKYP/qBghO9X14fPAwJ0rohP1fIBCOw
+  OQJetQpwzT6wZOXzET60lbJRpBZKbSXtW/eM7/Li4bmwW2EBvj7sxhscvlKo1ylm
+  oR2rv9MCgYBybhTL+IImXo8pfO5IK/AWtfp+v/gCVLVHnypTezI/L1iXM6pPnn0o
+  iLzFRass2XYyf8U4nD94xOjv/f4lSTOXFKCsX4juWPMIwpxBOCAn2YegHKMusj8k
+  6RmTDpmjGa179aKwt1VQRFWBp+aGV9ewm614ahsdRT+p4R72IDj4wA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA4nd2azod+jiCGJEzPvJuPbXsPk3IeA8gWW8MOvtWSKQ+QrF3
+  9pDAS5qHuZQ2HIzD1n4oMJV+gIy6ziUwZ4m8f0hsKSkhb349VbVYuETcPinBiT1O
+  TDtKNyr2ovgoeJIA5ts9RrippEDfJXqU0uqnjUyinPSzmp2ZMQXAM9zum5hWcAB5
+  TvPiIPOYZfsDHoxfwSj0RgDunZy0u7w5h1dqyAOb0z83g6Edkij5gcJH/VNZLdfh
+  dhATgb9EXIMxSK0viOFgFjWqSPXRIirunvLctJUJMaeLxwgZMaYrQc0K2Gb4STW9
+  d+5m88Y8StW87MviV9VCmF9hWqFqFFo5tNLO4QIDAQABAoIBAQCozccU8gL6Sjie
+  u0xpdSc7FGl9n1j4NL42K5IAPOv5xYMrD0GOJiNPt2XHrHQRH9OyA+NNI4FhrIRp
+  uEq2QnKgpYkJvUDQ7FYnlr8Eyz8njtRVyb6dD+yn5nxkyXjRNnM5oN2x419/sWMj
+  epWICaTOq/rh53wgmaxgYBr+DYZFrwZsGdvRsglQyIoBkPsOVOv75YqL8uIk5qt7
+  J8t6/J1BON5eVWQTAuCT1QGSb92DagwD3YBhQw11pcypy6aAI5F+87cBYioaPWvQ
+  b8s9nozXuCUQFoB8tuGbBYOdaURq0KetBTcI+J46Zd0cogM4H4AwGXeXo7sad1Ef
+  VPeZklABAoGBAOxz9dV0vfuYiZvcrxFRCn8lSqK6CCjZA02i7YGXTtWd22ibhToM
+  Q0TtPGvSjR7x7zM6VOZ+22vcTXfEeK9cSKz6qIM62L36x/3tnWOhcMmukGcxleUr
+  p0tayYR8eGXeAHS+O5jc8kirzwtay6uLAweFdkWEHEDhjvhI/4OfLvpBAoGBAPUw
+  KZSgMCl9+cL2mTfZ8CBEPR4RAsq8s+WYAm3CUItdoP8ZerwYAT+LKexXgUuH7fTO
+  U83EbYrUhNTIIGPy2+wzs4iH7XWrCIMcF5c5iMTwK55HPNcbYE9NSsXM52FX6Cl7
+  FUnlZEiGY+yelcgA2hgww+xAUVMl2aZXz4SRtGyhAoGBANGoKGwybVou8KUw0lIq
+  Z4JBkKIlDaMaeSFXu/xSK2ah57AjZcgIo4T0TcTVFqg/oPbtW+ZcyTYkStRNcy0a
+  SJ6ISu7BOPmK6dWv4QQ8W4OYsxWtE9n2EQpx34kHzMGWTRU2sCVkk7f4D0dkJH9g
+  bTk4D5yn/V1SIrDoGReeB8uBAoGBAJWS6ArPHhJx02foX9f+j8pfVpl87yMWsvgh
+  H3otzEz4tTpqJMGSM1C8aLrRNwMIzVVGeUFRzzGeK9pSq8/NW/RgJenoYigiSnMR
+  NCMA6jqZ+UH5W1guTzaRhEfelFiB9BM6DuahlefYdCTpKZ51RpbzSNJa+kGrGXes
+  od/RsyuBAoGAFvteJZO7EAZifAdWtHVsL2w3V6Sv7g6nwWLa3ISqPjmYmeCabIQS
+  wxsujakaK1dsnlU455qq+tf444gwALtaSV4TkuIqVnqXJKvPKo4po13RcFSymJ6v
+  J9pBXdKhQu0lWAXxNl2a0aR5lcpcz0c48Ijg2ibv6p2eI3QeKiPwq9M=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAszpH7jqraIFI/iFc9uxSIh2qR7gMSvslRIY45Rpez79zaT8O
+  oyVnCEGXsEzFdqHOOMhC5yy+DZ279ybiml0zORJmSrvSEIvsmwy6kUVzfAn6a/53
+  9xa6in3w/UhwtL1CB9mFQvZ25WAsWaCfDPLs4Z7uRdTMzk9UTq6p6PfFunrVSfXz
+  3rfwmSHecM7SXERx0VpR6mNgcDt/TKXqWUOdyPagciqy0oOE0/N+zFghCBFy+Z0Z
+  M6CjySovSmUH9P3lOvgQK6TTWkL8AxGj6PZLWicT+3IxJ9o0jhxUW4qy+i7DvlKC
+  PqjQqwPTgKz/kAU/sBfvPV5BiyaMYCqnuxmZXwIDAQABAoIBACS9zt8kgd0Tm94V
+  AtTPz2qVAEJhlYuNfq9UgLdet48JJWSu+5YwZbXIlIscweI2+2qiiyyO/IsYCd95
+  xjx03LpXbkblyAOCW8fRTTHYtfr4pLCc4wTxUN5xQQT7Y7d5kN7BFdOLaQZOt+jL
+  x69E4ZDDHv+Lx0yH8LWMkuJiYNOAYQQ0o4M2WyvmoImmKpG6F8JLj773NYM5hiDJ
+  MrUUxlEaRwynCUAtx24PUVWNlf/dhlZHTbEfbD3rgI1AV6CfFZoTAKl3ZR3AOC7d
+  cF7mS+q48OmizKUYqujnJomtNK6uTyv/73fQtQs6Gus8SaiAsXs3cJv0OeaKB0Nw
+  OStLuDkCgYEA1Xs6gHvl5wRgEq+oXrGWaJM/eX5TCg7L0pcTemnfvwdAgg/43QGi
+  5igqRnN1IxzQyRGelvSwntg2sqmsK5Ucsnl/wIxiPBlnnNcpc38MlRW0nmrM0FfO
+  3JfISMywx7tD2Hx13WrvcivHwMrqQ0NsdZp1uaaKTH7OUtRloTP1fmMCgYEA1uyP
+  NgheyYiHGVvrDdwE1xBstCHFNvN9aAe6zgWeJqIlPisMeIUdhq8p26rmUN/i0L5U
+  EKIw/SkNlTGsXP6Xgmui070Pg1uCEEiNrL0+2hcBHBeY0NZYcFdkTzl9tNPjNGIj
+  dhcxh+KVQ/DdTMHGzouGz94dYLY3/OyO6uhhG9UCgYApOqhcwhDvod+wHC6nQyLq
+  RW3f1+7PpXXl0PmZDbOBoDPsKouEm1lLm/w2KPw5cMo92uJHAzDNLLK7pJs0u5KU
+  QXTTygj61Gk3WDKQNLxIWq3MXpH5tsujvMiYjrehi2AaAkd9ILbn1N66NDY0EWRz
+  /gW4ehqBlYfhZVXPYUqLQwKBgQDEaWNnSbb2DmMIdcwV2mBB+qyc4c/NLDALBiVd
+  ahzhyYSnj8fRzDTzhNiH+2KHvlMV2RoSKWcDtKTJF6AhTDlB4wPm5PxsWxA9uVBf
+  8IKj5CoLdjUdhQVFhVgSXsPWoV0d3iHyJbgKKrOmZ1SWdPAuiawmAyJt45i+96CU
+  ZNF6EQKBgF1cALg9ZkJuiQopPNohrhUydRQgy/mM59zOw+G+Mxo0wKRsBDUWrP8C
+  1hENjxAnc5x3Wh9qOIP8X5/VXS33AWbb6AOsk3OkS0vt1jt6nhxXp1t4YBDjhJ3f
+  iC9yQocJWDFHdXV4+OsoK8yIYGcYplfj5fct8p3F7EiuLUbW7Jjs
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAvEROI2ZFh8nfsOyZ3Uvuy5BMKxppctG/lP3f4a2XQv8eCGTK
+  /Trz007T6VZ9UfJTlKL+XcLLK2fM6UiVTZqMFSwe2dNcBQMcQMVHxVARHc6AOxr6
+  XG6kyPElB3zI63dz2K7xYGInbE5AMQWHwtMxJ9IGGgDn5RS5S0t+nLFiV7p/Ot6P
+  9gOnQEG7WUv98ytJRt1/mTEhHflXIlrFupL25U1asnXsLnO5jUo+ZilvgsS/hmfm
+  mQKRNcRmbe3imRpu+JEQpp5lj2vxqdWi1J5+y9LhvZJkI2LAyJRpNdjrwJgK/vm4
+  b7kfF7M5R4+K7hmhby3ZtPaQBRJ04jKu+a3eawIDAQABAoIBADmWr0w2yYgK4WkO
+  Rtahlo8gOZxpvN3JeVALBIPVBNMSlM4+frVNZi46C6pxsW3ysUxjO2nU3y8M1mp5
+  sGoHn1gOofVBqQFDfU32ysh5gHLcqu7phrHlinSJBymuKwuUA5TBlsZD4AlKOmqE
+  ZY3b6kpi/UjRBB5X44I7uqQVwp5QwHP0xVda7nAbX1ug7ldtXH/AOgSthrE07hgU
+  lQbp63uyVUkmFTtC8GiY4eP275sQvJLJMvKUBDHd/ORvi0GXOzBzPa73C8Qo3IfG
+  MyS/YbRRaaHU00vluvaQG+f6crtSkptbHlG8sQ1fXZ8xxYjxBeYwI9+8air5zInI
+  oZDvSKkCgYEA6QrG23vTw4Wg7X0xeYg56Pb0CKzrUTKFWyvIAUWfWqYtjDaxoGnE
+  6hREBMOH20DJbhBL7jfvPD3/MUYMCtqsapkEXIC4FOdiz4CzU9OSvto+R7PjlSQq
+  8IHvQZf0EOWf+ClpzkdM3fwzD/acKagWRFN9FaBFYCxyVW2bLESHWJUCgYEAztBQ
+  l2yIT8aBtAnxtGpigap68XcJiHmdCTFYThXhNCaIFie/kPOizE/Mj/mipP/KXNh0
+  MFCJ8UYmdEW+4eg0+fG44tuojNAtL+SgYABp2Jf1jVdh5K8WA2Cx6zNpy1Ez1okF
+  uNRLRapdrreXQr59qffRr6nHMNmb9Ar00QGHmv8CgYBIZdixhx6at4DvRt1/7BpR
+  jabyqwXQC+nyEP/ppT+EYev0i2lTdIiAUBtxf21NaCsrzlRIhYgFJx2IqUJEfPrj
+  gvYf5r1JgTjpTgpoGGqWcCa5D+G8C6hrX3J85kAkn7G63uLH+s6eiCM06mBJcLa6
+  M1XAyjHDVwuODqcOcZu6oQKBgGxkKZjzPQ3ykA/4FkHkb/RdkUn0hX6Nnowu3IUw
+  WnOmrjROaMxjpLNIL4JV57Rqi3jVyS95RpK5nXXbCAwGU52b3ranQVNr2AL95D/s
+  d40ZN4z4e0oLqZHjn9wReiUhTfXmoqUYPssoWyky94f3pozqYW+bn9YudtoU0/Km
+  xpepAoGBANfJW5kL6PEQUv1Wg0zM1cchDvBa8DM5XpykFIX/Z7oMEdjRJHU2FZ5j
+  XLRXX04SHh34tdjewEsimMxQyBcWcOehKVXlh6b2pAwWjJqlz9gB5dbeQvdaNMiW
+  OUGS65IIwQjqK5PSDMDyEhNoSmDRoyu6+kfMcaIrKJDCZ1WySxIp
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAtJ9hmxO1fisyIqt2naXe6ElWMyXkfoF1A316jq8bhrcBZJJU
+  eC5hTJ56OEzYf8Yr+rf5D6zw1tSvGIMYbVVOUBOL1OKwTRok+tK5xxjA7XqTTiKJ
+  JRdExyZjj0NczGzIr1StIppzzREBgkApdG2+vD60qGU2YEdWBjR8Ljb1STLmy44I
+  h6RYCKwA2/fwJVQ7KEolVCP/JthUCqQHI4Uv8i9tWlhk1XStHXTdQ9iI8lKvwMhW
+  gAHNKmQ251lUOWFX/EwoqzVqIkfbizwB95UTjQjRzFqdTVuovMMXltd1kX0DcEUg
+  s+F5K606qcD1cBnpZhpvyGHYKPkHfq0eelqenQIDAQABAoIBACfdBS20q9msruP3
+  87XXZdreVKf1NPi2mZyrlODoxKp2uVf486uSkObYEyFZ1G5ezlYHRHCxOnYvenVu
+  eXWn3iDOL45MeZyKqJ6y402NqQbAhsI33QzSldteHZsAwvpbB++qQIviiqw3lJ2q
+  i3umvPHO5RBFRjr5g4LbEo0glAITWnaKznS57AWDMrHCxkzaxaEXidgPeDZyAOOp
+  cLQg83LRdmDRkFtNX2jj+h9DpsSvHCcQrcvfG4B0/ab0EBXaUHddfi4flteoTTqT
+  7lr2EKXb17ARpwcOAm6EtuuJI0xrnK4dGDDaNjTVJZHKyD9UIIPsyQsw9PaMGz0H
+  qlCvrgECgYEAwnA+31/D+v8mpvlO13lMMOUqr8pYe/qkw51a82V4gm5G7dMPzGtC
+  rhY7ZW9pYCVVYDTM7bI+dux00YjhWgvUp/m02z6cK1q/ewhm4JT5Nxmjop4hyEL3
+  pZWN/arT6tG/otR46XQVCv62LzwjS6vSHY+Xr9BpsQwTbUvhzCbox5cCgYEA7c9S
+  eHTBMyK8/lQfCs1tqOtiqe9LOXCNNEqN0GMeGeiiq/LA7bWQG4TmKHr8pUFGW51P
+  /vQMRLEu3PH6Zr7sSuIPjurwYOqptNl3hV6Q5QS7UPO4bGQSSXHXjb2SAU4zloZi
+  wlRtuKuhnyDdxMYLMn3r3Y/c9tal2ppji6o0sesCgYBPTo8mdx4tw2KVmnyhALWl
+  /+MgXo0mzH3l18ngGxRDRw2hNYRtIZbKAQFrBz1Y3QFswzyO+zPlN98SFB2up8Ku
+  XPh6sJfsSxBs82la0wivg8Ktsoge8cmm/VA0Fjhnv/PFS5qhxhpLKMdQjtvqooOK
+  USZSrNRfRYiq/Nd1eK1bswKBgFhCYMZJ9sZGt0Pg7qBwu6k8qyKMqCuKRS3KGbXk
+  g3B0MaOFdesDPpeoDE+rzYZ7omQwD1d9NexsogroV9m4NDRakBGnykz96rwvFbfO
+  8BG/XtHdkm3P+iV99dUqLT0EzAqql46uDQbD1Dkd1pDIO7GioF5bnVOTOHzYXeeg
+  5Ou/AoGBALxJnY5bzXyLXTF28+HXn/3RNABR3HhisF0SCtTXIBfocUK3nwUhiA+Z
+  cTTt/30ZC0zv/xSp9R145nwMM1iS0QxFwiNcJ3reoeQzRQRdKIwN4LYf/4FmNdqb
+  QhRGAVq8rInVwnD9vRbV//UgQYq7mvPDDH5x6RarYzmUYnXIYgpJ
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod18-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAtaOgv5s/qd6KF3X/rKEuAHfSnI3IwchYDgdKnGWf/si/OJlj
+  1cfU24nfO0WBO4GuICD+NgSOp4rgvv0GIy/gDErxwZIJhxFnMt92rZskguwb6BCq
+  Zi8xqJSDH/IMwG/ZiW1fkicMrRE2Pj+h4ez55CmTDkMDeTfvhzN2Fvvrm/MInqQf
+  tNLloSX4MmOsUtcK5m+KodhMYYpwRBqo3cX2g/J5zQHVgEOweJB63u2SdbSR5sEr
+  TERwcF5BFK2LPbmSDSfUjvx2Z2r0dBa57yw/F75UotY9uUpO9lgyuBc+Ok2JVcAK
+  1TPd+3NRo6+rc5ReL0aG+B43CxcSxN3vMKMUWwIDAQABAoIBAQCH9Kf3gx7N6RJ3
+  qQzsi+BA3W85Wy7vTSQLrA1+rtpo/J2UocuGUoLSqIn8dXPbtJ8+0TM1/4c/hMXg
+  bsdPQyByUw5Nkx+qh6409+p+22ciz9O7ie3hemWzByZ2nNhKme273a/xV2U3jXCK
+  e1qSHqyUyUGXJTXOX73b9vrnDT03hhjqVBjYy14oAiKMIIpsIGkw5Lf1JbP4zofT
+  cJD6xdHPLIk8Uo4moXOjUUuIWgTkQxH/1c4FM/e2y/8WyT2P4vfclYlcq1VuO8eS
+  wKXzHQMQS2B6BNxSUMr3xYCIrVz0swdE2VVsvUqXRAWdIYS24qZLpAPni4mHgX16
+  tR5yIGWxAoGBANCaMERJNefhYxyxH7xNZFy1mPD3PXzb+Ei3RssATUatb7c92NJP
+  UdASdcMvyZRR64bHtkM7VOYHkx0W14RnntNk7VcrMTWSKVWEeZIFigawtqMB6mrK
+  HhhLi9oaMoijyi6OUE+Xe/86MUua4H7TDQzGP+czI6uE5Wj1aS4CdSE9AoGBAN7p
+  Ed0rUTh5O83UmltmCDNrGcrT4FQt72uk9P423T+5S2MVSGqWzmXukctUTjoJ++y+
+  VHh5TNN3uyamJinxL9xwBpr6n0+atMn6NO8c9c1+uIgx6WE7kbjEc3rZy2vWHoID
+  oFECEHeJKeiNjsFJM5fEjOzs8ls+0+CggVNkezV3AoGAfmbwGHDEWV4Z0KkDsfaz
+  efoQUvN+LsqcCHQGUbw9FzbBGyg+2jF2Qb7t3Ph4DYgWT/V0XAj3yOuOGXJd5b1k
+  YHQn3Uou52dJ5KgBgpoYqTUrdlsS0OLomZAtjluRg3q8aLmTsKb6XA3HESkoH7GD
+  ltoKnu4+DxDYcmFC+r5Ce4ECgYEArjew25AgcafnAs74ORj8rds2FF0WRhSEvDf3
+  trwAne5fKjiXGZ91/xq/XhAs95WYDQcQk/wR/HDml6VhzIQRqRLxRq08WAYM6JMi
+  TgPvZMV2yhNgWLsrACKiMtEH+OcnfuwAn2+imRpd48DHYu+oYCShFAd4v7HR/QzV
+  Ju0wkq8CgYB1gemGvxGOTDBzuNxvdkU1t1lKWCaoWeLClXmkE6msc6hj1ZoAZLyM
+  c5XncV824rtlN7S5ID45yCDT3ayfPjm4w9Rn66b4I8994VbUoCqyDsMr5pX918LY
+  X/ZxhimoHcnnhYlCxPlsFpAcXZpcbLXIPR9dGuiqj7MTSAAG42TS7Q==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEArz59y44fUGIhn2g2FJaH9XE1hlCm064uxnuX7WjT851cFWYM
+  0SAsdNPd240+BHPx3QWgh4SvyvxJskLpiCqdGBPuJxkGbLo9EfmoIIVeb7tFbWdt
+  AJ4BAGMZpD31v4mDuYfwaSf9tTn89oo6zG1shKf9n6onfgK5WSzYdZCmOAF5voo+
+  Wy9cfb1Hwf5kNcjji3vj32ilmTJgMw2LvkxcZ0MFuNpMJk1Wo/YF+t0NnlL8MBbS
+  LoT6BzJ2Wv3YGOFJ8NcncxcX4keEPTSyXJR+ano5jLCU10rplobobRtZi/FZZebS
+  JvqMd25QMEh8E9kVYwie0tpNob1AewM41tF+NwIDAQABAoIBAQCV59H51zhILblv
+  P9jLIb1poo7Tt5gNiXlvxfe/WSW9xgUoNOSP24LL6RRmI9tCOeBSXeblJgauj8OG
+  3qAgH7vEBgB5p3mMdn+ZKcO9FfkjgMGyBYADwCVBLISZr3rRfpOUmIl5moD3joQq
+  bTJA/vWOQJm/A/HGZBQjCS6c2sClNIoqJizzPSvk4sNCY64H24GxRutTosG/vOGp
+  hjpU+sTNF+iBALiFQRmnvLIw/sm8htlTFtIK1wiV0ZIi7hOPegQ/E4gWjr/bSCe3
+  +aKjvvAR0OoyLd1K0nnW3XHdaXOuY/XTXFrxM1GwI5pS+UW+0s/8AdGq4A7s4Y2G
+  fMMRdVkxAoGBAMILaOMxmPQuCmbblq6J+/Q9Gn2BWxs0qScpW3SqKNeAskauRST3
+  GUdhbdDfquU4LB0kKNKQfrN7JAxVXPh/l1Q7Kz6aRXQr3mmePk/jukm1xPjBdA/6
+  mY9D5X9bCXeKp8a5Xfcw8bLXAHi5ONqBGUX5ijLzPmphGB87f2RAXNy/AoGBAOcy
+  ZCmyXIXBbFzXj1JcqVK0hlJLmEuNLd1PRUpb55lgk+0lCPqR+2iZR4YhV6wmIKJZ
+  fYDYTR9GuR4X3/9zrCF13rqXyezEO7DK8xEM6sFsHFA4DNfSgY6qnsbdwCNoEPPW
+  Z1FhYa+5CU8eBFzHd2fG+FVgPh3RTIsaV7v0i6SJAoGBAKgsOVBGaPifenZgs/w7
+  LHkmB/JkDPDMOBnvtwqqetEjAd9OJDEAUxFROFrBrpwQjfMHprWvc4/cFob16KiZ
+  9C6VRUpxa+ZeKtnAwuJ8TLSba8Xn6835c+L9hkZVQSQwsG4Ds5OMAL3tpsP6S3Lc
+  VmoV9pdnx11tHvnal/Lr8U+DAoGAfVueYdl7P28sYX7kEGV7zgNiXZbtofGP79K+
+  oF4KyuhJ7SjKoIqtBf8uf/TuQ8J8qWramRUvZAkF8OJDK5C9wXrW5NfOvhl8wBSb
+  DSCy3WPQSlLJ6/ARHZk39F5igxA3OO+FH+QsgopTGNoOxXvGK7gACNLhe2t0FGyZ
+  K6miWfkCgYADm/e+tgbz+J3Q20iAToY0qoHGu/ntaYqRagwdhxqtdoQPv70/u58g
+  C+r+VgscMQCFyhmZMDSqHFZtGrwOLV3n22MxjUhP9Jd2wFEMgTDL5hnaN7l7pdjp
+  ZecquU7BtQKyrcqM+PQtrXCtavGQaY9KdEeVVOrBEAEhUJxj+MjB6Q==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAz/X8e9d6y1mWWgZvWFbpMn9ItxaSBsc+Shu/x2wu8PuOXuDX
+  1nEgCYiUEma1Z7wFZvwvlQNIRRDdi7AZDidbURwktLuz5fRfyfDqJFYRGvUT6rA2
+  yLEcLfhbix+g3b9pktBZWGvtTQuPyG2uc1bCMu5IJatWSLn31tdl4hgGqtYSy3eQ
+  Woqwmty9N+GWT5DYnLy4XMXvc+p/zRMBxYEu7ACnTJzRTwjb+l+Q7+827Mh6zwox
+  shZ2D3tx6UuK69zR9rEoEUfwFMVrsPbVZA/I14TzaH4sWDpn71dj5tvmY/66c3FU
+  LtMsAttQ4Aoa/cNH3TLfB9l7M2LJe1DKgnqpGwIDAQABAoIBABUn1g6XJiPHslbo
+  Lq2S8dg0QKZ3glV0MW8Ckajs5X2YaaxXPT3Qdkzh+wZAMpYh9365ivGiythT1eXe
+  /T2GXXDL5yQHsE5lZNU7T+ZwZv8SDXujf389HTvD9zQY/JlyXoAT9/LZz+M1mOPv
+  3H5ZRho+SVKjsnxlhsPxV6j/frYkMASfrKTgzT/DdXo/QiU10LkYTf6WivvXkt81
+  g7mG6L+ptUhelCIj2er2nbjZFn2NtxjibEf9bSOu7lyzhbMu3c0oXMvbzNqohZFl
+  Ty+X2NASTZGS1UFfggGVOc54ruFip7MtkGjj8G9qVTW5uyjuhDxcdG8g8C2QL4aZ
+  DZIjtJECgYEA6TZEqXGTfIVZ3Qt/ZtwAGS4VVysNVcDtFXeeBrL8q7r4NL0PPIG4
+  IW/AmAl1GFyo/muhZFdnpNYPPdt1EBQJt4nefzEenoEjc0sOFDVfrp/q/CTQz9UT
+  PYM3apW8QZ+bK4tXUmj9CWjjBg6gLnnF4EWzhn98TYT7MnlhJJQBxBkCgYEA5EgR
+  o5O0bJ9o8p2hLnk2IYEfSx6UBgFgm8yDumiLGznY1gJA4Yg83+jxzxr5eQrpgvhC
+  Pn9dQTowG8zzEi5j+tKSTma5SLo/KdHQAQD0W83jFvKQpWwfjF9UVXvhWTJ0pGCp
+  UwtJAnyuWhkkxfoTjc11aJlcKxbfMkw21OxjXVMCgYAEIowxHOxqhsrDGpMVtczi
+  pWiHdSH1ZUhO2yIYKFBGkzgXZ0q/3eTv4tVdXL2QwwPUDwB7kPkreQgoJp36vQA3
+  GuCxDKPoV43TW39SaGfb5sX51oVFShffPVZcM291Emlj6kKQGYBzDEMKNnQsnsgd
+  Y979AYGotjTl/jT0uxMU8QKBgQCc8re94RVRASBkfd+NViTTUDU1rmZS4quLMkb2
+  6F2LcHAWYyI8bTB9OWjW3VLb15bIRus0kNiKufjNhFEyFNcEYbXZVWLaD8LRe8Eo
+  j4FxhNI2urqcIQRnvDr9MtiyPLBZO2PvBnlBznsI0vSncNH00meAbMAjl+wIZsHk
+  DkoapQKBgA2t+RPk/uN5p9fAWBSA1upiBRlUa+Yo7F/2nnkXhe2TYtC1XC2hqtAB
+  0x67VxVma+blByx1o7+PYKU43Os0odAobmnjiywoEmZAeayw/JZJFbmOadiorlmN
+  SlzK7xKL6tpCcU1HBXLCteAz1/DRenHBGM4sF4aY+CUezDJXJSt9
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA5gpDzgk9t9H/XWumXLbkWCbN7fKoDt9zkLFTympjipE0J6wB
+  dgPI00IA/IEmJjkRa567UZkcFw5uHNBX9SgaIABFXq7B2mU93YbC/gE0jjbL4sTA
+  PCRFvD+mr2lD92SWkJIKauFhudFQLEd9ob/e0FsjmMYW6L7ihxLcTjwB4jnr9eip
+  4dlah6YKGtW7V2jE5VgCWvXl/vqWOU8CHHBsHS8EwdXV5xLPU7P+TO0V2iSyi7kn
+  yheI1gJI0YP/UV3/GapkK1wvm0v3G3hW0N8DzLj0ip48l/n35SEorDKgLlFa0Aud
+  PDUvBAXREVM8Hpcx2nd3dnpLztNjiNn7y9WZHwIDAQABAoIBAQDPSMScbbtNXk7L
+  MWtw8+SCgkThetxwumz6Hq+wH3merQTgEqAmZXaa1kjpPr7PhnDqFtgXyO2E4R3b
+  nOkFIaOY3mWj0bkgQEYkzX/7Pb7LvxitODk4eD7WSEy8lxAFZoA9uTrl4D0dIT0r
+  CShtjeUKvnUu/qA6DXc124rkfDH+VBmu8c+Z3zgDjmZY98Zl0V+evyReMJ4Ucgf6
+  OADlc4LZYAIQZPQfU5f0xVGiJ2rCjro7VWGDgifL8hT4TxVILgjH7zdYU+zXpfQZ
+  xdIUCNuKKG4au6G/c80VKEbJFPYZTqmxcNeFv0mnjdzvg/WDvMS+DUrJ7ITD8Lkq
+  575BrQhRAoGBAPD8G5WScAsKsQfgxu3/szIi8e+IvQxD9cPvUC55hpizm6zWGhX4
+  mOfio7SzIJ4HDZ0wch0aPcJIh19Mk6Imfz7zWLoFwnNP5xwGByedggzCawhQmrpX
+  5IXPuvhWjQilCRihoQZz0+1+ynTyrm+/4oBCAfP0NmYRdazXCpxlfSTdAoGBAPRf
+  lK2s/fwUPRd9Cr0Wi9sDz5DMtCMeJI+C6gxo/LU1+ftQgmmew+E/6palG8lFXQeh
+  snoi5Q7t/Jyj845oYw9MbH4qcQrAYA/2pYI3gNxbsKojez+dzwrsZIh33CFGn67K
+  U8Pqlp0otRf3n+4SWP9WDhx8fD2vv2ca9MvP94grAoGBALDpY5a6mmaAwtX1vhSa
+  0wLLhLFEwQRwH8xns4Vq0dTohjCsPRpEFnyldWkC178rjmMHXb7ftNccR8U+gmNX
+  v7KHE2v9LnNZBWEdS8NZbk/PqqPACNckDy/tAGWvpHnkLnlWrs/92GdR3W9deZGw
+  XKerzaM6dXUY/DqW48NM/kJBAoGBAId1lAzRn9hjv5mNjq5SGSRGcIBreE8fHlUO
+  1H4clDg+u1s7vY6emyX5MChhTY28DV11nGFnhmFIOob5usBtzLtmOZ2WGSNEj/tJ
+  VWVhLuT3Tm6BTIhvCZ2ce/3JsxQe+dUCAnzPRL3JGtk2QkjNkte29AuGVbg7+3VD
+  0/5GQYgRAoGAX/ZzE8rjmHw/ONQlh95rJotWaCTsUoK6F3F6vb1KeJ/5prlKKv/G
+  O4CsoHmchVAI6xC2wPqpMRAAM2XnJpUqpBHW23dHA+evbSFEovL9X+2ex4F6eGOm
+  bIlq12a6nme44B4CWHJ/YCwZb9Uucr0iJqh0hlOYDFsj37a+356ihaM=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAyQJM8mAjV8nHY0GuLluLDNLzCujY5hPPSeIhY+0hhcgwOrMU
+  G7hQW2+xwhW1otLUCPMz2xrWACXjLRGmjj3dMA3D8X4eg/aI+yH0BlZ3cYX8VY2w
+  KYEdDdiaworJNOAebKNiQS3epetmVDPO33teqUwKn7JdyuaKjpHeJ3zud2YUKFOc
+  uIzWwfZsurhmU2bMOZPS204lYCPU4T1xZqQ3NPRNOR/g2+z7ta3tI+40LSFmEj3B
+  94hXbIRO//RoWkUeLLqyYKqhlpexB4YccXfaPG1gn7UmUmA1oI9Vm0NHpjGyRj0N
+  9NOdYBXIcp5NItHPB7ovZbMRHltiDw+C1ZY+LQIDAQABAoIBAQDFvt6l/xAl+BqQ
+  Ofg6INLNneV90Q44Yjql67F/lbRJ4WQZCz13+74KBfrw/dx/vzrbRy63mVH4OU2h
+  c+DPxGqKMLCYLcOlfO7LaF6hsYS2COLx437vhdZoXbP6OQCyZN1pcN5jUtXbkpZL
+  teAJmVvJ30YATz/YMS8UDMppPI14pRQgfwVvT4uq4/e+FFGRhd89aig5Y1XsPcxy
+  cvIMTcwYSjAIkQoH8Jv2uBeTpINHlNcsNCiOSUvpOiyPA48CRG84VyDLNN+xp2DR
+  5H5kxZqSH/LTDuYDeqJTuRvaWcWsMI2vkotDv2fjdPTImLJF+/xlCPmV99ld8KM6
+  cyjdjwGdAoGBANxRhaXW0I9x7Lmiivn9y9kd28DYuMToZuQ33YQewjeVw/lYmw7K
+  cdkGkerl9Y406kr0OP5kn/OusOKwDW3HwbyU2ocQ8CK2KQ6mAU8QK4S1lfenQc27
+  jgp7uuVJlD3YwWBtgXCcIJYU8Cf5JBOjcrn3eCS4IX3VohACIkDrBuqrAoGBAOmQ
+  M6YuTj5uuoCbfZ6w3G9C9Zzq1C3vVM+X0J65cK6yEXBKwN7RcZclXwQvTacDdKj0
+  8N0uzNs3ZysDkuuCIu+h5W4FZSutbsuTTTQ7Gr5EBnJVUkEb8k3GRVyjgSlIMM04
+  57msBlqnbPRpdj4XxaSNC9X5yaCyohZpMgALUXqHAoGBAK9JtRmi9cCLFZsEdao8
+  gOk3VlXyl98iQGqm//lUN5Xd9FP4aTW1YCsZjRLk7x+7fgUwlf/gs1o/zMAu7iA/
+  5CZUECGSGlyjrbrX3Qa4iMdHag/l5Pb4mCRDGQnAJs+mGwTLW0brEQoXkpNbJ5bw
+  XiETgWVFkm/5fr1Z1ULtO02NAoGBAOjmgYpZrG43LkSmSJqgk/9ijtbdl50ChdjH
+  8yEDm6ioKhmGgVLvGUz12AytOsqq+H6uWSzFyUNjuL28v5mWWE4Ka2TNfngSZmQb
+  y6WktmM6JA+IoxAH1RPW/T2GUXqf4QITl4afUmq9fzktnNoIDG6sszu47GURG+4r
+  Ec/XeXUrAoGAaRZ+5Y10fsFcbJKV7W+oepRrsqA2PuaFIqKdxhyl1uwpGIOLjfMN
+  JtJlVPzZJR73/xDF7FyzLyrTiOVDqSWISXhGQM2wHCA9bTaVC5aVMWqREbkAaack
+  CmQDBqZpgZSDsWG5orC7pjEfVn78BXwrBPKpR616xmbGcquuIW0TRS4=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAvayGQGKWLAr1a1/L0QTuIPkDK7G6Ec1IOdykJttLbjVCKBZ5
+  DurV0h86bk9tfYJYOY0FmX0Pyc11D7LtJUMmrVv0VeR25Mlxm72JABAoNlRXsLPJ
+  vXEIIjk6DyooLwQnTb+Qa1fcXzpiceUBBKwDNYj80cRsGMHTxMIVkxDEiKM0Vb9X
+  AKaCqmkhqWrgx7luQICboCBm0N2uqrFEl7Z9movu+DlKcKir4GQT/DWZxT68+oQG
+  kT7880s/MmQmkKRNUwf/ViCs6oxVnUrSwsj5KaC1swIWdcfIwySxS3DMeFNLMohf
+  8so1h6yvMf6QrB6Fw24LQrivFvhx/COGQBDStwIDAQABAoIBAAPlQTSdUbxB1VyJ
+  MSRv13wx4RDKq6ml76/QikaKBniS+3LbU00tIYsZPRf65aLIRIuaC91lJifc4mSa
+  Jii3wlmZI+GHubFlOcIbGG855bmH7e0hJCmR4rrhNgINuZmNmkkMgCjUOyBxkIgK
+  TgUMi1xUHe0o/Zdck77cxZippX+w4VhtJJUqVDPEnthbkLRGHR8roSZdZuzBPf8e
+  cXNMx/TjrxY+sr+n83LeHPzuGgxFN3MO/haZxVtLuWQl2NNKB0I4nCr87xqTWqZ5
+  joK75wI7TC/ZJbqyGauJXfBXXKMFq7l7LP9JbpqqqLoBDYvK8Q+xXW8QmFuvFklf
+  RpsOHbECgYEA5zkKAenZIPtfWbvxAlgpRREI4CBe0f1QK84tmXU7aT9Np0Tb5Qnf
+  kH74sz3fXN3z4GsTItjNVfzOeigmT17soPQ84Mu2p59K3Gl+X5yxjS6DdzOyk/I0
+  ErVM5X7X1fklorOd3QmYtRytvBB6lhX68dg6/5y7VbtDfBm20mSNKQ0CgYEA0f+0
+  wpTqyqbkxFFwiaPmn58ojRfOROpYHTrEOdQTwX6wBSWFhzBB3BSqK0p9/hGnuqdS
+  PZGr3AOYaEAFW7uipds0aY2gx2JfSnKF5BF42YG2ddDXAfkmFx8ku+DkF+XS+/Yv
+  ppRJGzdnSn5fKrwVuLIPdI2jsAiB/ovHnn4usdMCgYEAh24/UFOaG9lgRfzw80CU
+  G6IYor4TC8flV2MSDlo+DC1J3HlWmtanncjg/ot08r4GBCJzOOvniT/j6GTv23lr
+  +/JSXhCz0YZZoLQhkvsCfAEMe5tKM6Gfon2SprEe1nNx+dRe2IKwcRR1Jjw4sQP6
+  0gCmveUdTN+8bUnabWz7yVkCgYEAs1zcX3YiNITn0GZe4LEFQkEGubwjiek+6XhQ
+  MbRaS2KRpVOvARDOr9NWpTMy+dbKlDplnADX8UuA2UoVSYyyF0drNNyq/qGfEk9O
+  3MWvmteXqHl/q0fKqOUI0w/6wg6ibmKPwI/XAVAJAS9+yVlslBxB5yMzNB+QKIHr
+  NgxAhdECgYBqAH1yYo68Km/rlZqizNNLcOKPb/U0xG22ek4rFlOoYi+3q0wAXWLB
+  ZWah2/YVJGkXREYrsi5RcdUOh6ef33n+H0rJfnroAqkx2QpfN6TH84Xa2e6Bq6tX
+  YSw80MefOpa4MTHptxBukcj+KBsJWvqoGydZmcZPHH6ZqEPEK6R/Hw==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA3qZbNV59FW4sbcm3tiF6j1FgvuSa3T2R0ig4RA5Psg3BJCvH
+  i04vxKyyT8jVLgvEtJg1Kbn0fzqTvOyzIKG3cWXTCX5J2be+KKPa9bXx+ratRAHs
+  1QjKcsMjJu1VlmnD6EJw/L16w/UW46gclw4pLHUoqA0Ms9fo8xpxVMQ7FiZmUm9c
+  oy6BPEvYfjU+l1xmPQM727V39n1Ov+gXhjIMsbyVS7cJX9i4F3jga6UB/yfY5+Jb
+  Bmsw3rOvF0UDDRzq+UgiTry5bJLPLD8BOxM7sYm1r/yLYE/krGEb+4dWtLxRn71K
+  iGi3OmdPByGQRaIHKhGBzK0keS8lbOm4NXE+AQIDAQABAoIBAEgpkNw+ULo2aC35
+  OBLOzQNQc9PLEipsvytnH71nCguCi7vmeJk88RyEgJJ9XCK9a7bAslJg0868tI+C
+  BBiqcWNOhlTIWrU26WoQmXIT02bX+FZXbWQqojsJ5gXC3H+Qrg9EIYy4+OY0NIP6
+  w7FtxIiFPHUjLZ/Iddb9FghMRX5KvsspU6sQD2w6u9wzqwiATKkb8n0NPH+B1c2o
+  SvTJOl3euDKTvyJ0G4Zc/ZVmveF6Xx0K2k3FVCckPw/UugTl7TG5M4ipEKfu92O1
+  l6Hfny0b9swl9RPfQpPSRseXAC19DtRbO6WJlNWtXIwN96T6jT7pt0cg/9OxrsKT
+  olNK5rUCgYEA4M5bB+hAcko4b2N4DnuUzaPNpg1xWyEKuQlaDb2Ht+S6ATT+cScl
+  PoZ9ogVRODEipijMTsabNxAHcVvSmyOSsyHWYoVA+2yqXzztuZOdsxZH/KTtGqij
+  lhQFOHbOardxHrOiLIhNlGIH8uJI2PA8ejlgi1b2bCZQjihgnnHKEisCgYEA/Ytn
+  2sHyknSQDY6XEGjG5SYdqp6s5kntgEdGq4LI4bOUN0uqud5kLAFG+u1Ov0GoY7KE
+  IM2Ah2P1SW8WQcJ3qzJyCQqwvmjQhZiy5fc6tNdVx1wdM36aHWjHXNlkNcE8J2tm
+  bl30FSac3xkEZZWbtdPc6igL2FBYLgBBWvSO1oMCgYEA2aMNgAc6NStjnXrn5OWB
+  duBJHKRRBM9lSSQjmb/OX5rA9KAwYK1sIi8j+7I4IjV3fPNscCtYYyNSgU1LBESZ
+  JnDw0yp8cayO+GrNHucpOhKtGIs2vKNc09OIBlUGm0wC6J0xuPkwWiHZ3ityKQvT
+  EOTxcZR8NtGVFTtD5sD0x0cCgYAWuZH7Z3rIaa4nqOodTGbXTw1Fp6czlNi2sKzC
+  3pwGrsPQGPYaZrZvw0WLZA200ru3A98X2ZN1jx4DEPPbvQRg0cqqyMyCpH5cGw2d
+  0wTuBIbpsXXkkapajHOh/NIgh0tO9S9fIQiphKZ20JU2TayBJZYdXq2BG+JrbRZu
+  gpDy5QKBgQCfDRwcetYACo26Is9fzBCjp/sedCgc4HWC+YiZqHO/cIxIMfvSixUm
+  XO/0ZYQGNE1kWsPAMWLa63zbihXch1EAojZRPJXA9sNVnF+LrDSIH4ad6HkinsZY
+  nrr8TtqGphn1AiblPjTKs5a8G7xrDxco8pc8Luj+VD3buSld9O8CZg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA4dhLOL41j6N+qdWkAFVTObTMuqPLdmZw/yVEuoDUY8/TF/Jw
+  dJpOu52OvHRxNi/+5NXarOSrZbF4w6p7QbMrC7hCOBAhoqm6Vgy9ON9i4xThNxly
+  GtFCeRyiJhRA6eCyoA6gyzAARMqbRvswZickwrq/CvZbgVK/9bdJuMD6ehjQ78uT
+  zD2dkUX/ifelGD1/ZshiM+0wF90EZpYMWwPN4VThAmEIU8FmO+PJEsZyp4BGrr4I
+  roZeQ8N48ep/vY03KqoOXzDUMsQuoZaxk8subJa/ZdmvAuS0GtFPzf9s/NruNmYU
+  jaQmYbdB5lvpe9hJQldtPJhcwBfJVN/F8PhLowIDAQABAoIBAQC63c6PqsKCkRLy
+  z3SdWfw82R40p+ZnlyeT1XBiqMoTtBfDzrPBpxPSJPG/eNFbtqa/DTucprAyun9j
+  1qGZoPfTAKi53o8WGj21iWDft+YIYnRetM0250KLF2gK/eMgIO1rhe8BcDwor0N/
+  ncNUIrtF7GK6XVElViTC2N9E4VfewS/b8B0ZSL6m6G6eSBb0qo1SIfw1mxjkCoz/
+  K4OcY21eaLtt23lBj6zRb6UrPfjfrKHzyJ1efDEhEKkz+Zl9XSq172IKjFxakvBM
+  rT8ssbZruA5I4RY4Ovv4MANvtSLpnskGearRBt++WRPatQ8xokhyq2siesPFANwf
+  mcEvnINxAoGBAPQU3L35WlpoDCaB9XB/0lh1YMBvKNdNKttLiS8GHzJfuD3we5Lc
+  f6L6ur4CtwGWDS9+00WQ/Wpqufu12LjjyMpabJTFrTSwQ9YzqfruyBB+/cOtfSr5
+  daJ2B7H6dv7y33/0dQuIiPWgIvKtM2x5vPjhjkukiHO2JGd4UKxH7F33AoGBAOzf
+  dxjHk7bO0GSIb1Rwh1FL4YkW2WjWdpiDQkFU+Rtq2Mh3fNPCA5N96GG8XIGmYUjo
+  Ft6dV+6B1QJt8CgNFzimnC2SwuFHMLUwZyhV5zhXCKTZg91cbrf3w32OEzu1sfWv
+  6xSomtBZEmCsTHGbxvMbGFwT+DNKpOLKF1DVLgS1AoGAC0rLy541p+kYZs+sY0AG
+  o0EK8Nwzr4JKcUrVVe+akeILzBHMJcc9wHSJHzFQ9inTAleDvrwufTXi1Npc5HDl
+  YTc9vsRGdyGQgeByBMH3T4wQgXUNTWetIY8EXB+SUck6vdi5cYcnjvWRqFiLAIHB
+  VGJbCvTZu0C5/m96i/3n2ZECgYAKt2129IiNS7wH4FhRFKo6lllEz4DUimdhLQcR
+  V5vRjrryDt3Z4rwwrxCVY2U4BGQAXWezeKDizILrkje8SCNVz8vfD/W7JXJhsCfq
+  nkBQvzdH5gNeP3FO52mzw3rBR84eVHApRhuC85SuRP1MYoTUuNQYTlr7TxQ4onX9
+  lTd4xQKBgQCxt7MwJBbGpbYcitLZInzEMcAz4GrcoUhAbdtpSQO2brpHqMrvzIuB
+  wR00IbEM+enKm8rh+7qJJAnlnUbbAHC9JlAgbjKzUdBeO8ToW5wjOqNA2wgW86Kb
+  ltwavNtN6CLSZ9RjLC02oLAp/oSS6gthrtEcfyNor22zVNeNTqNV8Q==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAux+xSWNsUUyGLvhlh1Hbr5VFhmCI4biss7irvqvX2eD9Znve
+  bNKDBwv9oTndTI+Y65BZKGnfxhVKfn6RdCx7dgDrslwYissk/xrhL7bZbXqvDjDF
+  aTbGr8ZIaMMVbWC+IMss2cBZKZ8jrTWcRjZ+6wYVWi97a5JA9Ggy9YwCe1FGfEJU
+  SfG3QDh0npdxl07MBQowYADmKJOky++7O2Q8w/paA/Jv40gguUTliJopYHxTyfBd
+  Ffxc20dmFg2VbjKN0fPEnhXapDoAhwxL5Jjknl2QXNMSAaFjN9/aRGfdyR+1lzbO
+  EuUjVyyWB21kTs69Etljwj2KMz/gp4fCyDzPowIDAQABAoIBABAmNA65XefGSu5S
+  0bBUCDmnEFEAk8+nOIBqN6hE/GP5XuUxW4jYwiYhisoXTFoHKpNp6cfrGzzlKYCx
+  O6xjCmSsv6qs+BFCZvb9QuHzTeB87g6zdtYVvB//ZNBlxbui1cXOwxgn2YoWCeYw
+  8kO9AEcYR095OZWXEbQGKh+27Z/mxfXVLOhdbyV+7RbXhWqresIrYj/qft1I+zr1
+  g4rwBP/hUj5H8h7OLtC1Ue6AHNZiS4M5/V/D6owpdGgkPnH1yLEGzNVnl3GCDhhH
+  9mxLnmKznkFiRSZ9gRZ7MdTmDY+8W7LPU6GGMsZ5m0cdctiCBhsPlAKyXpVXKhmG
+  ZAoQCcECgYEA0W3WKZ2eI9iJq14VoYD+LriBcOsoBnFZtpwheWK9jVRDxww9rZ67
+  pTjpcggqMo92oFT20VhGdvAKHCV3kAwNfAUV1p7REKVYiave00R3zxefOx6TrS2g
+  B0wDsiqpFG4d136xo2KZXm0zXmQTCqaMOAObsajXx7PgEqPz52p/tQ8CgYEA5LwV
+  3UvnVP4J6qpkSmAkMYBlyXIZBQVyCBRAvxwzit6W+dHzBU/CisJu4n3PZ9uP71CE
+  M0+TZQKYJgUyJbDjxdCCx2zIXyDZhCXbVav8ZC03OpV9BB1j3hg0IZQjVk9VWw4+
+  oQ3+z5CzQQUV02nCZsaQqDg/rph16vNC27UuRC0CgYBwrfUFbQ2R4caokjV3MM0R
+  3Cmg1JUzajdHvhdwlQTBjq3s4ZQp3va8/bL0rJnvnCrKNwyZNDKteZcm7621rhZv
+  PNk0IT0BBMVvRS7dYsBHh0Ef8OKp0ZuBcY+ng7Z3DIw3zq3K55j3Ki/yQEvSdiuJ
+  U7+oRdzbUNdlkBsBztYpVwKBgQC+sD7aGqlkpdTGmf66MqR50D0LT9+j3AJQ0fGY
+  YX5my2K6Klmbl/7rh2TB1XjPcK/yJwHPdQvALgWBzNsdqPZ6t3YPo5T4GX69OII+
+  Tf8/1KIyaOWsRIQ5Z5wuUj2TetgB7UIxKmW/zTZjgkXL1mOHIwr98sbEW74SfXLD
+  j6xekQKBgQCfiI3XRg7MqmS93U8DjKDkxaB3AK64LQ2NOAfxB44yCH4g/6/YEs2P
+  TZsD9vAkB2mrREqwmUsD9EAmPzR/LN7p7mTAtbrNg8wYGkaOp3j0ughinPBO767x
+  x0uxaHRS+Dq7N8YUVHW+rp8rmrzE0PY+tfsyy509j/yIol+gEVDqLA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA7Fl5RnxJmm4r3cdTLkppA73Z4M7kHI6HDFsmjLP4C54aWcrb
+  zAw6sRGjsFPT4Tw4HzuHpC4DV2rFCZ03u95U8ZzBPpTBoKyhVXEz8atYTze+0Tap
+  gLxNMQo2mhenshuuIi6xWK/sJDgR7ASsqpq5RX/H7I13BfjyA99okil9c5j842xT
+  zhEkO3bZkDei1Hcs8yrbsQifY9bnEdNADYMWnrXIRb9Xyy2Fz0g7gYjoWbRThom+
+  x2pRul/RRpxjrCe4zlfrrn/W0YLzGngXI0G8Kv10XUo8p2Rvc+2j5ep5Gz0kAeLA
+  t8sdOAckw3ervruCtngrotqP6wIxrOSiFe2YEQIDAQABAoIBADjDlHj1SMgqRabS
+  RIwNmwMnCbkQd4DUSmMRUUThxGUl57ZBHmD3XvFAB0xGFdE2oVP+/CjWVD8eiYwx
+  kj0wvL36o/7fw1FPpL/cnFkiieccwFuHAVbF4tQwW8TOgZwpQb078aQXPGPGg6dn
+  yACBgJXMhrutjjSFAbskYP0ZseOdGJfhyfFpTq6/hAwJPNU7ij6HDC2lfR6NDaUE
+  Dvnt26LEoO1r3bDVWveRZslDT9qFF2HtQibXqk57+1oKYIvQulF7bPO1oCDD5Nvo
+  c+jE9pDPd2/FIklqMdysW48t6aoXcoSq53wprLXIyJgl5+VFXTKv0DC+WJ25UZq+
+  Brj5qAECgYEA9ataVOCN8wHUqsge8L9IbtTXAGWGaMqsqzBuQB0buf58D6YrCssP
+  l1mOPNCZiDp7mMlckZmSKaMVCrRrMN/CGU8J9z3HDTMfxSOM93bcOZiqEw/CsGtZ
+  VEFNsJxRb+u4u+6mp1JTJRGxN8yu4xaCChn0K8hQeO8jyfl0x5idmnECgYEA9knK
+  yyfANuJbKO8LeZKr/HmER7vmfIi8OBLPbvWYQmXMwV9rhj1JQ0eHqtqq6stIT+5Z
+  agGCyGwGPZfCTIaBPNWsDZEDaSpCjzptLQ4pzGH0hc/1uKCMhEiT+d2k3NEJPk56
+  jTabzTiHAU/Okrz1Dk6gL/ynNpm7J68E4CpsZ6ECgYBr9lbnUBvxvE86kmHOiTGK
+  y2yFFxjfepoxTUJWWLRzo5vfwLXPs3dxmwDARygBzzm75loQ/n1WYP4BS1KEEwGY
+  37xQdEzCx0HiAAKWShz0DtxHLjjwEO0b8uryf2/mkKAJrxJ8G9jARKsuC3yb/as+
+  RzOf/hMnYmjG/SLOCIrScQKBgH/kcdptGfNmN9BZ0auf7o98yqQ1fsrMdnDn06/a
+  +OYB1wHTexKKYLD/RAQE6Rxj03kuXGAfyLoq3lK9q7fxYMsmaeHhm9PQjh+yR19O
+  K4Zml4OlKgRl2pIW3kCySBoispoYRqtt4BoBcJnNx4eLd/Wl/qjsmihQTE+fIvkF
+  DqYBAoGAHyLlp/SbIxS5GNkAUAB0Bs1sM+nvCjRBlqWj79Po7VkNg/3fDjIjYza0
+  mdFCz9b9WiWPSBcAkGFjXSzhuaBg+KyKbGqTJKaOm28I/lu4Yfsy0rGaBPxyqape
+  ktzKZt1UlaMHzfNOALevwEw8UCxSztEqDJYgySStHhb2u1n1ah8=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEArs0iErZfH9UxosjE3NJWRJNsYm2ty7r2Ruk+hdynn0evCzXP
+  2kZRgddqQSSKZsignr6Fl2pmugh/GQWBB6FiJCC6QS9kdaTk6tyN2zH2MRlax3Ar
+  wRfgigltFD4jNBA74rkXNSGJkXijXPCRyzGipqRrljEzJksvZxkg8fgFJfCKze57
+  3sz1k178gI8WhqPq2YdItk5/AOcj/m1fEdWjQSpxy+bm6KWnu5EykpoE0wvpHsNY
+  tfKf74fXkwyx6+9OZCpOOYIJ4buBuRgEhOQbAi1Qajt2qXjXE6qYTYySzxqSSIf/
+  X6agvGkiIYJY06HLc+3lhpSg62vvj7/ayTvj7wIDAQABAoIBACBPhqbS0w59R+mB
+  FvKCZrPSVEx1XZS1AGTnJEl2Gf3VMEPwNHVyXgqUGO3lpTeOijINoX/1iPuGKogj
+  flA8wnlPG16FNhqQ2keXcRk9SPaWazNGRrAwi664Q1NkkPlEru0frWyCwH0FQZ0i
+  UrCughQvfDuM6JmBeEekW3SelcUHPStgfdvI0ry+1mChZIFcHcnjoYLoKyM1d791
+  f7HalOSRw/0Ofd909t4Mmt4BgQ1bqpYQs7B0kd4zX9+eH4IZkRLv6OIEx1yd77Gx
+  Mqxxu7HLKIVkdXM4aCJ3i966i71X1cJehTvSACJyGP89EmVZJRqXo2uWZPJnRVMB
+  XE5v/LECgYEAx6vaVgzlIa/wb0rRvjKpm/frC8IpwC8A5AXLRykwp9aj7zla2nIN
+  N+8YvOQiWOvAUTtS6YUfid30R5+4FHRddxjXZAnaGl/H4hk19vbL8Plv1xNuPbtx
+  6c4z+66/U83Wy34KKkDHC7omHRwx1njBZLM4I/BDss0EYv3YqH2CFVsCgYEA4B0u
+  4B5u8DcVZAM81cFN+Aa7OyrMlFB4gmR3rVRqLO0yAp5UMmBN1PXGVcInucpe6N/G
+  9M8EfMG2F2Or3myECanketGqW5emBKVmoYhsGY+MRUyNgtDozjAgTJtI8kD3ojox
+  QaZ55KB/YtI253ySU/4bBfI/KuESuoxvujmLq/0CgYEAtgM9I2Xb1QqJtRnR+nw6
+  SlgDphNXdb4jJLj3ZaXxmX26sI5q+GgxDoTg2wdnHAHDrQjT+tUEO+vdCxFYfyTY
+  MoGtjp7Ad3xKPBvZKogsvjzTK46l1pYxL/1tO4c/F4iyvYrmfz/Pciw9JBoYgDZR
+  rJcGnRQe0jW7QvW9c1H9q7MCgYEA0uWjfvQkoZi0YHFLhjtqC8UJ3BvieI9hWBMD
+  K/EMGUr8jMpBoUZO9+Bwy7LxfzyZI7uxlh5Zsqz3lfsNeTnU5uMhRxKWpaqHaEfd
+  1JR0ZXlYHr5zTG8bJSzUuEJI2u+YGOl6ALWQbz05otz/Hcd0S+YLuATGvKsg3Lvb
+  R/tvHGECgYEAjulLqu2uSZyu6XCHn7CzB3d2WMelmRxMaxlQ9zqOVb1CAVOPVHyY
+  eL1YJy5uNvWhsdw2KEe3bGfWyHybtBixb1Pbr8SUY0U49TfvkBEJItu6W859FRNy
+  VLSWkZ/dcCEosjItKVIEp187iT7GsfBjE8uib7LaFxgphz8tEbQ7U+A=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAy7jTCB3unRrn0h1TJUo+GCbXKSkuDQE/37D47UqfeFS1ua/7
+  o2fQ5gZfSjgbXHpyysDE8BZIESFg65Y1oSG+wP1Y3mXSzkPpssUpGkfhceBfC2d2
+  Bas0NgT9BgdyBr0moixHoru+0bT+2BbtdCwGNg40MJFcIHLdoz66Tsid+k7WD3zI
+  zFBTBRcH6uKE8BTixIt3X6+EkmcjgenhoI+cQI+K4rHankQ9wNN0NweOQbNRqePX
+  Av08uPq4QK1FlWqm/hSQPbm2dHjWqbD688c79ROEI2q0Qo6im2s72U+/9j3MpLnz
+  LXL7DIvVyzNEaYhX9wTubdymhYy2noOOwecYBQIDAQABAoIBAQCXGR5shsbT/4Cx
+  ds6UedxUTXqILOLbAnI9lyUJ2q8ssKeYcc5SBE4MTe2fPr4MeUVq3E81Q1FwYzFf
+  iql8OWsh+MZRLXSNSBGtZk52D5pGvAPCkZoX2kN/TXPdZOhN1z0wS2dWa6m8IGJk
+  I5067Owua5qJ60ZJSujYi03j4ShK3ZsPGFGpTLhFKvHTtTSUFAHswI8VcmKDOYxw
+  4/THV/pLRlTnjluwyhVIO0ePFaRw2ZR3V5i1FOi4EZufFr/fADuaN420Mriy3MUK
+  aVgVSAaqo4xyYZm4PELN1Agljd2LHWXRLGvu3OLlN55ofvedUa/gpqglXkxCiO0j
+  zzasVHqBAoGBAO6t+6yfoHHffaQ+l9Jez677w1EYLaHma+NTfCbIejTWvRU01pZ6
+  VemugHdCo9nlOlmCNbQ7chOA5y5t3IZsowyPvC4snKHD4Hq55AA7IklCgtaFq+Q6
+  6uiCfTyAn+5MDtANWWwWlFB7tEjzzASypZlbPqb354j0J6P/YTvXcSYTAoGBANqB
+  bGBr5SCW1fCSo007GvQTQoaQTjBAT28llCASfzu/GJFp68PkXTDAf7wD6L3u7+zG
+  NIow+Q4vgtWTLp/dyE5IqWe8K9f9KgNrbWicf7lMYYlELlEoYzSRJCYkfpdjw4rs
+  juOjYQQ2tNBA6wpPMIlsoqwt9d2FfGqHOMSHpGyHAoGAP7jxnWfMtTo+2A/iBsdL
+  WWNcBRWYcUYMfde3KL+TaPH/7155ABnPQCFXqP+AsVby2hzaa7EHRs++aPXpz3XH
+  nj3ttsIwWzvpfbqNdcZT5A0+0zlC6B8Wwla8St/oUv25YrB9tE7e8BHm0ydLy+FK
+  NwRWWMuM5FKTFsTC1/AwBEMCgYBBZCwn6wJGL33VIj1G1qJpWv40wSj1Hbnn/GoI
+  8yAqpDTZB8br+AK/nUxc2xqjBMe+p05/8MoIKcXQ3tw8MaZJb0trZRAF8pjJLzQt
+  82/x517lModd+GVADROxaoiMC+owQD0++N0G4sxX6qWsjyhqaB2Cw7pp0hH6237s
+  qd9WLwKBgBsYJjTv8SxNckDtUmKc2VB/KPS1yJN3q6sMw1TPUb9IHW4ZkrU9rcXC
+  xbld/dXKuI2vwv84kCM21A+5OJGyGJ8AtQoncAY92UnhamU8Fv39zlQxbGlhvwxz
+  GAbdbPreRN/iRDbmotgNirlEN2EEiNL5IB+x3+Zuv3SMXpJG4j/7
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAyM5I+vmstVjvJOWYD0WBNoi+6PzWRBdgd8nTsFPnm8nfjOqo
+  iny8PL6KjI5PZmFbL3w2BzuZTNtAsd7orjeQdHrZW4wg5c70pSClfiN+/jSuaWtl
+  nLb7DT/eEmm0AgbWiD0FK5KkA/UJExLL5+OuoIn4SeROC2H+RDTIYqAxswz8OAQF
+  WPpqqZoHGFkS3AW6n1VfhRz9K7BqggPnbb4MdWxy0IzuQXo6cspmW0LsKfHXuSgU
+  EJXrIpMa75fEZuAAAanHpwu7sCpu3YfWFmzB3QwSuBB4PpnZC/Hc/XNG+54WGMQx
+  ggZp9pC1et7buLjFck5Nn+hG5DerKTlqbsPhdwIDAQABAoIBAFMz/lNXrrM5lWVx
+  aI8zWnXRNWFumg1+ri8URo1yRq5reCB4frtbMdftj5TrxoSCZHkJe42FqWCKHIVW
+  +oxtY4KQAI4JQvxVw1LEcy4P4SfNhlMR9/l2bBGyW/6/I6IPWUb8Ga9TRHiLSGZJ
+  zIlZ8tp8MI/VdG0M/oEeacVL4SvxwhbNqMs456r1a4a2/9krFiVNOHsWxhJRA1cw
+  lrhWuYLCeqJe6XUTZaYNqMs1KKScjm06J7y2w3oR80qDNqq6xrzJK7PjuHGp/pP9
+  SM5huFYGvZp7742RcFVJmfJOcNrqNozq8EyWSf0bS4m+pwOrlIN2/QQN3Z7hZam7
+  AIz3TWECgYEA0zSj/8smrHp4/t6QXFuhyl0Hm+2YnBVHsLhkKH3HvdY1SsASxbgP
+  jFu6qY/fdpsmFlKaG+lGU4r0ts0MVInNUZ1taNPHuEBKYpZl2ANEEhlSjFodLjeA
+  nZvCAzga+9QbpnrHY9bv30rlQUPrWqtjHHYQuqHcH9APNPOMKl3/IzECgYEA82T9
+  BPOnpvTUU5igtREl7CBLutJNwW8vjVEa8/BMHcsGRZxzEhJNqkvJKmrHAQ5/QIfW
+  S+EShRjrnd+HvWA45TTTlKeo/wV5Tmk0Xksr3cNWY+YAPfS5hsswmkdJug3xHkbR
+  SN6aYL5OEeMLvn8gbnW3fmSn7vXGBCDCtrWKlScCgYBwdLPpy/Jwndl04258LrIL
+  vNMDXFQIr2/3kYaK5MYIt1iyz2hvbFyjAGh4RknWri9ubVbvC5tNekxoVO9+x8zR
+  6v/JdBIAcgLpUWkyxjJlbKQ+ZPDqndTWlouMCUCc28hJMVCfQV+BRjChOpfDNERW
+  cCriJLK/IZonOJJmMJxb0QKBgFzVxyAtY2Pt/FKKY7nMeZ9vzhLLBjdilkubhOFI
+  ZW/zsUe53bYl3xO2ZltUcOU5R1YwuY8loO+9Splj2h1kZy8dkBoiPPZQey1qOTxC
+  BdBHIltmLe9zuZPtSnN9/2QEz1QSBN97cHy3+YUfCaq2SIN5SOzfraIaglWuvTX9
+  Vod/AoGBAImmS19bxFMtN818j2iGEKksrVED0K5Eec2YS3Cc55i2C+Oofn5EU7Lt
+  tU9FBM+mKCTbG7HsFzuYLytOMzzclKQqQX3Y/fN2q4DHvSwd2fo08TX/K2uvZlZr
+  n+5bzxki8WjPtOcRyCNQsSkJPCKyRoaw1mRNczSXLVDutA5czi/w
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAy8qA9rudG6N20fEniBEmBYYA/QFXkH5d/jJMI0R2mT6k3YbS
+  //VcXLDk/mwsNH7Iak6NnjG7b8AFts5Kr1HWfqXSDDwCes1UYSLOnJsoZOwcFgp0
+  XKuXZ7taatjufPXplgEsm6QIpiJdDribSF4/GPmi4oF5srFo2clPnsNXAGOCBO0P
+  2d7tGRToZ9OfMSTxNCT+cz3KX9BzbJ7jjgWckYD9LKHZFZYkTOyX40CaTyenfm4z
+  zCWm44x0jI5boDXd/6suPY26bSDUR8mhXHq9IHhoRqHsCYmZlJBLbhLhM8Db9Zpy
+  EDGte8IYGtrfJJHc2nouVBSiPaiZMOCtqneenwIDAQABAoIBAQDInCXrvLBhvr5+
+  2Ifzt/3XvhxG8wVB5kOcseKlbQXawQIGWGxpLx2m2TPzCIVTf+LGU2Gxcn9y+HIn
+  jFeU0lj1/0IQbRp7zJjdrif5nftbrdnQEKaPexLmOFY/jCDoviMdWTaSWB1zfaxh
+  i3TA/pXafhPMKWylbWMr0LIiNWT1qTyIUxW3nqHBDMMxvYJLY/I5YiLJ5UIiiLIF
+  xI2VSCjglJ+ECTmV0B3jwumYP0RHFcCdKeAUaF+f9cExi74uIM5D5/xgkTh8ny0T
+  a0ILVpbv6wTAZST/QX2IlBxWY3Z9ssvrvEPUCqUyD9ZvdFXi3sswyYST75S+487D
+  p/FDmZGhAoGBANaS+QgNiQYRsohacjgVwVxtRNCZ2e/iCTqke4AngJdg6NkTzjsn
+  mFTxKg624PZEThDsK8n+OvEejFYRR88MjZUqblhivZPIKKu3PbAE5xFPmd2hQ52/
+  doNooj/gJRESckLz/QFhTn7mxHdwswoEACrvKBKakkL96sDFC4Jxr+g5AoGBAPMi
+  l5a2Kw6btgGuIG2uvZiEesDD3+m60hWXL2Hu03AWnOsSg60rzNw9TicyEYOfEUUq
+  Wx8zzwc520AkWprrCiUd8NQjaF1BI/W7AyO8KJQBTfK7fLZI16444BTktnhPjfBB
+  ZeNYVSpjizFSXJJUsyFWi3VPs8/xKZbmzWE0wM2XAoGBAIUlwEhB9eQBOVKpJTUu
+  MsVCvK/guD7FeUqdZFFasc29gd+qDY/hewJCgAGPc7r9GaAgnO+DxVl3xkdmA7Q0
+  KusD4GMSKmc4jhw34ZyG/kdcqLLBbe7GLylN1VhjozybwLFRK48erZHLauBe24p8
+  fwolSy14IwhU/cXOv9ya5TfpAoGAJs0/efrqljM9cbkzTa3UbjG+UWMxKeD5xB5T
+  noJ51eqV8mILB6j00bUq8tBnwSSyoeInlqwy/wk5t1vV5eFaxh+oHoLkFfXeYkoN
+  LzfJFg27PeCz/3dSjGhhQpRZlovDsDMPqp+fP9uRDDcDtQq1Z72jFf65SJdJNt7w
+  qfG8T1MCgYBdfCPtjEAij5B95Fy1BGu92BsoczD94FgGhYNalrsYeoUXo1gVcO7+
+  vWZCM47aGAHMHlvCh9u2EQBNW1VbEMVI3HGVJIikLqjj2bYbaBa29i/3UA6Z1EqM
+  /EjCkKacuh1oqTRuKK+bOo57dfHRS9kGG7EBGSyEFM/KFmCXsuSshg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod18-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAtcb9ucnZjgTt68NhwJjoR55/dP76Ov2ToLtvYX1poYKlKaLy
+  5Akgna4du1xU0BzdWA5lky1x8cDk/TVhS3EGmQFjdv4+1KVN2ZcNYt/wEGUI0iCI
+  ejMBFwectToGo5ROaP4ErC/iNWZqHV8zu3Nx/IYBssEs8END6jyRNxuNMceRMkOt
+  SCzJTzGlUTlq1ju68zo87ZtkcQvOJyZMbdIxenWIPMKuLT6MgIBZv2FjAvVfIkMa
+  GDw8Fwndc+iZ7rJuGjlJd3HJDnQeiRtC5PyXWUqF6/Zvce2YEUpAO5WR3dlyxL0A
+  jBzui+g89LDKdBgoNzOKtlXJ4LiTHj1dpNbScwIDAQABAoIBAF/FjO6zA5WI0VWz
+  JjCUH2WEg4C/ylUEPyCjQGar7dhzfdN3D+PHT1DkaLPLTMAtRQ1c4HVvryYBTGSA
+  GFfoH+LDUYVjJPVidqbap+ndNJ1ergwPqfhAISXiE9WD0fWjcMBufUW/IL6jy+rX
+  uujbRUYX0JM+pg+cUQ77hEL1mCmOKWp2zonN2+QSzTUEQS+e289A+blbPieQufpd
+  64u5ZLpVrvrie3wJIt20eE7yvBiWIESiTxHDwtJOroi3CR+boTEAOtIc5obwuzxs
+  tUdV1bR3V3jbawfEymHeYRdyw2sYyUIdEiQtQq9+Y9KlAAfCevSGOLESVffdpIyF
+  t2ZLo5ECgYEA3sj9GqKNA5fKldUfTHDbODjxR+sVu00yU7zf0DZx6M5Wjp9Ft8PB
+  BWncO2sbYyzTd1XWg2vO9ZuUI40iF8Ni1mvAo1F8lSOi4bPX9KfX7do+Pl4irpO5
+  QgLuZ0qVFnc6D1hnx0vZasWLo6jaRgp1DvdBfycq7xFtC4XtVgIyEnsCgYEA0ODc
+  3t+wJROXXGoVGvbXKXvcNxqNI0BA7/T4iriJb5sHTpsRVlxoR5xG6KnDvc/X+yD2
+  X6VXHEBUOwtDYJJBxjFRoVG10pvipuW8w9FsbCZvTz2ssmyMWs+fbyx6gOr/xLvB
+  3CS5laqzBarSHZ5XALtBOca8TaybiBzb8tEKWmkCgYBEN/9o/IV5qC1cnBotahF2
+  sdkQUKgi5oyWn6tZMpLG2wgePB85GjQs2DGb8Dw+ridCz4IUVBrXkoBWMo1SAX5u
+  cihW2kjv0i26NzvVqt+v8bhFmMW993YvBH7EGk50xqV8tXFx0YQN8dfEkZvk/qbB
+  omzn5rJ66jcd5DC8uYdjqQKBgAw0JxNqdEsmQuCmXgdORrHox6v8hCR8G48pe9/2
+  +iioIRwpmTC3g2wzqDzttj7/xrmoalyaN2WyKHmupcgdo3Ql64QGVx4v92US5R13
+  veLvt+8kRlPCXczsdn8zVRD1Ke5fnerzxlgFOiJpoY8TcjfbuOrcPqI3JHsmXH9q
+  UTWJAoGBANeCD1Jz9+7nzPzCE4qwYICRrPDNa2xIVMDlo9DjnRDC3Vh7EJgp5UVN
+  dFOdP/tNaZMxZwzWanElITFZd5Pw2YSi+MdztD8o0D0rCjevjL9HHTUm7dgIgo5k
+  9D9i+qa5zBoiYyhUb+36X4+XHdh1FSFX1XGmXXo6xStkK8StZlXn
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAzH4IKzzA7dECgXBGqKkVJXS/+Ko5Rca7CYSXUUvAToHuQfVf
+  h8Jc5r8NIXibASRlNITmbR2eVRptxaQVqWiqIGl8+sZ4lBCsEWh8Fe3dG5Vi9ZZM
+  fOdbzTg1CMtfHCSwxaaSNRSByOOwjo5YA8vi3uEIt8me8KT9+5IktHI6jVkLKpdH
+  G1vmigek86QbSv3A/7PtKffzH3EUDhFp87hPaD+21EdN1hjH50qWhlxIyP7DomVK
+  lXcO6qvr1QzU8ug+1GpNeA4ocWjs7mloSBZlTcMh89XjkKeDwWDX7H7tnTbcgNwZ
+  +/nLT1N3zbFTKWiaeV+hTtDrdWeS+9hvXXQIuwIDAQABAoIBAQCQFLzsugG1jm6V
+  hOZEL94WZgxcyJNR9pQSQLndLeJxblrRXnHQ1cFfU32M980/IMWuG3W/q/7DN7vg
+  ZZxdoME91RWaG/0ZViXmnhfP26jOppLzNtLtrpWgIto7OA/rZG6o1JRvkeNgCA1+
+  ZAzfn+hZ4XSjCgxSwe2yM2ZpPZLDw5cI0O4YyqRx5srzr3GDefIL5CPt4ufMRcOa
+  7MMzWlgq5xjnG1759g4acQWHa/zdZg4oIsbnC+HLk1+HDUUPT7uhKEvFN2G1cXdK
+  ml2qIdnc/vryuL51oSEifza5ioIyM4s3H9qajQarmwqnslJYxps4byxt1VP2hFEA
+  Pg5fzOcBAoGBAOIjG4sB8yp/+Xs8+EKWl1dAiWAI0RrPvX1jb3ZlkejIh4WvjPvp
+  UspymmKcFr9TaFasYd3kstoKZbjFVFbuooC3dr+pLIZ4ytGw4lwBhP4VBa3YFrt3
+  S1vZV0JrEt0hccdQFBkYfgla8qRZqFHb2aHtpYSxYut4yaYARKjsIZN3AoGBAOd/
+  MJBnJ3axHIzqVAApbQkG5L3+hO2xjj6rEviFpeS7ZjVSkGr/o7Sgg1GVjQI45dcm
+  WhgDKDc6z/vrGogl3V2v0tbTTJJJw6V2jhkzloahGIIz8USVBAkEa7pyVel4z5Bu
+  GmZlqKKYHdHXZog/wnxdixJXhWhqHtwaikqfpt3dAoGAdJDQQ8lPhRrOiP4Wooxp
+  mqpDpeMlloJ7FMVK0Wbt3WZwpTKmo7vT11NXzXjUKO9fmz3kfLLElqxBXwsovF7q
+  GRt49LbJos9lDM33AKIv4aEIemIm5Z9Kkx/nYO88nAv/UFQw5/a+ESh2Zs1ofDmt
+  Z1DOvyWI7gQnPZBp1AFUFWUCgYEA05QB1NkSzn5Nc9VvdL5n80ojoiqPX5daRJii
+  vBWaa5WDctTFPaXr/1h87QHcYN2T47IfwbaQ+Pl9wec81paU3d2mu8VfRIy6je3v
+  LcVinCV8evPyXRY9G+i4dS2uq7ZJLt4SrufW2tRg3Lsb8QclP/lW9CqdubLUBaMU
+  JeQI5NkCgYA1lO0QKRcXWCfWLXh9pP+vmjrS3nSSlMZRwUFmqPcAbPVOnoRKlav3
+  ygIagqyKxnr99RUJlpmZwDeOE2Z+pWgWR58PDy0lOEtOou/Avwr1WKJze7+pD5qj
+  wn9l0PliTrKQSZU60bkcUD1P0bjPB5T6m4oLaV+6Uh57UG7BEhPTLQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAzcw555SHdxPSe+pJ+yfy5zzBkbC1cSAU0HgKzbqjFeyNds6K
+  onSxAuxeNAyOy9js0l4UhQPFm77LoREPhp5B5hKlfTvjjXf4JJag7HPkK1t+O672
+  jyzNf4GbxiRsSAQ/IfLumGtEcZjk4r1gbY63KmVw/57mO0KuEzMKkewee/SLr7/G
+  /IYigzzwRbLdN4HDbtmN2V5LAcYCLlE0t1ZlWAhmyxJ4jvS+xuKfvjp1Uq5orrYS
+  kGMADk46p+fzRtaBEda4yDco4K0vw9rYpfFFz6oUm8UTLtB0NcUqEv635+u0Weu7
+  kOiBFYx6bhnybkQkMBYBAD5IAjYPXxA//i84kwIDAQABAoIBAQCMNxVMv1n8u7ix
+  TNPTF0jcW/zWsrsstFr6Ho/d08fB7EYGKHs0bKUeBMW6WMQCB25zdj4s0oEUuE4t
+  E16sra7gftvaE6/ad17OLwK9l8hh8hhzuaWrry7kLP5hZfeQqbQKAWam2o7rhuyL
+  v9OvUYlijXML9suOnMPVuPT+rw2mDaIQWh8D9n3IBmrXF3OkHmYVw/xKzqQykkHf
+  bdWRgE3br2vO8QFOZ8D0aahkYnW1MZoUc4IXw7XSpxwt2MOCejPisfsHMhyGM3Cm
+  UNacCZgu4Pv0UJMhdFggIYsIUS86vvl7q1AxB3UC4fGdWmN7cAcj2atCkB654lI1
+  zFxjBzNBAoGBAPq2Tae2PSqZCykJm40YuQTjKjYNEjNwzY17CZ5auYpGerpTow2U
+  74dV3fpLuFynBZWwr/NRyhR6UcUR0rwXhirNxkKAX3ldfM5Plbv8fpCDa2jUVOP6
+  j4khtZ2BFZ0bYLNOG95Cy3IO8Rvst9vkoIIc1Qid5u1w0N5SuOV20FnLAoGBANIj
+  aXUIGvR7v5oSObJYJozZXqc4uujYUtrVc4tEHBF3KWn4c3m/sihCSfHk1dXYlse4
+  b7am1wlO+chqF5fCduWFx4CpmVUnr9ktQtv2kfzG5/3HmIDs46/c5cUoX0HyI+tc
+  APbxMP+luKywDTVlFkKJlTsYOcNQX97hAZhQQ+NZAoGBAIUbwzD23ZS/OqCoHDEW
+  Xi0NGr0lxXMQQeIK3/l2O6oBb2l7vEcauu2Ell0sVI7Ekn9+Fny+AOdMZhuWMedx
+  KeeR5uAp3gbGrtuuf1YWYXAChkVa7lM4FXr+LbmY7kvCXF32a29e0TsWWca0sI0L
+  3ngWLLjtdMy9p/dRvh7+LPJvAoGAfPxbCSTdA3VnLPiSIKWVqEjRp5xyb3PbNBWp
+  N7g3CZxaoZEI/e0qxg9Hc/yrwxmj9P6aU4VAeWTj5HRVvAoKNdIwKzK05JVKXl4x
+  Wit6AWM9MRC6gFRlyIAWmgG9RrgC7UY3vKkQf73N7ch40r1hVAoJHLD4CleP7jze
+  ef2jo2ECgYBEDlv8Dzpd6QvrFVX9rtNNVVJKfQX6lrNyvukJ3OMNjf2/t7eLHlup
+  PigIahmxLO1ymA1+tzPDjUSWRdw01+QVGVO0Kzl1BEM9TO7Z75TaX902Ydoh9btE
+  cTUPuAuglJDBzEWOGnneYnXkvEwoTAtzTEbNSsuMxTN4km6OhmaxoQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA62MUgdhJeV8I9nGDu441j+TqHMrxjxbf9JIaJ7sZZDXn0UMi
+  yuRuDcPVRorkWk0e1amyT7qM0VetIsiL98TATgcwl0BvwwGgFfIqxaL7Jq7Z3kNN
+  Z40yZ4Xhdjth173Fq1YlWAr9HntNY1yL6n1vBTqNb5aWDA6oZ1tFD6HxVgwhaGiV
+  hjlHkW7YMfkY/23h1z9yKC3NQEhvPToMVM2plKjssfzTl21chuabyyJCaVrqBnpt
+  Hh+4d6+G3cmpfTUSrTP2MWm3DQH5IxnJYs1stZrIV8fi1sduxyz5QUgn1lBDRIJ6
+  4VQvO7otDcDdZfhKDL0th565PsmWsBjkK7BQOQIDAQABAoIBAHo02YvEJ/lMftG8
+  A4GXhnVriqRiNOFuJd3LEKs59yfQ2McLTP/7cqvQ1WSnbYD4cx7I2JuOJdf15hyd
+  9BUx4AlisDaGrL+Yk21xagVr5Wqi8tfzJzew1c9rca+5isXAb+TRd9fq9JkjuPzy
+  Km4Wq1ISoSWjD8m4vnPSrds835gk+zSYg4quWRjbzJZlu59gIIgkAqlDsa22TkFM
+  auRVEzeGiNn0r6wPatjGycvrRgBhvpjuo0JgMxZv99hOAu6vnBuJmHc2tBjrdT5N
+  DZf0YSwUvtccLPIgMQUiQo0nGx+PBS8KFmiNWYN4kJfbPDmUOPGF+OZ2q/hS0Eqe
+  oDFVMgECgYEA+MeKlAW1G+Uol/n+4cEM6MwIXDNEQpf5DiQn/yZpmh8EDRnq8SLe
+  6bLbdIfIa4sUPZhNTHhsNbk1l2zW2G2rkJwxmQvrqFhnUwJA3FCHupt9DKzmeAH0
+  pY+rLRDiAWXAw9NXPHKoYWNI0eNAueQ8DddCcDQWKwxZeLSBLUALDnkCgYEA8jgI
+  FfzycTbwt04eJlJXbukwKGNcMs47BRlSPmluVXjlbthR2vxqGfRr69Oe7Jeg9dQI
+  ZP58sDDmKBvoPH0p28mf+VvSMdRtCbdYZXvFtL84hMgp0bXqDHpU/sqkITpo/Co7
+  U5mFfAZOynqIiOR3waWV/ORsinFRD7qzJeP338ECgYEAzquWKBoFtsLM0lRQteLW
+  gp7dYxsD3f66XFEVGRYkLHEPwIKDdwds/+AiB9C1YwILMpBPxvNTkd3m84Driqix
+  GlVnrqkEgLnQPFlm4J/V4eRCIkGQxKl7P/72SV35IwgQ952enwzxbNY6LIMJxmQg
+  r67f9q6Oq/x6Z5gsqBbIGKECgYAIVKECkJaOCkOxKkCjNMXJDMAZQ4GSRcGF5V8M
+  wneG/Qd3Dn2SOIg1qFBl5ftbS8O/cLFxN8d2D9h6nKsaGXvtETwtSVkrWZD+eo3R
+  v7YHB2ScPH4jtkv8beCqerG2atndgl5T+725jEX9dMVpX+I2iMllzz1kbY1KKzOq
+  I/MMgQKBgQCmy17TQ5UxthgubcU2fSRSV+S7nib2RB95+gvuahDIgQbX88vPYxJT
+  3DAKs/DpUAlJrr4KcN8Fy/2iLZ2+1vIHsRF2QgBvVmQHK9aBhFshoOQVyfGiF2/1
+  m7vCpauBNnx5E4nMgksdrrqIdFRMoHTsPdDfQvinlkbEtT47QurH6w==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAoNHIXM4olB/+vE8WAJ7SJCcsEY5utftYean2KYlLt8QdxzfW
+  2eL5sm3WxzDj59znKJaLy139gd83blCTgd9qyxSl8VPtiOO4DekQCVXfJo47rQ+3
+  MVrskSuMeLxQorUJ6yjNSFf9t4VB0cjQ6PbjexYCCfET/oFQQXusbRDTLT2Iu2uf
+  Gwf2PnremGAdNVqATSRuN9EOZhMXqqozmRjtoBi5/6FdbzdDgfoyoe77ZlLLA4us
+  lnfJOfnmUkx608TmIuF6pyYuv2O7GnSG9ng27MM9jA7S5xqz76flEvUCmvge7w3m
+  yNfuoeQEjClOQAHPf5mXtHM48cAiZwWeIL1ZjQIDAQABAoIBABFMv+sL2l2k23hS
+  YaGLdDujYyA4XDyDX08nM23gcR7BoBpwLVKfEhFZs4MWBU5J+yvolf04jS7NXl8l
+  l9ieuhRCkl9VkfXp2UDV033NmQXCwzSoviI3D7/GGYRbbakzJHABoaOoo4h8c0on
+  +iE1fd8dzPZY0rfMHWAN98x7xNvW2RXIi6dxF63Ja3EEZ4JgMzfceaKkr5y94jJ3
+  vbazHMqsU+UuHqlP3PXShxdclCs7nxBQEUVB76FS6Cdz++m43o0BUoFg0nzCNnAw
+  bEzArzp01tsHXdkFacooDiOGNq9gE73T2d8OB5qY7F04hNtz5futtyzMGKu8Hbje
+  b7uGeJkCgYEAxgdINH7785j0jdXT2XLOm2vXGdL6z0zkeXbxz3+PlMx8zymqkNbq
+  t8Yz+SirVoyTSHnwDTDpf7CCNIHN1u8WQY2tKx/Di89dBYK+pzM8IQWbblPJA1JH
+  W8OE8rAqrsg1YdpUzdGBpCAFsO8rEQJvroX2c9fCegoT9hN+0wiFSk8CgYEAz+X4
+  znfaXgxkpVnm8/2HHZjoLrvmy6WVM6ZSyIXcl7oTzJHE/ByZ4XD9dVHp+GAJpfsB
+  dO+kn40Bswk1h979NlgPN67FoMYrV0/amqeHeFb+guWLt0+RqawbF7re31lgzP01
+  JoOT7Mym876DbdO65DRBgJWeLFsLL2nQ/kvGU2MCgYBUXSXVt4N+89q70iy+prp+
+  XCL3TXqsdgWf+Zxq2d1Bdxx05TtVGTpFsJrTuw/Df3//kHNEK2JOk9PkqqgWuSSy
+  KLltdcrI9T6b6mdus9UZ/FmLVwZ788GSxmkNOx/z9jdHyMv4Ixkn4ryJ9FpUlMUf
+  hNLJ51FizIhUfVm6bhba4QKBgQCQ0/1TIC1wbSPECPAaMxjoZngA7odmgPCCrbBn
+  3tEApfFbBoV6uBX+9i6rhyf+DjFKfqTSKIu/VoTDi3vOLmqpbAkV2lv0l3jj904r
+  hN+b1sawu2ZsijLIR4wMKPNQFryXsSFQtkLbqOn5TVPTs7czeK/U+uXYsogFPKsK
+  LBF6TwKBgAU8D40jvTAZ31D1pFJIxOn5af9fUF2HD3YMrbketQW0z8Bl0SE7M3zw
+  NolX2hqNKQM7m6u+5TkgLtsbcX5640HH1sQmgTHMbyt5OHE2V3FuzWOvAvjtAw0w
+  RxO3I16DjkxPaoGx55oHoRaOyleEQKo8qvQO6cY2zgKuQgPB4vSp
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAwXkkLtL+7C0Nov0zTBZM+BzngVq3G4nT0PogLG0zGZArnymE
+  Tv3S3A3ENshKWX08dVspm09EYJjDzZyyHuD/T7/tKbfkroREkAf88IZXM+QICMXi
+  m7KZ1AhSsXkF9MTRe1aQuhCfvMSFBDvA4dwolWvXozuDV37kdq2hlLXUChHRVhF8
+  J6ylffxN1y9RZicm/aKq50XMAuBAWDwOruaZWC0NP13vChndfMtLMu/jutuQUCvL
+  ldU5DEbCuBD3agKPXMDm/zBNcR4HedT0wW4armq7hOwuZSZAW2o20AnFhREgGeLt
+  DUgNQxJ4vlnIfsHSDkCyOtMovxY5o0QuKzt0TwIDAQABAoIBAFs7fMx3wq4sMJoD
+  PAVNHs6BEsn0tRPPUorg5/sLI2WSjn9nXHTDTINoGnaazDSW0cOlUWFjZ6MFZo+2
+  rGfTQZGht3xMsxF4Xbxth+ED+GsHxKIeblVtSwypQBVgNGbPyNiYYXbcD/c71F3C
+  r5nR73FGgVD/51eDBsjP57nwZCS6nsdUqNrF68ybb6tqvMIPlMGQA3ww2cLsrMrp
+  d27Yd/Vyf8QCNgq83mLBEAD3OuZe+OcpAb3ii+KfAOFb+t1CbhaKCBQmlNT9CLrC
+  kzcU8Fapl6yLosQIKpV47t2u/sdZ9tN6d0ZShiRCFVS21pHOTclV68bRUJGUlbaL
+  n4H30kECgYEA+yEjxp2J3i0PfRfAjkOIuKZ3GrvFhdVOc+MRqMvM4E9f9XViwDH8
+  7qyZRJzWPXShdHcDpZZXx2T/GMYTFSRE+3mdJeGixW8Bqqu2qMyMXRvfZHw2OmNb
+  dAFB6zthPS1tIBjwJ/6W7pbPCnIRPRL8tdjQwPjVXPnElqJgiBhaqU0CgYEAxTm8
+  3ecOYRtzo4+y0d+mhpX0UZOTLY+HdoJeIp7o5FNmh8wV32l8Fj8zqN02xrM5pqHw
+  NZSgr07JMTLlVD8A4UhEK/USua5UlAJxrkmByWem2w8LlFD10ZtnahOELgfHiSMR
+  CD+Vg76NTvZc/qihqMUUULaVfhQjHwjUnyKn5gsCgYEAkngxtZYM41jEv+Eqnc8l
+  3wy4Sw9ZlUVkDJNTqW+0ft/MyA0/G3oMW+ivPCV9jzqHMLZ5mgqmB9YQMxLT7nDJ
+  CyNTVNTVavHjtveQAcPL2kJ3eNQ5jLSGkpJpMBniDRyBmUbyS2FiBqZO+3isNULt
+  weJDX0nCqAfFcVYjlz0dI8ECgYA2m7ABuRIwLQutxAH9PnG7XhXR6Iyd1tnpJFuw
+  NlPBtJ31B7seqvRirIk/PlEGX2WdD8WU8Fw1bhki+DarRu6Vcg7+JNNUekKM4Mhd
+  O5kmDP8UNGw+WtRVfzP5GQJGRH0pKX5zzDc3zTEPJgPFtydbtYXUe1mVGTpIQ4er
+  sErQ1QKBgGEHqg4NvyQdovYEjrFYeetZpwaxXUxt8gxhX7YGmDL4k/xK4s1ReZic
+  6Hda5FpZGj0MRXB/gRrtPBjV0C0qV2jpFu92bepnrkvXMab7fQOI8APuiemBPtuS
+  5oMFCTYw7dqM2ljr+MivKIkaXedoBfTn9Ff40tPK2Y4Cc/AhSr8O
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpgIBAAKCAQEAxlbME7p+oJcanKE3wFlJuC0ych+TBoRaOpAZ7oi9vLybQ7wn
+  gKap7zWHAeHoK7bhfyvPt5k7Z3UCmpXwvIRJtObVH8KpT2oEN5EqaKmgg6KC5s2c
+  nxsTIp5PpS5uo+CvA43bGBi4GMletp2T43LgbYs6UlcqxxRbj+2SbJIDYg4S1gDY
+  I9HU69F9Qzz4Pofn5DRvJs81aWBOaIAaJI8oaiwrzUsubpHwQ/eFjFEDryXwsto7
+  qisqeALoMqSToe/bvSDl07ceizI3APzvDF1J6vUdnn6cbBXBXTKvKQwn+d4Nk4QY
+  l7dC53vgqBAHFP8heVgdqLVpyPPJKohHSJTgeQIDAQABAoIBAQCiYf3DSTTTFeNb
+  yUJz4KZSe+6JMQCWnVWiDMiuWpW9KE2WLz3IPqtyhUh7ahFDeP81txDhKDtSgKIZ
+  Hhlyvnv59+MVlbI4qnu5Ysht2DLqkurJPB22xdvsw+BBRLqgwRuItWNjXxmacYNx
+  z6F83liQVyTwtRz40NoGBGOVMBZE9/7ZcZO4P7rogHPxgzeQ7VpX2OofosyRF0KQ
+  pm8QCV8fgQHsGeZ099Jvnl9hh9cOzEfWEfzkYDCPkhgROXGELs2KQQOQxBXFaaOF
+  vXaTyKoWrbqo+9J1ONCWlRWRYG6eD31IhfCqxmfh6eozk/tvP9OmVdgRtIe26LvQ
+  Kd/7+uWBAoGBANHGYOBkF0AU6/tHGOj4dLi1zZxxVcxao1hL8Pkh+KB09kJ/1/wv
+  RDi3tZmVknDw0NFlXn8St4anFG0h7b2bb6VXp/VahHSUDOUHOb9SZK5f543Io+tQ
+  QzlsjoYw4FKxqQeF/vYPCxBdIx18zkMRkq/0+Eqj27Y8i2wVmr4dC/x1AoGBAPIL
+  T0q4RPeod4V8ssTJPRQOcEeUeQI2JgX9hdrwYRkv4DcHUK3h37dvoHin0IKHM0+d
+  DqKk+j0asyEpSbKT4KhTdqjcGHymzX0cEl3d7hVEeq5M6S3+MAR9E45HCb+IaqKf
+  T4BtKDv3dqrUPXUQdj0yMG0Ih+X0Ep90GCuDbKN1AoGBAMp/A/83v1XlnFJotDwX
+  spynKr6sjNUCXZGbZRco2tcRcLKKtFTEz8csV0nVn5IUdI7dmpVx3OVHnaknSlZw
+  mBp0fjaS1S+vxq7DBdSQ1Y2aGGy+VLWPOgVRrFcPEUviIbeYeqDNrrFyJraNRpJp
+  gT8HazKp8Cp/UVrZlBGW+n4NAoGBALkUXthS2SHK50HiXUxOWO76L278oB9Jyn9w
+  IaeNgaHh0wAhDtc3TXsV104LfEwjF+A7x1Ik9tg8j1a/HIR5wSLVV3m9etfuMFkH
+  Wx/9sK0AhRK86tzpbkwwXADCXzjfFjMtwHwCe+6Gxm3QBwJ5yP/4XcEx8cCrhoX5
+  HvY+85Z1AoGBAIEd/fJXUHUaw0ri5CqGLPsxIR1O5B98J/96D/3xeY69QnW32OR/
+  s/vw6J3gOoNo2wP31ZnN8tbRvc4LcWZJifgD5U2Se0kHe0oJBWG6ffmbsxuNWcWM
+  0HrUGB+k7n6wNlq3gVwewpaKOoFAyKqCXDBCWLzKkmNTfEfRWwkDnJFS
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAuPe45gKODofxBy9f19fYE6AVdFiOPIL+xQYYg0Qow3wOFnd1
+  nU/xxpG6bOB4ndFDwkAUlQ+iEuAjBdAUNRhXe7TlPBO2b+/Rwqg/vJpeS1rLmrcM
+  zLhw4Rqqy+9evdSa0qyzYN1YPJTjJrQm5W/TtHje88czIR9L58bCKLCmELeiUMA6
+  tveEDuVYv2Mnc88AzvFUxkrHHuqmw/cKljgw2uqrzCz9n3jpopr7aBb3GdmIGjs3
+  3IPJRgmi7q75P8F0C1EzbWyMLuu+pcHHxTdOAT8k4DCDbogHe1fMl7BoFqVjzTjH
+  +NIaVCdUiE3QUn5OFo3QlF2H2k3iu4ZtNaK2twIDAQABAoIBAHJgzTd+cPXPXl6B
+  DxVb5cQNA/dUI3CL2JthL5tMdKCdf+CoslQ68VlHGC7nh+6fTvU5xwB+EEz3yPB5
+  QWWrzb0zmWVTE0eY1u82N2ObWZ/jX3AmrYWSsEqiwOcm+EEOzUZlgO7vMPcVYnm2
+  gS7zvcglzkiU76sVvUxv/fRHeAlxVsEdLGOQVGkvZjcaOAL2y0KlPHeh6ByDh+CO
+  TkYfYtQXbk+KSJchSHt+JncpgeFqvfr4BdZApvWFYueMpc+80g9CiwXVPzC2vnkk
+  eyc2nc9G90BJxOSgdRwyKF4m7TQbdvwRDRZ+8aomgiohRXArfQVqgIRx1XBpFuiO
+  QOYy5YECgYEA6yYRjXshKnPjPv2tcvZR8vHFs5m339UpNmHeYM70rL4hZ4qrrYWG
+  OSVWoJVRk/aauXK76jfmMSbYRvW0e0HR912rL/rw/o5HsdTN9dNBQmUvpARdz5eE
+  dKbXHuk/kjWBorLsG+kSdRDyys4nsJ18aXyScEuewu7+KtOJQAgpBJcCgYEAyV6I
+  PCfvNrBFrtVG4umD/R1vjgp8PWxS+oixD22AlQhRVK+4HiaYZcsDBnvmmFh+PuU2
+  tDpwAOstUFF4CfXIXHldodxgw1JZY5lVBe95RE+iJ2crCyzgt+gGzwHxQ0UBkqNq
+  I762/YdGgFlJ5J87v6EMGpCEFe0NMVhcH5fnguECgYEAq9HqO3X/+vQo1SspZPpF
+  UP6GlkA5Eg3AimMiyZwPPnXDFNRHs4gAVptI3BefPz2POvhyBKeJxNp8aAU7NmEW
+  2egQoQN8upQeIPu87uXJJomnMPKb1YcCGvaZ85U9hUkhi0+vpIk+mlmi/rt6VtwM
+  P0vt+K3YuNlG0OY2wJn11ssCgYEAkFqhJSanmLfSrFueHmqyQNBKOTQRDmNKNOmq
+  rFmedLfqvd/eCFc4prha6doGW64Min/8sES4KCBvcoWEnPdB8/DZC4CVKVAuXnT7
+  +25Jq4u+vap6s98vFQdTYjCNSOD+GKXnH8rHGYZRJw9bJnZz+ZK0v5Jb7e/qpjYm
+  jEt0HmECgYAc/JS3UEupoNZWXfD8PqF6PNFh+jL4FdyK/KMWMNaD5mKVnuPZn6vF
+  pYeNGlYH6ieQG4g9yQMPcvBDO1Kb5tecYekjnbVYYeBjKIbfaGPjPLR7CdX1AmYu
+  6wr3YdCGwNKaGsODDGZugzw10LwkaEr9fXGD4LY6Sog76pZNaauydA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod18-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAoHdWmHeeNXLHssgpq4q6KaCMUUY86jZ9+qnXig4BLUmVshe+
+  yGZ06eSO52q7I190uiGTsnIrSJAx2pUffzDDJzY3OhgCgSfQ9UMmYlEPAP+KUakb
+  w6nc1y27wScUG7EQmDC9Rgv+vCK7JVwA95UVTuRb/WoZ7izUqLjWYABLQiV2YGHX
+  r1VHDso9gcgrj1g0ybwdEqUy5rldYEIrpuSPwVccnq7PMjd+b0MqYroGobQDS6/3
+  vrR5i8f4dZkm0VWl6hlTyIXyZOFmfzh013JpFys9STIsLqVz5Uqu/U6uDEjIc35d
+  ufh12X4f/xe15YzEHT2EaT4zSeIaih8lZRhMeQIDAQABAoIBAQCBVq9dxUyoGBQO
+  bnfn5LGYy+dNuyduQO3aFPu+MvuP3TfjjHAiZzLlM2xb6xNbt50GSfoaYxuwKUmF
+  vZzdkBg8it6I3MFoCQfMKIvPwzYsv8xldcEDPO7cIeisDyuOBnIxuVdWFmUEj5n4
+  yuecp3W9WSMsZ1DvQQNH23QvfQ0sCm7r/ckEOK2Dl7cKACep0bkt9pFMgPsb0sil
+  csUfAXgUgIVGe1D1av+pe6YU1btIWkYu/JCL05WZKKXMpvKz/DT+eaVGq9Jktvew
+  XKslhWQXba2ujkK5+2KagVenSsusm1bUpBwANNNXfHhMzRFJbIiwFWucyH4rWcYp
+  cTWgy9hhAoGBANVztb0zxfBvz0Ar+NCOJIAmfpw+M8Y/9yOes3KSkQOWh8jbAEUV
+  oGjAkfB2+VxuxRe/rAJlkp/N8yutkvbJiWeA+FWyY/sGxHtL2S8jZlxgzhJLwmhL
+  f5Xfr3kEcy0BJ8L3XXY6q7EPVGi6Cttx4gcPkhoY+pjkqTjPoDZL0XMjAoGBAMBz
+  zXXau5EayYt1aWGzz1CcpokSsnGrEokx+YXHGlO6QcS0/CkHA8WZn74z4rRdtW5Q
+  GiMiSoN+VYWwlXxQ7H7zPDDpqGqXGUDFFqN6WrTpw8SdsZdC9VftAb9o2lObjY+9
+  XVgQrzBvDcN56CWsZf0UWOTu5F56CsbObUJeFjmzAoGAZFgOEtD494wIeRly0dBQ
+  tnHiSV8whb1iWDtuDql6RJ6KXNEfclq1WylUMiAsH9jvDLgNi97mK/vsmhbyJNQf
+  pSnLFLZVLBhFW9UPV4qjvz+/AHje/pqncvSCEDkYUArf/1a8eC0is40KWGVFX15N
+  LJaUT3J4tFGif9OTdJL19tMCgYBhXHRuEhlgAGBECEMm5XOVQZrSr73M2ZIIDFtC
+  vYZpI0pQfIsxKlZTKjPxYohnXR0DUMzYR2nQ+iHD/6CwgrQSSXWC/UJxoj1pUgvw
+  6l5nNfgPSQPmFT7Pm5yNvDrvnztPo6pMeixW4WfiI5M5M+1oyllqgBzSWwWGrDoE
+  IFs4FwKBgCzsbb9qRCRIvK9sz50Hdybgbi8iKoG1QLLOTYgHinSu5GyTOsLBYDHP
+  OChQzqdGIOTMaUyeTj7lgQpVndqNietirbhuFw4s4zA2oRNhbaRcX6+z1W5sYds5
+  LN8A3eEY/T0Pns4PS0MEF1EoXZr0lP8vpIdj14qKeUAgRX8xjIV9
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN PUBLIC KEY-----
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA228brw1/tThwr2MG3Etj
+  VJc18or2iyIAqsn9uFxt7HzE7gHrZjparrMwR77ClL7+tuV1V2k1HmyZPcVA3vc+
+  gHb+/Gsv1NF0H1emcwBjIt68NXyIgw/8mIZnK8v+Zitcr4yyfxt4f8LdZ4ZjLNMA
+  OXS1fteAkP42QKFkZ0lI9UjPavBAg+wK0dlBMrUDucoAXZEK8h98r1C5J/1VSkaT
+  mGjYm6vdZaFyK3rDA02WOwTYYjaahjAibHdRAnQHUVkN6JUHkbdGVwEiNYLFcm4d
+  HeS9oeucMvXUkQ5yMvN8/FEgzdN6l9uVBxg1nxxsWm99/F4DVhRrAipWsg6To3pJ
+  fwIDAQAB
+  -----END PUBLIC KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA228brw1/tThwr2MG3EtjVJc18or2iyIAqsn9uFxt7HzE7gHr
+  ZjparrMwR77ClL7+tuV1V2k1HmyZPcVA3vc+gHb+/Gsv1NF0H1emcwBjIt68NXyI
+  gw/8mIZnK8v+Zitcr4yyfxt4f8LdZ4ZjLNMAOXS1fteAkP42QKFkZ0lI9UjPavBA
+  g+wK0dlBMrUDucoAXZEK8h98r1C5J/1VSkaTmGjYm6vdZaFyK3rDA02WOwTYYjaa
+  hjAibHdRAnQHUVkN6JUHkbdGVwEiNYLFcm4dHeS9oeucMvXUkQ5yMvN8/FEgzdN6
+  l9uVBxg1nxxsWm99/F4DVhRrAipWsg6To3pJfwIDAQABAoIBAQCYBhYL5TJA/uUy
+  3Ux3etNKW6hIbPX51ojXyjE5dO/DE33r1vCbVnpU5lfgnMx5+QjG9ZmiAYWHmn1g
+  SjRzRJ/MqKRnhGsS6jmlLThoHDCSi/WgqLJ6+qxpj1QTB7UsW4ZPKQ7Q+Ns2yG5T
+  tssm1tgk9jJ3uh2cVkKH7Eh/NkqRg6OkJeKyQFagaMBYetaOkoggsnWKbO1RKToX
+  7yJFnMbWpkfeMzuT6aGg7qhbdqVOOZIcsJuxmkexRWvJI59kSfQJVNDSkI/FzTd7
+  5PvO+QzXF+CyfYkk/VsTG/5S3YUDpWtEZHCuyIsDnHkWm0cyuOxVKC8qOQBudOhM
+  kxiwwlQBAoGBAO7ycs/MwNhLSxsiXYSfhmT7GKMaCZZTnph8kRcQB1w3Ymx7R3yG
+  4Db8Ef8mdcQMGhNDeIkSe4684PO1+xQfHAuPDNlGBzXFRCsMcFuuR7eTmoJL9NCy
+  p9vJ+Czx6LUG9uiA+3QHzZIVp4vUxRYkAxFFXZ5P1T+0VQ9GBYvto6aBAoGBAOsY
+  KD3Eb3Xo9TZFxk4hxKP1jAOiwZNIjnPt1bBXhrUAvVvXKtXhXTjezYwqysfwc41y
+  Q4M4RFKq+vH6C1bKiBvt0EsfOlMQo4SygfwizOg2QM5HPzE/FutbIXLiqIphxh62
+  +vRMkaqOhnIRIhnwgiBFTv2DxriDDQPBIaakhe//AoGAZ/j9dmhM/ZD9tGfms3/K
+  tgQAu2/n/g6Ssx148MUbvsemvzeBarExvRtAJXsxwUXWzs0MFPEC7KBJbiKghyfm
+  Ry1O1PhAyOf2epjmBy61rC7BC7NLashifCPNJpl4vdSy+YauY9XFYKylhBXoUHMJ
+  FqnNS8bHLvokDQpV/YZBMIECgYEAgfxdY6mVJ1CjJFr4BoNNQoql2+zFszXO7fJ2
+  0IXUiYfbK0iQ+qkc7jDi3blbXalpeq/O/GLEBCFdlyV114ssLqUTIjYl/X+Zqek5
+  TbvAKDS3KFbkbcpAVemRWQBRyBG/hYQOxb0AXZloZPFsNYNxr34i6rFN0v9C1uyW
+  OpmFJOkCgYATbBShSS42L/vLFw16fxqWK3Y8nQngrg9Kls0O2c82a9SCWxqwTieq
+  ZQnEsbTN5WcR+wHnoqD29b9fcFXTGbTcadaAge2KL8hpfrJh8vqlqofqEJuh3xD7
+  Ts69XDvpXOXUla2jajault/2STKAFsnEhXuD/UFCNEmEM7gRaUUpdQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1

diff --git a/site/intel-pod18/secrets/certificates/ingress.yaml b/site/intel-pod18/secrets/certificates/ingress.yaml
new file mode 100644 (file)
index 0000000..b799fdb
--- /dev/null
+++ b/site/intel-pod18/secrets/certificates/ingress.yaml
@@ -0,0 +1,135 @@
+---
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-crt-site
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-ca-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-key-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...

diff --git a/site/intel-pod18/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod18/secrets/passphrases/apiserver-encryption-key-key1.yaml
new file mode 100644 (file)
index 0000000..e21876e
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: apiserver-encryption-key-key1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
+# use head -c 32 /dev/urandom | base64
+data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+...

diff --git a/site/intel-pod18/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod18/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..7201502
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...

diff --git a/site/intel-pod18/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644 (file)
index 0000000..9a9af1f
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_swift_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/grego_crypt_password.yaml b/site/intel-pod18/secrets/passphrases/grego_crypt_password.yaml
new file mode 100644 (file)
index 0000000..3084c5d
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/grego_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: grego_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod18/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod18/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644 (file)
index 0000000..0b49b62
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ipmi_admin_password.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    name: ipmi-admin-password-site
+  storagePolicy: cleartext
+data: root
+...

diff --git a/site/intel-pod18/secrets/passphrases/kasparss_crypt_password.yaml b/site/intel-pod18/secrets/passphrases/kasparss_crypt_password.yaml
new file mode 100644 (file)
index 0000000..e0e57f3
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/kasparss_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kasparss_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod18/secrets/passphrases/maas-region-key.yaml b/site/intel-pod18/secrets/passphrases/maas-region-key.yaml
new file mode 100644 (file)
index 0000000..73d4a69
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/maas-region-key.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-region-key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...

diff --git a/site/intel-pod18/secrets/passphrases/miniroy_crypt_password.yaml b/site/intel-pod18/secrets/passphrases/miniroy_crypt_password.yaml
new file mode 100644 (file)
index 0000000..683bf33
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/miniroy_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: miniroy_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..c5f866c
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..bb19957
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..9bf0217
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod18/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644 (file)
index 0000000..5122192
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_barbican_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..32f8dae
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..b22f898
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..040e657
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..5d76ba7
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod18/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644 (file)
index 0000000..26565db
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_cinder_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..b1ac8ff
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..0739069
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..57db752
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..d103c27
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod18/secrets/passphrases/osh_glance_password.yaml
new file mode 100644 (file)
index 0000000..93ae0f2
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_glance_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..496fae3
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..3352d4c
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..074e688
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..39f1327
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_password.yaml
new file mode 100644 (file)
index 0000000..5777ebb
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..74e2a99
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644 (file)
index 0000000..36db28b
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_stack_user_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod18/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644 (file)
index 0000000..58129ef
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_trustee_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..7c78d45
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_horizon_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644 (file)
index 0000000..78c265e
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_elasticsearch_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644 (file)
index 0000000..9232de7
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..6d5f49e
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644 (file)
index 0000000..bd4e573
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_session_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644 (file)
index 0000000..52dbe16
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_nagios_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644 (file)
index 0000000..64f78e1
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_openstack_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..9c68e9d
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..f134f46
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3df5f6
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_prometheus_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
new file mode 100644 (file)
index 0000000..9f64719
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_access_key
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
new file mode 100644 (file)
index 0000000..3e06f91
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_secret_key
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
new file mode 100644 (file)
index 0000000..97c7d23
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_access_key
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
new file mode 100644 (file)
index 0000000..60f0134
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_secret_key
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..6c3f446
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644 (file)
index 0000000..2edf0f2
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_ldap_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..07b2206
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..aec85c0
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..be716f4
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..ee7e4bd
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..4d0b157
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..4ac42c9
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..6be02b9
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod18/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644 (file)
index 0000000..dd0b2b6
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_neutron_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..9e8ff8d
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
new file mode 100644 (file)
index 0000000..37d5c62
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_metadata_proxy_shared_secret
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..2cd60f5
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..487bcc5
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..13569ba
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_password.yaml
new file mode 100644 (file)
index 0000000..4c2223d
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..7a885e6
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod18/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..11747a7
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..48df9ee
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod18/secrets/passphrases/osh_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..61b4144
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod18/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..e7d97e2
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod18/secrets/passphrases/osh_placement_password.yaml
new file mode 100644 (file)
index 0000000..c72b59a
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_placement_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_placement_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..a3b5a2b
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod18/secrets/passphrases/osh_tempest_password.yaml
new file mode 100644 (file)
index 0000000..af90ec0
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/osh_tempest_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_tempest_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod18/secrets/passphrases/tenant_ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..18bd485
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: tenant_ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..33c4125
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644 (file)
index 0000000..8a1d648
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644 (file)
index 0000000..866efcc
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_armada_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644 (file)
index 0000000..cb2da22
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..95a76ed
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644 (file)
index 0000000..5ee27f2
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644 (file)
index 0000000..e63319b
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b8083b5
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644 (file)
index 0000000..2eff525
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..91f74fd
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..a9cb153
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644 (file)
index 0000000..402c129
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644 (file)
index 0000000..96ec574
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b513af4
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_openstack_exporter_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3c1325
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..95d6c0e
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644 (file)
index 0000000..546de05
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_postgres_exporter_password.yaml
new file mode 100644 (file)
index 0000000..abdaa5b
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_postgres_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_postgres_replication_password.yaml
new file mode 100644 (file)
index 0000000..2176e71
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_postgres_replication_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_replication_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644 (file)
index 0000000..ac40d1e
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_promenade_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod18/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..6a2aef9
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644 (file)
index 0000000..181a52a
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod18/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644 (file)
index 0000000..de0eed7
--- /dev/null
+++ b/site/intel-pod18/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod18/secrets/publickey/grego_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/grego_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..2ca157f
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/grego_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: grego_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyMag93evkxOvIKFryNGuaIqzuWdji7wyqoYNzTP7JI3SvEAdv/6yEo5Ca7/OxHWvKOfD8BaBINljMdHk3cj47LA47s4BFUpYxaYd6x5JqjSVFcX0JzB8FO4i/RE9q2HmqJJ9XuOc9ZZZC8CANFajqG9uvY0ChHLMifEtzi7KCPnQfDSSB5dogz3kdaukuUC9dtpUX04v29C9Mk9JaW4gmECYqPnwRZq0E+XFI0ipKtB5LtGY191p04AYMWHq+vZXo7F5k2RKl3PRiIEBIGJjIK64NhzIhV4g/8nRABeNO7C7YbFHbNbXW2ztzZA4Avt/nPVn5goDuaY7kus1kWG+RRy1oQrFRL+MIbuJkFV4hkxa9SonUSTPNj8rk++E94ysVxundWRxhT9eKU/tDaVYg+KxoUApdk0UfwpbUNl/FtiEGu44hutYfON4EMYgHIc5lbfXQ2dSQq82jTdEeP2/LcRl+W6Au9chlzly7B39rCzi9hSjezb7r2uJ5ZhdXLfQfPaBg3hS+4Tt/QmBkj+1dZZVyJ77KAabd3ppr+KURwUEdwqP0Www9yExdhbO2ff92ZzkBe+9dUKaVv/yFapQYCgguwuRqG7a0tTvF/5aLx0IVghp6qBA9t4ysgpq5KqIB1aTuo546ftfSGnZZvbJhND1qMMqT8shTqaBkctGEw== greg.oberfield@att.com
+...

diff --git a/site/intel-pod18/secrets/publickey/jenkins_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/jenkins_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..fea6159
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/jenkins_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: jenkins_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDadzshrgOmFS+8fMwHaGBclUBP65uhjHx3FDoppDvV2Itv1Y36yK2q+mrJ9+2N+UDMLr8fohZkoR1fsOLVH3RToB12hWUR6+IEA/+9QyIsyIsmcM8UVKcV4eIUX1bjKp5Nb6gAFyYDQjnq/a2Km/XsUQq6rsGSPvy7uprdNyQzocPPo29+Iu33wEfQ2eSeAxw2ODqcOjQJ1wp2O3ehy0f1k0tzR3zuvusHncTwviOMg8KhIktrln2CFiodyT4J/YtzQnPdQZ4ab28oKZPrTZpqnNSY2+MFbqgMROZ8caeKB0WshMJ9wfpkGwrZ0zMtM+JsdQX/lYhMsF6C/F7blowP jenkins@airship
+...

diff --git a/site/intel-pod18/secrets/publickey/jorgeas_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/jorgeas_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..3cd7d66
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/jorgeas_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: jorgeas_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD23OGYRNZrqXUlpsZUe1baQaxkVs5FqSBfwL0mf6xi3u/0mLAhoRt/H7m7JBgtZ6EaolpHma/VWro/F51tp5p6wm17lRDG3nTKvUCpCqK95zg9jakUaDddhHga9mBkOME1skkLjEsSZzUH0XOz0y+x+t25lmTuFfpnubgEthjIKqclSk3in/wmQY46Z0fePh7Af7s4bDJ0xFs2wKdffsFLwJNO1FN8sPPPtf97IWuJ1YQ1jUoVpTsGGnpx78l1DVy7UsjiJBs/nvnY9AJiaKq54nOiE7WXvr9cKgD1Ax2Ytnpp7MLGfZkfKdTZiwKnkz7wQkEVrrZRpqOsb5hrj9XJK1AisH6B10YW8DC+9bUu8zRGasb1S4PF2Zu4oz7i/0SH8nhTz9QLqZjFfFQ4Ql/4pXcCiqzJrvpVFGOw2mpZIDkt6WIwfEbWZaYakdUnhZcSQLzUFYsoBiqUzWvmUHAMG5QGccx6pD0QzVN8i0t9Z9Fb2tvomm8kHrmh2966O9c= jasarabx@jasarabx-MOBL1
+...

diff --git a/site/intel-pod18/secrets/publickey/kasparss_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/kasparss_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..3cf2601
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/kasparss_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kasparss_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZBgcufBr6msHHnAxW96vYgFhDHqjYi3oWsg/E7BeoTT+962mSeU0roKJG9XN3WY++D83T5dUcv6PAje1Upzq9O0tX9daKET89ZeYEtZ5cwIQvf75caDIgfilNVFbIIc831ardHZVte68SRrtyToXdXJdiK0KHZyuMauZvU/T1Icth91fHYuY2Lo2G2+15A9VqKKW4v+Luvj8qJR98s0uMslkJozZH1xWbX2HbXzLLZuQZk93Z9V9QDCv5qKd9VBz6xDQ4d69Hf++qkHnKHznhq3mA1dIrSRNG963IM/sueoGCDDTLKPchZeZ4kWWH3vr0iM02NVcUV/R9kamoUzz kaspars.skels@att.com
+...

diff --git a/site/intel-pod18/secrets/publickey/miniroy_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/miniroy_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..4da5a43
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/miniroy_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: miniroy_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk55nW0Ff0ymRSLIvCkSK0npLLesmK7dTe00K79FfNaGHG9csoNZv9bnVdaK0ChxBJdd+hnz5cEqAU+hxPloissvjxHBlUo1bUvT5qe0kWzcSxsB/reo4SAmgbFDgfejvQfIQ2WdiJcDJMaxp3sVbyCRj+mIz7lrVPujnTkWHiY2mBwrBtsd/2gkRuolOIpOSkb9+KArhRZR6wG1sJEOeDseHACE7EWgg6M7Y0yxW+FX3HLvTRrplGylxZ1boorS3bHr7oP/BntHrDm6O9d4vlaPoeHWuTsa2bjlXzRNIw9k9LPztnJ8oAw9uTfLfD1Bs5htBvRgPhqiUV2mEWfP2oQ== rsa-key-20180315
+...

diff --git a/site/intel-pod18/secrets/publickey/trungdt_ssh_public_key.yaml b/site/intel-pod18/secrets/publickey/trungdt_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..39d05ab
--- /dev/null
+++ b/site/intel-pod18/secrets/publickey/trungdt_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: trungdt_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAk73XzbYvF7zUD1Lkd11On1xXuCmxs+fgQSXqNG0W0vL7TQxckwF0HECdo5pcdC+Lf3sdb1z5LsJXQVd4Wwdx5yBA4exTn11JJzX+0sWhwdSpjrr5WuvJgIA9cR8TjHZmdmeRkpC0TB3Gb2kqYIgm1gc/h8ZNCRpwzwzZ8kSekkN5Q8WpH4KiRk0Syfb63pFzvQCyCbJ9E0C53jypSAp0GlBgFBjtu7yb0SfJ/zpbse1+ckyY5mssvl3MVzSJ/71a6Oru9xUqbrILJ9jA7CodZ6Wg7JBAbg9CyuJW/ZAmTVbzjENqC1BStMpWUdkFtcxrXrMAH5RTDmHFLEuvdYxanFUkE3rIw2Vld4EaXVLjfhUbOwKRzINZNccbCKFcQSe2wgPUwL50yDpvYg046pkEihawpjF8QQcHSYtnaRTHf/kjJggeFmnjKe4ctpAFnzdSJ6WkKj7c5XYcUy8TBIEt4LI7s0iBZ4FeqSRB63HeuQdUz88+R+BZ1euclSN7/TWvimDwE+zr/NIvVWZd+cONF4Ax8YDnSLZI0R6jm7ufTWfkWnqqIlctcZ2dJY2q85vN9z+EBY+AGZZB6X5fnfi2nlUqIkOUGS74o68HyOv2S5I1idB8BggKaFbdPT/nlS9bDBivbE3+pfZitc6HV/sQfTFUzs6z7gHAV5UeUY8VSrs= rsa-key-20190606
+...

diff --git a/site/intel-pod18/site-definition.yaml b/site/intel-pod18/site-definition.yaml
new file mode 100644 (file)
index 0000000..2b1677a
--- /dev/null
+++ b/site/intel-pod18/site-definition.yaml
@@ -0,0 +1,17 @@
+---
+schema: pegleg/SiteDefinition/v1
+metadata:
+  schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: intel-pod18
+  storagePolicy: cleartext
+data:
+  site_type: cntt
+
+  repositories:
+    global:
+      revision: v1.4
+      url: https://opendev.org/airship/treasuremap.git
+...

diff --git a/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644 (file)
index 0000000..9241013
--- /dev/null
+++ b/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-calico-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which calico etcd will run and will need certs. It is assumed
+    # that Airship sites will have 4 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis hostname - pod18-node1
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod18-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod18-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod18-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod18-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644 (file)
index 0000000..54bfbe8
--- /dev/null
+++ b/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which k8s etcd will run and will need certs. It is assumed
+    # that Airship sites will have 4 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis Exception*
+    # *NOTE: This is an exception in that `genesis` is not the hostname of the
+    # genesis node, but `genesis` is reference here in the certificate names
+    # because of certain Promenade assumptions that may be addressed in the
+    # future. Therefore `genesis` is used instead of `pod18-node1` here.
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod18-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod18-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod18-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod18-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod18-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod18-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod18-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod18-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod18-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod18-node3-peer
+        path: $
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..50f8f48
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,101 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+#    based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  labels:
+    name: ucp-divingbell-site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: jenkins_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: grego_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: grego_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: kasparss_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: kasparss_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[3].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: jorgeas_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[4].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: trungdt_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[5].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: miniroy_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[5].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: miniroy_crypt_password
+        path: .
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: jenkins
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: grego
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: kasparss
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: jorgeas
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: trungdt
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: miniroy
+            user_sudo: true
+            user_sshkeys: []
+...

diff --git a/site/intel-pod18/software/config/common-software-config.yaml b/site/intel-pod18/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..b9f035f
--- /dev/null
+++ b/site/intel-pod18/software/config/common-software-config.yaml
@@ -0,0 +1,16 @@
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    # NEWSITE-CHANGEME: Replace with the site name
+    region_name: intel-pod18
+...