Site definition for Intel Pod-10

This patch adds site definition for Intel Pod-10.
Updated publickeys of luc and trevor
Updated site-definition
Updated divingbell
Modifying common parts - FOR TESTING ONLY - Will be removed
Trying with only 1 disk (bootdisk)
Trying with 2 disks - /dev/sda as bootdisk, /dev/sdb as datadisk
Change ceph config from directory to /dev/sdb (OSD-data only)
Change ceph config from directory to /dev/sdb (OSD-Journl too)
Reduce footprint of osh-infra (reduce disk pressure)
Move ceph to site specific manifests
Fix pod10 host/hardware profiles to be site local
Fix Nova/Neutron parts to be site local
Fix glance cirros image pull
Fix type to site layer names for moved files
Rename pod10 hardware/host profiles
Move ceph fully to /dev/sdb
Disable SR-IOV configuration
Optimize disk storage for Nova VMs (use root disk or 3T)

Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com>
Change-Id: I2160e56744917510d4627cefca32031904188f77

diff --git a/site/intel-pod10/baremetal/nodes.yaml b/site/intel-pod10/baremetal/nodes.yaml
new file mode 100644 (file)
index 0000000..009a0c4
--- /dev/null
+++ b/site/intel-pod10/baremetal/nodes.yaml
@@ -0,0 +1,193 @@
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only two bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a different
+# place (type/cntt/profiles/genesis.yaml).
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+  # after (excluding) genesis.
+  name: pod10-node2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+  # node. In the reference Airship deployment, this is all logical Networks defined
+  # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+  # (what could possibly go wrong!) The instructions differ for each logical
+  # network, which are laid out below.
+  addressing:
+    # The iDrac/iLo IP of the node. It's important that this match up with the
+    # node's hostname above, so that the rack number and node position encoded
+    # in the hostname are accurate and matching the node that IPMI operations
+    # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+    # reconfigure identity, etc - very important to get right for these reasons).
+    # These addresses should already be assigned to nodes racked and stacked in
+    # the environment; these are not addresses which MaaS assigns.
+    - network: oob
+      address: 10.10.100.12
+    # The IP of the node on the DMZ network. Refer to the static IP range
+    # defined for the Admin network in networks/physical/networks.yaml.
+    - network: dmz
+      address: 10.10.100.22
+    # The IP of the node on the Admin network. Refer to the static IP range
+    # defined for the Admin network in networks/physical/networks.yaml.
+    # This network is used for PXE bootstrapping of the bare-metal servers.
+    - network: admin
+      address: 10.10.101.22
+    # The IP of the node on the Private network. Refer to the static IP range
+    # defined for the Private network in networks/physical/networks.yaml.
+    - network: private
+      address: 10.10.102.22
+    # The IP of the node on the Storage network. Refer to the static IP range
+    # defined for the Storage network in networks/physical/networks.yaml.
+    - network: storage
+      address: 10.10.103.22
+    # The IP of the node on the Management network. Refer to the static IP range
+    # defined for the Management network in networks/physical/networks.yaml.
+    - network: management
+      address: 10.10.104.22
+  # NEWSITE-CHANGEME: Set the host profile for the node.
+  # Note that there are different host profiles depending if this is a control
+  # plane vs data plane node, and different profiles that map to different types
+  # hardware. Select the host profile that matches up to your type of
+  # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+  # 'cp' refers to a control plane profile. Refer to profiles/host/ for the list
+  # of available host profiles specific to this site (otherwise, you may find
+  # a general set of host profiles at the "type" or "global" layers/folders.
+  # If you have hardware that is not on this list of profiles, you may need to
+  # create a new host profile for that hardware.
+  host_profile: cp-intel-pod10
+  metadata:
+    tags:
+      # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+      # plane node, and 'workers' tag for data plane hosts.
+      - 'masters'
+    # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+    # documentation for the specific rack name. This should be a rack name that
+    # is meaningful to data center personnel (i.e. a rack they could locate if
+    # you gave them this rack designation).
+    rack: pod10-rack
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod10-node3
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.100.13
+    - network: dmz
+      address: 10.10.100.23
+    - network: admin
+      address: 10.10.101.23
+    - network: private
+      address: 10.10.102.23
+    - network: storage
+      address: 10.10.103.23
+    - network: management
+      address: 10.10.104.23
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: cp-intel-pod10
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod10-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod10-node4
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.100.14
+    - network: dmz
+      address: 10.10.100.24
+    - network: admin
+      address: 10.10.101.24
+    - network: private
+      address: 10.10.102.24
+    - network: storage
+      address: 10.10.103.24
+    - network: management
+      address: 10.10.104.24
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: dp-intel-pod10
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod10-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod10-node5
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.100.15
+    - network: dmz
+      address: 10.10.100.25
+    - network: admin
+      address: 10.10.101.25
+    - network: private
+      address: 10.10.102.25
+    - network: storage
+      address: 10.10.103.25
+    - network: management
+      address: 10.10.104.25
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: dp-intel-pod10
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod10-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...

diff --git a/site/intel-pod10/networks/common-addresses.yaml b/site/intel-pod10/networks/common-addresses.yaml
new file mode 100644 (file)
index 0000000..183cf91
--- /dev/null
+++ b/site/intel-pod10/networks/common-addresses.yaml
@@ -0,0 +1,164 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced (substituted) elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    # NEWSITE-CHANGEME: The interface that Calico will use. Update if your
+    # logical interface name or Calico VLAN have changed from the reference
+    # site design.
+    # This should be whichever interface (or bond) and VLAN number specified in
+    # networks/physical/networks.yaml for the Calico network.
+    # E.g. you would set "interface=ens785f0" as shown here.
+    ip_autodetection_method: interface=eno3
+    etcd:
+      # The etcd service IP address.
+      # This address must be within data.kubernetes.service_cidr range
+      service_ip: 10.96.232.136
+
+  # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
+  # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
+  # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
+  vip:
+    # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
+    # The address is selected from DMZ network specified in
+    # networks/physical/networks.yaml
+    ingress_vip: '10.10.100.100/32'
+    # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
+    # The address is selected from Admin network specified in
+    # networks/physical/networks.yaml
+    maas_vip: '10.10.101.100/32'
+
+  dns:
+    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+    cluster_domain: cluster.local
+    # DNS service ip
+    service_ip: 10.96.0.10
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    upstream_servers:
+      - 8.8.8.8
+      - 8.8.4.4
+    # Repeat the same values as above, but formatted as a common separated
+    # string
+    upstream_servers_joined: 8.8.8.8,8.8.4.4
+    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+    # Choose FQDN according to the ingress/public FQDN naming conventions at
+    # the top of this document.
+    ingress_domain: intel-pod10.opnfv.org
+
+  genesis:
+    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+    # the Genesis role. Refer to the hostname naming stardards in
+    # networks/physical/networks.yaml
+    # NOTE: Ensure that the genesis node is manually configured with this
+    # hostname before running `genesis.sh` on the node, see
+    # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
+    hostname: pod10-node1
+    # NEWSITE-CHANGEME: Address defined for Calico network in
+    # networks/physical/networks.yaml
+    ip: 10.10.102.21
+
+  bootstrap:
+    # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
+    # networks/physical/networks.yaml
+    ip: 10.10.101.21
+
+  kubernetes:
+    # K8s API service IP
+    api_service_ip: 10.96.0.1
+    # etcd service IP
+    etcd_service_ip: 10.96.0.2
+    # k8s pod CIDR (network which pod traffic will traverse)
+    pod_cidr: 10.97.0.0/16
+    # k8s service CIDR (network which k8s API traffic will traverse)
+    service_cidr: 10.96.0.0/16
+    # misc k8s port settings
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-32767
+
+  # etcd port settings
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the
+  # control plane servers. Ensure that this matches the nodes with the 'masters'
+  # tags applied in baremetal/nodes.yaml
+  masters:
+    - hostname: pod10-node2
+    - hostname: pod10-node3
+
+  # NEWSITE-CHANGEME: Environment proxy information.
+  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+  # should be commented out.
+  # However if you are in a lab that requires proxy, ensure that these proxy
+  # settings are correct and reachable in your environment; otherwise update
+  # them with the correct values for your environment.
+  proxy:
+    http: ""
+    https: ""
+    no_proxy: []
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+
+  ntp:
+    # comma separated NTP server list. Verify that these upstream NTP servers are
+    # reachable in your environment; otherwise update them with the correct
+    # values for your environment.
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+  # An example for Openstack Helm Infra LDAP
+  ldap:
+    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+    # relevant for your type of deployment (test vs prod values, etc).
+    base_url: 'ldap.example.com'
+    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+    url: 'ldap://ldap.example.com'
+    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+    # deployment (test vs prod values, etc)
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+    # relevant for this deployment (test users vs prod users/values, etc)
+    common_name: test
+    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+    # deployment (test vs prod values, etc)
+    subdomain: test
+    # NEWSITE-CHANGEME: Update to the correct domain for your type of
+    # deployment (test vs prod values, etc)
+    domain: example
+
+  storage:
+    ceph:
+      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+      # used for the Storage network in networks/physical/networks.yaml
+      public_cidr: '10.10.103.0/24'
+      cluster_cidr: '10.10.103.0/24'
+
+  neutron:
+    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
+    # VLAN number are consistent with what's defined for the Private network in
+    # networks/physical/networks.yaml
+    tunnel_device: 'eno3'
+    # Interface for the OpenStack external network. Ensure the interface name is
+    # consistent with the interface and VLAN assigned to the Public network in
+    # networks/physical/networks.yaml
+    external_iface: 'eno4.1103'
+
+  openvswitch:
+    # Interface for the OpenStack external network. Ensure the interface name is
+    # consistent with the interface and VLAN assigned to the Public network in
+    # networks/physical/networks.yaml
+    external_iface: 'eno4.1103'
+...

diff --git a/site/intel-pod10/networks/physical/networks.yaml b/site/intel-pod10/networks/physical/networks.yaml
new file mode 100644 (file)
index 0000000..ac2509e
--- /dev/null
+++ b/site/intel-pod10/networks/physical/networks.yaml
@@ -0,0 +1,327 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations).
+#
+# The following is reference configuration for Intel hosted POD10
+# https://wiki.opnfv.org/display/pharos/Intel+POD10
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |        |            |                                   |          |          |                |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G  | dmz        | OoB & OAM (default route)         | VLAN 100 | untagged | 10.10.100.0/24 |
+# |IF1 1G  | admin      | PXE boot network                  | VLAN 101 | untagged | 10.10.101.0/24 |
+# |IF2 10G | private    | Underlay calico and ovs overlay   | VLAN 102 | untagged | 10.10.102.0/24 |
+# |        | management | Management (unused for now)       | VLAN 104 | tagged   | 10.10.104.0/24 |
+# |IF3 10G | storage    | Storage network                   | VLAN 103 | untagged | 10.10.103.0/24 |
+# |        | public     | Public network for VMs            | VLAN 1103 | tagged   | 10.10.105.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # MaaS doesnt own this network like it does the others,
+  # so the noconfig label is specified.
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+  cidr: 10.10.100.0/24
+  routes:
+    # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+    - subnet: '0.0.0.0/0'
+      gateway: 10.10.100.1
+      metric: 100
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: dmz
+  allowed_networks:
+    - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+  cidr: 10.10.100.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+      # NOTE: This serves as the site's default route.
+      gateway: 10.10.100.1
+      metric: 100
+  ranges:
+    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+    - type: reserved
+      start: 10.10.100.1
+      end: 10.10.100.19
+    # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+    # See minimum range required for the nodes in baremetal/nodes.yaml.
+    - type: static
+      start: 10.10.100.20
+      end: 10.10.100.39
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod10.opnfv.org
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: admin
+  allowed_networks:
+    - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+  cidr: 10.10.101.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the Admin network gateway IP address
+      gateway: 10.10.101.1
+      metric: 100
+  # NOTE: The DHCP addresses are used when nodes perform a PXE boot
+  # (DHCP address gets assigned), and when a node is commissioning in MaaS
+  # (also uses DHCP to get its IP address). However, when MaaS installs the
+  # operating system ("Deploying/Deployed" states), it will write a static IP
+  # assignment to /etc/network/interfaces[.d] with IPs from the "static"
+  # subnet defined here.
+  ranges:
+    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+    - type: reserved
+      start: 10.10.101.1
+      end: 10.10.101.19
+    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+    # excluding the reserved IPs.
+    - type: static
+      start: 10.10.101.20
+      end: 10.10.101.39
+    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+    # excluding the reserved IPs.
+    - type: dhcp
+      start: 10.10.101.40
+      end: 10.10.101.79
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod10.opnfv.org
+    # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
+    # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
+    # deployed without requiring routed/internet access for the Admin/PXE interface.
+    # See data.vip.maas_vip in networks/common-addresses.yaml.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '10.10.101.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - private
+    - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: private
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
+  vlan: '0'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Private network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.102.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.102.1
+      end: 10.10.102.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: management
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
+  vlan: '104'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Management network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.104.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.104.1
+      end: 10.10.104.19
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+    default_network: storage
+  allowed_networks:
+    - storage
+    - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
+  vlan: '0'
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Storage network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.103.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excludin (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.103.1
+      end: 10.10.103.19
+...
+---
+# The public network for OpenStack VMs.
+# NOTE: Only interface 'eno4.1103' will be setup, no IPs assigned to hosts
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: public
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
+  vlan: '1103'
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Public network
+  cidr: 10.10.105.0/24
+...

diff --git a/site/intel-pod10/pki/pki-catalog.yaml b/site/intel-pod10/pki/pki-catalog.yaml
new file mode 100644 (file)
index 0000000..b66ea64
--- /dev/null
+++ b/site/intel-pod10/pki/pki-catalog.yaml
@@ -0,0 +1,289 @@
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            # FIXME: Repetition of api_service_ip in common-addresses; use
+            # substitution
+            - 10.96.0.1
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+
+        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+        # the environment (genesis, control plane, data plane, everything).
+        # Add/delete from this list as necessary until all nodes are listed.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        # NOTE: The genesis node needs to be defined twice (the first two entries
+        # on this list) with all of the same paramters except the document_name.
+        # In the first case the document_name is `kubelet-genesis`, and in the
+        # second case the document_name format is `kubelet-YOUR_GENESIS_HOSTNAME`.
+        - document_name: kubelet-genesis
+          common_name: system:node:pod10-node1
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod10-node1
+          common_name: system:node:pod10-node1
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod10-node2
+          common_name: system:node:pod10-node2
+          hosts:
+            - pod10-node2
+            - 10.10.102.22
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod10-node3
+          common_name: system:node:pod10-node3
+          hosts:
+            - pod10-node3
+            - 10.10.102.23
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod10-node4
+          common_name: system:node:pod10-node4
+          hosts:
+            - pod10-node4
+            - 10.10.102.24
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod10-node5
+          common_name: system:node:pod10-node5
+          hosts:
+            - pod10-node4
+            - 10.10.102.25
+          groups:
+            - system:nodes
+        # End node list
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+        # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   3. 127.0.0.1
+        #   4. localhost
+        #   5. kubernetes-etcd.kube-system.svc.cluster.local
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml, except for the kubernetes
+        # service_cidr where it should start with the second IP in the range.
+        # NOTE: The genesis node is defined twice with the same `hosts` data:
+        # Once with its hostname in the common/document name, and once with
+        # `genesis` defined instead of the host. For now, this duplicated
+        # genesis definition is required. FIXME: Remove duplicate definition
+        # after Promenade addresses this issue.
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node1
+          common_name: kubernetes-etcd-pod10-node1
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node2
+          common_name: kubernetes-etcd-pod10-node2
+          hosts:
+            - pod10-node2
+            - 10.10.102.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node3
+          common_name: kubernetes-etcd-pod10-node3
+          hosts:
+            - pod10-node3
+            - 10.10.102.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    kubernetes-etcd-peer:
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node1-peer
+          common_name: kubernetes-etcd-pod10-node1-peer
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node2-peer
+          common_name: kubernetes-etcd-pod10-node2-peer
+          hosts:
+            - pod10-node2
+            - 10.10.102.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod10-node3-peer
+          common_name: kubernetes-etcd-pod10-node3-peer
+          hosts:
+            - pod10-node3
+            - 10.10.102.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   3. 127.0.0.1
+        #   4. localhost
+        #   5. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        - document_name: calico-etcd-pod10-node1
+          common_name: calico-etcd-pod10-node1
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod10-node2
+          common_name: calico-etcd-pod10-node2
+          hosts:
+            - pod10-node2
+            - 10.10.102.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod10-node3
+          common_name: calico-etcd-pod10-node3
+          hosts:
+            - pod10-node3
+            - 10.10.102.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node
+          common_name: calcico-node
+        # End node list
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: calico-etcd-pod10-node1-peer
+          common_name: calico-etcd-pod10-node1-peer
+          hosts:
+            - pod10-node1
+            - 10.10.102.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod10-node2-peer
+          common_name: calico-etcd-pod10-node2-peer
+          hosts:
+            - pod10-node2
+            - 10.10.102.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod10-node3-peer
+          common_name: calico-etcd-pod10-node3-peer
+          hosts:
+            - pod10-node3
+            - 10.10.102.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
+        # End node list
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...

diff --git a/site/intel-pod10/profiles/hardware/intel-pod10.yaml b/site/intel-pod10/profiles/hardware/intel-pod10.yaml
new file mode 100644 (file)
index 0000000..9d1764d
--- /dev/null
+++ b/site/intel-pod10/profiles/hardware/intel-pod10.yaml
@@ -0,0 +1,105 @@
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: intel-pod10
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # Vendor of the server chassis
+  vendor: Intel
+  # Generation of the chassis model
+  generation: '4'
+  # Version of the chassis model within its generation - not version of the hardware definition
+  hw_version: '3'
+  # The certified version of the chassis BIOS
+  bios_version: 'SE5C610.86B.01.01.0019.101220160604'
+  # Mode of the default boot of hardware - bios, uefi
+  boot_mode: bios
+  # Protocol of boot of the hardware - pxe, usb, hdd
+  bootstrap_protocol: pxe
+  # Which interface to use for network booting within the OOB manager, not OS device
+  pxe_interface: 0
+
+  # Map hardware addresses to aliases/roles to allow a mix of hardware configs
+  # in a site to result in a consistent configuration
+
+  device_aliases:
+    ## network
+    # $ sudo lspci |grep -i ethernet
+    # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+    # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+    # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+    # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+    # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+    # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+
+    # control networks
+    # eno1
+    ctrl_nic1:
+      address: '0000:04:00.0'
+      dev_type: 'I350 Gigabit Network Connection'
+      bus_type: 'pci'
+    # eno2
+    ctrl_nic2:
+      address: '0000:04:00.3'
+      dev_type: 'I350 Gigabit Network Connection'
+      bus_type: 'pci'
+
+    # data networks
+    # eno3
+    data_nic1:
+      address: '0000:02:00.0'
+      dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+      bus_type: 'pci'
+    # eno4
+    data_nic2:
+      address: '0000:02:00.1'
+      dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+      bus_type: 'pci'
+
+    ## storage
+    # $ sudo lshw -c disk
+    #   *-disk                  
+    #        description: ATA Disk
+    #        product: INTEL SSDSC2BB48
+    #        physical id: 0.0.0
+    #        bus info: scsi@4:0.0.0
+    #        logical name: /dev/sda
+    #        version: 0101
+    #        serial: PHDV637602LL480BGN
+    #        size: 447GiB (480GB)
+    #        capabilities: gpt-1.00 partitioned partitioned:gpt
+    #        configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096
+    #   *-disk
+    #        description: ATA Disk
+    #        product: ST91000640NS
+    #        vendor: Seagate
+    #        physical id: 0.0.0
+    #        bus info: scsi@5:0.0.0
+    #        logical name: /dev/sdb
+    #        version: SN03
+    #        serial: 9XG6LX48
+    #        size: 931GiB (1TB)
+    #        capabilities: gpt-1.00 partitioned partitioned:gpt
+    #        configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512
+
+    # /dev/sda
+    bootdisk:
+      address: '0:0.0.0'
+      dev_type: 'ST3000NM0033-9ZM'
+      bus_type: 'scsi'
+    # /dev/sdb
+    datadisk:
+      address: '1:0.0.0'
+      dev_type: 'SSDSC2BW18'
+      bus_type: 'scsi'
+  cpu_sets:
+    kvm: '4-43,48-87'
+  hugepages:
+    dpdk:
+      size: '1G'
+      count: 32
+...

diff --git a/site/intel-pod10/profiles/host/cp-intel-pod10.yaml b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml
new file mode 100644 (file)
index 0000000..55cbae7
--- /dev/null
+++ b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml
@@ -0,0 +1,105 @@
+---
+# The primary control plane host profile for Airship for DELL R720s, and
+# should not need to be altered if you are using matching HW. The active
+# participants in the Ceph cluster run on this profile. Other control plane
+# services are not affected by primary vs secondary designation.
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cp-intel-pod10
+  storagePolicy: cleartext
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: cp-global
+    actions:
+      - method: replace
+        path: .interfaces
+      - method: replace
+        path: .storage
+      - method: merge
+        path: .
+data:
+  hardware_profile: intel-pod10
+
+  primary_network: dmz
+  interfaces:
+    dmz:
+      device_link: dmz
+      slaves:
+        - ctrl_nic1
+      networks:
+        - dmz
+    admin:
+      device_link: admin
+      slaves:
+        - ctrl_nic2
+      networks:
+        - admin
+    data1:
+      device_link: data1
+      slaves:
+        - data_nic1
+      networks:
+        - private
+        - management
+    data2:
+      device_link: data2
+      slaves:
+        - data_nic2
+      networks:
+        - storage
+        - public
+
+  storage:
+    physical_devices:
+      bootdisk:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '30g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var_log'
+            size: '100g'
+            filesystem:
+              mountpoint: '/var/log'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>100g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+      datadisk:
+        partitions:
+          - name: 'ceph'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/ceph'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      kernel_package: 'linux-image-4.15.0-46-generic'
+
+  metadata:
+    owner_data:
+      openstack-l3-agent: enabled
+...

diff --git a/site/intel-pod10/profiles/host/dp-intel-pod10.yaml b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml
new file mode 100644 (file)
index 0000000..d0e63a3
--- /dev/null
+++ b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml
@@ -0,0 +1,112 @@
+---
+# The data plane host profile for Airship for DELL R720s, and should
+# not need to be altered if you are using matching HW. The host profile is setup
+# for cpu isolation (for nova pinning), hugepages, and sr-iov.
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: dp-intel-pod10
+  storagePolicy: cleartext
+  layeringDefinition:
+    abstract: false
+    layer: type
+    parentSelector:
+      hosttype: dp-global
+    actions:
+      - method: replace
+        path: .interfaces
+      - method: replace
+        path: .storage
+      - method: merge
+        path: .
+data:
+  hardware_profile: intel-pod10
+
+  primary_network: dmz
+  interfaces:
+    dmz:
+      device_link: dmz
+      slaves:
+        - ctrl_nic1
+      networks:
+        - dmz
+    admin:
+      device_link: admin
+      slaves:
+        - ctrl_nic2
+      networks:
+        - admin
+    data1:
+      device_link: data1
+      slaves:
+        - data_nic1
+      networks:
+        - private
+        - management
+    data2:
+      device_link: data2
+      slaves:
+        - data_nic2
+      networks:
+        - storage
+        - public
+
+  storage:
+    physical_devices:
+      bootdisk:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '30g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'log'
+            size: '100g'
+            filesystem:
+              mountpoint: '/var/log'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>100g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+      datadisk:
+        partitions:
+          - name: 'ceph'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/ceph'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      kernel_package: 'linux-image-4.15.0-46-generic'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      cgroup_disable: 'hugetlb'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
+  metadata:
+    owner_data:
+      sriov: enabled
+...

diff --git a/site/intel-pod10/profiles/region.yaml b/site/intel-pod10/profiles/region.yaml
new file mode 100644 (file)
index 0000000..e714ca4
--- /dev/null
+++ b/site/intel-pod10/profiles/region.yaml
@@ -0,0 +1,60 @@
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the site name
+  name: intel-pod10
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .repositories.main_archive
+      src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .packages.repositories.main_archive
+    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+    # list of authorized keys which MaaS will register for the build-in "ubuntu"
+    # account during the PXE process. Create a substitution rule for each SSH
+    # key that should have access to the "ubuntu" account (useful for trouble-
+    # shooting problems before UAM or UAM-lite is operational). SSH keys are
+    # stored as secrets in site/seaworthy/secrets.
+    - dest:
+        # Add/replace the item in the list
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        # This should match the "name" metadata of the SSH key which will be
+        # substituted, located in site/intel-pod10/secrets folder.
+        name: sridhar_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[1]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: trevor_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[2]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: luc_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  # This is the list of SSH keys which MaaS will register for the built-in
+  # "ubuntu" account during the PXE process. This list is populated by
+  # substitution, so the same SSH keys do not need to be repeated in multiple
+  # manifests.
+  authorized_keys: []
+  repositories:
+    remove_unlisted: true
+...

diff --git a/site/intel-pod10/secrets/certificates/certificates.yaml b/site/intel-pod10/secrets/certificates/certificates.yaml
new file mode 100644 (file)
index 0000000..758ee56
--- /dev/null
+++ b/site/intel-pod10/secrets/certificates/certificates.yaml
@@ -0,0 +1,2456 @@
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSDCCAjCgAwIBAgIUUhe1JxgE7Yh1iqSJOSEGx3ZAnhQwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMCoxEzARBgNVBAoTCkt1YmVy
+  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQDPD4hcsqHA2H35EynaEia5xR7J53zeMZRxTA/dZ7Ajr5KiE3df
+  YBn2XH41x2tnYnSeeMaEA9/0MUdMfL8cfuLOc00SV583X+NRV099zSwVk0t+0qxM
+  zZILWhkYSVU6LScaDHSWsKotdb5srQ4jXEKQLJGKcCVdZfKtOpd3L5oNAgFWMb1+
+  L1dj6bzMemKY0jyhOwkhzq9HIKDVF9UgGrQG39c853R1OyLCuV7GvGwZTLSYlQE8
+  kdzJPJxphHI5HJ07qFnVHfZTINKCSp4CzcR69P2ebNkYYxMMjMJcKcGBQZeD8IYP
+  3Lj7JRb9tYMMsCnvckOYesmM6cLd2/N3J+CvAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBR70SVxO0VZs5uQBJZ8
+  FtrinOnDhDAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG
+  9w0BAQsFAAOCAQEAO3HxeNV8py70HXWx0t3d/H67LazOn8GPXaGb1t/LJP6Im4aA
+  Iz/86KERBZtnPca4ViZSGg+24X5jEVuneu0Cb2PXTI19rPTk46z+xjOYvg7QKAC7
+  Zy8bIyxHRcOJWXZtfldjjarD+6Z+SpUy30IW6QBhhKXkgWcBJHuzvsRy34cn2Dor
+  3kMYjMl8eVB9MIEe06W68XWcqs2W1qxbwyhVtiYkDhAdJLezCX5gMzASkrrXOlgc
+  8I5bdpNHBcWdWozLYyo8FfcxQ3kC4u0oBFPcltU4wSNze5b6FEgsvFbj0VHYMpPe
+  YCe9NKOUGXFRmWQCu9r51TOL3ei9EDLojqWUJw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUjCCAjqgAwIBAgIUd4gluEvZnIC6MSa2COXMpzTNRPcwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTI0MTAxNTE2MTcwMFowLzETMBEGA1UEChMK
+  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcf
+  WwKi8+R5VH9piFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg
+  0DAgJphHIbmaMZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYO
+  qESCk8i3XjCAM9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSu
+  U014uRGINtuzobO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1t
+  SdKilbsTJpmFjnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABo2YwZDAO
+  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUHUaL
+  MQ/jLVbeUFCYtasaMoE4hXowHwYDVR0jBBgwFoAUHUaLMQ/jLVbeUFCYtasaMoE4
+  hXowDQYJKoZIhvcNAQELBQADggEBAGMzXFyfW8dPmjmNrDCoMhERDHY/xqgjZgG6
+  2Rd50k/ZKa5dTac0m1tybZ0KGBQvsYTsDGPhXOEMzBpHwDN+G+Gh8LUpCbpY2xZT
+  WTvCeHBNgcgr3o454TEMVd5XSmNDqDalEm9A1ZX0w0DP1As4zzsqfiriuSvQEqtL
+  1LdyA/9gFVNCl3O2Zamx/QJyZirC1+KJX4skI+Rofbw5NDRYilp1ddJGlOYIqTq6
+  8Fw94OfFfpLadEOkkyyz7PLYUQv7IXubjl09L7h6roGLySs1000tXPr/00W413ny
+  gyQ8qPfwVTAc8IwPCxLrgCxuQ9Rnsjw8UpNFaj/IKDHLultyimk=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDXDCCAkSgAwIBAgIUNKOS1pqRdd6/c6oVMOysQzCDdWMwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjA0MRMwEQYD
+  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6jvdox9yfGuKdpZ6oFEac8
+  KYIScvvZtw4d+YWxFg+U0VIh7MDcaIZW6NO9QW76XsaCgMOwv1m9m3VQ6SXpwXn5
+  uzgqIfHEaypizAIxAZFiSSVi++gArl5SZXzxPNIv8wdUubLKi4CQR+aCwfK9+FsV
+  GJ1S5rVmoCNma3ftOQAZiDUZsu4mX+UPzvofsMvMmYo+gk9P1VrHehlvUyBSsfvf
+  cZztJCNp4FIIXpoD8MjDad3nL6fwWDl/YNjqqpYHaWb8lHME8G9hM+MnMxyOhu/N
+  V0UJEujY64aq7GuZSYt3hgwDf1EQNmMfYP//Jq9gqTCSIl617cVeylZOBFy886kC
+  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+  VR0OBBYEFFWqeaecOQWXBemv652P0prSyi9tMB8GA1UdIwQYMBaAFFWqeaecOQWX
+  Bemv652P0prSyi9tMA0GCSqGSIb3DQEBCwUAA4IBAQCT77h1WAEhxbRloCZJ0Gah
+  eaUk0fVaTSCHJzbGjV1BojrXtsEnHskq1uuB4zym9xOSz7JYc7UeY1+vMYpy8M+o
+  JqzlvSpz1JYDd8ukwJOvcdaepsYpj7G8nrbgDTglJ8KnsBcsCe5g7emKXxysGXU/
+  PgW2jZAHMO2gxgzEvh0PoXRMqn6TGHjrdl9cktNJ7Lv9uXM7e0FrkRUB1xoDia4O
+  l3m7T/VitUF8qnn1edkfCyGE333OQGkBJoTwsMJEh+myeUdEN3h92od3HGut8SI8
+  aaxl195+em6PgVNQJxFSrj0Pw1zKNcxTxHnjwSXpcrYawIHkI4vdb3gVsxk6QhAw
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSjCCAjKgAwIBAgIUD4Z/gmizWB80oApCHL838JSV1lgwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjArMRMwEQYDVQQKEwpLdWJl
+  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+  ggEPADCCAQoCggEBAL+goMwNsaMtx8tjddFR1/iIr44iUCnJz2kwkV+G1ppFMUBx
+  NLUXzs26mxJ2BdNbMgFpWAe7gShIgvp4SYL1oD0Tvf0kEvRyym8jeSHVUIhT5T93
+  KmG6IB4gxVZLp0htO+673Byi+Y3t6rKICsDYH7+UtZcjgpjuOfYWLPxwke57x9y1
+  SNIj1QIo0YQT2bGwBz3x/s0hj2awSO8PqheY8nJLEKnnks3nzIFUp96IKFx0sB/j
+  ftQg1IuS0ak7mYSo3D9M1DOR3URG9yNXAN4bAZtndy+3zH9BAt60/4/vKoNdbYZT
+  dF1q+KY93yv7gW4/Ru6AZm2h/rEmgFWqst/UyokCAwEAAaNmMGQwDgYDVR0PAQH/
+  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKo/GpJZkwjxsI8Q
+  VNhp2BB2FK1cMB8GA1UdIwQYMBaAFKo/GpJZkwjxsI8QVNhp2BB2FK1cMA0GCSqG
+  SIb3DQEBCwUAA4IBAQAuJAZN8CUjK9tXYtr0Cofz26nuQmAxScR9deStaYVyIKPE
+  ASWbQVMdlGEFeWyaEfK9b5mjBJ4KV4cUig5Ki2WeCI9j4SXJnp404fjwFww+hnXU
+  4cEValu5SrMehGa9aXrYWPi2417QP+AMsXda2GItQ+b5WSuD00G+9/sZZvdmQYJT
+  UDQBpDsEgmHnVF2Qk4SIcl6MC2zXWroXcRZ7dHkgDCUMLs8bzIBD+7lVhrVXMOjJ
+  7Yc+XT2r4oeWlG6ssQloC8I7u09DmvcqPKTouCQNdEOMqJJjsPxGss848Ozgxabg
+  HnW1VpAUGAEVtIXOBC5hiP3a6SNbnRPFzM7wzI+Z
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVDCCAjygAwIBAgIUe8pGbUVr4Np9evhV65xWfe3EAucwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMDAxEzARBgNVBAoT
+  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTTZoqqSSE5JeIimYlOa+5fV+I/ZKOvuOa
+  3mAHMCeEbct2VFAlKR84ZRK+0V8kl7H4a/heq5raC20I06nm/hko7FYfZ/XisgNQ
+  LuHrMIiwuc6S8pGBmXAn2dn8Dai+i9PFTPllNvSSoSjPpRZHRz13g0fjm+7KKOPm
+  K5CxH4C+pTMQjSxGjW/4NYZzY2ApvG7hyV5Fk11vNUMRPkVhVVo+cO7Kyw6skw2U
+  eksVdNEQmKPTGqXE4dK2awc5MpmFkIpVuNnohJWYWH6N7Ty0uWSe0qyi2g3GJwtq
+  fi8k5GDsMMmql9K9xEm28vQVKmmIGph8c1EcWB88EqD2bV6qGRqPAgMBAAGjZjBk
+  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSw
+  f1hEf9YG8SVpf9jlxbHGtSQ4xzAfBgNVHSMEGDAWgBSwf1hEf9YG8SVpf9jlxbHG
+  tSQ4xzANBgkqhkiG9w0BAQsFAAOCAQEAfWmpgeHmgrN947AhQSgVuGspdJVaOGO0
+  eVdur/QfNw4ddGL2qDFzzr6r1YqjfsSsBbKRRbvFks74ngJ8soJfS3ta1y0cqvIl
+  TVQwK63mB8zhkwIF2qFLKZfUp5DYR0ORFCh0FArWkkgaRkSYcSQRK2MhAEqwUE6w
+  q2cBle0y17+d6jcoNjxXuHpyfXjoDX8wHb7earVLwm/+xHOANAjhUoGkb6yKV0Wy
+  DYMWdxgtJccg3qk9w4tO7Ma1fd1D1XxSs3r25nrrg4w3p+C+T4Y6/5CddCdy6/wV
+  BpszyMe/S5koRHxidecwW6rim6Mkf0+BjrgOxplygc4SZZ4QGNjorw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAzw+IXLKhwNh9+RMp2hImucUeyed83jGUcUwP3WewI6+SohN3
+  X2AZ9lx+NcdrZ2J0nnjGhAPf9DFHTHy/HH7iznNNElefN1/jUVdPfc0sFZNLftKs
+  TM2SC1oZGElVOi0nGgx0lrCqLXW+bK0OI1xCkCyRinAlXWXyrTqXdy+aDQIBVjG9
+  fi9XY+m8zHpimNI8oTsJIc6vRyCg1RfVIBq0Bt/XPOd0dTsiwrlexrxsGUy0mJUB
+  PJHcyTycaYRyORydO6hZ1R32UyDSgkqeAs3EevT9nmzZGGMTDIzCXCnBgUGXg/CG
+  D9y4+yUW/bWDDLAp73JDmHrJjOnC3dvzdyfgrwIDAQABAoIBAFVeRg5R57ami2mB
+  qSOrkCPPTZ5YvnatYlJD1damxUwxOvdvpyu/Z3TXNYHesj1xrjsX+GC9aDw5hPfY
+  BsMs3T3Y89G4JoCiHAqRQMjRKnfKvrmPClKv/qKHhwkoUuclbpWixP7L353Wiags
+  wUN66kae2XKGQiF7ws4A9inBinYJu3jJSwD48SEGk8gavwZsqv+bqICGpdgeHV7L
+  Mk3sxxKFAgN8F9yk53MuAdv8LIfVtm33juInLPqPMb2Ifv32mWmiS3xTCcIWq8Xa
+  55FiNWMUD/yNNf+hgZDcSMJaxVgUSy5CRngfkOqA3XmWjcADF4/HvC92BzDM8wei
+  zhxNTcECgYEA80PkTiHctYmq2KYvpoaVHyWNqNCk1ePWIpOa4MyD7Hr3SShaQ2x+
+  D3HLzoExt+I6EwWBzE8r8HvkWNX/P7FpzVPaeVfYLF+w2cnMgW1UTkWKQf+ne29H
+  fz0W6km2NMvX2faGeB9rV0XVxi7+UQuj1hqXhECQOXNeWWgRqMbCx3kCgYEA2eZy
+  ifs6n3v1Zk2k03sklO89k5dSCU1soAOiKOFV7UL0TFxZFpMO+Mlt6etJqpbIEIre
+  yTSWtLCFlkMxjUWqVDRmBrQWPseCfGklpQNv7FL2qR7HT/iyqi+DjDal9OaWxSVL
+  ii7+M0OGClUGe+Fu8RSRQ4nrowWb5i0pGHub12cCgYEA42h3N7ceDTLp3GfWqbSs
+  GJbRi5uoTC8V0fLsWPO2682z99baMqdsXOHDZYOOx9ia84c1ZJoqeEBJIebDG3at
+  cn3OAZtmAW1e9OlZ3TAoHJeTfMkSdyh6zO59yn0n8MkSOrbj082DWe11vzPVGExq
+  V086jy6P5LT94VSRFZbhJPkCgYANSGH1DU5+iFTmPpdsmNYbChZr186VaJXVj0Mk
+  UNAnHWy89ugrWx2Pht/fYYtlDbn2YDDCfSUusJAEH+Z2YSfH6EXL5NByVUEcCmDU
+  FUiOVGRa3NhzhIqHm0vekTo+movYSrS3ILQ4NcaG/LXfeVeE9KcCQfcOQfpF5rzZ
+  lDdkwwKBgQDbDNH8G55BaV+oH47NwMqCBVHavctPts9GoZ12U/o26WjbRKDeXN1v
+  btePDtQNcxf6J6esFJX4/6AF13e+JfIE/0ePIkXrvSjNdmKeDeRh1FlPi748NhHY
+  N68vI9hGtCkyEjR/H+eXQt5fO02KqMdaEoOe1rZVcLngQz/f8n1tPw==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcfWwKi8+R5VH9p
+  iFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg0DAgJphHIbma
+  MZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYOqESCk8i3XjCA
+  M9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSuU014uRGINtuz
+  obO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1tSdKilbsTJpmF
+  jnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABAoIBAQCOlXNvZCV8bw16
+  JX1Gi0JZBrciQNyIax8OWPAZLspux+19dPgZkgUxu0TgzFT5rAFFSyiwZLvtLwOx
+  +qvAr3XBBLKbBh4HlUOhH8LWWtQbIvcwbNRX7mkHZ1dMOKTRBjTpNap0FxWvtRVB
+  Djncl2BIJqyQ0px48IUqkroHICH5Of3o9m6Q6l9pdnq/3QK0FBYGz9+JB8uFP1pL
+  uMzPcCzr6p1ZR+cafgu+oNIPMt4hpfOz+dBJ4mfnss0msosj6jFhBzvQ7feZBLu1
+  MAJqbLOZyRvL78lToNun1WJz4p5qFIrShFWLtqsEC6HFhKmC/wJXTCrBv2/kmam7
+  +K4PtUkBAoGBAMIsWcPc9PEZQ49Naqd4++yBuh1zhMrem59yy5xDQyygzNhhSGtD
+  GdsBFDidnQaTe5d9E30TwE+A3rUAFx54udwId+uX+DnOx0wxgCxkzB19kxmDcqIY
+  qU4IZC0BJ4ZlZiSWX00Z/i45PdIRKWp1x8f113qZ2F0fMFC604bWtsRhAoGBANcx
+  34COhI1Hun6TvIrb/iYk2duX+eoQ/Wlh42jqSpmBXwj4JV9pRUgo5xXY3iYXXZeJ
+  AgMUH4V7CUzRYtkilMfbvcmqzrqowVqOF250B5auhFOO/EV9ibB8Iwfq/gDq8iZd
+  SmFzVsfQgdIg5VGwErerfhyOxWcFVav8dvYt0pDNAoGBAK8KGhWlry1U8AFT8axt
+  NPUccPGxvGjBShrv+jqwq/KkNmVtNUJ0Z+90Ro1PEEnoU8bZWuMrFfbVnm4eWbj/
+  bdS70ZcRFRTPofu+t+PNLe/7zsp2I7Wac61DhULIwp+18uFSqTCxGOEEewVOsT4m
+  VOWeahQ8cb5oqj5sXNk13+ahAoGBAI7ZHHRKJtNh+fpsN4w13M+VRsjuaYdnH9EE
+  meDbJgogRuW9U5GyX7s2668k9tJyUD53RE6m3QXOVq4XkHZy7jB9Pc7RA8oEm9Vw
+  3T0E6MSttEmDcRLv8qakwNxQsawKShQNeYKW/dRGJOdHzvIa31HtFRn/7Com8Gfq
+  f02LvWtBAoGAR5MyEje+Og4ihfyR+gS6KdRmBUUGua0PGkl6MDJWumtL3Snfzhtp
+  uPldgwtkO+NNYr4oTln1YcfFdtYY0zFJJ9t9TwiMmaLvbd75hr474BygDM2/mGSf
+  bITJztZ4cDKeiFTEJAYx/geWsen+2x61WDd39KhhJoyu9VIUPQJ+K7g=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAzqO92jH3J8a4p2lnqgURpzwpghJy+9m3Dh35hbEWD5TRUiHs
+  wNxohlbo071BbvpexoKAw7C/Wb2bdVDpJenBefm7OCoh8cRrKmLMAjEBkWJJJWL7
+  6ACuXlJlfPE80i/zB1S5ssqLgJBH5oLB8r34WxUYnVLmtWagI2Zrd+05ABmINRmy
+  7iZf5Q/O+h+wy8yZij6CT0/VWsd6GW9TIFKx+99xnO0kI2ngUghemgPwyMNp3ecv
+  p/BYOX9g2OqqlgdpZvyUcwTwb2Ez4yczHI6G781XRQkS6Njrhqrsa5lJi3eGDAN/
+  URA2Yx9g//8mr2CpMJIiXrXtxV7KVk4EXLzzqQIDAQABAoIBACsR/hRorbdguERM
+  uAq8G73b0FsINWdBLeKHZOb0zkBZKHgSEiLwzeiSXN0laWoUTYTa1rPzNy8hUjHV
+  t4LrgiRGZTuDrKeT5TJkfVlHlagT8GMWiqME4VNPoU+1iJPW4rT4d+xIQ2N8rz/g
+  qURLTGTPtN211dihl2dJhcTtcSAP0fpcSTMY+YrgyHo3y7Il1sj/Q8kG8NanfOJa
+  hV02UGVLBmSOB3aXLMdfhkxNSXEtlrR1gVu49mExQU07sEPYoIqgvT65ZYAd+QhN
+  QSfpCoFqypP21b73QFk6ctMQfEH/46hNjNrIb/oFrHrtaBuhLra3ksD60RfZ7r2q
+  XPuqMgECgYEA0Kedp1hvVewzptfpMRkP+c+d6UiGmHHaMRlbFrBPfK+8Qlfdel1+
+  /x7EB0qHzBUNwDKUq2pL93s/7gjDSsgKn4xU+Wz7udfwPWhqrgelnp9q4hitd8kE
+  tnxnSmS2KqpI7dyZ2BCFdgR5sLtCENs/47jpamhCOp2ydS4xPDD6SVkCgYEA/YcR
+  +vRaX0iAo3eXUM9E49FNhg4oCBsSQDHw29CSSH7S1GwIxCYLzOmSfx6Kp1EmooJj
+  bJq0AX/PaAv0vvEg6eCgthhtb2KtSWvZzZ/Zy2gy2yWVq6hRjw/os4o8aivXwXyH
+  BGzlZ8q2qIk4RKlMux/VhOb65RsFylT+rAWLYtECgYAkNYJBYTJo+cV45a0dDRld
+  o67mpeRdnhxcOuc4x73ziFemN7NCoekBAujHzyJDwz+Qo/ZyzM6EEwpkF3c0igR1
+  7ZdtdYE1ngidz3n7223dWhLlS50G1YaQ2IPgQBvwyX5AcPDtsuhGM76ecdCkNjgf
+  H566DX+4xlcKyMpYhLNaeQKBgQDcdr59+ks0HHowrGhbD0Ka0YGWl2zcT545ULRg
+  kikC/bYcnq2o1GTiliKchFSSVxE/tB79bDIoM5qKogr8l/bFKl7Wurs/ZxHFjRHj
+  q6PbLAs9YpuaoE38GBuFNSqAMQv353AJuyBqd28Lc/gITSi6eF5Wqf13iV4pqmuj
+  71ZcYQKBgEiFCXt1Rh0usavU7B8SNG2lPzsKctnMt39+95ZFnMqlyQ726pZu/3Ov
+  F6BUQ37XM+lbPqKpXV21m0Q2ApYRUjGQKFpO6S0wndy9FYGvygHspq93g3cJA8hX
+  S2mPvSy2oIp1BmS/4DsY/XHbYUO5xoniZb97EqcNHwj+M/D+pI5w
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAv6CgzA2xoy3Hy2N10VHX+IivjiJQKcnPaTCRX4bWmkUxQHE0
+  tRfOzbqbEnYF01syAWlYB7uBKEiC+nhJgvWgPRO9/SQS9HLKbyN5IdVQiFPlP3cq
+  YbogHiDFVkunSG077rvcHKL5je3qsogKwNgfv5S1lyOCmO459hYs/HCR7nvH3LVI
+  0iPVAijRhBPZsbAHPfH+zSGPZrBI7w+qF5jycksQqeeSzefMgVSn3ogoXHSwH+N+
+  1CDUi5LRqTuZhKjcP0zUM5HdREb3I1cA3hsBm2d3L7fMf0EC3rT/j+8qg11thlN0
+  XWr4pj3fK/uBbj9G7oBmbaH+sSaAVaqy39TKiQIDAQABAoIBAQC1kOzKau81Pdtg
+  ywyHGJUZ1+j/M2PhNGZhtLMJYClWYtkXxiu6qqQ4Kedkxo8eg/oNfFL8gJ0QHiR8
+  ThzZCQKa3GnXwKZ1F47XXzUW6Zc0lMlSKQbvMfvckBBqg6Qs69MtkLIuL/1kjVkj
+  b+NAdYcfbzffzLWhUZd5o+lcBw0+eEQlozmoTNT/l/wskTFnzVmT35VyiIHxU+k4
+  M7jhpT/FpEP+jGeS8VEimlXnRIgTOr7ThfdUtIq5Me0HCSkDEboWaKvtapZDfC7A
+  BTeYcVwjPy8qvwBhT+Mse+l0e2E+Dnqabbq0s4h7AGsAxYXPHJbnyyqV7p2gof1I
+  3mZGYXUBAoGBAMfaF5rxgnXAdUhzWyoMmYs59kv+Ot9WsKYZjp8E4fBxEGfySrxk
+  gChrnnKd2TBxsZtc0r15JG/XZOorj9lsCxY1YIJzgKWiKYCwnAygKZBZRdc+i+bY
+  oCZZf2glOJCP84Yqf6jKjon/1oxfghFLjB5QZCVDyMfq8xPjHn+p6h81AoGBAPV3
+  Alc4qdOQJJzE8Qa+fQzdKNgiWhp8N/2MXUmEcRT1AmtcUa5gEUeF/5bN7o8SIURT
+  9w0aKXKyemUcvySjbD9gQao/JmBGJ0gogZny+RM+MWE8o9Y24xGzc+bEmZ7LC71e
+  sgBVZDHF1Lryy90m+j3GAlJPJTAdeH6snMKX1sSFAoGBAL7eRNMfOwi40YprWbL0
+  K6Szq83yNUneIoHQQM0QvbSEVzXfSo9YsKlp9v7iUG6a9xQ5d6+rxifmoCOhjRYK
+  wR/pxI1yQHhwQpD8m1zXjjqleDVVMAo9894MdckCW159jQgjCJ8tLSsRI1gXU0Kv
+  U1gUUUDh1x1P/+2LaTJmFgrNAoGAAb7Q43Hhs0FpITw9QoEEPp0r9y13WozbkQ/4
+  cddhPnbnh3/mjMjeFpYbVSUttxK37dZzAULYXJpsSF/F9Cq9UE4M6Xr9eN3G1bqE
+  AWY64yokC770o0dMogmWn2NyfDCRas1LkrkIt1niw1mKnY3zZZEM3yz05Lyw6KWt
+  j6youEkCgYEAnsRcauC2Z/4ReRDIjYmypqerkLwS6xmRQOGqY7vWghxAEkXSjqUH
+  BMQBS5mi82R2pwnkPLd2RvQwwdeJ2are8JazDOQrRqavu79FyZgH5ranJNrAQw7a
+  HNE+UE6dpgHBDIf0Ps/izdTIjEUeaUp8nsRR40mopVR8a2QMeOOFoEk=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA002aKqkkhOSXiIpmJTmvuX1fiP2Sjr7jmt5gBzAnhG3LdlRQ
+  JSkfOGUSvtFfJJex+Gv4Xqua2gttCNOp5v4ZKOxWH2f14rIDUC7h6zCIsLnOkvKR
+  gZlwJ9nZ/A2ovovTxUz5ZTb0kqEoz6UWR0c9d4NH45vuyijj5iuQsR+AvqUzEI0s
+  Ro1v+DWGc2NgKbxu4cleRZNdbzVDET5FYVVaPnDuyssOrJMNlHpLFXTREJij0xql
+  xOHStmsHOTKZhZCKVbjZ6ISVmFh+je08tLlkntKsotoNxicLan4vJORg7DDJqpfS
+  vcRJtvL0FSppiBqYfHNRHFgfPBKg9m1eqhkajwIDAQABAoIBAQDGkvYfw0brkLuL
+  eKzXrOekRNtELTDO7zuMbhEGkE2C2X/M2x1aXtPVNr8wDikAhYKd+DG4HkLvSK+W
+  DPxtdTwFxlyFNTjRawNMFlL/qGO82VD1rfnqNl09RjDh+6AqOdOxZk41vTiIl+V3
+  hihyodN0/i3QC9mTqGvMAgL/QaDHB1kMkstpZ54cilAxrGJUNmXPkzeIUCKbNXU+
+  SaBTNR5m4UZpYNHPNH9SQoHUhjY1vF7Sdm5AvgJuxSaut4i8xllnIHFY4PywrNEJ
+  aAhk5LTC4E2S7lF9cgSX2mUv6D8kO5ItHdbKCMrT8JdBdsT8+JiBumrd58sXcGCJ
+  HCVYH3ExAoGBAPcXb9jZR5Ssk+5yXZVbJbrQ+hJ4w7Qlg1+q5qXTHgG0bYw3JqdU
+  a9Gfkr8Eq4QH/IgAnk90M7L4ff+MNnz9yMgd0Fpr62USdtTHfGkM0/gEX1I8GlVs
+  imZJFHA0W0kPFN6/0B19C7UNsP/2jGPatv28UvdVmSxYbkqHP/stR8L3AoGBANrr
+  2f5PxPEt4GnR+dmvYdXt8sa5h7gr0jujCHvEnJGUd+fK6D8oit2KclsgM/OjXYur
+  F7lZaX1dotqTynR5Yrx69n/jePcfNjJmttl2gMhA7g/fb5NB9XRaf+q7bM2kRvlZ
+  npy7z87rxhQEWxlo4cej6WouWagtgscHsByDQucpAoGBAL4s+rfTG+XRIhaPTXnr
+  6lEsEJzw9+eKS9/xAI62u8yiGwKlXAnDzyxK/j4pEP2QzAu9Nht/G19vJELwnut6
+  xPNJBxjhIQ7stCs20olkBy1H6Dm56qa+4JKzQpjNo0jK48xBo6NeoAkc3ZNUJl+g
+  ceE+9jhJWJgqA9E24can5iinAoGAQZscoRHWu1A8SHocnhfpAetlLhi7i33WavjY
+  uf6ZzSbpKBWus/66Xtn2m0hzSThT+F81pN4etuswusA/k9gstr9Cz+Cjh6ta2o/d
+  jB3vShPrQ+Z50W+a11unqfixCo+IlYE9/0ppZGFT4vvLMTo1L1b3xFJPnA7Hek3b
+  gS/1BMECgYAmxjernEQ778QGg5sYdwCovW+tdN6NdxEIiPu6sJITcLy7iihtpfrE
+  gxYk1ZOAq6j9pROftDYlSr1+hhZ8zOTYS48plgDYvmJS7qRaJRUWeRRfB0OzBqhB
+  jWI22NajXD0OWdYliX/CtyI0wLKTJgJ7rbVjix5sk2Wdxnr3tya5/Q==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID8jCCAtqgAwIBAgIUJ5FyERxyN6BatXR8Gk83s4OT4XcwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBQxEjAQBgNVBAMTCWFwaXNl
+  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVnnsLYUUBY2OrZ
+  7HtKRftkmkEeXJfG0A174VA8IwUx949ja+htZ98FWcReYdSHyqxJQpqp+PuH7O8q
+  4yQ1h87FQ568PqSjs+FV8JkxPjs1PxHT68Yq6ajkIDEmL3JeYimWzGpGmdRssgN9
+  nxz2oRjHyK5UMpxHVDMl3OE6SrHitqdtXSyNg7ImiRDgGLVx0pOr4Z81LAaUaHaj
+  G20czWxhpG46UjWRNR8eNaPLnI2AlpK+L1pHFT8HcQvWHf7DO+KaGCgg+rlvINeg
+  R16ie/hk1VR+3KTVs0ngO7MhXVqMtJlwP0Y6v6CQtGO3G2B116/7unuyPQLCp6Ys
+  q9ZIQ30CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHtshtomJ
+  suG51xMiTWsthHNeZhEwHwYDVR0jBBgwFoAUe9ElcTtFWbObkASWfBba4pzpw4Qw
+  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBhvzAvLiUgxJCN
+  mzttQC7Uf+D8fXKkCe+e4tXZNA3r/jsEurfVxVt5Otd7Nl6Mwd24TJYblY9j7vbu
+  rXSsCwGI7UvcayrXJFmtguY8HpQtpKNuSC/YO0x7txC7AGHbNp5+j7BywRixjTCc
+  p2/BJe5J3rGm1xbQA9jvEdoOkiiRxHG2XcjFT/I/BkUMLLtRuCGo+MkK70/4hf2I
+  QOshTOarkX1w5Nz65zvNKoFRMyBSC0AEI8Zkxh/e3ZPodzoSebcTyXYU9bUIheOw
+  qTG50vd38cIlzRFV5NSw3wYr94Re444qkGldC3055uacu4vhHqpnUq0cMWhDhebY
+  3dNkgJhS
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUaNxYoWg1GWgZ1ViNRLFEsYnDp2MwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDimT9nSR0zlA0wK7WvMRrUZDcBHP35
+  hAWranzbexBMAaBXlCPVxs1lGHo9AOTPjKsYpc+aAvlJi6efQsOcKagZRldyinBd
+  Ii+Z4hvia2Vqnk5s3YYEPFGo8krnXDpEL70TKH/GwfarSOsqycfolKYPpl1C6zQU
+  wH2U+u9hZ3oCtNPAh1oV+7faKQjhlRIURi8PK5qrbgqSrzWXOFVp/Eu1fjyrr26n
+  ZAGRyKFvScN4YzwujVgBvPKE5y/ZIpRtogZlS1if5Y3xp2VL98vKm7T1bX0J6NOc
+  BWqnh03CD4MWSZd8eqzMTV4kNgoZ93a47dhQwHJNz9FfPL3616OHmoeRAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRBjw1gj6HCZjOT4ZfovXDapCUc
+  2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAc69fXJcmm9DrmHdH
+  4fXyb1ymgRu4DtHzuSorr6hlCr2KUU7dlGTneoJPw3hPJy6E644P2dwd6qhFnbn3
+  2/REy9ccg3xjrjaAwY2h3+haTSCzuQMr5MWIo/Hmzsr/dS2qvPTM+BVEPVlrHCc4
+  mhoNF+3L/tHHVBKmr3+KGSkyB0YJ0tg/AoGlHIHWlR83m2B5dQmpBBzlOjYEHft1
+  WnArQppis7EMhfeT30bl0+Q21zKQNmxU4fG47lkqpxmUQohODlJw1bH/dwot2Ku4
+  dmvf7QL3ynG36KazDk0i7NYSuTXdYAKnJI63JZeI8liwyCCSyJzCpnzIaUvKAILx
+  o4d+EA==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUOYi/irJauZY4ZgueasRxWi7XsyYwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWZ/MNcpshsYrkIoFffSNgt7lTlJv+
+  WB50oHQ5dppwGy/5sv8sFOGfsfKjEwBNGvlmHwcz9t0MQ4+ojLBCyouN2CV1wnYY
+  ilb6Ag601t8mNs5EFzsNikJXHu1KUujzj70bapmV+G6y/pkb25ns2z/g+Ph5Zixq
+  DGGMk4ibeKJzkyCJSO7FhM2RNdjyWmaz72l2XuS7H9en+LeGmTpVP3xd55TlZ5Xf
+  aWua2u5ROrFvRcNlQGIToTislWaitQCh0xoX+SZPwxUSaSE1oj1TigO4CrLPoYzZ
+  tRTz6zAqgMJumgxSArgcGuPICoAM5SGfFulP3UziVL0EqXoqlKihGvn/AgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRDnT5+jSsT2cP22wRYxt8mTNKW
+  GzAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAUOw+JO20NnN8RvAI
+  H6oiOQEGQU37vDCkSE0M1gWqm/MXY0d0kjL5nXQ5mFbwNquL1M/wzPm3HjDdlBQ+
+  LfN3AGDpHXpkUsznKqVFHdYz8gSA8MWIg+JWB5gJriykkZLndqfinqTkYF7gsa5g
+  8sE0s3S7NaIrQhOSNC1AsZ3WhO0VxBDsXSDzm3lEPo1altUsMgnieaCi3OcFaCPs
+  cM7f9jEEelbY5j1YEbnc30AHYwlxs2GYTj6QxnNknCF7drt+CQIKeKcW/3ATc/Xh
+  xaC/B2+C90l/1Sc2fE71B8bVOk5TDnLA7jEc/f8HKAq1R7Qgs3m51lOAWUrQA/Ly
+  UwgQdQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUEII7MvDGMZ0KTZSIpAbPbMW6dU8wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTIwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWc8mDp4C1z5UnF2EJaeUOar1gDrpY
+  NAKsI4aOUiMWdYOVeQ4ui5vzoTkVTjNPqupaix5UOaiXr32Nx73vAU0DelUyBr0O
+  3fX/q0ivGQD7FqqErBIpRkAkk14qe8XLNC5yqAfb6jAb+Y05XaaNFULYN600F0G4
+  Ca7SFxoenCWCe3hmJKnbG0xTKPp9oqax3Q1kurAB0TRzxSQgmU/IPInvO6vPyv2R
+  7O+vprKnGYcW2tdZ0JtKBQ1YIpxfJrHU9Le1+lkWCp+JiHaEipMxBZd+7nVBR7gq
+  n4N2gJ67C5vJuWA/RYcpvsWiBfj+CuQtNXItpo5svPyYIBMZS1LXFrrBAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTB3mg0P0vfM+VX1n8U34fda+sH
+  2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlMocECgpmFjANBgkqhkiG9w0BAQsFAAOCAQEAHBcbm6PrvQGh/hxu
+  VZi4cadAJi+qQCd6AqKesy/4dRyce4pi+dHMYwPHmxAkY/egddyUnK4hLpBwT6fM
+  l6qx8mWJTWY/luLRXTT72tMm8M1J8IVdLmAicEq54O/Nw7pSzi85X1OdHvFlNPjI
+  R/CsGDpOd1wqlzALaDFntkhOO0pPrYq5xHf7BUCcmaSLSIPxzwLnS6VH0sWgTJyg
+  QPOmvKVp/keZXzUA2RcdA2/aThzVduWO5I902qQ7TgJPGGNfjlFBgbaWX5imwRVh
+  L4g6bL17b192xt9FccE/pmjl/ra3TQtFC7r9LKcsNSsu2XRvTqQLta2192OfEhHD
+  9Hyvyw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUbt66tcCie2zOYsHlXxp6GlnTnbAwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTMwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbZnKaJzZl6pITVwuX2oKmZQl9I/1
+  y0Vc4xnpbn0H5eVKS5Hl1XkPte7/Gm+pBlYpm/8Adp3fDEbO1uGnet6TsFLuAOIe
+  iFRbgH7NHf3+QTCwYmHR4IX+Keceubj0QE4qu6WF0BJJkuaLq/aW9BXzg2QVnQp0
+  bLlGJb1fQJRKwyM6bX3NFX/nMZNzXeiebhMdlSsMKcVgxRft2TA65ffFnMkubqjU
+  fe8be7S7kM09z53K7vUTSNfGOFXAandnnWqt+Rw5it5LBpkZ4Kf9Wjg0bco/3B5S
+  LO3uT0nIRlEM/FjxdtxR5ehNHZnutENEHU9LrNSPe4if7Bn2Mu/9wOrrAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSGdK2bmMlbaM/YV4Jyv3ROslkF
+  YTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlM4cECgpmFzANBgkqhkiG9w0BAQsFAAOCAQEAdS2rAtqpgiz4Aj77
+  NxhXZqZPdStyeQnQ2jAnnFXS93Kmdt7y5eCsoN9ij+wOqHHzxR+IlB7CkC2bgrm5
+  k8yVB1tWpWC+7ePyuw5dRVApxypZ9nghecmu6bXdTPltZrHEG/E3ohylFSjhJLNO
+  isiSBwQiK2FkRu1VKIC9L//jhf+Q3Z7szDl9pGfKzAGnFMhtBDZ6M09zAnM6kwkr
+  p25bJ4MEjCkNvTVzRVZLEensXQ/MfF71PVBZfsLMbi1uhT6JdtWXQk1hZQMXuPxn
+  MPyTJnTu8Q8HQWNOU7jGL1zywqfj2s49uZEH20nIcPJ4FY9u5ZyAuYmYRw9fhvNH
+  VcjxuQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUNn1tWrWhNwIi13l8vM+CRUGQYcUwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTQwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVgADSn5f32qiThjV17aPbHwucu0H+
+  ftF6bH1aGy2VjImhWUDodAur396xVl6XPxNPQGsGXlrX5kNTRdDydJCVJV0T3Irl
+  k+Ram28ZsQpTedNBqK3JM+RA3axLDzBVigTIANilrNfhI9wotIzTIrItEZoeMGOv
+  QEd1MesoCs7xl6vZqnoLfIffDrzZc3exur7dobt2hHQ4wpgZq6Ir43/sJ9skRo5q
+  KgJwhjM4+RjY85dMYKbn7kstU0ohT2+B9J9IIvD7idT2HuerxP++PyH7k3a6p5hk
+  XEmH65w3EY2g8a1zp0I7csmZEZ8v3e6x+XCTPDPp5LVnsq63QwBGnPZZAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQxP0KuMS5rKOGy1DoVaA4Fu0fz
+  kjAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlNIcECgpmGDANBgkqhkiG9w0BAQsFAAOCAQEAIRG9uublm+qeQ5Ig
+  xkjVHGyoenjp13iYeaYcDK+7s5zmsbzji/3Bc4tjrQA8mbDS62gLpsR0IRZ/KkVk
+  gI9L7uCKQ8n/xicaZisPTxs7WqZBfaaDSSyPn9mttPKsxitR6KnpxpDTZS+vqRSm
+  ncrYTP+6h1pmoNarRZLlMdISrCB2weuNFNhYyGUxGeeNukXtnMUWmn9LI7Cf8C76
+  Iqn8NqmFZ44Z+nsi+W+nFOrr7wubO8PbgIrt9iE4Z9EevqYLR1rpxDJZOpu3B0eZ
+  wRSNb2H8tx3Q18Zzcaa4OD3Lpf3TdwXawUEJL9rFoNxcTlEE4BBkxN4Q6s33Q10F
+  8kSsVQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUDtJG6OzUZWIGHm16Wbow3uvuPA0wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTUwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Ln82iQhbQiqGgVowLxQYvCZAC1Eo
+  DpoPfE5L8NssIohTJVp+QGG+fGXhumg9AE534pbj7FnCLjZfGDo1k8CL3ftra+LA
+  NDH993nwHANqoem7DgDdY1Fw8pzpyQU4St61AeoCdfvftzGwmjGaQ2g+920Dy3Bv
+  bTm/mnnZD1L/Su2OWSXq7TZtK/dzfu4B1FkNIxG/ZFWdIoAhpKHBVV0ID0WO7+gN
+  1uhQQo2UY1kNbtjXyJds1yalH1/lNKh/MRae/agEWCiteAyE4AGO3hHqwAIIEvbc
+  aein0tAZEkNWsW1K2bz5v9mHsLT7tqOQ4JDPmEjn+h7KdqdvZR0YcLP3AgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ/qe1NOaAH/1trOjRCge/BmeGI
+  xTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+  b2QxMC1ub2RlNIcECgpmGTANBgkqhkiG9w0BAQsFAAOCAQEAl7kdfxqLX1JFbW2w
+  0pW0Mw3ZH0ZFrGbafAgeaajFFVBRhbYBirdYivtpbSRnS4ej0CTH2+FOZiujQ2El
+  9Sx10/M1G+huXqfuJObJgS+ZfqEIaCA9Br5msvXMqNOFQ+7vKugxZRO3yUGRFGua
+  HmbZL10SDgGpVoPrkDlDvPa7VZ5X0YmrDFycXMvIwkfcEEBW/+yejsqJP5hohc8S
+  If0pzD4BRbcVRwn1dUg9V1NrUioph2LUxme0KNKPAc34Bzuc3Of8k8lf6Io3qdSQ
+  i9tKsgPF7gVbY7KtPsWbCGsF0/cqQktDnHvCcYVuXrlBFroneUNVQzsa0QclcdYp
+  WEXAkA==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVzCCAj+gAwIBAgIUCTl3ZdVKIsJO4PAhIrcu+nf8crEwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+  AKssrd7LwuamKrzdV113nojOL/Q7tnQTyZUnx+MAYm2/lhKTEG53CsP8YSn0TiNn
+  2pwZCPqln+Lsa80+3Pid8bpERZXODpIpaj9SToKr2NIsbL0+8loaCkGqx/NG3imK
+  7YyZKlpOqJpGEpuQVuQEN1xcbLV49FtbY2YtSskfz0TpFaGQdwVgplHzDA8cvrZ5
+  bQY30zHaun/+fNTRMrPXn3Ufd4+FRM9J/ZPmM9ljq3RxYdGGeqEZqf++BjiDx7sG
+  4fFKTjgz9+rHkTdzefoAUbZLQbFCe6lceb520IF+za9Y5e4kDWoXgCq9sb/zdKD/
+  KLKhrKDbou9+LfM7APyeXicCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+  BBRI7fcRT6Sx7NhiMw0M5koeoX94dTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8
+  FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAKYB/2XnusXh0cF0D6JJhh3lVK/s+
+  hy1hrrtz4yFF0YCMtqC+tRO3H0kjlHVwIAvoSVSbemNA9u/F/Dao1sPEiWEHc9cV
+  sFiJoG2t+PyiODrY8iHKyVXTBdJ5quwwA1c0dpuMhk2R7T0aXQcZqZ7eeYTWXDoc
+  AtFquwY1z345wgviC4SGUyB38isQRK25QH3jR351KHgB4EJhBlksga6xl9IpI/Qr
+  6+CdYX5FunW8hJ82YEqR/7c3O0VHPIGrKNRhRDdogX6NJ2hAdMeJcDFig3T0s8yW
+  DUe8RPMdozo5tDNtaaSALlJR2w8u2XUfFGRkmXaMreBP9gkqaSmYFNQH1Q==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIURKIFNGDT+hLdQCde9Mg9Z7q0MxkwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBAPNHbnKDsWomx308B5xDo/eNK7Gs/CCe5efhP8qTe6xgWJcTFCfd
+  mkX69A8nEja4tvfGeCU/p00+A2C7mQFPYlyS6zw8/1Mq8gH/NMdIQd9OmS3VosAF
+  R7IdZolVQTtMLsEz/IejLwJQCCcN9gHmYUsX8J4xMftaN2fqUn15JsaOWIfHl/3Y
+  Uz14ih2i2HZ72xye6mpqCuSuTBUz0C/gr8X41cd/CU4L0ECvKMobxs5g8o6ZvjhQ
+  4yDMfPNUh59eHlEFy9vXRyHwPNtYt92GIJ7e5+tuMGEvffaTJGZ0gmnuu5g7tQY/
+  TV5df6EUkV3ciq8EN59MVhLVAhAYWjVVQ+ECAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBSauMISeLsycyvW2xr2A3eZJlN3izAfBgNVHSMEGDAWgBR70SVx
+  O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAzBqjE2TU9oAxJwzN
+  k+JHS1SwlAwC/5FAAD0SB8gEf51Ebl7dvV7MAyORMCn3jnUAl40s/VtmS0AQVp9+
+  O7OoSaNig0moBpkqAcvvwy2aXatlRGrRh9Au0Hn0Gqtoc2xSaYkJq/nCRVD7Ed8d
+  Acc8bi8GvGBfWAZSZe/1aYCbIX/hxcPE5jCmQINpZfxKLrg/UBqRASenIoucrytO
+  LULwLT/qDww8YsaCXFmT7X7jBh1LpgxZKA17K5sKrZAXNqGAR9kQ2VgVRGtpgXJF
+  CQJCQTrt7zTB197JEKUuGHbAr9EYWU/224QDJ3c8D7gKvMHcPBjrGHYQHGZCHQSv
+  gqA+kQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIUBcujHyne30Pg1L92sIdDfXKeVnUwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBALQVzTxmTMFGFGbZK58l2QvdOhTeVvw5JMbrTO0chawPmvbWyw3H
+  LyAi52lfE9TgN5pAW5kW2fKkdDC0FsWeqvT5xHUomQFktQ3dV0Bg1tWaSHvuG1t0
+  wZshHAczE9te/wtTzj8dtYtewHmzswRunOlFqZQVYOXQxCObA/gfuWJ9EAJ6Wnd7
+  qHYtBoo4tFHUNahp4pQsMKUel6ORp84C4ZsHzv2foIojXwUvNbL5A5VVcjYk+KZg
+  Bsr21j0OG87QwCFn98LzRjQOv/MELTO8J1zb++zonH4fJCrG5CdJ5APmO5RpD0in
+  bJ6qNGd2cI1hgUYlvib8ADWsmUzTdYNpkBkCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBTJItDFrppdwDLNMaVcb3CRb5XAeDAfBgNVHSMEGDAWgBR70SVx
+  O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAAAED+AsZhAlZtnq9
+  GL9kWoX7ywFfGaQtH/JqZOEFbLtlWKViGsx2UiRE3vSyzVQi1Pa4dwqqu1w8mSHW
+  +sTDVSuha9Cceo7/Oqxvyw0N7sKv/COzizaayv9WNiAaxE64LJMlMikKl+dmsJUL
+  KUQrKW8oryafN3K6gwsKKamSc3oRxLopXuoxJ9kirTnC9jLTgVIMD3B9hKexKKCv
+  oXJVE21ebVsb8LbIG2jWQqigVKqXAQ7x0pKzDW/7WHsRrDTdlZXSFTe/HAJYwknW
+  urgvnRdgPXPyzpraYObL+SWwoz4SKmz8eyMjPpWtNAYA7HbnWOtjScW4RJZzZCUw
+  Wbq+Mg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYTCCAkmgAwIBAgIUdVEU1C64lfj6ivzvIITcF4E4/SkwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQD36hk0C5V6NHwTZIGBkygpr9WwHpd0ppv3r14Kh5du0HyQ4BnN
+  yxP5PJ6vj3NlA6SfbGqNk2O9e/KaA0HyZZeaTQChdc4IoUcV5AsVgItlAozkPQKX
+  FTbA1ZeAglKGHY5pt3RRnam8mJcKk/aq+k07xA7eXBk6+6S9DhWOfZpffKnEgXaK
+  EBJeRKdqp8AJl84HLKqhCdkFNxbszy5CKi+TsZhZGIKXFSShbPGVjCI4KOt7adDR
+  enp0O7VyjEi6/09Lzr73Ge8fqBWskAcX4DrJJ/ug4o9B6TwWigXY1CrWixzzGJN3
+  M9VtQfkkgBnKZQP4HrnteEP8Ed3Bl0ztnonhAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+  ADAdBgNVHQ4EFgQUAc7WIsQjqd65vvN3nZGghhFa1hMwHwYDVR0jBBgwFoAUe9El
+  cTtFWbObkASWfBba4pzpw4QwDQYJKoZIhvcNAQELBQADggEBAKVApC4Z0BcGyGZ7
+  leD7nfzBaPHq95L7uWLBK6HGa27ySYGDLMHU7bp5oe7OLhjtAcZxLLmyjFYIOlS1
+  g+iQktbNlN0d3V1r/HeChqBitFtMrqhVEPcOuxj5PAvOHHEGJ9a0k39Evqwad2/r
+  7bItvNGuOa0ehod1nSVHuMDZelEmQE4nwQwP7YTXapQODAA4AY7ZfbbFis0ZqS83
+  rwiqIKjq+/xxh6fq50cQ97mMnfcIyoLO+eeWOi0k/n5PWWX4s1r4tYojeKMSUqnp
+  +rDc4JaA9bqp93rYDIdgzX2Pl0lrq+rNtHsQ86mrlyJyEg6bLKVq5oix0cOwc+9u
+  hNYttho=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUDCCAjigAwIBAgIUPkC++mJRMu/V+FuXB9nQytpI/UEwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowFDESMBAGA1UEAxMJ
+  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVG2vk2H
+  rfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77KeV3dQrZIZ1I/uQNUO6lrA+QNk
+  Lmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhNClMr67ctP67Qtu2nCU41nO6o
+  1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xFxRPuytrEo1W+nrkzNmmfYD57
+  Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0WbMgZ+Sv2sElfDpIA1IJpzPn3
+  BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLOaimJ/vNLEK/ZDJWu/h3X861B
+  QMdL5YLg/OVVmwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF9nQw6N
+  Rfke5rjfyJGMDsHEQ8byMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6
+  MA0GCSqGSIb3DQEBCwUAA4IBAQBLDihLu77b2e+3L81ngW87czG+GkXfe4oFIpE1
+  dYy/nIS2YsH9FLKBFzFZIWbM27uixqqX3oJWJeCtLAZ4n71D3QfZ4n1710S9QBdL
+  7/UFVaRRzItd+r6EBdNmBqFYeccrxos+YGmT2SrAbr9FSFPmrg4SF8pcTIeiQghS
+  wKivz29hksJWJft/l837v+NZcYEXO9zYPWOGnG96QGayJ8OldzMU85kYmOdXhuIT
+  /mHiIlfzeFQBG4Zh5C4R55LfuSBPpA/FJiCIgvrL6KeeHCXE7KjWw69BMq4yEiDB
+  Zn1U0HxWHYUtoTCM3X3fNoZ51j8gYA83blImLoHGhdb70/nG
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTTCCAjWgAwIBAgIUY+qFJRXo2kmhARyR8joalXToknwwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowETEPMA0GA1UEAxMG
+  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DP2rGbvI5pG
+  /ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSug5EW66o5n+JPwEbtJVVYR/FvN0OM
+  9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDejvC23gmGodh7N7k8Aq0rFHNzK8B7
+  ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCyrvSkQ94Y1ABKxm9/ufKc4uAyIyLO
+  vLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/gJvFjafCLwwLgo5WbidLZoNudwhx4
+  hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEOWV8TGwSFAPvZ8E0TugwgxrEdidHW
+  +9rxTyL1+QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7XhiJEpDFW
+  Quji0xB3GhhTwqHUMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6MA0G
+  CSqGSIb3DQEBCwUAA4IBAQBNJLqDCv/zi+Uiwx2xThKd0Z0gWzZGXDw3HcZccrg5
+  sWtIoIFv14qbIa7yPqiD0JcDcpEtWNtHJpJ30ZLEnpM3mo5KVTU8bI9Z3i9DEVis
+  PWrdT4rQOiMs02a1hXse0u+GgC4VX1g9OUQ38RkAXMFp9yUBzpYviX64TFiU6U2F
+  IeNrxqHL2YAqP8m6mJgBRL6BIyRLBOsaXUziBRRZwqrQdIX5oxxwJamZMmTLrG6W
+  cz4s9vHgcpq9NNHE9azRI5sC1QnhJnQXU1w3J13pBB8TZI1PPdiPshtaWE97CVYH
+  QeMb++iM3hpG9tOkIRTjC9PWPbh9gvVEd7iGUIA49c7z
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDxDCCAqygAwIBAgIUUpBa3I4qjirh/2H95xwmUj2I28MwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowIjEgMB4GA1UEAxMX
+  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+  ggEKAoIBAQDc91dCGInlH79UmOHsW+1+/gP6Ug+KoYl0bZHJAHQk0jY4Xq5nSCMC
+  PZH2C6Pev9ItfrtTJ5Nd4BbUg+XG+3JklJ9hckW6dMKkdS0ecKnO+wyEWkPar3Mt
+  vfIc2aJq8LfWDmaiDsVSjH1c9o+8mub1m+iwE2t124asQTpGiRJs5tcLaDTyzieN
+  rArkGxKeCwGbgy5JT7ny3lnc257WtzZJCQbMrsCEoWRTOkb2/o4K5bvweVs1ZnDe
+  maFYr7bH2U79HChCbVEPPndvKecOSieo1JaP8U1HBVNqlyktofC2gq5kKBNXu97j
+  eAsWpAkuu4hEi164RjX0aqGun6Dnnc5pAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBQOTCuwI4CKILuPp+fH14jfTVYSfzAfBgNVHSMEGDAWgBQdRosx
+  D+MtVt5QUJi1qxoygTiFejBiBgNVHREEWzBZggtwb2QxMC1ub2RlMYIJbG9jYWxo
+  b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j
+  YWyHBAoKZhWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAKKlTC48CNFE
+  B4zyhhX1Jz2ipF3KpW9bOa3bryUxcxZFUAl8eBudzdsIGoJ7LXDgoaum9sy8sIqf
+  uYCs7P3ndrESGkKrvkGLECi9i7cKa6a25Mo9+q1SoQ2nTlZ+dz8Sj9crrWWzxkX2
+  UoIdPKUVcOsFA70X31KBn0Cq2X/DCPsPr/qrCRnkDYG6Qr8xDxGl6kGe53M50YmA
+  tmOmoyuTOuFWMIX1tppyKJLqTbRhoU9CJrrXYqftrc/Izf5KSiDP56+PYdiH8Aii
+  CMF8ew4tfCFXBJi4lD/5iVJxt4ht9/5JMcgB8nm3vvnJX1SgsatwxacjVaSoniD+
+  QXVlXKf3Ymo=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUJA2hPpbo0YEzmTtEy/vHc6SvZ6swDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+
+  Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV
+  7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun
+  gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq
+  6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur
+  /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUn1kykpRvV4TYuGPIPCF4yMxtjMwwHwYDVR0jBBgwFoAU
+  HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTGCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA1F4X6
+  YQv6OlUQ3i0Z0/Q0mpQJig3CWNWNS+dZS6JFZcGTE05CrTUsESA6qv4kM1r3GHpg
+  62BOtkQQOn0LEIyKNjIlakZx8CXvFfuupq76a3Hud1Z9WpTgXcuoCqipsULEIke8
+  2AwNvjbQXhF2p23XGENhF/WjEDhbUcb4Gv3UKHIVH12WAvPZplBaVMF5eNENVv8s
+  Lo+kKUPVEDUwq6J54dXSINf42aWhrms7mapx4dWPL5a7BDMqmcWDfaQd2+8zZ+NW
+  MJees2lrvk0wBmYHFvTXjMLo/OyJ4ZeVbML6MqsPfd+lgmSNdGZap7E5npn+LHL+
+  OzKpW7cXcjOmWt+i
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUOGgzLb4e2DZz84SYKnI72MS6yRwwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy
+  K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb
+  mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay
+  5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z
+  FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6
+  nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUYRrUlrcVBcu4EOLS2U3NFBSLNHkwHwYDVR0jBBgwFoAU
+  HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTKCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCmYWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB4u8hL
+  x44Lmz/lHyvIOEKNrXXAKoYFRyZis01mVfvEWnPsgQ/i6/vt8AuZ2u6R57e8nnkc
+  tsa1EPYwmUQ0KSTwXkTkG5WD5bI7/haD2guSy7eWRaGz9LSHmXPhJMVeWpYJUyz7
+  eLbyuhNwW0gMHq+VnlM9kDfggX3TF2AZbM9YMgyeH5e6WHytjFzKQmMe7FoIyBGY
+  141YuzZbXQLj3uSfZrCfk1BxySS1d//SN//kM0Ox0fIHeiUSAiAM/V5PwIzaIe1n
+  e0HXLi2uQRXXeRcqR05V/XQkoHwYyrARKED/2xWif77uMBHoNrdHC+2bKaG3lQk+
+  2V9DoxOZ57myyrBH
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUF4DiWQyndf/Q8HgoSC4bf++sh4IwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8
+  RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh
+  jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd
+  QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi
+  q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR
+  19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUsSfyEGwiJjZvb9gE20kGgP5DjP4wHwYDVR0jBBgwFoAU
+  HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTOCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCmYXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB31yuz
+  qVEC7Idh6wa68xC45tUeZaU4jMbqPY9zGaOlMl7RNMSqZluSsn/CmY7Iy7Jw/DOT
+  sxXWY8xN6IVKmsU/lhzmwEQneyRpxaCXa29hKp+ZDYhgUm7iC6LFYodl8xTs+g0E
+  SyFCXijs0Z/nhq3rp0q+k1pH4rroHy/Mx32hAsVLfh26ZDAHmwwnT8Fe/NHJfz68
+  HJ+Iv9Jbzqo3m+XB35y/o/fN2gUeyRkuQOs4wCItKn41E89HIR8WJ3HvBBjm1MLx
+  VIi4wmEPBhLXB6HGEHfOgSfyGXDzXv3/HYLMPRQRbAxdCFfe9E3UxYV0U+ZErtgq
+  DpL4g2ploCmjEElR
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDzjCCAragAwIBAgIUCqK8rbRNnED8bIclYLhk7pTurjMwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAnMSUwIwYD
+  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+  AQEFAAOCAQ8AMIIBCgKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqa
+  ggvaXan1OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0
+  DjpVn9Dj88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyz
+  c0hNvBWi29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkC
+  FS+b5va7ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DY
+  vU7LNHyF7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABo4HkMIHhMA4G
+  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+  VR0TAQH/BAIwADAdBgNVHQ4EFgQU6vDh3UHnTaExJmPKeTy8lF4Gfg0wHwYDVR0j
+  BBgwFoAUVap5p5w5BZcF6a/rnY/SmtLKL20wYgYDVR0RBFswWYILcG9kMTAtbm9k
+  ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j
+  bHVzdGVyLmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB
+  AQBIE0LN5HH59d/iSKoF9J3Pt+qxkeYH5pa+b3JnD8WY5RDiHO7jFeABD+5HJ+5U
+  1tiwU14WwjjI/FYwnpw1jK0dN6mzrd1yYv2KFOtv6JjGwq47qe402jUDZg7IBb2v
+  bcjEKjt/alJ9L9L4k2b6o8piopIkYaaUtcNZV4kU2jjnFNPf7vabqoi+Iw9JKFfy
+  2vMCyrqwiXMmPun7Prt7eOkv3mDAuWqciiXTSqVDg2KZH/7Dw31pkXsdSRLWRKH5
+  22jBwdJQXJVvnK8zN325CTS1bJ1+/prE2Yc9eO2GMMm+NXyX1RrZqPHs5o7n7NM4
+  w9/okm+nZlnQfCagnD3vteO+
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUMd3JiDWI722+AW/USFb9EaloddYwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTEtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAOJ+qXuoVt+sxYtGXLdRwvxJ290XT3+ZEmVQ
+  yJYzm9XrJmT62YHjBaRRxto+GDpCaxlgnuGIi7pv200AX/yupPKmKOKl8o4jwydF
+  DILPDROWGY3M8D5mR+wSrrvaJu94b5sVtNLtowxx3/mX/L1snauMDbNv0cc/S+O+
+  rm9OfivexBmLGOx4wLQNSnx54Q58Nj4/57JiaOCJTUszNILGFkWa9+4WkwpSCvmL
+  myLEFfOqxl9Jv+kYeY/OWuwPDmRbuNC7cC8YOeSAz6asas1ich55eMG2ElnWzu2Q
+  insRokpTIyG5PNjWu2MLxOnnVk5AzA5TGfWp0YDIdvun6OvteaMCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHLcpNrMF/rvKOuEkFnzsG9cNYYfMB8G
+  A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+  LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgpmFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAv913Pc6RiKTNUCXxb2t0Ybz6Yv/ABy/VOumHsVghR1ePXN76mn3FV5vk
+  1OgiCXmzISzuFMXpoVVgBcDD1N4/LP5gJCMls84aRYXolllRgz6tkqqq4J9gRl6M
+  2xtnXaPJRWckX2U83JtnHJlpnaCkGV+90O/WNAETJYFCSricr2rl6M65cBbaG8Sv
+  bn8XuD/S+RaSTNmTet3Cuyqq5d/8IdepjjvHc9h0tV1j+8+z/4u6JgRc3y5k8VVf
+  nQ3LN7TmI84C/J+S9mJm8dBk4EDroZvkdWGK99LRtC6m+2HBkGrtT8p5Fd+cN7BS
+  cr1M/wQ+7OucyGKPZPYjErLxznHebQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUV0amgQbImMxceXp2j6lBOC63Wz0wDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTItcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBALwgAWkPBRg9YKE/lSldqkDWta1I0SsYWyZ4
+  Cfe2kN9jMzNCatoXYfA/3gzh1+gDlLgEpNaKiuau20jiKGXhd0qq062qYUaTmtV1
+  2t+ZH9nw9QtRhqNlXsONR8x0B7dPl/uLhb9+XEuj4FB4lt5opvaUR7hEMSAJPXmJ
+  7QxrRYRLOB2aWBsQ2V66/mwfAm2AomrYf5+U51ixJ+7Okt8dvWwogZNZnc6hYlOZ
+  1byCH2cscF/3yojLZIEk8fcce1CF/YXFyOWA0SlDZKEXeLgbdgzNBrjFMIswvAGl
+  pgpvF7m6YsIbKjfwILMq7cc+rMMl6ZM9syTsI/LrniS7i304GkkCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC8x/+GIJopTZIcbI9SY2Ktfdj2jMB8G
+  A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+  LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgpmFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAiDqZ3mRkqWA9GVaIWEp+ae7gbDY2XUpnPF6CvaBg3LjlZS2rh54ALCyO
+  OKuiYP9TVdJJpmlXv12ImZZGAQYtp36jRmbQeWL7rWyFug35iu2sn6086xAVMD4/
+  jFroFNK+o2k5RMPhLPvbZxUOXtRBxW12ARAZABdjZKUIVKPvNhYSUkliDRuzool8
+  /jAky4H/2DftT7OgaHoLHSi7ixjgiOkDpnE9TM7ReN1Pb4qS0boVlnZPtnv4DnnN
+  DJr4mtZmVWLZYNhOh3jtCZYdN+nIv/t0zeleUIuqFb/iVFWcUr7a2oZ5TQjl5o0o
+  1Ou1m0mQAoCMpTq6f0SI2ZW3Jiq19g==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUJ1SC1Sayet9jm6JuYgkfeIaHPXMwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTMtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAM4M13fN2oj1tKWMQumtHx3LRlQiBQJIFwLx
+  S9GGDJaAyV4ZEWWJDkNhXFcbjd+vOpSbpJH8PJimdFPqI29StyewUlNBvhmmIOjj
+  u/bVkQmdDn4tW6aci+bs0s/X7aoFRn6D16KWeH4bDKJG0WdYCj6uOBQIXus2RRu+
+  mUoD1rX6ojvGwT7KExLMJXCvoKNL3089GxqfKYNFUV8UqhanHaDuK/UFhf5eaL4D
+  kVAY5/V1en9TsvSYH2B/2DJ937kMApRjRlahzEQKkm84jpC0ebqVJCTGaS7gP+Yu
+  pBD4yuqZLYfRFnNUXp+3onpYr7Y242ZaNoVxEVi42i/7WYBff6UCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNeKsmFcTFXYLZauQcodS/QPn+3FMB8G
+  A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+  LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgpmF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAnj62SHgtxrqrZiuQmbtanbgEB7UPULZySZNljs+8oVL1ctfu97RfXC4M
+  D8r++wEz6W3tapL/KFSKHV7K+0R2U9q2pQp6trYlxGThJmcjObYtRwDTIwyFznN/
+  IPgqgW/nDuZhd6jIfQiuujxc/zF1VhydA9t0swC+eAH1FPKJTdc764nT96GcJi9u
+  woGndhygBof+rvPjifsVp30GE0Oc/MfjwsyDe94t36zSlokWf6FHbzGplLpIAsJA
+  vfbS8XQJYhpDj/5A6NRThRgdm/YuP+qIqxbARS1qbJh1N8DUaamqMX5kgijOm4C6
+  wvg3z7CiiDfHxBiL2B6hQ0FFjV9RWw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSTCCAjGgAwIBAgIUDqvS+J3DONi9XCRrzdHofiHMij8wDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjARMQ8wDQYDVQQDEwZhbmNo
+  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG1/aDpS5pQF9f9bk+
+  olKiSH7c/l1/YPC0QRLRrXNb4t5LH5svo9Pt2VUNGOMLqBUDEWVjYavg6SWmovLr
+  5WPgyK6kslOHFxbBUtsJbFOvtst7uk2+RQQVKZYDQe51lJ96KOKv+/deV5N9Xlk9
+  fH/Q5d13nbcP1wn5e43UT0WcwdkagnnEgHPxj0+aeTomLR1Oe4Hok28/ibSnlQHP
+  GCksZBIRwktBBNuzbf+hbO2DJzwSkGK1S5yFKmY/zskX+yWnYTNsM5MpW//eK7Lf
+  krWmW7KM2WWQbXdYHhFHsx2oec+OfEHTYA6lezoKu3JvEgYwfDrbk69BzER5aKeM
+  RkunAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUpOuUxnxLW8TRhYF0
+  VVfMWkLhs24wHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVwwDQYJKoZI
+  hvcNAQELBQADggEBAA8jL0G7wYz2B3xY5DHIZZVnbGwxqF6MKr8ua1bYs/8CCyhG
+  rdiiAOGjs/Fm4T5giPpwreMsI7khnl/l1po5uaKHpCEE+WYSSa5+wi37cDz2rLqc
+  kmY5RVOHQqYngcR/dB8lghvYXXKdTxJhIHtKLRRsDtEtJmmXMyQU3kpEadSVr12J
+  nNI8qFnpUMYnelvnrUYXnFQj5si2O8am/PswMuQYyvGB4bcRf+CizITL9A8aFCYO
+  8LFoV2DX6GFQhF/6SsR1ZGEeIVLvHNvClvyBv0r8hrwwoHw+MHE4ZqMs1qwR6zWf
+  IM+zdeSIE8L4NewgTsDIYjm21KWnXxSWdN+eBa8=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUWTP7KBAIEqpE1HXxAuxdi9v5mmQwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxMC1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBALo9lW4d/QSYC8UHr4Aj26OAETW9fb2g/PYQ+9RLo0aHXE5xv/lAC333BQrQ
+  ntsZcAX2nV6VUj0dIYf9KJ6ILlxfl4LqJcHla3HnCsCdw5EojKHghYgOLOcUUK3u
+  vugXoqf+qCjTuw/eXi6yxrshkz3iVonyD0SYi4HHMbz4hF3+V70L67Ecyo2N8/Jb
+  DD/xd0Fi8YaY3qCE79tEqVhn11u4Hl5KyUG6BRokGAvSmr5p6fyXCY8TxYoIUSPQ
+  7/8GZHpxda1M/DdeMMzwGWAXbMCclJbNH/xca2BR7gAnyR5hoFGabLrDDjMzILnQ
+  w1R7nLjLdeimC5rGSr/0kEf1QssCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFFrEyajxD7rMLNbSnDPBb7z5rVEAMB8GA1UdIwQYMBaAFKo/GpJZkwjx
+  sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUxgglsb2NhbGhvc3SH
+  BAoKZhWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBACQi2nq0OqjiLuBp
+  ooBrpCHf6BIKGsfuMxFyCUS0NkM3aiTghBUQJeHmknbA/UKqbogFb46la+lz0Mku
+  7ZSQaYoApxFc/VFLEiMzBgC+f24ihlWcQ9U0r1y2Frw2dyCVstN5oBhluRFWJEk1
+  FBB4R3D94C5+ROVI5W9KOCNoIDj3BfJMh1eQ8dowwjjZxJvskgOi+dA/x22GXJuu
+  dgBn1Y5S7RVJLFvvHX+p3BU7mzQP2G85EU6BRMMwBot7K7ab0noG1M/fqInrT2rk
+  GPMhGiv0VzB5GBwr/nS2GYvIVHvMVVNrXflKHaJLU24I0U4M93Y2NHD71FSzA5oC
+  QGc/aOA=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUUglgv2X0gCKMQ5HQ7/CWxForGzswDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxMC1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAOKJqlpcr2mO2CUHCXokm0TKnvYlt+4AKAsunYFbcrnOTARWg9i/GdWSQ/r6
+  N4/CdChq5kcjP3Brhf9eX96bqQ04sOa4whs7jnJWcZxNNA6I0cXMjUDWkHuLQUvU
+  M06R2vsAGXnvOUYu9+m0Zk3ORI6qyP8uaaLfbaJaf9/skCGXjQeAl7JqBPH3yoa4
+  iPf5qY1T7t9AxdQGrJplTEmVERyILBHm6owQwTdiyuFyn5LPW4jf1NPr4S0KwJ5n
+  xPdpQxnFEszqdI0qJyfSxslFU8oN9mKXqEbYhSjYV0NCQUIpOC/u2t1sH5Vuq5Ok
+  uXEYplqVpSt6bYMk1sXpU2fPzdUCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFLMgGkKlgS4a6QmZ5llbTZ6VGsa2MB8GA1UdIwQYMBaAFKo/GpJZkwjx
+  sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUygglsb2NhbGhvc3SH
+  BAoKZhaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAFtsllXKD/IgVDhl
+  8MU355y8SrYyH3aWG57ihza3DJc2Z0YdTGW//iCM1GplROZl+dcI6C1thtuEU44d
+  uNLMscnkk3pPiOxLRkzbAJKYrPX3QFLPvFjYqCJZlb5HMKpMX9X6WuG2lSTSexTZ
+  6I9K7vsZW33MC/9r19kbyUdjUtDKWZwDxeQSlJ7Mz/OTEDwXPWVjVzk3V9IIbLuq
+  cve6BPVvyFF5APDl5Q7KaZZpRRAyRbI5wgslmgtWKsA8L5rZrl+Ncajj50x15Rjc
+  YYRhJWRRR7p3OkDF0h5DBB25w0pR6LtJOR2whGNwC6U9QbwWxRktd3C/gX3gYwl7
+  pfoR2Vk=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIURMN4JfeDfqua+8kFaFcs4C0IKwUwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxMC1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBALwIJ8y/31e7tk1FfWUshWRMSKvdJQDv6kUDlGpm/pCtu1w+cov4ci5JTXe5
+  qwrwMkzIisjwOqYMJEZ1hBAJ/+1YxcePMuUGZbxFaG7NeSk9h9mPmCXKn8pwejR+
+  siICGbDO6KflwRkNnrMvyYg8JWIlqe4wQ8RbC3TtIkZlj6Uyb6muhb5BhXzpDrjo
+  cI+TZADfdYn3dYAqgozd37TlMBfGDBToJX1U6w0m2mLzj5GMxyQzOYLqLezB3vJQ
+  wdzrDFl9XUZ3ZaGQ8Vw9is42osLuKNQSBnTxzbP9cCmO8K1xdsDLqLWOYR6JauIw
+  nhgVXXiG/yor47WHwYQUPhvsceECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFD8Q5S9CdHXw278L6X10EVQSUK9uMB8GA1UdIwQYMBaAFKo/GpJZkwjx
+  sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUzgglsb2NhbGhvc3SH
+  BAoKZheHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBABPV3yFn2rWNsWsO
+  hC76deReIoSK6wdRgu8/txq1lHLjmnqbNWkdjhH7Y/JEFX5H8CBDX6zsu7aobEC5
+  tT6j/pcYFrpcdCF1vmfYvJ4+TFhOxsebtWvQa+08U37EXYKLVsDgFXj8h+/gvNqe
+  9oM3Ak6QQEVIDXZPi/Q3M0SQqKvgTi/nxxbZcLNu7freLnC4zuDMNaOS2CsH1dx7
+  NjQe8wKTafD5SCgDL/rwoJ6C+uHfuLsexJ/ZfkmO7HuHM8hjhVpnB4XXtL5R3tvT
+  bDVocpVaDtmPqYAH73n36KLyEuppWU4H2Z4HXzOgJ6APQpQM1t+Ge9DcOO/XRXyO
+  wKVpvtU=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTzCCAjegAwIBAgIUFQ7v5fmB/wdoO29od0eBq+uM1yMwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAXMRUwEwYDVQQDEwxjYWxj
+  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTN/w6HQGi
+  ZFcAvPPZRoYMhMu4Pcks7j9zmuYYpoKRRft+AYOUZfhlgkIvwv7+Zp4RQp3zj2u2
+  KHYGXKOUSCfeZtLf//wgDZtv9XQf61vwB2c49kbBKGsdBl7q0u1+NOZnUWP9JzkD
+  X/GeuqiwRbrMlLyNAdKqxHuFp7gac1hR6UZDFpBzjYp5tyFDZaZy6/Q1RR+DRwHe
+  3UtTSaXjJ5YRDjfHDc7Xy5RzEK5AYXBAEHCBHv7hU1BXkiAi8orNTETOMRG4rUf7
+  L/lMNoFq87PLovVadUkjuGqK8LsBEjFZrXVPqZmnKMdcIuPVbQgdwFOrGM6so1A5
+  KA/f91kuHhSXAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU3u7nIdoq
+  F4QoImLLuyhcnliy8DMwHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVww
+  DQYJKoZIhvcNAQELBQADggEBAIDQUfdsC3Apqi8VGz9J1EHF4j49fBe26oOV+OnU
+  /cijGAy2u6RnQkTygTjAHrqW+F3dN04K36+lCIONvNYOTdMoOchdvGYsx3nOGB33
+  hVKAUq4HASTDxlxjGTPlpyldX+ll9Vnrx9gzC8yRllSQ5WCAIiN2bOlDJWXRVvSo
+  dzNLh3T5Ob4cA4wevuZGv4k4i2gHJd2dW8V+S5zs8JG+JweZxjIJ2EXkoK1kKRJf
+  6ylK/ddCLqyE4+cRpKwSusHsaYZjmCWmJTLS5pePORabG5dJz/BPGgKh1B/7i8vX
+  gHxyMrsINjLqeEE2pH3dpeuYHcjDK7YKXi+d3JoYKa2F9JI=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUSal1qO83HPfl18bY7yZfWp16p6MwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDEwLW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQCrRWGRiwZAQzLpQHywYHODyufvU59LGTpRtBj8jeUjQIMB
+  zMIcLVhnNX0trtOQIf/7RJSahhsOpXQRgzDVY225yho3AlnoKhocJzLQ8YBf/mF7
+  fv6MYblVRpSlnkvJuweTyfkS/J6pLKpO+ZSTovAuirfUUgnmx5HXD/GkxP2AsLxU
+  H2765eTOjCy99Qcpsfm3rUd+rC/dQEyQYXK4mqylcDa42CEPWSOTQh7Pynzx2QSw
+  yp8/CUiBEzZBdtWWGt3eBcb4YNypD4XmKksy2w9z3I30dsl+RBWS2GIue+5s4Tir
+  Ai3WQ1PLCw8qBduohqK5Cwvqos42/M7C6QM615EtAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBRMLQSPn1nJOXgtOqc3evonuEfKlTAfBgNVHSMEGDAW
+  gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMYIJ
+  bG9jYWxob3N0hwQKCmYVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCC
+  /vuDwGuKPrroU9LrsMVPFLys3gxGWy2qt1Olofvman5C4D0TDEH4pzX/kjdY6oWJ
+  Z4yxxLFwhDWRTxWdSX30Hm/IDJg61Tt5pFyzZ0D6FohQmG/cb53oC2TGKtSFRkcB
+  I+1/gC2UK3nuEkoJUqGtNG/H0EOkC/0ModPMxUob6oOU9zyeIVYdzcfqriKFhuV0
+  FIscDEs3R+Ej3fWYsjQcK9d03lk+yquv4Qia57gASjH0nhokFYevrAqy/3rb/Ygx
+  Y5gKaDtg419AvBcGCKxUlp97Nw1K+NJCO2C2gFsV0+bgspG3xCG1tTTXTjGg5acs
+  SvBDma2J8yDT2JpmZAY1
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUIE27U9sJvyGBQbL4VOBZAPEwZsUwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDEwLW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQCy4CW6/cdplqFr6RShHQkSqrMDpMcIvEizQLlK0YCwWY+Z
+  zECCSQY7lpw5g4Q2xpv4XUIGo18L8qLPcnPdSLdQ7aAVJCSsb99M10c5k7ZBe6Ud
+  br66CfqN0+SUpwcjrAy98h7AHOg3lDkMTmAM2wJY/CMPloeD7JxLVJKIr3zkX511
+  xwB/ZMrmjFbdUP3UWQouiuXgKMDm2BSBdW4bOPsg+4WV2hiGvLO2jv85AG83YDbq
+  I9sm0MU541oT9aGX1LP3n08h67yCFe7v71xLhscsCVaLJSVQj3v/K7/qj2Odz1xi
+  yGmqT0Mt4FPCugetRm2dS//Nr1UbPbLA3KWbWllvAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBQYB8+dWJrIG7gxXg0gynxYPEE7tTAfBgNVHSMEGDAW
+  gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMoIJ
+  bG9jYWxob3N0hwQKCmYWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBy
+  EYb3InTzandUK/mONyhEHPGEMv0Gif/sKVCA7LU+mahaWe6CPcHaZfZZAQq2sVbw
+  fCLNWp57m76qSt28nw4UU2EQSwEVCNn+GNUL32DQH8wHdg1Gd19ethbd4D+hcJR/
+  gH7MbjrK5zOvAICbl+HqjEXJAQDxov0pEOZuO3xy6q/Ox5ws0VL2UbyUXfErjesg
+  rZAydMkAHJJZYNVLzniGi2kpSC8PvLh2zlW34VeDDqvRUWXAyL/qMt8DXqPTsZMq
+  PDg0XOzWEmUQh+ocTNYrV2BUcC/JmeiiUnEnDT7ufEKjtYjE/99wAzBBA/7kr5bG
+  Kwhuc//VlhqrYJSYUXsY
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUULCurM8R6OTRfkb4xLv8Sw8K4lAwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDEwLW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQCmvXnsSmQi+dHtw+tl98ddJnxdJYth6bzXplr37vBUfRgU
+  jOm7866nznnPVPTrYzrsBnQUyi4Hiu6Rh+NW6+Q2ndm4ovPHCALZMDqCRLv2raQV
+  kNT+23UStBYXc5kYQoIVFlI/4gitMkEqM2V43T8rxT6Nd3GQZL78dYAWNSCeGL28
+  TLFcbRmnxvheCriieDG5lr7/jHhlmPceuHXEbd3RB9towAncBd8wimmmAqpwtjng
+  UC5eHpgLXwGeigT7SVn/1Rwd2ZVVEY48gpsf3fD62SQA2/OuSXOZU6V1q069VlV0
+  ZkJWTeXwBPzKQDtrDRadb6Yh0dczt5uCQoWJNlCBAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBTSMkQI4yhamhQcrP3ipAJWIMx7azAfBgNVHSMEGDAW
+  gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlM4IJ
+  bG9jYWxob3N0hwQKCmYXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCj
+  x2sYdrTfabx3BRDR4qsONTQ6XNyyAe8/uah04UWNj2DyFNxAQxMUyqQrt3dobKuq
+  3akP3aTLPMOAIDUS+zyF3VsVJfsbT68ZaWvL9EOR+ltifPGSFhWYc724Tc/6QuXe
+  841VzuqaDYLG524PAo8Ze1m4Y7Wtb0xMx7Yr3GS697sN8a64pJhOIVrD7gr8XElF
+  cBTY7ywIK08g8EVY9USJ2TO+1/t5tSQNYWg7HRMjVPmeSCmHi375gIX+1ZVYbw0i
+  MbjIw7asTGCL1FqpMvnOZcoLUaRUacdWdAkoJpRh8bXYofrasy55H/ofcRakgTCf
+  btgEabN3iOueYG0otNOB
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWTCCAkGgAwIBAgIUchUy7dPcL88FTyFjx/X3Rj8o8G0wDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBwxGjAYBgNVBAMT
+  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+  AQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJRXgPwehQhoGfo
+  CYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJcdZv/FFKMOvkh
+  JAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcmrrMJDXJ2plkz
+  dgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6UgRolxyTfRXl
+  4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7dggX3dI3hPIJ
+  6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+  BBYEFKlrKwASnw1F87mpiqHnhHZE9riqMB8GA1UdIwQYMBaAFLB/WER/1gbxJWl/
+  2OXFsca1JDjHMA0GCSqGSIb3DQEBCwUAA4IBAQAJT/Dd774W+HwBJbi92UwWzeE8
+  KLCo+qIxiHlLg3l3Egrgy+2dV8gMQTmzW2y9znxFIeNg2eBciZ/UECARraoyOpge
+  UUxnmEFSR/ZC5L6fqSby3Mo8p7STKd95L+UqjsBw2lJg06jmjCBQMIAk6rYFPr9k
+  hT3g2zwbxvyJliYyzVFPKZ69tG/lVcbTnERtQFgdWAHPw/9SJJn0wFuTFAe5eZwx
+  v6DTF8YkJiQZXUV/eWlPAS+M9epY2YA3vTuVkOMTIMpYMYoAzOPBtFgSoaii+2mS
+  5fBNwgV2m5ht2Yjx5uvEtdY1qJM7eS/wAXf8QhPUkwB48q3hjioXUMzAUdYi
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA1WeewthRQFjY6tnse0pF+2SaQR5cl8bQDXvhUDwjBTH3j2Nr
+  6G1n3wVZxF5h1IfKrElCmqn4+4fs7yrjJDWHzsVDnrw+pKOz4VXwmTE+OzU/EdPr
+  xirpqOQgMSYvcl5iKZbMakaZ1GyyA32fHPahGMfIrlQynEdUMyXc4TpKseK2p21d
+  LI2DsiaJEOAYtXHSk6vhnzUsBpRodqMbbRzNbGGkbjpSNZE1Hx41o8ucjYCWkr4v
+  WkcVPwdxC9Yd/sM74poYKCD6uW8g16BHXqJ7+GTVVH7cpNWzSeA7syFdWoy0mXA/
+  Rjq/oJC0Y7cbYHXXr/u6e7I9AsKnpiyr1khDfQIDAQABAoIBAH1g672+Kb6MdKVG
+  c9HbyVHxwU8Q74WcoQ/LAI2LR2f9+1ybJQLhhG1bT2o3qXKcdU7Tm/YSdt4Q9ftu
+  TxUu/iNVcm0IXCWOqFhzjW/zpoRSvENVJui+vZkkrmUx8h5XpYSZvG+UGzzav5ud
+  aqYxoGRWvGjvvuxiW+3RCPyqqsfnQBSARWI5CDuqVCS1BAa42BHTJLhqSolhOfJ/
+  s7fe/5DK1zmWaS9fFwbbN66TbzMSpqlx3kuSpJ2nJZ4v0agg91klt0jXtdjy92nr
+  0fekUIuFmuuxINQzzNkKGJw3X9Wux/M56MUZBDJ8CkonQlpy87fn4BjzDORFWZIc
+  ge/+eGECgYEA3CGx2DF6Loi7Xc5xWIAz3Gccjl1CiriU4WA0gRaAVup503FQ6wzi
+  CjwEcPE8wG5Kwh7UUPnVgygHjjny5g/WIMvVNjdAHq2rb6i+mFoRhmnxJbvsVZgc
+  9MUAqbsOagAX/PRk4uTmT7MU9wj2gZlquSAYdq7HHjOtphYy8Z+HKBMCgYEA+C1U
+  X3c61gIYP4fxfDUM0qA5pZ/HvWra26/fRQaLEuKkDZgiPm5BBe8o4kJBN+Ii/UZh
+  R8L/RAGKDM3PHS3wJB34Gdo59dafd8JoOggWkcZCfwaKd0Utine+Gmknj6ScaYyr
+  3AqDV2/0gDLnPUUetIltjpRAPM/rDdpLL7t1eC8CgYEAgnMBRkHDyxHCHwv4xV5r
+  3T/Jf2Aqz7Qkng557smb0mXvPesX7cLbrP72DswWmV6CtNi6LyZubePp3lHe7JET
+  7ql8Nz20pLl8L5ZLJFOzsPjVK+xaWDrlZfPcubidCRn3HTLjGkZVaYORd/d6xUBa
+  K0ym0qYuX2p2jEb5d5B28rsCgYEA2ZVUbcZozQxVGg4jyBPyxA85u13UjttKOmV9
+  SFUuRUZzMn/5NecQFxXRMF2KNGaM6qVz0KjDiGoZEJS4SwrliaTEylWrjz+13BeT
+  rZ09vFyoHBot99esz8Of5iPfTW6yu09btbV55YUARg1a8zrQatQ6O1D66NYZbLHA
+  TX76xH0CgYEAkdPCT+GYFqzXSulgGatpc9aDZfIb/2JqbBU+WICWwT4XRq8hs6DP
+  6d/+SpXR4OC22E71erARwxlWN3FkKJ5ZexSXrG0QP1+FkgMjBpwFEBHklHdfxwex
+  SOybZUAWYuVnl+c2iuRgoEBi9YZZA83lkLhWuWz4RSZehimVTLPQe1c=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA4pk/Z0kdM5QNMCu1rzEa1GQ3ARz9+YQFq2p823sQTAGgV5Qj
+  1cbNZRh6PQDkz4yrGKXPmgL5SYunn0LDnCmoGUZXcopwXSIvmeIb4mtlap5ObN2G
+  BDxRqPJK51w6RC+9Eyh/xsH2q0jrKsnH6JSmD6ZdQus0FMB9lPrvYWd6ArTTwIda
+  Ffu32ikI4ZUSFEYvDyuaq24Kkq81lzhVafxLtX48q69up2QBkcihb0nDeGM8Lo1Y
+  AbzyhOcv2SKUbaIGZUtYn+WN8adlS/fLypu09W19CejTnAVqp4dNwg+DFkmXfHqs
+  zE1eJDYKGfd2uO3YUMByTc/RXzy9+tejh5qHkQIDAQABAoIBAFQBTCgWSuUcNedt
+  zOUt5yxmGp4nCWC/OPrbd35GmTwUPkU5fi96jBq2gFqtQiZPl/6DOft2rsQ9Kd84
+  +RujtdXo5fJosE9WpR7/XCcMeYSVO63QUiav1fY0HOC4qEEvEYFQuk4NCk1lswkh
+  1SK8OPQEUP7GA4DN+8CHZsdNfUYS4K+5XNPvNR4iahsnQb0Ee2KBMpAyMe9sEMQN
+  500LhVgS4Ud/KTY+IsYROjduj67fRUZOxsNuCb1hxXjzWqR3MiRyrFNN12SFw9l9
+  aYXaO55cv0XwkimdaYjPds561svQ9Opb1C6Vr8zObulSPqnDRNtzhOEktG9XpsCS
+  03cWryECgYEA45SFhMJDpmjtGLSECYkzf4vb23aYb9EiuJNMrOBWpfmkSahPyEhs
+  7q7oq6mdmhOUE7oLyp+mGnNHwTlPCROvxsc8xcZR6tC7I86RRRro1Qrc4e+0epQS
+  n+g+OaW+iUYa/0XJkoas0uYSBqF0a4DMsfaYeTszNM2EH0vTEljnUksCgYEA/uVY
+  8e5a/y24RNUiQxUUnr/JPrpjyRm9tsFXsAI9206FIrLIwbWgPZQvyH/efo621nZ8
+  hog5RANXE/ra1wyLl+s4H032p2cVzwbeyBBYEykbYNO8kLnlm+YM0AXgePE6Tb9S
+  9kDNfU7ZdXA9Khzh3BpXgtgCzRRq689euAWKxBMCgYAEzI78O7R9f9zwFm5qXRBO
+  8j4SpK+WPAzFY6XMR3bMTTVfsELucEiLx/h0FkGSjDMlL1ksTq2MBT5QHstB375n
+  LLBlY0c68mff221IzcZ3J6F8yjc+Fn1GDfmx8YLRFj9ffrM/ecOPNvbOWP1BfxfR
+  8OdKNytfQ64zkr/CtUk7fQKBgG19KKqrPw0zn155ysDT8kqKiTBXsfs1AmfZPwhM
+  vjNQ1CFmeJO0p8Mrvya5vmHQfbs7pBvJsgeEA8iCTbRoICI+mJnhzFx2DEkkY1e+
+  pYZ9dtQtv2bPY1CHDePhUl3BCNFSqJk8lsgHsaMfdjZ7t4zrB8IddX6QEal/JumW
+  /9dfAoGAQJ65SHMkIDaaTbi0ndCEIagJvxtt0fIty36lIskegnm5Mg17WNkEH76b
+  i/nldW6vKS3+2GOIcgp/eGNVtoF4MAYCvKXz2oEiEe65DxcGgYBbPYUXFFm8jUdQ
+  +VuBloiUTgYfS4LUs/OOfPf/Yv13951CNlOUqAenAn9exQ7YkhE=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA1mfzDXKbIbGK5CKBX30jYLe5U5Sb/lgedKB0OXaacBsv+bL/
+  LBThn7HyoxMATRr5Zh8HM/bdDEOPqIywQsqLjdgldcJ2GIpW+gIOtNbfJjbORBc7
+  DYpCVx7tSlLo84+9G2qZlfhusv6ZG9uZ7Ns/4Pj4eWYsagxhjJOIm3iic5MgiUju
+  xYTNkTXY8lpms+9pdl7kux/Xp/i3hpk6VT98XeeU5WeV32lrmtruUTqxb0XDZUBi
+  E6E4rJVmorUAodMaF/kmT8MVEmkhNaI9U4oDuAqyz6GM2bUU8+swKoDCbpoMUgK4
+  HBrjyAqADOUhnxbpT91M4lS9BKl6KpSooRr5/wIDAQABAoIBAQCkiBioVS5e6NPg
+  xenp0Sn46oQ5c21R/WVBsm/+ONnC9doXEBlpRozt86xzH/23Ld/9UgpBAkwXQTFY
+  8r3AQ5ZcP2Zfu97MbjzYlgObGtkbhis7bWhPt625FW6a/ozte3xvMZqyz3aDvYTZ
+  L+grLwUSK3ziDFpA90dUjVLjm+tuLC2cmZDiji+4QwEfEiTfxKfumJzG0DXwt+wP
+  EYT/Tdyq13ewsmGtyB3rE/or0t8xlV5BJd3ur/ezB38jaB4Hifb3IHzSqFS+xMcn
+  1QsLs5Ep2oibNZnzc4aywPrMDN8yu8IJpJ7I7CYnoAzEkzGDCsmbYUKSnOAWL+pf
+  BkoInOpBAoGBAOI61Jb1mxPelY/7JxLnG58LMy0XagY2ka999nxmeCEascP/T30/
+  dhNTKiccplDw6Fql9wlcMLSm+qcAMX3d0iD7zawsKlTinq/v1WgSS8DiHk5yiI4K
+  g/wilEXPEn4xWGDqzXKbpAtnD4uik9Q3RP5JL0xc46E4+kqWZVRY9385AoGBAPKe
+  zbNGCEvRHPgkUwzaMl6XEQby6OuvBqiLnE63XJVEiHLkDCcKJRapDDFuIpVzU4js
+  39cN50USDJjFZWOyRPIuhJkNMZBShOESgnB2srjclUEhTmWGk50CvLaIbjBebhfw
+  5YkIHYFlu8rqjUu+swGyg0ERCk/iU2pjF0cDDwr3AoGBANmShOSOX0/TsPmhLOoU
+  FE94YQaLzy8cii5CMa1gi0YjOzXptFQblX5ubErjVdzgZEbR+O0qmbkUIlo8aFzJ
+  2g5YvWxJqYirzrwcJ50Ig4yEq2r84fHhkSALTZh51ypAYOQMzfvcTf+dZakAebYO
+  Va9NSUzixRVIDAdx7xAY5CaZAoGAJmH5KONrbJMoghk9Ckt6rHw5tV+4eZC2/PMZ
+  R1q6yuKMs6BgS8zPEUatJyTFU99q176hquQIMmUomQKhh6QsRCQX1h7AOJTVcMX8
+  3M3qeFRtSGB8hpNDxxMnx7jNtdk6kY8KwSMHh/EQRInW0KTarOoQ2bpYZ0rm523F
+  wPY66wECgYEAqQylR7EkQwMvAEh1gGxnoVIHLoLBVp1mtCXurDDakDzyMw0DHkSi
+  l2D0dvlhOcHhrCKGCWhcJq2kO6Dz3upjTbBR20JREWyG3OQSz1I2G1rJ794bGQ+S
+  tkk91P8VtFzrAQY1553FBvwke9qmuEoEzurCMNU9d+DBqc04RoHGU5E=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA1nPJg6eAtc+VJxdhCWnlDmq9YA66WDQCrCOGjlIjFnWDlXkO
+  Loub86E5FU4zT6rqWoseVDmol699jce97wFNA3pVMga9Dt31/6tIrxkA+xaqhKwS
+  KUZAJJNeKnvFyzQucqgH2+owG/mNOV2mjRVC2DetNBdBuAmu0hcaHpwlgnt4ZiSp
+  2xtMUyj6faKmsd0NZLqwAdE0c8UkIJlPyDyJ7zurz8r9kezvr6aypxmHFtrXWdCb
+  SgUNWCKcXyax1PS3tfpZFgqfiYh2hIqTMQWXfu51QUe4Kp+DdoCeuwubyblgP0WH
+  Kb7FogX4/grkLTVyLaaObLz8mCATGUtS1xa6wQIDAQABAoIBAQCxerYFjTTKQvev
+  mHuobMkyu0frHYU+xhyIFgaf9n4vciXqKHuCLextHrq9VTDF+C9nq8b38ZgDoSsJ
+  kYsxKCRygmXLtyP0D+ItK7ZFoy3an5GTp0yIeClRm9zM0A6L862VGlcWu6QBIvCr
+  z0OtczEU/E8N00mCZBEYsiHdv2CTsNO7XsarSVuBsZTKpUyqdMlAmqDcDHJmQGkS
+  k1+YWQLJ7HMHTHxxAI3dxpIlI3ZOyoWS1VVBTyKwdpfkjE3MBTP5B7sKGdrCuajH
+  ABg8yNRjEnVt6nqXzcwUa4THkaSEZKy/u9hXmaWFHbB9kd53641G6weDOpTIuUNf
+  5e3R4/R5AoGBAOZXxx0x1/wsxvORSWy6Roxm8lGdGTSg6mG63sae91xILhrNoU2L
+  fjYv+tfNi2ChUXz3b54gq78de7uQWwYuI4MTNyZ1p3rfjMelc97hGm7zRyI5GPyW
+  99ijncKipxLP/NkSlU4K+AgEIuF8hnQ62963zYWm9s8uc8ireyQPSle/AoGBAO5W
+  47yzTo1fO/G9NJMb6kZTTJE5VhsN7OpaCjxg6loXUMrxMTZgOEyz3MD5+6yeEURF
+  C33VXEULxt5DWUub2lCrzqq4rmmoRcUDp5dWSRRh5aTfuUKwOkTkFme+Yao4/Mel
+  oRc0krPrG+chS4PAphvfr60XXM83LcvCXCsBX41/AoGBALIlZSuhJwgzoVMzJHRg
+  xLtFy1dvhtT7NwqKuk0nGOxYLsAwFPaiUeSaywgoQglj+mAKBltnrSzMIqv3g06O
+  VIzFSbwG9pbDWl/2CF1x/z2cDYHcYwTHxbvZHuQvY8Pa9BT2mF6ZgSbB/DAkXOB7
+  vRzNTrh1XyDxLj8e0Mgcw0SFAoGACVqHnYQ79Phj1dzjD1LtIs1qF9j0NCObxKa7
+  +Bqll9uKZCyLDeNA0mHMrBYjdmbNrqw3Az04Xc1UhKyH+JupOblEZxbQYX0lH9JA
+  5YORYqdk58+P6boYz1NUPcYO9ys9YGhzpgF+MGltsuhvmkAZRMbGkjh0f/1eYrzB
+  +T4YjekCgYEAxH4teGtPH66+wiyfV1dDrjFhv5lV1PfO9agQQGffmwis74ZaQcil
+  mRrxmb7CHM6Y8DivG1SFiix+mbF7mQuuR6CxsxXRhpOnz8T6t6ZHShUW2RMfvGQ6
+  jBD2RORqUQLvLu6VcgJ/tnMBF4Nm3Y40eGmIhx7P36fG9tHiCfkTbxI=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAr22Zymic2ZeqSE1cLl9qCpmUJfSP9ctFXOMZ6W59B+XlSkuR
+  5dV5D7Xu/xpvqQZWKZv/AHad3wxGztbhp3rek7BS7gDiHohUW4B+zR39/kEwsGJh
+  0eCF/innHrm49EBOKrulhdASSZLmi6v2lvQV84NkFZ0KdGy5RiW9X0CUSsMjOm19
+  zRV/5zGTc13onm4THZUrDCnFYMUX7dkwOuX3xZzJLm6o1H3vG3u0u5DNPc+dyu71
+  E0jXxjhVwGp3Z51qrfkcOYreSwaZGeCn/Vo4NG3KP9weUizt7k9JyEZRDPxY8Xbc
+  UeXoTR2Z7rRDRB1PS6zUj3uIn+wZ9jLv/cDq6wIDAQABAoIBAEO4SHz1Y08wGADv
+  NB2GobXT0XfRb91PicgwtukAyO1KlvfWMk0J2kDxV4BM4TvbgVlwqcCxCYJ4B8GC
+  +/seGFvk3i6YUrG8qOvlr41Y/Zqv6a69W8ucI72YyWp4AWjwhfxDEcOVLeoO9kaG
+  rJtbQDoPx4v8YnPNILxuhysFD/nHtLUn6qX/7ShPDkp81J9ZR7asFoCzR4Pe720f
+  t0WAUQhqWvFakW4mdhPnSMrXCXoB17cRIw3FMZ6oKdsgeX8RFavOI4DyHzFac+ls
+  KpoxJJnl8LE5B6KiIrDPnoahX889lhzaKTXYdH5ngpJgek1uPZSvWhUsIir39CwS
+  xI8btOkCgYEAyTrZCmK9lFKPg3XV8WfTsoN+bRiD0zB4vDpNjqlyZMIS/pd9TSTK
+  +PesgAtAANGlIvYGpROGWAMd+erqKs2JxNsaOKTXAgTT6CIEm5fLkIZsuAuzWQ5p
+  OWEYqJwgcPOkuA4IOYG6pwLb/dqTNKxByM5eBVV2qTj6sqgDRbWINY8CgYEA3yz1
+  CdhPh68FbLxDMiy87trfXoL+8LWzypg5BqJieliyFN2ovx5FLatMgId6Js4F+S2a
+  D6x1NNUltP/dsOp57ENVu7YUKU4f8CmX8oyZTWCmNPNeyX9y0i42mx5oSrn/TnRs
+  mfgXeqfteHswvqJLeLK01NPGUuYq6xrVPuaZ3uUCgYAm0SVA7Z8oV2y7rSVh9edO
+  TjM7FDmJqZYAqTaAyIr6iL1lQw+2q9xDfnNWF9V20voJ7m+FtGh73c4QgZI+Q3vJ
+  74H1X0bias/9vWIqKXPpIyUhs5AbI76EhQherg9L+pPRtVM81JuOz+xj4Z/3zyq5
+  c6WLXdsP9Z/WirZm4geuXQKBgBbRtPhdurwH5Eka8s/1jRfrHz29rS2Vlp2XdPU9
+  s04JNaQ2ieOIx9AEnNzjfVTsaeXxiLgjjRRq2uEn7FYDk5XZyLFZy7PxfgiDaDrv
+  r1kfEb+GRuHZezcMbJ7tvAIwBG/ULaqMmHH9K6XPCsvjMk5UD3NXeAbP7AGAC9/T
+  mlYVAoGAYqoc2o9BIs+ujC8NEr4WQ8cgKhkcFjv5JcaopAO50N28eO0Zx+bI7jCy
+  hZn5TkoGSBUJbLo8rdKCtviqqdT4i5qFvZmtdwyZrIg2ytGMWlOvZp1OZxzc9j4y
+  3l3WAmiULssGSLFVxE8ww5vtfgJUcoKvlZXXnw4t6Vekybmgr+M=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA1YAA0p+X99qok4Y1de2j2x8LnLtB/n7Remx9WhstlYyJoVlA
+  6HQLq9/esVZelz8TT0BrBl5a1+ZDU0XQ8nSQlSVdE9yK5ZPkWptvGbEKU3nTQait
+  yTPkQN2sSw8wVYoEyADYpazX4SPcKLSM0yKyLRGaHjBjr0BHdTHrKArO8Zer2ap6
+  C3yH3w682XN3sbq+3aG7doR0OMKYGauiK+N/7CfbJEaOaioCcIYzOPkY2POXTGCm
+  5+5LLVNKIU9vgfSfSCLw+4nU9h7nq8T/vj8h+5N2uqeYZFxJh+ucNxGNoPGtc6dC
+  O3LJmRGfL93usflwkzwz6eS1Z7Kut0MARpz2WQIDAQABAoIBAQDGrW6WklN+H+n+
+  FseLLZDs6XAJ8yyPov5XGbxw7Je38mdlUcSYTN1LnXIDvycZQmY6uuydqZKKFUqT
+  pIW0Cos9b961C+fpin3XX4u88cZ1NgpEsK7AbNy9DEw4MTM+dsjKQhdZ3YWrio5n
+  BtWB6Wi7jgTIkSlCveOBiOmXgq9fm5uCwWSeGG7Mx6osPMVNQkT+jusLDH59LXSF
+  00L2loAyunC6yK06hPzXMnfKRoOapYhutY7vqN6cfOfCNXs9IfHMdA3TutBydWBt
+  2GdsMpyZ2eUI1454pnTgqSlBxMGBC6LJLz77QaWfu7WPcGxl63aAr/UWjffJgPWs
+  gS/INMSNAoGBAP3tdg874A6n01Ig9oCEHFiatHCoQ2hRu1rCj9a3SawsGfGy22N9
+  w/LpYLaaaan4u+Y0ocyLlP+hqiymMiY/k+7KZHZoLxUg8ASF+/cSeoDtFapkc8zs
+  KyvxPuRHAwzZvMuxN5bbPLlxHO1Qk+0QdvP0R/f/gcdGKWPtA0eqlS3jAoGBANc+
+  E1FFSGQ4+wV9yfbfJFTr+2kUOvQYTvt5a7jx0nzKm9GalTtfgTniodZG/ypu3EAl
+  gEsOsqtq54lwXQEMoF8qN2CbGcCyQWqB1vbyNDTw3M/L8nlxabsWOjuq57L6cBkt
+  XKhhfSM8ocP2nHGsFpojTqBe6o3BhnmMrcoxEH+TAoGBAPtxqPZs0/GvPhKVkYKx
+  T2Bt0T+9XwJt7JhzEPwNg2Z6RTaRZa2fW+muL5aiUP9+zpGmjJF/pot8CocsC3zU
+  eCh9Qf3+LKE/fGz+QALoyWXhXxLbZdAGDLn2qdBigSK4ebs6QVGgxwDagUp9//0/
+  0IrB2oI5AMnTMClDCXxt7ksBAoGBANMwjiWstAXaPro5nOOEOBK25BxLBDkibMSj
+  c0WoyB03csGrSgdSgun361DiolTRJ3wtD38VscstfnbE8AwqhmQ5eNJp/E+s1zCY
+  qwHrzbuwJQgiFQyBcftmKMcIvoRG45xgfMydsvnS8Onk28VQ03Bzeh8yYjOqkbZL
+  iO2dTJHPAoGAIQczJcKVagyvmr3r9y6922mZ8135folIESu3EoAY/5QHXOCs4ZLF
+  yz579h0j5NDpsJzPeStAsL+bP75Jj+Dr60gjVnsF6rEQC26KfYT19VMcTxzvImOK
+  QNnP8oLunlbjEpYc9/F0AuTxBstSW83IMZFU2TWffSi2it7M5A+fN24=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAvy5/NokIW0IqhoFaMC8UGLwmQAtRKA6aD3xOS/DbLCKIUyVa
+  fkBhvnxl4bpoPQBOd+KW4+xZwi42Xxg6NZPAi937a2viwDQx/fd58BwDaqHpuw4A
+  3WNRcPKc6ckFOEretQHqAnX737cxsJoxmkNoPvdtA8twb205v5p52Q9S/0rtjlkl
+  6u02bSv3c37uAdRZDSMRv2RVnSKAIaShwVVdCA9Fju/oDdboUEKNlGNZDW7Y18iX
+  bNcmpR9f5TSofzEWnv2oBFgorXgMhOABjt4R6sACCBL23Gnop9LQGRJDVrFtStm8
+  +b/Zh7C0+7ajkOCQz5hI5/oeynanb2UdGHCz9wIDAQABAoIBAE28gk2SeqtgxBnd
+  Dub4vZsxJfx0nZNEHLCfQtbuILBZekUUsy8Szqu9uU+HlEr5jO6CXAhhWj3yvHj+
+  SOzwHyLAKDMNsy2kC4/QyOww99Kr83Xzw7ZBZCQhAlytOEojZ1sCZDyL7NaSjsnY
+  aMLpFcJEqTcZyaYFK64VCeaQrJbRFJHGFhsrIIfWlht2JAb2WSQs8sljTzQAyze9
+  uFjAory9ib/o/oq0VejQ1XVo20Noz4AZzO2M9/eJPgrrKB+R/F4QUyDyUz3k2ejR
+  7ZattMv2ek2hm7f4j7lFsmcESq2fXf5NTa+HNAIy+GQoRHZmLeGroCoDIRn1OfYR
+  eWnuC8ECgYEA6ND/gw9we6sccZis9a9p+DMiUaBPKCEBlr+Ymlv0KhCCgmk8nsXF
+  G+rYJp1mqCr7xToOx8lXhrfc2Rjd4BRWo4BUUgA8CnZk6WadJD+vIpupg92wzmNj
+  g+n9boCVauMhZ2CP/nTwi6mCO33p/NbfZnyEj+ecx2kgKxDwzYRYGMsCgYEA0jgj
+  EjTbOWJ2htWNpuJ+W/xMTscuJkRo2rLjX1TYwATXyT5EZq5Vk9vvruq05y3hfNH5
+  UiSEkTRWiCQ/izcv8zwNKFpJk0LoyumUWEUBycnKu008y0+PRefSCo1Hkc3sSi8K
+  YN1MY1+c9yfe3BNv3tsEVZNHBhjNzVdZzR/5qAUCgYB0MmNkQR9tyZ//niis0mi8
+  RKEbRjxbleWaHHQIjl5VZDoO5oEn6SMQZOyOkT58Lj/MVsartfSmOzvRapTKUrxP
+  DCyJZK6StjZ1Ow6w2cwKJNC9DLdCut4fJ3iiXzCz0TqJwur7H9gyjF6AXL6cv41u
+  NDVhMULRT8mLVQAqQqRJcwKBgGmpt88V7D7qw+LAAmQoohTAOua57PNlHUMX+XtY
+  XV4e0QuhFaZ66B7axJ2p8WXlxNoFfIkSO+P0Z64kciAajCp5O6/VufegAPzE7UB0
+  5xIzMIh2qSEUC1K60/Nj0d5yn9sly9SmRxgH3hDI5Ja/2lIsyf/teByTaRZWWpfl
+  A4q1AoGAJbpn6E7/eXYrwvw1AQkssNmLOyZGlcMLAwRtsjvT+VmEoden1wSsXi/+
+  tTnnNb0Ja7vucEwDWQLzzsH7/94JQJei9bDgIP8zu7QkUCGYquad2o15FFIhPsif
+  vwY0J9Gj7c8wNj61FRh2/eQP/vmbXrnpkC3Clr/Vd0O3jEnCD4k=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod10-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAqyyt3svC5qYqvN1XXXeeiM4v9Du2dBPJlSfH4wBibb+WEpMQ
+  bncKw/xhKfROI2fanBkI+qWf4uxrzT7c+J3xukRFlc4OkilqP1JOgqvY0ixsvT7y
+  WhoKQarH80beKYrtjJkqWk6omkYSm5BW5AQ3XFxstXj0W1tjZi1KyR/PROkVoZB3
+  BWCmUfMMDxy+tnltBjfTMdq6f/581NEys9efdR93j4VEz0n9k+Yz2WOrdHFh0YZ6
+  oRmp/74GOIPHuwbh8UpOODP36seRN3N5+gBRtktBsUJ7qVx5vnbQgX7Nr1jl7iQN
+  aheAKr2xv/N0oP8osqGsoNui734t8zsA/J5eJwIDAQABAoIBAAPQNv9joq/ou8MB
+  W1TluU5q6X6TZfkoB7Ge9UEFXSv8vKclR5Ruanr7QF7i5mq7gY9Ar4aF8g3oHm6w
+  G9QeEKiJpNM1h/WRnqBSgRVAJtBn1PRSVqvTMK9N0q6EwaZDRg9/ygXBAtiM/xUg
+  Hg9uWJ1iIbnZO/hdDNXV5HiekMuELHd3ROCeGxQfbqSAt9oZTE95Xx3rkvyu9/SO
+  qWbsrG7zHO7zKDHDofRWOl/7CIjLLuPWO4cIqlCBJ0qGE4xU2ZjU5BxrM3mW0T5D
+  Tz0Ocyonxxh78tECxJQ9/CGqVwYfBVkVUrIjQkOzzE6YyvycrjnKcxoNzEXpYlaL
+  3ILUdQECgYEA0LX7ybRnv4i2XJoV1csoCVwq5SJfkmwT1vbo16McNfQReJATmXVL
+  TOK3+p+Z+O61B7J7JOZN9rs7QcdP3JMX5lEjwe42F64eICI8VoMvo1qAwlaN8lOt
+  jRbg8bodnZ2jWXPiJeK0XFeJaTBAbRY6T70StIYI2xMjSY6BPK11P4cCgYEA0fVy
+  P+wnPsSWrV1K4Wlc4+Ep7uLSqzBUcVjjzc/XlFqPEZK3QUh9r/8AKLT7Z4GTumF6
+  Q0WiFUEY5XaS8QvPFUgLB4AeKFbpeJvIDw9q8ZV9IJ+baOdKWYphM7S17sLMFe2D
+  3zT799IkJnnDlax+NoJqV2cda1SzOJHt1V8fVGECgYEAg+AZYo/tZia6I7Twyw/9
+  Ejz8lZ+sh9ZmitOkuGxF7Ql06JsQ50wn8kLnQSMLpTEfjeeGzAABjz8q6BtKKPOA
+  jHUEhQtBfqD0RBWdzoRB25PZ+/G46z9YT+f+5n5VLDxo9KK2aH3gvOBK4P4uFz+O
+  RMgRQ6PVgKeNCnNS0cZAaY0CgYEA0H0ApIUmO2gPj7uSPd/Yg9j1QOgv9hoZ4Cw6
+  mgcHtaNvai3cl5Eabgez6rg85X2AapWdSOv+lUh9Jm7mX0IwsptFiH8qczhKwp8+
+  u+W9doPRKvIS6sqxw9RrzWJnPt5ktmmSh7Ufd+lOSH6lPx14fzxlyMD2L7x983DF
+  URoSDEECgYApmr7kFai9BY3xC9qZdhNDnjo9fwNuEN1Z5B0sfI234BDts8L38BHc
+  P571HBKjMeT+pRfM2bY5VrUW86FTQxlVKRP9pEdZh+xvQs1G07EJHLpPA1ycsil/
+  oobD7qMtBGx43RoQhHAcLcezI0AmRTx1QgrW1HCtLGP/+aYSDipp2g==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA80ducoOxaibHfTwHnEOj940rsaz8IJ7l5+E/ypN7rGBYlxMU
+  J92aRfr0DycSNri298Z4JT+nTT4DYLuZAU9iXJLrPDz/UyryAf80x0hB306ZLdWi
+  wAVHsh1miVVBO0wuwTP8h6MvAlAIJw32AeZhSxfwnjEx+1o3Z+pSfXkmxo5Yh8eX
+  /dhTPXiKHaLYdnvbHJ7qamoK5K5MFTPQL+CvxfjVx38JTgvQQK8oyhvGzmDyjpm+
+  OFDjIMx881SHn14eUQXL29dHIfA821i33YYgnt7n624wYS999pMkZnSCae67mDu1
+  Bj9NXl1/oRSRXdyKrwQ3n0xWEtUCEBhaNVVD4QIDAQABAoIBAQDcoqMDjnZf7G2u
+  IbxRN3NEty6yhE1hlFq0MzA0nA9k5ThTQ4VbJnqdDx07hNba9ClUjBY4ygMEZcKQ
+  f3Mjogh2JvTa/AMgPWmg8ADA38KGMPVxgTiKZ/9/BXUSBlUT32Lj7C8SIKgos8bB
+  DMNZM8R3Y23hOoK3EDoBr51CmJbXKUtJZ/rJJGxGa5f3RQ8TOi+D3JTXthy/+h+s
+  ZbkC10Yzxtxg6ttXTZsrP0J17txVfOzw1P+m8G9mv1PH2J8dpnu+SYVZcmIIcC/0
+  BlFKxs9uUN8UEJeI7+8kwY0jMxUptSIr//NyChGdv0X6lml8/htA425thRnRVDoQ
+  BRYZYqcFAoGBAP/FnBk3BV0DtTMPZVMQbWV5YIZzZtVT5j8gIUcgU4LKHOiAswUR
+  NrwSq1zBmaoezwZTw/4ZgtorPCvwNjRiFXgxZg74Y/OghfcDOwWWFK8p8fBg2Xv4
+  qR14YSJpJ59yhzHYvqy7Q+Lfj7uk5V/6o9krdSbV7xBaZ721wmYIZV8jAoGBAPN+
+  +Dxems8AcM93CSrCWypanyD5wIVNWskoRNuJ91LUdkHty111R/sqM4MZwJ6cmtUQ
+  JdJDFCTqbCf+vrrKAI4n1iEVkZ/boVvUuIn24g8/AiA+V7faCB5pJeAL4hdH+K/v
+  G2J3S6Hv1tvnJZnJAhZRHZyDSBNj6/Qs7PE9iaMrAoGBAOalcaW/WyPMwysfWBT2
+  vGAEe4njKTl4pioItFmqigRodHcqD8WjB0PEZimIICUsES64fQZ4ROqukF1jCc5l
+  IM05ZrpbPe8ls4jTrfbUpyRqY9WL0LOdwgtkUduxDd0Yb1gBB7lGSeqeBcSF556M
+  rBKbwNJbm3CYxfJqpLpUGe4XAoGBANVi6vY0ziQkNbiKj90KEEywuA108dOgM7Rf
+  duCSKs1K5gvm8baIZjllBVmZwuT9Ru77RLncERY83eW66LjW99+cZ5n8xe660dCh
+  PcuiMP+9bwaEu+ihyUWlTgznPQ68AuNjfrMu6ngSsE9sZNY9gne+RF356rsbcRc+
+  G7NaA3mbAoGAZ9l8DjMtTF34XkQcnJFd2MEtFrGofG8ZOf+8IE1irSjwdLD6VyQa
+  5O4HPPl0XExz2o5tAM+5HoHTuNBIuZp0ZEragznY3dn2y6ihacYCBmBpVuZLWx8d
+  9DwT1i72dyoGlDDvi2e4iljwZLrt6oy5vOCdU4bS8AYLdlI963Me2ME=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAtBXNPGZMwUYUZtkrnyXZC906FN5W/DkkxutM7RyFrA+a9tbL
+  DccvICLnaV8T1OA3mkBbmRbZ8qR0MLQWxZ6q9PnEdSiZAWS1Dd1XQGDW1ZpIe+4b
+  W3TBmyEcBzMT217/C1POPx21i17AebOzBG6c6UWplBVg5dDEI5sD+B+5Yn0QAnpa
+  d3uodi0Giji0UdQ1qGnilCwwpR6Xo5GnzgLhmwfO/Z+giiNfBS81svkDlVVyNiT4
+  pmAGyvbWPQ4bztDAIWf3wvNGNA6/8wQtM7wnXNv77Oicfh8kKsbkJ0nkA+Y7lGkP
+  SKdsnqo0Z3ZwjWGBRiW+JvwANayZTNN1g2mQGQIDAQABAoIBAF1ryfKBZ2QEROUt
+  2BFRgw1CkLTuutVRl6CRxHBlEXs3BT70IpZdNDdJpB7nsdQHFREyPdJnJl1Xrubt
+  JbsTGsDHKYFVtDoi0kIFBxRgqFJbHSsdVJfXM/CT9oRNnQl6eHiZ2y6m7N0GJHd+
+  H2o3L7Nb7iLiDEhsSrPl4ONBIdzTAPc/uoxPmT1CfbCxUSNuwQ39/fXrU72S8U8d
+  2mwvt6is46sOHZCd4m14bD4MucelPo7WjmOHQfU3wH5519CAmWHCDP4fwMcwXZRT
+  VVPw2SUYEoe1/C3O7qUj2TS2WIw+/xvNBizXZjj6Svgy0MEDKsjhlmc68O51P/j8
+  rhwtZuECgYEAy15scnDUbuahoWI79BW01uircEuVzvMxfszmlBafzwt6O/AMCyu7
+  JKfMGREBlWGTF1HbRTDlfs+yS4Zc+4PP9feSU4R55bds9YEN8+ybJ2oo5OpYF9Qd
+  kh/bPEFd7zSmT4GivWiq6IjVQkLcNUaes3xZVvwcjQwypCmMMZFRm7UCgYEA4rDK
+  I6HMGCq4xyfniHaOFd6UDb7fKvI52Ybu9GB2GBWvi+pHNgUuuN8HoFOHPKcnby0y
+  2KApF5Za1ReCG4gRLO/232mN6VuB0DFZSgPAHM2JwPm8U+b9VdVZdB5ebkL8q5yd
+  fj3qwKcQU6LGOpW/7dHl1ETXOd1F3N/04WspiVUCgYBmoE+5sJaDIH+QITKACjQn
+  /2IEWSBQPwlLI7t4H7KlmPUmKgzp1jeqV8L3I03ZRFQmAHjWgcZOKCGhWzyw7+OS
+  DE0bOE8LTXT+rxGLdmsViMz6OAgcfj4t70WDMrlkbP1AQfsN+jPFBMgZmAPoHqsX
+  iDjNXIxL4Uvs68qDeQHlwQKBgFLk7PX8q2JG9Qy2ld7741cx7hfcrUTKEMdvpR+t
+  ymFiRLA4OlQRrxUhUWuaP8C5Kx1nfMlkP8KFU6/KieRBbG5vTWpC8gbcVGrqMMl0
+  96JQssfjSq+vrwHdI3nnxQYy7qxed+T7BUXvkXPT+QLhUa7Ia2+kwMNDG9H5/1US
+  17yFAoGAf0nmnwF2Q16Uaxajr63xcPYPKOEcZGLW1jXh0ui4Rg+ylpGRgnquRs2O
+  /tCa9TbmIpoJdp7iaO923zr51jaryA8+nYhhggQCoHucHcFAGmwG+zGcr2PYbIlx
+  9NElPAY3jgtSVMn2RHLjM0QenMD5hmGpt/YRNwxO6CAuxZ5Hs94=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA9+oZNAuVejR8E2SBgZMoKa/VsB6XdKab969eCoeXbtB8kOAZ
+  zcsT+Tyer49zZQOkn2xqjZNjvXvymgNB8mWXmk0AoXXOCKFHFeQLFYCLZQKM5D0C
+  lxU2wNWXgIJShh2Oabd0UZ2pvJiXCpP2qvpNO8QO3lwZOvukvQ4Vjn2aX3ypxIF2
+  ihASXkSnaqfACZfOByyqoQnZBTcW7M8uQiovk7GYWRiClxUkoWzxlYwiOCjre2nQ
+  0Xp6dDu1coxIuv9PS86+9xnvH6gVrJAHF+A6ySf7oOKPQek8FooF2NQq1osc8xiT
+  dzPVbUH5JIAZymUD+B657XhD/BHdwZdM7Z6J4QIDAQABAoIBAHRVPKhoeycSM9rh
+  wces5x7QrQRtBoMtn2iVuRpV0CCm4p0VG+au0duVr50QQoT3Nau9sy5mKFqFLC1L
+  NAnr1D0Kvy4E2r6/91x1WyIm5MJsdPKxEmMVCFFqqSIbhV/7xJUlCgc2ZazjKZVE
+  I27N76oI8TU0oH5GEWLJliH8HJGLQKq5FaXOe5opdLqL8J93z97dE2UdeRseFW37
+  /2k3IgoEZSamjQVOfsV2wGSlEb6KRpMQRJqBqH35XlpLtboFM7OZT6Q2ak2BhTKG
+  D5W2ZG5KpMEEB+fS3eHNibIT0S0lkgRb1ppKVX0g7rmqFSIthFNcvfQ9eJdys235
+  FyNgNbECgYEA+mU0szNb+rC2JAmf9i589+RX7g87j4t6nfvMxBUR7o/N5dRU46mv
+  mBvZU74vFq0oVS9Py7E6wyxFNdP4sJxIMRIXVbklHdGzP2QMm4QyJRZSy+JDrwQt
+  W0iMdaz4e2tk8s5dInYPAsbeqFbqwUkeLaEe501z2V6sZLEHJ9kji+UCgYEA/Xat
+  Q75KhwlKftm8om2cSUgf7b16BpNoNVjJOzEHFCD6xWojC8ldSlwgCJko5dp3feMo
+  SFBi/ISj+eHv3rJIShi+UX8aP4MEfUdLvMqhJ+G07/uMckbzbeOhYg6xi4hLfWV0
+  ninItx4KC8wWKtfx4fYxxDc3y8cdpIuzkpEcPk0CgYEAiqb0Ea8E5cJoeXgi7a08
+  YgA9eINS1d/EXCsMbh/EuDdFKljzUMWriC0ToL2VUZc82D7EjuRqx5yCDpZ8BT/k
+  8dc0uLE3DlYKTbXXDV6cbdD4tBFsrUNA4mU/8gF/7se/NHx1MhnxofYBYXIPuEwG
+  u/mWJTrMRbeY+oDUl4ozlskCgYEAiYMtladT/9dGl3PCJ82YERoUWIOIBLFMxESb
+  SIXc9Uq/QwPGZ8qj1ogMyR1vVuUkFyR64mDak23TGOs/nG7VUX4DI2v17adDdESO
+  DqtQq7aE1/59wDJGN8Rb9jtKkA0uB6ZXksfQoaimgqgDDtOB47oSXgYnO2OX7YHt
+  twMLc7ECgYAMMTyIw7w7s0eTd/waKgWbw9tX/Tu8C/Hwx6+AALSSoHX8B9bfqd/o
+  irZfbipDPiTXvm6ibcvjDLdXlk+4g5chjcTnjA9BPybYJ4HwCJ3ZodqGROYXJHEU
+  WnLF25e+cwxqJxGCvOdJKHdpVMZJt8XLTtXXj8pjJPANqRNRgbAchQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAmVG2vk2Hrfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77Ke
+  V3dQrZIZ1I/uQNUO6lrA+QNkLmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhN
+  ClMr67ctP67Qtu2nCU41nO6o1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xF
+  xRPuytrEo1W+nrkzNmmfYD57Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0W
+  bMgZ+Sv2sElfDpIA1IJpzPn3BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLO
+  aimJ/vNLEK/ZDJWu/h3X861BQMdL5YLg/OVVmwIDAQABAoIBAC9NotA8I2xur9jU
+  cpdGqHUxPFkgCVTSFj6xGhlaNYcPpLSTq37Y9S9YMFgAwEWIdr2fmoI5paMdLLtx
+  S5+WuPPlBkNMwE/J7BHiSheJ0yfXfp/PP9W7q4ViUrefPA30bODWHHx6teQstQIE
+  s+jD/y7j0ojakccQyUlnVifjZkjF/anNXaB6/Vo6GhNSG82HNGvB4Mwx2x8dHPWf
+  T8oChvpdF3Rn+dxhQwRtkHX5gn/iRh/FxIc6kMCSOrTk1vCLC7VjZ5efxTAWzs0Z
+  MbwI5qFqpvsqiREtaEZ2fNOo/Opyi6IGVWmOm9cdP3NBIVH4AH+333HIfoqVi+mO
+  0/ys2OECgYEAxXXNtlVH7oOoH05uftD45TY5gwSW/pqOC0/Oxk9EMGXsYqIkOIiy
+  OHGTs8SN3+7EraCvBudvfeCn649egcj65ewQX1uhvTcuoDGuPBSAF+ml6tgDfCgR
+  vL1VoVkg8m1uLvRqzPFZeIaXXCIB7vd48QdeowlcaEzK8i9QL+0Jgk0CgYEAxsXX
+  MVGbG4I0KUoDRA/0PVozswuN3pXXuYJQh8NH8+005agOBbdG1Ebci6huru8NlRzk
+  vq6hsA9cwPKis0V2vbgxqUVx/iXQHbYOyGQnuDjrLF1lU0z5+g6SFaQGo2WTV/7H
+  14p8pEMen3ecSIr+BWywh+XpIGwCJIxIGBNxm4cCgYA/X+HYRWLC0IqjEZ8xIIzh
+  tBedT1nO+XfhdYnd6A7woaXOuk95vZXFu9418j2+w3loaIwEYT9NXU9HsUoZyZGN
+  Pci7ckNk4VMboxZSvhmmkxznVNE5hfq7YuEa2epTJIAaneOxRzz6C+iEb33DXrX4
+  Ve8v0I9SAmOYe0r3NtK4eQKBgGgn4RQJw/INLxH3o3B1v7CqZG7MfiGFeQ3O+C27
+  qSdrQ42XmwlpuSagnw5bSuxFfWOGSWKVlUnxMtQ0EAdKPec57mPZbNsUq1H2RRbC
+  TIHe6XRM2DxnGJHsMqY+VfAm2KeCbOtHuPpF5XUAMxdcJbFn+7SqR5dioVjPXTOo
+  dJ5fAoGABnpF+2mMzoG5ZLFgAxiAl8U0D/Vk5mpmE0OSZ6nematWmAtMdLWToyzd
+  D/+hnKaApu+Ka21yam/ijX1jfU+Ux4IZziraf6bxc8r1eoSxIIjuSdvSfh1NpvoE
+  ojNmkcl0hUccgARJo3GnFNsCUokM6vzgSoK24h2TI5/DFEaLyQQ=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA1DP2rGbvI5pG/ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSu
+  g5EW66o5n+JPwEbtJVVYR/FvN0OM9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDe
+  jvC23gmGodh7N7k8Aq0rFHNzK8B7ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCy
+  rvSkQ94Y1ABKxm9/ufKc4uAyIyLOvLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/g
+  JvFjafCLwwLgo5WbidLZoNudwhx4hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEO
+  WV8TGwSFAPvZ8E0TugwgxrEdidHW+9rxTyL1+QIDAQABAoIBABctTcXqwDfNQ++U
+  gaeU8c1y4kQMj9Zzs67dXRbeYanKz/4WWZE5KZ23y+9wknFXzdMEDU5eSl1o3V6h
+  oqnqAMT3LZ6rTiNnUmXJqIik9sbsYExs3GIUXITH2ZKXyG1/p9RLAaeMLIoczd1R
+  zD8xZ3OuzzcTr/57ll6c8zqWYRdEkcl+LIk7KYtLRmfPIfhLeKHNJFYPNZhmMi8u
+  x0P/0XywOFUZ1Iw2UJUcZdGr30uvhwBszne62WuNIqibm4drIEdnC8nHiHbdl9PS
+  H3UzpOwuZc3J0cOxl4s0s5NYpyWhCQBQvBlWWBCIPvcH4pLOV5iQWPqACQHqaD3C
+  f2FLcGECgYEA7ehaU/7JBai/Zl9JImCAtzWe8pToTYevoWemY0CJzNovqZkncbRQ
+  T/8jv1FU7PtKkYaU7steuT5b6/dumQqkhVYRlxaJeoGhBJl4K6yC0NivpW5hnd7z
+  p5mdfLWNJEvI+wNEJ0NyWhFtKtC4VAIG1ps0F75bWHCHqedeM54CNYUCgYEA5Fcv
+  oJZJtIx/s0aGT9Stuxh4WrjZE52IHTBt16VpGomsXiluKMwJG7t4WVprQ8UORP2T
+  vXr/j7C/GsL8fdnLZvBT7AhzGoLbxtixwG860YWApI3FI2PdXTtn3WviUSixeR6o
+  DP47o9VvmbtI1JZVUR2zknrQ0Ploto0zYjbtnuUCgYEA1J3VLEAF06Lt+0WpDKoG
+  HrYzKUTfH3rmAW+qigVBoexUsFOJptqo8/VnMzIyneAu0kPeklL6gr8yU348P1X9
+  lpRHACpKD0wOZRfrB80S1CbzQvuVDgwU4XIuBygRzaBVK8/NdvGWHtx4Hc2PDrUI
+  +36VXarn4/AdrkByNds+yikCgYBGgHDxKVYKjBLlvJG91lHp4a1PfaFwwAQF1y0j
+  FyxziCyTSkF8ETuCt4h6NkPGQfKc9JqIN5DuwcjPr4KcLQHzf6K5zwYTGnJXXBLN
+  8sn7ZTgKFsfWnH/9yFjScfwHyQO6/O8wS9MIS99QXRYopV4kVIJcaNVOoKNnMgO6
+  gHEvzQKBgQDtyP2cYLeaMjhq2b04zYN0mAOs4abBQgrDC/6yvI0dKgPu8gDdLFM2
+  gqD9fuZdATUI2u2dyIm8uPlJHTdgz38ZAkNMit4KX3lia8fxag/jQ//VPrjLwsuF
+  STkVL6X7kgHFHIuJOaN0o9r3pC4CoMjNkqdQ30w3B/B3RluvJCiNqQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA3PdXQhiJ5R+/VJjh7Fvtfv4D+lIPiqGJdG2RyQB0JNI2OF6u
+  Z0gjAj2R9guj3r/SLX67UyeTXeAW1IPlxvtyZJSfYXJFunTCpHUtHnCpzvsMhFpD
+  2q9zLb3yHNmiavC31g5mog7FUox9XPaPvJrm9ZvosBNrdduGrEE6RokSbObXC2g0
+  8s4njawK5BsSngsBm4MuSU+58t5Z3Nue1rc2SQkGzK7AhKFkUzpG9v6OCuW78Hlb
+  NWZw3pmhWK+2x9lO/RwoQm1RDz53bynnDkonqNSWj/FNRwVTapcpLaHwtoKuZCgT
+  V7ve43gLFqQJLruIRIteuEY19Gqhrp+g553OaQIDAQABAoIBAA65UJAv8GhbIDWz
+  5kIIsh+nL36rnyt+rhka//7jz9lwRHqnHHn3XZXVondBuU6re4bajgLxfSlhOEQ6
+  8cG7mZjIKoKkya6t/xZUVIhVu4r2QZREK4dT75nZsVtoySDVH3rdBMvBrjZc9DGQ
+  oG1R6Rfupqes85kr4qJxyj9O/PJSo8EOEynXNl9knNiXTBvxcoA+doHtJ5u8ZXi9
+  mFHqAxt8AcB4Mcr6FNJCxsvbpYUIIhKDl2lccTdCexHqWaKlyhJm96btUickvOgZ
+  WavINeSBvqPeJGA2/erphDXheBPmwbKglJOSYQt606Beysy1Vc0QuZFb1BxGEgjo
+  AkOCuP0CgYEA+NI9ujkK9GY2L7pynvCdgXVcMwQkHAE4ChgqXxKSdmYv37wNn9R+
+  gBJgLIRTJaOSmO6/E/2/hp6LKAK0PN34svA03pdP6XMMCQDAxMlQU/H9WhiTViDk
+  3EyQc82VcTqQh+kge+TVjdE6vJKI0iWsokOwGRSuBWxWO7dCqZVWcNMCgYEA41dd
+  s6bsR+3lGwxWwEgY4j2pXslhsXinls89htgdL6XvECy2VVHwXymaUd3cvraZ8gUW
+  uodTwYaYkRzrQ7BYRb+UVc8rLRQkmADkBJll06wTX4ttqWVbm0rYn/R/SAGr0/pH
+  1Cv4ZQLFXGXVRQQ+SxoXcG2FskFBG8C5sgAXnlMCgYEAhF3T2K1f1oRJbzqQn10B
+  bU0xrzIUw5EibrxMTidjIvlZnnw8AzrX0On1n7kFQpCx/AmGPOxQZx0Qikhl+btc
+  AlUmywNTz60USfXMluNBiGbDkJpiRv9YwJk6f2Buj73IBYVPcplZwgf8ZzTM9H52
+  SBwaIj2OFfR8K2hiXjTDt2ECgYEAjDdlZpmsn8ydgupAU0Xkex226exhIdmd28kk
+  VJfUoH/CjAJXzxXDoJ4DPT0Oml37Yyc6Vn+C7Bi83rusa0pHl3VK4wXsxlfnHg1m
+  lWObR0uZg1N2poUKVCR8qWNeYaYOOabjSHx6Lqrf2VZBjNjKJv4HuOMEE+ZlZt2e
+  aqfd6VsCgYEA4eBDJdEQaZABhGjg1VAHYrKc1wdMAm22kx0FbNygkP4OdVJ6mwjB
+  qiHz/9PDRODmjzfJvvrjYAnOV3ly24IjVAuDjdUTUG356ApvAfZZWe+4gIDQYbD2
+  nZlaBtFwq3pMDEReidsBWaD+cYtogWo0rx17ECZpmBgnoL0Xdzk9wRE=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+
+  Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV
+  7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun
+  gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq
+  6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur
+  /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABAoIBAQDAkt/SZMVwYTW9
+  C+E2YewdruEym0WkK1n66jTpudSPdkh5l/6JpBjQQ+gtCX92kV9DXWAvnl3vmVEl
+  gOWm5gRZWlrvYAZb3lImguxE8EP+eQrG1iPRs8kL9Jq/tjwKgBLi34lJxfQAsMGd
+  +boRUEKjw/kTHV6az/bmrYkHuWguts26yBLViK7lAZekHSDNA0EJoQMgzdEjEiYO
+  5Cc5j5cIxBIyPoa23rwX6o/5W3af0qztjnE8VRJiTCiqweVtQrICuxDCFWLYqwKq
+  rpntQyaAfKtsm8jxdjnaNWlSOXQNdgU1Bm3TQhmURdICPSkDo3tBJYurbfdRJAO1
+  v7uReOgBAoGBAPeQSaoT49tREcr/JNxNVpUgHarLxhd1agNsrvbN8Knt1ZvnSQzW
+  h2kTLp2Q6OTz1p3F+iLRWZ+tvoq0jSlWLzVANz/qiaLE5AiCwCGwHOc77ht0RkOz
+  iqRJYaZBA6u8Km6vHDD1dBItlH04sKqVD6P24LXRkrrZLdnNAgJ/E7gdAoGBAM5l
+  MpUlXCTqP6tb3VnEt6cmNf75e6FAAMaBSgHDx+SCa8UCWDvP1LAujW7HQVMZARxJ
+  GTQZ2HVCoeYe/zwyjB5aMXOfkwjqYk6LHcUvCh1trcl9IwjwD/bmHC6T/f1ocObs
+  d+PdYTUsEkK5Y35iXnw9gzZc/4IzdZR6oMEuIhL7AoGBAKcq+XMtZymLfrZSv7M7
+  TgH448+XNjZVBLc3RpZFzgMRJLLX5M4Udu+PEmU3muwvc3aqXxPvxdM7YXUMIl4N
+  YmdU63nvh+0vgsP0doTJBVtnbot/YosIy8/P9W5sbGwk7Yo8GI8+z5gOyzwbccBe
+  U2dmp6pez/P3/ywZcQf6g3hJAoGBAMNIDKwBRUXIPaWsraqZ7gpApSYydz8Ch7lJ
+  6vPwgdk7bSxiI4m0AtEPutHtxWkSZ3KT1zzsl1mbSgOpoGUcjmbJf7Cec0gkPA+E
+  oQ5Ii5F8jMnvlI6IVRKOdmu7qr1xbCGR6321oJvmrwBi2DhkanGy4cs2Aqr2dXGe
+  9SrSs3qxAoGAas1h2dgSQM74dBto0+M2O6A3GsS1WtbZbYbEcXFKJWD3MQuE6Yrh
+  iqJSlb80N7jMeUIVgvNKyv6tBfvhfZh6nRNlsjBwdmo8Qa32FVsxpJKp4AE5psNh
+  aEjjPry793/0wW0udCcTDUaoL3eGztW1zvXlNwLOElaqsyVpJQn5uM0=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy
+  K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb
+  mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay
+  5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z
+  FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6
+  nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABAoIBAQCPFE9Z5qvt4flR
+  YFU54jD+USrAtmRnzal9SJhkWStfl9eT5IIFg+7MPOx0rnJ/+YBV2T0tkTvIALXE
+  9n2W9RjMR4mDHC7rhQVc5W/wv4spHpB/xMIjdzm+2HHkRBrHe+66g22/OUZQm1RV
+  NnUBf8Zqo2LyWeCBStn4IVO4TXdwt3RHTSxMAJITEBYTzEj4CTeqDvhkQixcrbfB
+  f2ptrh0BGAynCiy5VO9O0dOlbC0sUgGlQtPZ7hMAKa8BRoPTRABTGNEuN3lv4FM5
+  QF6kZcmmyQjjBVP0YPIYFFOdGEy6mDZg5MB82atN8p/TwO4QTiDEPCwuTVitm7W6
+  hG2D6R4xAoGBAP+0d4/O+eMaPEkmCAWc8IAzHS6bPoTcfcHvI9VkTpAXiugEOYBc
+  uSIyyAVBPULEgmdoTI5QRc5GYPNC015NeyUTJIJ4YoEsWgtH7hrrZLK6To/A2fG/
+  YJ7QQBfrpnC/U0D20AJE9N+GT7m6SD9hkTCCgMlMyH96HrkOK/MIpSSbAoGBAN8d
+  lUrMJmTOx1uI9JdA2C53iTcU7qMwEFL13OGW7kXmOwaUI2N+rKBc6tah0XxUQ3wV
+  VlVInu8lXCbnqj+4c5FhpEfz8gjliJ/w02abqF6Q85SzF8uCtxE2/xqVaPWuF79z
+  wRZZF130D/ae/Hq4vsgj0bsw1eJoSAc+Uq+Y7oPTAoGBAPZLSKJ+9Ri3S3wVosJt
+  UQXatfAPXl+w1Xy4L+a5sCaAVq52a0Blj3kOOrU9CpnGF+ksgBjP3vz5syZ8poT9
+  0nB6iL8W36KWKsEU7paFR0ATzdoPIp4E/TbbVfD0bSPKVZGMafzVmJu4jhBSCobq
+  HmQAP7YlPDX1VaRfrxtvp0mjAoGAYzjLwMTDOkd+/uUMKQusWBXOztEfQzFHwS0X
+  urcdZbZ6f3V3u3KFIJfR0/uIpuruTAtNJoYyMBYEQkT6QHYt5vRuU5VYCL7TIJW/
+  3bzRhqSdvn5a0aVi9mPn1RGm6MMwSnMW5nJeYuj8BGg1zfnE1kqfpciVBafsiFQd
+  /3tabwMCgYBF6qmf8hSUuAGk4tdgleT+CRm+MkVaA49l2JUEWI0LrQg/uz/HDASa
+  JKzqvD55qrYTwVfi5sHV0UarT13HcPAd4GaY+Xk0KQsyiBgGbg7jDJUMEQfRqZql
+  35tMywbffrFtx4igKPjXdnvIJFDX4Blz4nM3UjHUPvjRF05HDy8fxQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8
+  RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh
+  jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd
+  QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi
+  q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR
+  19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABAoIBAC58IN9TnxDGFbt9
+  0sM2CgerFLMF8rikeU1Cl/2bIQovww7X8w3Y9Q33TUJu52ZhOSGtpa6YFlCPQiIb
+  2w2nER8GXUI3pZDc8Si+4P7aEFXSJDI96THm3sVMUVTyL1E7xbeRVtSiLE6jtImp
+  bdP8RVb1jPVVU/Lj8RgqqtxhuFtmZOojAGA2sFC/zQGOaZvmFFM+8Fb/V9yPLT/P
+  wMaqiPxdUyqUBIjxOnETbykF1tiZAZ8lQdfNNaSB16+W8YztdavDOplzonKjGQXX
+  8omuIy3HNnSeW0Jy9Nw0HXY7gxmXVr7gR1yWJo3+CWSVmoO7PYq3WZcJDCFCI2hD
+  D1E/aeECgYEA9pgsa+jxBYM2DcsLQjoOl8yAMrpORJuYYzj41brpn/lsNrflAVFc
+  nBlrIbyCfriRQadim8utsSI+6/53HbZXTKHvsYLhdFkBH6iQoAda2eTQvpTlGR1J
+  7Fa+n8SPIVJVDoq00kXthFZZzoE3pmif3X6luZrg8T5JRyE+imrl5KkCgYEA0gwI
+  mEw5ignqU7lzsGaTCQL4DSCYQ2Zq3ZEBIVNSG+oXP4AtWjFP4cF383KYdMnzBDVC
+  NGRHPGqp1+OLWLrxPAORkWpd8kp1SKo4CDIGG9/XL+xUF8dhBhFCOAOV5JCEiqww
+  QFzfXchOGr5wbMBnI0M0YZ5nj1e1jEUHZt3y840CgYEAxsNn4t8TDydw9XM5MvuK
+  8a5jkv/6wHBOR4QPhm8visPIBt75VrOXGzed08aXxL7OToY2BHALI+D/qMcmiiuE
+  eH96rbFaOqbXMgZz9JmZEFLQMx3e//xMrpRI+Iy99dTgPGVvVKIKzgWwQ7SB/78L
+  RMSlnlKJh8p11ECmoXmCrmkCgYBm1GVQyeBRZ9FD88JjVZQeEUoGgzKHrJgcqGR5
+  QCUubUe8Wq/ZO9Lznpduo2dnpYZHRRuIMp99QGqtukP5yGtZChY1rnEXsMQCMvMD
+  cBn1g3wBhh0VFxK0ubZFXdv/7ZA1o15r5AumCe3SwfCgDQFxDfGS6M2iKzpB1Xlu
+  LrJF8QKBgQDtTSB/DavOp+hXl2CyRJBc2plXGfXjSoN5kvbTyCfQPkwArJ4Kkj9r
+  mm1pgM7fJU62zwbqyaGyK+ewlenw5ZEbGft4Y4c/vqhOxMgZNwWTbdmITU0RBLDq
+  2dtSSIRkhlYONk4IJ5PhmDVygexVJjidm0GF5HsrazmDrSOkR1xWGw==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqaggvaXan1
+  OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0DjpVn9Dj
+  88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyzc0hNvBWi
+  29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkCFS+b5va7
+  ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DYvU7LNHyF
+  7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABAoIBAQCLTp9jyIYpiaxT
+  wBTB1L+hTt+Mcxi6S7GKQu0WBBE24ZoxKZBZmSLzbgIZuLEZdBPlUXSBUHvWbiQY
+  Lv5i64eex22soedJscGyNTwbbAonlI5dHxqY2DDvoSz9w8LXSfhQc5yDZNfcd/1c
+  WyMDPM1cQZOdpsn64EU3iAM90ZRLcrC4f/gzjhZmNS5ceZQmrIRswD07MaXgBc8s
+  XvhppkdBre+uUHkdG5oCoROoLgaUkWLzyxLBMib7cKgxiTOcEANuLaTweaHuIznJ
+  AoxxaTy4QQXY9scrU2TYXhfh45kwFc+jkpX6P5+siV3Jb5jpRHU/6QTFmbEXPDk3
+  bmXOZFlRAoGBAPWC/QhmhmS/226wH59Uh6evO3NPsXaW58sINnEpAXiD/Xzye3LG
+  n58pFoJBQH8EEgqxhTv+kWN5ptMW+UUBz4tuxKSK4LNx3LxqTtykzzr0x7ni1Bvl
+  KMEiBZ2qYde+Xe4wdNKdEEHaeYYd2JYipikDZjVEbiVjqzNksJHGczvTAoGBAP+C
+  mO9qMC9cP1GB0S3DV5VxwzxTk3vtqimmQoDbL/a1LH0kYDsM95hBTdeSBuerBrs1
+  wl2dGev+9r1o/O1gE1TFyPYClXj8db5Q9PXMbVO5NjKHTcSiNyQTfez21l0qbW/F
+  XW0cEfssHUyx5ZkjYImAHyq4ukm1HPuR2DLIscmlAoGAcpRxdwwySK7pwBzehUO0
+  E+RKQKS+0/PVtgHdNq7GivI+yaN5TbW5JVTNtnixmxXRPcBfyAIk5GIQI5AjQbt4
+  m0BU8d4GxHitZhnPOFaKiJ9Y3z4nc+VdQdWY/V5ZT5D+0X036Ft5DOLjuF4RiPAe
+  0CFQACgxp61+ZvvlFAOkIBUCgYAUYOsntTVwoY/fRVZUqw7SOYeTySqrKLJ4re0B
+  7/lsWNjahksyin844oR93AS293oK9mexJbWKkARH6Ra7K/1+tmOn017ujlwpuLVA
+  4XQayFvdPdNjCnkRZIiXnLxOI/Mkhf5ElIeOm98eXdXtF9g8Pz69HoylEk/kdKZk
+  roMXjQKBgFqh/L7wI8B9pguSCp0N1FdoIjoN7gZCve3CBb4EdWaSc4llSsNJAsca
+  tG1r1V1fJR4m8naofSSXxC+chmKnwpqhoXu7CW5c1z8RE53PwKhEKALMwtU9D3+s
+  BCqEr4PL6r5h9KIjXWTqqpOFzg4bjxkDLTnsczyLJ+nQsxTWSbTV
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA4n6pe6hW36zFi0Zct1HC/Enb3RdPf5kSZVDIljOb1esmZPrZ
+  geMFpFHG2j4YOkJrGWCe4YiLum/bTQBf/K6k8qYo4qXyjiPDJ0UMgs8NE5YZjczw
+  PmZH7BKuu9om73hvmxW00u2jDHHf+Zf8vWydq4wNs2/Rxz9L476ub05+K97EGYsY
+  7HjAtA1KfHnhDnw2Pj/nsmJo4IlNSzM0gsYWRZr37haTClIK+YubIsQV86rGX0m/
+  6Rh5j85a7A8OZFu40LtwLxg55IDPpqxqzWJyHnl4wbYSWdbO7ZCKexGiSlMjIbk8
+  2Na7YwvE6edWTkDMDlMZ9anRgMh2+6fo6+15owIDAQABAoIBAFksu3f3WHTqZkCm
+  rFx08Ys5XTpYMjGvx+FiBAe3PBTmZ5B8f2S3SIJgvCUzK4DMo7QzKXrssu7tmW9g
+  xWoMLN9oclKCOdSi2fQ9KGbcNG7QuzDsTm6TAKA+3tMRWiEQzwhFbJNbgsWklCWG
+  JLlD6XQgSUirrvF+x1dcvPsP8Xc9mWQzvQ+VCB0EKm5BN4K8uO6bTeB7T7sbEhC7
+  hCW+Dlke0TmoCKJ1OOo/jHs6SUHEo2ajzTIPOjotp7Ny0OzsfQTXopDAD8lhte77
+  dP1D/wo8ogr6LaHjeI5iJIxLs3qknxNdStMRuxWlt4MyizMVxhjFuXBmZxrYiMpO
+  ksbrlvkCgYEA8gIC9l88RrWl1P+8uCktcaJpCCA35IrrJ7EcVHcFmXRr0UV4QEkZ
+  PU1hwoEzHXQK0mHJGTcMrej/fhvncFSaKKIcwSchVRL0diIbJXIE1iAHjyLIIT5E
+  JJWCRU+y3lRL+4WZGoBOf3eHyKooy14Tqu2h16xlOUfrwAeaoul7Rs8CgYEA75cK
+  FPdalLOVqwTA/eCXvh3vdB19SdgVzmpNbwoX0G6sdr+z60pQ8r5sjMtyTxnsHhBX
+  VJkPWruiU7B9nJ2Y4uchVWhu5ZkSNIEhfNRtA56wBG6ezaNnn02P3P26xzEl7G3l
+  /knDgzDoRL63hj/D85z3/vLsmOyPke2y1vmfVO0CgYAfeQl/lvUU0QzG/ZdCcAB7
+  9b4pE1+RdkuMtujTR0NQKKbY6WrxGVCR+11KWVkXbH73y0XG5LTebR3E/cYEgswl
+  mqeYqwkXskZekqLrJL/iRPoWsFRMlndwNo1hjDLb3SSgikhV/Pe4dggPnal+gTaX
+  lR3mGYJ0h5juOU7v/uNMWwKBgBZAug/+dWxQTbtnoqEx5gYjc6UeRA/CwSu91dlV
+  X6bdUKlq3sQgz+nr49sj3kcYikS0kdfqq3Fq8gXB47jTLmsMupzbKUmr8PPtdnXI
+  qSNn7sNKnvdMkQhLxOvqqRltKC+QeYcnxL//n+Mar6MJcyLCVopYd78wYZlVMYIk
+  Bzd1AoGANlZtruc7w5iiQJTQO4kHWPnN9Ti9H4d9w8AihAljQtl78eUvoA3oEbXL
+  voT4lvDOJzmk7U2A/7xCeTFxe3cqaIh19EtmcP00KhfA+mM9EB0J7E36ETkNYBnG
+  6lY74Wg/luHzY3Ey7YpB74nnrzAyT0+UtBogTRtue/4BLKVK0QA=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAvCABaQ8FGD1goT+VKV2qQNa1rUjRKxhbJngJ97aQ32MzM0Jq
+  2hdh8D/eDOHX6AOUuASk1oqK5q7bSOIoZeF3SqrTraphRpOa1XXa35kf2fD1C1GG
+  o2Vew41HzHQHt0+X+4uFv35cS6PgUHiW3mim9pRHuEQxIAk9eYntDGtFhEs4HZpY
+  GxDZXrr+bB8CbYCiath/n5TnWLEn7s6S3x29bCiBk1mdzqFiU5nVvIIfZyxwX/fK
+  iMtkgSTx9xx7UIX9hcXI5YDRKUNkoRd4uBt2DM0GuMUwizC8AaWmCm8Xubpiwhsq
+  N/Agsyrtxz6swyXpkz2zJOwj8uueJLuLfTgaSQIDAQABAoIBACphW2/7fj5TtW0e
+  EdBb1Xr947fB6701o3MrH7O6YTCx/FrT35Z6JgolmTR1vFn8VIiQI0Jhu6D0S1pD
+  +K3a+TDNAxrgg0GPBxaHkmNE77P9YHbISviMYajULxSUHxjgyXBVoi/dm5U+uc3n
+  HLXGBbcO+Ik+c4KwEjVLKSffEq4WkDH5z8xQpQUCnJMh8DwAeFzco1i8TJUo8pDI
+  sjrU07C3y6v5ZjwBBb+zSwz7vBQkrFVfu7/qk6jk3h2Nybln+41oLPlPLCPhhlxh
+  0d7PbhoUGDYme1sxqZrv/BWW69UCYrDtJXKZ+931M3HnECnGIXWIFyP9fPc1l/2Y
+  qdENmgECgYEA+pcoBFJMHN9oidfiJ8u/PcNW4mlXUBgrOsvtkBBR3PrpDQxhGB4K
+  OGhJWB7ayLhQmVUB0JWn3wtvgqLgTp3ijCRKLb1uNAYUCm9o7lGPKufma9csxbmz
+  P+Pdia5zZdujbbPlfTwX3TXMgKHpXBum4KTuYeQ6T2JpOmFH7VztcRECgYEAwC+l
+  Isfb8rTfbrkF7v1Lr77ukl5EKC9LvWNTQrHSNsQjtIxudjLbhS6BEBhMq18DyCor
+  tZGmi7YQT5cqxz29pMA6/hrA4pTDq4SPtOfyguG5ac5n6POG+Ra/vEV1iC9E8lzL
+  hFgrhQiwuteb4rUetcbRfZIt5SEBvqLpVAWrFbkCgYBl0OzNdLLAOHW9LB4TlVFK
+  wweWTr7PKELITPtlQXxBkSEH0DPTHMGCUb0bNM4oJ9t3sXZfTa87jOXt6kfBKZ1W
+  25fYJdOVB7M02jeEPVcyU67nujHS1LTkDK2Ct4Ljq+4nMKTZ0YTQuH8y9JZgeku/
+  ksPYumaGwrGGqugSpWNEQQKBgQChwXhEJeNCDGpiTuhnllm1ugYiu6SyDdy5snfJ
+  ktFTtxI2TFxMr9GD7vhCC7G8K2SLfLL9R3Hd9YcU9i7TM2wC1qjQZsQh8QQfwJsT
+  sIW1Ezdzjn5220GnNTZ7yBp8XQyy0NeatHsspXvaRs61qawHYye/gOGQEI/fXE72
+  oS62QQKBgQCzHkb9Qd8Xpdq8lP1rxUjoZnCxXlkzHuYVtcvmPN0aytGavbekHQp3
+  pMxfRxjyIrZKpAFhS510decDzm7tRTDJZxUYpMTXsMxFuOKCHX/+liNboJIDCR+D
+  MgOrZYgMnJ/z5S5yBO9P2hodXZO1FFBGw2Ygx+OmjU3DDElfya7KHA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAzgzXd83aiPW0pYxC6a0fHctGVCIFAkgXAvFL0YYMloDJXhkR
+  ZYkOQ2FcVxuN3686lJukkfw8mKZ0U+ojb1K3J7BSU0G+GaYg6OO79tWRCZ0Ofi1b
+  ppyL5uzSz9ftqgVGfoPXopZ4fhsMokbRZ1gKPq44FAhe6zZFG76ZSgPWtfqiO8bB
+  PsoTEswlcK+go0vfTz0bGp8pg0VRXxSqFqcdoO4r9QWF/l5ovgORUBjn9XV6f1Oy
+  9JgfYH/YMn3fuQwClGNGVqHMRAqSbziOkLR5upUkJMZpLuA/5i6kEPjK6pkth9EW
+  c1Ren7eielivtjbjZlo2hXERWLjaL/tZgF9/pQIDAQABAoIBACvnOJHiXsoH8HHF
+  rQw1QwgKI/YROZf+3EhYOZtvQIdg8YcHOFm2Fj/tIsu8p0IeCBFaCHrCj/bGoMqw
+  fNRff38JZsEupN66MxDsVUSGxNyThl8EMx8RBA40L8bxb0Zm0VprpSqTfSEBinOZ
+  O00VyTkJzhEWp4LekWMT/X1zy/ACEWbywwCgPWQZnZo+rjhAw6kvzTdZfQBl/+9J
+  vj3fAoj7+9NE6VZl2z0ZjjEQPATjldnG0/4IS7q+I7AFWI8QV7/HjDogUSQhBeUn
+  /E7g50ET4OS8Ae5iuN/pDtp79PulbaLjpmYMdhy3bOmYo+xYtt+0fBxebwWcZ/Lz
+  G6iZ15ECgYEA50z2kZXwBdH8NPW0N56TC5laROjpBt+NQZvDftcPfa74HU1laKT1
+  RK5cpqmeUOtBTeFaRapiKGdKhlOwM89EFCnU7fZ6KyfgSqF4Zw1LpZBCl0oL0qN/
+  9YhhIMufQJrkPHe+jn3CP+uWsXbbwR9kYFVOjTmh12XhwleY59l9WHsCgYEA5A2c
+  AwMQNOtTdvkImfM24qJjyFmgpIxYNhd4hRYjF/0iezLxD7jnKuZs2eH6wOQ5sn7L
+  yEdFst2/gUax8Q6mcMwZhzQlXpcaLw0TELpixsheGbZ8kvsMRCiHW3XX+TIcKzVy
+  pR0wzmJWAOhmdveucnxqHZWIxBqrbq50zWUT3l8CgYAj6varGu5/6ODSVIlczbol
+  5fV3l/d/wr1Lv+V2z+yu5rnOyxMBUgRoWu82TkawaCfm8SS0hsXhYlDXVS2ajggT
+  XX+cSFcmVnXlAPgSgKULm8BLgAsf9ZXMShZTImuje6oPncSwmeTNSkdHXZ64eah7
+  sSOWmKmCKmcJZ9Ltxf9J+wKBgGq6T8w9D8WkaHBihfr+jy4rj4VBJOQ9Zj8SZu3p
+  +UyNxChiI90WzOEP69tgXekOJk559sbpTB40lx5aRoapM43QhxX2epK1JqTkeoq2
+  n+ml9hwUgmKLKSdwzEAqe4P9Rp+WKOxLJ/8+mD9ehC2jJrofrc3goJweWyK2dKV3
+  a4ADAoGBAK6dqRnelu38nbOBxrfSENoUoxS2+6BfP7dG3ezWmdxOXRPkiemFTZQh
+  iJ6zZ6/hIoNre26Qyt3JUGZcBgWw5upDdgeX+xS4j5a3Y6J6WDhkszdsPrVhRcym
+  y1j0l5I8TexLXUT2Jw9dTFyqoyHfZXl9LuyGRmZY/Zn/wcIPKXrr
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod10-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAxtf2g6UuaUBfX/W5PqJSokh+3P5df2DwtEES0a1zW+LeSx+b
+  L6PT7dlVDRjjC6gVAxFlY2Gr4OklpqLy6+Vj4MiupLJThxcWwVLbCWxTr7bLe7pN
+  vkUEFSmWA0HudZSfeijir/v3XleTfV5ZPXx/0OXdd523D9cJ+XuN1E9FnMHZGoJ5
+  xIBz8Y9Pmnk6Ji0dTnuB6JNvP4m0p5UBzxgpLGQSEcJLQQTbs23/oWztgyc8EpBi
+  tUuchSpmP87JF/slp2EzbDOTKVv/3iuy35K1pluyjNllkG13WB4RR7MdqHnPjnxB
+  02AOpXs6CrtybxIGMHw625OvQcxEeWinjEZLpwIDAQABAoIBAAVF8Omo1cRAysa2
+  s4TvtRVMquCddklMftWo7CDXYrnLGG4RloH67EHgg5rnUA4dFQGR0oiCLJa4WCFF
+  LQAIg0+QwuDnQcPRXu8djWWAk++S/252kF09Y1BUXAAWHYbMvDX3I5vbKMI9vFGU
+  0PUKejFGB0uGyTYIU+Fj320D9SqlBWfw5j31POzzxYgV7z53QRGKmPDjh/3IGGPd
+  LdPkGBrBUSmZKYhuzZ2+JDs904L5pnnc6fr8Fz7LzCAlfwV1H7F86NCydtnyICKU
+  T8vGmYOAnXaMelFUQ5yjsEt07MWycpMJoHEVrUe8JXZlcBdjFdGS/ev2tN5ATg3I
+  Xo2HVqECgYEA8fM3ZKoVnvvjNiFP5PiG161/eP7jO6QwcHTgGqUmoapuk/pmR1dY
+  nGIac/4vC1nk2SXDCqNqg587Yt13xFfkC113K0tMnaHYoN/MlhlO9DS3QiOONcx8
+  g1KRq/NpfxEQ1rp6GbQWXq4KihsMolFq+OHw9uYzn1dH9zxWQGczQPkCgYEA0mPv
+  JJcbKXq5lFbF3ArQd5ebVndRNqdqCGbpriZrfak5jiixR7p9GwCk20SrXExwbGxz
+  ONup+Yp06qWP/06msZ5fh3MzB7vOeuBB5H6e45n7fvgt5Pe0IPYJwRK1aAAa3YHJ
+  q/6SGmaV7IrMyho9HbTxRLOWu9ECV4lPChGluZ8CgYEAnGg8AOkqvPHcedujCEPY
+  94gDBbbQMnf7kFcdoFvu00eX4DVY9Pl0IPQSYbWJt+7Oz8lngnMNojTHcSv2BolC
+  tE4hgW1WA/jiT20dllKaBagmZ60Qe5rLSyGPZfce1bO0jPtTf1Y5t88OpSTDUBMN
+  8gItgY5jBLipnxv0LgII0hECgYA8pRfK+U+YDksuKjEQc4GR536cVvpvAaT71QZo
+  76QubbgsdShc37GuNepPViT7DwGdD0nLSu5dAv8eoCi41CgSrO8mcRt1kDo9iyUT
+  QzhzrPAksk8wYAJpOeKn58eoudcEoKPMUy40M/vlWkEbxKJ3TK/7OLUrYF0HdIn3
+  Ag0+SwKBgH/P4K0aWlYfxfybROHk9irzlr92b45MgCLd85cgxizQgI8NE4q7Rll3
+  IbEMbnbi2IeeYyz/vUxCqDWsD23wE/ZQMEaTDF910uj5ecThD/zcjenzN/r60CyJ
+  RZ4GKcENt8n/1sWRb27CH25pRVweriwSev24GQwORPiHI0FKaafH
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAuj2Vbh39BJgLxQevgCPbo4ARNb19vaD89hD71EujRodcTnG/
+  +UALffcFCtCe2xlwBfadXpVSPR0hh/0onoguXF+XguolweVrcecKwJ3DkSiMoeCF
+  iA4s5xRQre6+6Beip/6oKNO7D95eLrLGuyGTPeJWifIPRJiLgccxvPiEXf5XvQvr
+  sRzKjY3z8lsMP/F3QWLxhpjeoITv20SpWGfXW7geXkrJQboFGiQYC9Kavmnp/JcJ
+  jxPFighRI9Dv/wZkenF1rUz8N14wzPAZYBdswJyUls0f/FxrYFHuACfJHmGgUZps
+  usMOMzMgudDDVHucuMt16KYLmsZKv/SQR/VCywIDAQABAoIBACU7lpozKJg4hXHY
+  fX+Sq6BeRBKIVZEJlEjlUFM64+N/wDZ2izibUzDVp45n8ro+taSbjw6Pr6dEIaX8
+  OJipBQu2mKW1heLjqL1WwVGMuMJWZvcd2dQ/cT6pUw/SwRvJTd1kDd5LpgQgIpgX
+  aZ+TsMoYa9CcMe02yf0iA5GR5XScwvbm1iw9UUXeSkRSarJSGsaSU4gcyScr6g0V
+  pS42NOF82ZSA50cKGZxtrdHdugUO4BmZUMDS2hPNotRxBB95Uc48Mg6UDukfVKPP
+  b6SLG433dHWN3v2tNv/gGp/4jLYa98soxEHKs8o3EVdlQ1lc7Ub4Cayv+4mMnozr
+  pMtKmnECgYEAyQeWRa0u+6Uc/35U6tUOM+zTX8ijvLHYwomyRua3KDgjpBaK2rQB
+  m8BkL2Hp3U0mFWh9R9rmdLJ0KKiTiyBtUBcVf1Il05bBdcmnYAV057jhHqkR34VI
+  6pvdK5teBcKLwUb8kIpltH6kJ+jzH00yPM8TQT4LvWcf5HWZT22a+rcCgYEA7Sq8
+  jdgX558FruHl3wx1qreuIFQ+zxZ44f7tgl+l6pUlW6ffRtT4wqIs0Hu6UUxbmzPm
+  6MdzP3CJIDICuhbNk1J6PfiOka9hBiM1liUpVjubrpJwVCFVxB3YUgD/wW5dW06Z
+  9rZEJzzYhoDwgDiE/sRf1nlpBhKqRC8xhgq0NI0CgYAVHbrnLr3UqQ9WtwpscFzB
+  j4rUcNriIzxFkvkrAWkTzHHR9pw3RNk2Zwse/wX1vPjXHtaqCZBTibsx2iNFZe6V
+  jxcu/I4En71KhhgSugABpyXedpvuAq4aFq0wu20w5bKQZsh41lDAmNzdZFbFXvJ7
+  +LRpEf9hscdj1AZ6lWTGGQKBgQCbGHmaIRjw5bOnvB7BkLpaXChJCA7TCpUe5cGY
+  osgz8jkuCUggYCIV1kyMQn2DsPWvN2/oBpa9g/CI12ulGkhx8Vvzrto9N32xr9DZ
+  UZAIzo5uyWEgA3S8/e97ISAf9PakQXC6QFOtfUL0ItokX9HJcc5iyZ7+07H5SQuP
+  5uwV+QKBgQDGdS3i6cjRRmeKLdziCGNuSla6lAcAUddL8Gsq459LyiO0OI3DjvFo
+  BG+blPTePWl5OS+sUptM1EVk9WEigL2kmHFGTDtBCWUnG54IYie1kjWAMiXSmcl3
+  JG5Z9ry73YRsEaXzi1xQCiD3+guyv/dy/0f6sg2AWUCvliAg5wvnsQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpgIBAAKCAQEA4omqWlyvaY7YJQcJeiSbRMqe9iW37gAoCy6dgVtyuc5MBFaD
+  2L8Z1ZJD+vo3j8J0KGrmRyM/cGuF/15f3pupDTiw5rjCGzuOclZxnE00DojRxcyN
+  QNaQe4tBS9QzTpHa+wAZee85Ri736bRmTc5EjqrI/y5pot9tolp/3+yQIZeNB4CX
+  smoE8ffKhriI9/mpjVPu30DF1AasmmVMSZURHIgsEebqjBDBN2LK4XKfks9biN/U
+  0+vhLQrAnmfE92lDGcUSzOp0jSonJ9LGyUVTyg32YpeoRtiFKNhXQ0JBQik4L+7a
+  3WwflW6rk6S5cRimWpWlK3ptgyTWxelTZ8/N1QIDAQABAoIBAQCA0nBBOnu1tzlK
+  tRm6j56MG/0RVJmnigc7dKK0sOAosRuhS+FmHCYAwVBPJIL8CUQsx71zrqOgtkRY
+  174ExNf5YMeYLHCVM+TpOCcbDvwPV9aSeKPKvzkiSCo1iNI0V9UC7yeNo3AabRMl
+  nySeEjICPzRViHsh15RswrH9EHVV49ptksa3Sr/2QNJDkryiGq/+udhOKF5JwEZF
+  WSfuXWtommJXc7Vkt4prwnC3N7xdGp7DcdBUSRBcM5p22fVUXyCQT+7sAjwCyuR8
+  i5Sr7zP8JUV5qL1tapc8qmjwmiL38p5c+2zncu48FiE2Tr5nlybikdLSAOA8Zwqv
+  +7O5A36BAoGBAOYLJzwD3jue6fCAHEYdfYVbGFCKKqlDwz30GXkmN4eVe6Z1tHSr
+  b5ccwmx0nS7DZXFTOU4Zc/DZwN0wXqCoZEXUWtSomQ5hrfW+F9sAbyJ0wxkUWLLg
+  QSGJ0lQkNR++wHZcT25ZQUYTmL+3LCVC9rENMU2nAAsP9lYS1RbYy3s5AoGBAPwZ
+  PwiUBWAxHXRxIWletQ8Ag9VzVWMi8ZRBBWu4JGasWZLeZtpGNE7RUBQr/Fm5W2Fx
+  rtpvcpqW6K9mT9aIooi4Elmlek/L+9rBaF9v5Ucnc+dJei1UEmzUuqH4evxLrPc+
+  d5jmGGa3aaB9X+Zf08UmwUIkT9XX1Wb16dCLArt9AoGBAKuzn3E4IeO2VT5hILlk
+  wY+L0rYqqnT0UwIm8+xtDf1xIX25VRvP6daMbMGuuLNyvIC9cYRNkzAuF7oApGCd
+  z1ofijw4KyWE2ucVH5Ei3dCF/ij1+s5oe7SgvhB3hf9PzS+K7u6aSBIaBmTyP00A
+  kkjMZARlpa6cF21fWRVYc2hhAoGBAINQPzYfrCEr1DToDMhPDa6vzPvtJIgMFpvr
+  toAincthcRMAh8CgmvSHMNghBURTOZcrWTHspVyCyNc8Ss/rwgXHI7/QY0KXdSvA
+  XLaBmYMTuNq7uklMJoDL2h8uSBmM7Z6nyjI5gHJYjUuMotxkA/IIutfSBEfWMhF8
+  fHslPZodAoGBAKAWhWrInzeDP+a0F5lme1KTi1UiDIUSnvckjPrc0oJgmo7+m3wk
+  /RDu/gVlqctdQCChNi0RCxY0eZRAC7a6jZT+Y+UvWrJEWRgWH8buLwRLOPObSXkE
+  A4iRLJSQuHcSJZ3E6BzJrKEgI7b4M4JmKe3NsLlRUg5jCF+rkQcy010Y
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAvAgnzL/fV7u2TUV9ZSyFZExIq90lAO/qRQOUamb+kK27XD5y
+  i/hyLklNd7mrCvAyTMiKyPA6pgwkRnWEEAn/7VjFx48y5QZlvEVobs15KT2H2Y+Y
+  JcqfynB6NH6yIgIZsM7op+XBGQ2esy/JiDwlYiWp7jBDxFsLdO0iRmWPpTJvqa6F
+  vkGFfOkOuOhwj5NkAN91ifd1gCqCjN3ftOUwF8YMFOglfVTrDSbaYvOPkYzHJDM5
+  guot7MHe8lDB3OsMWX1dRndloZDxXD2Kzjaiwu4o1BIGdPHNs/1wKY7wrXF2wMuo
+  tY5hHolq4jCeGBVdeIb/KivjtYfBhBQ+G+xx4QIDAQABAoIBABpEPWMRzp5P35iN
+  w4WVoZCwQ1qWyuuFmEFJzbrLZnZJfqnVI2VAMJscrFC0RBuEEFK/lPua62Z0vcCF
+  /AvNic3bH83PyDlMGnwhagRIect0B/0xXPyygH3kFn4s0K+FgZc8YC3MH5xjVa8M
+  VufMFyDNyB446c6NNV2BHs+csmNOGhTw2jObkWNJKfc1Lr9O0oK9xyE+0W2b3FWO
+  qgwmvbkI9tbPPdNEaWY8mmGjKYCtN5AqJVTE6SHjJ92fwBsVshCsZKR/c2pvXAwC
+  AOjT0tbk9Q0b40dVI1mZc8RtnpxuC87EDI9AnkLpgJl/COlVVLJk9GFo0SXSi9KC
+  XRpESEECgYEA20ThiEI87GKCkn/oJQuUxKODKczF2K4yAu8RtdyuOsRcgvF67cJU
+  q/i5cUDl7zDsbwt37ylWV/yRtj0hkkvZBnSBCOSW/vm3wO8NXyxlthrEwWt1kyWz
+  yv8qp8DCVV4Y2IHv3eB5ez/wVmUcmI8mnOijz2YTRf4VZXdI8ZW3g+kCgYEA24ez
+  QqbV5nPWjak9bE1lKtsLp5GEa3Qs2Ljr6ZApCUwtugYXYcW7aUHza10C/yXphCfI
+  pI97rbSQML0/lGCdxve8Zc5l15nRO/cEBPbUpx8CdASeHgtrrswQ5/RvWXS9+hSx
+  z5sGmDOq5/GcE9dyEKCedc2DnUd98jWAu5pimzkCgYAiMlruMk5oG3D7wiEFbgn0
+  pP+2zC3q/jfkhz5+23z8w1UeQuUGIbGs5GyfghyaMkodg29gCFVkAYsEHgKXW2bs
+  f80EAwqdl3qWB3JRbo4qWYBoHgdHPLEOrr8LTJ/CSpubYKB1PSYVF8K25qwQCvtd
+  q1ao6OWGm/rgSTtCGjR1yQKBgAE+JGqlLSLP1xAYPCvHyGHUuZ0qOritAK/9ZAB/
+  e2v9DWk3LZy1FNmEsQ8TiLfPDCJeY0ljMo0KL6LG/3wki+AbeOqOn4735PJU9KXe
+  i9eiWk4z1H1RDTwBFbtqa9Ly0TyAL32AYCouaLJFcN+/4XpsnlkGX89dHz5mxSLK
+  vfIpAoGBAMaHHBYTYSiDTfuzEbWDLsF6WKfIC4roSeg9NFfUePias4yichaT72E0
+  MCYHlfi3oIeyqxJPHr6bNAvxa5J17am4m+mzq6YcHmjkKMKnMaXI1r7taPTKv2/K
+  vhluRUGwZMxxQy6akqKzD9xRooV1bJrnEJTC4AZZ0ePFyzhf3ca3
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA0zf8Oh0BomRXALzz2UaGDITLuD3JLO4/c5rmGKaCkUX7fgGD
+  lGX4ZYJCL8L+/maeEUKd849rtih2BlyjlEgn3mbS3//8IA2bb/V0H+tb8AdnOPZG
+  wShrHQZe6tLtfjTmZ1Fj/Sc5A1/xnrqosEW6zJS8jQHSqsR7hae4GnNYUelGQxaQ
+  c42KebchQ2Wmcuv0NUUfg0cB3t1LU0ml4yeWEQ43xw3O18uUcxCuQGFwQBBwgR7+
+  4VNQV5IgIvKKzUxEzjERuK1H+y/5TDaBavOzy6L1WnVJI7hqivC7ARIxWa11T6mZ
+  pyjHXCLj1W0IHcBTqxjOrKNQOSgP3/dZLh4UlwIDAQABAoIBAQCBco1VfFN1F/Ou
+  Ux9LaQpcf8JuvwcdT0J58lPUha/9ops4JWtjtn7ej09LAEHQ3kk/oMk27Q4BTJjQ
+  21OxW+t7RR82Ayec6Vn66r5plY/58j+TzHOei8vhtPbVCcJdl8QhS+Nw0eoCJHnr
+  YtBhf8q0+O75qEVZPSPKzPhq1YgqYiT93IniVWgS5jtUEeB9PK5qoJT54oPYfez1
+  H7I6aMO/VkAoHOERAUDho8UdxQLWZ6ac13Lk+WB9FXMnMU0xl2ObIK/Xqk4H7sBz
+  +enJnTHJXXrndmGUXqSAc/ZsoPJICGEs1Fbjr0psiAsq6Y4xstkUbLOH/2fQeVOt
+  XDmBFc25AoGBAO5VuS1qGGCktaH9UKUqt8rvKL57mQ1jsgo8p+4enh63/S2QJUJA
+  yI0OpMpw0C26/Nzutju0WHfYyEr7ybUcXfc03z6ApKF5XLUWAzz+rp2msrh780EX
+  R/ZNSraUys/ju6aiIGXk7lukAlNEF59sBNfmkkuK7Vm4FkIcTu5c+jONAoGBAOLf
+  v0ahUNfqSsY0cDWO+E7VCO90M5aAMWIFYvxNtKJjkGcO19EqVOmiVNz8zQJt9li1
+  I6Djik78Zt93yLXa6so6I6DtloMRWy7ugAVe76nbmC7q4KLZMxoAUVZDlJEfmiK6
+  BM2MvShYCmLZcO+zVphvVFhVis0lXR1SqlfNXW2zAoGBAIT/2WJ6fjgQMju/fK1u
+  9TmN1JLXrkVGiSglSSEcfOhvjB1M/z3FoST2Mwe1hLbATjOMEq2mqmfW1Y7ii2FB
+  /z3gh2P9reFeNFnpes0i4pafW8SPhuOf9kyAPV0+Ex+H2kPW3XV/F3SURafpq7UP
+  NnS0+palZGZY0DL8UR+7SvRRAoGBAIIHDMB1SjlFba+ldD4t/8BmtqVOqxZxyFvO
+  jIngG0wK1kNKrYSSx3HT+OFi/jiLP2pd/tqCLs3QOUGQjHc1zeUzZyIfqWjbNLB0
+  PulVHPT0B4e0VCThaTlYv0U6nFaEjzmh9Yi9RdhuhR1cVC79UP8yp1utQ00KQhDB
+  RSHncMmjAoGAH6UkdtKGlo0Iio1BF2TI5qt4wowdQ7aK+FAcVaaqpdwti1pkQtI2
+  lR8yZSDuLflieOn+Fs87eRkNsGX146UvZEvzkQh+88EDcBVRa3UG1vWwswsDzH3N
+  ngWG1+EDnm442HkNqgh+L4AdZEMc2hbdQ6yaLFR1uftJJskG2Y8Re6g=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAq0VhkYsGQEMy6UB8sGBzg8rn71OfSxk6UbQY/I3lI0CDAczC
+  HC1YZzV9La7TkCH/+0SUmoYbDqV0EYMw1WNtucoaNwJZ6CoaHCcy0PGAX/5he37+
+  jGG5VUaUpZ5LybsHk8n5EvyeqSyqTvmUk6LwLoq31FIJ5seR1w/xpMT9gLC8VB9u
+  +uXkzowsvfUHKbH5t61Hfqwv3UBMkGFyuJqspXA2uNghD1kjk0Iez8p88dkEsMqf
+  PwlIgRM2QXbVlhrd3gXG+GDcqQ+F5ipLMtsPc9yN9HbJfkQVkthiLnvubOE4qwIt
+  1kNTywsPKgXbqIaiuQsL6qLONvzOwukDOteRLQIDAQABAoIBAEfPQUdauPY8tp3h
+  seXpqsU5T+GieAluvGsBTfCmNcqAA+2/Qiu6P3SWkrOSt5WZC9D4Qi4/yBxt9qpZ
+  DSKLG7hoKnGiBLw42tWvAbllaGPXLlwvNN77Ik/E1hJSuogMaPLoHgx96rAX0Bho
+  wIjeKkH5W3YkJ46hYl5/ituA1KEdyVk/nsstQr0GsrmHIprSQ2q3G8EEi3wk9aEc
+  OygpPnwzokbgF7NgKn9lpq4Wr3/bG59Ei+CZM1o/te6rYlGJanaCxXG4iVcBUDLi
+  Xiq5b0rbI3TvBgR8yc8pdgJl4j9bdUvLHSsPovqO3j5GkqjrrFLQedT3CWq7pkzQ
+  2JBgaekCgYEA1Yk76WL2vGcbT/yQ+lWGF87BG0RXFqALWzdse3veqG2VmTmf27Zw
+  PrNduA69lxlzikILVMYC86YhebiMN+7Rf5Mq/B0CicpyFOzwzjbpmRwLaEchwMAB
+  Z2IbXbrl8vEyYJSzPqWjXLEDD23e98/KHkBOQ0IDpbllEnjXQwzzFV8CgYEAzVSA
+  89HFU8xAScaI7HtuvFrlcRz7hk+OZv8EKvpI/Qftta2OjiudK5wfTMNsNb0q9OLB
+  WTgwr1e4XQ4rBW5iNMwVDvmSp3fULJHTA9vhHvN+Dy+vTXdyfXvkc+W2622xORkU
+  sm0B2DAFDCcPm8wU2Gi+KBpBvzc+LN2507ICuPMCgYBGSXnTBKQ6t6Wh2nzOKcCN
+  rZyaoRAZfmy+havLqaZMwmVvniwkYhToTpoWr6NwTQxfAgZAzTzDfneeXUSqVI3Y
+  9FQ90D65pE2Q3b0V47VYlIacuG0/yPOtV/myDIcMRKBUch3eDR+MrydWuM+fumHJ
+  O1mHgf85WaEPR39zrpuE+QKBgGEaMnWb4ZbUhB6fnkc/xEmdLt6EV0rYOr7ooP72
+  KChJZJhDgKQpagWiqoax8G2ljTgMOGXKFfQGJvES7zN9VUIktVzEmB9MovGE8Obl
+  SBxMCHSEF4IqF+HSAmLw4sWJtYMMImaS+IlVhD2QB2ilZcJGHo92g1s7c9Lh9Kxx
+  haoTAoGAA1iEWLsD4lzqJytN6WmttfeMmfNMzBL42M8UoSTUkiUFebgiYH7oY45C
+  /ANx5zRXY1R5e+Vy8vw0K8JOxPVnhtzvNyghqUIHoO8BlCF/5F1oz5cXYKoXcL7+
+  Y9yzRYmMOlxAbQsx9vryfYo1GHX0Kl2RWdF/Bmrqwy5YpWBlztA=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAsuAluv3HaZaha+kUoR0JEqqzA6THCLxIs0C5StGAsFmPmcxA
+  gkkGO5acOYOENsab+F1CBqNfC/Kiz3Jz3Ui3UO2gFSQkrG/fTNdHOZO2QXulHW6+
+  ugn6jdPklKcHI6wMvfIewBzoN5Q5DE5gDNsCWPwjD5aHg+ycS1SSiK985F+ddccA
+  f2TK5oxW3VD91FkKLorl4CjA5tgUgXVuGzj7IPuFldoYhryzto7/OQBvN2A26iPb
+  JtDFOeNaE/Whl9Sz959PIeu8ghXu7+9cS4bHLAlWiyUlUI97/yu/6o9jnc9cYshp
+  qk9DLeBTwroHrUZtnUv/za9VGz2ywNylm1pZbwIDAQABAoIBACiGoAW9eXBysB/C
+  runRqjyQb/5jVrSj89So1VIeJQnPQLmXjQX3hXH6rWpaYZoHZU7f0hWu7dnHHxvg
+  0l9QGjg7ngksJyLqNa0zGO/yh1hOqxn//TYpDJsVZrRHI1bxo/Fk6ZKc+f+dlU80
+  co53EBEZDth5QjqhYMewYYKWP7V9kyqcBY2myx2bseL3mwIkk6vUktrlOEmFeCfW
+  gxucdFpkQxrg9NIEElhBwOSNTlhCWxS0zV7GhRj9zreqyGtwYLvckZVUrCmQ5RW0
+  fcXfQcM2+8M4/fIt9a+PuM6lxjCoMup2GhkEGvXLWUMCWN10zWQieYxNayzvO6mM
+  Z9JCkAECgYEA3S16pIBdX7XBWssynmutaRXCGyI2nX758vxzfSolHaHcunGBhgOg
+  gp4pdtlBUe+FLYEaFmmWpYWXX4xjUGcgo/17J0RE/8N8lZQzxCQ34qEePP66rnKX
+  87IcKedawYkZ6+yxP8FyoyqdHYaZ9Xjf3EkZswf4xfznOhB3qzkVcLMCgYEAzwmx
+  C9RVViYxVpOcM2D0FK0OVPVBQX8UK8XbrvlcauVRCygjVgwPbUvpg0y+PKIM6QM/
+  P/ziVTreDXg8PyblgfkVlD8y2Xbs9WHpmnUnCXcubYKtwSg+kbkbByTinmJA9sKf
+  6aYiWX9KrSjkARrJI6hWM7CgoxPzkImieMBvWlUCgYEA1HNF9dNTXYbxhmveYGuf
+  s2vx+iw/98KrBmrV6CleY3tB0VkMCBVdzXls7Ls80h5Xd2EmFNcxnCaZQ29PSkD1
+  CnCGJi6edGprNiaYHtSHVcpbiE1KNhzetnekM+AFvhcabhL6IvqHShG5v022fyKv
+  LSKOa/jBTjRiStTcjfyUCp8CgYAghd45BH7vTIqdlgyIiaduBA1nTSuWFVde1PMA
+  lo1tAV7syL5cSwK1YaJqDMkpjy9F/0uVSq1nRBsTtJqKNRsCgtVf91mOjb8FgP8I
+  U3TxaLZzX37aA+9oRtK3GZU72iVoXgRu2Lk2o+dgMjc28TU9k7kO36UsWPr+7pAG
+  NfyIDQKBgBZEUD/45yHu9Svkf5ZtjIMw3CK8/+U455LU0wlPO9wuo8BBpFqknptF
+  LSJhP4Cw78o1Im2PJ+++BgDFY6P93TCLMFB6jw58C43CTrLbdVXd3bLXp78sjgDr
+  AT1UKAgfJpCIiUMWxq0UZhYNSMfpamnv512JI3u3GTkuGzpqApjC
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEApr157EpkIvnR7cPrZffHXSZ8XSWLYem816Za9+7wVH0YFIzp
+  u/Oup855z1T062M67AZ0FMouB4rukYfjVuvkNp3ZuKLzxwgC2TA6gkS79q2kFZDU
+  /tt1ErQWF3OZGEKCFRZSP+IIrTJBKjNleN0/K8U+jXdxkGS+/HWAFjUgnhi9vEyx
+  XG0Zp8b4Xgq4ongxuZa+/4x4ZZj3Hrh1xG3d0QfbaMAJ3AXfMIpppgKqcLY54FAu
+  Xh6YC18BnooE+0lZ/9UcHdmVVRGOPIKbH93w+tkkANvzrklzmVOldatOvVZVdGZC
+  Vk3l8AT8ykA7aw0WnW+mIdHXM7ebgkKFiTZQgQIDAQABAoIBACHwl4y9Z7ym1VBs
+  fNH4qaAQYWgkaEa56TKMLiAhhtHr1Kb6N+mGJJsLsEe/p0rym9/HQIGq1cu7P+xn
+  mKLsyTtEzjiDEtQEkW/cHUy+6PPBTJEHNhPaX+46sfR8F0GU6B2auYs/WzzF6fXJ
+  GHKNtnoWYDEziu41U5rX4AalMcp8MqUnyE485U22DFOplwc/YQ4h8lWe5E1BOQu+
+  DLMh2jNb7lqzbNwT0kl8fabFsgaGO0SKMhPg7D4QURc089Owcrst5xBLe93tf7UU
+  6l95s1SzSWQpDvM4t/D2glPJg0Z++DWTLSdtF9M/sCvqgqcLnyeCV6qSwZcK9hqX
+  7LL9Z0ECgYEAzB/ZfY4si2aNDeWDcqsUMXJVpp5kgd7stiWfvI1XUcko+m2Uiwhu
+  odyxHX38KcUOLXpGyhze3wH77mKZvXTv3/YShR88RN3ajli7RBXVUcXN3edw1P3O
+  OM2/OWeRa1+Nc7ELZtE9s25yNYwJClxOEI/DLl9xtOGxlj/9rnaDPrUCgYEA0R1w
+  kH60Poa1O5M0ZViGTsbGRIaXnT/ekLW3nI937pHFNSNb3RluR7308r5Cqx2Q1QAR
+  tVojjIjM8hUO2VwMcDhD94S+s9hKxc723avsKo9rQzFl1yRl1ElEri311AOL9UAH
+  DuZuPqC/dvU9lx7mNOUJv759ryS5PKaiWW9jHh0CgYB+jEhT1K69BajxMpcZogJ0
+  3UNIdu4srb3m9tBfHulBpQqopwLuZx3fb2jGtfJ9GtO9Ug9NAjUR4LMFiU9y62pD
+  WNUGfuTodPooQc5nWXnUpmMI7ZFAGtGc2cFxn0nCXYzeaqZ86b/s284mcFiyeaNU
+  FSyWNUnTMBDe63Eklgir+QKBgHZS/S2VtDGpEYV7PuuVkrGige+mZMXCrRIe8J0z
+  BP7GFtuBfWp3CFKp5p8wDxM58IjFuD9wmKrdgXH9fmB5WERrYfH9d9bVrUGOYVt+
+  +2v9qQjlO6Xn34KmTqlsMixcMWZ9a0EAHCNt28jY7ZfEESie7MxFYmKnGfV6qGSI
+  xYH1AoGACQz6U3u5IaMqcSynuSVcFpEFqvVGj8adpB8+7bNF4IrBQ+5HyX/EgOF7
+  VUuCT2QdVnnr79Bge4khX5iDVg8rDpTk2hHwz1q4s+YgnxRUHSiU9wUKfqRAB/T/
+  xpYQyZB8UCjzO4RX2JW1pqOAmexlfk+nMfVIbmj0q0sCj1HeI5c=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod10-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJR
+  XgPwehQhoGfoCYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJc
+  dZv/FFKMOvkhJAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcm
+  rrMJDXJ2plkzdgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6
+  UgRolxyTfRXl4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7
+  dggX3dI3hPIJ6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABAoIBAETTNM/DzmkTtYhA
+  5gBgu9M8hX11uxdkUDwM06yOZ20iOLWHq+IcN1C5kPnZUTQkBAPG1Mv1pAlrzw8C
+  yvbNff8Xur3VBnLtI0J8WmypugbfukDG6BVlNhGK1io94x7fAr+mkB07er0SgS5J
+  pnQ9RpUnkIn5clhYZdvz35/hCQ7lrl1MOD12SILRGu+vG9roE+px+AFIMm5gHUji
+  g1/t3cUeLiaHi09JfeyjwgBZZ4a/26bn51qK8t1VDV44Q12YLVJfvqimA+v114oB
+  JvK/3Tj5FGhfl6o8d+1sh0UGdi4g++LhoEkssgmFuTm9D+6wupFvDrFqEyfOSN2c
+  5IfXkYECgYEA3lCI59hj+aP0noXpHdJ58dAnY62WGaUkty/f3WyZsNe+dw7vp1Br
+  mtPNVA4/u8iB8X3EbxcYEg/Je8HlhGdlfQLosBLj77A7ShGPTfldNC8Dlojvuyq8
+  dYUqu5WVCt/H/fQjLNwqUtNori2mv0y4cWWwgWeIMLvsJs5NpRj78zsCgYEA/wJ1
+  18CbziQxQOPH0fGMYS/JH5yKvMp73/tIi0byU52hr0E5yPhWiLd3/xVsaNbV9wkp
+  jY/1nwWEBsw2MVfaA9r+VNeJELlXeH2SyLIVJe9okSXhALasT0aPVJ5oE2+3/2rs
+  6bbc0wodFYOoeu4RnwuDWKgUq58PaiJfzWLU6d0CgYAN9lji1sBQqW9vlVFywglO
+  mpgetoQ60BhiOOuCaJOue55Gs/VxOKfJbYvzv4FZNdqTZCa2I2krmTo6P48+pY/G
+  LiyXAli2cQcIO9oYN5UW9ezvw2HrC2ASsW5hoZ9es3dIB9E9vAYcdZKZfdx/Hz5m
+  QNC5D9uJ1AOc3FAcElmgiQKBgCZkrW9VTV/k7RFy+eOu9U6wjhxXSkAQUEQxpgNq
+  JBPYuL4VGOkcEpM05DkgdZj3N3GhDIOGuBlAEFehqUsWiflooEAPz1AYR4YZid7z
+  iOGUQO8Rf+XGmvy4h93al5rNiCtJYu/xGyAe9rAFiXkwnLCQYC8Z5zrLkNuO31Oh
+  3KJ1AoGBAJyJFMbU3ETUHUTgkp02ck9n+JlxatafcCSJd5XHseLkbWpsMSxLr8jN
+  NntobqsHoP148faV6mj1KPJzviqz9/8ZoCobGw/b8VH4hPb+VFKbQrGXNpvelAlF
+  1RrGQ0ZBZVtoQFvRWGOGhaW6OPvWEHg4Dei68+rbY66fMX39gDzv
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN PUBLIC KEY-----
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlaGGSpuCcr1bz6NeB7a
+  as+6qWiFaVYyB3czsjSizZAWDprv2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0
+  LdfVePbvwQSs5N/mKHOrbb1t+xYkykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4
+  SaWRpvMI3rbsJeKpe/JO95zIDWLK7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+Qvc
+  gbOg2DOp3BYOL5rK2v4+IrZkkg6/w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gq
+  BvCtAOcAtNvQp/TRaQtLZpDfDhfk1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuA
+  EwIDAQAB
+  -----END PUBLIC KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAnlaGGSpuCcr1bz6NeB7aas+6qWiFaVYyB3czsjSizZAWDprv
+  2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0LdfVePbvwQSs5N/mKHOrbb1t+xYk
+  ykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4SaWRpvMI3rbsJeKpe/JO95zIDWLK
+  7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+QvcgbOg2DOp3BYOL5rK2v4+IrZkkg6/
+  w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gqBvCtAOcAtNvQp/TRaQtLZpDfDhfk
+  1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuAEwIDAQABAoIBADyZyws4tRLkbhlc
+  rJKL5Ha6+Ks8CMuvJMi8s7mB8cmRWw/N9vxc4n1Mj3BO5W85wviN2/OAWLYLzL0V
+  ohu9sNyW3epFQK/0VSPoGdPjqXn/5WcTK5OKfRNvog5FQeI/zMpV3O+GjT6i7Eb1
+  x8P0s40kZGGsZPmwsyMw5EM/E0ArVB3nxD88Q1bMH+GX2g9wvcTJ0YiUU2V4l2bo
+  FlerwnmdXHFEyMs6JmQy6CAacbc8jI512xGTITo4GXVP66DoNwTPDursTdyx9YdB
+  wnDNmqcbmd1yb5R9UhxoUCgOqJ82C4LcW/X1x6r+thmJ4fcWt449gNyqjVIbta8u
+  1I3LzXkCgYEA0XIuZ8CZyfqb5lITmRf/226d7ANzWsx8hTAh8oCpy3UXPJ7HrqOx
+  SA3HGwEna000YURdF8WShOXO07EuUggHPHRiLFYs0DiuNJzUWrlN7qwW40H97jGm
+  HdNU9lP1meFhEf8kaPoAmtX8fdwWFKQQLzFQ6b+fTGei1NPHFIEQil8CgYEAwYg2
+  VdBI+7J9VFLRMmDNZFYQECzrpMJnJszPfgqlWATODcrghjo7N/J6ScooIJkA2K7C
+  l80hqVFPNtHDwOpN6so7Sh0vo4s2Nd3FPAoUk/95CMxzbRezFbMx8Lxn2x8o2n2Y
+  0INocuye7IxyDvQ5cehkYQsU9ZMg34CgM0y0js0CgYAgD4pq92CTOnmC2C2H0dSo
+  klY6Ooz96S9mc+e+Z1OWgWX9MZD/eq84iGNiDtsp4beS7BQT/3pePY9beFPO2svA
+  xVAB2W8isIp6I0eeW59CWbVnNELao176Uc8/pbqCw61IQ/Ye26YcDYWI/peisTqI
+  /tOT9HE+EN8sFP70dI1DoQKBgCdntKiEYFffX+Vrd2zqiOeFHoAspU5Gxvn/ecAQ
+  KtphIBNu24h5EtWxaXTc1I7OmH2GF9kQy2nORHLFAzakfnjv9GKCztBd6AvPu/kd
+  lFMOEXbZKidsS+p/MgvyULMtBQR3zkWme/3qb/F6Jz8kOw4WY1nfB8V4z5iyd+v6
+  EkmBAoGAW3jvV9G2KXcTUb+X9D8OK+q2meFz8mpKVhu8uzOVAo1kihd/sZehP/rC
+  GzlJ0YSagqTaP1YOlWyxNg51LGUTgmjEpnOdcBJXR9+cKpm+nZWza7GWkhxK4pcu
+  Ve9GZBDmM+Z8rll3duOlOVzgLXBllsODiaTSdICcbsveqkxyihw=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1

diff --git a/site/intel-pod10/secrets/ingress.yaml b/site/intel-pod10/secrets/ingress.yaml
new file mode 100644 (file)
index 0000000..b799fdb
--- /dev/null
+++ b/site/intel-pod10/secrets/ingress.yaml
@@ -0,0 +1,135 @@
+---
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-crt-site
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-ca-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-key-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...

diff --git a/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml
new file mode 100644 (file)
index 0000000..e21876e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: apiserver-encryption-key-key1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
+# use head -c 32 /dev/urandom | base64
+data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+...

diff --git a/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..7201502
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...

diff --git a/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644 (file)
index 0000000..9a9af1f
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_swift_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644 (file)
index 0000000..0b49b62
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    name: ipmi-admin-password-site
+  storagePolicy: cleartext
+data: root
+...

diff --git a/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml
new file mode 100644 (file)
index 0000000..a355d8b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: luc_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod10/secrets/passphrases/maas-region-key.yaml b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml
new file mode 100644 (file)
index 0000000..73d4a69
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-region-key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..c5f866c
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..bb19957
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..9bf0217
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644 (file)
index 0000000..5122192
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..32f8dae
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..b22f898
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..040e657
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..5d76ba7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644 (file)
index 0000000..26565db
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..b1ac8ff
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..0739069
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..57db752
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..d103c27
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml
new file mode 100644 (file)
index 0000000..93ae0f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..496fae3
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..3352d4c
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..074e688
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..39f1327
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml
new file mode 100644 (file)
index 0000000..5777ebb
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..74e2a99
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644 (file)
index 0000000..36db28b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_stack_user_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644 (file)
index 0000000..58129ef
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_trustee_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..7c78d45
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_horizon_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644 (file)
index 0000000..78c265e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_elasticsearch_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644 (file)
index 0000000..9232de7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..6d5f49e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644 (file)
index 0000000..bd4e573
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_session_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644 (file)
index 0000000..52dbe16
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_nagios_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644 (file)
index 0000000..64f78e1
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_openstack_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..9c68e9d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..f134f46
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3df5f6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_prometheus_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
new file mode 100644 (file)
index 0000000..9f64719
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_access_key
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
new file mode 100644 (file)
index 0000000..3e06f91
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_secret_key
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
new file mode 100644 (file)
index 0000000..97c7d23
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_access_key
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
new file mode 100644 (file)
index 0000000..60f0134
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_secret_key
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..6c3f446
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644 (file)
index 0000000..2edf0f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..07b2206
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..aec85c0
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..be716f4
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..ee7e4bd
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..4d0b157
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..4ac42c9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..6be02b9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644 (file)
index 0000000..dd0b2b6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..9e8ff8d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
new file mode 100644 (file)
index 0000000..37d5c62
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_metadata_proxy_shared_secret
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..2cd60f5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..487bcc5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..13569ba
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml
new file mode 100644 (file)
index 0000000..4c2223d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..7a885e6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..11747a7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..48df9ee
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..61b4144
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..e7d97e2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml
new file mode 100644 (file)
index 0000000..c72b59a
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_placement_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..a3b5a2b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml
new file mode 100644 (file)
index 0000000..af90ec0
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_tempest_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml
new file mode 100644 (file)
index 0000000..8e7e839
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sridhar_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..18bd485
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: tenant_ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+...

diff --git a/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml
new file mode 100644 (file)
index 0000000..6d5616b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: trevor_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..33c4125
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644 (file)
index 0000000..8a1d648
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644 (file)
index 0000000..866efcc
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_armada_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644 (file)
index 0000000..cb2da22
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..95a76ed
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644 (file)
index 0000000..5ee27f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644 (file)
index 0000000..e63319b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b8083b5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644 (file)
index 0000000..2eff525
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..91f74fd
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..a9cb153
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644 (file)
index 0000000..402c129
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644 (file)
index 0000000..96ec574
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b513af4
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_openstack_exporter_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3c1325
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..95d6c0e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644 (file)
index 0000000..546de05
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml
new file mode 100644 (file)
index 0000000..abdaa5b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml
new file mode 100644 (file)
index 0000000..2176e71
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_replication_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644 (file)
index 0000000..ac40d1e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_promenade_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..6a2aef9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644 (file)
index 0000000..181a52a
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644 (file)
index 0000000..de0eed7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..36ab9b5
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: luc_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChnv1Yab1q0tchYZtNMG9oYb8kV8FNTcjR0rAnWqoEcQV0/yXCnp0GnfVq/l82JJ7D/D7J9rgTSTzL5zYUFoPVVO9S8UucEKquO+Pm3GJsZZLDo5bTvOaqypOiC5wU9Wl9qNrBWEQXTq6nRX96JLUfaCHgRr3b6ZkxDzCMXOQRTPnCJZU5UD5QPqY7I1dr1SuaAdpzQWFIH8Mog6HLkKQXs2nmHRHAF1OppySj7xvXtxzssmzXRSVw5ixAn8sLc7zZ7ZQg+Jx9XknV+46Pi+oSDUj1G3Zd7R5pBFny1fqfrcH1MIGgodNvdQyvvdIaGk5mB3ns5tYqLeNYVvgAN+xl root@node1
+...

diff --git a/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..26c300d
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: opnfv_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSQiblRR5dIEwaEUsVQ7CWNm3fJAhkwkW4afEsw3VokkVzAhB759iJZqyUvb08B/0mbn52qh6VO1ecr/XfyWiHvnm15EkxoLENw3diHK3vPy0Ce+hJWbuoy1Xy15iOCZSdXNj9PTB58BSKRruexvbn90Lh1w73fgmFw0lRy7dqJFEsLfCWZnzx9x/eC6/MO+vT7+8bbClqHH8XKF5L4g3Pt6/exyFKkzKEFYDTCpDelYynOnmzscrCAtFJ2xtLnW+3Ex4kOKpAm6D7MS/bE7k28fyxyYhT5sLy2Tp49LuOFZzFPrsh8lfVdPdV0qwnz2F4Y4iSE9rO0TwFoAV6LGOh opnfv@pod10-jump
+...

diff --git a/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..8ef987f
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sridhar_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAm23hyhNJ1ewDL35DGg9agPMJ1VSI4elUKM/VMiRH0LBLfk55pJbZwmmLv6Z4E3hXPTvPxCS1j0kXqGiPLpMo6qPeK0EjYMCT6EdVFLh5yt3jWouRjG6lHG2D7Y5tjBhu/d3zKu3ZDblbbT2xIbw3OOFoK+9Bp4f42AMGY3etsNdbcRDLmXgL6Zi94okAuEf7t5HeKqXgWkk6az0EMm7v+FgHmlVHMzO9J0XpmFbYtI711PXQBCotVC/LsyYBQoQqtxZnikt6gGLooRHlrWOkhqv9ycBteqIDhh78NNVWya+L7Xj/TcQmyzuTkNdAFxwiEvMScal2oYy+TvoFdlxr sridhar@dike
+...

diff --git a/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..81de49c
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: trevor_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChGgO/XhrpphaoFH6ZZnHOgC/y9ZDIK1hlxm+qQPsakYmYemQJXpVjeqAnyupEA//I4HQ1cXYmzvlKTN1Gj8DxPcmU1QPsvcMBeYIfwS+2JaDbFTJICEmN2pqGu9D55tY1NDx4kqxRTzcvIy3HaIx6m6DshhIe83hPFXdhzk2ScVNfX6EvMevLESbJWNHIKe60md/TEUI7sYZjk8Zi4qcVtEzxioMd8sCWEHdAjNYkCJVEgHZyaqzoAJrTXeAsQFvc6np1CLlkj6QytAmPXLDB5p+NJb1W6zQOz74tSV2oQVP8xTjWRw8FgHSZMwilgiEzyPQQkVf4q/u1UtGHqupf tcooper1@tcooper1-desk.amr.corp.intel.com
+...

diff --git a/site/intel-pod10/site-definition.yaml b/site/intel-pod10/site-definition.yaml
new file mode 100644 (file)
index 0000000..2c24965
--- /dev/null
+++ b/site/intel-pod10/site-definition.yaml
@@ -0,0 +1,17 @@
+---
+schema: pegleg/SiteDefinition/v1
+metadata:
+  schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: intel-pod10
+  storagePolicy: cleartext
+data:
+  site_type: cntt
+
+  repositories:
+    global:
+      revision: v1.4
+      url: https://opendev.org/airship/treasuremap.git
+...

diff --git a/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644 (file)
index 0000000..505f6c1
--- /dev/null
+++ b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-calico-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which calico etcd will run and will need certs. It is assumed
+    # that Airship sites will have 3 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis hostname - pod10-node1
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod10-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod10-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod10-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod10-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644 (file)
index 0000000..abc1498
--- /dev/null
+++ b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which k8s etcd will run and will need certs. It is assumed
+    # that Airship sites will have 3 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis Exception*
+    # *NOTE: This is an exception in that `genesis` is not the hostname of the
+    # genesis node, but `genesis` is reference here in the certificate names
+    # because of certain Promenade assumptions that may be addressed in the
+    # future. Therefore `genesis` is used instead of `pod10-node1` here.
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod10-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod10-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod10-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod10-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod10-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod10-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod10-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod10-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod10-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod10-node3-peer
+        path: $
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..ef0a42e
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,34 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  labels:
+    name: elasticsearch-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        master: 2
+        data: 1
+        client: 2
+    storage:
+      requests:
+        storage: 20Gi
+    conf:
+      elasticsearch:
+        env:
+          java_opts:
+            client: "-Xms2048m -Xmx2048m"
+            data: "-Xms2048m -Xmx2048m"
+            master: "-Xms2048m -Xmx2048m"
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml
new file mode 100644 (file)
index 0000000..5d2f287
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentbit
+  labels:
+    name: fluentbit-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentbit-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        fluentd: 1
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/fluentd.yaml b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml
new file mode 100644 (file)
index 0000000..3652a3e
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentd
+  labels:
+    name: fluentd-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        fluentd: 1
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/grafana.yaml b/site/intel-pod10/software/charts/osh-infra/grafana.yaml
new file mode 100644 (file)
index 0000000..b35614f
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/grafana.yaml
@@ -0,0 +1,23 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: grafana
+  labels:
+    name: grafana-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: grafana-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        grafana: 1
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/ingress.yaml b/site/intel-pod10/software/charts/osh-infra/ingress.yaml
new file mode 100644 (file)
index 0000000..d449881
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/ingress.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: osh-infra-ingress-controller
+  labels:
+    name: osh-infra-ingress-controller-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: osh-infra-ingress-controller-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        ingress: 1
+        error_page: 1
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/mariadb.yaml b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml
new file mode 100644 (file)
index 0000000..335d4e9
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: osh-infra-mariadb
+  labels:
+    name: osh-infra-mariadb-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: osh-infra-mariadb-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        server: 1
+        ingress: 1
+...

diff --git a/site/intel-pod10/software/charts/osh-infra/prometheus.yaml b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml
new file mode 100644 (file)
index 0000000..d00e96a
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,35 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: prometheus
+  labels:
+    name: prometheus-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: prometheus-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        prometheus: 1
+      resources:
+        enabled: true
+        prometheus:
+          limits:
+            memory: "4Gi"
+            cpu: "2000m"
+          requests:
+            memory: "2Gi"
+            cpu: "1000m"
+    storage:
+      requests:
+        storage: 20Gi
+...

diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644 (file)
index 0000000..85ec726
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: libvirt
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: libvirt-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      backend:
+        - openvswitch
+        # - sriov
+...

diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644 (file)
index 0000000..38e3cd3
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,72 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  wait:
+    timeout: 1800
+  test:
+    timeout: 900
+  # values:
+  #   labels:
+  #     sriov:
+  #       node_selector_key: sriov
+  #       node_selector_value: enabled
+  #   pod:
+  #     security_context:
+  #       neutron_sriov_agent:
+  #         pod:
+  #           runAsUser: 42424
+  #         container:
+  #           neutron_sriov_agent_init:
+  #             privileged: true
+  #             runAsUser: 0
+  #             readOnlyRootFilesystem: false
+  #           neutron_sriov_agent:
+  #             readOnlyRootFilesystem: true
+  #             privileged: true
+  #   network:
+  #     interface:
+  #       sriov:
+  #         - device: eno4
+  #           num_vfs: 32
+  #           promisc: false
+  #     backend:
+  #       - openvswitch
+  #       - sriov
+  #   conf:
+  #     plugins:
+  #       ml2_conf:
+  #         ml2:
+  #           mechanism_drivers: l2population,openvswitch,sriovnicswitch
+  #         ml2_type_vlan:
+  #           ## NOTE: Must have at least 1 sriov network defined
+  #           network_vlan_ranges: external,sriovnet1:100:4000
+  #       sriov_agent:
+  #         securitygroup:
+  #           firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+  #         sriov_nic:
+  #           ## NOTE: Must have at least 1 sriov network to physical device
+  #           ##       mapping, otherwise sriov agent readiness check
+  #           ##       will fail.
+  #           physical_device_mappings: sriovnet1:eno4
+  #           exclude_devices: ""
+...

diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..e64738c
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,46 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+#    changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+#    slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: drydock/HardwareProfile/v1
+        name: intel-pod10
+        path: .cpu_sets.kvm
+      dest:
+        path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+  values:
+    network:
+      backend:
+       - openvswitch
+       # - sriov
+    conf:
+      nova:
+        filter_scheduler:
+          available_filters: "nova.scheduler.filters.all_filters"
+          enabled_filters:  "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+        pci:
+          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+          passthrough_whitelist: |
+              [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...

diff --git a/type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml
similarity index 100%
rename from type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml
rename to site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml

diff --git a/type/cntt/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml
similarity index 100%
rename from type/cntt/software/charts/ucp/ceph/ceph-client.yaml
rename to site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml

diff --git a/type/cntt/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml
similarity index 100%
rename from type/cntt/software/charts/ucp/ceph/ceph-osd.yaml
rename to site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml

diff --git a/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..c60f25c
--- /dev/null
+++ b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,83 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+#    based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  labels:
+    name: ucp-divingbell-site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: opnfv_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: sridhar_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: sridhar_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: trevor_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: trevor_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[3].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: luc_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[3].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: luc_crypt_password
+        path: .
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: opnfv
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: sridhar
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: trevor
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: luc
+            user_sudo: true
+            user_sshkeys: []
+...

diff --git a/site/intel-pod10/software/config/common-software-config.yaml b/site/intel-pod10/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..cc56f4b
--- /dev/null
+++ b/site/intel-pod10/software/config/common-software-config.yaml
@@ -0,0 +1,16 @@
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    # NEWSITE-CHANGEME: Replace with the site name
+    region_name: intel-pod10
+...

diff --git a/type/cntt/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml
similarity index 98%
rename from type/cntt/software/charts/osh-infra/elasticsearch.yaml
rename to site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml
index f1f814f..2f7b3c1 100644 (file)
--- a/type/cntt/software/charts/osh-infra/elasticsearch.yaml
+++ b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml
@@ -7,7 +7,7 @@ metadata:
     name: elasticsearch-type
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       hosttype: elasticsearch-global
     actions:

diff --git a/type/cntt/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
similarity index 95%
rename from type/cntt/software/charts/osh-infra/fluentbit.yaml
rename to site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
index cbe4121..1620f26 100644 (file)
--- a/type/cntt/software/charts/osh-infra/fluentbit.yaml
+++ b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
@@ -7,7 +7,7 @@ metadata:
     name: fluentbit-type
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       hosttype: fluentbit-global
     actions:

diff --git a/type/cntt/software/charts/osh-infra/fluentd.yaml b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
similarity index 94%
rename from type/cntt/software/charts/osh-infra/fluentd.yaml
rename to site/intel-pod17/software/charts/osh-infra/fluentd.yaml
index 430f4f4..0032414 100644 (file)
--- a/type/cntt/software/charts/osh-infra/fluentd.yaml
+++ b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
@@ -7,7 +7,7 @@ metadata:
     name: fluentd-type
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       hosttype: fluentd-global
     actions:

diff --git a/type/cntt/software/charts/osh-infra/prometheus.yaml b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
similarity index 97%
rename from type/cntt/software/charts/osh-infra/prometheus.yaml
rename to site/intel-pod17/software/charts/osh-infra/prometheus.yaml
index d7baf32..c4cd4bf 100644 (file)
--- a/type/cntt/software/charts/osh-infra/prometheus.yaml
+++ b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
@@ -8,7 +8,7 @@ metadata:
     name: prometheus-type
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       name: prometheus-global
     actions:

diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
similarity index 95%
rename from type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml
rename to site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
index 5b35bdb..f7092cd 100644 (file)
--- a/type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml
+++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -6,7 +6,7 @@ metadata:
   replacement: true
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       name: libvirt-global
     actions:

diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml
similarity index 100%
rename from type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml
rename to site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml

diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml
similarity index 99%
rename from type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml
rename to site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml
index dd9c02c..b730f0d 100644 (file)
--- a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml
+++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -14,7 +14,7 @@ metadata:
   name: nova
   layeringDefinition:
     abstract: false
-    layer: type
+    layer: site
     parentSelector:
       name: nova-global
     actions:

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644 (file)
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+          # your HW matches this site's HW. Verify for your environment.
+          # 8 OSDs per node x 3 nodes = 24
+          osd: 3
+...

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644 (file)
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+          # change if your deployment HW matches this site's HW.
+          osd: 1
+        spec:
+          # RBD pool
+          - name: rbd
+            application: rbd
+            replication: 1
+            percent_total_data: 40
+          - name: cephfs_metadata
+            application: cephfs
+            replication: 1
+            percent_total_data: 5
+          - name: cephfs_data
+            application: cephfs
+            replication: 1
+            percent_total_data: 10
+          # RadosGW pools
+          - name: .rgw.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.control
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.data.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.gc
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.intent-log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.meta
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.usage
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.keys
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.email
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.swift
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.uid
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.extra
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.index
+            application: rgw
+            replication: 1
+            percent_total_data: 3
+          - name: default.rgw.buckets.data
+            application: rgw
+            replication: 1
+            percent_total_data: 34.8
+...

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644 (file)
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-osd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-osd-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+          - data:
+              type: directory
+              location: /var/lib/ceph/osd/osd-one
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/osd-one
+...

diff --git a/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..2f7b3c1
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,70 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  labels:
+    name: elasticsearch-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        client: 3
+      resources:
+        enabled: true
+        apache_proxy:
+          limits:
+            memory: "1024Mi"
+            cpu: "2000m"
+          requests:
+            memory: "0"
+            cpu: "0"
+        client:
+          requests:
+            memory: "4Gi"
+            cpu: "1000m"
+          limits:
+            memory: "8Gi"
+            cpu: "2000m"
+        master:
+          requests:
+            memory: "4Gi"
+            cpu: "1000m"
+          limits:
+            memory: "8Gi"
+            cpu: "2000m"
+        data:
+          requests:
+            memory: "4Gi"
+            cpu: "1000m"
+          limits:
+            memory: "8Gi"
+            cpu: "2000m"
+        prometheus_elasticsearch_exporter:
+          requests:
+            memory: "0"
+            cpu: "0"
+          limits:
+            memory: "1024Mi"
+            cpu: "2000m"
+
+    storage:
+      requests:
+        storage: 10Gi
+    conf:
+      elasticsearch:
+        env:
+          java_opts:
+            client: "-Xms2048m -Xmx2048m"
+            data: "-Xms2048m -Xmx2048m"
+            master: "-Xms2048m -Xmx2048m"
+...

diff --git a/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml
new file mode 100644 (file)
index 0000000..1620f26
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentbit
+  labels:
+    name: fluentbit-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentbit-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...

diff --git a/site/intel-pod18/software/charts/osh-infra/fluentd.yaml b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml
new file mode 100644 (file)
index 0000000..0032414
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentd
+  labels:
+    name: fluentd-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...

diff --git a/site/intel-pod18/software/charts/osh-infra/prometheus.yaml b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml
new file mode 100644 (file)
index 0000000..c4cd4bf
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,33 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: prometheus
+  labels:
+    name: prometheus-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: prometheus-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      resources:
+        enabled: true
+        prometheus:
+          limits:
+            memory: "4Gi"
+            cpu: "2000m"
+          requests:
+            memory: "2Gi"
+            cpu: "1000m"
+    storage:
+      requests:
+        storage: 10Gi
+...

diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644 (file)
index 0000000..f7092cd
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: libvirt
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: libvirt-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      backend:
+        - openvswitch
+        - sriov
+...

diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644 (file)
index 0000000..6cced90
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,72 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  wait:
+    timeout: 1800
+  test:
+    timeout: 900
+  values:
+    labels:
+      sriov:
+        node_selector_key: sriov
+        node_selector_value: enabled
+    pod:
+      security_context:
+        neutron_sriov_agent:
+          pod:
+            runAsUser: 42424
+          container:
+            neutron_sriov_agent_init:
+              privileged: true
+              runAsUser: 0
+              readOnlyRootFilesystem: false
+            neutron_sriov_agent:
+              readOnlyRootFilesystem: true
+              privileged: true
+    network:
+      interface:
+        sriov:
+          - device: ens785f1
+            num_vfs: 32
+            promisc: false
+      backend:
+        - openvswitch
+        - sriov
+    conf:
+      plugins:
+        ml2_conf:
+          ml2:
+            mechanism_drivers: l2population,openvswitch,sriovnicswitch
+          ml2_type_vlan:
+            ## NOTE: Must have at least 1 sriov network defined
+            network_vlan_ranges: external,sriovnet1:100:4000
+        sriov_agent:
+          securitygroup:
+            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+          sriov_nic:
+            ## NOTE: Must have at least 1 sriov network to physical device
+            ##       mapping, otherwise sriov agent readiness check
+            ##       will fail.
+            physical_device_mappings: sriovnet1:ens785f1
+            exclude_devices: ""
+...

diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..b730f0d
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,46 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+#    changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+#    slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: drydock/HardwareProfile/v1
+        name: intel-s2600wt
+        path: .cpu_sets.kvm
+      dest:
+        path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+  values:
+    network:
+      backend:
+       - openvswitch
+       - sriov
+    conf:
+      nova:
+        filter_scheduler:
+          available_filters: "nova.scheduler.filters.all_filters"
+          enabled_filters:  "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+        pci:
+          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+          passthrough_whitelist: |
+              [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...

diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644 (file)
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+          # your HW matches this site's HW. Verify for your environment.
+          # 8 OSDs per node x 3 nodes = 24
+          osd: 3
+...

diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644 (file)
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+          # change if your deployment HW matches this site's HW.
+          osd: 1
+        spec:
+          # RBD pool
+          - name: rbd
+            application: rbd
+            replication: 1
+            percent_total_data: 40
+          - name: cephfs_metadata
+            application: cephfs
+            replication: 1
+            percent_total_data: 5
+          - name: cephfs_data
+            application: cephfs
+            replication: 1
+            percent_total_data: 10
+          # RadosGW pools
+          - name: .rgw.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.control
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.data.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.gc
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.intent-log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.meta
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.usage
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.keys
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.email
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.swift
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.uid
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.extra
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.index
+            application: rgw
+            replication: 1
+            percent_total_data: 3
+          - name: default.rgw.buckets.data
+            application: rgw
+            replication: 1
+            percent_total_data: 34.8
+...

diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644 (file)
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-osd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-osd-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+          - data:
+              type: directory
+              location: /var/lib/ceph/osd/osd-one
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/osd-one
+...

diff --git a/tools/files/heat-public-net-deployment-pod10.yaml b/tools/files/heat-public-net-deployment-pod10.yaml
new file mode 100644 (file)
index 0000000..1a35a5b
--- /dev/null
+++ b/tools/files/heat-public-net-deployment-pod10.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+parameters:
+  network_name:
+    type: string
+    default: public
+
+  physical_network_name:
+    type: string
+    default: public
+
+  physical_network_interface:
+    type: string
+    default: external
+
+  subnet_name:
+    type: string
+    default: public
+
+  subnet_cidr:
+    type: string
+    default: 10.10.105.0/24
+
+  subnet_gateway:
+    type: string
+    default: 10.10.105.20
+
+  subnet_pool_start:
+    type: string
+    default: 10.10.105.29
+
+  subnet_pool_end:
+    type: string
+    default: 10.10.105.99
+
+resources:
+  public_net:
+    type: OS::Neutron::ProviderNet
+    properties:
+      admin_state_up: true
+      name:
+        get_param: network_name
+      network_type: flat
+      physical_network:
+        get_param: physical_network_interface
+      port_security_enabled: true
+      router_external: true
+      shared: true
+
+  private_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      name:
+        get_param: subnet_name
+      network:
+        get_resource: public_net
+      cidr:
+        get_param: subnet_cidr
+      gateway_ip:
+        get_param: subnet_gateway
+      enable_dhcp: true
+      allocation_pools:
+        - start:
+            get_param: subnet_pool_start
+          end:
+            get_param: subnet_pool_end
+      dns_nameservers:
+        - 8.8.8.8
+        - 8.8.4.4
+

diff --git a/tools/pod10prep.sh b/tools/pod10prep.sh
new file mode 100755 (executable)
index 0000000..69982ce
--- /dev/null
+++ b/tools/pod10prep.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -x
+
+sed -i 's/ens785f1/eno4/g' ../type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml
+
+cp files/heat-public-net-deployment-pod10.yaml  files/heat-public-net-deployment.yaml

diff --git a/type/cntt/software/charts/osh/openstack-glance/glance.yaml b/type/cntt/software/charts/osh/openstack-glance/glance.yaml
new file mode 100644 (file)
index 0000000..2fc284e
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-glance/glance.yaml
@@ -0,0 +1,49 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: glance
+  labels:
+    name: glance-type
+  layeringDefinition:
+    abstract: false
+    layer: type
+    parentSelector:
+      name: glance-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      rally_tests:
+        run_tempest: false
+        tests:
+          GlanceImages.create_and_delete_image:
+            - args:
+                container_format: bare
+                disk_format: qcow2
+                image_location: https://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
+              runner:
+                concurrency: 1
+                times: 1
+                type: constant
+              sla:
+                failure_rate:
+                  max: 0
+          GlanceImages.create_and_list_image:
+            - args:
+                container_format: bare
+                disk_format: qcow2
+                image_location: https://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
+              runner:
+                concurrency: 1
+                times: 1
+                type: constant
+              sla:
+                failure_rate:
+                  max: 0
+
+...