Addition of Intel Pod15 Site Manifest

This patch adds site manifest for Intel Pod15
Update the vlan-IDs and interface-names
The NIC ens785f0 and ens785f1 have swapped roles.
Accordingly, the configuration is changed

Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com>
Change-Id: I20960e505361bc00d019ea3800814637b9ef4953

diff --git a/site/intel-pod15/baremetal/bootactions/ixgbe-dkms-install.yaml b/site/intel-pod15/baremetal/bootactions/ixgbe-dkms-install.yaml
new file mode 100644 (file)
index 0000000..49b5329
--- /dev/null
+++ b/site/intel-pod15/baremetal/bootactions/ixgbe-dkms-install.yaml
@@ -0,0 +1,56 @@
+---
+# This file defines a boot action to install specified version of the ixgbe
+# driver and blacklist the ixgbevf driver.
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: ixgbe-dkms-install
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+  substitutions:
+    - src:
+        schema: pegleg/Script/v1
+        name: ixgbe-dkms-install
+        path: .
+      dest:
+        path: .assets[1].data
+data:
+  signaling: false
+  assets:
+    - path: /etc/systemd/system/ixgbe-dkms-install.service
+      type: unit
+      permissions: '444'
+      data: |
+        [Unit]
+        Description=Service for Installing ixgbe driver
+        DefaultDependencies=no
+        Before=promjoin.service
+        After=network-online.target local-fs.target cloud-init.target
+
+        [Service]
+        Type=oneshot
+        ExecStart=/opt/ixgbe-dkms-install.sh
+        RemainAfterExit=true
+
+        [Install]
+        WantedBy=airship.target
+
+      data_pipeline:
+        - utf8_decode
+    - path: /opt/ixgbe-dkms-install.sh
+      type: file
+      permissions: '700'
+      data_pipeline:
+        - utf8_decode
+    - path: /etc/modprobe.d/sriov_blacklist.conf
+      type: file
+      permissions: '644'
+      data_pipeline:
+        - utf8_decode
+      data: |
+        blacklist ixgbevf
+...

diff --git a/site/intel-pod15/baremetal/nodes.yaml b/site/intel-pod15/baremetal/nodes.yaml
new file mode 100644 (file)
index 0000000..75acde9
--- /dev/null
+++ b/site/intel-pod15/baremetal/nodes.yaml
@@ -0,0 +1,193 @@
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only two bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a different
+# place (type/cntt/profiles/genesis.yaml).
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+  # after (excluding) genesis.
+  name: pod15-node2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+  # node. In the reference Airship deployment, this is all logical Networks defined
+  # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+  # (what could possibly go wrong!) The instructions differ for each logical
+  # network, which are laid out below.
+  addressing:
+    # The iDrac/iLo IP of the node. It's important that this match up with the
+    # node's hostname above, so that the rack number and node position encoded
+    # in the hostname are accurate and matching the node that IPMI operations
+    # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+    # reconfigure identity, etc - very important to get right for these reasons).
+    # These addresses should already be assigned to nodes racked and stacked in
+    # the environment; these are not addresses which MaaS assigns.
+    - network: oob
+      address: 10.10.150.12
+    # The IP of the node on the DMZ network. Refer to the static IP range
+    # defined for the Admin network in networks/physical/networks.yaml.
+    - network: dmz
+      address: 10.10.150.22
+    # The IP of the node on the Admin network. Refer to the static IP range
+    # defined for the Admin network in networks/physical/networks.yaml.
+    # This network is used for PXE bootstrapping of the bare-metal servers.
+    - network: admin
+      address: 10.10.151.22
+    # The IP of the node on the Private network. Refer to the static IP range
+    # defined for the Private network in networks/physical/networks.yaml.
+    - network: private
+      address: 10.10.152.22
+    # The IP of the node on the Storage network. Refer to the static IP range
+    # defined for the Storage network in networks/physical/networks.yaml.
+    - network: storage
+      address: 10.10.153.22
+    # The IP of the node on the Management network. Refer to the static IP range
+    # defined for the Management network in networks/physical/networks.yaml.
+    - network: management
+      address: 10.10.154.22
+  # NEWSITE-CHANGEME: Set the host profile for the node.
+  # Note that there are different host profiles depending if this is a control
+  # plane vs data plane node, and different profiles that map to different types
+  # hardware. Select the host profile that matches up to your type of
+  # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+  # 'cp' refers to a control plane profile. Refer to profiles/host/ for the list
+  # of available host profiles specific to this site (otherwise, you may find
+  # a general set of host profiles at the "type" or "global" layers/folders.
+  # If you have hardware that is not on this list of profiles, you may need to
+  # create a new host profile for that hardware.
+  host_profile: cp-intel-pod15
+  metadata:
+    tags:
+      # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+      # plane node, and 'workers' tag for data plane hosts.
+      - 'masters'
+    # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+    # documentation for the specific rack name. This should be a rack name that
+    # is meaningful to data center personnel (i.e. a rack they could locate if
+    # you gave them this rack designation).
+    rack: pod15-rack
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod15-node3
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.150.13
+    - network: dmz
+      address: 10.10.150.23
+    - network: admin
+      address: 10.10.151.23
+    - network: private
+      address: 10.10.152.23
+    - network: storage
+      address: 10.10.153.23
+    - network: management
+      address: 10.10.154.23
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: cp-intel-pod15
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod15-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod15-node4
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.150.14
+    - network: dmz
+      address: 10.10.150.24
+    - network: admin
+      address: 10.10.151.24
+    - network: private
+      address: 10.10.152.24
+    - network: storage
+      address: 10.10.153.24
+    - network: management
+      address: 10.10.154.24
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: dp-intel-pod15
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod15-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: The next node's hostname
+  name: pod15-node5
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: The next node's IPv4 addressing
+  addressing:
+    - network: oob
+      address: 10.10.150.15
+    - network: dmz
+      address: 10.10.150.25
+    - network: admin
+      address: 10.10.151.25
+    - network: private
+      address: 10.10.152.25
+    - network: storage
+      address: 10.10.153.25
+    - network: management
+      address: 10.10.154.25
+  # NEWSITE-CHANGEME: The next node's host profile
+  host_profile: dp-intel-pod15
+  metadata:
+    # NEWSITE-CHANGEME: The next node's rack designation
+    rack: pod15-rack
+    # NEWSITE-CHANGEME: The next node's role desigatnion
+    tags:
+      - 'workers'
+...

diff --git a/site/intel-pod15/intel-pod15.env b/site/intel-pod15/intel-pod15.env
new file mode 100644 (file)
index 0000000..326024b
--- /dev/null
+++ b/site/intel-pod15/intel-pod15.env
@@ -0,0 +1,9 @@
+export OS_AUTH_URL=${OS_AUTH_URL:-http://iam-airship.intel-pod15.opnfv.org:80/v3}
+export GEN_SSH=${GEN_SSH:-intel-pod15-genesis}
+export SITE_NAME=${SITE_NAME:-intel-pod15}
+
+export GEN_IPMI=${GEN_IPMI:-10.10.150.11}
+export NODES_IPMI=${NODES_IPMI:-'10.10.150.12 10.10.150.13 10.10.150.14 10.10.150.15'}
+export SITE_DEF=${SITE_DEF:-airship/site/intel-pod15/site-definition.yaml}
+
+export OS_AUTH_URL_IDENTITY=${OS_AUTH_URL:-http://identity-airship.intel-pod15.opnfv.org:80/v3}

diff --git a/site/intel-pod15/networks/common-addresses.yaml b/site/intel-pod15/networks/common-addresses.yaml
new file mode 100644 (file)
index 0000000..3f25a03
--- /dev/null
+++ b/site/intel-pod15/networks/common-addresses.yaml
@@ -0,0 +1,164 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced (substituted) elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    # NEWSITE-CHANGEME: The interface that Calico will use. Update if your
+    # logical interface name or Calico VLAN have changed from the reference
+    # site design.
+    # This should be whichever interface (or bond) and VLAN number specified in
+    # networks/physical/networks.yaml for the Calico network.
+    # E.g. you would set "interface=ens785f0" as shown here.
+    ip_autodetection_method: interface=ens785f1
+    etcd:
+      # The etcd service IP address.
+      # This address must be within data.kubernetes.service_cidr range
+      service_ip: 10.96.232.136
+
+  # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
+  # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
+  # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
+  vip:
+    # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
+    # The address is selected from DMZ network specified in
+    # networks/physical/networks.yaml
+    ingress_vip: '10.10.150.100/32'
+    # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
+    # The address is selected from Admin network specified in
+    # networks/physical/networks.yaml
+    maas_vip: '10.10.151.100/32'
+
+  dns:
+    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+    cluster_domain: cluster.local
+    # DNS service ip
+    service_ip: 10.96.0.10
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    upstream_servers:
+      - 8.8.8.8
+      - 8.8.4.4
+    # Repeat the same values as above, but formatted as a common separated
+    # string
+    upstream_servers_joined: 8.8.8.8,8.8.4.4
+    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+    # Choose FQDN according to the ingress/public FQDN naming conventions at
+    # the top of this document.
+    ingress_domain: intel-pod15.opnfv.org
+
+  genesis:
+    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+    # the Genesis role. Refer to the hostname naming stardards in
+    # networks/physical/networks.yaml
+    # NOTE: Ensure that the genesis node is manually configured with this
+    # hostname before running `genesis.sh` on the node, see
+    # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
+    hostname: pod15-node1
+    # NEWSITE-CHANGEME: Address defined for Calico network in
+    # networks/physical/networks.yaml
+    ip: 10.10.152.21
+
+  bootstrap:
+    # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
+    # networks/physical/networks.yaml
+    ip: 10.10.151.21
+
+  kubernetes:
+    # K8s API service IP
+    api_service_ip: 10.96.0.1
+    # etcd service IP
+    etcd_service_ip: 10.96.0.2
+    # k8s pod CIDR (network which pod traffic will traverse)
+    pod_cidr: 10.97.0.0/16
+    # k8s service CIDR (network which k8s API traffic will traverse)
+    service_cidr: 10.96.0.0/16
+    # misc k8s port settings
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-32767
+
+  # etcd port settings
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the
+  # control plane servers. Ensure that this matches the nodes with the 'masters'
+  # tags applied in baremetal/nodes.yaml
+  masters:
+    - hostname: pod15-node2
+    - hostname: pod15-node3
+
+  # NEWSITE-CHANGEME: Environment proxy information.
+  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+  # should be commented out.
+  # However if you are in a lab that requires proxy, ensure that these proxy
+  # settings are correct and reachable in your environment; otherwise update
+  # them with the correct values for your environment.
+  proxy:
+    http: ""
+    https: ""
+    no_proxy: []
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+
+  ntp:
+    # comma separated NTP server list. Verify that these upstream NTP servers are
+    # reachable in your environment; otherwise update them with the correct
+    # values for your environment.
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+  # An example for Openstack Helm Infra LDAP
+  ldap:
+    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+    # relevant for your type of deployment (test vs prod values, etc).
+    base_url: 'ldap.example.com'
+    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+    url: 'ldap://ldap.example.com'
+    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+    # deployment (test vs prod values, etc)
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+    # relevant for this deployment (test users vs prod users/values, etc)
+    common_name: test
+    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+    # deployment (test vs prod values, etc)
+    subdomain: test
+    # NEWSITE-CHANGEME: Update to the correct domain for your type of
+    # deployment (test vs prod values, etc)
+    domain: example
+
+  storage:
+    ceph:
+      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+      # used for the Storage network in networks/physical/networks.yaml
+      public_cidr: '10.10.153.0/24'
+      cluster_cidr: '10.10.153.0/24'
+
+  neutron:
+    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
+    # VLAN number are consistent with what's defined for the Private network in
+    # networks/physical/networks.yaml
+    tunnel_device: 'ens785f1'
+    # Interface for the OpenStack external network. Ensure the interface name is
+    # consistent with the interface and VLAN assigned to the Public network in
+    # networks/physical/networks.yaml
+    external_iface: 'ens785f0.4000'
+
+  openvswitch:
+    # Interface for the OpenStack external network. Ensure the interface name is
+    # consistent with the interface and VLAN assigned to the Public network in
+    # networks/physical/networks.yaml
+    external_iface: 'ens785f0.4000'
+...

diff --git a/site/intel-pod15/networks/physical/networks.yaml b/site/intel-pod15/networks/physical/networks.yaml
new file mode 100644 (file)
index 0000000..659884e
--- /dev/null
+++ b/site/intel-pod15/networks/physical/networks.yaml
@@ -0,0 +1,327 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations).
+#
+# The following is reference configuration for Intel hosted POD10
+# https://wiki.opnfv.org/display/pharos/Intel+POD10
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |        |            |                                   |          |          |                |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G  | dmz        | OoB & OAM (default route)         | VLAN 150 | untagged | 10.10.150.0/24 |
+# |IF1 1G  | admin      | PXE boot network                  | VLAN 151 | untagged | 10.10.151.0/24 |
+# |IF2 10G | private    | Underlay calico and ovs overlay   | VLAN 152 | untagged | 10.10.152.0/24 |
+# |        | management | Management (unused for now)       | VLAN 154 | tagged   | 10.10.154.0/24 |
+# |IF3 10G | storage    | Storage network                   | VLAN 153 | untagged | 10.10.153.0/24 |
+# |        | public     | Public network for VMs            | VLAN 4000| tagged   | 10.10.155.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # MaaS doesnt own this network like it does the others,
+  # so the noconfig label is specified.
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+  cidr: 10.10.150.0/24
+  routes:
+    # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+    - subnet: '0.0.0.0/0'
+      gateway: 10.10.150.1
+      metric: 100
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: dmz
+  allowed_networks:
+    - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dmz
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+  cidr: 10.10.150.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+      # NOTE: This serves as the site's default route.
+      gateway: 10.10.150.1
+      metric: 100
+  ranges:
+    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+    - type: reserved
+      start: 10.10.150.1
+      end: 10.10.150.19
+    # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+    # See minimum range required for the nodes in baremetal/nodes.yaml.
+    - type: static
+      start: 10.10.150.20
+      end: 10.10.150.39
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod15.opnfv.org
+    # List of upstream DNS forwards. Verify you can reach them from your
+    # environment. If so, you should not need to change them.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: admin
+  allowed_networks:
+    - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: admin
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+  # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+  cidr: 10.10.151.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the Admin network gateway IP address
+      gateway: 10.10.151.1
+      metric: 100
+  # NOTE: The DHCP addresses are used when nodes perform a PXE boot
+  # (DHCP address gets assigned), and when a node is commissioning in MaaS
+  # (also uses DHCP to get its IP address). However, when MaaS installs the
+  # operating system ("Deploying/Deployed" states), it will write a static IP
+  # assignment to /etc/network/interfaces[.d] with IPs from the "static"
+  # subnet defined here.
+  ranges:
+    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+    - type: reserved
+      start: 10.10.151.1
+      end: 10.10.151.19
+    # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+    # excluding the reserved IPs.
+    - type: static
+      start: 10.10.151.20
+      end: 10.10.151.39
+    # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+    # excluding the reserved IPs.
+    - type: dhcp
+      start: 10.10.151.40
+      end: 10.10.151.79
+  dns:
+    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+    # Choose FQDN according to the node FQDN naming conventions at the top of
+    # this document.
+    domain: intel-pod15.opnfv.org
+    # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
+    # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
+    # deployed without requiring routed/internet access for the Admin/PXE interface.
+    # See data.vip.maas_vip in networks/common-addresses.yaml.
+    # TODO: This should be populated via substitution from common-addresses
+    servers: '10.10.151.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - private
+    - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: private
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
+  vlan: '0'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Private network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.152.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.152.1
+      end: 10.10.152.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: management
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
+  vlan: '154'
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Management network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.154.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.154.1
+      end: 10.10.154.19
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: data2
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+    default_network: storage
+  allowed_networks:
+    - storage
+    - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
+  vlan: '0'
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Storage network
+  # NOTE: The CIDR minimum size = number of nodes + 10
+  cidr: 10.10.153.0/24
+  ranges:
+    # NEWSITE-CHANGEME: Update to the remaining range excludin (if any)
+    # reserved IPs.
+    - type: static
+      start: 10.10.153.1
+      end: 10.10.153.19
+...
+---
+# The public network for OpenStack VMs.
+# NOTE: Only interface 'ens785f0.4000' will be setup, no IPs assigned to hosts
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: public
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
+  vlan: '4000'
+  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+  # configured for this MTU or greater.
+  mtu: 1500
+  # NEWSITE-CHANGEME: Set the CIDR for the Public network
+  cidr: 10.10.155.0/24
+...

diff --git a/site/intel-pod15/pki/pki-catalog.yaml b/site/intel-pod15/pki/pki-catalog.yaml
new file mode 100644 (file)
index 0000000..63c3f34
--- /dev/null
+++ b/site/intel-pod15/pki/pki-catalog.yaml
@@ -0,0 +1,289 @@
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            # FIXME: Repetition of api_service_ip in common-addresses; use
+            # substitution
+            - 10.96.0.1
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+
+        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+        # the environment (genesis, control plane, data plane, everything).
+        # Add/delete from this list as necessary until all nodes are listed.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        # NOTE: The genesis node needs to be defined twice (the first two entries
+        # on this list) with all of the same paramters except the document_name.
+        # In the first case the document_name is `kubelet-genesis`, and in the
+        # second case the document_name format is `kubelet-YOUR_GENESIS_HOSTNAME`.
+        - document_name: kubelet-genesis
+          common_name: system:node:pod15-node1
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod15-node1
+          common_name: system:node:pod15-node1
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod15-node2
+          common_name: system:node:pod15-node2
+          hosts:
+            - pod15-node2
+            - 10.10.152.22
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod15-node3
+          common_name: system:node:pod15-node3
+          hosts:
+            - pod15-node3
+            - 10.10.152.23
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod15-node4
+          common_name: system:node:pod15-node4
+          hosts:
+            - pod15-node4
+            - 10.10.152.24
+          groups:
+            - system:nodes
+        - document_name: kubelet-pod15-node5
+          common_name: system:node:pod15-node5
+          hosts:
+            - pod15-node4
+            - 10.10.152.25
+          groups:
+            - system:nodes
+        # End node list
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+        # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   3. 127.0.0.1
+        #   4. localhost
+        #   5. kubernetes-etcd.kube-system.svc.cluster.local
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml, except for the kubernetes
+        # service_cidr where it should start with the second IP in the range.
+        # NOTE: The genesis node is defined twice with the same `hosts` data:
+        # Once with its hostname in the common/document name, and once with
+        # `genesis` defined instead of the host. For now, this duplicated
+        # genesis definition is required. FIXME: Remove duplicate definition
+        # after Promenade addresses this issue.
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node1
+          common_name: kubernetes-etcd-pod15-node1
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node2
+          common_name: kubernetes-etcd-pod15-node2
+          hosts:
+            - pod15-node2
+            - 10.10.152.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node3
+          common_name: kubernetes-etcd-pod15-node3
+          hosts:
+            - pod15-node3
+            - 10.10.152.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    kubernetes-etcd-peer:
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node1-peer
+          common_name: kubernetes-etcd-pod15-node1-peer
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node2-peer
+          common_name: kubernetes-etcd-pod15-node2-peer
+          hosts:
+            - pod15-node2
+            - 10.10.152.22
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-pod15-node3-peer
+          common_name: kubernetes-etcd-pod15-node3-peer
+          hosts:
+            - pod15-node3
+            - 10.10.152.23
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        # End node list
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        # NEWSITE-CHANGEME: The following should be a list of the control plane
+        # nodes in the environment, including genesis.
+        # For each node, the `hosts` list should be comprised of:
+        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
+        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+        #   3. 127.0.0.1
+        #   4. localhost
+        #   5. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+        # NOTE: This list also needs to include the Genesis node, which is not
+        # listed in baremetal/nodes.yaml, but by convention should be allocated
+        # the first non-reserved IP in each logical network allocation range
+        # defined in networks/physical/networks.yaml
+        - document_name: calico-etcd-pod15-node1
+          common_name: calico-etcd-pod15-node1
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod15-node2
+          common_name: calico-etcd-pod15-node2
+          hosts:
+            - pod15-node2
+            - 10.10.152.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod15-node3
+          common_name: calico-etcd-pod15-node3
+          hosts:
+            - pod15-node3
+            - 10.10.152.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node
+          common_name: calcico-node
+        # End node list
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        # NEWSITE-CHANGEME: This list should be identical to the previous list,
+        # except that `-peer` has been appended to the document/common names.
+        - document_name: calico-etcd-pod15-node1-peer
+          common_name: calico-etcd-pod15-node1-peer
+          hosts:
+            - pod15-node1
+            - 10.10.152.21
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod15-node2-peer
+          common_name: calico-etcd-pod15-node2-peer
+          hosts:
+            - pod15-node2
+            - 10.10.152.22
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-pod15-node3-peer
+          common_name: calico-etcd-pod15-node3-peer
+          hosts:
+            - pod15-node3
+            - 10.10.152.23
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
+        # End node list
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...

diff --git a/site/intel-pod15/profiles/hardware/intel-pod15.yaml b/site/intel-pod15/profiles/hardware/intel-pod15.yaml
new file mode 100644 (file)
index 0000000..207ee94
--- /dev/null
+++ b/site/intel-pod15/profiles/hardware/intel-pod15.yaml
@@ -0,0 +1,94 @@
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: intel-pod15
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  # Vendor of the server chassis
+  vendor: Intel
+  # Generation of the chassis model
+  generation: '4'
+  # Version of the chassis model within its generation - not version of the hardware definition
+  hw_version: '3'
+  # The certified version of the chassis BIOS
+  bios_version: 'SE5C610.86B.01.01.0019.101220160604'
+  # Mode of the default boot of hardware - bios, uefi
+  boot_mode: bios
+  # Protocol of boot of the hardware - pxe, usb, hdd
+  bootstrap_protocol: pxe
+  # Which interface to use for network booting within the OOB manager, not OS device
+  pxe_interface: 0
+
+  # Map hardware addresses to aliases/roles to allow a mix of hardware configs
+  # in a site to result in a consistent configuration
+
+  device_aliases:
+    ## network
+    # $ sudo lspci |grep -i ethernet
+    # 02:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
+    # 02:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
+    # 04:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+    # 04:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+    # control networks
+    # eno1
+    ctrl_nic1:
+      address: '0000:03:00.0'
+      dev_type: 'I350 Gigabit Network Connection'
+      bus_type: 'pci'
+    # eno2
+    ctrl_nic2:
+      address: '0000:03:00.3'
+      dev_type: 'I350 Gigabit Network Connection'
+      bus_type: 'pci'
+
+    # data networks
+    # ens785f1
+    data_nic1:
+      address: '0000:05:00.1'
+      dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+      bus_type: 'pci'
+    # ens785f0
+    data_nic2:
+      address: '0000:05:00.0'
+      dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+      bus_type: 'pci'
+
+    ## storage
+    # $ sudo lshw -c disk
+    # *-disk                  
+    #   description: ATA Disk
+    #   product: INTEL SSDSC2BB58
+    #   physical id: 0.0.0
+    #   bus info: scsi@0:0.0.0
+    #   logical name: /dev/sda
+    #   version: 0101
+    #   size: 447GiB (480GB)
+    # *-disk
+    #   description: ATA Disk
+    #   product: TOSHIBA MG03ACA1
+    #   physical id: 0.0.0
+    #   bus info: scsi@1:0.0.0
+    #   logical name: /dev/sdb
+    #   version: FL2H
+    #   size: 931GiB (1TB)
+    # /dev/sda
+    bootdisk:
+      address: '0:0.0.0'
+      dev_type: 'SSDSC2BB48'
+      bus_type: 'scsi'
+    # /dev/sdb
+    datadisk:
+      address: '1:0.0.0'
+      dev_type: 'MG03ACA1'
+      bus_type: 'scsi'
+  cpu_sets:
+    kvm: '4-43,48-87'
+  hugepages:
+    dpdk:
+      size: '1G'
+      count: 32
+...

diff --git a/site/intel-pod15/profiles/host/cp-intel-pod15.yaml b/site/intel-pod15/profiles/host/cp-intel-pod15.yaml
new file mode 100644 (file)
index 0000000..5708f12
--- /dev/null
+++ b/site/intel-pod15/profiles/host/cp-intel-pod15.yaml
@@ -0,0 +1,105 @@
+---
+# The primary control plane host profile for Airship for DELL R720s, and
+# should not need to be altered if you are using matching HW. The active
+# participants in the Ceph cluster run on this profile. Other control plane
+# services are not affected by primary vs secondary designation.
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cp-intel-pod15
+  storagePolicy: cleartext
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: cp-global
+    actions:
+      - method: replace
+        path: .interfaces
+      - method: replace
+        path: .storage
+      - method: merge
+        path: .
+data:
+  hardware_profile: intel-pod15
+
+  primary_network: dmz
+  interfaces:
+    dmz:
+      device_link: dmz
+      slaves:
+        - ctrl_nic1
+      networks:
+        - dmz
+    admin:
+      device_link: admin
+      slaves:
+        - ctrl_nic2
+      networks:
+        - admin
+    data1:
+      device_link: data1
+      slaves:
+        - data_nic1
+      networks:
+        - private
+        - management
+    data2:
+      device_link: data2
+      slaves:
+        - data_nic2
+      networks:
+        - storage
+        - public
+
+  storage:
+    physical_devices:
+      bootdisk:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '30g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var_log'
+            size: '100g'
+            filesystem:
+              mountpoint: '/var/log'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>100g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+      datadisk:
+        partitions:
+          - name: 'ceph'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/ceph'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      kernel_package: 'linux-image-4.15.0-46-generic'
+
+  metadata:
+    owner_data:
+      openstack-l3-agent: enabled
+...

diff --git a/site/intel-pod15/profiles/host/dp-intel-pod15.yaml b/site/intel-pod15/profiles/host/dp-intel-pod15.yaml
new file mode 100644 (file)
index 0000000..25e8b52
--- /dev/null
+++ b/site/intel-pod15/profiles/host/dp-intel-pod15.yaml
@@ -0,0 +1,112 @@
+---
+# The data plane host profile for Airship for DELL R720s, and should
+# not need to be altered if you are using matching HW. The host profile is setup
+# for cpu isolation (for nova pinning), hugepages, and sr-iov.
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: dp-intel-pod15
+  storagePolicy: cleartext
+  layeringDefinition:
+    abstract: false
+    layer: type
+    parentSelector:
+      hosttype: dp-global
+    actions:
+      - method: replace
+        path: .interfaces
+      - method: replace
+        path: .storage
+      - method: merge
+        path: .
+data:
+  hardware_profile: intel-pod15
+
+  primary_network: dmz
+  interfaces:
+    dmz:
+      device_link: dmz
+      slaves:
+        - ctrl_nic1
+      networks:
+        - dmz
+    admin:
+      device_link: admin
+      slaves:
+        - ctrl_nic2
+      networks:
+        - admin
+    data1:
+      device_link: data1
+      slaves:
+        - data_nic1
+      networks:
+        - private
+        - management
+    data2:
+      device_link: data2
+      slaves:
+        - data_nic2
+      networks:
+        - storage
+        - public
+
+  storage:
+    physical_devices:
+      bootdisk:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '30g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'log'
+            size: '100g'
+            filesystem:
+              mountpoint: '/var/log'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>100g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+      datadisk:
+        partitions:
+          - name: 'ceph'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/ceph'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      kernel_package: 'linux-image-4.15.0-46-generic'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      cgroup_disable: 'hugetlb'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
+  metadata:
+    owner_data:
+      sriov: enabled
+...

diff --git a/site/intel-pod15/profiles/region.yaml b/site/intel-pod15/profiles/region.yaml
new file mode 100644 (file)
index 0000000..fd8d987
--- /dev/null
+++ b/site/intel-pod15/profiles/region.yaml
@@ -0,0 +1,60 @@
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  # NEWSITE-CHANGEME: Replace with the site name
+  name: intel-pod15
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .repositories.main_archive
+      src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .packages.repositories.main_archive
+    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+    # list of authorized keys which MaaS will register for the build-in "ubuntu"
+    # account during the PXE process. Create a substitution rule for each SSH
+    # key that should have access to the "ubuntu" account (useful for trouble-
+    # shooting problems before UAM or UAM-lite is operational). SSH keys are
+    # stored as secrets in site/seaworthy/secrets.
+    - dest:
+        # Add/replace the item in the list
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        # This should match the "name" metadata of the SSH key which will be
+        # substituted, located in site/intel-pod15/secrets folder.
+        name: sridhar_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[1]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: mfix_ssh_public_key
+        path: .
+    - dest:
+        # Increment the list index
+        path: .authorized_keys[2]
+      src:
+        schema: deckhand/PublicKey/v1
+        # your ssh key
+        name: cedric_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  # This is the list of SSH keys which MaaS will register for the built-in
+  # "ubuntu" account during the PXE process. This list is populated by
+  # substitution, so the same SSH keys do not need to be repeated in multiple
+  # manifests.
+  authorized_keys: []
+  repositories:
+    remove_unlisted: true
+...

diff --git a/site/intel-pod15/secrets/certificates/certificates.yaml b/site/intel-pod15/secrets/certificates/certificates.yaml
new file mode 100755 (executable)
index 0000000..6a3e57a
--- /dev/null
+++ b/site/intel-pod15/secrets/certificates/certificates.yaml
@@ -0,0 +1,2456 @@
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSDCCAjCgAwIBAgIUdJelWxycorv7UHpR0av2SMOejG8wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yNDEyMTMwMzQ1MDBaMCoxEzARBgNVBAoTCkt1YmVy
+  bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQDEJxIm1fY9bNVNYa7OQ1xkuhmw4RnPD0lXZ65OhJ+NB//NDU7+
+  Gp5mRHFkpWaPx0zl67U2nuaI3Uzvvo+Tg2s9VHRQezzBVFhgWyZumOiIxgBeawhg
+  B9VkOwQDrXxjadYFCtIL00VsE5YF6qUzXvX0aBuNZ8NuLL4491ReNP96I8ama1N7
+  6bXGGUUPY4GZS4Xn88d6R5xxvH1chMaMotSwvtj9qk9FZLP4jqCRCpsnjwJbz7e0
+  U60DfGOnfzs0iGer9cqI191fQVVYYuQ0MIe4/m3Hwltcb2+/emTC31ZqxqHZpHhs
+  5BWhGQn2hibwiiMZX1x1SWNAFNTrKCVeLfaRAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSh7lNxbWgZTJ6JFE0t
+  xStgHKxjwzAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzANBgkqhkiG
+  9w0BAQsFAAOCAQEADl0IAa6hee1cclBvb3WXPyT4j3P3fCpzUrD0G/L3HLzEgM7b
+  iYDrSE+GHfQ8bjx1UaTMSIvAnBNsv7upwqIJuoXG3lJx/9roHPmtGwwGv6z++GwI
+  gtl87B/LHtW2jVZ7dymJHrUjS6bp1EBPQFj0Rn+pAeBGOclucXOWn14MFjwPLH6Y
+  wK+T76gX0v5LpTZYb6VwmBst6obpS3RM/gi9VH70nq4jYoKLDYOvWZzZ94XEE0/C
+  SRE5hH21MbEnY6wy6heFTWYDkZWcHfrntYZDHWIYAMB12xv9P8KUl2Ena01FFL6b
+  fjPFbeZ0024MuaHYCpfZu6r1nqFhnfvLTxAGRQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUjCCAjqgAwIBAgIUKGkHzTXaivBQ+gUwIGCuqNdTRUYwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTI0MTIxMzAzNDUwMFowLzETMBEGA1UEChMK
+  S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwaK9O3pc8epDF/X4wjkTpxWshaTHI3Smjzp
+  wQMcPlu+T8W2tLsifbptgMce2qOMz5wM0RnMrp3c3sG6ajJFKAiS78MM+4I1q2Jb
+  buKG1661eoIdYteZMmVRRr4UJwmsmgyR4uqhSTGi6oasmuhK6kiszEI4dcyJNeWv
+  59mqdEr/k0lSmAjgKv2NXrlIhtSKmwvEfdFlgKBMU+nuLRkR3HYVb0SKfZG+DuRs
+  cceE/ZPfT1pmz+z3ghDTKuH668UOT6b0AHS9nfWE/IVn+tDOOlWYO+259cGnnrlm
+  FbAKFoBIf9NonrYvePkbsVgqQBeFxzwS+upEbHPh/WAJcPYhFwIDAQABo2YwZDAO
+  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUFDHZ
+  NBr3Zu1wNNAcoJhvzFZv7pEwHwYDVR0jBBgwFoAUFDHZNBr3Zu1wNNAcoJhvzFZv
+  7pEwDQYJKoZIhvcNAQELBQADggEBAHOqogGrCi3EK0YB4z0lF5tmT0g+i4DC76Sd
+  +Riw713TdyQV20srigiReaCxSctvVhWOxA3t154lpbwbOwvxqC8mXbFSZ5Cr2EVJ
+  56cDpBm2HH7a0fq0Ds4Ywh9tCqR3DgGczpTG5Zn/zdDx/WmE4QHCqqKWQSkuNhn2
+  eGouU5mI6JRGCUiOMvOKdFJMcIThewKLbBigkS3kZ/zLBDZAp+HWc8xH4JEywFsE
+  sktq5xIeXOgeBAkTX1sSmXoUFXl6E4mUv4wBYAqG1zTgtuhnpqnJK4BBScq0gKj7
+  fux6YyKy5KwRT/2Z/WVNgUz4O7Ts5Dr1ozWz7lY6EwR0ajP0PV4=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDXDCCAkSgAwIBAgIUa1+yWTRwV+ypIPLV7nBySUS+w14wDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMjE1MDM0NjAwWhcNMjQxMjEzMDM0NjAwWjA0MRMwEQYD
+  VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/aNSzPmcyRrmmM33YsSDzO
+  8p8uT/v3eMk6O6lWPbp59J06O1sjgqP8NEObgZfr19bgs5UieZ5E5RCHsrTndzE4
+  BhViPPQ1A8p57hckifHpFUwK4oomMUbsMdUNVc7K6XrM6IeR2yTzijLt8VKD2lG4
+  TEbiKhCMoLw5MM9S19IZvRA0CITr+vRjDhpqsBysusO7DUS5bYte8ilsQL1LFYIL
+  g4di0CFBM2TRGkKQQKt1EQ7b4QqgCnK1fcX1BMRwYE9AoW8yrQ+qK7VqXoWS5VwJ
+  gRTEz7PrahBO55JtJ5KOqyOuSLhpamTTqC9aFEXNV8aMZdZfPvjxYQwWNf2TAFsC
+  AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+  VR0OBBYEFKr2D34PW5AKaX1UUp9WtygIrygOMB8GA1UdIwQYMBaAFKr2D34PW5AK
+  aX1UUp9WtygIrygOMA0GCSqGSIb3DQEBCwUAA4IBAQC+YoGJ3Kt8J5LAn+EaePq/
+  jmsNRYIuj1g7M4KxAEjG7oLnOJvEzygEYaTEUI1uN0Oet8gWTvcOcTk1YZ0kdfKV
+  0H4l/P+OwoVN3f5X0Xk6ZQyTWHw7+TrnNPpbpDqBkODg2rpogYowT+W2wTO5yXR/
+  17BBeWdb77tOzh3Krg4o2MMm74wF4FDBvMCgZ4xDlev+wvlRRogZ969y8K8c47b+
+  bfqt1sAoax9dEwagSttX0kLi9yVKDMerZtDz86QdMpmzC64yqTd0LiLuSi/Pdphu
+  IgpNP8OBt0fuNDgfeqCXjTPTQJ1KBjD2SBAHSyIlk80F1Qr9JXQWLJRcVKOpSI95
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSjCCAjKgAwIBAgIUfcVLKpbbFByekAPQT+jIviRWd3IwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjQxMjEzMDM0NjAwWjArMRMwEQYDVQQKEwpLdWJl
+  cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+  ggEPADCCAQoCggEBANJLb3IV/fXfI0LKe5y/2lBL9PJGie69Cz5CWyPIplr+r4XM
+  ktri7ljK5lz1W1huZa8YvLWr430Ic6Zzsq4GryKowChDRkCZJ9O2U46bLBl0BLe4
+  w1OtSDel4RVMeTk7BMjhNYZWQYTeHd4JdDaTZosa0ezhxqU0iLY8ADokEtPi3qdx
+  nizBA6pLl0NibakQ1cphyK2hCeBwT6VsAuMvwrronRoCjreMyVJmiNF2PKLBsKl3
+  NR1Vf7W3WkiMKviq0D7iT0NQxaQcd8h5iT6BWQhM9sofYAlLqZ4QzcexNnWbNlLg
+  Mm5BlNGx2WvsumA1zKR3a7T7/wh0581Fi0LhT48CAwEAAaNmMGQwDgYDVR0PAQH/
+  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFMJnaGNECRgVN42A
+  TvYqehbEBI6sMB8GA1UdIwQYMBaAFMJnaGNECRgVN42ATvYqehbEBI6sMA0GCSqG
+  SIb3DQEBCwUAA4IBAQB45ezEMQELk1leJYENJS3bvEaKHFNgAFpADUBXRnfD8Fy5
+  /Ji+nYsWGFdImSDt24razbw+7H4HBgQrELw+hVMgkhHPTdZgFExm0bu1TJDvJ3Rk
+  yXOCT64gKFWb+krmuTufyT0Ic53v7uUxqwtys+BvAZAJOboueCMv949xAc2ZaXax
+  ssFzwXsevM3P3wbF6JLS8bqE03S2aWBpNBsDDEaCF9G7imGCmkg/k9TKAzHEp97j
+  rAOGwJix1YQmRneZEPOo0PWFqDS0JJx8lSN7N8G1IbdxTlIPPuLyvtx5jfQhbrPP
+  js/eV4N7JzGw34W0sY/h/RaUd1iKJE/bUPkB4bmL
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVDCCAjygAwIBAgIUZMOvPKBPJ3zK9tr7Pcmj6WPmHf4wDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEyMTUwMzQ2MDBaFw0yNDEyMTMwMzQ2MDBaMDAxEzARBgNVBAoT
+  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFAgF9vAt4IYoSHAoW0Knp708eKMe0GO36
+  HCFr95HYaQ1ww4eSi56xi6FdF0TMCTGex+WSkzHnufNM1LjAp5Dgu3C3GgW0Gfm/
+  rkPtW7FNnHdUgRm1U02qzRUo8YXj4OYKSL/15JrNCCV3iC97aBccYmsDuKh2ktM5
+  CZNOhHpXyHbOmBGup7pW5k/yeOFUW1oo7jhWoi1nr+/69kebjcsZa/LQhZBKe91M
+  wyloRrrwAB3hmHbEyOEAPgZVhXVXyIDsoIiMJI1Mp2wq2/TUcVKvVBenwazEAp/b
+  UyxvQ5I5BW4lzLvLyZR1vOIBjS78hPuHnNHqfdUtibQFli/ikdOXAgMBAAGjZjBk
+  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS0
+  IBvCEFyceh5MvvW1+n98/fwOrDAfBgNVHSMEGDAWgBS0IBvCEFyceh5MvvW1+n98
+  /fwOrDANBgkqhkiG9w0BAQsFAAOCAQEAkrSHoT9YHi8pgjxO6vZmdTPe36gF/nk2
+  csX+VJxbhWGE0a/7Qr22wSN831BGzjeJh5wV4CE4s2C/SkGG6fvxFrW05gtX8cOU
+  rcG7ru8xnWdnXM0UsCsKbeGpKWGkTcBeuQ6Zc+9WRDCzbQDSXBQUwqSHHJy5UX3g
+  tDDFbc1uWNmedqU78a9n120g8IIEOHLh3Zm6WUk+Ho81NKNzigamROjviCDfuSdQ
+  pYfuuLDruU2ngBBG24IUYuDU0+Q4iNcgCT/SjwoHhzm83Zw39647LDZURckM3mHj
+  y6zXCJ7hC86/Tj6JuHp/7tGevBWp1MDvkD1ZE85bF3hhbvBf3y2Lsw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAxCcSJtX2PWzVTWGuzkNcZLoZsOEZzw9JV2euToSfjQf/zQ1O
+  /hqeZkRxZKVmj8dM5eu1Np7miN1M776Pk4NrPVR0UHs8wVRYYFsmbpjoiMYAXmsI
+  YAfVZDsEA618Y2nWBQrSC9NFbBOWBeqlM1719GgbjWfDbiy+OPdUXjT/eiPGpmtT
+  e+m1xhlFD2OBmUuF5/PHekeccbx9XITGjKLUsL7Y/apPRWSz+I6gkQqbJ48CW8+3
+  tFOtA3xjp387NIhnq/XKiNfdX0FVWGLkNDCHuP5tx8JbXG9vv3pkwt9Wasah2aR4
+  bOQVoRkJ9oYm8IojGV9cdUljQBTU6yglXi32kQIDAQABAoIBAHZltvkmEPnGpYGN
+  wrvRwQUzp6oyVSe8bGKLvJS8TKoN+ANHUzTh0FaeXWuIwr1qaSom+jy78R8PpQ7Z
+  EUTTAHoGbibeHC/9v1J58lqzhTh5e2OCa427bLyROr0VjI1dJsfoXhyxK6guslFj
+  7s9xNDiQVoEl7rqj2zX7ZDtw9fw8aK/HIb79yYxcm7FNunoGjBe/uu24nF6sIMuj
+  R02qE9I8eUUqhMDtaBU7kHMmChM+0Zq8D2kK34r7j3K3T9gQby/HxWdBEmVpN8Um
+  8x+0Qbd/sdJK0XW7GQEkokyMrZfbew5I/0qIqyzyuSFt1+VAkiMIDM5a46NWaOzf
+  smawnTkCgYEAz6xsmxy1dQUXc/28WochMM4sWr4eXF9qWa8osCurgfklraur9Zgo
+  nqifN1LPdb8MMqVr0Bh0XGEFtlvOFPC+5FmV7veJwJNFDFZw8/z+8nydNA6H/9M8
+  b8ZrEOxAANEiUf30pnGoxknvX1SWTL65QbF8Nin/HAPH6o1NxKtLrJMCgYEA8cxR
+  /FkL12JDX2q3tUpbee9DJ9fFhhJyctaVL5k/EdGf9F3WeS8AGUgYETM2nv/mUyOH
+  KRs61M9HMvt6qy5C2H+XVjWCmURHyYDmBBrTm4B6EUollesYu9bak0pToTW2+5nB
+  NJjnYFZPJiWWRy5A61Ke5u92HccP8HEH00s0KssCgYEAkjIX4ro7I74J3KXrSu+F
+  9g2uO9NLHEwvWiNsyVh0zHLQi4om7CXJsqeSLigl1AZCWAUL+Nq+T6odk1rdoPA5
+  8hb+7dNlLiR+n0jbC2g3Mg13vYXdR8M08JsGFEu8YtbXClF1QRcScUTrNnkdtbku
+  QYjooFjANsCSpBQFg0XzZ/ECgYEA0SoiMd0FtUe3aC70w8qS3yPuP+UTZStH/bdK
+  TmaOfGeNquIRybqypywKRba7pUdQgtLU9OYtOjIkMSIBt1rJUGbvDxAy7Up3nwP1
+  9c8PBhFZhuNRKCK6vqLZaVh+h5HjvDoBO/KZFGkVBra1DNYiKm7KLpMu5gtw6lmc
+  n1cKxYkCgYB6PqN37EeRfiFhxTFTwf/J1o4sx96wY6ZRom4bta0xA3LayHR5xK9O
+  y0xi0vmH2Hl/SYHpOqB2w0nqPb/VRgM9drPE+Fr/8WL11Efopd51ImMOtqLhHW1S
+  z9fYuZRAoSj3v9uZilvturnY5atCBItqO70XMjSvYnvlmpvsnWNTGg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAtwaK9O3pc8epDF/X4wjkTpxWshaTHI3SmjzpwQMcPlu+T8W2
+  tLsifbptgMce2qOMz5wM0RnMrp3c3sG6ajJFKAiS78MM+4I1q2JbbuKG1661eoId
+  YteZMmVRRr4UJwmsmgyR4uqhSTGi6oasmuhK6kiszEI4dcyJNeWv59mqdEr/k0lS
+  mAjgKv2NXrlIhtSKmwvEfdFlgKBMU+nuLRkR3HYVb0SKfZG+DuRscceE/ZPfT1pm
+  z+z3ghDTKuH668UOT6b0AHS9nfWE/IVn+tDOOlWYO+259cGnnrlmFbAKFoBIf9No
+  nrYvePkbsVgqQBeFxzwS+upEbHPh/WAJcPYhFwIDAQABAoIBAQC3ANLGTnCj9Nqh
+  5d9eQlDODWJeVVYpMeGHmSp9dFe0PlWPO/kQwyCcqGC/Z9oA8ZFlMPpbxbk0S+JB
+  1WFIuBUQD2qkU9pSTQLO59zWhaggVq9c3Gb3ou2qR0Y6Puq1keXEbpccVlCIeBoW
+  +Cv0BBqMIbitz/TWTHpRquT1JV5bQcKhIAvLvPXQvNfRP1s276l4GeB7jfgJ8Lnr
+  NFizCBGDDTBJkbEptNetDT+zfniHTeVB1lUs4q8ZNA7Mxh8DuIW8PaiMcx5GJ3UI
+  uYIU1m1+wFnfIxzokO+Q5XVlSnu8cKJZjZuY4Vd8itjxUSqKSwETegCBw9uHg77O
+  NXfld5JhAoGBAMFU4RT63KWn+Yu1XNmsvnN3oGmGf3AGztpiqXafChO2cm9DKEKh
+  aA8u6Kj7PhBgIb33+zRGsuMiMqA9bE8e2UzFOQvN1LOqhfgSlrLEtoR0XkLSxXjx
+  Vk/7aV1SXj96s88DCJ716rKTZ24HXq+acqj7eUwBqb79+/BG5HIQI5SRAoGBAPJa
+  clT4BvTwalbnmfYSfcGRUQOpgGEm2mlUFed8vcBiNJgr+Ewk4aqF+GCeF115CbXs
+  s7DVdk4Jjq7AA4Hj7tkrT+mWjhq8n1III/3cvlXtHo7cPWqM4DqzsHUbiFMSm1pa
+  wOY9FpqVfyesJW391rrKWakdqycNhAS5DGM7dg8nAoGAPJJQVtdmDAy9tZTj+1sQ
+  7HJdctJt2PZ5Fpj0yTJ44MY3wj5DPeT+CkvDHzZgMpc72x33uWAxKdKMFAJKjdt3
+  b4MXJWierI/Pm3KPfoD9QjCHW95XelX6meKGF3P4DWFvNnuX1t3rY3mlXSa39sKo
+  C+OGFFctDKbcqWI8rrP5wdECgYEAoP6UlP1vIafT/Ic+L8l44O2388bWEbPNw8qo
+  Am9LXlHevnf3Kh4WC0GUDhr3SpDtcn0boY0sWgrfThcgPVk9gebT30i0fe5vp/7g
+  afQKPOqYMi78XZvYGSblQeZYWVcy/ILtQgWyzl4hailhc//8dXmWtlGPMRI5cSm8
+  oO8PLmECgYA0svlz4uRD/TsYoMo5jmHw5ihWMICBkJVIcgv3mzsiw7854JqLTuDA
+  XDAvtHGJXDfAkOoUNhbvEqTBsyXaPjIgo6A/0CYOK0hDZPb6SIyOFR380Vy4D+Vf
+  2EtYBuocbPkbn6wtsFbUTyp7FJb1DDSxTmM28atdmjGUBDPrwDm6Sg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA39o1LM+ZzJGuaYzfdixIPM7yny5P+/d4yTo7qVY9unn0nTo7
+  WyOCo/w0Q5uBl+vX1uCzlSJ5nkTlEIeytOd3MTgGFWI89DUDynnuFySJ8ekVTAri
+  iiYxRuwx1Q1Vzsrpeszoh5HbJPOKMu3xUoPaUbhMRuIqEIygvDkwz1LX0hm9EDQI
+  hOv69GMOGmqwHKy6w7sNRLlti17yKWxAvUsVgguDh2LQIUEzZNEaQpBAq3URDtvh
+  CqAKcrV9xfUExHBgT0ChbzKtD6ortWpehZLlXAmBFMTPs+tqEE7nkm0nko6rI65I
+  uGlqZNOoL1oURc1Xxoxl1l8++PFhDBY1/ZMAWwIDAQABAoIBAEAiy+N344/qGXei
+  Zg/8pgHOJVOYOFBv2gqFhbyBuhPohz5ZBdKZ/P8w7mSEdH/rkZ6+KJXNF91RzfOL
+  fZc5Tjwq2gtcZyxs2BY2ExJMZL2L049C+x8rzCiO2cQ6GuCx4G1PsjvNfWU75der
+  tt22a2HIlQomGHk/YXosRKDSEoXeUo0tc+02iRNIyC3EwWiFV2HfBSofS6d3jPYe
+  mjBJ4eQa0zkQHs78OaVDfnGbWIvjVUdmod1+5C6sl2FyeuaWsHX1hKxgY9D/7yTT
+  cyz/7sI4BItAQStZIikdaMu47wpnMEtzCAcVHLAxwdJZxbiZU42is0eAYN/WBYf4
+  N7gw9KECgYEA4PVv2BbBjrE9a4v8uBHp2dOszI0ehAhyG1EJwRp1Ql4KBmGQG71V
+  qziorTBh6eZtGkCAaLw5gFo3NAV4QJpipJ/I7007YFkj7Wj7ztBhsT/jXxSfGjy/
+  iaRw8SPR3dM3lvXLW+okwNKs/T7Bb4lq1HuMnPnutgVd2pQiGlZws5ECgYEA/r2w
+  ZEGvsDqPSjPVox0rjz3fEOpe6c0Mfah33zywyw5YgiAlknDintowsSuD6mRlpxDy
+  DPBpwunJjxsjxjxUEZieJdtiK+6oYVOpzL1e9igG5rezV/iUDvai/4KjYEeCq32x
+  lAIFE/NTdEfl/IukyMHXNj3UbIkxpNg1/YRN5ysCgYBvNufkXNu0P8utr7dxCOoj
+  1pJHTj0X6VUATEAWR45REUzDethT3nbL/2bkuFav3Etz/w98uBF1cyR3g3y/85Nw
+  783XAMeqCmfIp25WAI9Lodo212sQ/Zdz5OgxTxQiJpoE999hwZAKBB2h1bSr/7Pg
+  +HO755QsSNrthO6XNsThAQKBgQC6gEwdCo5C+oyfqdV2R0v14jlnHAADMlE7ylSA
+  xuE0uLsKAdkgHq9714ignZhFyd02dEySNo1n21vq/taxMsfl3hOi6bw1J9R09Riy
+  wc49b86lqcaO2HolfmKVqKJOQeyj+zFAiD4JfjMSRfVWcTJinLAgkSHtmIAVDQpy
+  IiQa4wKBgQCpLeJQaJPoQFYS6YcfwflJUO5IYvwwZZ0L0yM0PG7DF0wfeE6EEc++
+  elCELFbVrfxAUWRMVxIAGwpoI8Z6xLkEr4apv/mD0tGd1MiCi25Ra13+6PLKNGsq
+  IpvdspGb7xP3R9W8hxaaQd0seIo8njHX+KH8XTmTZVZgFiW5jtw0rQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA0ktvchX99d8jQsp7nL/aUEv08kaJ7r0LPkJbI8imWv6vhcyS
+  2uLuWMrmXPVbWG5lrxi8tavjfQhzpnOyrgavIqjAKENGQJkn07ZTjpssGXQEt7jD
+  U61IN6XhFUx5OTsEyOE1hlZBhN4d3gl0NpNmixrR7OHGpTSItjwAOiQS0+Lep3Ge
+  LMEDqkuXQ2JtqRDVymHIraEJ4HBPpWwC4y/CuuidGgKOt4zJUmaI0XY8osGwqXc1
+  HVV/tbdaSIwq+KrQPuJPQ1DFpBx3yHmJPoFZCEz2yh9gCUupnhDNx7E2dZs2UuAy
+  bkGU0bHZa+y6YDXMpHdrtPv/CHTnzUWLQuFPjwIDAQABAoIBAG/jLO+BXfbUexlN
+  TEmRFiHE2BWTjE3WjUXZ3k4CsugVO+QvfS8ysGfTxI9PCAPb8QQhYD40rzvWJFo6
+  kqXe7o29RUfmy1kRY8xT5M8qJmOAhAYQKvS5bIQXINPJNXJKwXfzwxuvhvqfhzqc
+  wxVKhbObWHf1hFBfzCFReTl1+gJ7ar7nRq+/WgJGRH2zO735uObc9AAWIOqvI14r
+  msNPTrChI5uW5+I3r2/g7OfI8pX7FocP1VIJYoa9F4EV8sn2PIu3GVeGkgo50zxx
+  O01r8Rl/80VXIgA+JozgSPpnbrZFt9tKLkWfPBUhHzAvOAIs8HVrlXKXaNfAeE3f
+  /wVGWWECgYEA74VTjPkIvmcOuA5IV8wx0hP2wSxpN68KmKAQSqE9nNEOvVD5ikMS
+  TJLBPDpnn7bLx4S1V292Ff1bz6Fh+Dk5llLp/B00CSGu5l5S2NoAB00cEytP/AhC
+  PI1IVziGZresMMsGbp6UmzSoWFQM5S+tati/1ZXyzeh0OVlQOVL/9RECgYEA4MNZ
+  i7xk0YmC2RWqnpZBMIH6F4n0LIynseqIG8pgnL9snL4GsaV1YyatZ/R3qd+EyPps
+  CbOM0GEPOOENI/RvWbKAVKCYdoWdhWMKdjnxcjrfCZjgAKcMNcgo1uwU41x9mQTy
+  Ww2T5dMfVhrfx6ulrafUjPb68/lpfBfgK1E+ep8CgYEAtBZfon/ftiEQbQy4EeNC
+  ljxSbB2zIp3mbqjydtpS0+RPm8IVTYJucMpqpZkYLnqnLuU13367n372F9+0JIkK
+  Jl9C9D8Uz8TWlvjWe5s1KEgu0q7fHZUsEBD+Ei46x2JUAf+0X1m2TBfEd10CsRMu
+  5UYAvltWysB7Gl9vtRoVvrECgYAshqabpxO16u7wAHnPduatLGKV/S9REAA8n8Cc
+  +MeQ5d8nYgHDeYq6vLPHj0eRcIVGp0110osH0OKKGxNWVxskAtenbDUn7apZ/Vfa
+  OfpZ7c23ggCGQJGLqf5lLVmp/O2ovbEhVpxBAEUJ8sL4NEnbEA9saZUndfZurfAr
+  xKmC8wKBgDUMzvTHQIh88BpryqhxBEFJeA02VqjeUBwJugAu1mP7NUZqksR+QX/7
+  poN0U8rRC0KdL3UepvGR6gDcNTySZKHXOrxrL/OozKuuCAti8kZyRO0edd+4iqPr
+  TInn69lSRf/6vPtkuVddgWlv3IqF713Dg1/Bzwv9e/Bb0Ix0NaCF
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAxQIBfbwLeCGKEhwKFtCp6e9PHijHtBjt+hwha/eR2GkNcMOH
+  kouesYuhXRdEzAkxnsflkpMx57nzTNS4wKeQ4LtwtxoFtBn5v65D7VuxTZx3VIEZ
+  tVNNqs0VKPGF4+DmCki/9eSazQgld4gve2gXHGJrA7iodpLTOQmTToR6V8h2zpgR
+  rqe6VuZP8njhVFtaKO44VqItZ6/v+vZHm43LGWvy0IWQSnvdTMMpaEa68AAd4Zh2
+  xMjhAD4GVYV1V8iA7KCIjCSNTKdsKtv01HFSr1QXp8GsxAKf21Msb0OSOQVuJcy7
+  y8mUdbziAY0u/IT7h5zR6n3VLYm0BZYv4pHTlwIDAQABAoIBACtPrZQ+6yaV+QzS
+  LUWmyjQr8HDo9j6Z3HfIB3D9FItHTTUlR4DoQRM3Z1pX60AQJWCLAeWfhrEzKFIT
+  0ipIrIk7rCQVDHvz2fxSC4z7Q5eUdoeVellq3wBV5fkCYDUhFHHeXJVqlL3OtK36
+  urWexLXwzSYcSq0GynkXqdLxPRRfE0DJksXu6NO18WzrZoY3v4G1MUij7iUby2fR
+  KlJCImXxkLf97iIGK+zsS4B79dR8btq92BbQmKckn61A9SjbARr/qu/RTeF3L+dc
+  au+M+xvXzyc9GA8Ir8h0Lg6m33ZRIrW36JSvNc3PaQpn0OJFrHio8/KMzZEx5Y0+
+  nNTRhUECgYEA4KpEEWdPqNgA0OEPWoCxeQlHOmuD/nHnKV7EyT38iYYU+p0LzzqK
+  w3DY3Nyu4T150swnMBrVMLfbU5Vi0pAwJ06T2ZfvXxHkmAhffnq03Xl18DJ4JAHM
+  q/m30d+Us7CQvytBxSdnCoMg0WDr385jhGXtBcuVcLwdtDTGGDwF/iUCgYEA4Hw6
+  ouY683T34juvZmOvdqHqB8PLMYAOIfGurw9POAzxpSloTcjvkuj9DerWtSia/KKm
+  PsNiJLPk7CSeirmpg7ouH67EN7Q0F621tInsmN+tWIO13B+V653gUdcX8ldDe9PV
+  VaeEClsiaSaDivxDmiDhLmvvo7t878TMgH3HyAsCgYEAy1bPzMCoxLTb6DIK52rb
+  NiVDpohxKvaEtljj2xCTZRVKH5nMen8N4N5eKWhDj/FINZY5Uby3gCSoCfqHOvTt
+  4GWqQ6LUMEPNlhzd8We2E04/hGrpeg125aBa00V9HTWNjLjmCj8jb8xHA7qpQiNW
+  xxpJcJlWZHaem9+3+284LVECgYBNck6AeNGJwKbshA7lUirs0Lt+5kupzjYR++F6
+  P9viyIRtqLV1cIdGtd7n+EcOxO2Dj1GvgZTQeMfXuGKCFb+n1ImpIJBNb3wxVxrD
+  KHpZ24FgckBBqxv758HGOmDmmLiNde252Usyj3J1uHXVc2aXPBS0AUTxxfM6fTjY
+  c4yDNQKBgFVXAhGkYN/9GszLS54Km7NDB17kg9bnYNDazX2tgybfXduceyscYGIr
+  w+5z4SmlqNF/YIOfhGv96q50Em/w7+Jig0U9jgiyXUx6wP92e2aray+NuhgEWkyq
+  OxsZEhySKh3KfaTxOLEWarqCH0KJ8/ObZQylA8H7ZRVIA33Geoga
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID8jCCAtqgAwIBAgIUbLHPFiOLbtIAvW2V084HXL5sV+4wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMBQxEjAQBgNVBAMTCWFwaXNl
+  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPvfaW1wuCRZjD7
+  rhhx9Fi6FA8jgKaYYc7r9iLSRrYb61sB0LmYilB+sK/ZfBFT5WOecwlOBCcd2q4B
+  /fQs+1wibqDcMVWzyylemcXZPmXp3mZL0I6NXS2pKIS2DOxDvFvfQ6mq83rC3EEZ
+  MayHNHCychpxFIROWK9OYfm5jKkYXfUZkU7n55vMRkMQvKWRPbfWZ7MfIu0UYZ97
+  q6rdqZyReCdzuD/6y4sf3ZVDoH0sZwi4oaMxDG7dRtQAIQa6AJWTcWCIW62acxqz
+  yCNeDRHc5rOvDNbpqN0+rUHtXlpiUgkd9XusFtLnt16/U2HYGkSGoIkULI+Vt9gE
+  O+8uuesCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUiWtOJRVy
+  yVlJNX/Vf8p8X0cBFJMwHwYDVR0jBBgwFoAUoe5TcW1oGUyeiRRNLcUrYBysY8Mw
+  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCx+PmFPP7Ja0zF
+  dsBIJ1KFG9JN8Yxcn9afDTC4FIjs42hBejTcPZBGvZ/F58jp9N3apeFPgPRYAUO2
+  V6Y+Lr+Qpt0dGqsEEYfiPsMVpok6lbADyn+otBcb/51AAGFAC5cGYXq7xLsFpqrr
+  B6OZUYztTMcprTuNGL5u+oAhD2Uhj0xb7aQH0DhwB7A9Tmd9lWNjmGJGyCzc8uLq
+  31z3kwAKiCytLeLgNdFfEZI7vJz3leVZTNZ51bkCwrPeYKg2b/wFQJ7B1qd/Klh6
+  QQzu30o927tnvP3OzKa30MqHPzMWtrLTbgblQ4vw6UQH5dgcwbNCLQcx+SawOpBI
+  T3LkeaTB
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUeI3p1Y8Y1g15ej3p8SsfORRKBkcwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0shawhklpXufNIwgyrYaQpUGwuFLi
+  MuWKvd2c2UwcPYnkFZVnc1cCI+WNKKvxym9K9olVROIbFJACwnCy3s2O8vZEowq4
+  F6mJ2ocAzGoxHp9t3Ce4k7R3t4Miegpg7sIozG3iXRw6VRZ9aq/hICnwjf95DXqT
+  gNrf3yZAs9B5Y8n62or/G/uo57kI3b2FasdC6Hqx79GTRwZw+MPrIYHOqqVMfCSA
+  /LucQo6/KGF9l1zrW1Plj5pS9V+XWGm5neDWQ4n/eqpQCE3Lmu9Lyezi+NixTR8Z
+  G3zHK7qXozCfflb5tT48ko4MIYT4sXYcwPIh9EReqxbJGpIpF3h7+OhfAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSAvYcbSKcGR0LQ2qgmeFBdQHrl
+  8zAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlMYcECgqYFTANBgkqhkiG9w0BAQsFAAOCAQEAiuyC6oyawIfh4MOm
+  HgHeIqsJU2k1Pi+ZQTzT5rkJKWP5LmWd1kIJLqCjm819S9OKRMn1Vgc+fpbdCe7e
+  +oYV0kaiJAkyTkwDEy44yemHz/iixwrMR9U7KLmOJV5xZyj0sTMSn0FfEo2YANA9
+  nz/AEHOAkvLUiYQBhucLZ5lpEy8j3sx7WoxVeYXz6wNUwH+7ACvq4ZkHDCGmu3LN
+  VLB9GAFLtzjsk+NiG9Sp36OCpbDf4Hbjm7VRdn7CtsrBTQRjpbVtwng8duZaEEQ4
+  OmCrZFQhCkRMKzmV4CfsBjUyhQ6ZKGxssfGzWZ9SZ4JKpRBJ27ILW17PrK1IUJ1a
+  O7iJkg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUHPN+DEQRbkDQ6xkG/buFZ/NOAT0wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyittkIOWBVR4mzeKjPTXocjWSzseQ
+  LmXi4mImf6UkUEDGbb3JxGZW7OQ7R1M7QmvpA7Hesmm2ywLignGyRC199N3BFWQO
+  3X/yNlVLwMbFhFtsl1haI0BFGDlwgjOr7UcL2DfAkuunjw9sSTF8ZOTMkTmbxnN7
+  bEThev0PWEILEJjdLQm/8BYL4uXoHrbNYX2C8taCn2R9E0eUVjZINMDHvvbQhRek
+  B3ys+nO44Y3kPkZjm4MNz6/DdDsrOqqDIwctYVn63kH0qsWHonRkpXnpEmFeV5sE
+  GGuMe463XvLIHQG0g/KeUOvVaNK9Yp7PU1kLDa687rXi84OYbcLDVHYjAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQR+Vh0QZthupymCE6w/4R7TqxX
+  fjAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlMYcECgqYFTANBgkqhkiG9w0BAQsFAAOCAQEAFtxyTRbfi8LIMDQT
+  K5pek8o1Xrs/P9tSD5myJjaS4grAayPd481LsfeD2hk+4lymZr/ENJPN6dEvqrCH
+  ucO0FwrMc51+UhqbXilRtnjylS7Dl1nul137uC1ocA4YPVM9wiTEiDb8SK+p0ymb
+  oBK+eU+kloC/NRBRFH7OGFM05ujSqgoSbVEOtqeNftzS1ezluvhxXq2m8DQ8PdBx
+  8vgMXHmQHwNkMHl8MiwMyznVBgp4JHohGLYGT6CnIdT5z4FcBJ1MHTic1ygAemvl
+  Q4TeCLboweXJa27ne85HcLZ2GUmAKi5sDk/BiWJ1Hha9Hai4KnU7CJHrepEOsQXz
+  P390XQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUJJsGBbG+BVMzt+Zn6+FJEAhKyLIwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTIwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs4LEuWbyPOWbhCLNmV//TnJPpYirp
+  wzqK9FBq+R7+Pys8Kq7p6ztVY9dQ86WLLzcU4ji+m65KcjxgUVZh+NQYmvVWbAHh
+  V5AMQ1R3SfLYJSWKJiSiVtklvJa7QeZ3q0CisD4sFb6TwsiMTVOZLItGArOZuwGY
+  PNmzj5z/16D+FGLAogRmD4zcfroZ4sVaedHYZyi5o4Cud8HHibHpfUZhc5PB6P2W
+  Nb6HoWQiV1SEycjZqh/tVFDTECBhgvSmn570uW7vpIURD/5voH0yggeEQbAgZwbG
+  Btc7hcjkbmaGlAlyGlH/Xn2jf0uCnGKoHzQzY3WXh9i2JnkyCme2bZfTAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSSkEkRzaFIm1Ediw4X00f5VeHB
+  BDAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlMocECgqYFjANBgkqhkiG9w0BAQsFAAOCAQEAhgMQmXZ7RwDnkhD/
+  Y+MbfDASKHaFUvnyc7a+1q/2RLKbpWc+SoQLaUrHY0gG6uyJamAIoI4D8ZeXyHrA
+  2/50ulYUQ0DDXKQD9YbPHTTBq9Bd9dBaRnES/t5k6nf0VbCmXp1nfHXsBWmIfczg
+  GRCBB6YT2RObfytzHBojQZkm70gZh48KJfkn21c8K8cpoYkofvCZkJxd6aArbI0I
+  8NK0gTp9IJ13GieE7KvFap4rvIXrUuB1kvEMdxlwYJ2xyDIKzHKR/ltYy1xeHGH2
+  KivJdMgLDS+GVrWuFj5pNwDB/kK6CTTWvdcH1/klfplBIZs0O81mo4rRWOWQQgKs
+  uq35EQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUAQ6H7jXX+Sfnj1DQTXDP8ig5hvgwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTMwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkAXgYtT4lJs37wT7kEDefTHNitPPI
+  aUn9it2i1fjpUslDse+xZTZv7gXm9U05ZYaBqMJuhzpdY0XuRk66ppIh+POayT36
+  v6SdlytteE7QiRI+Sp7P6n7zYbRV/4FIJGH3NlUaWJu+UAEVsuZ3YfJljmg/uksr
+  slghDTW96xaszhynE40r0b37X8iTMXrltitfOex65t27BaOENQ3RaBuaFAXJeuk6
+  oYU+tPByFsFsxNNFqTmhhwfd/AaKKNRiEc5MEBd+VYrSSe3/UhKGcBI7o0U3s+T5
+  2Ne6fL05DnUYMT/SSnvGqWJK2CCPsmPsF+OlTSZ0A9D2CeiMyb1fMv8TAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQbQ6Q+lKgIFD8hn4Ya4ALomzZB
+  kzAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlM4cECgqYFzANBgkqhkiG9w0BAQsFAAOCAQEAdfesLgCg8Yh+6XDj
+  Ft+0mxuWBGjODNiVtQRU64Zt4u/jqxVAOyw7Ldz87LjqecFOaH78LD3fTvn7z/9j
+  sefWFaUmuYOxqPSBAO4qI60ll6KfP1uDtBozvo0kNR3/lVI7Aak84ig1tDEHWMSG
+  mBGdSTYi4tsaJU3g1OOgTVrTxnsd+hZRBLFaoEJCa9kOT5Fmsm6IqLOgnd35t6Xw
+  vYd3qFEbTj0PeD2HrttemLtuiqWBHRH2pB86mHXPBOqJzqLVBZ3n5lUE1GxzXucu
+  PUYsCA5j7EBPPwSc8saZWVH4i2N/egohB2mGkmFXgjBB+ROG+I74oZGOZskNFxyP
+  siHsNQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUHiDObQiv3pMY1koopRzis/CUhogwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTQwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMi13j4TYfCx46/i6AlbmVcoZoHli/
+  JEh2I7WIkBNh6GL3fviLYavrFBNeGK2DjPr3dbyY2jTWDbwGXtB73Ak2Yvv6M2H/
+  k2peYqvxZ0ZSYw88S0xUazzfKl4Z/nEZAMM2JDimDecQ4wL9xwbJZKTr5i7LzRWX
+  cqJGeKOsBCf4nti0tCgpquaS6xrXhDKHksVNrkfkniSWedzGHj9cJHRFMVXP5hrK
+  v+IZloeVCjLHy7YJQ2a7aRSmf0QQgrlMmwUY7bA4FCfsAe1g1823xtqZTpd10i8h
+  u95aJZXGQOjAkW8UZaS1EJIjm3t/Qf7EqkOi5yLcFlLBbCfBBgAGSDHBAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQweNNlcW04q1RXdJXxnW2O8en6
+  1TAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlNIcECgqYGDANBgkqhkiG9w0BAQsFAAOCAQEAq5/bfcYU0S+T8F1B
+  XsM95/5KCbs5H7Z0WP96dVs2wFZzwf7Xt9TNmaVd6PtpQHfBzXuEDavg331Pvg7G
+  nuEywYkqD/7I0looHQTpoYQYqtVkJ+W91iXo0ezwLRV/fzhsLin/mPUCuENg3+XH
+  +JtQjAnUDbNicpMlJeGYy/UTWxECoH5/yv2/fvT1xEM55KoBf5N8qFhbLoXxxInm
+  Df3DOx28XqNTbO/h05RNSz5jfpRkt/1wUuDmC+9WtQCKlvuZ6EcyL7JfPnl5yv6W
+  vHYcmCyMNOvqfArePE5wfZ2L0Y8dkEXpMuFs1k1uPCBdIe6vuxEmQ2l9L94qVZ5f
+  2zJk9w==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUZY8uoWqacyYGhJFTBxAn3s/6OHkwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTUtbm9kZTUwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR9OuH068GlLZ8j86Lgc38V5yE+Npd
+  JZEbJN63IpzlsC3HAT7+Zv5hR+kR5H+IkjsMe4LhRDUAHzPYBv4qZBFocw7L3+F0
+  6z20W4PX3DA8VYUmU4HkT/CL7Pu6vWNJsff8EyVXktPUdkP1CtPs8CeBHAPchgYB
+  /damSg+FfVXtCprQT3347C/TG1vjEvXOQ7kERHVdkPc4j2fjz0tUsMwZ8bfHmxW4
+  ZftyFSxsQUZMEfa5OHf3JQe/6FvfI2SCfmXf3L1VUL6ahsfmcAnnZHd2ggnL+ln9
+  hnIcCn06CBSRJZHQpsApR0MiAk4X0lO9EjchTHVmUs8JEM0Xy4UBDE6XAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRKiM+XWchqU5Nz8gJhACPj5xPf
+  oTAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0txStgHKxjwzAcBgNVHREEFTATggtw
+  b2QxNS1ub2RlNIcECgqYGTANBgkqhkiG9w0BAQsFAAOCAQEAGm+zWf6g+b7NL/Im
+  WrM1DFyFbZzpnitPlj+aACAFERPdiwIM4s9UoDIAeDXx1W3T97DVbg1zR04CkWEf
+  V/kbOvFlJkdUJeDzfNr0RCHyq+s+ZxtijfG0lKsoVWgoisVx0PhNxV5uCpJfR7qO
+  dmcp4/PMhus8V/xzLySBCvvcDggE/rnQeRMo7rkgzHtlrXK2y8Pz/yJgzZaCJUFl
+  1B4IgRtxx7cSLbfBm0QDtJc4Xq7XL/LZJPtEINEQO6y1nnGDXBCsKMya38/ZlTit
+  KyU4uEoY6MqAozENUfy6wPK06X/d7fwAe0xv6LF9tMQwnAMycqfsjE2CTAC8iSH3
+  4vNvNg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVzCCAj+gAwIBAgIUSAEv2BjvmjQ527csIIit7+IfCT4wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+  bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+  ANF6rvod+hA4JTryPAXEtUmvF6XcI4dKBa90W0Jhpnnkou1ZBSImWX2IYxUW/wE1
+  gK1J/J73pcICM0wkju5ofU3XEe9LRRC7ZRLnUwKqIZUDsCMl4J6CaFjvm7wtxpxf
+  XEk+5sjNMtmTUmohyRQZkPskfBpwDFMpPhABfunHPxcf7OqcRxZy2tcRuZxLxQV4
+  K3opKiKZJh1TFGVlUYxXDw2dG5mNP1vfRZpxsCjZmMKlU6F+V9Z+o4tGUIn+U/ld
+  pTi4BQgTgd7vjzhJMb0lsgLVWdpsLW0G46OUvAalHQZsSF1cgj6iXeNNmk6ukZq2
+  SonAP1gC6pVVJw1Z0IXJ14sCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+  JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+  BBR7ppy3HqgRgC4PwjM+FiwWk3u9pjAfBgNVHSMEGDAWgBSh7lNxbWgZTJ6JFE0t
+  xStgHKxjwzANBgkqhkiG9w0BAQsFAAOCAQEABSLPj/FoIzeuA5n8iS3ZUcmJmpRc
+  BCx7L/U/qk5gL/0K/uZnNImtfKGa8JSmOhT3RUPQdfdF2d1MNhyLmDvQ90+6KT35
+  OXswNicmdOyAxGH9r9hmUKxYPqq2bYP6tj5J+v8g7ZcQz/dXVO4mC9S0R8j0DO3k
+  nvfgNBlvDKNcZxHn6HZLFDrEkM6rVhJZBrlquHU6OS1QBm6JuH+/ZCYIbH72eoBa
+  PRKX5YZxaFo4X7WPqUdVj+2Gw6IPuMbrK0ZsObRwocepzXV0BRt6kv/Supca9kkp
+  NH25lcT6JlMo4/fZw3Mw9A9DFN46Qb31fjNYgnB0dh0YaQMQ1ek3owg3hw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIURAnOf9bMH3lTJ63NtzSFdxM9JOgwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+  bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBAKTUXzod1EnYLJBWr/565EEds6qG7yxb0bvqJLvZgmp/GZMesfRc
+  dBFQ49b+bRoASGLIRZDJBuYFgaVMAum6vnwyiJQ6zoH/v2KYbLsBXwbfnlWvmxr/
+  bq+jXy4I7t0DvOhE9rR900XecJ8IOuMWh34l04GX7k8m5/0lvkZkWurhDjetLcGS
+  /6f7uQBMJqYg96sOHRP4XnBtlJZWLDFODkgCEDxVHo/yWyS2wwhPRaRhVpVpyrqn
+  uFV7SPx0SMpmFjyLRfd72coEw8v9N0iVjWQelbJldCW63yfIW+yxW2VcxbuH6SMg
+  DAhPSr3WeMPNpNHAeieafYj1M520DcjIJ2UCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBTYne03TtUnu2JQuL3HTpw/d3GOHzAfBgNVHSMEGDAWgBSh7lNx
+  bWgZTJ6JFE0txStgHKxjwzANBgkqhkiG9w0BAQsFAAOCAQEAS0aQmePd0OYpbE07
+  WxRp8fqEcHKLJMZIrUhOcKecuzpe+1arwPMJ0MOVM2tljYcrm2NlYVfNgC+T63yK
+  7LIW1ChnjAmdzN6dYHic8k6dbR/Kf6Tx1NXi0w2qhvvFuboHSyB4FlSktN2lnRk7
+  FWdzNV19h0xUNt2767hb8VBP1bIVWKjD8yAEClh9HZau6MEcFYdNBrRE3YKdk29M
+  YexwASFqj7Jih8Up/yps/xjE2J/UWn7un2RIi+7GR1tjDnP4sPEmEp7v71rMTDmj
+  T1qrlNFlJwhbZgDv9jSjvr3QLCh0EYS7VVE2Tih7QLRb6wBLwZLMjQPNN1GkG35P
+  SSAwgQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYDCCAkigAwIBAgIUDVuOb/s12+4utcSFpn8HPlYHUaAwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+  ADCCAQoCggEBAJ4gtveC2VKgWPpDtLMa7wi4hMafPDeEoyH6/0kYGJXAzM4nTNy4
+  Yuuet+AeGC6rzpsCDmFqPkVDQ3Vd0K+wNUIvf8jYUyLmeWPFq5+jWnRhzRmErOeA
+  OT+ILkJE1CwOhOlKc2PtN8OS7EmTu6lddt89s9gS9isfnnIBf6bHMtgjYbkdA3lD
+  oEK/o6U/KvJru3v/MHEyzUL0n0xPzG+vOT4iEVQWp73z4wh3jSxHCoBbxEOaNNfJ
+  hB3E1FaI6Lcu8TwVvvwY+Gsvw5DWnRyUw3/DDQzM0cPfG6YCfyhcBEIIBydKpQ7X
+  /MgJx1euBdGuQaxsZ4xoKKZen/AhBmfCMEcCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBRLaEUYtQhlLBqBAKIu4kP4pYhQNTAfBgNVHSMEGDAWgBSh7lNx
+  bWgZTJ6JFE0txStgHKxjwzANBgkqhkiG9w0BAQsFAAOCAQEApiYqUiC24UK3f1Qo
+  2zua9S+5ZyfW98/posX5EgLvsnnbbhitEyzmsTPhmr56vZcdVUcopx4W63Inh4Ta
+  GBPT25ptfHTA5m3TD2+oWEAyJ0xAn4w3Eiw4abf4h+5CBeNoeure9xLbR36vYHoZ
+  t4iY5CpkhxnwuKWAYNq8kilA9oS5vnnguC1aRDrD9m2KfY5ikbFwFYe3G4KMp2iH
+  YZb1Lagpedtcm2R6xMgDUJKJnCyXZHqzuXs3OXuM1QW6e1YvUMZAGLWnMbBvKs35
+  r1GltV99HtXphNpjxWzkTMKK6+L0CLq5wnqVcW3T+V5WNGnHV18A2HD3CTssQZlA
+  nileWw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDYTCCAkmgAwIBAgIUalNlJLFfpr/Gh7Mw5t4a05g6uygwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0xOTEyMTUwMzQ1MDBaFw0yMDEyMTQwMzQ1MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+  bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+  DwAwggEKAoIBAQC4iej5JvHtxmEc6XoriwZvkmpQlaRQ2xdmNJ6p2pM73c80IqlT
+  Ge19a+jK10xzfoYW8Qz1VBIzeBPqMfhEqTWnSgVwHZ1Q60yS7Yu0zEDZ2PaecLCA
+  WnOf1BQYquV04b8lcfXVGPyKWZtomtKYm77PHpEMDzrqMXjUQ4xFCJKqSmHxZJTo
+  zhk39+6Yj6BNfzTPDDRIKrmt23k/4ooo/NWYQrf/9eIl21vYt4fV3kohFOBzHMzf
+  3DBmRvFbwaDq0ZHzBSxo06aa51ZVUKDfTTfWmuD4bKnV+bmAbmoUJCOeMOzYuQVB
+  MSi66WmsMILeAeWlaSCpL+0V4GEUk02PXJdJAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+  AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+  ADAdBgNVHQ4EFgQUnMdTKIGmWrYIpxLZFEAZZ8AM25YwHwYDVR0jBBgwFoAUoe5T
+  cW1oGUyeiRRNLcUrYBysY8MwDQYJKoZIhvcNAQELBQADggEBAJVGzx7vD7Ur9vTf
+  yDC3Y/610wnWezr2IGFA59j9/Y4NiW+GrqFaipPjJBhm1A9YYAOS8K4cRw1ryyGS
+  QEOGmSlcDexdP9pFODUpwUy4bmNnIMBoNOJWQA72lA1hreFhD5RRukMLiqSjtNt/
+  DembnN3XvI79xzgWiFVh7D43xZDP2kqd7YxsD+iUuZ9/R9d6tSTmRdLzVpIQtfP4
+  qKGxl1JpKjnejHB8OCQyj/VfRxJpimi0xSiovB9XNo+2uGx59LDXHS/oy4qJV+zA
+  2vQsn5WwXf/PogjgIr4MwKfqJ3n+F9dWWX+MZmpKk0hAQnNGeqZK/rUiz6F6U7en
+  RdzvX28=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDUDCCAjigAwIBAgIUBH8wQBihC5wZ/grBgM2yKeAvOzQwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTIwMTIxNDAzNDUwMFowFDESMBAGA1UEAxMJ
+  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OxkNW5Y
+  UNIyEmTSYt98xvhDrJz9SkoLn+fQeKJwvw2a0/sdClyQQ/zkNiSH9QVD+jzFXSkc
+  Yz/jbsA3jUxR8cypqjn+eSlItBQwwR8O440i7YoHfMMld8lcOp458/K/zgWAh9U1
+  GEsgACtCo2VGZfrhTAtbux1T1eCTTaSWM7J50ulsAyCBTUwZwO5f8zG/C4iKWhu8
+  5gxgExiucQ+ul71lzgumxwAojK2JBuH88IQt2aTrKw+sn16z2G8Z8E4FoxMCNxYD
+  kV604V5c9dBSZKlwea+fk/pMzwvxIA6tLHT0AbW84CdAoT2hDZbxI4pnrfIhwgqc
+  vjxKc/gEEESWGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM1mjh+7
+  d+as2M/vrgKW2pw0tKmkMB8GA1UdIwQYMBaAFBQx2TQa92btcDTQHKCYb8xWb+6R
+  MA0GCSqGSIb3DQEBCwUAA4IBAQCvg3DxSGSVGydKEoNBpvjHNwZZ3Y5DZACcWXBc
+  7lAbfFjFekw8RqTAYRF0FRsXG8F/9RD4MaGfa/JdCtaM6VZHu7vB5QY3hoar0hZE
+  cFbOAM8QnAPDiyd3XGUWlhaehbn8gOzColcG1gPSncyaHUMypCYmZS7YAwbcsB5h
+  WfOHUytykwBjddmKwSAgESBP4OtQ3iLRWC6XV1gw1xooVM5O88STmZFmlnmccCQ1
+  GQ3awOVPcBCCHHGY1AKRxVCQ3IrggbvX8/rbAXNU+w8Kn5OaJPCbWSaIynZKNaux
+  y4IrlW+obqh1U1S00TCW3gv5+RdXvCNjuYvett/SJ6UUkOM9
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTTCCAjWgAwIBAgIUOyiZ0qgN1iK/edpEjMLJVafLd/MwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTIwMTIxNDAzNDUwMFowETEPMA0GA1UEAxMG
+  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37TdSlQy15A0
+  EY2FLM1sHW0U79AxBlbd3UG7eErF65fgxAPoZGLsO4bkwH6N9bv/pbKLzq5NIrK2
+  7NzCNk5KK34A1ILBtKIoWwWQBGcI2kEAHLezUj9plygr99rJb/9eOC4dym8jmvV7
+  y6TGWDzR/f4ShEuA/Q6iNsBXjCBoNP0LC+z0jcREx3QTVWMBKumlduwV0gJJnESm
+  68NZBKD5iCj5r5YJTUWmm4tXLBgB8KWk4hUXv9khNLGPQ4SJf+wATkfNycujTO5A
+  Qp1GIJniSpwcKh/nJbbeiOJWyUFiW+ObnxAUIFxkaoymuck5xa4XsZrdYxUnJ6jv
+  5CyxawaXAQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLRIY4VeiRS8
+  LsFaoaLNZTYBdl6tMB8GA1UdIwQYMBaAFBQx2TQa92btcDTQHKCYb8xWb+6RMA0G
+  CSqGSIb3DQEBCwUAA4IBAQAdPhcvTbKrxPsqYcguzcFIp/s2Cyq6Fz9N0D/mJ/6R
+  RnFuzVq0S3TAVsj9ciQbSi/u1sIRJAEggzL6mY5GDeqI3DrW2RgW5GCgMQDcJWO2
+  mIzIlzqyPenasXa3/GCkAZIKHyCrS9652G6U4w+3UBrnWvvF3O6abiMLYjYC3R46
+  DhixRmhdNHmbPc21JzABJlYTmxxd39IR04NwQ/KKrXKpExqKGMJJRCrDp58nYbMa
+  JbmPqVRoU4z/JUomASrP/6gljO+sAUZeBVE+t+tpOBwPiHfZWg6g4sdEZ0N+PjyL
+  sXbbhaa3heBibrz8ZGpzGHPpCZ7PvhBjzEhbEPN+Fj8i
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDxDCCAqygAwIBAgIUHgYxrRK8asXmscNp6ttCXRoD2s0wDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTIwMTIxNDAzNDUwMFowIjEgMB4GA1UEAxMX
+  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+  ggEKAoIBAQDS2anS2ftj9gOxD53wfeDiZRuzheIKiPnIh+s/qVhgaintqjVgNCI8
+  q1phupSuy0G+6HxkU5C7qWZIPANJhaH77SRTnfvRiLXHswS4qfk2tEA7krNPR/6B
+  2AIPe2IEQb+44CIOruhv0R3aXoDZClTaGz8mDa0ag8SJ3XLGY3IwdyQEq93boc9l
+  eB7M1z/ssgyat7RP1ZZdvehFWblLK2LWJKhQxJ4brFh9S4Gb0Vfja4bP41ZxET7n
+  LCN9LEt9h0+PKiscJkWr1If+jzwR36H+fIF2zk8TheyPPQUHxaSrjzkrwEmnv3d0
+  /s7xWBZWLsQ5XjzXaRS6OCibxpgQRaepAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+  MB0GA1UdDgQWBBTlDSkltgQOMuBMXXcmBxdsexg8hjAfBgNVHSMEGDAWgBQUMdk0
+  Gvdm7XA00BygmG/MVm/ukTBiBgNVHREEWzBZggtwb2QxNS1ub2RlMYIJbG9jYWxo
+  b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j
+  YWyHBAoKmBWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAFwKLMiqzzJQ
+  arSAXrbKA0StyaqqG8JnM/h+OUZYwHRdmZbxxFRi8H0YT6rWwmhQcbeWvvlaI79e
+  uIy0kzRw3LdnxxpEAkZcZBLBYcvnbN7OQ0bui8+Ip+ghZ7WVPuHeRnvI/yJWOX6V
+  oNRTC9ngaAyff9k9BD5KYTkNv2Rl10ku6eJKnIRKwpokyMY6usvefKLewf23jwUK
+  lOZGNiSV45EvflU6Auz6tCk9gxee6w8Q2s3Q8or7p32sG8ciKwnZxRjTLarVwWj0
+  0mDjvrbPh33B1u6p1Mz2bHm5xy3mkBykl3tRQuDkgVVGLvHOvhYWiEJBc1CTsyLq
+  zFMmvtmUJrw=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUPb5OXU60Bc/7xUV2mqnDJDjXqlAwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTIwMTIxNDAzNDUwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE1LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAujJSrpil7jhn6cg2BX85ij5bGnKZijN0RKzOOQ9+eza/8gpn
+  N77LXOrd06D2r8HOovoG9T+j6syLycrTYM/MauwGkpqOxCZnLLhpbaD2I0UKm5cz
+  Kx2y+NOBXZpRf13GNua+fc5hN9gtQNwFYZFeNl5rVzx1HiQO+CsY8ihXAVFF3ouY
+  98FKF2YJSC9l4jRCKuY+AkLAILci44S8GKEzQvIb3zLoI+B9mhBtu7C2CBANSCHB
+  7rN54zOPJu0+1iD3TXP/8c9USCm4CLfHJUhE0EuFvBpICWIBaN+DwW3GdofWrxIy
+  OHzHkK9fAAPlA/V4o3qy86nWRn0SeLqzAoBbFwIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUxWY6iREf0i10/XRR+SjIaD+GEuYwHwYDVR0jBBgwFoAU
+  FDHZNBr3Zu1wNNAcoJhvzFZv7pEwYgYDVR0RBFswWYILcG9kMTUtbm9kZTGCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCpgVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA/VFJG
+  9h3djDv0oed/EPN/4VIy1O4q/quiUnBXjeYDUIJbYNdhqbZ2ienbCimax4VqcJI2
+  InoV3O0H/XH0KkDs83PFyHqQ7+a/z7woAn59pb0NMvIWl0sqrQHFjbV+Gm2/17dm
+  VdpPyJC2kW1DTzRzSIJaA24GgrTuLYT2LosQ6ysq2r8UE8JeXmMEvMI44EyRIL2H
+  jMMcWXv8LfMFzrArCKS4LoL4p6WfMzs2MQhXXmraCQj62mG+ARZVcdyU1pVAqD/6
+  2Mq8TU1Q9f2e9rpLlAOHJ25yzWwkibLZWbI57z41sBXJio9S3t/eDgZlM1G88xlB
+  /FhKxXU9Qo1bn/Nq
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUM1bBisu94/bruEHMVuWY6qBsG3MwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDUwMFoXDTIwMTIxNDAzNDUwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE1LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAr2fk25eCVhfxE5WiNlce2ydF9v/a7rAZNFhzM3aRunB0pI5u
+  gyjZJsB1nd8wx1Tcp7lMyXKF5n6aFF4PP58oCknizzHvoTgmKl1Z37oWDm8g3DWW
+  LWVN0Hcp4NvTLLN4ukkSb0swa/zNM3PtaJH9nq2NIvJGST9G5CKVx7dE04GR6h52
+  UCvZu1EGiY09OUSCRTSi6sti41HpCZe6LX4PELFMeoQ3fBa/UVWHV8rVE/0ZvMNj
+  8TzgstmDk11n+CW2mJOMwpJaNVR9yn9kf8Qg61OnaJOqyLPsgp3VCZwiGch4WrPd
+  FxE8OpXt10B6Fdm72F6yEG8yLKlL89/6qGsoLQIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUGPdRHIxbWoYYoXJkmSTwh8YMud0wHwYDVR0jBBgwFoAU
+  FDHZNBr3Zu1wNNAcoJhvzFZv7pEwYgYDVR0RBFswWYILcG9kMTUtbm9kZTKCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCpgWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCB17EQ
+  XS+aSKFeUdCASx7frq3D+rQO2LVna0SQYjMI5BZr7uBMwTkN/pWYrtbRyF6ZdF0Q
+  CWNAmCbF/XYypoVZ/LogZ32bP28EXqr5o2X6XxPl3cFURWDMpd9AYFKHmdBxcM7M
+  UgbIvrC1dc6a+UjThR91jBEqMB0LQVyMkanm9NWWDQd2qWuYeNTxrulyE11pVOgI
+  RYhwLgZzYqwyuNh2UpoTq0vkD7QZNand+R2MxBFcNWEwsxUrTIk+jRBEGSZ1VJho
+  qKdlDLLpN5VgW21wZ0LwlZvFw/GVlUiVkA9p4xX+WN9uDW/CYByf8GG/BJ0c04XJ
+  ATn60pW4Wh5Byyps
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDyDCCArCgAwIBAgIUHZB4Lc0HwU3WW3pdi2M4QirQrtYwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTE5MTIxNTAzNDYwMFoXDTIwMTIxNDAzNDYwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE1LW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEA0ql5A5vFqwFwxADXxs8701D2bQk360Qz/ww43/rY6w984APi
+  3gEtYznondWBgTYTp1dr6vHP6PC0UEeEUHb683C+ePg1/T/v2Qc3hV5Q99A4RoI4
+  QXc4R8R6GEpncsdHI7gn/7fKPKD9diuE2AfNGJb9Mv3qWMxOx1J9BxxdmyPpYWkW
+  fQWLKELpC/dK1DmaalkgUeuuaOPrNQbvkqQOItZB4ToR416VyYu6/qIhUBTKavs5
+  KYvjrT2WvLAkOQvXqe6rd8gMNcTlLn/u/RR+MYj3gRVfoPDYJdi5zDTeRJ5ya6vr
+  5OC9k0vY+z8YIzCqRunmD+2q+sYE3mR2gnxJ3wIDAQABo4HkMIHhMA4GA1UdDwEB
+  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+  BAIwADAdBgNVHQ4EFgQUWYIFRafHB1YezORb4v6QeWOxqJswHwYDVR0jBBgwFoAU
+  FDHZNBr3Zu1wNNAcoJhvzFZv7pEwYgYDVR0RBFswWYILcG9kMTUtbm9kZTOCCWxv
+  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+  LmxvY2FshwQKCpgXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQAENv1m
+  yDDH4xVEJonz17uvDVZ3JHE2v/aTrRPZLn/A+QmjAcQa3YmI0+Mi9SCWKWV66yVw
+  zumCPymmGFM+LsxxxXDuYZWbM+JEYalGd2Mn5b9BWV5j+wc7hSJUR5yjEYRVQaHP
+  YntKwQzJq/pFMDQQ7yt4nRXq+LJoFOkiOnbu9cgYDy8Otn344JDwsmhg4hOnKV2U
+  I9hZv1d4FIPtsQaF57RkTZT1ShHXP07cmoPZqWpSVm16WLliiwUJIGF6Rj49cDEl
+  cKum6j+5mjROxi9CLi/xc0Qc05jsTeivevWQJkalF6nTIZZakbmjjze6utVvt17N
+  Uf9pejgkrwqvYyal
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDzjCCAragAwIBAgIUFMCgXlXP6dZGwVLeEJ3Nib8Xg+AwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjAnMSUwIwYD
+  VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+  AQEFAAOCAQ8AMIIBCgKCAQEAoCCx9m9J9KAt5GuuIRwosVPCp/OlWXs1DANK3LmT
+  F2Wo6BboMYiarxBWRDYz3YRV+3JZ3TCEtRKphYFBnsK3yRTtZROyvulJ2BNRPMN5
+  V6cNy81pnk7QPYxZcc0+ed7jG0CnLMbc5qeFp94oqKoXt8MoFdMvzcRrGoQsXutx
+  YiROTxhgLKIPzsxJYfdZf/kzBzcMPwtyERJ8taLNKB2jDu6ls5xTOGgcTb+Z8wBm
+  aH9LvgpouR8Tk6caPsqK0BtaD//XHcxPHRgw9B/yLKKnEz8mD0ItwFwBccG6bXhJ
+  YtpkkVydA3xcFNHoS+fWg1DPallolFLVxL/CGSu5dsZu0QIDAQABo4HkMIHhMA4G
+  A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+  VR0TAQH/BAIwADAdBgNVHQ4EFgQUNpp28YWu0JpMHkI6/Cxw0yvQpEwwHwYDVR0j
+  BBgwFoAUqvYPfg9bkAppfVRSn1a3KAivKA4wYgYDVR0RBFswWYILcG9kMTUtbm9k
+  ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j
+  bHVzdGVyLmxvY2FshwQKCpgVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB
+  AQDDY2i2GumixPiT+9OPIqy6hn5B/uncJVTsE5eaHSek70kgxmnE1LX7TMu8jSk2
+  m/XeXAuOwzohYZC9f7PnKijtzRFMdpRbyAvdRNrLh+8urr17eDDMFIhfF7Ut1r11
+  BiObL4MRQFNOuorthoW77wqd69L/6d8y5NBLUcNp4C+gqfEaTjUnNjcS5dzm1kcC
+  pvxo/BgZG5EyjCehU1toKUV0AyOrGA3z2gh1jv3dDmAOjyh9baBVdpM4yrP38ppu
+  UL9DkqVUbb5XhtIUomPh+7XBG0vxpBv0WddMm3HVUk9payuinGnqXMXSZsnZKow6
+  uoH9C4KCxUNK/Ntt+COsVb3v
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUOvty5PiB3xzWuzkUkIQZPlVbo7MwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTUtbm9kZTEtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAKg3LmXxJxpsMay5PIGgvk7fjeCNy85Syn8x
+  XSrwpbqUNmvobBD3EJQYDgSm/NBydQU/v5gIoLgMnZS+RI0X8NuNH32DuKZAmLr8
+  MZvq3UjCQla28nTFcx/gEd9kr0UXvQriltHnddLAlEJvlBtDf+Ti6PeglZQph6Z9
+  33EeslxuZT7NkJyvzuk83tH05EO1XJ3qe4NaC9s+67RZeZH6ohPPLo3jOHlMSEng
+  h/LywX/FvygJg/GmBPED8lml+rNGd+OIiyn8QV042y570PCYYuSX3BtHBH945OC/
+  f6q4gFUH+4J5Ni5BqRfjMd65ipr+qHf88d7Sac/M2R7LtJTFt1kCAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHLrpKbEMkNFml9NXFF827eFlg7oMB8G
+  A1UdIwQYMBaAFKr2D34PW5AKaX1UUp9WtygIrygOMGIGA1UdEQRbMFmCC3BvZDE1
+  LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqYFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAGKMyC/XHF9HJMOCxqo6FPjjUQ76U6zXzBhNTkilP5VuktQhyft0yG+Ml
+  g6rgWfwHC0omJGEq0xyS5rJ1KMgI2ZEepT+OZt9g8+4Xm7onotnsMx3DMh7csOrh
+  K7ANvBsjHTP4PtGiFGnU3DR7tq4ixx51W5N+BFIij8AcjHIZoRFfeX9HAC1J+7Oz
+  Ix1GOM7FhhqpUKB/a6YpJkepa1ObqOA7Var5keacmH2xKrunrF3WiFPfdts56c0r
+  BdIqWZ4E4pkNgUurDBxuxJDPWQkPdAXpksg5pd693T50YNG4VyFppMFhgJlgqnIv
+  PXwl80meM3FfE4qF2o7nTFSAOF0O3Q==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUUeEO1cFHRA6DHGH9rHOuP5Eufx0wDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTUtbm9kZTItcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAKwoFWLanhmaTJSwSXZRwiwqt1dhVdDx9rPy
+  BFKw7b1UdtgSDgY1Gc5Fms2OsNY3if9I3ACIDA8Pvv7wmmPAO2RPqaIJXUDOzWSy
+  dwSvL4Cy7c0S2yqdyKT1s9NVRvNpUpPr3cdEe3uO8HiVjV7iH2t2xHUtFwOryKS/
+  MdSl1QiwOGAbb+cj/JGSrzo77Wgk5HPTfSe5YUvXfNgnMwRWTAskY0Mc4NjsVky/
+  UEuh3lWKruq5jJR1J53bRu26+n/6fNDzZDd7Hjy0ZA6NJ7OmSgpqaACJcESd67vy
+  +PovKjWvGw/+Xa6pzhaYSMARL87n0roeDMV2xIe3tELffzwpg40CAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFP7mWhypakSNFVKh/VhXlTVD3vcGMB8G
+  A1UdIwQYMBaAFKr2D34PW5AKaX1UUp9WtygIrygOMGIGA1UdEQRbMFmCC3BvZDE1
+  LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqYFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEAPCNhZ8sW4+hrptDoNeez780AzWkcmQEOSChFygE3oMqWaQ7fFow8rFsP
+  rgqWx9BfuUWo3eYaJuiozPSBc2wTdIeqzk5M9NvSaiIX9+J8FOEiDV2eZaq6dhXV
+  7eQMeSNQB12ZUQ3tNc68MDC1PfOaZbqNMDpNnsJFbYirUbYgNrNtiiOMCWG0G2/O
+  mXhJKSNgUfAtLZSk2E7g2Buee4dQiJ0nY7/k/kFXPq+SBNvHhG6+NgGLBhVysBb6
+  289/XH8HUl20Ih7nKHgcRqFuCbGpAVRuCKKpNUWTdTmCo1/daFI2+l+zoDg5fJli
+  JlwLxlcgA17iD8lBKyFfMn3Y7LXKYw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID0jCCArqgAwIBAgIUBue/3ultcQMirSS5fZE+55lQFxIwDQYJKoZIhvcNAQEL
+  BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+  dGNkLXBlZXIwHhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjArMSkwJwYD
+  VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTUtbm9kZTMtcGVlcjCCASIwDQYJKoZI
+  hvcNAQEBBQADggEPADCCAQoCggEBAObILFMOukNF58pL0piHn/YTaA/akcLgKdsp
+  ZO1dkEylxTd/JQzZSNr9wcoaml0otTYx0zrFMeoKUBJdUFC5FuAA+F4agdCDax7h
+  LUIrtTEypTSACthZXyArnPlkXFRbSSpdGdV6W46LMNgSDrbE53wOXK4ceeHbxPLz
+  WicOfzX/ra3SbwTMWht8ggaj2ouipt+veOE881qqPEFKFVitjAp7n6feWUb1miD1
+  zSoe10Lokw3mPCArzJQ/DhXjZ9buaVgU3zx7RiZ/ObJL9gSjQ5EZc3a+dj2nphcB
+  zOtfk0YNp2Sww6IngkTELNsg29wIdtICmfR/NsFBp8zmHupfBUECAwEAAaOB5DCB
+  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOONvXm0HriRGwH8KAMYmqUszJQdMB8G
+  A1UdIwQYMBaAFKr2D34PW5AKaX1UUp9WtygIrygOMGIGA1UdEQRbMFmCC3BvZDE1
+  LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+  dmMuY2x1c3Rlci5sb2NhbIcECgqYF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+  AAOCAQEApnrsB1DhRvtJEoCtu+5lA3hGUqSn03aW8cUKNl0SM4uvabUzejtDXgSn
+  qz5oLcUp6J0gytQRT+eDn2nnt8OpIWy4I5KwYXKzKk3att5ldftA1cLu2rFpjQrw
+  XrB85cBfB5Tj7qMN3ItELeAlzQDS0woJCzLV0svODWOpXr9Tj5avR35bWBK9+RHO
+  vdnPb60rmG+TDcA0VT652tddOo85dS8c74sqFCqkodBSSqBFyh/OVgwZX9+r6dtB
+  ZyM5dDJYk9XcVI3JiPZWr++DPnaUGwFELUyvSlSRDR6pB+ytg9yEikcNwUMjKzj9
+  ePjtS6OiwU6m25uFQy0YRh4BY8gOtQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDSTCCAjGgAwIBAgIUBlqdKQx4oYac7e5/mxYUpzfbejgwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjARMQ8wDQYDVQQDEwZhbmNo
+  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkj27h21b+EyTaNtl5
+  kWTNo58XlsuAmyPVdN+JGhAdcHcoDaHkn0KMZscJfYGqkN5cjSLBXSFOvZbCRjht
+  dCekytzjtbiaBRvmNjL+jX9SyUys5fKFt022hIreBolT7iRH8/x6RuVFIW6caQBp
+  K84XaFZee5l7nkbVBPWmTlggCYFqOoadIhyHp6FaFY4etSE3i1iDfeJDJS9oae6V
+  J6LBKV5EGFfCRv9F+wBb4P1OkflMscmkeUkhhqStcdNHV6/6U5efY7HxHte3H2rh
+  496Dn7y/W4YApTKbKSxqwlzxUQR0GrzBQ/zcW8/5Y99eqs6dnP0KJ8iRD9UkUHzm
+  fJIRAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6BjXSGqt0eyRJO7i
+  uSm7mgqYzQowHwYDVR0jBBgwFoAUwmdoY0QJGBU3jYBO9ip6FsQEjqwwDQYJKoZI
+  hvcNAQELBQADggEBAIt2zRWc8qAJN6NRRhXIwj31JeV6A+28lM/8e9t6R5+wzogk
+  2potk5b3EjB2nquL1WsnPx+/mKTp+KpazcgVQypvgca472mQH33pM68gfns2KckO
+  kuH8+8sTbtxNJgGBVKBvREMjCeUu/h/8L6rELHOTIQxDunA3LATsOefGlmiEPc2x
+  fH9GTdNnhyYhig62gnkgcA7jsOqRIYRT2SyRYS/yIFf8Zx6o4IfdvyIxfRUITYY2
+  mgELgXMIL0POQ/SCg4c24fHktthlNQaiyWZdDi+Q1KmN+IV2TnIxqTM0vw/+osTZ
+  EPeYAPO8zGwSVSrLthbc8mIqHRwpUu+xfFKxs2g=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUaUhNNlUtZXqu6lIjcxiK1gjaLsIwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNS1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAK+82kj2ahlXwvy/vhmOjid2EVjzS5EN5zORkYfNmf2j6Scqlk8VR0PJLzTs
+  hsVwEtvUwTVOvMk9umPbWRaiOVL4h1ny+otvvpVlF8FBi7N+a0CtJVNf/tTG5yeZ
+  2ykLFrGMbFxsyD1Q1/gqby1Rz8QJPg1sStRKuZyc6zgRUCkyc61iUOUuU1ZNySlQ
+  DmpWWlGsGeNsvX6YZZKSP6BtcGDqR8v1cOhyIW9m4M3X4uFzC0KFWRQ8948Ce3x7
+  4bu8Qj7st9DE+UQoxu8tzRpz0RfziZsP5M4F7WZibPdboSsHq4SVLlH2Nw+FtHkq
+  RjyHA8QSw8gvSCJlBkOidORYdFsCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFJPFkweC3RTeFjQW+30mTlgp0EkqMB8GA1UdIwQYMBaAFMJnaGNECRgV
+  N42ATvYqehbEBI6sMDMGA1UdEQQsMCqCC3BvZDE1LW5vZGUxgglsb2NhbGhvc3SH
+  BAoKmBWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAFQ7O2NYvxk5nCed
+  ZVDGB8ASlH7JVQlj+99DQrjngDlJKJ9rE9CXzdoisY6hLGTb3GFIqFamhNjp2zKl
+  HVEMQQv7TVrnXHXwOnCKLynMSl4w5r7LbKD9zvZ+/LsjwM+1gmGQJ9DQ2Re6rNUw
+  EElRDOwRK0rgBKLg9jF4g3Znz2VTroDqT9rAa3ERDUCgLMXsr7N78hbZiDPnEJIX
+  GuUBRQraczt67SvrtqMKEnLpqD2PZ0K+2qjp92GFRIGqDJJLFQGRsM12KYBLd8vS
+  084hEGRs7tWKhPTyJAzwsZw2BLuKSKEVZIZAInFynjeaAQJz1A98OShYrDtXqDQP
+  NFG/iJ8=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUG/HxJEfNK8c2J9T7ljGinRbQRXwwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNS1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAPYf37iyRGEDne8OambcL1884sIsCDzWdUvgEfi4NS/tK0FntK3+rNgVP8rf
+  G10fsTHniiXUlmnP6KqQG6r8g5iyRAzmW61DICIPJv0k+wJxAPCWYG9404WtQ1ij
+  5MXKHQYaAWP72+dPLeDZrji6H+J3mePLuPusFKDeEzuo7WDXHu1uVzhn+/lryvHd
+  +u2uTKv/Wo3nEMoA7Nr7oox0th4RzOfJ4bH3W/yVwLESEy9kdnRwOXGeK0jC33ig
+  lDQzxDysb9mVq0xF6FoYxGmPrUPKdLFljNsKXNYRdr6bucuayCBxHcnk/VPGyFf5
+  90YZjk1RGsR4tt2YFpfJrrjyB98CAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFO1E1SrKiRQR0e/Rd0SVV7ENJh63MB8GA1UdIwQYMBaAFMJnaGNECRgV
+  N42ATvYqehbEBI6sMDMGA1UdEQQsMCqCC3BvZDE1LW5vZGUygglsb2NhbGhvc3SH
+  BAoKmBaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAEOcXCuPlGzhUQQj
+  ucNIjRV2Tq8k3Vhbh7sUaD8SU4rulfQ/IvfeXucq1V4Ba5BG6wB+TGp5NGBumFsX
+  faybLTu15sslS79gXPI+2zgyACDH69WEHQm1c1Nw2z1UytZ738iuEw6p4CeJe44e
+  WQ903+gYSQWtxZNtCEbth8qrzq47PbLNGwQmZ3KoBqpbsWJ6vZHs5inN4QSR9JTW
+  cOiI+nW367YfAjIjwYs4scoHPWjGTtPuSkILY3n80bsWtZuZtHNXlFWK497z6x0y
+  XLeYy/gaE1rYkq/9jFx/ij/5pJ/PkNPEIGM/2peL9jYqK7HJoczle4aej203S+6D
+  F2RxWpk=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkTCCAnmgAwIBAgIUZ1VmiYn+1QtFYmd0Z7+742YiC+0wDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNS1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAPb7nnKOp8yW9k2vW/JhMYtS36YEtPPp2hL7g0Sp29RQbI2RX97ELFZFSLvt
+  y3A1J2OwQnYhoJQWZwxOXESmKdO9+X2qcMPkAQDdjrUEXdbsvaFQ349x913CWLpk
+  lPznP8JlcLzy1x05JKxQccgyZjwlxFf8lwLnjCWHA+KTqiHzil3hk6DeHh7b5miw
+  PD3HpRyup6oBNMOJrDffHuHZCAnqzZvBt7amUtIFpXcXgkR0fqaNkrM1zy2OBdDn
+  bW9kmt2G0lv0yNPsBwBbPOeXKqQS102WK/PAbY1OD865QeuZFiN0NggN5sqHw4Ek
+  +nK76zYsGLixgztpVMm0DI39WZsCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+  VR0OBBYEFOlffk1fIN68LBcIsmT4CPCC9IlgMB8GA1UdIwQYMBaAFMJnaGNECRgV
+  N42ATvYqehbEBI6sMDMGA1UdEQQsMCqCC3BvZDE1LW5vZGUzgglsb2NhbGhvc3SH
+  BAoKmBeHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAJlBEC/30i7sLtjA
+  XUYwUAo8DYF5HOZkXKQ+LtNW3N2KKTNJHuqSG+cO66nyEDDFKOUECOgDcEL75SRu
+  kCb4e3bCEOcc9sVyjITQ+jg3jhH4TzuZcHkIWqNDCVTHnHNRXfJqPRFntHakhbDU
+  wblxOaHe1eee9edGI4rx2aEybYBwhhisxNaPrI20cjR0LClPcDJBQe89L7DSXVc3
+  saw5/+Mmbwj+VlplbgKE6o0WRjR6b5fp7oVCV+WM6QxQc19WVoi5R3j/TJWh+inh
+  Mcer46YxNf0Lc+jxxRGXU42A+Bjw8vNy9C3QJA30Nr8D8LXrSHWYfTGpHqgXaPSN
+  VOMkgmU=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDTzCCAjegAwIBAgIUDIR2JwNf98wq93B/4iWlP4Nl0VwwDQYJKoZIhvcNAQEL
+  BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+  HhcNMTkxMjE1MDM0NjAwWhcNMjAxMjE0MDM0NjAwWjAXMRUwEwYDVQQDEwxjYWxj
+  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYbqzEO5VA
+  KCLQ8p4/OH2O9lC/yvtYvltJHL185BFbOVUmkSDX43UAuOngW6BjTJKCEcuAls6M
+  EVkL+ZZk1Yy5ylLXQMr2N1rEMyqLQwGaYVEAw4Waf3/aaJDK4HgbvqG1SUZ/xQDe
+  F9aT3bHNGu0ZHU365Z0Fk46GmqqLJ4P7jps0slU1kwmqTvn/0fdZyVttlS3Qz6lg
+  3kD0CjNnUwmjCWhkddzlzLDdc+4wj5YLnxvalScLrACn3jyrbo5buXHHAgiwiVnX
+  TgwcnHiCgl36TOK8TIAyvKKFCJReM5nvShWZN1AM2kKMhOMA0fNlYRG6pLB8tkvZ
+  TT4R75fzHmizAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDqis5BI9
+  zFsEUrdnnugu+HiHf7cwHwYDVR0jBBgwFoAUwmdoY0QJGBU3jYBO9ip6FsQEjqww
+  DQYJKoZIhvcNAQELBQADggEBAMa68AQlTLVOJ0dt2UQR963MfWX1aiAi0R5Ivzw/
+  WqJCThma4s9EuOZLTSpBnqfvifaG9mBS6YTI0jnQJsJ+yOSDJWwlQFmAvUP/bcuw
+  aDuf68SbsOAlqS037kf+/1CkeCfGzsG/Y/ZZOtht2tMk9plEz+KUXDcMNr8LdrkO
+  O/QtdMwLp/omXy7hfI8J8X8tI0c1ujflkBdkSXXPPfnXHfUpiJdgMsFj1rgX66ef
+  mGFruifunzHuSeyPA1Zb1IivnVvjjUVwcEHV07tRmkorlMhkNGs3vVpOMfeJGxEB
+  ZyS8C0Egmb5BrWV9LO/vLHHxkNXk9QiJ62pLEkk6rRuojVs=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUG9jvbCvvsge+8e/APRQxIucg+RIwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEyMTUwMzQ2MDBaFw0yMDEyMTQwMzQ2MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE1LW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDQV3ByAkViREt1058UC/ao7YHv7ozK8Divo+SCk/NypO6e
+  7usteab6JaSsaS1NldHkZU7w6ACqQx1jJLKV/Ch9TSMRzyvn7W+DupI01/SW3nZy
+  3BtT5Jkhl6DUUvoBIAlilKk/wAKot/CcK5jiDJ1uPwfsFELBydWyVyrBzZ8/MCAY
+  hfsnGXkP4THeA3+IwV1m9g+lCAvTqJp/zxz3uUCuQkMmO2QNMccTk/+YyBDMqmT3
+  gVAqX8pkOS/NCzrC9Bni82bw5qSWg9oPu86iEYOwOH+y4bHro6sgYlz5RaoQYg3X
+  kAczztUUrq03N3rn3Yv01/RlgRLj+Nodzt8JEgnHAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBTDYcLwNIFmkKUiGVHNgKBXWZFECzAfBgNVHSMEGDAW
+  gBS0IBvCEFyceh5MvvW1+n98/fwOrDAzBgNVHREELDAqggtwb2QxNS1ub2RlMYIJ
+  bG9jYWxob3N0hwQKCpgVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBW
+  k0ft/7ms8XH8X3j4OcQzoCFR//GJO5g4xFS8rNOXHBfMON4dfUWspnke77XAs8MA
+  q54KXkFH1mdrzZXvdSiEFAk40aKiVJkSs70s4MMrWdRNpRTVvjLJLqsl4J+5fIhq
+  eod+VsFvWhlC60F2CjJo40qQld13XdcXXDNld4vKGN5RLRwsGtsMdlQFrcFaIRAG
+  s9fEfkuO/F1srbAlCMXDj/YpGE1vc8r6fsHTRqIzfipvc3xM/0kFjBMSa2crscgE
+  X4dSZd2+fiwoF1t9s3qZJ0+T/sV3va3ulWAhxxnvAHhMKhAXNAJuVlWcqVfgE1lZ
+  4IjTQSXYnY2hBSWTKBzf
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUUvmYVREsxZHDafAANHTSWzEdSMUwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEyMTUwMzQ2MDBaFw0yMDEyMTQwMzQ2MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE1LW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDj6Wxk0Dif71F32qT/JjHfZCCr0d7ruvZuVjoGEZt9+jWc
+  D4q1DuaFKfBhU7XWS2nfn0JSkAPAKJfj5C5LV4FRRcaO6UFvRgGMyVjkrPbltMeM
+  XiGSmRJqJeS+9Gd8xkufp7NjVJ2L0SBhJhweCMqDYJkW9L06RIkLg1I0xijjc9Lq
+  POMEhDl6S5x0fguYZsqDP3LdwLaXS9ePhm1a5+ZCNi51QsiInSqWJBTMc8xkUbE7
+  /6eLaL9rapi5urIeaWKs+tcGGbVsqRQR0+IGOd3B2s39NJBCw9k2V4B7Mokt83CX
+  cWPNn/woGYooAW8szdV50xr9PzANslT7Be57KoExAgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBQJuhpjAzLe2vdm8CWmy82GudoJIjAfBgNVHSMEGDAW
+  gBS0IBvCEFyceh5MvvW1+n98/fwOrDAzBgNVHREELDAqggtwb2QxNS1ub2RlMoIJ
+  bG9jYWxob3N0hwQKCpgWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAL
+  Os2o4RPiOIi1voK0wFlTpNzxJ8VxvJnXKmURIH8auRunp8m7qlyl+00qYvsApBLH
+  TXHXXdg0wrV6FZI5L4rj1j3kEfCgihkcK8lekWxdtGO9NfDqjWNxGnU8VfJu6601
+  or9Qfv8eWk+WvzAi3dgFoBKTcaIRwq8CThzy5FJ5kyxtS17uBX8/z1k2/VnqcR9k
+  nph8zwpH8PLYuohDvUhjGgYbwG/VnV7cptorxYRaqsawPbY4xWKiiKNsY9EjVWKu
+  DfntG4d4MKe69KngeFOrzQJsmlAbXCMWuFpuOGGUFzPFjrNH0WtsgB+PcqWBP0mb
+  96CRdMYZ+G3Dh49Dyz0M
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDmzCCAoOgAwIBAgIUTTCCf5v++d+aOhIaLHgtb4aTcmEwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEyMTUwMzQ2MDBaFw0yMDEyMTQwMzQ2MDBaMCcxJTAjBgNVBAMT
+  HGNhbGljby1ldGNkLXBvZDE1LW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDmM7Z0DT/3y2AOvC2CLLWALbjALSzfE/92aJZjq3SZrlOz
+  1HqVZEqOfdtV0jVBCv3cXVGCELO1zv3pY0ZYmcNjv2ZX5v73WaPruaqVgvLr+mKK
+  rlkottOqmH4u4Ra/uaq5XmwffnxLSqMPGXGY2+1a8X+FJfktULpGiPreQByyWjFa
+  UpMN68l7IRKsdFpHIk7e4dlYPtO7WmqJdD2mmsOHKULdAxd1SPYGP2Q/L/bOGiUJ
+  d8ZEuNs+GQE/ymkZnI4iP4EAWjWI3mZTUFzo379wNR7t07NmdOQmCqKIJIoGLhxP
+  vHdYW+9w1vURi/4iJY2xIMUL2C9Y6HId0v21rS/3AgMBAAGjgbUwgbIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBRpEPZFqz8zNV3TbL6HcemlogcFBzAfBgNVHSMEGDAW
+  gBS0IBvCEFyceh5MvvW1+n98/fwOrDAzBgNVHREELDAqggtwb2QxNS1ub2RlM4IJ
+  bG9jYWxob3N0hwQKCpgXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQA1
+  8yxX6tUPWzkuEo0YFRnUHuOiurbwSx/JnxKfA289qhFbD/j3BuOak5a1OBPK1KRh
+  gtDE9MXvnncGtdXPeL9uKRltUQvAA0XdYNxx3oZ17zbcbietlXAjk99pnMNhhvrt
+  /s56LJc7HUvguQ/ld9E/Df2rxntQUJbAaU6tnpjoG4dU1AIqnFZOg0T0aQyNGBuf
+  HwCzcfUxNovXaT2zm90SjlmCn4QJy9hYIGu1JQGePFxVobm0xbNxKDGc7Jo11aGe
+  eICmo+kfCMWFv4y/fZ1yeAxu1Zj4CYGZZqt3PugH4m01o5NEXjbQrPf+bJsz3mP2
+  OLvSK4XeGUPYP+nUkCUw
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWTCCAkGgAwIBAgIUfplXHaHBvz9QeeSG/58btMVizQQwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+  cGVlcjAeFw0xOTEyMTUwMzQ2MDBaFw0yMDEyMTQwMzQ2MDBaMBwxGjAYBgNVBAMT
+  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+  AQEAsHi7aYU3sxlIsVQDmhvZXt2gmTuKs07xIqY+iSoFaameLZj1vz4yHXphsahv
+  ly6Fh/HUeWA8P8idCjcMKWETam5NtES1vrolZnxqE50w2fVzbFMXxWr3nQeFWZNY
+  qYJUSciVEzni9XmNm2BU8Lb+Lj0caITkZwb8x2hXVtlpic9fQPQgjElYB30fe4mv
+  vDe3dd9jxa6amfLPAdnY2Q9leIoPx2QiFmx5zhx1yImnq+gDVZi6Fl1pncl80SNt
+  6K+/Ls4/S9KxDmh3bkVFqcv0/xp3ivAhdKsT+XfXh17gsv2rJTT1a7wM9smPZih/
+  Fwbpj52Ivy2oSBDqCJ8C6BHq/wIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+  BBYEFF1CJ9BWDtBg3NOVSu4+HPcqAmsmMB8GA1UdIwQYMBaAFLQgG8IQXJx6Hky+
+  9bX6f3z9/A6sMA0GCSqGSIb3DQEBCwUAA4IBAQBA5evcYNDXJX/VMsmiZhfG+JM3
+  TuICXnrB4u5CsODY+mocGv3xDPxNbVp8ZQrEUFO9Ip0qpTnDt/Nx3julIt6k9hDb
+  MmnEHfVCMbqUp4Pytjg+B7ourQUl2bwPd62uW3SzEsxeA/BGGCRigCuwrMdTEW2f
+  TsH58LYDFJNIgeZHWuBuGXX910ik5tZV9Wwe14JwJ7qfoCisNsKR9nqGvgJPjV+S
+  qShGGsUsA7SeC2HtsOFthpx2XmLQARXqBaffyIk29ZLrd5GnH6Qv5pwFHGdTDMkR
+  jybfPuQUFK9r2r4KSXUjmouOJkLgGRn431Jg8seAnivID4BabwuR7wNJdzoh
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAw+99pbXC4JFmMPuuGHH0WLoUDyOApphhzuv2ItJGthvrWwHQ
+  uZiKUH6wr9l8EVPlY55zCU4EJx3argH99Cz7XCJuoNwxVbPLKV6Zxdk+ZeneZkvQ
+  jo1dLakohLYM7EO8W99DqarzesLcQRkxrIc0cLJyGnEUhE5Yr05h+bmMqRhd9RmR
+  Tufnm8xGQxC8pZE9t9Znsx8i7RRhn3urqt2pnJF4J3O4P/rLix/dlUOgfSxnCLih
+  ozEMbt1G1AAhBroAlZNxYIhbrZpzGrPII14NEdzms68M1umo3T6tQe1eWmJSCR31
+  e6wW0ue3Xr9TYdgaRIagiRQsj5W32AQ77y656wIDAQABAoIBABh0qAYq7awB+fNb
+  NpuufYUllKNfFwu0MWEWap5mCJVqXrH5RAgmVf0+EuegCbBP/G22tT0QE8yeGVFm
+  xj/X7XfOhGhnk3DTBCShvifHudYWnr+97sYcNukgGAKYhnxm5/e/oj5nLATClaM6
+  dczHA3CdlUhfnOP2s3MOIYR9+GSSghelH6W+Q0C12+HQIU8bGGkNiApOOf2rnbKe
+  L6EsM3JmHMI8EPFGlCmZC4OjAqYqZrpGgG2Bqc9rKeMq1s2BRbYaPjaGzr1ysF71
+  dO6JfU7StkH6CisW4J/JDJp13iA+q4PYAOZanyUPr9HgPodAQpDzh+Ldw5pS6X/t
+  amexb4ECgYEA50yplROvmbFpbjuSjAhzc1Rx/LRryxeNBxMTctUmNnknX5rcLf4D
+  vuToQrHqoAC8e0n12N3+MybPA0+nQk1RneTqAdLrb1oPKRvmSiwSD7yMdUoI2WWs
+  FILGN54m1yiCb7rz0PT9bDUU9j8f6RldC1FLFtQrRuBAUeyi90gPn3ECgYEA2NwJ
+  m4AC0eQXlxHB8Qtj6I2ErllDK2Wwjw451XWUwSvgy80JG22rRLnVTSC700IRoT1o
+  cURRylnNIKSfKVKhPkgCjnMKy2UmdaH8EE45N4ijh+yU681XwHW1SVcWAE5kNdli
+  M5l5irRkkMD7aYw+KZOG30HQiMvL88ndYIi0+RsCgYAfeze5qqxD5vnKnyEbHitY
+  jy3Uj1n8koAHbnk/L/O7hlHtmU5OlDw+Rzm1mjGtBWyh+zcTBWQL4kRa1wSU6aEq
+  NHYFOYgB5+gYWEvH3Ke4rJkRfbomnMgHIqWH/Gac8k6OlouI7U9w4uive3gEagdX
+  +wCVYtthEjSu8d5cedpmgQKBgBq9Xw3mhfJ9jo8ZKHHhdqtJL/ATn52tR00McwMo
+  IXSERY67tIDGUBUEWRHOlHpjLitUmBlHVFKAKjP5OIru3mUAmhgYhV85FLnyhFM6
+  YgG//nIXMPG2eziHCxiE/XiCMgcVy+8S4JLC1ZenxBhqq4uS3lGPGviTMI3Z+Usa
+  8D27AoGAHO3PqaR4VV2Zghmdwu1ekv78VBgJIq9DJgk19BS3oeTA8NJ098Q0KQg/
+  vbEDhg2yvo9I8O5owXhJCdWc9Dmw57vlIRX05RIGruIxn44+3oTeC1pdrynx1NH4
+  9RiPdNHc4Cgzj05pkgEmWC+/nrboz73D9bW02frZ6Ijc3WcMfig=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAtLIWsIZJaV7nzSMIMq2GkKVBsLhS4jLlir3dnNlMHD2J5BWV
+  Z3NXAiPljSir8cpvSvaJVUTiGxSQAsJwst7NjvL2RKMKuBepidqHAMxqMR6fbdwn
+  uJO0d7eDInoKYO7CKMxt4l0cOlUWfWqv4SAp8I3/eQ16k4Da398mQLPQeWPJ+tqK
+  /xv7qOe5CN29hWrHQuh6se/Rk0cGcPjD6yGBzqqlTHwkgPy7nEKOvyhhfZdc61tT
+  5Y+aUvVfl1hpuZ3g1kOJ/3qqUAhNy5rvS8ns4vjYsU0fGRt8xyu6l6Mwn35W+bU+
+  PJKODCGE+LF2HMDyIfREXqsWyRqSKRd4e/joXwIDAQABAoIBAQCYpl5+sGNyTgfb
+  h/3T+j5VEhbluUHj8AV06SM/717Z+K717bny1ECsATFayAJCWLceiBnK3E97eyqR
+  +juFEK5tVhnwMCDNFshWOjOU3BvV9T3QbI1t4/IwtOpmhN0huHJ0TweBlRFUwi8m
+  sqt0r1xe6UbquBVWaSP+vqCtRnsXIGfH4KTA0+ylvmE0U+BRlhngZgKwRMAxCVtz
+  E/wPuEqI4sPfKBYiVsagmrrW9liLs51m641L5d9cEJlku5FVv+zu6ISq8lCbVSwl
+  vIjhdvZSTFqe84CrsKeu09lOk+HYt4FYMzRGYsiyEjfxvqqzCHwey+6TOovN9Wys
+  ntSUMW1hAoGBANUu5ALeCaPMVaZUJH1CX9PdltMF3/TaHHnQdhgKgKsVI3+elXgb
+  e7e+mjBbiYrgM6ECm0P9QW000eTCMz3ua/BA012E/7q3PymwlHR3rbHnk8SkMbBm
+  PVSjPHAQFgvrdy9lbgaDqDBACLksLxW3lt6dbCEYq7hTDLKUV2A4bwyRAoGBANj8
+  zrjW4PG+xQrIMcAdNVqikACweveX8iP/DEDyi0pX8KHmT/ZFGuD6IThxStf0m9SI
+  i+KwSok8C8CvB+k1bCRLCvWcDK1r+Oc9+7CBx09AdoK5+8Pt7nV0JaFO4WSL9ehG
+  eq3U23Hf7dJltEVDhTKsBiCDIjbYoRNdC12cw93vAoGAL4mTQqhskeAAwWRF9sCU
+  SdRBy7Clrh3s96TqkJXW909xaQXd4riOL/0KuPnQg+1W1fKU2OZibo22uEIt1wOR
+  gjOSbmo39FTketFraUU+sEspglHy2pkR2AvGcF7F68aH/0Oo8z7shEXjLBeUME2O
+  EPodoIu1zxaF4FR/3272JGECgYBwC3LvbT2wdvKmU6Ok8TAowgKb6IVGrnZBciSw
+  sM2OMQS3hQbLQvnTLDXVQGMGSm/g+jVJdAC5BoGHGJp8KLLTttBM7Sx6rGNVfOMn
+  TIxPdxj6/fBsRsM4cSYxOlsWoVL0gtg8RMqf7aKPXycMEQaJmNx9E1mqeogKSKRi
+  zV0yjwKBgC/nxzTLAZ5gM2rk09mOMDdODIcEo2scYM8x2QLKmTXu2GGvoLWjYCeW
+  XAh4Rqz+aPLiFx5lxpF3aLgiRpfjGzJQOC50X/Jvis1vqcjLPi0jeUWYN3tggSHm
+  ym6CsjKp0rnOO/WXbAtL5MP0+SP7e5YjL5nVgWvWoLq8FqzBH2xy
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAsorbZCDlgVUeJs3ioz016HI1ks7HkC5l4uJiJn+lJFBAxm29
+  ycRmVuzkO0dTO0Jr6QOx3rJptssC4oJxskQtffTdwRVkDt1/8jZVS8DGxYRbbJdY
+  WiNARRg5cIIzq+1HC9g3wJLrp48PbEkxfGTkzJE5m8Zze2xE4Xr9D1hCCxCY3S0J
+  v/AWC+Ll6B62zWF9gvLWgp9kfRNHlFY2SDTAx7720IUXpAd8rPpzuOGN5D5GY5uD
+  Dc+vw3Q7KzqqgyMHLWFZ+t5B9KrFh6J0ZKV56RJhXlebBBhrjHuOt17yyB0BtIPy
+  nlDr1WjSvWKez1NZCw2uvO614vODmG3Cw1R2IwIDAQABAoIBAByPD4bVqEBm0Bre
+  5fi8isnystUX1F4gvdVr5s1Hr6++Uo4q8ae7ja8r11oQD6Uz+7TbDXGU0koV8REw
+  UmV0eF5kc7A17rpd/eBNhplGbcUcZc9Z6h0I9HfY5x8zBHbkzm97l3drSNyVip8E
+  mjDOprZ+KFvdg41jhSUYGjCBKpdAPMQL3v54MYB4pYjxAuZdZpIpU7RFZajGhxa0
+  /vrQ/1vOTZRt8fKiuHpbnP0rw9dnkTVnBUt1O74ScMdhJbfG8yvwLveGP2UhAuDI
+  RLmoK/XoySA4EHoncUIbcDduSwZYLrbmQVbFIVi7cEBNahV3S7trajC49Wp3ZUWC
+  XAdEUXkCgYEAxQ88+CIule2HBU842MswGcZZkQJS5DQdhjSUYkK4E711mmJ3U0pi
+  3pP4xY/mbwcEKV8IqcQffO5aRGBW4vC3B8SmovY+33nvOcQS0wAuYtIeGjTc7mzs
+  f49rKrfNFQRDQqohuTse8dsFXLazBUvEKpB8PEw38+brzgBnGU4sKs0CgYEA5/HF
+  gL7dj3A8t3VzUIgPCBKotWGZjKl3FvAORaFQkXlodp19bsQ/H4x9JE/KhgMeHMx/
+  oyLMRvjMucUnGr//pS2ZQttfA6U9HvOE8kAhSTLS/fMEUMOea2B2fBrDA3qoRNaj
+  LUY4l3Hb2r4XjFqrjacChf9scVyw5qHs4pxYBK8CgYEAtL6QTouTrSKrWFxcqMRd
+  fxamKlI2U2fVuLXbb/EAQ+LfzlYIWpX872hLonGliyqlT4kCOixQMVex5ctzhj4B
+  sxdVPF2eN33wxUwpc+1TnoJY5/KavfmcRjf2tLzXVzKMusWvnuUyMeWRGoPc2buv
+  1taljOzf2U9x84X9CoHgEvUCgYAsP/TVDhTI47nBqleYmox7lsu25urbag09RAkF
+  AbSUPFxQnNUsR6ZfR3cscUiK7pdVGTKUlfPw6lBsdI90TALiqWNe3OkwkdqqR/0q
+  FlADXf3g0vcUzW0wwRN5s8VWqZTmpSg2X/o18lPmVHO7pCSsfps9ozA2JF/fcC74
+  QKmOIwKBgQDALkdij+ZKeU1IBoQasSAQ0B9elpjgqccxfsGYS4UVyBmM58zfiCI+
+  IeGFusEFpvo+00vNDT316xsjlNXx6F5ng5+0LSF08IOHzDbyO/s6FSfgHlM01NJM
+  STd7+Q0kA5yx6s0e4b5QomVhOgn6iNODauMNi+cDYuWrkIl07wAVyg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA7OCxLlm8jzlm4QizZlf/05yT6WIq6cM6ivRQavke/j8rPCqu
+  6es7VWPXUPOliy83FOI4vpuuSnI8YFFWYfjUGJr1VmwB4VeQDENUd0ny2CUliiYk
+  olbZJbyWu0Hmd6tAorA+LBW+k8LIjE1TmSyLRgKzmbsBmDzZs4+c/9eg/hRiwKIE
+  Zg+M3H66GeLFWnnR2GcouaOArnfBx4mx6X1GYXOTwej9ljW+h6FkIldUhMnI2aof
+  7VRQ0xAgYYL0pp+e9Llu76SFEQ/+b6B9MoIHhEGwIGcGxgbXO4XI5G5mhpQJchpR
+  /159o39LgpxiqB80M2N1l4fYtiZ5Mgpntm2X0wIDAQABAoIBAGdGS1l2/FPBZg5E
+  udqsETiUcpR1HVqPqI1+mTUaah3VMqdnwJzx1wuSnQSJRaqaKjyrqKvJukJw7cvc
+  innqf6Y+oSpNqsAxafc+v6vGjN8ZyvUhTiWNEd13DIyV3cJc4rBLgL+9tzo62S76
+  Y7FLj2k1slIbC0XxecTkn0GYJHPBXtMncTgceefAtSbEemqnC7wUYiwggOiza1U0
+  aB7GNPG1Mr8DWV5+dBKvu/kLpAUZugUsUuWrzqLBl2qNjAJsO2dKOaWzd7VHDJIP
+  rdQ/0YCxK+PdPCCVgQQAJ9AsqNeS9G2Xs7HYvh7qbKBJYi3hRN1VC4Nj+rvcWdur
+  RJCaOukCgYEA85OVfxZSXv+qj81QovRTGkOTPrZZWJ4WkkpBSIg5SRTjfCqXqj8x
+  qk5cha2g3vo7WrPxTeFp2a8fi9ZKqe+9rXTBITXu9NiTgsd9c6EdBCpdCfZLdQHY
+  59/h2/lFX0/jP5YUWPtbioSmj4+qNqn0EH2NUvs1DxzluvszAnJS150CgYEA+PWk
+  E5DJqNtPIqS3wPH+/LiDL8s7ogBEepv4tHfLun9suZO7p09P9gCFbymyv9OrEFME
+  pOiZo5DHH4EmVPt03OgAibgM+kSFY+CUW7NM7qHXRro8+HPus87+EZiKWKBn1xZ3
+  DE89lwdeKcuPVdlr60TbnqtFu30la0agfVdlai8CgYEApjUe3gmtS4XKLTY8v/VY
+  f6N85l4nuYCmhkyFH6lU7bmDQUcPFuzoRv4RxGYmUAEQX2RKVIpsYE5PiGxBppQh
+  KitxXegflpPylFrsD+rwkdcWhaW696y7Bf6PcDs4S0GIH+uZFt7uKCc8QNoXnBV8
+  pYQG24jvO9DMMjsXI6Q/Q0ECgYEAnHuBow6pwmn+pq7UFQHGnUC4rIzYsa3rXQm2
+  XHDD7Dh1tXuHQtWWU/Dl7gZOpUY9Sqhzzdep4mZ40nOSDW50ePmWhPnbpl71XN7n
+  QXBE1eWB86HR+vSbwAdGKPcxVh2Ux1wGfgU8mDZ4WFrrgDGGJL4GMQhEb2Fs6K3e
+  6InLY98CgYANO5sW1WkdeKcBNT34+L6Pcxim2MRP7lmJJDcZ+guWltXS62VTNIvH
+  m7bTOcU6PCTxOVQabZiRXEQ/8Tez3h7RZDWFClmDnRNTC/d+QXZRCXvoqzgmNLH1
+  AWOlso8sgjJcTVN9XEckb2FB0uKl9GLhkd0XqL1Kc2JgrDGUJC313g==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEApAF4GLU+JSbN+8E+5BA3n0xzYrTzyGlJ/YrdotX46VLJQ7Hv
+  sWU2b+4F5vVNOWWGgajCboc6XWNF7kZOuqaSIfjzmsk9+r+knZcrbXhO0IkSPkqe
+  z+p+82G0Vf+BSCRh9zZVGlibvlABFbLmd2HyZY5oP7pLK7JYIQ01vesWrM4cpxON
+  K9G9+1/IkzF65bYrXznseubduwWjhDUN0WgbmhQFyXrpOqGFPrTwchbBbMTTRak5
+  oYcH3fwGiijUYhHOTBAXflWK0knt/1IShnASO6NFN7Pk+djXuny9OQ51GDE/0kp7
+  xqliStggj7Jj7BfjpU0mdAPQ9gnojMm9XzL/EwIDAQABAoIBAA/IgGlIT/G9WUdo
+  IohKM0AmWFhgd7GKyG8ZBRldpDW4HNxh7GJTDjkZXAINC2CBr78coZGHfAtuuVUj
+  +QGndBrG3ZLA2TEfblUoLiq70EHrXxEVl1EFDTCY74TzMNrjfXYQCYKekmZvRpty
+  +xD0ISK64Ld5UzCiWi7cGZbsX+NDTyk3PhMiAuHUj0dNB1/Tci1oxJZf1kHwemJi
+  2PFEMSiGygigGAE/bQDuFB3oQE2W9qO3UdyyzkAb6HetcczAATfqhsuZxjl8rpBO
+  WRf5BRG89qU4mJ5+StIepWPmnpuQO8proDjJTZQGmeGcCeNhm9jFDBoLIeX08Qud
+  EtVG9UECgYEAwgGtmecTu8HhXf96S5YVgA+UZTzvOCA4wi+opiaHKZAhjengfJfY
+  aPZQQ4o/DZ1fJaAXk/QzSvDWG5oYH5wkwr7+crzyLuIc+PyNtDhN/XYD80P3vMFY
+  CfS+vbkWS3gYlc8cHxtcZ6C85hroq+q1+rVz+rOkpsG6gaHY2clVmXMCgYEA2Gmi
+  NuA9A31CyRNmDxav+K5irU89zRErxBxxpJaUDRVGGeQk5Ci26oFWYsoI44J3+Zpy
+  8BPUc0zFc/H5/z9g7irPsmNwrgAMztD3iTIUubK/KuWuXPF5fCEsDpO8eZR0GT4Z
+  wcL73auFDL5XCEZn06cI1B1Ft6f/Zj7qnrsYG+ECgYB9AkHPeoNPp5VFUVqHG/VM
+  qD1RopruSmzoS3dbYFYVpQbJ/9qjzeAneher/Ye1iSMHBopKzr7CWj9MV9WVgLJ7
+  PkCMxE01goNyuKHCb8lpOcM/3Brk6JyHBcpmS74e8Qq+dU7EiIfZSkyN5Obp5/pM
+  yuEpuNmujgRUhWpKox3iGwKBgEgipcxu4EeKeDl3+tvqrwtQbVnhgPMa1yDObl7z
+  RjQ6NByrPFTE8XunUvko6N+U/JK5lbhKk9U+8M4eCTu4j4GzyXlnxgZpw9soMmqL
+  w/bGCwysdHtMjjb/A6V0Py2zeyNy3LkGWlfgNUAzLeV3OmKFWd8CRtvZ5rrZG/F+
+  4aFhAoGBAIn6awJ8O3l/6djm1gVgcr8TuWaj9FIQ19phdbHov6rcIYezOKKU+E9k
+  RNy2qtcnJz7Upz9HvtBJ+8c16WmyknCPLFZQhNbqdICBHf+3AZ8S6o7o5kZT5R8o
+  aHFNlWg1NeoP9VxCdJshsQvbDTVI3O/1rYu+ZPvvjJNSt8RF/k4w
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAzItd4+E2HwseOv4ugJW5lXKGaB5YvyRIdiO1iJATYehi9374
+  i2Gr6xQTXhitg4z693W8mNo01g28Bl7Qe9wJNmL7+jNh/5NqXmKr8WdGUmMPPEtM
+  VGs83ypeGf5xGQDDNiQ4pg3nEOMC/ccGyWSk6+Yuy80Vl3KiRnijrAQn+J7YtLQo
+  Karmkusa14Qyh5LFTa5H5J4klnncxh4/XCR0RTFVz+Yayr/iGZaHlQoyx8u2CUNm
+  u2kUpn9EEIK5TJsFGO2wOBQn7AHtYNfNt8bamU6XddIvIbveWiWVxkDowJFvFGWk
+  tRCSI5t7f0H+xKpDouci3BZSwWwnwQYABkgxwQIDAQABAoIBAFkIxRq/Wl6S6VrG
+  b5l7EugxjL3fj8PL2FrMWmWSSU2R6RpQQ4HwRvQxreiEl2quwENdFXX3bY5LNjAT
+  r25qrfvlhEc5fIvSMDfbfXq7+Ik+I1CceiI496swdvubnMFEarSzeZEWdiEMn621
+  p4ecbolcjbwaji55MJe6RYxH1tpKCuYSTZeNdfhtqHcuLCAa8gdlHUuylB46tPK9
+  gcfNIzD4+K61NlyyAFpG6l87UHhpU/H3WW3JUBUYyp1gCYkHdTg9Wk1n3P0e2Rj0
+  NCrLbptaZVinD7+mwW+3UpGEM4loFeY0t3cYXIEjuadAFhGF9s935tnXJDjLpXN/
+  7WDc1e0CgYEA9Ha7BmrtbejDbYzTxGPr2c6FDoUjL2at90NTiO8sBbK/4Gr/xvTJ
+  Md852sz+mwYB0HZrTL/jtio2s3CA6svMP1dQ6A634Kc1bDLthRBMm1AjEC+FvUi7
+  zv7F8zkxDvyehZ6TLTXsQHaDIQCfkXqD9auFupsnAnrixe2Vx4nLvUsCgYEA1jJi
+  z+dmkBi+jpWWzEFvmm6TbLbzWFLeRgorOQnvQrcglFSKiEMw+5a4NBSWQtIq/ePw
+  ath4lRacFEMxTDEXlb1IJxKAl6qjAdBVAoy4hdmWfd6VPOLN4sUkjELbvQjKnbxD
+  HF4qBWbqr9ieYHXciSCy/JGJ+Fu3Y66mlgF4IaMCgYEAn2AAkjCH1g3XysXzEagr
+  DPaM3GiEBdUlOXyVK0LyKkzctwxK8ISJ3o+vgiv/GUYTTLrHPWQkqpBe1SFVir2O
+  zQS55HAkBLw+IeoZ25RCvUbDdTvmLv8KIesLVoRErYaYOnilbuYmvegFmTB01z1O
+  Zo2KQ5v/FKjUy0EXUt1NDH0CgYBBZ+lcauCap7Oofm0pueGGWrWRwNvV4JgW8wv3
+  wtzYlmrQYHBc44eVi5R78r1fciXGmU/UkH1hqSHH3iyzg1ocU0wxAilaJrTX3PHY
+  cXf3B1Y44TrY+Li9wk1Ctze6JXEZcV9czjQuqhqHz7Gs6tCI3v9IuHhU6ky5l58u
+  twwj2QKBgAEde/Wr0xNkuPKP3C6y62Gom9KwYtKkCws4xRrMymxzcumv9CJeHNF7
+  aTwu07X8KD6LSpm205c9sTKfCBhdZOKZVXKXfErbDFbOoMCV+WG2GKmgHgjMMKbt
+  VNp722ccuQ9ZSmk40QpzdviaG5Kua2tCVqd9aw2tl2sdHhV4Fxeu
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA0fTrh9OvBpS2fI/Oi4HN/FechPjaXSWRGyTetyKc5bAtxwE+
+  /mb+YUfpEeR/iJI7DHuC4UQ1AB8z2Ab+KmQRaHMOy9/hdOs9tFuD19wwPFWFJlOB
+  5E/wi+z7ur1jSbH3/BMlV5LT1HZD9QrT7PAngRwD3IYGAf3WpkoPhX1V7Qqa0E99
+  +Owv0xtb4xL1zkO5BER1XZD3OI9n489LVLDMGfG3x5sVuGX7chUsbEFGTBH2uTh3
+  9yUHv+hb3yNkgn5l39y9VVC+mobH5nAJ52R3doIJy/pZ/YZyHAp9OggUkSWR0KbA
+  KUdDIgJOF9JTvRI3IUx1ZlLPCRDNF8uFAQxOlwIDAQABAoIBAHsSJj4oR6CD67R4
+  V4pPPH9+m7EWbmnLa5ONuT+Aepfo/ex5PoPBu7sqe+SRHHDhxts6Sy3g3XCE2c73
+  ymTu44VmbHX1diMjAbiHLHGMEHpNZw9gQ/OhKE/dSnHcMicwuzx3vJvo5WLVMGCj
+  SDbLT1zPHzRVG5BvSzOOliqZnZSkYu3sH/tWZOZMIGiYBt6LXGVw7CP+ybxRKN66
+  Szafg1QUfzYlUAA2SIa49R5BNPAYkoa3pFgOctslJ/YIbrfhOAXznx3j3pXTXT4k
+  BbdIXywkPGinI1VQ1Yts4spZAwfECmS0LNQjYi6VN3BFpLr/aM6iYTXvSladQ+cq
+  9bJBNIECgYEA5piLvDKUDdQRqjkmD1bc9d/B7UoB62Bd91CAS+8f89NEwQfkcGXV
+  RkbsHIH+54AjVxLttPULn9sJkyF4tokduikN2M/Drppz21bl0e25gn2fjmxtX2mx
+  Ns8InmfsgQJD77biLtLrISKA7+lewEdgfd5gK2urZIL1XPQ4QYV7JZsCgYEA6RZK
+  peWKxts0uYW5Z8Fh5DCuxOzINf4vRdIWhzo0qCpeXICQHTxYkO/eWQKG6DlX16GI
+  bBzzDkR0/oKztff98HAKP1qP9vxvju+0alUOSSx3lucLPw12DV8d7IbcQqBtS0B7
+  M4+dV++Rv2JlXKbRyqdkqqFNGvG+tpYzpPQ3qLUCgYEAmkrZvMwu6m3KgBaLE9pw
+  MIhOjwJk9GRfm1qe7bALti7Xoz0vqdFJeiN8WrrUn3vKqbl9mgYYiBacenj7908Z
+  t/U+UaL68PphqRKk5ellph1+RGLib+Qdcmnm/27T/aJRaLT69I+mSl523ZBOGOPp
+  eW7w9DyvyqohmNfESHsS4h8CgYB/nByyRsF7rXdoOrYO/+jALYcBeUEDjm4DI8oB
+  rvQ1PTz8F8bOusMiVrC8uo1xhjN5co5l4lOPdBs5XAVXkrYMdMqndMVsyzeoYcO8
+  k2SG2zl9/HBDzPLczz5qyEq+j2ZG1L6es/nIsvhwd0ZXO12QPaT3Zef44HExNXqA
+  zNPMIQKBgQCsuDhf/RZvd9msACdAWY5EkXxinKgsSrCKwdhHSQYtDHOK6+BFCw1Z
+  3tDbu8tGkrn3q7yXW40+000+qjKVzc8OknWRycgpZajPaTfrMAsvDtdaNjAb0iYC
+  sBBBQz3FVaC4xt3R6hzch1oOvueryqD1b+tQN0Mmw/3QI29Y3gdYsg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod15-node5
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA0Xqu+h36EDglOvI8BcS1Sa8Xpdwjh0oFr3RbQmGmeeSi7VkF
+  IiZZfYhjFRb/ATWArUn8nvelwgIzTCSO7mh9TdcR70tFELtlEudTAqohlQOwIyXg
+  noJoWO+bvC3GnF9cST7myM0y2ZNSaiHJFBmQ+yR8GnAMUyk+EAF+6cc/Fx/s6pxH
+  FnLa1xG5nEvFBXgreikqIpkmHVMUZWVRjFcPDZ0bmY0/W99FmnGwKNmYwqVToX5X
+  1n6ji0ZQif5T+V2lOLgFCBOB3u+POEkxvSWyAtVZ2mwtbQbjo5S8BqUdBmxIXVyC
+  PqJd402aTq6RmrZKicA/WALqlVUnDVnQhcnXiwIDAQABAoIBADNS5LYhTBhXOT/1
+  A6HCLUytWpTnl8jY6QWw838TH8+zpfuTGP/h94EbPnN3W+k2650JiJyGPpWHJnxc
+  ZKyi6zh8HkfL4FMWJtB33s3DU1EIQ0qJSDxt5RUNN9HmQUgk0R6dC7xdEj1erA2W
+  04ZaMTxnFwT/OPXTIAKZ6zdp+to2JTSou1z0PM+kdLQB4MUTVu65sjU8N2o4ZnOt
+  vBaKT7n4emVGK0hv1PbDRL0FV1ubRdLb4YOoXh+kbEXQcqhFoXFOh6byIoRxizCm
+  +AdJDFSAHS6JWps/vaXp3i+SAGVpP2WSUAxCIV2sX+lWuf3MTd2VNB3a7KG7mwJ8
+  8pfWKxkCgYEA0cJTAjhl5TbmIn1bmxaq0gHzsAsIuyJ35ICVqZOZqT8mmZmtvmWG
+  5/012uYBLI79plzmmH6v8z6fDEDbSgB/FcM8nI5iSZVQMzws2UaA9FPKE0UxxB4C
+  FWDSUWkhBM65d14xZGqAf3N8edd3Atzq+yfYFrwKsFoxO75vjiW7mt8CgYEA/6iQ
+  8wUeKnqzEfSyATsGXLyknjhup+A//Dh6ZUbfAG9j7ZqoF52q0UnhAziDT9LepGKu
+  qvWA46sThb6kib7U3xihGTbQXZHL4OqF2MlGomVtXQVEuW35lVVG93dsuO8132Fi
+  GEFfTdXHHwDkcL5tXLZ38HC/OQZZPMK2E20JhNUCgYA/BS0/W4ZxqV7XOeaN3++O
+  jPuUBpym7KIsyt0sR6ZBDTIhr+Rdcc9oX9EQZU4w/v0CQKMfaeCfKk9KtSmtQBzu
+  guvw9W5eQTgJTKkE1oPj5FCwHXfoPkPN/Hrz7qv2780VKf2Y986HfEEHsk6VU55d
+  uwjXO8PSXCaylnKZuIh27QKBgBaaLoZts2cKBf7WZU5ai4tzWhJq5s2Ms9t2msuN
+  YnXFY05EWAwOcmWiZHRGcMWD3Q8nck3G+qgmHcm7Owy6hFNc+BEkmXNMSnwN/9tU
+  oBwHX43Tw2mpYWFkcqu6MTCAZYDkOSnvzZ8yATKqf4fALib+MshdD2rZNtZ6WGKL
+  R0YpAoGAJgeBTTEJLFGiRnoVN4Rrkf0RRVNSfbBYek6IKrp432DzZ9zJvicvxaXW
+  exmXsCCmqFxwVHD9/hayVNbZI0uPxgEtZQCp0eUtfaH+D3Gg7PfG3t0/d/O/A7iV
+  +bwUTN+AtXQMzrxVwo5jffu1XoYcpHZseCKf+uKmFaM9YCg4UHg=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: scheduler
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEApNRfOh3USdgskFav/nrkQR2zqobvLFvRu+oku9mCan8Zkx6x
+  9Fx0EVDj1v5tGgBIYshFkMkG5gWBpUwC6bq+fDKIlDrOgf+/YphsuwFfBt+eVa+b
+  Gv9ur6NfLgju3QO86ET2tH3TRd5wnwg64xaHfiXTgZfuTybn/SW+RmRa6uEON60t
+  wZL/p/u5AEwmpiD3qw4dE/hecG2UllYsMU4OSAIQPFUej/JbJLbDCE9FpGFWlWnK
+  uqe4VXtI/HRIymYWPItF93vZygTDy/03SJWNZB6VsmV0JbrfJ8hb7LFbZVzFu4fp
+  IyAMCE9KvdZ4w82k0cB6J5p9iPUznbQNyMgnZQIDAQABAoIBACFXmF/AMvYxFWqp
+  Lnay00Ncx8BCBVWayUVS6tVY/WmfhkPdXLAKl6v9Cemuk9FDp2DcFD5ie9PB32TZ
+  iGlRTkD/U+NwNd/UJRnDrZLyhw9z4qqAmEaQzwoWaSV9xxvMKsVtVd5S6Y7jnTJ+
+  TrMrFoNtEWjQm/NE8n6hyOiiWkXSp3oQooIqM08bp1vYqBM/q9/smuFCrM4mSMl9
+  a+N6tjoLYECr+dZwiNVAIihA/9v1jAyrmET4s17DDUOrT/oULWfewBtcNfTnFtcz
+  hL4bLmt+adANcQpQFy5Vv0EfLusH6jgRCtlDbnTfBz1nxrZicwgglrFhhkdeBnoN
+  AWti+QECgYEA2UAas44dmqv7A8feiC/9RI+B6Ne69CLdMbkjz00fiZrryS/zxHva
+  HZeJv6gRT82eF9O//sRuIntmWi38TtXxx3TZ1Q3QQ248SBVzeV/vKRvbfEiWOoYS
+  HEGGolDtwWOvF8xSEusaKG07xmsBANnZLlbhxL8xTWAfPd/QOHzsXCUCgYEAwjqs
+  l+x/dyZQGpdW2nYRLa3zdhswVzpAcRS617BmBcCoAi+eHMJsVScyjCUmEisVgge/
+  hbL3hHGzOI8UjZ16A6k8xGPhcDfOg1q6j1u5F+9DUzhZqSCmtHJqA8hm0EjNa9DA
+  pIbhw7LqWDqtEYa3AjMyTrcFG6xQwj0x9GD1GkECgYEAuULoQjwr1K1aJlQ32W0L
+  Dn9OahAltnFQrUlTV0FOZpr8/RjuSJzRWLDUX+LjuGkAqxMAxDIgNTmEA9z5LwVU
+  5CEqbXwVIJuNvm7EhTmhCi5eUjLYIVoZcY0TUbGvvl3Sf3nWd5mTOexEsCSpu18K
+  zHB8oLnmQjR5D9ufhbxKFx0CgYEAotB+h6f3PdD/Cxtb8itQwSL1WEb4YdZx2JkQ
+  +udizmWuMI7sEp2kJEmEZNhrLoWxNNv73z6joAGTw9Ck4QVmF5WRW+uCOgh987xl
+  cPDpmre1jxhIiK7XL6JNXjhqfyTYFg3avtBWhi7/pNAi7fMojA6QmE1xWb47wGd9
+  7aYtMEECgYEAt238yyJe9dBrPW5KxDOh8A9A+6hqAmwpCnnZr8c4W14NaFwt/UJH
+  UDvauYTtTNv1x22s1+eueLyWHpnJztoWJkGspy47sTik0eYGSkQXjQ7eaLZvSwgS
+  G4e3fGBO0PkWCfVXDw8tLV+yZEIo4/EmkETw9gACGBxoRRzvRDmWFuo=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: controller-manager
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAniC294LZUqBY+kO0sxrvCLiExp88N4SjIfr/SRgYlcDMzidM
+  3Lhi65634B4YLqvOmwIOYWo+RUNDdV3Qr7A1Qi9/yNhTIuZ5Y8Wrn6NadGHNGYSs
+  54A5P4guQkTULA6E6UpzY+03w5LsSZO7qV123z2z2BL2Kx+ecgF/pscy2CNhuR0D
+  eUOgQr+jpT8q8mu7e/8wcTLNQvSfTE/Mb685PiIRVBanvfPjCHeNLEcKgFvEQ5o0
+  18mEHcTUVojoty7xPBW+/Bj4ay/DkNadHJTDf8MNDMzRw98bpgJ/KFwEQggHJ0ql
+  Dtf8yAnHV64F0a5BrGxnjGgopl6f8CEGZ8IwRwIDAQABAoIBABypY2Czt/6RD++0
+  7AD25dLX10FFRZ3ujb8wBqvSEUq7mqPXXcg4J737k+qsqcdz3swb8E1Z+5WEXqrc
+  aWIe91ha0beu9krCKcia4MPb0R59R7bTZJ/Fjxrj7TaX0Tl3HEJI+2dmbRAnBmtD
+  uuU1CsHmJj4JGdOxNIAHo4KwYpfocO0OZpXUdYNBKpIHlxXNZ2xFBbW8zkQQzFz0
+  eZd7c6MRiZdTOwJj5ixsAVK+AMuFFARjcfsQAfKeKbvaGCLPoBaRjNTKFz0EaZiY
+  SS3cX04BNy45cOUiG+tlJX1xHFON0z+m2P+ed5t+GHpwQH8jMYC8dfRBQWRxcBN7
+  zgw5jyECgYEAxC8DEOZoP5xNpVpmpz9P/ccbTOWzGTNVig1argR0/tEdQ+IJBZCv
+  j39VVOEx5+JRGVhfHoMs9WeVnJbRe1r7T+YMV9QB9V/l5avBhsEasSii8lTJsOwW
+  bQL4207uAXFzah0xOKnwOh07ztM0E1t0XUkGPEK16nWOlW8+r28A/JcCgYEAzldH
+  JZ9E51OGfeOzcePueteOObsoYU8xxNiH42+JYZJ4Uj5V6Dl88wDi/u5SU9PmQc5t
+  38ZgqwQF4EZISnM+lIJfynRhfYOXepxlBgTPUogTxf5nncf3NXfkURqQebeDjLGc
+  PkmMKlOd+mcFv1tb8yxsmQ0n8EUjeVGKOrJV79ECgYBu4/PjtZjve7YX5QVpO8xH
+  MigoSx30/KM5KVs8SaCn+COGn1liH+pcPilJlRDUdYRJwz3gzVy4ShizLjyycTbk
+  brBDZL7Gp7IXJAJ73OLtiH6yY2Kt8oSqkaeArxixECOgs2eDE+uJrcSEn7Ury+H2
+  aLRxk3OoV1KE/SB9oUz5eQKBgEgX8oHQnhB8/Harwhy+2KoO+mBtZfRp6Sevx/rN
+  E6EFvghuQzG6NE/rNWSA/D7RwJepenY/J7NY2ny70bJBhdH5o2JnO1DRU3HBhwKN
+  V6qsZMw+0REtts/1rc4wi94bIllcDQ0uQUzgnkfJCxcK4puaH+9xy0yFu5k9xiAw
+  AxqhAoGARW7Bz5R9R9fJUJwdHo0jQVhk/ysIifAdqCwznZNqS8qOJ1zlHLaZJ31w
+  mWc707QCzCpN2MXWig376URiuqmpBSemxo1QzwaAba+F/wR5W9grwsNfvD4zNEGn
+  vtYeI/miyI9QZk/OVG+nTK/VHdLakqNTSJAIzY+mgf8IjaQ5+Uo=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: admin
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAuIno+Sbx7cZhHOl6K4sGb5JqUJWkUNsXZjSeqdqTO93PNCKp
+  UxntfWvoytdMc36GFvEM9VQSM3gT6jH4RKk1p0oFcB2dUOtMku2LtMxA2dj2nnCw
+  gFpzn9QUGKrldOG/JXH11Rj8ilmbaJrSmJu+zx6RDA866jF41EOMRQiSqkph8WSU
+  6M4ZN/fumI+gTX80zww0SCq5rdt5P+KKKPzVmEK3//XiJdtb2LeH1d5KIRTgcxzM
+  39wwZkbxW8Gg6tGR8wUsaNOmmudWVVCg30031prg+Gyp1fm5gG5qFCQjnjDs2LkF
+  QTEouulprDCC3gHlpWkgqS/tFeBhFJNNj1yXSQIDAQABAoIBAAQQLUwHGn6UxqCf
+  V2xMBFlCjQq3MMYC/PHoKLIuuN0xlhVcygOlZ4BCdv64XNuSJpustQ9VyYzOkQmw
+  DfpdC2xiidodHNCiTa5Sgqf5c1gYmd2FN62r0C3tun+Mi77WFaJabwJBKZZWQMC9
+  3/MyQrJGxwTP9QkhC7sIvbbraGdNcGBe9Egts6mLo74lSvqkZZoj87gsoVaFQjux
+  +eMRTYmSj8DHgDnMBXJDTTYsDH9it54ZWIkJMA/d2d4JNqIZUhTHEOBoYs3r03kU
+  PmAT3cZpKNA0T47l2VLkULbRYBf2heFyZA8Qz+BR72VnAzsDq8tw10wqc6DoHQag
+  1fPejDECgYEA6Q2CIRa/X8ph4GKLkRMShjXXGSPdyfRXXg8CUVeYD1tngNa8w0Fn
+  T7rRvQVN93JJgmTrpipliP4UHrDm9WniXRD214s/GCp0NL5aM6GBqiofPQNzOcFv
+  n7PLi+Fd7zAdY7HtGYKppGIxzh85RGYP7jcFxxNlfnOw+E8q7FwIf+0CgYEAyrWF
+  usKgOi6658BjTjg6nA19KJo3BjqQNrKGLDbWYrvc7opl055VUAOCLpyJdnEyFg9w
+  umwQzeUb/AYHFKa7BEF5uYyith/LaRoeFeZKP74O2Xg8AgzWs6iCS3VJUz0t/0+N
+  YiwDW7JXgLO+5LH5oQN5v/LMELiVm7uswZXg8U0CgYBzklNZ/WHiKwbms3fq9b5V
+  +BU3TmYKZLV+24qWtA2gb/+gEN2DJsgI7ehdCGhlsbNqiomh2ZyIlxd7MNcYFO5A
+  oM0IjvE3FraSAWPR/uHCdSkQpMlbduXYGN1z/MsMdpvceLvPztA5yMhSI4HOvZ5g
+  z8B5vNC0KMM2IGx00h8U8QKBgCjI8Qksk5RhRpXObayVP6WaSS5cKOoF6nI25SwM
+  NIJVDhSon+g+GSgqLI04TagZClzJ6oJ3r8HdcQ36IH6VNVeb3OPqWeqO5xxUdu0t
+  Eo9UrCQxPtGix6gKJX0NMh2fV5vg4692744JifWJNMVK0dEFo/9s2IYcvW1CC3Y/
+  s6yZAoGBAIKALyw69yO4W4t2su4UcCdOT4QTM8z0JBMhMZO/7NBv8BHcO719dpYT
+  O7mZeF+OoBIx4KDf8TJsxZCl+fxgWdYyE1UUfCwe7+eI3Uys3fse2NhXeneZ9YKL
+  +3MNGxvIeEZQEc0BoXSaTQzlpQ3rscOZsI8orK2gy7gh27Y/1i2b
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: armada
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA1OxkNW5YUNIyEmTSYt98xvhDrJz9SkoLn+fQeKJwvw2a0/sd
+  ClyQQ/zkNiSH9QVD+jzFXSkcYz/jbsA3jUxR8cypqjn+eSlItBQwwR8O440i7YoH
+  fMMld8lcOp458/K/zgWAh9U1GEsgACtCo2VGZfrhTAtbux1T1eCTTaSWM7J50uls
+  AyCBTUwZwO5f8zG/C4iKWhu85gxgExiucQ+ul71lzgumxwAojK2JBuH88IQt2aTr
+  Kw+sn16z2G8Z8E4FoxMCNxYDkV604V5c9dBSZKlwea+fk/pMzwvxIA6tLHT0AbW8
+  4CdAoT2hDZbxI4pnrfIhwgqcvjxKc/gEEESWGwIDAQABAoIBAQC3XJO3h706bKl+
+  OaEMUJXt6yKsZc2iyj1UiZd4K7uYbCjnYJtTrv717bTCA5epo800lF0KqzqtJfnA
+  CHxOjGkNKEj8NVE2Gh1oJvMNfKefwo1Prsxf3tZHX/qy6EvUDzqqOwbC8xL0Rs3a
+  F2cduzty2yhmCmoGq2zlBK8V8CUBgp+4H56fuJ5H0OrOuRYsNQi8oqxfdr3ZRzbg
+  la+FLwIDpn/DNDaMd78vn0SApGK12LLKhT8ASMYpUtKMelmlo+9t2p1Ct52DPlns
+  5YB2EfBnLSdcKf4v3qVLEV69ja5fkCjguOyWLR4YDdJdQsn5eEqWSsYJfXjO7ohj
+  AIqbVmwxAoGBANV8CLGUkZTnXCDtU35xzbtpqpYN+w6eKh0oDe+ehT8vcLSRKF+4
+  sXMVOmhyo5kA3gSY8OOlmviujsGJZkfuWFs1j5IKwZvNRAHnj9aVtdYwA9p/CdzS
+  CU0EJRrC6j7U5q3v9dX2CSdizvnS0WLDoH02mjN1obOK0Fa0GhFqwVPNAoGBAP9T
+  wEP9+rvhM3IqNwW7lNpf8bVUJGTxhgkmMC9GFlGH2W1q6zLN55lkVUoJv37cSIJO
+  WzVkFybDZyhVx6WxA1Bog73XOzYs1Ljk47hDhB3DGIiS7Bydioktw6hK40JBiSxd
+  WL+g0WT62NHfJjrUkW/3NK0LB+UI99pgopCgC/mHAoGAIQ6HuherQ0df+KlHGHk+
+  xhpik8GucmEDXGhrYANH1rTd2tfvTIMo1w0ecjXuJy7/Me8MvfNSv9cnu8gu0kyR
+  2e29QXvw5tMuCK12lF+yPGxK7HZnbI4JaqeNp0svQnNtFNnnUy451KN0MTL3wTdR
+  jpH55qX8V/TStdpFfxTswrECgYB4ZU6ZAQ8VPsjagYt2eZBkNK+uGGIc80KH1+kK
+  sZrekRd2n98OEsetrgEFq3kP4eGTCE277Fl6XtOq0mAVAlYUuWO9xdrW3ebk1JGI
+  ltWajx9nbxhFGgh0TQ8gsUdeO7bqI44wti1m114cAIRvY0K9MC03l6b+We89myms
+  1rsuywKBgDxtfi8NxWnrTk29AVwn5t0DrcZD4XUkPohGkIdXNCJgSWGxeIWFiwSD
+  hbLUPtzxT07SJzG+77MxhYNv3+oQA3Id/p89u5OOEf1YCiwJ8jAeMIUWBnKdpVc6
+  RJtuKTznGl2j5hYCh98cbnUT914xc4zNX1WzRrsyON2wvPEMTJzD
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-etcd
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEA37TdSlQy15A0EY2FLM1sHW0U79AxBlbd3UG7eErF65fgxAPo
+  ZGLsO4bkwH6N9bv/pbKLzq5NIrK27NzCNk5KK34A1ILBtKIoWwWQBGcI2kEAHLez
+  Uj9plygr99rJb/9eOC4dym8jmvV7y6TGWDzR/f4ShEuA/Q6iNsBXjCBoNP0LC+z0
+  jcREx3QTVWMBKumlduwV0gJJnESm68NZBKD5iCj5r5YJTUWmm4tXLBgB8KWk4hUX
+  v9khNLGPQ4SJf+wATkfNycujTO5AQp1GIJniSpwcKh/nJbbeiOJWyUFiW+ObnxAU
+  IFxkaoymuck5xa4XsZrdYxUnJ6jv5CyxawaXAQIDAQABAoIBAQDHF5pSSnktK+OL
+  M54wb2onDiux+mGHOMwf3B5SQom+0N5y1N+AaCHCIJ15S6hf6L7u4uZWPP3dQZxX
+  VWlrF2YfKvbmKrDmZ+LujxbLND/Grk7BQCRRsKnyowfugEMCcA2UhkZxIVRY1t0k
+  MjNr2EUzfWlRYDkd/mYTwD6qMTVM4bTyf6im7nIRYgC7rGkBrQw7/3p2/njK1ime
+  uTUGN/vDzjNjxHtVqGJQavZKOgt79qC2vNtZFKndRoy2OVPuQGpEeTHkRL+x/mDv
+  xutU0e7cAlDGscHgGf30Ku67F+uSkOsRn0uY3blPurDG7Tl0dTg00t0c24on+brn
+  CoStswABAoGBAPuSEl8AyqFd0HNVR3/n+2FaPlZdhzs2Ad6EKv3TklwydCob13eh
+  pazFrk3uwPCft4+4V66d1h3f0H8bqLa+bhE4TJ9qpWwBLMj7a+m6FRFsQWci+bzG
+  BLdHawizUTduU47ZkgtYLGP4si5yRJb78VT0xn5rXqhw4DycUxbtRNkBAoGBAOOl
+  Mrrzw3sfCpNlcoDN+lhnGhiCG/QjUpKpDQdsYEUYxtGNaDZrgETeSzDyek4GxVk/
+  +iEiSulW5XYIWndiiT8u92em71okbcmgSusXjY05QbZHXk8GC1TQanefznKQq0yW
+  QUZTV98rNv/F9cAt0u5/OlkfXsCAFBWDvxyps74BAoGBANcYnxKR168/SnLCcL7h
+  N+OWSISJtY2f8Ns0AJpEovinvwEeCw3jrYdbAlzqDhfvSADfakEH/UJP0rJLkOan
+  Te71RzZq9gOxwXwa1Lrj+w2JlSY9FnEckn2u18p5n7CYaWNTjfabLmFQC/GAjDrY
+  MhEktO70mNvGn0PTmYuZ1WsBAoGATaTd3bgg15Cp2cZDPL2Egrx/wRY3lJirpEw2
+  nm6Pk2G1BmpVviICePrc6I/7uTtD+oIAvWZl6Jpz30NQH+Ii78MELX1ZrAQ60gdz
+  JiY9aIq76AEFoKxuFvqTJcQC9T50vsWM9ACfOwYRV0Hc5TR7+k64xwcVGVFWCFSM
+  TalwHgECgYAx+O3EkmbG67IKRvz0x34jFIUv9eTbg3W6BsaqYgsYIQm5uY7tWUNo
+  9DkKnc7WgzJK/Qe+yyMTa9rJfCzqP6j2gAp7aD0HTFg6VoF00gxP8wy+5sVAcXdS
+  l+C8WBjp0LcZPtDOQKbdrhEES71Q+KUrnYb9J8o8lH6SbdR73JPICg==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA0tmp0tn7Y/YDsQ+d8H3g4mUbs4XiCoj5yIfrP6lYYGop7ao1
+  YDQiPKtaYbqUrstBvuh8ZFOQu6lmSDwDSYWh++0kU5370Yi1x7MEuKn5NrRAO5Kz
+  T0f+gdgCD3tiBEG/uOAiDq7ob9Ed2l6A2QpU2hs/Jg2tGoPEid1yxmNyMHckBKvd
+  26HPZXgezNc/7LIMmre0T9WWXb3oRVm5Syti1iSoUMSeG6xYfUuBm9FX42uGz+NW
+  cRE+5ywjfSxLfYdPjyorHCZFq9SH/o88Ed+h/nyBds5PE4Xsjz0FB8Wkq485K8BJ
+  p793dP7O8VgWVi7EOV4812kUujgom8aYEEWnqQIDAQABAoIBAQDOIw7snUAxEiu5
+  x1LZ87cQn1jdwl6jfhb1/iv4KU/FswUa3fUhANcYCU5rjUYfPYghZJl4XFp7nbnp
+  lQKBtqwO6GFDfoja6ZUOj+5lu4dx+/dwRpQXRoOD3fLlv/Krxrvxuu6Q/F8yMnfF
+  Le86QeeC9HBge65o5boYLvAvFLpmtc1h2cQ93kF3c78DOUsAB3vEPtc5RZhssGCd
+  3fECDevxJtVJn3SuVF/oWmBK6s2qHuU4zU00INv/1Bj1HLxQNhJkvND0xU9PdIIO
+  cnuN1XMuAHYKBcOJNE1t1uc0A+NFvD2ifoMD56izJN+bWtNohu19+zEBLCPJpQUy
+  2E8TDcCBAoGBAN/uBK5902KRjX85bvKTV07JyX9CZ1ES/UL/OPvBYgfy4sAJ+6YK
+  oi5QElYaUWjQSX9Qo0iV7jpbZ3Bh/eGyRFZNhtDVR8C21SafIce+Ncf8xJnIRdKb
+  BBu+lqJO918WR+9bT7slMkGRmEOfsvLjYfBYvgZM0+8Fy9Q84KULuL1dAoGBAPEM
+  G7vJMg9HONBC21kK55+w7JAudlnNxRlwMsXI86bGKLnUt+gwdMWZUQtkj1aWKtJw
+  HwLi+cicU0m/dCcxcO1zUDkwDccisN7iPP0p4emXZDT+LB6xPnDh5KnUicaVYFWt
+  jOMDY1G3v1RO0pB24dX/2hqeiiHABduD4/3ncaK9AoGAFkVf5dLR0T3UqtCVfj61
+  MjrTdXqvN9sBoUYs7qz/CPdZIexcQNlR4/VGvZWEfz4n8Sed9bwjo14v3XeBfo7y
+  SPsQ63gq2LnWXS76dxkt1CQJkZnfh+Cu+etso9vismxO3zlfpqc+ZlMKp78cVxfS
+  R8srqwi9E0qqSQN8/C08RGkCgYEA5BFIzEx5COuiXapkT8N5lCaaLXFImX+P1ZnK
+  8EhKAKnNLsaNmyr90VhWzii/VnWO3r0nGlwXajA+vbBf/hVRe9l3NiS5ZIj2QGxe
+  uEpAbfvH3DwBEqkxIy0YZXerRDFhjK9AdipmdpMcfHB32ighVZFWk4kduQEuiZwo
+  w7uQUSECgYEAjvONrkEtfwRwyjtGGJ7tzRqdlTheR/bo1mfiAjfcvMz90iI+YSNZ
+  n7e6HlJC/guDpWHoBH7wCStryf6UQA2oDPwRv1bpjsjLRRP3GOWI94nncZk3ARQq
+  eDb6ZJXfMSrIHX7/lFM/izokHrOFfe1gvjhTAXOjImoY+HGDrGXNO5Q=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAujJSrpil7jhn6cg2BX85ij5bGnKZijN0RKzOOQ9+eza/8gpn
+  N77LXOrd06D2r8HOovoG9T+j6syLycrTYM/MauwGkpqOxCZnLLhpbaD2I0UKm5cz
+  Kx2y+NOBXZpRf13GNua+fc5hN9gtQNwFYZFeNl5rVzx1HiQO+CsY8ihXAVFF3ouY
+  98FKF2YJSC9l4jRCKuY+AkLAILci44S8GKEzQvIb3zLoI+B9mhBtu7C2CBANSCHB
+  7rN54zOPJu0+1iD3TXP/8c9USCm4CLfHJUhE0EuFvBpICWIBaN+DwW3GdofWrxIy
+  OHzHkK9fAAPlA/V4o3qy86nWRn0SeLqzAoBbFwIDAQABAoIBAGjeFOFPCg1saWIr
+  J/namN66lfcEWmOS7UYMia1rg5ID2QGKSG4GIGV5xmv9+VIt9qKl7StNp5WDlKuX
+  d4vMHVaPDnidYhEpi+yNBJwBDv/4T6wn8WK0PGuWPAMq+gGhIBUlyl3y0aBxObOQ
+  99rm08gNT6l3XIMYTfIJ2+fvPml3lS7ihzoPKA1ZJzIeos5vdUl3vVPOSYevedgs
+  ydAoCbZR3BuQWHpRwGzrzmBtvZaVkvcqaqVhkRtFPiAWR60349iBsfb1H2ZkPWi4
+  r7yekpOVCbmHL+3CMXUAyxJKyeGtySi3mVLtM+ZxS1DOCtyrFSbf1NuGRB84caXn
+  TLZ12rECgYEAyxtRHrdl5EZ7lUpEVV10XBl7v2wPXlL7LwbcslmJC8zWUsOGNHJY
+  5Ac/dSKFYLkRp42hdFisWQFSNPsJnkj2Grems9DYcJWU+SKjNyAMBljTKHLQOU5s
+  bPHV7L5Jjt51LAxUwt45ZsqYCbQUqH01jzDpkC1LwVhKAG8jZycTKK8CgYEA6q+k
+  8DG01N9Tm17NhPW6jaO+PkhxAKZhrNR2CE+pO+Xp1RjJSINUfkNsQA3fs0wvBqg3
+  Xp1GKan4UDIdUbJ2kfurFnTgrd3nPv4eUyF0QvItcaNrBPAHmN4j8A7Qp+Rd6XnH
+  rbbAsthhBMmXXVrFebqpol3eMRQlrcDQ64JpPhkCgYEAq72VgluhlLzkkwARd/1l
+  /tqtgNdmx2NzcfhjdYuwDoJOV/1s5bwq3eYjCnD+RyM2gm+ILlEsqrYrRRFguK8J
+  Kt5P34yg99ID/gYD7QD0KgnBw1oSJ+LgW97B/UWJ/Xytp2ll4sD12K1Gki3rqez1
+  9PZvCLLEc+Cr8mIHlZm84ZECgYA6eFhXn4q2Ho3t/8ikf7Ri5ZDYY6QDzXA4Zxah
+  K3e2fKmtdedwMYgzjQjDTLGXMjvlJLPm1rhMWRSMpm+3kwcHh/QwPB5eMxMSFq3n
+  eEZHB59a2KQpLsQ1yeKaRJanvbXIHZcqKIYKCO7jCnazw5G/qknpMgnRoHtits9W
+  Xb9qwQKBgFN8A/e2J9uR3YQ7CKWSkmIXJyvCZzoNeypH4Me8BQHqxlZcfgJWhmI2
+  jUGlTgHkdG48h+MzAwxvsPmm2afcWklQuIp21hSBvrKbYIm50aMf4G2otJOMmT3w
+  eiHBMtWqNk6ugk5BasU6/wgx76sZhz4Yal056NYalK4/ewueXg51
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAr2fk25eCVhfxE5WiNlce2ydF9v/a7rAZNFhzM3aRunB0pI5u
+  gyjZJsB1nd8wx1Tcp7lMyXKF5n6aFF4PP58oCknizzHvoTgmKl1Z37oWDm8g3DWW
+  LWVN0Hcp4NvTLLN4ukkSb0swa/zNM3PtaJH9nq2NIvJGST9G5CKVx7dE04GR6h52
+  UCvZu1EGiY09OUSCRTSi6sti41HpCZe6LX4PELFMeoQ3fBa/UVWHV8rVE/0ZvMNj
+  8TzgstmDk11n+CW2mJOMwpJaNVR9yn9kf8Qg61OnaJOqyLPsgp3VCZwiGch4WrPd
+  FxE8OpXt10B6Fdm72F6yEG8yLKlL89/6qGsoLQIDAQABAoIBAQCI4DT5mshNcI9i
+  LgEQEHn2oDX7ofpxCiAQ9finrx3W9AxBoRfh581UbRkbIeCJm9I4W+Psyx5sGF0a
+  CbAygHsZVEDWWGxbTVqS8pfAexDdIKDu1i4jrIrFY0fdvQyUNFTAYWcuS+k0S2jB
+  fvRDBrF30oxxOcfZPrSOL+Lbn0rpFEZm93RIeNqKbAmipnpDWXLZ7knPQ/DEWxRh
+  k228Dh1wng1F9SKDB/4Luuv1bgMRUMnCBg8d9jiCWHN8e0b2u5NlMB3dTugsx3Wy
+  ed4NHEDf/YFj1iSCmDQM7qq2vxsziW3HMs8vseYrWeCsLrZ8KKNdsJTLiQ9rPU+q
+  AFGWixeNAoGBAMSVdYUEWWvjf0JEeYeeTQ6o/wpoBwBk0XE0SyFhmPmB187OCYMt
+  ZzTQJ7f8UW227Ta8sh78y6dGPTnaqt3AATMw+GRpGnb3MF0yBdBvNTjMD6Gd11V7
+  jGPqxkpgYIMVBlprHh6RnRY9tiC95fTkrZsjoJ6fYUZoFxELkhlAft2DAoGBAORr
+  zWSwhHBrbTXkb2AeIRLU7xxet4J+mktPAWI2DY2pqbs+oXTmAe+DK+EbI+capXBN
+  1T6WYJAQ9xA8TiWiIxdNI1WTENn9F85FZC+jmeT7d7H9GJZ5CVNWCZxxyjc7E+UE
+  ZBcPkUM68MVGVBgzvqYjXX9KUgopUEtrftgOTSSPAoGAVAueIc95N6Icv0UtPCkW
+  wsTHvTg6fhWcYay8zjm+wDWeAWGfOYEI1dCEmql6WtDRXAySjqL/orVp6bkuQf4b
+  xToTiEJTOTd3avC/AZz6AR1lNXCZJofavsEaI6ROvtwXSkLvrpwMr/yUSC1ICkpW
+  WrSBsC9t1D8eVYA/5yHm22cCgYBy6Mxtz+MATvqktuNUnjOTLq2PPxLgQeJK6lbO
+  2lRdJLHvMWW10hO9Mua7GpUoKJ57bZxOHQY801wGvd+uTO+MRFD3NsGueAUmzn/E
+  +29q4xpm3uUkpYUMeGbjXdcVi9HJTzku5LT19kuzYlrhxf4tw/LAG1pEJF5xYoVw
+  GVmzfwKBgGQwWJkjKynqctKnuS7U3vNMhN/5erMrtCzEx0/w2pKRpGCDX4z9A70r
+  2yneajDGp48KWU3ZDD0VkvR8OCWPwZ0rL6Lm1lqeYjCdFCDmz58c7WkNhEc59gbm
+  au+m0N2FkdW1r5bpwobnPvsJiDWQRzAHm2KUM4MOJ9otngKSLJE6
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA0ql5A5vFqwFwxADXxs8701D2bQk360Qz/ww43/rY6w984APi
+  3gEtYznondWBgTYTp1dr6vHP6PC0UEeEUHb683C+ePg1/T/v2Qc3hV5Q99A4RoI4
+  QXc4R8R6GEpncsdHI7gn/7fKPKD9diuE2AfNGJb9Mv3qWMxOx1J9BxxdmyPpYWkW
+  fQWLKELpC/dK1DmaalkgUeuuaOPrNQbvkqQOItZB4ToR416VyYu6/qIhUBTKavs5
+  KYvjrT2WvLAkOQvXqe6rd8gMNcTlLn/u/RR+MYj3gRVfoPDYJdi5zDTeRJ5ya6vr
+  5OC9k0vY+z8YIzCqRunmD+2q+sYE3mR2gnxJ3wIDAQABAoIBAFUot0fTJ8QqT+ic
+  Ip421gtltkh7qoRLzO00hqVcpWXYm/V+/K4cMbnkBfoP/ks6jhVezLxsRkz3SR0O
+  3BkfD/FrSURjqoeW2iGUvkgGyZp0LNur9ovYYwL4FRdOtKT8k/CHmHvSU0nRFsU3
+  cHtYI/vlxbNgW+TLqqj+2pYOTHTTAkhVSAMWXyMaIb3iGJSs8tWWVjFtRDBjbjZp
+  EsBI7yh0TIK6CoESjTwLRixG1yO3dEgnyjguUDGxcvwGq3Xy1h80e1v8YGjZk0QQ
+  zr01T0UW/EmKakojXRpgk3WSjkl0FpM9JmYKv7pErgaVLNS0ZN0Vk04TY3jFUVsi
+  BGaCLRkCgYEA1s5V02dAk+d2NaPiIi/A2G8uNomBchvPpUmky/QkePOgdvBHNhhS
+  MTLOd8QS9nYwkxMqjGyvNX/TGrJJw/jrX28Z0h5FQCc1osLUlZB2jshlD6Ci+UXM
+  V2Qk2Z6lCvsZGO25wShZZBKHykuMLDAd77hoLIfjxRaeAmKByGqK1zsCgYEA+w+x
+  TjuEzUNbkZiIvgOlff9Kw6ywBmKhlnEz16y5qY9NtXXT9EwYpvenUOV/EJ7dU5dv
+  Z3H1ote8+uaQPaHEkxKyCaZuLqe8jGnBX34RVb83FUIpSq+KvnxnOKQChpK2xnKw
+  +YL5kVNYnMb0pRog6I6oN9RKs7XJMiCig1bzFa0CgYBijGldwsoi0Rcvhs9xZb0w
+  ztlB1hYYNuAt8bp0g77T6tncl2HkVIYo4ilNUxxsDE8+upVTtW0wu0MrxU4IZcP+
+  lacf+hlFVHfMA1yqfYuW+CM9ZzI98KLOGTi6yojnn8mk4TPOhWd1fPblfYGCqFSj
+  rVPF0lZSDo1RhMYMH60xDwKBgCHFyqQrfYHfPcIoMrzc4LZCUVxhLoytV+9U6xRo
+  N9GHZXyzjP+f/PD4/5jyRlWGCV/lTycrPU/alaFqwpyH1lmyeiCyMsAz8DkzQMAH
+  xW0ze8VwUP2q/48ATSJhbbWMpumrJANsiwXxoEn2uZI8IZEnH5njBOmH2rjTiwj/
+  +VNBAoGAYRppdPv7sLR0PbBdL/VJMhRFGgQ+4ovaGXWm1M9FfxkNzS/5uzC42e2A
+  4TUAE2/jcAR7LS8UojfX2/aoIJhDUsj77EcV22ghUd62n62i3eU3AWal+RPyGF45
+  OiH/iGRP8hB9g7n6LH0C/bUrrA6MwXFUEndlkbFb8NR2Qdrubr8=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAoCCx9m9J9KAt5GuuIRwosVPCp/OlWXs1DANK3LmTF2Wo6Bbo
+  MYiarxBWRDYz3YRV+3JZ3TCEtRKphYFBnsK3yRTtZROyvulJ2BNRPMN5V6cNy81p
+  nk7QPYxZcc0+ed7jG0CnLMbc5qeFp94oqKoXt8MoFdMvzcRrGoQsXutxYiROTxhg
+  LKIPzsxJYfdZf/kzBzcMPwtyERJ8taLNKB2jDu6ls5xTOGgcTb+Z8wBmaH9Lvgpo
+  uR8Tk6caPsqK0BtaD//XHcxPHRgw9B/yLKKnEz8mD0ItwFwBccG6bXhJYtpkkVyd
+  A3xcFNHoS+fWg1DPallolFLVxL/CGSu5dsZu0QIDAQABAoIBAD6SyDhu4M2RUp2y
+  Xoddw6EYBDcxhOnktaQOHVEHy60W8txPJ0lEAn5quetJ6xajQh5SXz+KWDGSK2Ca
+  VBRALyWK4gHforfr3glr8xD1qhNQmpmLmbxdPA7xK3rHI6ToLoNVzn4279fKmvYw
+  YF8YqNAMmTt+HW4hVWE1SUmGY/Zfb14qXlQM8gkC2u6G9+AfVcxE1PtgIV4wQaDq
+  zEb1Jt0T6YMMDAiZT7s1kQDdVjRuevQ2qA30SOpTEWkbKlfhwJvPGfUxqsucZ++7
+  xy0nI/Ic5WAuVw+T2gdwoE8TlGq+4KpKAXbREVCH9wXPNgbRuYVheSffMez0Z6xa
+  KefO0wkCgYEAxq1ESRm8nHeCqUrYvXYIUJ6G0PXnKPjEFOcyDYjZTMiurzT81vLG
+  C3Rwk7PYSLG2q87QxGEx0y9nkdkIGzIgOQmYeV1/49qxuy+avxbPpm5Fyu1I4zec
+  sxEAkp7LGW7hAJ8hDTU6vGlpcbGXV0XSKlfs3QXBizd67AH2DS8vPMsCgYEAzlQZ
+  +ldBwO5cFCaxybrmVE7zwLEHsHON7Cm4ctWmwqZYNR7dY/R9xtUjKM8Tu7wOBhZv
+  CdZ0NcomBoGpsPDteCzkQn+1HkG1X6zFvsgIDQHPMpPpgUDtHLl0DFIvrnC7hT3W
+  H7OFfvJEgHYQ9qc8YyWL7XH5pwjB4ZQfW+5rC1MCgYEAvt1V7KQ8/lQRwnGVJu5t
+  roWdHsIeAM58EVjKTRZbK9jfeJJ/FEDG4dpLDJqJ/cw8oXFePkrhgvDXntXRY88U
+  BbeiM3YPluZSOHHTSCCx/EGT6w9qJl8WuzBqTHEgzJ4oqmA1cGrisn7SPddOfRkm
+  fmdZtjwBY604+eIobyIVT2ECgYANZvcdBMf3oUQH5w+LXAGUHmDE9nraYlcorPkX
+  NHuVjzqRkMSutnXpEXUsNG9CtY9vo8topy57Q/s+VvPP04aJVNkq3KLGKVx/r3hU
+  0Sd8uM5dqa/0PmRohj9cgYYpXZdAq2iaPI4CVfhPI9wsOWa5xfmV3d5qlC4L2hRD
+  Y3Q+kwKBgGY9mBnMw7tSncsdCljw+wwxWXYIry7C9X2cEdXQN2T39Q4K2DztcnmH
+  Jb1vKBRuF7phH3Wn9DNB4QI85DRkOeI1BqujJdgeNjnbU68T6kwNChLskAlXEsfv
+  WijNjfE/AC1QWbq/krrZh9KKXJ3S/KLxgqAWipBvvaj5SF0lGlzN
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-genesis-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAqDcuZfEnGmwxrLk8gaC+Tt+N4I3LzlLKfzFdKvClupQ2a+hs
+  EPcQlBgOBKb80HJ1BT+/mAiguAydlL5EjRfw240ffYO4pkCYuvwxm+rdSMJCVrby
+  dMVzH+AR32SvRRe9CuKW0ed10sCUQm+UG0N/5OLo96CVlCmHpn3fcR6yXG5lPs2Q
+  nK/O6Tze0fTkQ7Vcnep7g1oL2z7rtFl5kfqiE88ujeM4eUxISeCH8vLBf8W/KAmD
+  8aYE8QPyWaX6s0Z344iLKfxBXTjbLnvQ8Jhi5JfcG0cEf3jk4L9/qriAVQf7gnk2
+  LkGpF+Mx3rmKmv6od/zx3tJpz8zZHsu0lMW3WQIDAQABAoIBAH+W40WFZYCAIil9
+  kuxLrS2MGUQCqVyEpX1WRvGj+ECN3L16XEV98IAzwqY6trWwqxvhH4TEvor7XqcM
+  rlhKmXEeGI2OVIcdpfrmAQbfXRqr5b96Imr5vPmnbkcASoTgnY3dEkKCCndhhNLj
+  aPZI+3/zsHrqvanU2kQpY0qc2vKJupi1xJrIMFq1b73BRWAzqpifTywqBfOf4XOB
+  4jTiNn+plyleTCGAORdGsEr6h3qh3eKyUjD+qZHwCYn18ODDOe+dfKN+YCU5hLiD
+  CDl67SKiQy3wUtnKRoMOWNrJdzl5G9TM+rGcDS+p7fjYXfXWclXOthHVUaA65FiJ
+  uvxolKUCgYEAyF5d0K7X6UObs7LU9MV74QUdhy+wyoH60MnzAvYyzpq8WSfjGjVF
+  FlfYjyvvQvvRVRTMg/jMOMVVZECNh347j0oldzTxU9xuHBxVbyRIspXslwTxVZjF
+  PZoUXAPd5kEMTn5PlagI9WPC2KXPiMVjp14YsS7/3Qp4TISQES8BUZ8CgYEA1ut3
+  RF47dfXGRt5fw3vuvgZfNaQ3TRzwq4evEF9ZP8BzpMhspBqxTlMJg4uNkAeYuLj+
+  hrGYtEGXhEwyO0uj4TmoOwEf2+2kvrh1kxNWxElLqV3RokM3GYq8hqoaFeTek7G+
+  UIQ1i8xGJBITjuLNglqV2FCNFa4V9WmZ88HKBAcCgYEAs2bCyxFxopr1Mz1grVSQ
+  6VYCLUOHIJqmrwDSxAkaTqB/Gbi7/4BIvoujC/YDgU8lC+/Weidu+zm8jkm6LuHY
+  hCCYURanKTYJpMO9vwiWysewETvMtZ5WpCRsLEMOEJaXZUR1D4Nnmgdbs00q98P8
+  ySNYKnTxhMFWGvTqZWhX3vMCgYEAx35gAe06Yl9VwfiuiYUjce32OJOK5aBkYcQb
+  oyXucTfR4HZOKfHA/UQkw58pMzVp9KV7VUnKxh9QZnRX+CRZJTngx4xep0Wqs4ID
+  WRcNZjvm6Hp2mZisr5/RKWsBtarxU8UcNB7UmURvIxJIZ0xtmH8/MkBrBWHHbjqs
+  tc//FccCgYBSPPXIk34uoARzoWBhmpa76lPIRcfvJihPi58dtjWoVI34ZrO8GUxD
+  GAuj0jgHWunsM1HKgp6/KE1i/c1zz0lijHFmXFwrarmIJAJzoyAGtrZu0F5PdnAk
+  J42lOkPRU0PTvLtl1FrwBgeL1lfyHj9ena3jHK1et8FC4OpjMBfYXQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEArCgVYtqeGZpMlLBJdlHCLCq3V2FV0PH2s/IEUrDtvVR22BIO
+  BjUZzkWazY6w1jeJ/0jcAIgMDw++/vCaY8A7ZE+pogldQM7NZLJ3BK8vgLLtzRLb
+  Kp3IpPWz01VG82lSk+vdx0R7e47weJWNXuIfa3bEdS0XA6vIpL8x1KXVCLA4YBtv
+  5yP8kZKvOjvtaCTkc9N9J7lhS9d82CczBFZMCyRjQxzg2OxWTL9QS6HeVYqu6rmM
+  lHUnndtG7br6f/p80PNkN3sePLRkDo0ns6ZKCmpoAIlwRJ3ru/L4+i8qNa8bD/5d
+  rqnOFphIwBEvzufSuh4MxXbEh7e0Qt9/PCmDjQIDAQABAoIBADxuUZuCvC6mkC09
+  eHwVFQDl+betji8rUHs4ADZ6rulf5dvQ8qVRLH7QxhdT+FUp58H59GgnWXxL/bKG
+  CNvtFawPnq8ndFmUflrTnp3BVP5rULhE3zQlcNIfAYG0lJRLK1aLXC1fp6zmrxjU
+  /mwJGhhh93JeYo7CVUsnZjmMAKzsgwVLhYZgV4k/Offv1TqyxCn1w3DGlaDsPZmu
+  uoe0fiG+qqrLdx86MwB7kk7EOCvmvv2k350+ht1cMNyKKch0DBrlo9bq4v6ZpwOX
+  rXbd7RR4LpbjuNgO5EmajIMBnn6Y/mC1g/jFxgdKCTlhfm5uMbA0cj9NsFQ+B96X
+  CPzLewECgYEAwxRFf9CbrhcORcELcnn87qObecMsDri5jrofYBxonTowVBiIovht
+  jp+IQTtnwx4b6aTx2U+Wayww15e5Fdgq4nE1hi2+VUw4wPRAZU1MSsTkZfwA34DQ
+  /ankEZvUZkeci2uPw2gikxUhjncnzV/d+e77gtHP/gprDYDlZQE+A0ECgYEA4es/
+  5purZOf2wtc2Ug/zsYYVs3zVRZUnoMGWIz7TrbNmS3x1IPKQRUsPQZpi9Tw604MY
+  0hTIylrz7tgBLWosvQFHXjcnZ0ZF04pOhzFVVcmZViq+XHzlTr7HKQGt0bzH9Yt7
+  9bYRMqXbc+gXBchg2wDna/yfEVZWE1lf6tlVSU0CgYBdji0+fQcMWJZJsakRv5sj
+  v2bi4E0SyliDMJO3fihVrwBadGGi9s1j5vJrhlfe5WOxi59I/rg+sbTC0Eq9RSxb
+  6LsonGt5cNKPBxSTAJ0kBoUau96XUano3T85iqg0XQegfXc22YwrSakML+zwu5cz
+  M/9+36yGQuzQTw60gAIDgQKBgQDb/H9UxvC2aUnXoEi8z9u0WaR4Cm6COyNDXj4c
+  Q+lLkw1hI+fKFWh2kQhiETubIPMHUviwWJzMrpQpVxyOZHz77mrYS0yLO9pyipK9
+  AkTeLFirlyOWW+fOLecw/vmK6hCsAQ7LzGYis25mBvGkJ+JoXxD6Dhu2fiOC49yK
+  iuaJYQKBgQCJty7Mq/YFgvd3iQbcoTHHHe3E3fD1JQjUr9/GojiQzY8M4WVbI5wJ
+  nK2a2j4tMogPfxFMRcAkrFaPDAp6ajFz/7lu+MM+bIojucrOIQTK8QYV94lDctJ2
+  MW9wlqo4IxQuhgZXlsuZMSaeQW/aSe5BrlWTNxrZAQotnNL4//gzwQ==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA5sgsUw66Q0XnykvSmIef9hNoD9qRwuAp2ylk7V2QTKXFN38l
+  DNlI2v3ByhqaXSi1NjHTOsUx6gpQEl1QULkW4AD4XhqB0INrHuEtQiu1MTKlNIAK
+  2FlfICuc+WRcVFtJKl0Z1Xpbjosw2BIOtsTnfA5crhx54dvE8vNaJw5/Nf+trdJv
+  BMxaG3yCBqPai6Km36944TzzWqo8QUoVWK2MCnufp95ZRvWaIPXNKh7XQuiTDeY8
+  ICvMlD8OFeNn1u5pWBTfPHtGJn85skv2BKNDkRlzdr52PaemFwHM61+TRg2nZLDD
+  oieCRMQs2yDb3Ah20gKZ9H82wUGnzOYe6l8FQQIDAQABAoIBAQCUEVpe79QR1Ygi
+  AwPbWSkIeOsLQPDEV46DTsuyf5VVmAYw1SKwW7iiyKzNPsRLgRLC8rTTwDGGN5eo
+  MLaXFCnZDsZLmjYv0iGoblDbY6+dISFdzcknhi/CNDlCyWFzvh3zUEiC7z5O9n8g
+  InXOTgc3UP+lth99CcQTHI96/5Ie0fQXGhc2DM7W0K+WNaiz71mAFCdQQZaiC4Za
+  uQzvDFFbFi2GvUH5wFPWr2aGY+Lu5Uw0fb43DqD4HmbJgIeHPPe06I+QcBmFjGd3
+  eHBzifFZ1uURGnAhlZY12uRLBZZ7IaQzQxy87qkVbVnDKEkR7rBLs0hjEYvBTpaI
+  gbmB7MEBAoGBAOd75Wn5ZOPQHL7rVTJSBiEgn+TEOOiEUiiudRUB32xDMLyIUeOS
+  6dfQVzj1eeajlE6u79UmPdv8o8Np/vtgygK+aujgvA92BM52/TIyKAi5Hnc6qLCx
+  TeBWW7Ov561SBg3kiQ/KuyS9Cy+WAYG6kSBLh+P/6NqWJLXA+FdGnn5nAoGBAP85
+  PiywyTwFC48L4ldQdE6EVd2JFuX+RSCWu27Bal8NMFasV2oRjELCYKQ+UnjisEEY
+  w9QlffbJGJIfxMIjHo/9N8SGnEeB4QMr6sWAsGMmP/XBvOyJlpuZxkfCbAE5b3IE
+  yU9PwXecoIsyaCRk7P+q48tABYPMRIttlVEp8sYXAoGAZ/FmTnPCLdmhTsl1dCcI
+  wY9YvOyvcRkZm1LbGBfDL2XsWHwN6VZq0pGm2NjBaCND0SEUaG3HkSSclH7gFBie
+  HSVL9E4VpAumlN8xSnzjJSea2obogI7dHUMp4kG2kkkmls5sDT9HUXPhtfhxrMMN
+  r6a62lJrSNvqmAKSgP4g5TkCgYBemPX9lI0R7QDKxWngWRay34P/98b/+k3e9V+F
+  frURhA7toTVJQDXPrMIrPlpNKiCQEEDNShQ1O3Ya+yFvn5q9XeqksgwMyQwAo++B
+  wuAd79h3G5cNyTWEeOuwP1TO4132UeXXusUHs4sh7M4C51Gctdd2x0UEA9tIHpbg
+  nX65gwKBgEuw7wQ5O+LEElmr1LtjJVG13YwshOobAaA7AKxp/JOnMcnU5KTuOQpw
+  bq0jkmIajBev3aKLRMI8vozJ5pUa45dzcIX7xJ9LYCojeIRa0JywTZFvtFCj3OPk
+  z/kpSEEtAY/7My/MM8VfvNnqGmuGeRpMW7fjGP5kiYuUcUJ/TGQ8
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-pod15-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEApI9u4dtW/hMk2jbZeZFkzaOfF5bLgJsj1XTfiRoQHXB3KA2h
+  5J9CjGbHCX2BqpDeXI0iwV0hTr2WwkY4bXQnpMrc47W4mgUb5jYy/o1/UslMrOXy
+  hbdNtoSK3gaJU+4kR/P8ekblRSFunGkAaSvOF2hWXnuZe55G1QT1pk5YIAmBajqG
+  nSIch6ehWhWOHrUhN4tYg33iQyUvaGnulSeiwSleRBhXwkb/RfsAW+D9TpH5TLHJ
+  pHlJIYakrXHTR1ev+lOXn2Ox8R7Xtx9q4ePeg5+8v1uGAKUymyksasJc8VEEdBq8
+  wUP83FvP+WPfXqrOnZz9CifIkQ/VJFB85nySEQIDAQABAoIBAFLHUCjPFDCU4rne
+  U4GCsOl8wD+2fEICSIFM3FF0Sdz1QQtl6CVAM9K6tK7CcqKhYym9WVlZhrK8TgUG
+  G8Z7YqHT5k+pjuXzYfhpFTfVZ9H2LtrehSPcdHw2qkBLm3Mb3SZQxpWf6h7fVWva
+  qfk9rts5ghDfLfLwSINJjmSNDml2cBBQJO3m3IVZqElKIr9hSVg6HF10YcWGjHqA
+  SBTN/Ybv0yEA/VHlG3QIobwG+zHTl9wu58CRmz0yNewX4+dm+kPMjaoP5GM72T97
+  G8A/tRIXA1NIcII73gJXHMqUhU4SOtBOLYzqSfRfc4ihsj7S4lQR0g3gSLAgZ6Cs
+  QYPKlz0CgYEA0tGZHggbxiwIGG9rtR4nLJYumxBzC+5MbbOmKmEVVoRkwxQtq16c
+  RXdGzCKjlzyLFKewmqNCRZqkTXcNsnlP+YHGX7muLqjWy9mETwcFrvXkiHubmS0h
+  85kF9lOwBjpBP6qXQV9K4QU4NABPqDVAq7Rp0msawECrYIlcozYgUAcCgYEAx9Pm
+  2CV8KlOnkSf1tP2Cns3Eyn+fyFDSX58n13P4zzNOnIA3mCdbohNRXFuGqbk7XbFC
+  mW7N60zxhWADypV92XiViAvfEcZ/WO0kPjDFtvWfhHpzWkn8Tk/uBoOm5/gNqEy7
+  fpbNTDacXmqdPl8qT9Vzkj6OYBkYPZZVQ90yVycCgYBW4q9aYzkfKZKEj5cyZCT9
+  CUBYBCWGK0YwiDPZj3191L66b5yK3klFj+0LwNLvR7KCZsIwWUy85wkELCbnAXxm
+  dofNd/dDn643AYS4FUrQWuM/JMJyFNnDTbPZW5BWYLf3h1UjSiTQLJiHRgGOb7Qh
+  kA90+1NhHMYE2VfmpC4ZDQKBgQCPKRjxManLCTO7os09ZYH3E6QxD04BzSVqrDN2
+  //b5OuDO7mzl7QyRCRX4/Pl1DuehMCVulxufv/gofak5se//pYw7c4XUzkjeBMc6
+  Zua/NSmbV77cqLTBxjHZKOiit+vQ72hEQPXD7DwKyIbu8G730wyBcZ++6Tuco99i
+  R06RcQKBgQCYhpXKERi69BQ5yHJtl6eOu8qP4oF1KTHOSdVGbUkVn/rVUhVh2z+8
+  eo46X3/9OVWcSgklBHy/OfKj9PYSEs328R0QI2BiVS0fb5ijkRXITizQYmJygIFt
+  F5uzGVhQup7saN+QanzArCmv8WGMFkGvPm2SgbuFyT5mYJpHcD86NA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAr7zaSPZqGVfC/L++GY6OJ3YRWPNLkQ3nM5GRh82Z/aPpJyqW
+  TxVHQ8kvNOyGxXAS29TBNU68yT26Y9tZFqI5UviHWfL6i2++lWUXwUGLs35rQK0l
+  U1/+1MbnJ5nbKQsWsYxsXGzIPVDX+CpvLVHPxAk+DWxK1Eq5nJzrOBFQKTJzrWJQ
+  5S5TVk3JKVAOalZaUawZ42y9fphlkpI/oG1wYOpHy/Vw6HIhb2bgzdfi4XMLQoVZ
+  FDz3jwJ7fHvhu7xCPuy30MT5RCjG7y3NGnPRF/OJmw/kzgXtZmJs91uhKwerhJUu
+  UfY3D4W0eSpGPIcDxBLDyC9IImUGQ6J05Fh0WwIDAQABAoIBAQCUMBylT9xx2FZc
+  yNblOBdY4S+JoUbEX0PpcUOVj2LdxbzSQRAUSa4ZU+mRqC2RCYttgb8WU3nP/FRS
+  5eD+u/a4p0eDKufocmb0FRXt6XaC+gQ4uohyAM2i4MKE2zE6L9aICxBI85X6VlR3
+  OFkdjxIyjVSc/wcucoCHtq6GTdsZkMJYeJkuKqJjGwpKD7uyNAPIe6N1Xd736eL+
+  0HKfHV+GMkGBvFvTCXICiDA7f3eyh05OL9UEnmFzrbZLUHpBy0sXatEiXE3/bidh
+  aBRCmvfviMw5rynXH9abPx1OB0abGzskMy/QHbs9+KbxQqmXY4HFGZKAxTqZpQDr
+  r9XaDKsJAoGBAMl49N/t2wFvvr63lQ5tnHULiZCBopLOGbvescJzxJCzqlEoDacU
+  g43Dv8/Ir9etGYk6lYy/Mp+fYJxiF6BNc1qtnYQZSjDr4v82i2ZiryJMeNlBGAmQ
+  SKurJIynkOjQZ36KcCpIlpzVowlzQC3Ku4HjUo1YoLIrLv7Pi929wTdFAoGBAN9M
+  2+gujvDfJ3onauESJv5BEKt2ZdBLPGbMYVZE3SumZ3l5Fr1fyF0vNQEO8QFhE0zV
+  vnxCWMry6UoL4k9FaR5nESc2i03/+BwURAD8v4r/fQZTka1hDuKrbsEzKmY4Sofl
+  J1iGg9qZZ+fHAPPQ4QdZKeg9RzjYirO4QUtCPmcfAoGBAJniWl9DpNinCnFPdXlM
+  vYkk49DNQ2iQJVW61dlpZUUFBdzxE+R/JbA9SJ+jcLPykiOf7KRRUZBcQoWP4u3c
+  2nPzUfGZA3L0aTB37+enDo/LCy8dqgd7/hWpJcSNJIC+1Z3wjZWuVeO6xcmtDuMr
+  Cyc9g0tU24DavQ2BZxpaGl9lAoGAF68IN/UQNh4FCuC5ZkvNlPQDt5vkKpaAPor4
+  2/SL3MBWgzzDm6xYDQIfxg/2oeXQ7TpSbM2Aq23eLntaMnwzLQVTfWw8lDZM83V2
+  zQABtNVqRkyAy/naYVI7egRaP+NCjG1SogIKZBoXOi8SO8nwxB3B4x70uePFulAV
+  pMzO35MCgYA2+BkZ++422WXjDAAsRN2XK3UQOH4iMnLcmCs1qsy7r8Iejr0Qxq7R
+  a/ZAhBul9k2kCwASWCtnZeMUbCAuJQ7FOjrqUpbfU5Plzdwvv6Z/d9qamYXFRFE2
+  noIvW181do+yULCy97YZnQel32fSEJXi3MSDBqFCq2gBWtkZObbiTA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpgIBAAKCAQEA9h/fuLJEYQOd7w5qZtwvXzziwiwIPNZ1S+AR+Lg1L+0rQWe0
+  rf6s2BU/yt8bXR+xMeeKJdSWac/oqpAbqvyDmLJEDOZbrUMgIg8m/ST7AnEA8JZg
+  b3jTha1DWKPkxcodBhoBY/vb508t4NmuOLof4neZ48u4+6wUoN4TO6jtYNce7W5X
+  OGf7+WvK8d367a5Mq/9ajecQygDs2vuijHS2HhHM58nhsfdb/JXAsRITL2R2dHA5
+  cZ4rSMLfeKCUNDPEPKxv2ZWrTEXoWhjEaY+tQ8p0sWWM2wpc1hF2vpu5y5rIIHEd
+  yeT9U8bIV/n3RhmOTVEaxHi23ZgWl8muuPIH3wIDAQABAoIBAQCXvrMalp5eCfLX
+  rtWfMWXrnAhamvdBOx/6dd3esQPp1pnyq1PUas56My+vjrq6QY3oLM8Z3+YUuuDC
+  ODM2ypUAEfiu01/2hQpMtXbeYGx55t4jdzNhxuby5g49ml60K5aVanctA91i0YiB
+  tvQZeXerEv5IWhRk5oWZYRIOmGoyZ3nYP6S8kyvUzhCF9obn6IQImOBFkib1JIZa
+  N5exIYutXigFRT9ag/XH8wM7+/qRpXTHsAC+6phey2vYr9TjkCnG50POMDViBfJk
+  4x3Ns7nDiOjD0yl7p8NSLgcGke20fN4aF14dw+FHfNkEeKX+DtZAMrBPV5saJqn7
+  A19fRMdRAoGBAPgAKjdQxMoHhLtidhQgg7mOFZagWA+1gs92YdZjdbIIhwClXuw5
+  n/lnJaUd5KRjl6iwS8uZRuPs4+eBSB6EJVkm6AlDZDL+dN8lT88cJ0sQ8b7Um+iP
+  WBVLwmEGfTOovm0YfsM0jtr9rBU55Md3toGPnGhBlw0urtHOdtJn8IetAoGBAP4Q
+  N4+ghrhMvpE57kNwbZgQdon3WdTsu6z0f1PaefYW0rL/D7VQ/QYIUwg064aBspV/
+  e9iiOcJJsFi2Jz8qpTMFIr9T7zoFy/B94GvWhx12BqRsBoT+ABAaczdLawT2IIyb
+  rE4bhsXgk45f82Oj7rl4htyXvTeUNs3XmINFQi87AoGBAIJe89Job0sVcL1hIVmr
+  ThP5kXfBiwmXDdEqFnyxhGm2+eFpDeF42ZQumSeX815HzK4tH2tEhHPFUHmfCN6h
+  8VBQl6Jm/wGfqqiz4KSr1CwuGCeNdPhogpGPZfvDgYXqq1CGk/ziYEbXG+N8r7v8
+  PsEVUc+sy09uvxAkTWqGoXdxAoGBAPJGRLWSPuZBSPj0ZWGqNNht2px2ZBPILLAh
+  98ne7a7e1M4crL4bHS5DgeqxjGgYBlTJ3TAYgzvjSWdPTN3PrPmaTChnwhlyragI
+  YZp0WSSfCHaDDTSFg0nX70crhEKW8zMiwI07cqoAHrYGifLawSvc4744dRgrHpfs
+  oGOOCC9BAoGBALJJA35JqxMNp9TdYNuwkBNsk52gQpZEG4jlLFPlAMdNgiuoryTh
+  dF4JpqATbkjIblIqAOQgeXOZndcaDMY6tXCewMyHvX76aCgh55tyCqNd7k9wU2qy
+  aM0ZgtlPzlkwKjHXt8bmgPK9Bd2/klaCVi5gXFEIbvQx70tzjkjpHAtx
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA9vueco6nzJb2Ta9b8mExi1LfpgS08+naEvuDRKnb1FBsjZFf
+  3sQsVkVIu+3LcDUnY7BCdiGglBZnDE5cRKYp0735fapww+QBAN2OtQRd1uy9oVDf
+  j3H3XcJYumSU/Oc/wmVwvPLXHTkkrFBxyDJmPCXEV/yXAueMJYcD4pOqIfOKXeGT
+  oN4eHtvmaLA8PcelHK6nqgE0w4msN98e4dkICerNm8G3tqZS0gWldxeCRHR+po2S
+  szXPLY4F0Odtb2Sa3YbSW/TI0+wHAFs855cqpBLXTZYr88BtjU4PzrlB65kWI3Q2
+  CA3myofDgST6crvrNiwYuLGDO2lUybQMjf1ZmwIDAQABAoIBAQDAGcmN1MNS8AA3
+  QDPF/C7q7NSjbnnIVZWWuiXJnEwtgThNjEsDG5ZYq578/OIFLnKqqQeollMtm5cf
+  DTva8VsLJHIPeignVQoqwCklRnYumwiLljmseroqJOWaZG01oDAJZZkgfckvI6kQ
+  lalKS1kVY1KqFP7n9W0eKzusWao0qI9Evj3/xy+Xbbd1tw1tKt6cQXAXIKybVwVf
+  28iBKhMGmxSxsHvDs3J7meVZ8hsFFaxfl9oNtQ2nASFX71YlG0+mbLSZpEWMsplD
+  A/u2CfkVnbW/O2Pmpe1mldBE8PCLrSlFWHpu3GP0CGewPEjaF7ob6lffKRWoW2j0
+  uWSCajsRAoGBAPlfhqnINQUQ8PYSx1+WE4lm/QjYn9p843yzyN+q+2AX+EyipnNS
+  bpeBrpoLA/dkPwgg6JV7daJpJTZBYgzv5bXSxgQ+UtWUPv8sCSJ2MQwkwTUpfGJJ
+  hgZrXnfv6hp8H9eiqAb17423njqxXnni5zfiaXkp71nMMg4fTKID3PDfAoGBAP2L
+  1QI5TRreisUWaCDDvu/pKSgCuWmky+27Ly9o6fMIfHnwK9KtueKh0+vLGTZyeySs
+  p9LK71DvxFKvIIqcmMuUuGm4isMKhUFVy8bYBgJgESRSKImFiXtPHolDGIfOySmE
+  mHoLhnvI9DkWJWpsFxexJnR64DsBOZ6sZqqsccLFAoGBALdc20rqMLop69Q0mK8b
+  TgBBXxtrFZd1L1yZYcG9Gptc5LGNA3FWkoUK0RTptp/o8UQL1plbr3Kdd8Q+LVev
+  6itY8UtbfFMZb3z3pzvUxlnUiNCLUa9/unHr7wmnum6BCHTpYD3GBsAg3NLxarOa
+  +UMpUz7Ja/qOX9vsfc+/oWznAoGBAIzBt1RPuWWETGfT46Tk5rhLqcSDlql2ipwF
+  AdIBHXgFqw0K71k7humxS3QowWt/rKuUimq0rJ0zLrt0a81n2E+U1bgjci2LRqUZ
+  21IdlWB2Mq4GSmjmUIe7ScmMDS8/9l9tNDT09wj7a9HRYJ4vOba2axHZMWiwamuT
+  bD+uEk29AoGAbIAoQX/kPAEGCi2uhCrMMD4If7X8Tgw+wMN3gjRqtGJPpuaq25zn
+  ZVBwXndiInw5UMOW4huaThSIE4T5NBJjc9i0W8Diuaod2W68/Cc6MKW0evM1wrS1
+  nKJX+ljWFzmx5xKQ7Blp+me8kdcAHZ3iMQwMde53jRZC+rkICJ213cc=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEAmG6sxDuVQCgi0PKePzh9jvZQv8r7WL5bSRy9fOQRWzlVJpEg
+  1+N1ALjp4FugY0ySghHLgJbOjBFZC/mWZNWMucpS10DK9jdaxDMqi0MBmmFRAMOF
+  mn9/2miQyuB4G76htUlGf8UA3hfWk92xzRrtGR1N+uWdBZOOhpqqiyeD+46bNLJV
+  NZMJqk75/9H3WclbbZUt0M+pYN5A9AozZ1MJowloZHXc5cyw3XPuMI+WC58b2pUn
+  C6wAp948q26OW7lxxwIIsIlZ104MHJx4goJd+kzivEyAMryihQiUXjOZ70oVmTdQ
+  DNpCjITjANHzZWERuqSwfLZL2U0+Ee+X8x5oswIDAQABAoIBAQCXOtZ1KZf9utQv
+  8UVG+8i2GXIrljqf5Nu0QatNSQhfNRZh2QJ4rdXbDZobWUxauBFysizwOq5ZEK0D
+  0G+BQs0HVs+xdzrl5C1NEmZXG/dvLrWqyFC44135Vlywqtr+y7aroTMseEtQDN56
+  fSx1jQ1GKWjATyXl7mss6C3jOSUcYOtdB8dG3eYWOLxswsOuQsgt+Vf9WmAzZgvi
+  20x1NVBCAa7HGd0bY4Dei1Te6Oq8O/aYvkslzmMTPc+EuHqphwh9mD87eofiNrE7
+  m2Te31StkuzQAsK+QjD0VHV7h3PbFLLdDQIEpReoNI1agRHPwVHD+qawRoMDew9D
+  adhd1FEBAoGBAMi+B9x2hIXPudd6slQ/jmzVg6dvSkNMMqEq0NJRWWkLMl8lj55/
+  kXb+S6el+gXelaFXx4FaZ1mwMv0KmrqgBJiocWd/7M4ke750hN1YkZTaHGgkSR6w
+  +QcbTMI+/B0LiZPD6tiQ9ZpHg+SU2X/eskovL/9R42qirLvFLD3xCc4TAoGBAMJk
+  UlrUG8WfBkPm6Y2l9h1xvsGWKSKOy4jSB/Ih077FWNIO4M8861ibDs/NAahouxmy
+  9dLIDQn9omMBmuWZtqK0QZ0YonQ+zeFLYBjM6RIGOIhw/SYxMEM1bPliXebu9ozR
+  sVO2IvGDVm0P7H8dNxC5qWjB8kk6SdDQi95lP87hAoGBAKDiDBLYuaU0slDL+Rgk
+  R9VZ2cXbH72H2Bvq4KluoSXa32f6BnyU6NRhQej+0L7bgThpzW8SMTpkSLkcQp3H
+  mWdvuFOm5vbfrn0ZjVKIpUSS+alNS3zZgPv9GSukpxHwKTbQEeu3Yd9f6YjM8vPU
+  WzexUdpimszfy2hBwg9ymtUZAoGAGfZuLWVg5C8OFimUDfAZg+s6L/7PNadetcJf
+  f05XSoZvC3cjPWqEgEwNWWGnFAgQ3SjSvjkrzKbMdm6zcnDqPKbYkJPGtsHgm3OG
+  vSk5A8hC6q40kVJGgON0z4X8xqgp07r59RVBa4JAG8bhrkSHozs4zh4BLxiS3UnN
+  NIHPWOECgYEAqSrXd1hAgXy7zWvM0odgHZgsisOBVc63RDQHx0XBJS5ptfgR0XtE
+  //2NvrEUaX9K8zRecnQZo/oQ6SVTSQCSOkniMP1s7pnbUnoXedAsU7fT0rr1T46D
+  QzrmI7RI8RO8FoFFVD0Z6jCO06ZXdBQVxBQV8Xn/h8EWMJp674u1vv8=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA0FdwcgJFYkRLddOfFAv2qO2B7+6MyvA4r6PkgpPzcqTunu7r
+  LXmm+iWkrGktTZXR5GVO8OgAqkMdYySylfwofU0jEc8r5+1vg7qSNNf0lt52ctwb
+  U+SZIZeg1FL6ASAJYpSpP8ACqLfwnCuY4gydbj8H7BRCwcnVslcqwc2fPzAgGIX7
+  Jxl5D+Ex3gN/iMFdZvYPpQgL06iaf88c97lArkJDJjtkDTHHE5P/mMgQzKpk94FQ
+  Kl/KZDkvzQs6wvQZ4vNm8OakloPaD7vOohGDsDh/suGx66OrIGJc+UWqEGIN15AH
+  M87VFK6tNzd6592L9Nf0ZYES4/jaHc7fCRIJxwIDAQABAoIBAQCIPSWi6ClHITHX
+  UxNroIcj4Gxf4bbf3kazVJFRcj54cbI47DOOAUdXvNX6iKy/V4FxwW3ly1DkBg9p
+  jc3alpJDnfWY58jmWTXbBl4lgDLJlaAPbC/SpGIevXDGZ5xkr/ZzKJOkxIL4oZAO
+  D9Rhva4VMdKUZotg/gNoI+gp47SHNFraDtmcluIw0/OnnONkR7HDf0HKlZDcyZ5N
+  1apB91/ujkdwGVzFgrgYLOIeVJkjXiUBg9g7er6T/uW94A/6LrnkEONx/JhAGk2L
+  8Y8Y46b66icBlpTI1Xa1TJ4Fq3qGNBG30q7tUdRR7RFYUEgRpVFXWHtg1DVR6wLA
+  0bCG8iUBAoGBAPL1lEDrUmL1FERNCAHi30fy0PwyMdDt5m2gm0J/kFLeKUxJUdeG
+  q2cGsU+EMK52flAtK2Au1GBj0Mc5gX24o2mq4EzSYAZ8VkNENIhg1biMBeMiQc5Y
+  yOudCbmvAdeLq1u1YEHnGyn6HcwqsLg+NGgxiVl4MDas/z4st9H7gYexAoGBANuG
+  MIv0SLHMraXc9kOUIqgw/yYG731CyWurI0U61pQ5DO8JEEaeU4sKzQazZfl9dUpE
+  YYoaTV9+6ugwfJwNnswcSxCLYvRU2K8U76AIot91t5gM73cxsCv5pjnCurezB1CG
+  /iyd/A6r4XpSDFNOKZNqXOCkTGETj+wPK38F/373AoGAeby/ij/fSiJPA2ItrvRE
+  uMJcIOHtwChUG34sDYfpgvw6aTUbwwiBfeAGnDc6RVCuPfJEF6+fTqT1Cb4wuhP4
+  HYw3U4beAqHuf0n/oI4UyKGwmXyiyIgINLa9FsMwAxbCx/L7xknMfJ4MrC5/2fGh
+  RMv9bE0iq2LHihnSCW8iGiECgYAzoY4NfLkUSGWXGy84mcDE+jEoin0NYwXosumq
+  wLnzRq/KEMGpOle/3hx2tP8I/P73JroiNyl3imxJjA3izjlJHGZzT7VIbiRAmZX6
+  d82G7TLvKiuwRxl+XktATpKH3i2cPQPPDqFX+gkgMegAN+QDbgLGOx5Tvrwc8zxx
+  tcFv5QKBgBgMzClSjp0iWkbdNNoUA/tdVSeGgZROOIQrM7AXd3ZApF5qXGp0h6Oj
+  iyfiISdUtuPD0xtjSQnsH3c6DS2c1lvCmqzc74BRb6O6CH4XOXhLhwCfEDSZku7d
+  Zc5ec3j1XNop6fZAXq2AfueTKIH4Y1NDv+rnKNBpOEBepTpR+YTg
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node1-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA4+lsZNA4n+9Rd9qk/yYx32Qgq9He67r2blY6BhGbffo1nA+K
+  tQ7mhSnwYVO11ktp359CUpADwCiX4+QuS1eBUUXGjulBb0YBjMlY5Kz25bTHjF4h
+  kpkSaiXkvvRnfMZLn6ezY1Sdi9EgYSYcHgjKg2CZFvS9OkSJC4NSNMYo43PS6jzj
+  BIQ5ekucdH4LmGbKgz9y3cC2l0vXj4ZtWufmQjYudULIiJ0qliQUzHPMZFGxO/+n
+  i2i/a2qYubqyHmlirPrXBhm1bKkUEdPiBjndwdrN/TSQQsPZNleAezKJLfNwl3Fj
+  zZ/8KBmKKAFvLM3VedMa/T8wDbJU+wXueyqBMQIDAQABAoIBAQCvOP0/HN8MB2Cp
+  Nw53pBPf3glIUFiE//8KoXyGwe68Eiw5SbGotkYAx1eqXEOG9//0D2tcMqDPkeYF
+  LZ9yCVrA81ZO9YJ7XGVAqmSPm3NO84gfoRdKsCj6NxwAu8L8qS/nFXXTvnBJ2IR+
+  bGBdrwCTtSa+AXeiXqLGmTYQoPE6vJRV5G7NxO2mmMemAI0sBvH3ri6FtF9da1nm
+  vJWJzDzptjNdd0CE6Wv/y60j33dbWGjABgcuZv9FgeVNQcpxW4eY+bHW2pto7Mp0
+  o7wEQPWHgesE5YAam2zN22T/1eImaEdahgbwrq7VuVa96fCq18kIQFFFDQzH5zsi
+  emyiySSBAoGBAPKIe4Teu1xG+amodjFV6KEpjGQxmOyG0R8L7rG+LqT+ObVtmsvw
+  2oCtgsYJSmmgFcTsDAGz59e/t61rlj8VKSYbIZVw4N7ORWqHZk4mZGF0obuFaSYz
+  AyVjb4F4QIe0ZHe0kkIRnIyl9jga+LOHeScHqZO1LTwpRUMgRtESGa/5AoGBAPCR
+  GrHGsbV2B0zn2hwFueQjCik+2myJ2wFCmNGZkIYZpcTY0Yb2O4+s8VsKMBYQIcRL
+  PjUJRh893e3Mk7hKnDQ24DkN+DBwZag2ZBqOPeq8K2mO+G9gH3Olqn57YCWbm5BH
+  dCyK7150h+B6ohaT3FvvF3aw3/A6spRkKdie5xj5AoGBAJXGY0Eyq1HZIuT6+8KL
+  4xVjqydU2bN3rj0WCVoKsJODy++WuDmpi8ZbYJ8brbB9A/SQMPn8N/islKmr/yUF
+  1FuL9blr8/KkP4oCA9PPMb5dYGOFh+HnLtIwDfROZstnQ4QJJylV5u+UrfEH9v4n
+  c1H/EWH+SOkWM4e4rwL9wo9BAoGBAM8Y6/Uti2EfOcuwMWk8WLqYm6/ERz93Mg2U
+  qoCOhgeb3sRmr4JTShU3GhR44cqsmpUk/WmlETPmC78jBex6dpzQvRkA+K+iozE7
+  mdPurkj9MxZNmXwwMQNbFDqMtcnKexKrIM0T0lvrT+olSJLNOb//RaDNRgvGTGRJ
+  EmlE6sfpAoGAaFy8xWaO0A6geRMg+z9ZKWbeVRC4fVPP249MGeM0FIiiVpMcmZ3Q
+  rES9kUc5z8AJboF1454CVsg/niRDZTnLSPkSaa2g5KjmE8JleSlsYHqKFyxK75Ae
+  o4sORykMSWETefBQWw5XsnfBu18oMzXkcRJIXN+q0I75wNEioiXLSNc=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEA5jO2dA0/98tgDrwtgiy1gC24wC0s3xP/dmiWY6t0ma5Ts9R6
+  lWRKjn3bVdI1QQr93F1RghCztc796WNGWJnDY79mV+b+91mj67mqlYLy6/piiq5Z
+  KLbTqph+LuEWv7mquV5sH358S0qjDxlxmNvtWvF/hSX5LVC6Roj63kAcsloxWlKT
+  DevJeyESrHRaRyJO3uHZWD7Tu1pqiXQ9pprDhylC3QMXdUj2Bj9kPy/2zholCXfG
+  RLjbPhkBP8ppGZyOIj+BAFo1iN5mU1Bc6N+/cDUe7dOzZnTkJgqiiCSKBi4cT7x3
+  WFvvcNb1EYv+IiWNsSDFC9gvWOhyHdL9ta0v9wIDAQABAoIBABg+Xfq+4nvASW+D
+  1e8dske7iPeESnN78a2QujXo+rCssVgBCp/tHgT/sDfLmZwuAipREaJ3C9Yb5JXN
+  xLzUBMXehHLBexylriPHO/XfAqJjjjk4v18QUh5nTPK29eRfM2GuVgjDE2gChkWy
+  0knc75RiVqG5LBLfq55+Ep2RdvQ5ZE28jE+M0b+u+EL54rUTcWZqu6JQ367JlEtJ
+  Eklh4YKC+v3SV7W/NQNKizSicntM9cob39/A2ByKxelqxMK3dbYlo/HHw88tzd3X
+  ZCBHciFXpB8P6TOvMvWbVgB0Iw6VOwMo98Y7Da4njJ+I1Dp0EoDpG8BudtGc/KpO
+  4Rx2fsECgYEA69a7f/jv/Hgfj/DXo4JLMo4l8ZrMFhjn6d3MdVrfUzE5nwyYcCb4
+  /DEaNLE79uQ2L23MllPznFQGXcbmX6yqJhn7ksgq2ARCVLWw1wOVfDacLEkEXun4
+  S+UAh0KNdT3hVchMsJ573iN648Ls7Iky8o5SF62EIIFdp1kyKzOH+bECgYEA+eGe
+  3KESAc9sVXv1hVQUN+qB0b5RzeSR/VZezcS3QGZi3K53Wx5IdJWWlzdldK870uz7
+  5bLgZrLGXP4rZIoXji0VV1sinw8x4F9WmprA8AnVRvZChiDulnGeCevTVaoY8A5f
+  kfBLMFbiKKJRe9oRWxS6LbgnbbeTwfd1mJjcBicCgYBCvhN0JQwtxAUSpFMyh+Ym
+  GYptdKR7QHMpgUaik6QOFCk9dMATRURDgtXqwZm5xl37UDSM+pc/z5u5oFeEDgZd
+  IA9NO+68EYCAHqc8QlxkucO62LMu9UH6oIVkwhXsbyW9NCFX/pIJjLrziC+qxS0w
+  7cwXvVheJp5NhPWouj2qEQKBgFwSekqpPs1T9IL7Ddh2xoxj6Dm0esf2tKQ4Mu52
+  0V71WvAdiPUWD3SFuds2GjgIaW6qy5YzduPgc57IOIzvJQbKLdbmSbd6DdKyzmJh
+  Kz5HIULoclKhx8e/TZAySMiDyHSLl0Na2xmQqfx28rdD/qkk1gUKmdyfi94opDf5
+  +vh5AoGALpHGKbOsezTQ5Q7i5sfJdWZINNy2VfMsemsrsFo2glUIdphMRl9+6J5C
+  SgOQUweMO4UrFStviYjMQ/OYjhAHVT1kDqBTfvjUXgndojjf55LeZYkTX36PZ8at
+  GyFXzTpJ5kretXahQF47L8bTSvkAcYvnFKsmq95pd52G+oYgKEE=
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-etcd-pod15-node3-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAsHi7aYU3sxlIsVQDmhvZXt2gmTuKs07xIqY+iSoFaameLZj1
+  vz4yHXphsahvly6Fh/HUeWA8P8idCjcMKWETam5NtES1vrolZnxqE50w2fVzbFMX
+  xWr3nQeFWZNYqYJUSciVEzni9XmNm2BU8Lb+Lj0caITkZwb8x2hXVtlpic9fQPQg
+  jElYB30fe4mvvDe3dd9jxa6amfLPAdnY2Q9leIoPx2QiFmx5zhx1yImnq+gDVZi6
+  Fl1pncl80SNt6K+/Ls4/S9KxDmh3bkVFqcv0/xp3ivAhdKsT+XfXh17gsv2rJTT1
+  a7wM9smPZih/Fwbpj52Ivy2oSBDqCJ8C6BHq/wIDAQABAoIBAGI4EDc+yi2ImQj5
+  dbfEYEuIluYyWZRLD7L1TEETfke8/CjsxXpXp5T4lH9I/DLs1a1AT73ubhoiEiWp
+  Vb+CJEhMdDstMuqguEg+Xtvj1Vi6YC+eX9ClJIPlt7aPZ/2QaFFYroAw670slkAw
+  cZY4g2hA4xrZPDaLkQ17aYERKMhmEbzLOFDDj/jzq9Elx/MAewOjs5te5JYpPHii
+  gLMjfy3CNaejGi26+mcHe/eGHeRpW8Fgg/0EGk7ESYb8nhVB4oljTLny9jWlIlXd
+  V87nMlhqCtky0UUYAu2MjRKys0IfPL/npCZ2be/NtJNn9is7cmQnXq6YhPZF4ewo
+  J3Xh8iECgYEA43u8ETzt3qGRq3aGQPLnmeTKFmf2qv3IepSl5dbZ+bZ3YTSkyZ9x
+  4BI5fq+6Yv35/AfUraLY1IXblYX8Bq54TuhW+e6x2efcsHe9O+aT4ttrb83SZXmB
+  9QK/szlk4GT802xCX+b3olD7jkZym7Y/oXPXgsdxdOfKh4d2NGu1EK0CgYEAxpf1
+  SzfqwUMVVUYMRKSXEg5MhxApoglF9qYWJ3dNA6dWZhM7wOQ0LYaIvq034ynLVC1e
+  DIZTiw0aV2Upq26oWcP/IXMHEW0no9mz0hdyHhnwh8ISy+Y1gEhjV5mF9fCdN/at
+  jTG1XdSiJrv2Y7Tf4/lX5m164Ji11Y/+3ioZI9sCgYEAuu5MxuWImm+uYnXNMMXq
+  Z13Ias0Xt78/5OsNwGbjS/4S73/xAfXR/806Dc6dnQcTS3Wr4Nt2zn0IykAFr//i
+  wQTPpCXvZB7SDPj4OabqU3r3ODKr99L3ZbzShpZdPL//ukS17lS/nVRqwqlFOIt0
+  klm8+KynoOdwWBqKmd0ANykCgYAw/8lL9836RTz8Pz5DqYCEufZz1K8RBcy3YJ9S
+  uYLNBfqxUMmLfELLgMg4k7CYYfWDHXZ5DKOMSX1YVuODIthy3YMTk7gIuq/vI4XU
+  rmg/uRK5zE6q9G/66OFp+b0tw2JnLnv/vGYNcqtXd0UBsN0U+K6Rci3BQKyMtuyh
+  kC2HxQKBgQCEEUFt6EMqgXucPbIu7aw3XoocU0oyVpl3LTVQYGdB6VSR0KcqrsZD
+  ElIwqL9eCeZ5erKkJqvahBPUp5Py/WRkHGo/ARd9THbaE+MXHGZw8DDSUkrYryQm
+  nGXgNPr/exxw13gBTmy3T8sYkG8HuUL2ak/FsUNZH7NJJDV/3zWGoA==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: calico-node-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN PUBLIC KEY-----
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7X883U0mWqIjFAppzE7
+  vgLzK5XUkHLi6bxqtZ00o6yDC1hrLT1w1dAHfhipQssnnkw5NffApHx39FE8Jkkc
+  j+Vnc8VM53t6wAvpQuTLQDS4UQF2Hn5zJf8D5Ag7qaG7M5tWcVUvDJbGNnXDBPPu
+  pvQWkGQVHVA4Gfb/n3mH7yGGEwi2bo/uYjA/t33Amhom1QO4h1yz4fR5MBFouK0p
+  SdOCsgzU9r+whxsMJXNZnbXzXn/G0nfEclIzcHU1kpGoTuvTsFJUWYibnz58wh9/
+  8aW4gTSbcnwnemwZXi71XYoRh6BlDtPl2yCm8BKR3jr8DgWvWKRb5Mxya+/393Xh
+  GQIDAQAB
+  -----END PUBLIC KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAp7X883U0mWqIjFAppzE7vgLzK5XUkHLi6bxqtZ00o6yDC1hr
+  LT1w1dAHfhipQssnnkw5NffApHx39FE8Jkkcj+Vnc8VM53t6wAvpQuTLQDS4UQF2
+  Hn5zJf8D5Ag7qaG7M5tWcVUvDJbGNnXDBPPupvQWkGQVHVA4Gfb/n3mH7yGGEwi2
+  bo/uYjA/t33Amhom1QO4h1yz4fR5MBFouK0pSdOCsgzU9r+whxsMJXNZnbXzXn/G
+  0nfEclIzcHU1kpGoTuvTsFJUWYibnz58wh9/8aW4gTSbcnwnemwZXi71XYoRh6Bl
+  DtPl2yCm8BKR3jr8DgWvWKRb5Mxya+/393XhGQIDAQABAoIBAQCZpieqvLSF4Y5c
+  Toz6uiZrvLQgOFLYTAkL7y0sWmyBj2k3mbgHaITZvo8+vUVFBm6znk3D3cnGaKpV
+  UZ9zzAO46YlQDXCZmw0oqUD5ojd8CVDcFiSrZ1oDc5GS9uACV0P00dnuVwaV2ASc
+  nGMhRIJevr11Z9vYUUg0sZAcAPHC6E3zQfscau/IKu2lO6G52nF13gVl9731Zeat
+  V7J/WdtbgvRApuhlP7wFFy7mvqHvOJXnXlaSvd0cQ6zANhVJRAHmunYLy6kBHBmE
+  TiG7n+TMYdmDAYXgBeeWgOoM9JSg5KBdmGyuM98/LxYGM50k3waaxSZ2O6veu9zG
+  gZ/6e4vpAoGBANPtvE6TZPSoMi7nTTpJsXY/Wd8f9R+et82n2zlnnW9oXxvqUIRf
+  soHtBlD3smhxknRgH812FkM5oPYtIzA58ulpqtqnKGwSdNcXIuUBss52O8NinZY0
+  wk/1zG+SXI+/sm8pd/yWw9g+F5mcekq4fkQmCYmQfimuzXkIWsBYkroDAoGBAMqW
+  RO8kHFmnmIxXBv4ILnNocfA9gTrSoj05rnslYfyPD91n84iWrPzq/fRhbnZnknmU
+  N3pVKAW+owdEp9eoyfLoyFdmBPjPFX7/cPOXqCcdq3lDsCWYixaGZ1z9otMVp6vF
+  xT4AAxo6uwEk258NzwU1Jm31x0/MlPSe4WYPapuzAoGACo4Mkt1Eaer2lN9wOTby
+  X7FICJTO4IRHIzb49CL09Fd+ZSWGXRFnEpF7fwzXFdySLrma2+DFuxNjsN8OoZhB
+  QN7CY6FvofJJX20Hj+BFx4Kb918x+gkmpFTZmbTwZzhk6qRmFW5s0phFFKF2dcI6
+  h6pdTzyjC/Boy15fJrVCmYECgYEAo22IHLcv26+VI5nNPT9SYa2fROQJDXAAi42t
+  0RA+NOUgMkd6sfSDhuD3j57N4tz4z/Wer6RkzgWVNPbQw+wZRkk93Sui1SkRuUrO
+  TuRINY38162gOyQNCFXSqrS+FrUAd1TrInIWDqHUXD7koTIdkKDo6In+iMSMYa6O
+  PKwxH3sCgYB4OHoRKVQNU4RuR68xvQY/ggy5cmtEhZzNHlbpchAiw+4JhbQ76q/W
+  Iyo0raU0OOg0hvb2ideRZre5lWJZqT9QT31ZXC+3xr89ZYvmjOjFI2WuOCLRsXXy
+  pxmNrG6xskY+azT3rC5ouh1r9vz1E0oCJq4H6aVUBqZ1AkQI49AM0g==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: service-account
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1

diff --git a/site/intel-pod15/secrets/ingress.yaml b/site/intel-pod15/secrets/ingress.yaml
new file mode 100644 (file)
index 0000000..b799fdb
--- /dev/null
+++ b/site/intel-pod15/secrets/ingress.yaml
@@ -0,0 +1,135 @@
+---
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-crt-site
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-ca-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  labels:
+    name: ingress-key-site
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...

diff --git a/site/intel-pod15/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod15/secrets/passphrases/apiserver-encryption-key-key1.yaml
new file mode 100644 (file)
index 0000000..e21876e
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: apiserver-encryption-key-key1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
+# use head -c 32 /dev/urandom | base64
+data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+...

diff --git a/site/intel-pod15/secrets/passphrases/cedric_crypt_password.yaml b/site/intel-pod15/secrets/passphrases/cedric_crypt_password.yaml
new file mode 100644 (file)
index 0000000..ddf1fb6
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/cedric_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cedric_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod15/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod15/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..7201502
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...

diff --git a/site/intel-pod15/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644 (file)
index 0000000..9a9af1f
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_swift_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod15/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644 (file)
index 0000000..0b49b62
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ipmi_admin_password.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    name: ipmi-admin-password-site
+  storagePolicy: cleartext
+data: root
+...

diff --git a/site/intel-pod15/secrets/passphrases/maas-region-key.yaml b/site/intel-pod15/secrets/passphrases/maas-region-key.yaml
new file mode 100644 (file)
index 0000000..73d4a69
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/maas-region-key.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-region-key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...

diff --git a/site/intel-pod15/secrets/passphrases/mfix_crypt_password.yaml b/site/intel-pod15/secrets/passphrases/mfix_crypt_password.yaml
new file mode 100644 (file)
index 0000000..6c2f681
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/mfix_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: mfix_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..c5f866c
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..bb19957
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..9bf0217
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod15/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644 (file)
index 0000000..5122192
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_barbican_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..32f8dae
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..b22f898
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..040e657
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..5d76ba7
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod15/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644 (file)
index 0000000..26565db
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_cinder_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..b1ac8ff
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..0739069
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..57db752
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..d103c27
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod15/secrets/passphrases/osh_glance_password.yaml
new file mode 100644 (file)
index 0000000..93ae0f2
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_glance_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..496fae3
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..3352d4c
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..074e688
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..39f1327
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_password.yaml
new file mode 100644 (file)
index 0000000..5777ebb
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..74e2a99
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644 (file)
index 0000000..36db28b
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_stack_user_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod15/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644 (file)
index 0000000..58129ef
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_trustee_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..7c78d45
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_horizon_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644 (file)
index 0000000..78c265e
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_elasticsearch_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644 (file)
index 0000000..9232de7
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..6d5f49e
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644 (file)
index 0000000..bd4e573
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_session_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644 (file)
index 0000000..52dbe16
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_nagios_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644 (file)
index 0000000..64f78e1
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_openstack_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..9c68e9d
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..f134f46
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3df5f6
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_prometheus_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
new file mode 100644 (file)
index 0000000..9f64719
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_access_key
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
new file mode 100644 (file)
index 0000000..3e06f91
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_admin_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: admin_secret_key
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
new file mode 100644 (file)
index 0000000..97c7d23
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_access_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_access_key
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
new file mode 100644 (file)
index 0000000..60f0134
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_rgw_s3_elasticsearch_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: elastic_secret_key
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..6c3f446
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644 (file)
index 0000000..2edf0f2
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_ldap_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..07b2206
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..aec85c0
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..be716f4
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..ee7e4bd
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..4d0b157
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..4ac42c9
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..6be02b9
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod15/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644 (file)
index 0000000..dd0b2b6
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_neutron_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..9e8ff8d
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
new file mode 100644 (file)
index 0000000..37d5c62
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_metadata_proxy_shared_secret
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..2cd60f5
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..487bcc5
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..13569ba
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_password.yaml
new file mode 100644 (file)
index 0000000..4c2223d
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..7a885e6
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod15/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..11747a7
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..48df9ee
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod15/secrets/passphrases/osh_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..61b4144
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod15/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..e7d97e2
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod15/secrets/passphrases/osh_placement_password.yaml
new file mode 100644 (file)
index 0000000..c72b59a
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_placement_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_placement_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..a3b5a2b
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod15/secrets/passphrases/osh_tempest_password.yaml
new file mode 100644 (file)
index 0000000..af90ec0
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/osh_tempest_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_tempest_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/sridhar_crypt_password.yaml b/site/intel-pod15/secrets/passphrases/sridhar_crypt_password.yaml
new file mode 100644 (file)
index 0000000..8e7e839
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/sridhar_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sridhar_crypt_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...

diff --git a/site/intel-pod15/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod15/secrets/passphrases/tenant_ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..18bd485
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: tenant_ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+# uuidgen
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..33c4125
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644 (file)
index 0000000..8a1d648
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644 (file)
index 0000000..866efcc
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_armada_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644 (file)
index 0000000..cb2da22
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..95a76ed
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644 (file)
index 0000000..5ee27f2
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644 (file)
index 0000000..e63319b
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b8083b5
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644 (file)
index 0000000..2eff525
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..91f74fd
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..a9cb153
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644 (file)
index 0000000..402c129
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644 (file)
index 0000000..96ec574
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
new file mode 100644 (file)
index 0000000..b513af4
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_openstack_exporter_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..b3c1325
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..95d6c0e
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644 (file)
index 0000000..546de05
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_postgres_exporter_password.yaml
new file mode 100644 (file)
index 0000000..abdaa5b
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_postgres_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_postgres_replication_password.yaml
new file mode 100644 (file)
index 0000000..2176e71
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_postgres_replication_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_replication_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644 (file)
index 0000000..ac40d1e
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_promenade_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod15/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..6a2aef9
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644 (file)
index 0000000..181a52a
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod15/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644 (file)
index 0000000..de0eed7
--- /dev/null
+++ b/site/intel-pod15/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: password123
+...

diff --git a/site/intel-pod15/secrets/publickey/cedric_ssh_public_key.yaml b/site/intel-pod15/secrets/publickey/cedric_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..56fa412
--- /dev/null
+++ b/site/intel-pod15/secrets/publickey/cedric_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cedric_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0PTM2sBD/FqL67ubOiTlHcorrKaNnUKtN+3lqegJAXQznnkg4YfultXncRzJiqD6m1tjI06JyBxFnudSXu+a6FtB3XRY+EDwJWi4Ms+izeIOYKFAh2YMP35YBy6Du+3anIuISmGEQLQ2BbSUNL38MgImWlr+Hu5B555yEfNtDDl+nADzbkuOiEnd6hGNQZp2Df7PAlH1idFge/LCHyoDcMhvJAdUcGQuDn5lVu8JzhrJO+Gdo+m3pMxB1ZnXNajzndbJnGKvs54iu16dumccat9yWJS7McscwZKrfoQ+wnX/5/e+IJMgbcxGJELG+GzytC5imbHL/GqvFaOTYJhTr 
+...

diff --git a/site/intel-pod15/secrets/publickey/mfix_ssh_public_key.yaml b/site/intel-pod15/secrets/publickey/mfix_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..c06d7d8
--- /dev/null
+++ b/site/intel-pod15/secrets/publickey/mfix_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: mfix_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDktBXlcZbnTo+XM6y/NDDWLQAGTedBiZrx9W64FtH57IyNqtzJjz1C2v6cDnXTvqEAi3dpVJN7HONz/M9BaX3nlwfuasxvW75mZfOGfvcqOne/2R6NCsy+evtnkjA6AweBPBAsItdQtcb5rzgqij7c8Zxtcangb91YadXNZXYwB6+3LaonxdyAsTKTgJYQF5/kwuWvei8qenWszK3Q0Zs2oFW5tsbvQ7/Zm5TO4d3Oscs8IcvzlHZe7NK1mChLSARrrFq4FisHyILyp4pmL/bdgWOZse1uk676HUEpwT1Da7PCO0IsL1w7LNINq5zXC0YI9JgHD9/QXPA0scxCAfE6sDWkiPZ/EVY1czhXCX9tCiyttxn5ZiwL0Id+By02CJiSmluEJrfaebTZ8MYk5QSjw2du9/uxsSF9GvsqVLqGkcx0d6txHvISpNEzAVedwcV2UltI4MUjX5gk7XU1vmjqc4wG9H+WHkqPUK1tdkiEdYKKUUXr0yEJ0pXOLEmEEpD+t0lUrTDFXpSR78jRzuQ2OHEvP32BlniNinR5bnWcwFWSKkKd0lJj60cohXvnJmJ/mV8rjPRAoWTNHj3o8hj9aawqLPSrXtirVRM3DPbxTrFon9slIbm++tcsj5Nsxl0pMHq1f4f7+4P3HCtkQiudA/HTH0s6EqNnS/8DA1aiZQ== mf4716@att.com
+...

diff --git a/site/intel-pod15/secrets/publickey/opnfv_ssh_public_key.yaml b/site/intel-pod15/secrets/publickey/opnfv_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..b63fdbb
--- /dev/null
+++ b/site/intel-pod15/secrets/publickey/opnfv_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: opnfv_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBdh8nzrD+7dOBoV44JNL8sjjIjMs79ufdi+H7W72HSWPnPF/2Ou4+YVIWCWjo+4q7UwZZdppSW59ziAt1SgUw8YerpM9kti4VDqs6BrDr7FTfaHvfiJ4c1LIu+aAE4PjHVyHmRvaxSvzqjDzuQpdxRHuvfUrJOqldTedCzkUfRXoODVP14SKv+45bv5BglL5ODoq4/5vQ2QFhVLRnPsEXwqyIz16fqqziC2PrrvCM8LPHjv/R4MtL8ekCJi3+wKTnIekD77k2FK3b6uVtyOaFmpRoKj5gg1OokxS5Pe5hizjEY3U2xuNjKB+C+KHOafJrLQmCO2AT4NXz06OQTJaD opnfv@pod15-jump
+...

diff --git a/site/intel-pod15/secrets/publickey/sridhar_ssh_public_key.yaml b/site/intel-pod15/secrets/publickey/sridhar_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..8ef987f
--- /dev/null
+++ b/site/intel-pod15/secrets/publickey/sridhar_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sridhar_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAm23hyhNJ1ewDL35DGg9agPMJ1VSI4elUKM/VMiRH0LBLfk55pJbZwmmLv6Z4E3hXPTvPxCS1j0kXqGiPLpMo6qPeK0EjYMCT6EdVFLh5yt3jWouRjG6lHG2D7Y5tjBhu/d3zKu3ZDblbbT2xIbw3OOFoK+9Bp4f42AMGY3etsNdbcRDLmXgL6Zi94okAuEf7t5HeKqXgWkk6az0EMm7v+FgHmlVHMzO9J0XpmFbYtI711PXQBCotVC/LsyYBQoQqtxZnikt6gGLooRHlrWOkhqv9ycBteqIDhh78NNVWya+L7Xj/TcQmyzuTkNdAFxwiEvMScal2oYy+TvoFdlxr sridhar@dike
+...

diff --git a/site/intel-pod15/site-definition.yaml b/site/intel-pod15/site-definition.yaml
new file mode 100644 (file)
index 0000000..ad0ce21
--- /dev/null
+++ b/site/intel-pod15/site-definition.yaml
@@ -0,0 +1,17 @@
+---
+schema: pegleg/SiteDefinition/v1
+metadata:
+  schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: intel-pod15
+  storagePolicy: cleartext
+data:
+  site_type: cntt
+
+  repositories:
+    global:
+      revision: v1.6
+      url: https://opendev.org/airship/treasuremap.git
+...

diff --git a/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644 (file)
index 0000000..4776953
--- /dev/null
+++ b/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-calico-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which calico etcd will run and will need certs. It is assumed
+    # that Airship sites will have 3 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis hostname - pod15-node1
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node1
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node1-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod15-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod15-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-pod15-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-pod15-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644 (file)
index 0000000..a0dda4c
--- /dev/null
+++ b/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Generate a list of control plane nodes (i.e. genesis node + master node
+    # list) on which k8s etcd will run and will need certs. It is assumed
+    # that Airship sites will have 3 control plane nodes, so this should not need to
+    # change for a new site.
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Certificate substitutions for the node names assembled on the above list.
+    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+    # to change with a standard Airship deployment. However, the names of each
+    # deckhand certficiate should be updated with the correct hostnames for your
+    # environment. The ordering is important (Genesis is index 0, then master
+    # nodes in the order they are specified in common-addresses).
+
+    # Genesis Exception*
+    # *NOTE: This is an exception in that `genesis` is not the hostname of the
+    # genesis node, but `genesis` is reference here in the certificate names
+    # because of certain Promenade assumptions that may be addressed in the
+    # future. Therefore `genesis` is used instead of `pod15-node1` here.
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+
+    # master node 1 hostname - pod15-node2
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod15-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod15-node2
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod15-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod15-node2-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # master node 2 hostname - pod15-node3
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod15-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod15-node3
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-pod15-node3-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-pod15-node3-peer
+        path: $
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod15/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..ef0a42e
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,34 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  labels:
+    name: elasticsearch-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        master: 2
+        data: 1
+        client: 2
+    storage:
+      requests:
+        storage: 20Gi
+    conf:
+      elasticsearch:
+        env:
+          java_opts:
+            client: "-Xms2048m -Xmx2048m"
+            data: "-Xms2048m -Xmx2048m"
+            master: "-Xms2048m -Xmx2048m"
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod15/software/charts/osh-infra/fluentbit.yaml
new file mode 100644 (file)
index 0000000..5d2f287
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentbit
+  labels:
+    name: fluentbit-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentbit-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        fluentd: 1
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/fluentd.yaml b/site/intel-pod15/software/charts/osh-infra/fluentd.yaml
new file mode 100644 (file)
index 0000000..3652a3e
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluentd
+  labels:
+    name: fluentd-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluentd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        fluentd: 1
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/grafana.yaml b/site/intel-pod15/software/charts/osh-infra/grafana.yaml
new file mode 100644 (file)
index 0000000..b35614f
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/grafana.yaml
@@ -0,0 +1,23 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: grafana
+  labels:
+    name: grafana-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: grafana-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        grafana: 1
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/ingress.yaml b/site/intel-pod15/software/charts/osh-infra/ingress.yaml
new file mode 100644 (file)
index 0000000..d449881
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/ingress.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: osh-infra-ingress-controller
+  labels:
+    name: osh-infra-ingress-controller-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: osh-infra-ingress-controller-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        ingress: 1
+        error_page: 1
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/mariadb.yaml b/site/intel-pod15/software/charts/osh-infra/mariadb.yaml
new file mode 100644 (file)
index 0000000..335d4e9
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/mariadb.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: osh-infra-mariadb
+  labels:
+    name: osh-infra-mariadb-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: osh-infra-mariadb-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        server: 1
+        ingress: 1
+...

diff --git a/site/intel-pod15/software/charts/osh-infra/prometheus.yaml b/site/intel-pod15/software/charts/osh-infra/prometheus.yaml
new file mode 100644 (file)
index 0000000..d00e96a
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,35 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: prometheus
+  labels:
+    name: prometheus-type
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: prometheus-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      replicas:
+        prometheus: 1
+      resources:
+        enabled: true
+        prometheus:
+          limits:
+            memory: "4Gi"
+            cpu: "2000m"
+          requests:
+            memory: "2Gi"
+            cpu: "1000m"
+    storage:
+      requests:
+        storage: 20Gi
+...

diff --git a/site/intel-pod15/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod15/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644 (file)
index 0000000..85ec726
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: libvirt
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: libvirt-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      backend:
+        - openvswitch
+        # - sriov
+...

diff --git a/site/intel-pod15/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod15/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644 (file)
index 0000000..824c03d
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,74 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-type
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  wait:
+    timeout: 1800
+  test:
+    timeout: 900
+  values:
+    labels:
+      sriov:
+        node_selector_key: sriov
+        node_selector_value: enabled
+    pod:
+      security_context:
+        neutron_sriov_agent:
+          pod:
+            runAsUser: 42424
+          container:
+            neutron_sriov_agent_init:
+              privileged: true
+              runAsUser: 0
+              readOnlyRootFilesystem: false
+            neutron_sriov_agent:
+              readOnlyRootFilesystem: true
+              privileged: true
+    network:
+      interface:
+        sriov:
+          - device: ens785f0
+            num_vfs: 32
+            promisc: false
+      backend:
+        - openvswitch
+        - sriov
+    conf:
+      sriov_init:
+        - besteffort
+      plugins:
+        ml2_conf:
+          ml2:
+            mechanism_drivers: l2population,openvswitch,sriovnicswitch
+          ml2_type_vlan:
+            ## NOTE: Must have at least 1 sriov network defined
+            network_vlan_ranges: external,sriovnet1:100:4000
+        sriov_agent:
+          securitygroup:
+            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+          sriov_nic:
+            ## NOTE: Must have at least 1 sriov network to physical device
+            ##       mapping, otherwise sriov agent readiness check
+            ##       will fail.
+            physical_device_mappings: sriovnet1:ens785f0
+            exclude_devices: ""
+...

diff --git a/site/intel-pod15/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod15/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..9761a25
--- /dev/null
+++ b/site/intel-pod15/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,47 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+#    changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+#    slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-cntt
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: drydock/HardwareProfile/v1
+        name: intel-pod15
+        path: .cpu_sets.kvm
+      dest:
+        path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+  values:
+    network:
+      backend:
+       - openvswitch
+       # - sriov
+    conf:
+      nova:
+        filter_scheduler:
+          available_filters: "nova.scheduler.filters.all_filters"
+          enabled_filters:  "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+        pci:
+          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+          passthrough_whitelist: |
+              [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...

diff --git a/site/intel-pod15/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod15/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644 (file)
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod15/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+          # your HW matches this site's HW. Verify for your environment.
+          # 8 OSDs per node x 3 nodes = 24
+          osd: 3
+...

diff --git a/site/intel-pod15/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod15/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644 (file)
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod15/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+          # change if your deployment HW matches this site's HW.
+          osd: 1
+        spec:
+          # RBD pool
+          - name: rbd
+            application: rbd
+            replication: 1
+            percent_total_data: 40
+          - name: cephfs_metadata
+            application: cephfs
+            replication: 1
+            percent_total_data: 5
+          - name: cephfs_data
+            application: cephfs
+            replication: 1
+            percent_total_data: 10
+          # RadosGW pools
+          - name: .rgw.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.control
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.data.root
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.gc
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.intent-log
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.meta
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.usage
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.keys
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.email
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.swift
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.users.uid
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.extra
+            application: rgw
+            replication: 1
+            percent_total_data: 0.1
+          - name: default.rgw.buckets.index
+            application: rgw
+            replication: 1
+            percent_total_data: 3
+          - name: default.rgw.buckets.data
+            application: rgw
+            replication: 1
+            percent_total_data: 34.8
+...

diff --git a/site/intel-pod15/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod15/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644 (file)
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod15/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-osd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-osd-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+          - data:
+              type: directory
+              location: /var/lib/ceph/osd/osd-one
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/osd-one
+...

diff --git a/site/intel-pod15/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod15/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..7e5adb0
--- /dev/null
+++ b/site/intel-pod15/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,83 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+#    based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  labels:
+    name: ucp-divingbell-site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: opnfv_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: sridhar_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[1].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: sridhar_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: mfix_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[2].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: mfix_crypt_password
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[3].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: cedric_ssh_public_key
+        path: .
+    - dest:
+        path: .values.conf.uamlite.users[3].user_crypt_passwd
+      src:
+        schema: deckhand/Passphrase/v1
+        name: cedric_crypt_password
+        path: .
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: opnfv
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: sridhar
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: mfix
+            user_sudo: true
+            user_sshkeys: []
+          - user_name: cedric
+            user_sudo: true
+            user_sshkeys: []
+...

diff --git a/site/intel-pod15/software/config/common-software-config.yaml b/site/intel-pod15/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..b85499b
--- /dev/null
+++ b/site/intel-pod15/software/config/common-software-config.yaml
@@ -0,0 +1,16 @@
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    # NEWSITE-CHANGEME: Replace with the site name
+    region_name: intel-pod15
+...