Treasuremap 1.8 integration

Upgrade pod 17 to Treasuremap 1.8 prime for CNTT RI-1.

Added deploy script enhancement to include pregenesis, certs, and wrapper
for shipyard cli command.

Added clean-genesis script to properly clean genesis node for redeployment.

Signed-off-by: James Gu <james.gu@att.com>
Change-Id: I4c150ef216d5eb631a0980c72b3c6c80a55788d0
Signed-off-by: James Gu <james.gu@att.com>

diff --git a/site/intel-pod17/baremetal/nodes.yaml b/site/intel-pod17/baremetal/nodes.yaml
index 6218abd..4b0af4e 100644 (file)
--- a/site/intel-pod17/baremetal/nodes.yaml
+++ b/site/intel-pod17/baremetal/nodes.yaml
@@ -31,6 +31,8 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
+  oob:
+    account: 'root'
   # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
   # node. In the reference Airship deployment, this is all logical Networks defined
   # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
@@ -46,26 +48,26 @@ data:
     # the environment; these are not addresses which MaaS assigns.
     - network: oob
       address: 10.10.170.12
-    # The IP of the node on the DMZ network. Refer to the static IP range
-    # defined for the Admin network in networks/physical/networks.yaml.
-    - network: dmz
+    # The IP of the node on the oam network. Refer to the static IP range
+    # defined for the oam network in networks/physical/networks.yaml.
+    - network: oam
       address: 10.10.170.22
-    # The IP of the node on the Admin network. Refer to the static IP range
+    # The IP of the node on the pxe network. Refer to the static IP range
     # defined for the Admin network in networks/physical/networks.yaml.
     # This network is used for PXE bootstrapping of the bare-metal servers.
-    - network: admin
+    - network: pxe
       address: 10.10.171.22
-    # The IP of the node on the Private network. Refer to the static IP range
-    # defined for the Private network in networks/physical/networks.yaml.
-    - network: private
+    # The IP of the node on the calico network. Refer to the static IP range
+    # defined for the calico network in networks/physical/networks.yaml.
+    - network: calico
       address: 10.10.172.22
     # The IP of the node on the Storage network. Refer to the static IP range
     # defined for the Storage network in networks/physical/networks.yaml.
     - network: storage
       address: 10.10.173.22
-    # The IP of the node on the Management network. Refer to the static IP range
-    # defined for the Management network in networks/physical/networks.yaml.
-    - network: management
+    # The IP of the node on the overlay network. Refer to the static IP range
+    # defined for the overlay network in networks/physical/networks.yaml.
+    - network: overlay
       address: 10.10.174.22
   # NEWSITE-CHANGEME: Set the host profile for the node.
   # Note that there are different host profiles depending if this is a control
@@ -100,19 +102,21 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
+  oob:
+    account: 'root'
   # NEWSITE-CHANGEME: The next node's IPv4 addressing
   addressing:
     - network: oob
       address: 10.10.170.13
-    - network: dmz
+    - network: oam
       address: 10.10.170.23
-    - network: admin
+    - network: pxe
       address: 10.10.171.23
-    - network: private
+    - network: calico
       address: 10.10.172.23
     - network: storage
       address: 10.10.173.23
-    - network: management
+    - network: overlay
       address: 10.10.174.23
   # NEWSITE-CHANGEME: The next node's host profile
   host_profile: cp-intel-s2600wt
@@ -134,19 +138,21 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
+  oob:
+    account: 'root'
   # NEWSITE-CHANGEME: The next node's IPv4 addressing
   addressing:
     - network: oob
       address: 10.10.170.14
-    - network: dmz
+    - network: oam
       address: 10.10.170.24
-    - network: admin
+    - network: pxe
       address: 10.10.171.24
-    - network: private
+    - network: calico
       address: 10.10.172.24
     - network: storage
       address: 10.10.173.24
-    - network: management
+    - network: overlay
       address: 10.10.174.24
   # NEWSITE-CHANGEME: The next node's host profile
   host_profile: dp-intel-s2600wt
@@ -168,19 +174,21 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
+  oob:
+    account: 'root'
   # NEWSITE-CHANGEME: The next node's IPv4 addressing
   addressing:
     - network: oob
       address: 10.10.170.15
-    - network: dmz
+    - network: oam
       address: 10.10.170.25
-    - network: admin
+    - network: pxe
       address: 10.10.171.25
-    - network: private
+    - network: calico
       address: 10.10.172.25
     - network: storage
       address: 10.10.173.25
-    - network: management
+    - network: overlay
       address: 10.10.174.25
   # NEWSITE-CHANGEME: The next node's host profile
   host_profile: dp-intel-s2600wt

diff --git a/site/intel-pod17/intel-pod17.env b/site/intel-pod17/intel-pod17.env
index 423a869..dcbd26f 100644 (file)
--- a/site/intel-pod17/intel-pod17.env
+++ b/site/intel-pod17/intel-pod17.env
@@ -4,7 +4,7 @@
 # https://wiki.opnfv.org/display/pharos/Intel+POD17
 
 # Airship related settings
-export OS_AUTH_URL=${OS_AUTH_URL:-'http://iam-airship.intel-pod17.opnfv.org:80/v3'}
+export OS_AUTH_URL=${OS_AUTH_URL:-'http://iam-nc.intel-pod17.opnfv.org:80/v3'}
 export GEN_SSH=${GEN_SSH:-'intel-pod17-genesis'}
 export SITE_NAME=${SITE_NAME:-'intel-pod17'}
 export GEN_IPMI=${GEN_IPMI:-'10.10.170.11'}
@@ -12,4 +12,4 @@ export NODES_IPMI=${NODES_IPMI:-'10.10.170.12 10.10.170.13 10.10.170.14 10.10.17
 export SITE_DEF=${SITE_DEF:-'airship/site/intel-pod17/site-definition.yaml'}
 
 # OpenStack related settings
-export OS_AUTH_URL_IDENTITY=${OS_AUTH_URL_IDENTITY:-'http://identity-airship.intel-pod17.opnfv.org:80/v3'}
+export OS_AUTH_URL_IDENTITY=${OS_AUTH_URL_IDENTITY:-'http://identity-nc.intel-pod17.opnfv.org:80/v3'}

diff --git a/site/intel-pod17/networks/common-addresses.yaml b/site/intel-pod17/networks/common-addresses.yaml
index 758ba9b..8eaf8a4 100644 (file)
--- a/site/intel-pod17/networks/common-addresses.yaml
+++ b/site/intel-pod17/networks/common-addresses.yaml
@@ -5,10 +5,16 @@
 schema: pegleg/CommonAddresses/v1
 metadata:
   schema: metadata/Document/v1
+  replacement: true
   name: common-addresses
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      name: common-addresses-global
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
   calico:
@@ -18,24 +24,37 @@ data:
     # This should be whichever interface (or bond) and VLAN number specified in
     # networks/physical/networks.yaml for the Calico network.
     # E.g. you would set "interface=ens785f0" as shown here.
-    ip_autodetection_method: interface=ens785f0
+    ip_autodetection_method: can-reach=10.10.172.21
     etcd:
       # The etcd service IP address.
       # This address must be within data.kubernetes.service_cidr range
       service_ip: 10.96.232.136
+    ip_rule:
+      # NEWSITE-CHANGEME: The service gateway/VRR IP for routing pod traffic
+      gateway: 10.10.172.1
 
-  # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
-  # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
-  # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
-  vip:
-    # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
-    # The address is selected from DMZ network specified in
-    # networks/physical/networks.yaml
-    ingress_vip: '10.10.170.100/32'
-    # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
-    # The address is selected from Admin network specified in
-    # networks/physical/networks.yaml
-    maas_vip: '10.10.171.100/32'
+    bgp:
+      # on the genesis node, run /opt/cni/bin/calicoctl get bgppeers
+      # asnumber: 64688
+      ipv4:
+        # NEWSITE-CHANGEME: A routable CIDR to configure for ingress, maas, and
+        # outward facing services (i.e. routable ingress CIDR)
+        # public_service_cidr: 10.10.170.128/29
+        public_service_cidr: 10.10.170.128/29
+        # NEWSITE-CHANGEME: Update with the "public" facing VIP to assign to
+        # the ingress controller. /32 is redundant; this is an IP not a CIDR.
+        ingress_vip: 10.10.170.129/32
+        # NEWSITE-CHANGEME(v1.0.1): Update with the "public" facing VIP to assign
+        # the MAAS ingress controller. /32 is redundant; this is an IP not a CIDR.
+        maas_vip: 10.10.171.129/32
+        # NEWSITE-CHANGEME: In Network Cloud, there is a pair of "global" BGP
+        # peers that will be used for the whole site (all racks). These BGP peer
+        # IPs should be put into this list.
+        # NOTE: Any change to the size of this list (2) requires corresponding
+        # changes in calico.yaml
+        peers:
+          - 'Nonsense'
+          - 'Nonsense'
 
   dns:
     # Kubernetes cluster domain. Do not change. This is internal to the cluster.
@@ -45,11 +64,15 @@ data:
     # List of upstream DNS forwards. Verify you can reach them from your
     # environment. If so, you should not need to change them.
     upstream_servers:
-      - 8.8.8.8
-      - 8.8.4.4
+      - 10.10.170.20
+      - 10.10.171.20
     # Repeat the same values as above, but formatted as a common separated
     # string
-    upstream_servers_joined: 8.8.8.8,8.8.4.4
+    upstream_servers_joined: 10.10.170.20, 10.10.171.20
+
+    # NEWSITE-CHANGEME: Set the FQDN used by bare metal nodes according to FQDN naming standards at
+    node_domain: intel-pod17.opnfv.org
+
     # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
     # Choose FQDN according to the ingress/public FQDN naming conventions at
     # the top of this document.
@@ -66,6 +89,10 @@ data:
     # NEWSITE-CHANGEME: Address defined for Calico network in
     # networks/physical/networks.yaml
     ip: 10.10.172.21
+    # NEWSITE-CHANGEME: OOB IP of the Genesis node. This should be sourced from the
+    # engineering package and match the address used to access the iLO/iDRAC/ASMI
+    # interface for the Genesis node.
+    oob: 10.10.170.11
 
   bootstrap:
     # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
@@ -117,7 +144,7 @@ data:
     # comma separated NTP server list. Verify that these upstream NTP servers are
     # reachable in your environment; otherwise update them with the correct
     # values for your environment.
-    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org'
 
   # An example for Openstack Helm Infra LDAP
   ldap:
@@ -139,6 +166,13 @@ data:
     # deployment (test vs prod values, etc)
     domain: example
 
+  ldap:
+    # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+    # authenticate to the active directory backend to validate keystone
+    # users.
+    # It is NOT used in the example deployment.
+    username: "m12345@ldap.test.com"
+
   storage:
     ceph:
       # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR

diff --git a/site/intel-pod17/networks/control-plane-addresses.yaml b/site/intel-pod17/networks/control-plane-addresses.yaml
new file mode 100644 (file)
index 0000000..c8b2164
--- /dev/null
+++ b/site/intel-pod17/networks/control-plane-addresses.yaml
@@ -0,0 +1,29 @@
+---
+schema: nc/ControlPlaneAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: control-plane-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  genesis:
+    hostname: pod17-node1
+    ip:
+      oam: 10.10.170.21
+      ksn: 10.10.172.21
+
+  masters:
+    - hostname: pod17-node1
+      ip:
+        oam: 10.10.170.21
+        ksn: 10.10.172.21
+    - hostname: pod17-node2
+      ip:
+        oam: 10.10.170.22
+        ksn: 10.10.172.22
+    - hostname: pod17-node3
+      ip:
+        oam: 10.10.170.23
+        ksn: 10.10.172.23

diff --git a/site/intel-pod17/networks/physical/networks.yaml b/site/intel-pod17/networks/physical/networks.yaml
index b8e1ea8..5c438f5 100644 (file)
--- a/site/intel-pod17/networks/physical/networks.yaml
+++ b/site/intel-pod17/networks/physical/networks.yaml
@@ -7,12 +7,12 @@
 # +--------+------------+-----------------------------------+-----------+----------+----------------+
 # |        |            |                                   |           |          |                |
 # +--------+------------+-----------------------------------+-----------+----------+----------------+
-# |IF0 1G  | dmz        | OoB & OAM (default route)         | VLAN  170 | untagged | 10.10.170.0/24 |
-# |IF1 1G  | admin      | PXE boot network                  | VLAN  171 | untagged | 10.10.171.0/24 |
-# |IF2 10G | private    | Underlay Calico and OVS overlay   | VLAN  172 | untagged | 10.10.172.0/24 |
-# |        | management | Management (unused for now)       | VLAN  174 | tagged   | 10.10.174.0/24 |
+# |IF0 1G  | dmz        | OOB and OAM (default route)       | VLAN  170 | untagged | 10.10.170.0/25 |
+# |IF1 1G  | pxe        | PXE boot network                  | VLAN  171 | untagged | 10.10.171.0/24 |
+# |IF2 10G | calico     | Underlay Calico                   | VLAN  172 | untagged | 10.10.172.0/24 |
+# |        | overlay    | overlay network for openstack SDN | VLAN  174 | tagged   | 10.10.174.0/24 |
 # |IF3 10G | storage    | Storage network                   | VLAN  173 | untagged | 10.10.173.0/24 |
-# |        | public     | Public network for VMs            | VLAN 1173 | tagged   | 10.10.175.0/24 |
+# |        | routable   | OVS-F (OVS Floating IP – Public)  | VLAN 1173 | tagged   | 10.10.175.0/24 |
 # +--------+------------+-----------------------------------+-----------+----------+----------------+
 #
 # For standard Airship/OPNFV deployments, you should not need to modify the
@@ -23,31 +23,6 @@
 # and how-tos on working with Drydock/YAMLs in more generic way and enabling
 # custom/additional features not represented here  (such as bonded networks).
 # See https://airship-drydock.readthedocs.io/en/latest/topology.html#defining-networking
-
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: oob
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # MaaS doesn't own this network like it does the others,
-  # so the noconfig label is specified.
-  labels:
-    noconfig: enabled
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: oob
-  allowed_networks:
-    - oob
-...
----
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
@@ -55,6 +30,12 @@ metadata:
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: oob
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
   # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
@@ -66,101 +47,24 @@ data:
       metric: 100
 ...
 ---
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: dmz
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: dmz
-  allowed_networks:
-    - dmz
-...
----
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: dmz
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
-  cidr: 10.10.170.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
-      # NOTE: This serves as the site's default route.
-      gateway: 10.10.170.1
-      metric: 100
-  ranges:
-    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
-    - type: reserved
-      start: 10.10.171.1
-      end: 10.10.171.19
-    # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
-    # See minimum range required for the nodes in baremetal/nodes.yaml.
-    - type: static
-      start: 10.10.170.20
-      end: 10.10.170.39
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: intel-pod17.opnfv.org
-    # List of upstream DNS forwards. Verify you can reach them from your
-    # environment. If so, you should not need to change them.
-    # TODO: This should be populated via substitution from common-addresses
-    servers: '8.8.8.8,8.8.4.4'
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: admin
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: disabled
-    default_network: admin
-  allowed_networks:
-    - admin
-...
----
-schema: 'drydock/Network/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: admin
+  name: pxe
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: pxe
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
   # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
   # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
   cidr: 10.10.171.0/24
-  routes:
-    - subnet: 0.0.0.0/0
-      # NEWSITE-CHANGEME: Set the Admin network gateway IP address
-      gateway: 10.10.171.1
-      metric: 100
   # NOTE: The DHCP addresses are used when nodes perform a PXE boot
   # (DHCP address gets assigned), and when a node is commissioning in MaaS
   # (also uses DHCP to get its IP address). However, when MaaS installs the
@@ -181,55 +85,66 @@ data:
     # excluding the reserved IPs.
     - type: dhcp
       start: 10.10.171.40
-      end: 10.10.171.79
-  dns:
-    # NEWSITE-CHANGEME: FQDN for bare metal nodes.
-    # Choose FQDN according to the node FQDN naming conventions at the top of
-    # this document.
-    domain: intel-pod17.opnfv.org
+      end: 10.10.171.128
+#   dns:
     # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
     # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
     # deployed without requiring routed/internet access for the Admin/PXE interface.
     # See data.vip.maas_vip in networks/common-addresses.yaml.
     # TODO: This should be populated via substitution from common-addresses
-    servers: '10.10.171.100'
+#    servers: '10.10.171.20'
 ...
 ---
-schema: 'drydock/NetworkLink/v1'
+schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: data1
+  name: oam
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: oam
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
-  bonding:
-    mode: disabled
-  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
-  # configured for this MTU or greater.
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: 802.1q
-  allowed_networks:
-    - private
-    - management
+  # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+  cidr: 10.10.170.0/24
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+      # NOTE: This serves as the site's default route.
+      gateway: 10.10.170.1
+      metric: 100
+  ranges:
+    # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+    - type: reserved
+      start: 10.10.170.1
+      end: 10.10.170.19
+    # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+    # See minimum range required for the nodes in baremetal/nodes.yaml.
+    - type: static
+      start: 10.10.170.20
+      end: 10.10.170.39
 ...
 ---
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: private
+  name: calico
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: calico
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
-  # use '0' if the vlan is untagged
-  vlan: '0'
-  mtu: 1500
   # NEWSITE-CHANGEME: Set the CIDR for the Private network
   # NOTE: The CIDR minimum size = number of nodes + 10
   cidr: 10.10.172.0/24
@@ -244,47 +159,42 @@ data:
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: management
+  name: overlay
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: os-overlay
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
   # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
   vlan: '174'
-  mtu: 1500
   # NEWSITE-CHANGEME: Set the CIDR for the Management network
   # NOTE: The CIDR minimum size = number of nodes + 10
   cidr: 10.10.174.0/24
   ranges:
+    # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+    - type: reserved
+      start: 10.10.174.1
+      end: 10.10.174.10
     # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
     # reserved IPs.
     - type: static
-      start: 10.10.174.1
-      end: 10.23.21.19
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: data2
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  bonding:
-    mode: disabled
-  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
-  # configured for this MTU or greater.
-  mtu: 1500
-  linkspeed: auto
-  trunking:
-    mode: 802.1q
-    default_network: storage
-  allowed_networks:
-    - storage
-    - public
+      start: 10.10.174.11
+      end: 10.10.174.100
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Update to the gateway address for this network
+      gateway: 10.10.174.1
+  labels:
+    # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this
+    #  is a special case. If set to false, IP Addresses and CIDR will still need
+    #  to be specified above to satisfy the schema and substitution used by other documents.
+    enabled: true
 ...
 ---
 schema: 'drydock/Network/v1'
@@ -294,14 +204,14 @@ metadata:
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: storage
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
-  # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
-  # use '0' if the vlan is untagged
-  vlan: '0'
-  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
-  # configured for this MTU or greater.
-  mtu: 1500
   # NEWSITE-CHANGEME: Set the CIDR for the Storage network
   # NOTE: The CIDR minimum size = number of nodes + 10
   cidr: 10.10.173.0/24
@@ -313,22 +223,39 @@ data:
       end: 10.10.173.19
 ...
 ---
-# The public network for OpenStack VMs.
-# NOTE: Only interface 'ens785f1.1173' will be setup, no IPs assigned to hosts
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: public
+  name: routable
   layeringDefinition:
     abstract: false
     layer: site
+    parentSelector:
+      network_role: os-routable
+      topology: cruiserlite
+    actions:
+      - method: merge
+        path: .
   storagePolicy: cleartext
 data:
   # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
   vlan: '1173'
-  # NEWSITE-CHANGEME: Ensure the network switches in the environment are
-  # configured for this MTU or greater.
-  mtu: 1500
-  # NEWSITE-CHANGEME: Set the CIDR for the Public network
+  # NEWSITE-CHANGEME: Set the CIDR for the OVS-F (OVS Floating IP – Public) network
   cidr: 10.10.175.0/24
+  ranges:
+    - type: reserved
+      # NEWSITE-CHANGEME: Update to the start and end addresses to be used for the Floating IP pool
+      start: 10.10.175.31
+      end: 10.10.175.128
+  routes:
+    - subnet: 0.0.0.0/0
+      # NEWSITE-CHANGEME: Update to the gateway address for this network
+      gateway: 10.10.175.1
+      metric: 100
+  labels:
+    # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this
+    #     is a special case in corridor 1 that doesn't support a floating IP pool.
+    #     If set to false, IP Addresses and CIDR will still need to be specified
+    #     above to satisfy the schema and substitution used by other documents.
+    enabled: true
 ...

diff --git a/site/intel-pod17/pki/pki-catalog.yaml b/site/intel-pod17/pki/pki-catalog.yaml
index 20305ea..1134fe3 100644 (file)
--- a/site/intel-pod17/pki/pki-catalog.yaml
+++ b/site/intel-pod17/pki/pki-catalog.yaml
@@ -17,39 +17,14 @@ data:
     kubernetes:
       description: CA for Kubernetes components
       certificates:
-        - document_name: apiserver
-          description: Service certificate for Kubernetes apiserver
-          common_name: apiserver
-          hosts:
-            - localhost
-            - 127.0.0.1
-            # FIXME: Repetition of api_service_ip in common-addresses; use
-            # substitution
-            - 10.96.0.1
-          kubernetes_service_names:
-            - kubernetes.default.svc.cluster.local
 
         # NEWSITE-CHANGEME: The following should be a list of all the nodes in
         # the environment (genesis, control plane, data plane, everything).
         # Add/delete from this list as necessary until all nodes are listed.
         # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        # NOTE: The genesis node needs to be defined twice (the first two entries
-        # on this list) with all of the same paramters except the document_name.
-        # In the first case the document_name is `kubelet-genesis`, and in the
-        # second case the document_name format is `kubelet-YOUR_GENESIS_HOSTNAME`.
-        - document_name: kubelet-genesis
-          common_name: system:node:pod17-node1
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-          groups:
-            - system:nodes
+        #   1. The node's hostname
+        #   2. The node's ksn/Calico IP address
+        # master nodes
         - document_name: kubelet-pod17-node1
           common_name: system:node:pod17-node1
           hosts:
@@ -71,9 +46,12 @@ data:
             - 10.10.172.23
           groups:
             - system:nodes
+
+        # work nodes
         - document_name: kubelet-pod17-node4
           common_name: system:node:pod17-node4
           hosts:
+            # values from baremetal/nodes.yaml
             - pod17-node4
             - 10.10.172.24
           groups:
@@ -81,209 +59,10 @@ data:
         - document_name: kubelet-pod17-node5
           common_name: system:node:pod17-node5
           hosts:
+            # values from baremetal/nodes.yaml
             - pod17-node5
             - 10.10.172.25
           groups:
             - system:nodes
         # End node list
-        - document_name: scheduler
-          description: Service certificate for Kubernetes scheduler
-          common_name: system:kube-scheduler
-        - document_name: controller-manager
-          description: certificate for controller-manager
-          common_name: system:kube-controller-manager
-        - document_name: admin
-          common_name: admin
-          groups:
-            - system:masters
-        - document_name: armada
-          common_name: armada
-          groups:
-            - system:masters
-    kubernetes-etcd:
-      description: Certificates for Kubernetes's etcd servers
-      certificates:
-        - document_name: apiserver-etcd
-          description: etcd client certificate for use by Kubernetes apiserver
-          common_name: apiserver
-        # NOTE(mark-burnett): hosts not required for client certificates
-        - document_name: kubernetes-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   3. 127.0.0.1
-        #   4. localhost
-        #   5. kubernetes-etcd.kube-system.svc.cluster.local
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml, except for the kubernetes
-        # service_cidr where it should start with the second IP in the range.
-        # NOTE: The genesis node is defined twice with the same `hosts` data:
-        # Once with its hostname in the common/document name, and once with
-        # `genesis` defined instead of the host. For now, this duplicated
-        # genesis definition is required. FIXME: Remove duplicate definition
-        # after Promenade addresses this issue.
-        - document_name: kubernetes-etcd-genesis
-          common_name: kubernetes-etcd-genesis
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node1
-          common_name: kubernetes-etcd-pod17-node1
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node2
-          common_name: kubernetes-etcd-pod17-node2
-          hosts:
-            - pod17-node2
-            - 10.10.172.22
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node3
-          common_name: kubernetes-etcd-pod17-node3
-          hosts:
-            - pod17-node3
-            - 10.10.172.23
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    kubernetes-etcd-peer:
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: kubernetes-etcd-genesis-peer
-          common_name: kubernetes-etcd-genesis-peer
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node1-peer
-          common_name: kubernetes-etcd-pod17-node1-peer
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node2-peer
-          common_name: kubernetes-etcd-pod17-node2-peer
-          hosts:
-            - pod17-node2
-            - 10.10.172.22
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        - document_name: kubernetes-etcd-pod17-node3-peer
-          common_name: kubernetes-etcd-pod17-node3-peer
-          hosts:
-            - pod17-node3
-            - 10.10.172.23
-            - 127.0.0.1
-            - localhost
-            - kubernetes-etcd.kube-system.svc.cluster.local
-            - 10.96.0.2
-        # End node list
-    calico-etcd:
-      description: Certificates for Calico etcd client traffic
-      certificates:
-        - document_name: calico-etcd-anchor
-          description: anchor
-          common_name: anchor
-        # NEWSITE-CHANGEME: The following should be a list of the control plane
-        # nodes in the environment, including genesis.
-        # For each node, the `hosts` list should be comprised of:
-        #   1. The node's hostname, as already defined in baremetal/nodes.yaml
-        #   2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
-        #   3. 127.0.0.1
-        #   4. localhost
-        #   5. The calico/etcd/service_ip defined in networks/common-addresses.yaml
-        # NOTE: This list also needs to include the Genesis node, which is not
-        # listed in baremetal/nodes.yaml, but by convention should be allocated
-        # the first non-reserved IP in each logical network allocation range
-        # defined in networks/physical/networks.yaml
-        - document_name: calico-etcd-pod17-node1
-          common_name: calico-etcd-pod17-node1
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-pod17-node2
-          common_name: calico-etcd-pod17-node2
-          hosts:
-            - pod17-node2
-            - 10.10.172.22
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-pod17-node3
-          common_name: calico-etcd-pod17-node3
-          hosts:
-            - pod17-node3
-            - 10.10.172.23
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node
-          common_name: calcico-node
-        # End node list
-    calico-etcd-peer:
-      description: Certificates for Calico etcd clients
-      certificates:
-        # NEWSITE-CHANGEME: This list should be identical to the previous list,
-        # except that `-peer` has been appended to the document/common names.
-        - document_name: calico-etcd-pod17-node1-peer
-          common_name: calico-etcd-pod17-node1-peer
-          hosts:
-            - pod17-node1
-            - 10.10.172.21
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-pod17-node2-peer
-          common_name: calico-etcd-pod17-node2-peer
-          hosts:
-            - pod17-node2
-            - 10.10.172.22
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-etcd-pod17-node3-peer
-          common_name: calico-etcd-pod17-node3-peer
-          hosts:
-            - pod17-node3
-            - 10.10.172.23
-            - 127.0.0.1
-            - localhost
-            - 10.96.232.136
-        - document_name: calico-node-peer
-          common_name: calcico-node-peer
-        # End node list
-  keypairs:
-    - name: service-account
-      description: Service account signing key for use by Kubernetes controller-manager.
 ...

diff --git a/site/intel-pod17/profiles/region.yaml b/site/intel-pod17/profiles/region.yaml
index cb68a0a..ea5fda5 100644 (file)
--- a/site/intel-pod17/profiles/region.yaml
+++ b/site/intel-pod17/profiles/region.yaml
@@ -38,7 +38,7 @@ metadata:
       src:
         schema: deckhand/PublicKey/v1
         # your ssh key
-        name: kasparss_ssh_public_key
+        name: jamesg_ssh_public_key
         path: .
 data:
   tag_definitions: []

diff --git a/site/intel-pod17/secrets/certificates/certificates.yaml b/site/intel-pod17/secrets/certificates/certificates.yaml
index 7940624..03525e1 100644 (file)
--- a/site/intel-pod17/secrets/certificates/certificates.yaml
+++ b/site/intel-pod17/secrets/certificates/certificates.yaml
@@ -1,26 +1,24 @@
 ---
-# Example manifest for cert.
-# NEWSITE-CHANGEME: must be replaced with proper/valid set,
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDSDCCAjCgAwIBAgIUfRKmWCzUMEz+Qyn9PzxOdl+Oqv8wDQYJKoZIhvcNAQEL
+  MIIDSDCCAjCgAwIBAgIUVYukp8T38A+WWhPqqi+JbKbEse4wDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yNDA5MDIxNTIzMDBaMCoxEzARBgNVBAoTCkt1YmVy
+  Fw0yMDA5MTIwMzE5MDBaFw0yNTA5MTEwMzE5MDBaMCoxEzARBgNVBAoTCkt1YmVy
   bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDXTmY4VfQA0JxVmtZRtiNl0rmDGNx9mzxGyDdibTqlXLHq2Lfs
-  UlfHZ8ttoMIn49EQAGVQCyO5Ci2Q1EvYcnuHDHRCywKYmRIFkwD3/OBdRfVOK/4Y
-  3unI7UUb7LwoKghOdEELARTVhC3Vog4qSg9VWeNWbG/qTAE0uX2HVNBj4643DLru
-  KlyopTix0PzlCffAn8MoKGvIp2h2GeqCiwJYDCbrZ4c4iMspwhfshBqULZXD72kj
-  GhgqUkLmB7AeyKjfPPTrcAdN3kuRWM0uDVFlkqVLRm7oKkXTT6EWSkNpUN1sY5q5
-  fkaCnS2emZJGtH/zoCBwVSum6lSr/PGFDdD3AgMBAAGjZjBkMA4GA1UdDwEB/wQE
-  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRaM0cZ12BKgOZkl0kt
-  mxrhi+mOnDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG
-  9w0BAQsFAAOCAQEAIDSTd7lbaCpJDSRae/CZiN89noPLX5EPULSrS54Hs30z4HDI
-  2qmw2WXkspHNDcu04jrD1mEi5CD5stoqw//cCqUQapLNj+5HHuDrjosjSm8roeKa
-  U5PtnEK+X9EVMWtLQQPh1QzRzXWJlXQ5koAwnPEldy15meJaYDV0LKbu61mnkDDw
-  xYAUf/QGeoc6umWClRVQnysMRYcVuxRheV+hd2JHHq6nkQd6eWcRWI7KLxQJ0Iau
-  Vy3QXvPS2Cr8IxWOM5SIImJmKGwozd1MI1S5HnxFYSz9iMot/O+JXsAxy+n4/Y37
-  JsLtsq7FCloO67BsouZCyiD1yUMkidp+DlFQ1w==
+  DwAwggEKAoIBAQCj6IZ+iKWcZbT/15gMJe3gGYOiydaFRSAHO7Hw5OyMPjugqFa5
+  d4GnCuA6oArbM0l0Ayuogq7QJOAjgQJtGoqPNOou6ga4ylg6iJCBXER8izKuU8sS
+  pPU2qGWg1zFpU8F1mqZ9tLclftPpzHbWjpZAhJ4e2d+Rcf80nY+2CCLaEqN3Tb0S
+  Cmsya7Plovx4I+EgVhEFHAc8qknF8tozXs00YzGUfb2+kG3jQtiuhN9Eqgo3tIbw
+  8z524xk+KqyrOKi0k2wHiOeUeE02irZW+rGxZN0+1UBkIT623ZjeXxsWULw5tg5w
+  LADnUTsjd4JMsdn24CGr2j40/LYfuNuY2LqVAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+  AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQG+Y3CbeZI/XixZZ1c
+  hQL72ym46DAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DANBgkqhkiG
+  9w0BAQsFAAOCAQEAciCdilVssneR53jqJ8iYK9iDjpZtrhZ2dZQ0myiBr1WmPLLX
+  Q/oA9iakziEUcyDEyMNTJHbfXB7+q1poRCFxz7i8+bTSWj4gld7IQXcf44mdHq1b
+  x4abHNyufrF1YXV6A+o2Iey9+pmeIFjNPt6VLNKLOTKgW+w9fj6MmA03UzIRfBMc
+  feBEB6yFdts+bCy8znEHSMjOWeRgbv4fOoP7QY2Ok2zFvhRiYQWXXd+V2hF3+ZRQ
+  QjHqstBRXWuk0aS6f/6YjdhNEZuFEPDJnASoTkGhdN6pEmhepRlRGr6PqR1iIKKH
+  RGLGOtfG3p8y/qWXqYYsk6TKqAyCH9KiO2pUtQ==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -33,24 +31,24 @@ schema: deckhand/CertificateAuthority/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDUjCCAjqgAwIBAgIUPXOFh+9MEbYSITM1XKvIQvgf0ekwDQYJKoZIhvcNAQEL
+  MIIDUjCCAjqgAwIBAgIUVrZbjdq/NMbTo1Gy9bHblnsTXMowDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTI0MDkwMjE1MjMwMFowLzETMBEGA1UEChMK
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTI1MDkxMTAzMTkwMFowLzETMBEGA1UEChMK
   S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
-  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo3RL5oIQZr2V/umlH4XouKvwiltFU4722TV
-  AbCRzPt/mBBREqldSuDFzdG05YSrPhKfaQt7dLSkVDLZwFV/KgoG+7spqbcxbjN+
-  6nwHC2aNmQqHDurIcCV6rrTB8yeItf/wsInUOCpNCK+YBPC4bqrcP4l5zxwtBdVw
-  uxOjgDIyYLSGEZpkfioKs4phvI9TJuyRIXLHSg1HriQx3deqFlUff8wSssFsnAcX
-  w4COjPj/leZNR1a6jMbftkNSWZ97JkLtMxATzp3Xc3kEWiiIdCO4WOYuKkOCn3Ka
-  Vlo5tzWXhK4OOKM6x7f9Oa+rwiKvRKNNCqSmFGjB287gFXiEMQIDAQABo2YwZDAO
-  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU+wqZ
-  YW7lVOt64grfuZGKRq++3YowHwYDVR0jBBgwFoAU+wqZYW7lVOt64grfuZGKRq++
-  3YowDQYJKoZIhvcNAQELBQADggEBABxrOxdjNYX7R6TR2Lh5l3nGiTk9u5RXDofj
-  f0PLkxuEouMlKGUd5ZItnSFrCbY5A5gBobq4WF1aGjfOmNHGTR6n247VKQ1wWDF6
-  9pVNg6Ofsf88IMhQFNpJxUDLQKWcVCAYYNUbZeUKF6f8n4OPh0YSstNXwew/Lz/e
-  UsXzYnNCkl5Pw1d9rfaGdP61B1+v3YmNzxS7czXSAFLfbFEY2gsHJ26XJh0UYD7x
-  YdAtZsgQIYSnhAWobqkcYVvOJTDYBMNlJ2pShK9iQA9LfnphMLpsZZX/jX3YEvjj
-  0+jMd6Ee7y8GrVXJJlwsd2trc9HVIasUwCy2ZYWORwK0AfLyANw=
+  9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSY7rn60K2hpa5e5sBl1pUXbLOE5zxxDR6U4
+  0ww1vOwO+vQsg0CZtUvJdV9aHk8mxkmDale0Zx3EndAXMy97h6EBEEna9ijQd4XY
+  zU/8KMTVDq72bYVcZHc+eot/Gd4kl5Xqho9LUoGth7QYD5rwZ4ysQNqyeVIRr1V3
+  VpFT86e/fxO16KYFtmR5h0pdp+RrTNo8WSI5LGHAfJMSRlABVxc2C3/x++uTwS0r
+  RURFEum799u4+bzz//goRBKVeQT2qCXXBUwCbqbGIZ0c6Ud/lebEGnJCnhUmt8oO
+  3HmuJH4f39uF2/RZ/rNtA+qwPTrluqkQA7MbylzvnlyTBd/K7QIDAQABo2YwZDAO
+  BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUBalw
+  kg0O/U14OvbfWV55KfndKwIwHwYDVR0jBBgwFoAUBalwkg0O/U14OvbfWV55Kfnd
+  KwIwDQYJKoZIhvcNAQELBQADggEBACkUTlMN2Rk2Y4+pqYLjTdOxkUkwAo4B6e4Y
+  7bFqMKF8/UieDDKtVc1Vyfh2JLaZRzh54AfoNOSYCwuAWw7mOtBuBSGM77sCRHi9
+  eS6H8frEkKwpVXjfRVyBAfNmCWyZD8UMbwUrL0yA8lwM7ymTXb+N99N9+jobL33/
+  4LwmMpy0jpf8UcvHakPtMJhzVAMwpireJqOtJysFskpkmOkdt3XRd1DdfdAL4Ylg
+  IhF2Dl0n83YCh4C1Njjz2mtyC/tCKKWZFBwC8EcTE3pX9AvftV2g6qfWdiuzqDzD
+  SaGgbJoRJUdr2zUUVQpLWJvHKxZhD2gEy4aAMRQM+i25PdPgEt8=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -63,24 +61,24 @@ schema: deckhand/CertificateAuthority/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDXDCCAkSgAwIBAgIUPL/XyQgomwsvj/MpOFE6x50YB+8wDQYJKoZIhvcNAQEL
+  MIIDXDCCAkSgAwIBAgIUapgL8hcNl7h2WzHv3ey8sRwJ4BYwDQYJKoZIhvcNAQEL
   BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjQwOTAyMTUyMzAwWjA0MRMwEQYD
+  dGNkLXBlZXIwHhcNMjAwOTEyMDMxOTAwWhcNMjUwOTExMDMxOTAwWjA0MRMwEQYD
   VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
-  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpp0AmFwNFeHAxRO12HdkTA
-  Z3/CMy2zwE9fKoGgSlgXBrRVNUi1VTfqPRIqTRuYQqOb/XSGcrx94CTUiYPbuPtX
-  DuDyGY0s+SG6pmlorl4vWbeIMvM5gLJ8Esf1DWmqXTfbpy4C4sOKe0n2LAkiEe1b
-  WL19xRMIoIjZLKV1jcbeukbu+b2QFm4NLnv6V3qSkh96fyMq228AxGIZCR+QCm6s
-  eED8Dt9a4CWF7xabNAKAP8/KhcpTbJjJr8FqUT8U8rgWc4RrzAjKuF6QLHtBwfXP
-  sGd0AjPhkvm2arMnp30Ifcryqq4JhOTfEtS/YfuKH0ruiR5cJmt7Gm4Lt/oRmusC
+  ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANlgRkJ4rLR4U2P+qIHW7bJf
+  mHRv3a+YrztK8V0o/g2Jr/fIW1+sVOF3iy21y8xDcDbs4RRUT891HhqReWzQRbC+
+  3Yw1b2bhOJ+7YiIzVxPPGASt1/4NLfJcKoXVfZej6Ny1QWTqLDs2crFYvMMhJ8he
+  RnpyphUQj6kNZ0zc7dVrWnm1zcTOCccd+hlyYego1sCrA+ab7wUxjU3k8ONN3l5B
+  HsovPzfLT8pqOO77MG9dbwC37iiNT4HEoOqjPsIZxc13EuU0YATmkmO9903xhDJ9
+  VOm0/LX/LkEX4YORe6RK0S4KHbobjbTYx6trnPtUmd5XvyU5Fkp+M/4Re31xll0C
   AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
-  VR0OBBYEFIvAW619jE0GKHShWAPPwa3N80RUMB8GA1UdIwQYMBaAFIvAW619jE0G
-  KHShWAPPwa3N80RUMA0GCSqGSIb3DQEBCwUAA4IBAQBqwa3Fus93joazQeLTTT2l
-  ynlWvcpPZEhLKz3z2D1o3s0pIWFB+MTRYRxIG/JDhWzfQij1jSncDea9OZ+l/hKB
-  MQMm68P4apu2wCSkySQ4Y1/Kc7/g7OIxNBkYCgX9J+UJ9TsJY0mJ00mISSXljxHt
-  GuZv5RbGsvHwQSLoLL08Skt6qe2olROTw08U7QlSaWDjX0BAqWU5opBggihNz6WN
-  QMC+koEgTbKCveyx+4gla9qvU6YcqaoBsJW24tFbw7X/pA5q+OiNVK559i/gXI43
-  J04ole8q8sx0u8+fXwXbw8Zmlp9NhiHanxnlIuT51OKI2Ui7F6Rf1fJ9Ir+pLQ46
+  VR0OBBYEFPXfP1HptuEgdvteQ6i8I0VSFioDMB8GA1UdIwQYMBaAFPXfP1HptuEg
+  dvteQ6i8I0VSFioDMA0GCSqGSIb3DQEBCwUAA4IBAQAdGhfe7yqkg4TDZ6fEKaKT
+  n3rbnVI9HWRXUGaaFueWCxlDWgCsC5odcX11lW6MjZjIRoZrUQiKcya9pkw3q3yu
+  2sCA8xztP/RcOOfRl6gJ4XWxQRvyCrpQBmbDy3OcQRHpoe3UwVgjYg/CvPmgM8Wu
+  uM3TjP2XqnYWZaM1GrPE6Fy0EKcCaLvqo0uU0tGLiaGLpJFuJY85HZpqlJ2qau91
+  WJaB2sfUr/fA/+orWJHcCITRiKybgOfowd4S5HblwsDDeso4phl8ZObBgWoB3Y7h
+  MQYDuWKeUnnKKRVcHvTaqhscdrMqmdOEbZ9K8lZ+zaa6qO+w9L08DHsp0C+bKSVz
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -93,24 +91,24 @@ schema: deckhand/CertificateAuthority/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDSjCCAjKgAwIBAgIUOrPCKoVJ0Cb5Kjg9rZN43n0N4KowDQYJKoZIhvcNAQEL
+  MIIDSjCCAjKgAwIBAgIUWxPjtT9MdlLHHtT2Ya7SngB29CIwDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjQwOTAyMTUyMzAwWjArMRMwEQYDVQQKEwpLdWJl
+  HhcNMjAwOTEyMDMxOTAwWhcNMjUwOTExMDMxOTAwWjArMRMwEQYDVQQKEwpLdWJl
   cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
-  ggEPADCCAQoCggEBAN1/1OJVjY1yxR06cdlcSNj2GNQ9Pb0cI6/tPspvxVfMNH9v
-  WXL4n3+2NAOX4lJmkaB2bMZBl3co5PkJELsTLO1/4ZZH9yP2QKyZNVuWZPz5wfpR
-  s/hEZh3dFzonwtV8AdnHqppqSecj1VL+VQ3jaDMQ7FvSS3XZ7IYejbUAKlWQ7t6X
-  +xVDBJJd+mAVfU9HpcPZPZa1OfiZiN0gL/LXCgNY2hdaMABz8myMAPusyuxDpQAn
-  28/Yye+pAfToCEropHGZEfJOrdgtQsP0bd3a3zu6tVRoeiQQBn3AYcyYzSJYFEmL
-  FwbehL0KekvQn6CXa8gHtMLy6L9yvX3DBuhImGECAwEAAaNmMGQwDgYDVR0PAQH/
-  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFHigYePDM9vCks/F
-  oyR/jNHAlH6PMB8GA1UdIwQYMBaAFHigYePDM9vCks/FoyR/jNHAlH6PMA0GCSqG
-  SIb3DQEBCwUAA4IBAQBK1AhrXwOLXWUD4fn3i1SetYETUvb3Mu3qqagqPPOMRTWv
-  O3K5t6CE5EJH6yI+tcjriHfarey6h0FdJ4HFuqtvlMhEK6pyCvxNQC7W1tLgoUdt
-  yGLKfUXASVP0EWmwJ9gx72qm5cG2Uzuggvhl+Q4ZvjhNIHt+VjeFxzUgjHLvLym2
-  I272egyHzewplG0TG3F1VVjiilEiYP1Hr+pn0rwTSyIocysgiHFqV/859aVTzxeF
-  KaqDC5VBToFYrQqpDJxqMfFSJN7F3S2oUdGK5f9dX3FAgdVrQyOXEqEqznqeAB+W
-  ggW1v6c5imhEhFaVdqQXJx4ujqMDuLlqTr5LFrPz
+  ggEPADCCAQoCggEBAMgKy9wN+w7bX6Rq9sH1JWibOtegYJmbF0bEgtz93+L5nPZe
+  5QLpaxzjWVTRoWA8VnoSIC5WW80+rYLC1Ea2G0PsABhxwy2+C2FbCiFf/bLrbI/N
+  VR6Xoubitr7SLLVFcyQRnlR5pB3IOlEz68z+mVbWHBPxFsnNol3YVtjVvDdXVH/6
+  6ECdrHp+JZKjK/MG1rdCy41MGKjlgxcHgDYmVYO67h57dgbnkuqppIP/103Wgy87
+  Sn5uHcMQ/aDGuhTgn88rdwzWuRA46UCn8VD3v52Ase8nEJsP6Ez2dtkQfDEAiiCD
+  m5TjyxPE+4UW0e4JN2YU3GX7kEWX0JX3eafM0t0CAwEAAaNmMGQwDgYDVR0PAQH/
+  BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFL672WEeZEuRy0mn
+  yqkunj6gaLfMMB8GA1UdIwQYMBaAFL672WEeZEuRy0mnyqkunj6gaLfMMA0GCSqG
+  SIb3DQEBCwUAA4IBAQCZdq2XPMVbJJLLVNq65AybgTE2ZdbPYS8P4wFfyaDSwv6y
+  iTa+vr8f1Vc1L975sm94vnlj45LbaJzIVHhmSv+r/UL1uuIaoW2VTn4yqG0SjpZi
+  81TLw9uer9Brg8V0qQ5pXWMFi9W+XiZMaOU18X4ze/nO06MZA8ntUHELk0ceQOMq
+  qpQbfePCtTbQZQrtbcrl/LjYMRrjiZzBz6uiUFgLgAOIbFlbqKlmnIipXai2wPOO
+  Y3Fnz7csplpMPoTCQLrqSQ22yeuHQtowCJVWUWaTxxxYCEA1cYJbxhsfHdE0fnDh
+  Fviw81tg2trl+o3yAvOjhsaSxjqiEt/bPYWgU201
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -123,24 +121,24 @@ schema: deckhand/CertificateAuthority/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDVDCCAjygAwIBAgIUVJfxgYGUHcBl7L/MZEWKtjEOeD4wDQYJKoZIhvcNAQEL
+  MIIDVDCCAjygAwIBAgIUcC1iuGtd+j2wbxwwTmIah7eXa58wDQYJKoZIhvcNAQEL
   BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yNDA5MDIxNTIzMDBaMDAxEzARBgNVBAoT
+  cGVlcjAeFw0yMDA5MTIwMzE5MDBaFw0yNTA5MTEwMzE5MDBaMDAxEzARBgNVBAoT
   Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
-  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDx8kEN7bJVKbJxiCxzBlxoXQB/ScTTyLXl
-  aefQJLx3tX/6VTBCnMlEbl1fgolnujuxn5DHb4KnvZ29YkAlfafmw25iARNKpgVv
-  Q5EUZZHFMc5Klb0uA/2SSyXi/M5uzVH8tEuay9P6iyPeUZp+cpCx/PcLerDL0AzZ
-  PL9tZhbXigxzWdKXwmxfBn3l3OcgP0SVONvNDvKiIDkj0VdOW31Mfn+e4sk8mQ+S
-  IUeJbJwY+VSy8mANcUZ+WVSC30MF35gMvaB6+RJkk6akzmzpv00KoEIEmA93QJ+W
-  7JukqIUP25OmGbw3O3hTEwyqgEQqKhVwiZRLBmoctsIcxxBEqeTtAgMBAAGjZjBk
-  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRk
-  og4B28If3kz5RH66owjWIWRnPzAfBgNVHSMEGDAWgBRkog4B28If3kz5RH66owjW
-  IWRnPzANBgkqhkiG9w0BAQsFAAOCAQEAW7346oJ6+wJ7JsEd7M6s/A5lWA4BwBb3
-  8FNaeRjpDQl/tdZhF5Rv+t3R2cWPoB1Z8+EEZy11R3oRXraRAbzA3B7Q0oWrgnAp
-  /Aii8MUo4aSBS5ycyLiIgf6yRlyLedZTIhIwvJk1LJWMqFc0X4RcVN/3bwae/8Y8
-  kZ9o2s28KQkuk3ZnzdvENK4QiAjb/mkYDnhQOFBYjUkge9FN38KVSjUccR9Xi5NO
-  DV8UVBGiL8NumPI9tuBkSe1Ck0YRpdRzki8Be8E67cNY2wIH5YGU1t7ageti1W1g
-  eNI60d31LPdZt/LEeGkZ4I546biHBa5mQyxqTE06mY5WfK2bjvWzBA==
+  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0TT4vzbc1zsF3iPmbInUkWZycwnv4t8SJ
+  9sdDY8YWdLlr9L3d1yIem9/iK6m0zdqI1ySIvOHB/yUed7v7mdwcdgTk6kXv6g/Z
+  B1AFf9RnQaXWvP+RV1zx2RT5/xdt/tNt+M560Gov4ZmQcjqgXQUrTzxCtYDE158w
+  ziiByl1DMULXQFjIsMpIKD8TKCxh04U7yjZey+wjP2XtumctemdQ+Q00Ge85VBtc
+  tZ8kUfQ/EBCCV5PjEg5XYCNJkF79eeVshkcXuaOQCb0BytQQ1OyW5r2d4lMHQCU3
+  UOEb9lGjaUn8Knhpvbvwqy5qIWdWnGQnOapXxOLS/b7IaJp7qiRNAgMBAAGjZjBk
+  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTH
+  WMHHaoSjZMHhCMD0lqKSshJacDAfBgNVHSMEGDAWgBTHWMHHaoSjZMHhCMD0lqKS
+  shJacDANBgkqhkiG9w0BAQsFAAOCAQEAAtR3frsrYT1auJ1cIDtfPsKzM+QcOPAa
+  73BlIKt27zs6euzA2DaCsTp5qIsDun31rAXv3mraJsbolwGWv011et22SOpE9Tmk
+  RtK/rPQpIStcm2bIpZ2GFqFYBDa+GFfOUdffixT1qXcYltezsF/DovbTnfdxFkdM
+  /9KGmM02MRML4ob6K5xX8FG6Zxmz9Dgqpx9C9QvLdoGEOfaB6HJducP0YT8ujnF+
+  DiVlgdw4K9GvvSCTqcYeGoTXaLDwvpZbKLsOmg6/poq70zAVeGl9Dws0rnzgP9OM
+  JqQpiyxR1reh3U82z1jih9TDsLlw8Ms0V72ZHRe09TTZwllXvQb6rw==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -151,33 +149,183 @@ metadata:
   storagePolicy: cleartext
 schema: deckhand/CertificateAuthority/v1
 ---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWjCCAkKgAwIBAgIUbvrkgiRDc4q3bUPoJjxmkiMC0jkwDQYJKoZIhvcNAQEL
+  BQAwMzETMBEGA1UEChMKS3ViZXJuZXRlczEcMBoGA1UEAxMTcGF0cm9uaS1yZXBs
+  aWNhdGlvbjAeFw0yMDA5MTIwMzE5MDBaFw0yNTA5MTEwMzE5MDBaMDMxEzARBgNV
+  BAoTCkt1YmVybmV0ZXMxHDAaBgNVBAMTE3BhdHJvbmktcmVwbGljYXRpb24wggEi
+  MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS16KqUG0XUl4UA0zb+8L5Iai4
+  AX8TCFAtpgSfnUhh/ohiE6kbvXR22QG0/zlZ3QOJvmdfIQkFGPbXGVEtfrHqYDEO
+  iJYiT5wlBk+o4LRAdLG0cQ68ubyrRUGV2nvANfAEop7WuSOMnqp0d0aY9G0OmsFo
+  6PMmboxggWAJCttV27fo9JnGjuDFRmtaae5IhcU1Ph3RMcHrcibfjAaBFwQmKmMr
+  nhyBry6mMSwXLubpuQjKo/aOcA+WngqEJbjFKe74GYmayv/d+/CxDSBe2ibu467O
+  m5XoTVmjeG3AU/8nekgtv/Qz+++XpJvIGf+uLrpn+VYjfMj0AHgrSIZ5vwstAgMB
+  AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud
+  DgQWBBTgyK2qoSqAmq9ZkAf1dOHuQusyazAfBgNVHSMEGDAWgBTgyK2qoSqAmq9Z
+  kAf1dOHuQusyazANBgkqhkiG9w0BAQsFAAOCAQEAN/yKhe5cT4R2aEyo3ptiPQUM
+  4wun9scm75CvBvgBc1q4KY9Z6A8C7vsFL8eCT0dyKwQe3A+D4FlArJLz+mLOyAmx
+  U1NNCgaY4csfvfa8F0QR/ZpEz/ZBiXqJ71cj/CmabF6LJAMaIf0Bj/kGQyfv2C57
+  ZgJ8gf6dzT2arBDU7YfUKOljRsD8RGTsHz3IrqvyDbKPm4eZESMuK3kJFhBzCTXx
+  enqQhpb4/OOl1iaGjeEjRTmJT5fZ3LrXsXgiO+6yT7QlUOSQFgkbgD8ucVm/Flfd
+  cENDqR/6H2kXj/jOXnDrryvRgy86CNRNS8bOy3juZCfQHMV6sE0eXoj+M1+ANg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: patroni-replication
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDQjCCAiqgAwIBAgIUQ5PVXLK0mYrV0E/RDwgV5BQAgZgwDQYJKoZIhvcNAQEL
+  BQAwJzETMBEGA1UEChMKS3ViZXJuZXRlczEQMA4GA1UEAxMHY254LWFwaTAeFw0y
+  MDA5MTIwMzE5MDBaFw0yNTA5MTEwMzE5MDBaMCcxEzARBgNVBAoTCkt1YmVybmV0
+  ZXMxEDAOBgNVBAMTB2NueC1hcGkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+  AoIBAQCr7fFK3S7teeyrJuFkAcHxpDLvx3AeLhUYnxMqfbv2wFKpraIbeJmQFhzr
+  5hH5wQ9KMf4IDDNeeWgEIH5fZ/t9pcZfcw/X2JhpUwkWCRDSLw99bxR6IxWr+qZu
+  EyaZvJtmUMWMcXSg4RLADVqI2JgzmeHVO1qeYBl0eTcnGr4r1/+gJqg9ZmRnJYDj
+  o9tGoMVutL46I/DrQwVgcGbTlS+CLIA+T+wDczsR9ilSNLrGB51mJvBmcUtP0iWs
+  72zhREx588vZOXaZd9ZU7oFZRqS9KRNGQb7eyE5jAnEka8AqlXC1onS7Bvdu3Khz
+  MjbyNmITdWXmAtm5BcQN5j2OA/IpAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
+  BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTVsKY1t8Lq/o80o8pEw8Jx8zd9
+  8jAfBgNVHSMEGDAWgBTVsKY1t8Lq/o80o8pEw8Jx8zd98jANBgkqhkiG9w0BAQsF
+  AAOCAQEAc2xTZcXtKrucaBhUMF5d0mB5mAaqjjS+HJcJ+QqpSqsuCv9ysyX8er1v
+  hxZ7Yf1fOQKUeVJTx1Esp9oOYOozmr0vy6qQ2cKaoLdHIQXakttO/TXn2pu3s4xw
+  AQMyEXgxhfaPUusp+FESsy5mnKyO9C1RK8Kvegu/LV4Fj9qcGY7N7hovmugRDNON
+  QFB1yOWocDoUzD1FG4P8xir0WsKLH5wYcvCgu67cnyUnAYArGrgFKlDzONvgk4DT
+  /CKAkJzoRqANEVLpkyrPeDiGqe0p7Vrw8XJZ2K30kRDOCnYAnHWoV8w/CawRg1Vx
+  MjbyCWOsLfSw8US2ESb6ucLrQTCl9Q==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: cnx-api
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWDCCAkCgAwIBAgIUITJcIoCprCxb9YJ0TGs3Q+UPK2wwDQYJKoZIhvcNAQEL
+  BQAwMjETMBEGA1UEChMKS3ViZXJuZXRlczEbMBkGA1UEAxMSa3ViZXJuZXRlcy1h
+  Z2ctYXBpMB4XDTIwMDkxMjAzMTkwMFoXDTI1MDkxMTAzMTkwMFowMjETMBEGA1UE
+  ChMKS3ViZXJuZXRlczEbMBkGA1UEAxMSa3ViZXJuZXRlcy1hZ2ctYXBpMIIBIjAN
+  BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc/QBeFOCTrLk0d8B6zGRDyPg9yL
+  JRFWBBXd2X4btDm4HnTk8tsu4unlH9CZB69veMyxLXkXiowqalvQ2vOHIN2cibmz
+  KiZ08518YxzmUJ0Gqxsl3zNblS1ztHvWhHyh+xeF+39sLVRgHI2Lilq/5IzAntU4
+  1Soq+KKEUuNWor482gfz0kUjScI8sCV64SFZ12Jg3vZsUvK+suLXQ38sZMqT8ScR
+  vCAOTKN98jvck62sDWbsh4syjGZ4NANifoYJx3IzHZEWrvCPIAakYDVP5cD5ZzFn
+  DOmqQO0Rsp3gnHbBQKop762/k3D52Wx0Q3TKDjGLN3D1d4efwcWzu09h2QIDAQAB
+  o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4E
+  FgQUtmJJABI696xdNsYLdpZWY9En3Q8wHwYDVR0jBBgwFoAUtmJJABI696xdNsYL
+  dpZWY9En3Q8wDQYJKoZIhvcNAQELBQADggEBAHkyXydY2l2mtZOc1VK2108eY89P
+  W7JzAHoVN1nht89iYQj9ibNt2JWTG4oSopcjObfVeyNeyBTQeeIkVlNoj7R+dTB9
+  1q1slEYtTIw3NYmxM6jJnnvalRJAWVLKMbR+L8EGWqWIH6jSmP0KSJ0n6aHC1uTr
+  5Tt50Vqj6zU2UtVOUORri5R901/1hUQYuelEZdEB1F4Ly2hbyGU6j60VTdMU+GaB
+  dxKSQ9F5KgTkXaASkgvcj9aQs5+EciuixIeNlVoZfLGAdPTc1md2av8sIvRANFod
+  uHTE2hyWefVUoy59uq0ela5WXpT9PtSTd9MgYfuyFWG4kqDmZyFdDy5MwQ4=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-agg-api
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVDCCAjygAwIBAgIUJXoUyoCi4l1UyBTwev3seOa4+OkwDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQa2V5c3RvbmUtd2Vi
+  aG9vazAeFw0yMDA5MTIwMzE5MDBaFw0yNTA5MTEwMzE5MDBaMDAxEzARBgNVBAoT
+  Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGtleXN0b25lLXdlYmhvb2swggEiMA0GCSqG
+  SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCFvjcK75qBS0K1006jhOmcGshpd4/xsHJ
+  ItnpLjTV35s8UcOmyOZkmQdWkPC1lOzuGYO8ZExvGn2onvMU9E+ifNclNJfuLOXH
+  EqIpKXg4rE549nlpvZBaclthaiQnl/Qjktm4XPX3JldoJ6fUMua0qsRBKVNuKNmP
+  77VeSWifN0lmYrJ99i3qhctXnytWNnpZlIffwjSB6mbCFOvN04glP6GdhrWzIdBg
+  vYRgVp4l5T/fvQePpJkzTM53znHzeI3WOdKq5vYpPZ64S846zemX2L/i27V9CafK
+  S64PYEQcaOOcZDLLk05jO39F3nYLhKYUezO0m2ruTfG8j7qoUt87AgMBAAGjZjBk
+  MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQc
+  fw2E4iAF32F1d2kDLLpUj/ca5TAfBgNVHSMEGDAWgBQcfw2E4iAF32F1d2kDLLpU
+  j/ca5TANBgkqhkiG9w0BAQsFAAOCAQEANSC5a7hOjdOmulm2gZU8EaCy5zTZY11a
+  gAPmaBRUqanqelOLWB8rbzWnOJK3659dxZf7+6S2fnnWW47LjmBdRR13+OQr3/D6
+  2UbPD4/2N1iZ23URR1Zh+lhLRJX7fw7PKtcwvDxQn8WQsygH41egL7nfskOK2YK5
+  vSmRC17T7XS3sels3cJdMaGhfGw0+lziWokRM845nGrUEkt5Go1Irn84pDGQ5T1P
+  8kZUGsVwOMKSfGI5U49qmk3KkDpWnjqjuiutTpdnfo6XD0Kyp0mKRy/Tgt9Mv0GD
+  uaVI99ckGRpSvCwLeF16qoOniUVdyAhg3PG6RaZX/b/TRauK05TrWg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: keystone-webhook
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDVjCCAj6gAwIBAgIUWvwG9MWTdfWc74wZ4cL7FNreCCQwDQYJKoZIhvcNAQEL
+  BQAwMTETMBEGA1UEChMKS3ViZXJuZXRlczEaMBgGA1UEAxMRYXBpc2VydmVyLXdl
+  Ymhvb2swHhcNMjAwOTEyMDMxOTAwWhcNMjUwOTExMDMxOTAwWjAxMRMwEQYDVQQK
+  EwpLdWJlcm5ldGVzMRowGAYDVQQDExFhcGlzZXJ2ZXItd2ViaG9vazCCASIwDQYJ
+  KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9+3PiNiuPNb2hUFZKCMfwfG++UIOCN
+  sDaxziw5wM5c4n+XH4mjSbtx4VuJNRHBT9j0GypiYEBkct0rOAmQOMQMmq+SIZtb
+  yhafM3HHrV2KvWpIN/1GuNVxt1/841AQ5OCNCKr3xdKjJIxxrxBdCkLZWcFvhrIO
+  rNyj+ItuSB6OJ7kTS3mv0hITADlJqzjh+RdWKb0yoXStR4/8lIU3/PJL8Nyg9pb2
+  /z1SWB3cCpTAzwgIheZd7jye+JA0LE3HeP4LAaSkZN6mLftlDLQ15YNaMoTgORPt
+  zL8WPrMZJWUhOze7HMARxCnKflt6Y3C+zf5+EBN5p2y1ZqNurDfWtAMCAwEAAaNm
+  MGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYE
+  FP01G9FxsE8xfXmTr6UBDP4QfohtMB8GA1UdIwQYMBaAFP01G9FxsE8xfXmTr6UB
+  DP4QfohtMA0GCSqGSIb3DQEBCwUAA4IBAQCQjOYcX3dHHz+9T9a7XRDE3yH4Vu8N
+  TKQ5NnSubjk+pXYFWihtzNmXxxBXDImkD/T/WULKiKJI14Q2mJZ507iET7VnlUi/
+  SC3EwWs9giOUs84GHHm8NYl6fmMAYeBJdgzlnsNZKu05+9nWU2Pw3fFvKenuA/4N
+  O4eVogC8RY0e+t3lOZKdsB6RcW/guC3kwaoqyKq4jf+R3VgFtLVSfh3cE0Gye1h2
+  WmHGwaVUsnLy0FJbT2NG7LmMtd0EEFYUAaYCK+JcTDkCSKxttpDbSZ8riwjaYjEs
+  i4KmE5bgBUYDLfRdAWpaN0wa2Zn68sE3JnOWgQl1Dhj2UjQVw3Zpm9BS
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-webhook
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA105mOFX0ANCcVZrWUbYjZdK5gxjcfZs8Rsg3Ym06pVyx6ti3
-  7FJXx2fLbaDCJ+PREABlUAsjuQotkNRL2HJ7hwx0QssCmJkSBZMA9/zgXUX1Tiv+
-  GN7pyO1FG+y8KCoITnRBCwEU1YQt1aIOKkoPVVnjVmxv6kwBNLl9h1TQY+OuNwy6
-  7ipcqKU4sdD85Qn3wJ/DKChryKdodhnqgosCWAwm62eHOIjLKcIX7IQalC2Vw+9p
-  IxoYKlJC5gewHsio3zz063AHTd5LkVjNLg1RZZKlS0Zu6CpF00+hFkpDaVDdbGOa
-  uX5Ggp0tnpmSRrR/86AgcFUrpupUq/zxhQ3Q9wIDAQABAoIBAGfjzZErcGSgRH9O
-  ClI9R9FPH/KxIVt+d1RUMd1NhXnbQ4JldkIS7YYrgE5yvpzO4ccN2dUIuwEDdz8m
-  IT7c5twgV00Pdj45xidoapQ+sehv5FEHC0Hm9fnc+3bhAV2EAqQQln3/1JS+hftK
-  ifk/6SwvBnJiOpJcgEx3oKmXdEJt7LUAhXMuzboRRqZNVspb7nJhkB4mHDjruNSd
-  zIy7MpC2YRIscBlyCP/AoXu9oKHBNbOmabO6GPjPCTlK0Eh1VQ53EFq1DE3ckTYk
-  epMdT/p85TPcJrkpnhpE4KXvRjypXUeVSwOWSHw0JdXR4T6II1w25L4pOSFDbg0x
-  HPBqd4ECgYEA8HVTHWbOt7wqDOqcNa6vT5jKArL4qpugRTuv6AEqqOrKrropoGvB
-  1QeQkUJHzOWMRqu69f5f1Fw+ykrbTwcUqOpvfTm22sFrkfVT63yzn1EThDgpJU4U
-  VgKnYwop/C/dQmw236BxSs3gGBCv2rHm4/qgjbctDZuEIl/Aa8BMtsECgYEA5Tjn
-  PsyQMzu+L9I3SXglwVJT1164VCGGWa7aVO2dEgCE5cqIHBGDkFom1IPjCnR/ntO3
-  k2cDnpZW33itvRo3PvbVZPagvfmCkz9xYMsebbuBU1dAE6K2bOfb06bBpmb5n/as
-  mbzf18RGz3smcrXo/y24sL2PlPxk2Z/Hgs0nbbcCgYEA42SQLQXEB00SFxTmlH2V
-  nBhJMTQ+pFh3wAEp4KT5yrP+6C10oBhHPUXiGPwtGj8Z4NsV+vuLdC+n0XXo31s6
-  1mKc/DdQDJ9NMsJlkhRjaQ4q/qZ9gqHL6WqpEKfT/IDnJKFhYyk++hanDRr6sj36
-  sy2YF2xaVrvywO778OnxogECgYEAog0EjsUX/OBzqGM5atth9bY6R7xTHEdHMAgJ
-  mpkRvjRXwAzbBNzs4hSZ9wv2auHJh4Ot+KuPR4KJkBtE2Le77uuaGXKyWRwYT/k+
-  Mmvm6zTwTPcV+cvCpGOWaZ8usHGEcK53f4ijx2qflPc/S0GHoz+znl+lLnLw6Vmo
-  NrTK9ykCgYBdueBsGJPbJsv7JvVmhIYQUHalXHrJcztM3PrzE8t/mkUWfNKx7pKk
-  Me+e4znXjy4ybSPKlcB87R3/Hil6xD6gkuphPamMeXnpdbt4em5EkGsTulb0MZ6T
-  +alWN2xROE2NiB0Dmtyh9IGxoHWDpG/KjH9e4tCP8khQJi9W0yfSQA==
+  MIIEpQIBAAKCAQEAo+iGfoilnGW0/9eYDCXt4BmDosnWhUUgBzux8OTsjD47oKhW
+  uXeBpwrgOqAK2zNJdAMrqIKu0CTgI4ECbRqKjzTqLuoGuMpYOoiQgVxEfIsyrlPL
+  EqT1NqhloNcxaVPBdZqmfbS3JX7T6cx21o6WQISeHtnfkXH/NJ2Ptggi2hKjd029
+  EgprMmuz5aL8eCPhIFYRBRwHPKpJxfLaM17NNGMxlH29vpBt40LYroTfRKoKN7SG
+  8PM+duMZPiqsqziotJNsB4jnlHhNNoq2VvqxsWTdPtVAZCE+tt2Y3l8bFlC8ObYO
+  cCwA51E7I3eCTLHZ9uAhq9o+NPy2H7jbmNi6lQIDAQABAoIBAQCLayDjhlXgFz8D
+  E55YTvbsVKd8k1RuXaLlpCgyMHbov5K2kBncfkOBE6YxF6rEUvaawIulNSt/Dq68
+  ZGLs7NOJBkhgCV4YVrz/ZOQNtK7ohPpiABJO1JNjn496ZTC5V63J2/bcHBhgw2V7
+  jBhVXkl9rZBVy5r4O1AJsC/qdTc355/cB5lGNKtyGYnMd0H2NMy6+zSHCOsgj3Nl
+  m+R5+V/2BGEj1xVBSkdSpZ3xrETmtVFeBwn0eoVn0BDo1L58/Y9mXSfLTnfVUBNK
+  w43oeLUZ8h1G3JKneE/LfxFbxDG5avTrU2+aWu1e6AK8q2/NVtkab67QhJ+llC9m
+  GoFjIECNAoGBANaF7irh4jayWA1yKyp04/8DukuQaQXnAUXmyTV1EI9WQw9VgDeC
+  IClECB5zSwjvQR/6pFijFBdu1yu60gObMhRcPEAcR/OmNEI0hoiOUCtm9Vc/JM/S
+  nhbPqAO488ww3FOL8+xKb67fy+rAw4T5UvSgRjyMpsm0g3fp0Zg9gTRjAoGBAMOZ
+  WrviA5i3JMHTcpxV1a5baeMQ8BLK4IXfFVFDsgdnws/mWROqKAJlbQd8qUSKbDwj
+  ASCUdCpN4n4MWxVst58fp5sNLRcgnwhoyylvTjdFnzM40r38Yqse+FqFZ93ECtWE
+  EnChpyRN4NTwuZlm50zTSxk2PR8HPb6oMFRfhJqnAoGBANFbnccd8Z49yS8+J6Bk
+  uYnMQoiyY7yN6LEmfWF9YO7yWbniUKJbjTWYnm/RRv5uONmTy8ZxSQ9hbf7QcVtx
+  n5s9NNPAhfvkTYX7KvykHttsvK0sA6oKu5w5hpgzbULuwGeM4z3Mm1hIMwNkoqvo
+  gywYKtO21KNvVwq1F4cDJ1BPAoGBAKUWgEBnqIVyvnFhmDBfOfTpbtuZZidWWF5l
+  RUbLji015HU4hCJW0WIEXRuemfchpeyz1rW61rkF945Pu2i/09NYEkyJuG72t4OP
+  fzm/mhKIjq/a2/RCWrz3bMJqKppAZqyDxlSN+9ZmbMcNTnktIzfydkYXQ0s2/2Q1
+  7GSqIe+tAoGAXg6prLXKvc+wKWCqxgmqdxvP1mXyRa8Gecx2rwUBJ3SEGDRJ8Pfk
+  FrtYU6GFf2aF9gdyjDIqaRyFf6mvXdFvrJk9P71BH5QkIx4rzaZSzHDKRZ+5VSdn
+  x4zUWb1V76XUFiehj37xtf8BE4msunJypI8XDMsR5eLb3JyHirVCXCU=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -190,31 +338,31 @@ schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAxo3RL5oIQZr2V/umlH4XouKvwiltFU4722TVAbCRzPt/mBBR
-  EqldSuDFzdG05YSrPhKfaQt7dLSkVDLZwFV/KgoG+7spqbcxbjN+6nwHC2aNmQqH
-  DurIcCV6rrTB8yeItf/wsInUOCpNCK+YBPC4bqrcP4l5zxwtBdVwuxOjgDIyYLSG
-  EZpkfioKs4phvI9TJuyRIXLHSg1HriQx3deqFlUff8wSssFsnAcXw4COjPj/leZN
-  R1a6jMbftkNSWZ97JkLtMxATzp3Xc3kEWiiIdCO4WOYuKkOCn3KaVlo5tzWXhK4O
-  OKM6x7f9Oa+rwiKvRKNNCqSmFGjB287gFXiEMQIDAQABAoIBADZRi93S7NlN1IDj
-  ZoIPMNYt39llTeNbQMLXhfJtZKXIU/K83AEX9l7KuTKCYVO9BL/5hkTNkFuwI5ip
-  RKr6eMx+a8SoQlCcvlggnGL3xVGYH7qzh5lMH8OWbUaoSrsDoMHxn94cBsPKxsJO
-  j28ij8Iu2gxDxuAjHCoRZ0K2r68dEQrf/eZkgIBqpvrsLzOxfu6Fck9D2phtj6z9
-  /sToFf9ICOfy0PVXfHIJ0Kix0vK+hL5bPA4daxxijdkRvmprYiq5m8qi7lVc6TVX
-  czAx8bYwWA1rnFeaNg3kG7fJ4B9y4nZ7q5JQbJU9CJQ179GY/5y6wsV0Hvs6hnvp
-  2mwbwUECgYEA3NYqSoBhgHVQqtJQFXafVLlsS7LLpZFV81e9XNoHB/bT3HQKoVI/
-  B+oKSM5xkcNyu8ZGWsjHK7e+O5ewgYaZlt00+lcppjrWdsl4/oj+bXvMpGqnZ0qu
-  MTV0wTnzX0HeD9WL5fekhD/ihK3XhkHYXF1ZqxlNkGeb04IOV4pV5wkCgYEA5itb
-  1KRdMDY1uPSWSvYYnyWTG2Z7ssma/CyDXTDWWJj8f1DeJOJzt9FEokIVmn/4Enr/
-  Ba4EEU/yv66xUnFNtFYjB9v2ED+eGr0Jy8P7xdbpzPvi05BfTqR9DAPyzHJM7B04
-  FpsXt1lreDbhLzPyEK73vO0WMl6wjKaJirqJlekCgYEAxpY4laJ5C4FztwlFRufT
-  Q+cygagZBZx6REfkW3kc1Yaa4iXf4U4KrF1EPlCXRFMT+9PDNKRUpvWmtgQkj3Ww
-  7D+kAnMbWwaSEWP/0DT1RxMK5debDoHTvyCpC5HHTyP2QxrvoS9e3CZu1o1VwL+5
-  huXTWs94NqFVOZA8wW/+67ECgYBG13OFKC2SaCzyxzz2x3XejccQOOO7rHdqRB0O
-  criWPkgAu5gTzCsHmX5BXoudqONmdLrHOb8AwRWaz56+HCdpaNWRVq8OYzY7TpGU
-  SLbWNoZxU9mFejsLTm86YoC5UjjAt2GK+6M6CGiecG2whJFtdxzC5kndqO037Q4K
-  R82O+QKBgQDI/63n3PhtnnaayOME00djusD8O4kAgmNQYy+WI2ORQn5iX1bzB7tB
-  ePe419KjX19S6HFM3vw0rWSZcdp9VBF//6oPADe/MXPUx34HXUtFAD4oDILd2Cb+
-  frW3JhadxINPr6y57NB4Gd1R6kfecRP8/C15SYgx5JLIQS6bCFUpCw==
+  MIIEowIBAAKCAQEAxSY7rn60K2hpa5e5sBl1pUXbLOE5zxxDR6U40ww1vOwO+vQs
+  g0CZtUvJdV9aHk8mxkmDale0Zx3EndAXMy97h6EBEEna9ijQd4XYzU/8KMTVDq72
+  bYVcZHc+eot/Gd4kl5Xqho9LUoGth7QYD5rwZ4ysQNqyeVIRr1V3VpFT86e/fxO1
+  6KYFtmR5h0pdp+RrTNo8WSI5LGHAfJMSRlABVxc2C3/x++uTwS0rRURFEum799u4
+  +bzz//goRBKVeQT2qCXXBUwCbqbGIZ0c6Ud/lebEGnJCnhUmt8oO3HmuJH4f39uF
+  2/RZ/rNtA+qwPTrluqkQA7MbylzvnlyTBd/K7QIDAQABAoIBAQC60bMmdIyYwbV8
+  LmfYlxejiOHb0oWsXDTpNIj3fQ+DOhIr/qwbqGC/qtR58+R66jhtGAZ/BCNAv7Ws
+  ch858tnVOV2/qKzkLOL3EA/U5uGlZHgdFPER8ZkO3uyGxZ+ozJfSSU7XOfx/b8EX
+  4jIWv5TmGyizwEn1qy50/sE6eDacoQN7KRWZMSsqj8D5GVcL21uhztti/yOYVX7U
+  ZJefUGmgTj/oDt4ADwR3IALd7geiyJXocsqIraUYCoMsv20CLpzKK//xjz2feXQK
+  i+aztt/PVA2ZfdiytnhmhE27c+I+IzUhHAfqdh6+ayQrcxUu9jWncP+fdOk3gHDx
+  mz0uXNUlAoGBANEwBpsuAB6/BXvuGP2GV7jwhcF3ahiJcR5+vO0mwtbWvYuOdNVw
+  MtSzgWb8NYECSWiIZh/SZTxZ2Qh8DrmHR4b9LEEyIvBsR+Bo1ooZU0St0rck/Z4O
+  4Yoaruxv70hRdtyHo4t1YO2xO1uJOPcsILTr6OL21LkG9yWmnZJcphzrAoGBAPFE
+  jtKB3a2R8vy4kuKbCXTsRk+ujGSORmxJxxty6PvaDbnpkr1HPm5CDLIgnYgBaABt
+  RIHaaNqvRTQ43qhOrAyHvUgGSYDAvsXqPfvgQk5lOWoVvzqUcLGe0nFecs26XynV
+  0RviFra59yLkoAUHvTyrKDUP2dgwsuBFz6+ZlOGHAoGAe44nSL752S8wmQt//Ta9
+  V4HRLv1OUCHWC5IGGvja+jQqDmTdAzha/aDs3Jw5KfLk0vZFg6QsoWHcPBOySsjp
+  aYTd/8ASPPln1td1aGoe8aDNpdkWZ6YYdw7dpM9UgN2FHCqNYZC56IrXKXC6kduh
+  kdsJWg06hfLkRXvM9Cb/AnMCgYBz0CgKzoH9xnhwbZ08n5Vbhet+ZlhIEK+nXYbx
+  GyjRdGtwWbmxmBhUzunPO67C0YH96nWfK5t3lfjPR5lCC3m1DheDElmIL32j/XxB
+  gvXxMc/sp4HC+exaptV3zBGpxZPWvieBjfa/Qedq3Xoe0Ac7ryE+z1wP1diXpYs7
+  TKrV0wKBgG7Df7LQOKjWuL6pmrdpPD9CZJSqzGSzn4XpAACR38Rq6Quoh/aflfBj
+  k9HdW3a8Xd8XnK9WTsLtUV9yXqZCkbXaGaz7m3oJ/LYf61WYw10r6EwBfGsqSd/i
+  Yis1ZTbl2F8MZZWt40QkfFc0JJJR44nud0Y4Zev5Gd9NTXlJk6NJ
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -227,31 +375,31 @@ schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAumnQCYXA0V4cDFE7XYd2RMBnf8IzLbPAT18qgaBKWBcGtFU1
-  SLVVN+o9EipNG5hCo5v9dIZyvH3gJNSJg9u4+1cO4PIZjSz5IbqmaWiuXi9Zt4gy
-  8zmAsnwSx/UNaapdN9unLgLiw4p7SfYsCSIR7VtYvX3FEwigiNkspXWNxt66Ru75
-  vZAWbg0ue/pXepKSH3p/IyrbbwDEYhkJH5AKbqx4QPwO31rgJYXvFps0AoA/z8qF
-  ylNsmMmvwWpRPxTyuBZzhGvMCMq4XpAse0HB9c+wZ3QCM+GS+bZqsyenfQh9yvKq
-  rgmE5N8S1L9h+4ofSu6JHlwma3sabgu3+hGa6wIDAQABAoIBAQCitIyiYx4jIBM3
-  JQe94Oh3pcAwoN5uu3/VR2kgbzm0nZR6fgzeA3f4L/lSC531wfYYO6UDuf4XS38C
-  ZogIkRVqO1h/OpDWyjRBHlr1kirvhkC2kqh15vDP2L/Dy74DRnHKuWu4G0i2B/8I
-  VVemORiQpbRU4JvMuzDzgSsY1/wBYRPzXnVimoXLUR1B0r32WluO8Pm5aCXuzxgh
-  Jhkqr53MFC16eewOyhrfh6GZOaHORq24pvOl8kUvjpqsqwI7fDFx7s24r+qaZcJi
-  JnM3YmT8J/9hSRRM8FhKRfdXxJd0qFca6cpHKAa7+pJxPoN3zR31DELg/latDXzI
-  r0GL6KuBAoGBAOjNJSEnmLAWgQWH65bDC6LXJ0GZJhD8iT3v1CcTHdEJupW6qT/u
-  t4Rm11dZA6+reOFhDFhA7UD6IHxCHGjUZgSX0l1GKLsWZAW+2g6AsDqWDFwPC82X
-  CoJbPC/ikWt/SyousrkuEnAVAHsKP3aObbbFuHSSNPpHx24g4HY8LvxhAoGBAMz9
-  SnSukD2ifzSoHp1NijzoDHR6H25gJirxIHhRquzJTPXouLpeNllP18CLDO2XkgQK
-  xy5UTb9qQ6duM211UJyzXHqsOTARMvM2eU8C++E6YV2hZfOoNq4dCisSVtlEleZQ
-  9gy5SMi7D+jb0Kk5pEEy8/hvwX5Ygq1tr9M7EbrLAoGAbzWIliT/OKcXbVf3v+Ze
-  yaR0GU8asySgPxkxRJVKOhCmtF4d+e+EdVhXaF+adjG4phmhNwuVCuQx3ooKXj2Q
-  moMYN/yK+oyArYn1StZI2UPSlauOXODZYVpKDynxg+OkOXtjXzjWD/rIZv6HQJBb
-  cuNS8UTiz+i4KTDFaVXosCECgYEAiaWfpIA/XRPLhSlK/We+5q0PB/ulNXGcz4MA
-  wapdMwjtA8dUm9h9eDVz89erQ7NemhY+r25ukpUhfsEyCVMYYVDTTZBuCkfSRZyT
-  kqm3RwLztHKXSijvJrVbSZbT+KrkWTaOMfcM17U8tqk8ERYipKE5T96DOHrorNoV
-  kap9ekcCgYEA5vIoK83A4VOcgp7BoQXmH3+LdntebT8+9hP2iO0EHVF0+s3UZF1c
-  sGfaSKyX+zVjofWnBVwT97VPBlQHMKjyN8/UYqjGmmLaN0eWoD5RwlIy/Jyv52/Q
-  LWgXISDY+UGT2P5rEJ9T7C1JK4fTz4ZuWCMO5Te42bsI0CNO66krotM=
+  MIIEowIBAAKCAQEA2WBGQnistHhTY/6ogdbtsl+YdG/dr5ivO0rxXSj+DYmv98hb
+  X6xU4XeLLbXLzENwNuzhFFRPz3UeGpF5bNBFsL7djDVvZuE4n7tiIjNXE88YBK3X
+  /g0t8lwqhdV9l6Po3LVBZOosOzZysVi8wyEnyF5GenKmFRCPqQ1nTNzt1WtaebXN
+  xM4Jxx36GXJh6CjWwKsD5pvvBTGNTeTw403eXkEeyi8/N8tPymo47vswb11vALfu
+  KI1PgcSg6qM+whnFzXcS5TRgBOaSY733TfGEMn1U6bT8tf8uQRfhg5F7pErRLgod
+  uhuNtNjHq2uc+1SZ3le/JTkWSn4z/hF7fXGWXQIDAQABAoIBAQCibQfS32zdJRPa
+  ogyziC/wmvHF/1i8vvAg8+zKWbkL0JhGI9Xy9UgveS3sJ+1yYenVgMbmc+F2+OJX
+  o+ABaNbKLLRK8hqd2yh+Ynv/ZjFowdQGmwfL83kjoa68djv0NSvozx9gEoKedB7b
+  WZ0iiQG6/IbZNBXZo5hVD4jirCqizsV676Pv1wwoA9+bzgMtK6+KY5F6Uc4G6sv6
+  icjeUQbHPyLYwtRFwfwGyw1e55kYqtdEBIrVtWspixl/nWbYgFwHdhhUvhqaMcF/
+  tFOgUgH22oMpbBpbQpe6390TKmarWT/BcJB1/YGVX/9y4PbNFS/ax+tBT8hddC+A
+  xrD/lhHZAoGBAN1nlaymM7vEgNRc/rEu5qwCH/2+p0oZidIS1SqTVJ1Q9eCZXd14
+  SVv2Mo3z3Lz0ajwRsmWBlc3inMdP9hbRKLcfr36EGfUxZJbyHWPIMhYq6DdA//qa
+  E+/iEXXd8QYhZVAC9sGDBi1HUK7H8u/n+KTq5KA/sJzXcLHTjjFdV7lTAoGBAPtX
+  ixqxM/T/fM+V4k2ZuHSXHCqVTUBzdLGoNOJHrt5qGKjIqcAi3R/fmQRf6gnLv9+0
+  UM7ehoABrOOolnnUBrUpKbRWR5PXUnQiFWh+w/dIig3Rx5au8AGQw3GPMTmfy6yL
+  Rh8hxo5H0j4S4mcOQc2TgHjWe32SpWOG2o/Ry4uPAoGAb6ExeuoVfV93IRt+IrGm
+  BiXQIWzGBftYXL24Eo5UBDl0rvhEtkxWmHJKTP4eVnrZMU4u5zTt5e+S4n8zcY+l
+  eqcUIbLTL6fmsqCCJvQiJMEfcfRo295hnPobmZT8V/3wieXkqe64541kZatUlpcb
+  63KvMQjLsFiDbnVe5Q7OExcCgYAruWIIpbUdNOj4j+GLkGdnWPZcbha/VJaDZXi1
+  uLSyGpDpo+br9uSy68oJ2cm0JI7fktXP9yQ81o3GGQj8bqcwEtYfejb/gCDm9Rr2
+  T781oJfrqYfoLcyw6QcnFTsCBEuBW8U6Gz0YeWQYyl46gV9vLO7XlrBq+vzsoIQb
+  KusW/wKBgHnPxMrJXCAjY+YkgcQ8qAVwR5fUBMcLO9wt273jEsr8/XRIcOdhrjzK
+  tU+TnMpS3VJkUTTbG91WMVl9oHaC8PPCa7pasRMlirSVPqZfgkF//aRCgUZm/zov
+  3vQ85ta/SvooyeWhsJaMEiUzIkMiiZpSeKbNsG95TBeDd8qPwR6D
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -264,31 +412,31 @@ schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEA3X/U4lWNjXLFHTpx2VxI2PYY1D09vRwjr+0+ym/FV8w0f29Z
-  cviff7Y0A5fiUmaRoHZsxkGXdyjk+QkQuxMs7X/hlkf3I/ZArJk1W5Zk/PnB+lGz
-  +ERmHd0XOifC1XwB2ceqmmpJ5yPVUv5VDeNoMxDsW9JLddnshh6NtQAqVZDu3pf7
-  FUMEkl36YBV9T0elw9k9lrU5+JmI3SAv8tcKA1jaF1owAHPybIwA+6zK7EOlACfb
-  z9jJ76kB9OgISuikcZkR8k6t2C1Cw/Rt3drfO7q1VGh6JBAGfcBhzJjNIlgUSYsX
-  Bt6EvQp6S9CfoJdryAe0wvLov3K9fcMG6EiYYQIDAQABAoIBABajO/St3bu5ISAt
-  mvkmD2PtMvhuEeND/vm5+5Lg/YBNpIfpr3CqrFJ3IrXDTiQxy2xk7hUNGxfYnB4/
-  qPAVs5/KVBnx3PZV8qIxPlzP8B5SwFp/Ay+6fd1LfVY6PhVniSDi4TLK7iaraOAE
-  kljLBxlA/4ca5Q90aFIEyWLYU3tPFg325nveaKW47dcMKWpaIVMlgaI5gtotNPqK
-  KjtDtUCZ+uvgekDTCBpkC4xgqth3Q6n3oFn4O+q1g5kmSiF1mx/h6G7v/fd1xWAe
-  kDHiX2VM5eHWrHofuG/MINgeE5mtPNCQIn1MzFxouDsRaL2a6lXIdF5YYeNwCejf
-  co9lLkkCgYEA7UrHDM1/pAX8Bd9jQk52eBwQqr/15YphgKjlPhxj6ZgqxSecb38N
-  r8qOxpwYSbAAJpUmOXB+T1iha82XWZDSyEqq+gHcgpk++Ex6JgaJ9gRz9cn6vo+b
-  Q+9ALqdi/R81pfujnemzFh160wrBS7huXrhEIC3nGWqwlujevr/PtosCgYEA7vZP
-  ziVUq9ZkuUMVvRXuntC5VQIyymP5OuTXUBxlMdXYGqzNV0X0tdnclxRuPNqlBvhy
-  6EE2oeu/aiy/KrktnFf3LYom6qyiH72Tfnql8MvKGshmnJdG38aCnxH9ByKsKIWE
-  SgxNsMZaCz8poXSYWduZ6ha8wuDM9CwdteUPtkMCgYBFB4DaR5m/JIKJTs/4RQ0P
-  qdJracZlzRjKLdfqdqXWGY8vpXNLuCFKJ1nbiyNBpHKWxsLE6OXFvVnQG5HQ22GG
-  JLqSWiJE18HKx6ytDS/rIqZ9NRG9h9c6Lwpzx/vy+LZJn+ecE5UmdNL7O+C5X2C0
-  K1SeK9xTt4bBj+LkiLYrOwKBgE8DduPtCBBBtdBkVD3PkLVGwuFO9shhQjmtDVzZ
-  5sQRt4EqfkNLSF0RCpWSFdldWo/xet09IvlrYEGVRii0TlaR55NRSQjzyC/CmZCK
-  sW/rkopElVlV1AOOOgarBgVj+5TygQmTA+Vd0MxDOFrAmNetezkiB4xQlLRwGerZ
-  MNbNAoGBAOFCsYWUBh17XdqTdfr9+ia31ucvM3lSdbH0YAnQP1E80k/m+B4q8f0z
-  40z2ncTLBH0kHg6UI5VNzf0xPLTG0dGToyi/TUSxvjfaKMrDo/pI4BYd3mzr/Cxs
-  hfmWvYPBV6+KvF0AH9AXb/1XqLWqNDgHURNNL909RcguEEgslymL
+  MIIEowIBAAKCAQEAyArL3A37DttfpGr2wfUlaJs616BgmZsXRsSC3P3f4vmc9l7l
+  AulrHONZVNGhYDxWehIgLlZbzT6tgsLURrYbQ+wAGHHDLb4LYVsKIV/9sutsj81V
+  Hpei5uK2vtIstUVzJBGeVHmkHcg6UTPrzP6ZVtYcE/EWyc2iXdhW2NW8N1dUf/ro
+  QJ2sen4lkqMr8wbWt0LLjUwYqOWDFweANiZVg7ruHnt2BueS6qmkg//XTdaDLztK
+  fm4dwxD9oMa6FOCfzyt3DNa5EDjpQKfxUPe/nYCx7ycQmw/oTPZ22RB8MQCKIIOb
+  lOPLE8T7hRbR7gk3ZhTcZfuQRZfQlfd5p8zS3QIDAQABAoIBAGkpq9QqkWJVF2mj
+  RcffbWQZvwxeZoo6CzmL01QELu/u04J9jp1CQqo0JuE9Nz4VWkzgPIS/p5E1sxe7
+  /saRs7G4XrB7FeV1NBxhNOkowoGN3EuY4Xestdn1M6cLbK97LDW5AWhdblatzWKl
+  DgB9k/UfqDEfnCBI92OoeLeTXVglpfTkWWuRJI5cHlIDgP9lut+whib8NJzfP9Y9
+  r6sVKl7FWRomTCjaruGpIQhVcE45nfGiFAFfj3GP8M7mvMK+3iItmxNA3AY2FI3D
+  naMU/kJ0ffoETYvuaBDfmq8rYHyhINJg4HsSWTnrGai0YtPOxhgkUnntm1qNl74z
+  1IDXMUECgYEA5VAj0nHASw1bECqHRztiDJeCfrYpye3nEg4KqnyniwU8AqAaVie9
+  fVzsFNM8et2jmP09fGkt9PavACT+q0yCnABTEewTN0tYMCFOCHrrjsC75yeNT5N+
+  90Dm+aioyTIq6xXqPWk8Juk1R1b0/AzzGI/6D8l+7ZhWzbreLe2R4G0CgYEA31KY
+  7W6MLhuv8b9E3VjdB0A75hilMn6KhZdnB+8AvtvLTE0CPkaeg2b/i66a1LO2Ugao
+  N36y5rJOfXGeu3gk0upgfRPGnFrDaXKC2R2ZCgrmCFY9ep4ClRQtTZlWP2pTXsWh
+  2rv968dRffv2MVTRa2owkNbUcESFzqEGoBhFljECgYEAq0veNon6lxX2/HCIdVGK
+  wNU9CeKR/OHWRspudUSA83yJg3yNr+YnysnrIPNarn16hAJIN/Np/R95QqZgBx40
+  QsyLQUwUXq3NxsZaQENyS0T2GIqXKOaJZbH52G2BCCqNnObV/+HoqTh0MEJo5w/V
+  WHfU2I4wXtP5o9z/s1dQLVECgYBH0lOWgKgaqBLkx6PJICwtic35yVFPtPytzCx5
+  k7cEqsFuL5IaHzIZhoWHEcd/wrBPHw74kgnNQekWVPU8y33kSzZu425LmLEh9473
+  bppqbWjfo4SwK6Me+Nc9DqR7TqGzaBIOu8kFDBw8TU03PlT/m6401rKJzK/P7V+p
+  G0U98QKBgH28LjvGWDnkAOzvGohiMG2m6MyOBg4ECkggbr5RmQaMHAbJZ1RvKOwI
+  pLkoTGnN287ePg+iakoWMNjj8R50ODVVxn94nPg6LQAUgcmcX1we4abx/IAgaifP
+  d/n9CCJJsOFjbWoO+hYyk7OOMcxF0heWIST7lAHE4x+UymjPdC8l
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -301,31 +449,31 @@ schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA8fJBDe2yVSmycYgscwZcaF0Af0nE08i15Wnn0CS8d7V/+lUw
-  QpzJRG5dX4KJZ7o7sZ+Qx2+Cp72dvWJAJX2n5sNuYgETSqYFb0ORFGWRxTHOSpW9
-  LgP9kksl4vzObs1R/LRLmsvT+osj3lGafnKQsfz3C3qwy9AM2Ty/bWYW14oMc1nS
-  l8JsXwZ95dznID9ElTjbzQ7yoiA5I9FXTlt9TH5/nuLJPJkPkiFHiWycGPlUsvJg
-  DXFGfllUgt9DBd+YDL2gevkSZJOmpM5s6b9NCqBCBJgPd0CfluybpKiFD9uTphm8
-  Nzt4UxMMqoBEKioVcImUSwZqHLbCHMcQRKnk7QIDAQABAoIBAQCBu1lgo5TdD2es
-  cs0KvF1uZHfwyNhuiw/lvJzdQeWA9uRxkZ44CaPuOpN8tB0Dbpu1iY7zMXrIgOcE
-  9prYv4D5Ps+AY305qL3/RCaV3kSEjUlFOvdepisgd4UQKmhyh0uwCekETskSbetE
-  uVLy/HFTzwWUtSv5jUxma6llerlCxqskj4S2TAo5B+DIwa3oV7SEb9L8tS4b8wYs
-  jb4ybK08tmVRe/ScAoBALKkClnhDo+Q35jvbZ7JhsEIw/EAAZfNIDkmM8YB/z6x0
-  pQH0Eq13kWOBEGtu6uLRffRYBtf3wv7pcyL/ViqpVZLjoIH40MbJC2lOQzQ94/OM
-  e5wFc3MtAoGBAPPYnhMJyuuyTi+Z4sh6Yh1xzKKFQPZZtXsysmxUnPeQ8VMErk7u
-  H4m/NqJVkCzCgxcZKaQHUY8naUnZ+S25GMJ7gnYSD6SlUT+pv9rFC8qRCrivjyh9
-  lFZp+/OeCtEUo0Wl3SuAEZuzGiY8W3zJtkuV5Cx3lAJA321wdMb2btebAoGBAP4B
-  ZSwM7Fh5055RNEj84MRpb5B/ycTSWzWmq1gaS1QAt6NN0+S0DDtycVtng9vCODQA
-  LYuTDeQ4I7qpfi996BtdP7qZUeJa1dNbPJBI/Xv5mJpW1a99oUmaREvBRPNgswsw
-  AOm4KusLoJrkKf9surA7+LEUEV+6YyW5z94i7PIXAoGBAM1t9N49JcMjWFMp5bDX
-  ycjcknVopa3lLcs4jrBNKGA4r9Ys31yHp/I4MSLZyriqth3DiR0zPTbJER6ykAZB
-  JebSfrpRxPQEgkqMC6GW17Q0NUAaRxTplwqmByjaQGqcZGDMt2NqZWsynBkSSFD8
-  7qMHCE+d/gdX9+MPFpJ4EjF5AoGBAOKDxAGAlNRh8EHjEMl2GcuOaxtlmj2XihdS
-  RsMOz9ZdvWY4ZZoypiXtbQGiUoiLrytQbU1nGqBHIDW6KPmZQoAErGxvhgJiFwWg
-  +2WAce05LMmWXoFde5PzqqwT8rVHquNzL509y6hIejUm+/z4rZO0J5di2guQYBKo
-  naLvanaJAoGAainYZgCZcXNoV5vB9ytOboQf/R8HWg2Z0qxhcvgnUVu5tbOUmYXG
-  I0t2HuwGlYgbF1kSLuswBlu6LXpIUA2T6UmQaJ1Zrs5PJmx7XQkRnOY9oUgdd+gS
-  lvcLepknuSZcS4IgD4frNPoTbIXT02fV1+G5AuudA3dFALbI8EMcZfs=
+  MIIEogIBAAKCAQEAtE0+L823Nc7Bd4j5myJ1JFmcnMJ7+LfEifbHQ2PGFnS5a/S9
+  3dciHpvf4iuptM3aiNckiLzhwf8lHne7+5ncHHYE5OpF7+oP2QdQBX/UZ0Gl1rz/
+  kVdc8dkU+f8Xbf7TbfjOetBqL+GZkHI6oF0FK088QrWAxNefMM4ogcpdQzFC10BY
+  yLDKSCg/EygsYdOFO8o2XsvsIz9l7bpnLXpnUPkNNBnvOVQbXLWfJFH0PxAQgleT
+  4xIOV2AjSZBe/XnlbIZHF7mjkAm9AcrUENTslua9neJTB0AlN1DhG/ZRo2lJ/Cp4
+  ab278KsuaiFnVpxkJzmqV8Ti0v2+yGiae6okTQIDAQABAoIBABzQDzUCcdm2bbJV
+  gFXrPr8NVvqyFa+cZlsJxbQeOKSUCKGY3dKas4girrds9NTA5MBjaSI01Pr0dBEX
+  X0IIx2UA8y1FxuFdDSVIhuAqGl5Z3k+fqlOmm2LGpxSAUFUymMUFMrHrplx6d9je
+  eEHyO4Y9Rkr+yFIshvL8rvp2xUqcSpcPfz8U5Xu1q0lSxGRC//8TOnRIh2rwj6Mh
+  1i81KxWbKCuDcy/XVWn0fpvBRQICx45ypBaXrczM5c+seC8GPM90J0d6oKDBG7Ua
+  jxuAinTmWKhMRcQ84iH9US4HdcTfYqKf1e9Ye7ntxXMsEj4GTuYfCdIL9xDKn4mz
+  UkFd62ECgYEA77kwk/qicjGHWJbJ3RLlP7hhOtgzr/YwcCUNqzZoQ3bC3LVP7cTU
+  abCfRtJbeO6p9JyLshbqWMbOfcQ9Hu8Ctr9AAWTg7gWEZ6Yeq9Wosh2jvcQR9uWX
+  EMX/72d4/A/GqYaso1sGEJ8VOWOPlQ3h1a+cE++fYfhwKT3vXHdswvkCgYEAwIsz
+  eUJnsmS5Bsa5o4p9oM8hqsA7y79a6tcuysCme30sMog70sjj+xHl4jObSaMruSne
+  Gp+mDLg5Y7RAHTyIJn7nzbBB/Gs2+tAkBkC0pnrnfhye3A7SplOOnJuQ0iid0snc
+  K/NnS9TDdlW0t5COPePUcNvq6KXooRhMzfMG7PUCgYB49fwSHzzK3D0MMYIIYFl3
+  DqVZGPDz0Aje/YNpKhnwOMPYtFBxjIkWD34/MTPg0KTHfhprMW7sftyAz31712SK
+  K/Sy/2EUGYqW9laxpCzsO1J9Fatu5qiUWSRse8yre5ZlwkPoZayoxGzkOV2g+5FB
+  zsu1r4q/16lY1hyqjsQ9mQKBgDzEsj43Ixs+htcIqVZgQz4ZoXqOqVCo2Dz+JRqA
+  qwqWeviH3rmsBagcAf3eY8hd41LRT/P/Jx0kl5hML2AK1r2vl+FnG6xa+kM2pegD
+  TACvEZjP16OEWh98h6oNvytU/lqkswR8EcHxKK+UZTD6Qqpt2YK1JfK/Sihtzu/B
+  IBJxAoGAPa4zrf822VA5cvnLSG1+In8xcxsSVXRBBZzjLSAkqy7aRRSzfTamx/Vw
+  0bzVN9H2IlsFEGrH++sJ7NmyLx+gHbeOLFMeMjeRXinkogZ2mfPcqw3oIc6NAF4D
+  +l+J8dNdoaLsrXiP6cQJUikXahFLV1tA2XzIxsVosp+QemoYRBw=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -337,251 +485,276 @@ metadata:
 schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
-  -----BEGIN CERTIFICATE-----
-  MIID8jCCAtqgAwIBAgIUY6zuoy7YspuXh72XlWUICQW6VuYwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
-  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKicQ+yTRkoJGZUY
-  K9cNEioxicHSFoqQexkZN3de7T6ai2sVZrozezTNGxVN/b+1HeT/WKQobnrczBCe
-  K8uMW8FcaoG7NV8T9LwzWhmSQr3HJMQw7YYkYBCAo+pKRZSwCGmzAj/zwdFTxjU9
-  FkD3wT0pPIFCQTn4I581yGafZdYe7yMu/hor77lmkLu8es3kNcoY+Cqx6JKvIw/C
-  eMQFVe2KuCGP/Odmcj5cFRhunf6+Fzm+qFolnPn0X0MQ0Jb+/kH47KdqeFan7QuP
-  lBfFunGq2cMEAabg2iyrhGOR5gCW+cGc27qp5D1Wfwq+CnJ+Oe539EZxwL7lr9PT
-  aAjz5ysCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUaYFal6LY
-  wOcJBe9pXLnxR3kdvRUwHwYDVR0jBBgwFoAUWjNHGddgSoDmZJdJLZsa4Yvpjpww
-  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
-  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
-  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
-  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQDSmMYgqN9Qkq+Y
-  JUEziVz+MjashKirjBmWXDW78YT4RajIiKQUgnnrkdxMdVLBLa+XHcjnsziwOsZ9
-  GRF1T23rqpvSdLDWkEQBazAjysqzVq0vVZEJ6hadfoz33GkXLBKFS1F6vXPcS1m0
-  GtNXlmNkKVrk3tMZ9R5MD1RfEjPBeHvvyOR8gh8f18EOqmvWcfFzC6zRV5jFnDkW
-  kfWI0l/VZ6cJh+jUSaBJI+AMXpw8s230KclfURrtyL14ulLXHwhAupLj+HIbnz7k
-  u2UpgUTjHfieJY9/q2UZeLbEuLCDrGT9INI3SAVVmMXcmjx7Hjr3Cye2TXBxpp4v
-  LktPZyr2
-  -----END CERTIFICATE-----
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpQIBAAKCAQEA0teiqlBtF1JeFANM2/vC+SGouAF/EwhQLaYEn51IYf6IYhOp
+  G710dtkBtP85Wd0Dib5nXyEJBRj21xlRLX6x6mAxDoiWIk+cJQZPqOC0QHSxtHEO
+  vLm8q0VBldp7wDXwBKKe1rkjjJ6qdHdGmPRtDprBaOjzJm6MYIFgCQrbVdu36PSZ
+  xo7gxUZrWmnuSIXFNT4d0THB63Im34wGgRcEJipjK54cga8upjEsFy7m6bkIyqP2
+  jnAPlp4KhCW4xSnu+BmJmsr/3fvwsQ0gXtom7uOuzpuV6E1Zo3htwFP/J3pILb/0
+  M/vvl6SbyBn/ri66Z/lWI3zI9AB4K0iGeb8LLQIDAQABAoIBAFcph/iquP6cMYJK
+  fvquUMMXVB2FmNfwZt0INf8aUXMZe544DIAISV5cheUiYb4xrSXDjg54pLbzxA/W
+  SoXpS3nd/EnK024pxR5VRpdFFZ9T3qb+2h3RFxsizWM66E/kvG3eIJYaAYU/jq4J
+  JSlUWsVf2rcZHnPz3ZqDwYTbdSM/qpcvobhBHAEaYWJcOfxF7NI6DMI1NNVKCtXB
+  dJxE0214jSyS+ha7xqkf/L0MGXxLNrWYMXBRTZ5z6mq2vuopb3w9VCFrOjO2WMPH
+  JesH95NFrov5SZdUipCV+LEBXope9ZnWJN8gNVlH9aIEXahNB9nkr1qw03XpOMBc
+  qY6JNGECgYEA22fdahBW22JtNouJOZZRkxkQvtMzREPXr07FmNXXFJgjO6kcY21e
+  4phaOH3FwsrYgPeFVREEBdmx7dEQ5IjUZ26PgYBurWrcyAHedv1M+a/1DWDw4Y2k
+  IXqpS3dHV6BUeHfM1ZGSUg09lw5Zq3wX2lgZvNy5iOtBpOpDgqdnn7UCgYEA9gIh
+  8K3UbUQFvAjGamdjWFRfC1QwB/3rq4byCo1eO17IkWS0D4Vcq+VCgpSJXcsO9AHi
+  I2+x9fRHUICJl9Hvj1OFeUjiQT5mordT/OEt6Ccn/MFu5ZidzllaSSiSp2+WN1bR
+  +b5Ea36UMdNZNM83+TJne0XCaGIzlFZjoLz9OJkCgYEAyb/VSp1hsPPt5xUiBvEh
+  a7jFvCLq5l/X6dzuN96Smt5Wr5qOfyLn+EcN1xpYCgmKUfTJBvLRlyuZwEvZU7w6
+  TC3PCc72dsJn6AZH8XR0HrjdBgNZHJ6pCRwIpls1H+9PHUNT+CKWwJpqQwewDs7a
+  BC205QS2Gp/xSdscXvzefW0CgYEAkkC+UMnnSnZwOlO1Mjj49OBkCOYqD/ZDj5wQ
+  dXmKFh3Je7a03a1ZZNBNdDg+WkaIQ0SDXrHeyOxLIW7pXhrvIvRym6Ja8JLajc4T
+  3nk4w5XTzg5pkZHj73Nrm6bFWUmbspapCqK1JnsAO4b8t8qh6kKvBrh4VXpcU8nw
+  PPVeTbECgYEAylxpmjzzOTri1YXFrkDVcasPgN5qZeRzFJs2OFlK7/+pcR0vmBQ8
+  cFpWLDpkAiPF9R9JCVHdMqTlMgMDL8+mRu5b3hjauYjBvyHrQ9ZBbqvSMX8bJEi5
+  ZO00cI2gqks97X8xEA5Kq4kz9IwfnjBfbUybM/AsGNHw700HiFP4kzE=
+  -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: apiserver
+  name: patroni-replication
   schema: metadata/Document/v1
   storagePolicy: cleartext
-schema: deckhand/Certificate/v1
+schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUJbMAVW8nIBnN++wycGzsZB+xiIAwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4GnbvNgDR/cHgqgmhCXtyuRICJoPV
-  TVU5rHNrL8SuYpbSoNcrl1hJdbYB6PpARon7LuyhaWJuEgGKYXgkQQ7QwPLC8O4H
-  78nPKkYfhsTMlQEdmaJO958QlakDnmxkGaX0QwBdx0HSMaPE15VsqXlPh3srEt2V
-  CcN1j0mS7kfbuXJ6fgzM8afel5z+gW/yp0rIjnAj9MIG20f6tpX3KF+wB+EKJiem
-  VpxhJ26JDE6Q4Las8mE4AcNJCw6/CA/0/V58w67Uv59e6b2EzA4NfDvs9N5cc2gL
-  EV56ZMpUQuBaP8Aorir+GN58NWv5LQUDZI0RMHAwd8MHdhcbgRpddaDdAgMBAAGj
-  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTI+A+b+/KlGp29DR2VmboWjfwq
-  RzAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAhommF62uJp2AcHmW
-  43XUg+hCI7AmcndtnJCme2/XjWPcojneJ2o3CFHo0wpgW2B3hPrypGuQ4T6+rZXT
-  179BjUO5yTRuc/Tx5Xk6PtYbAXcD3ez/nodQfyxhBIuUKvq8ON+0o1qCYNSQbPZn
-  ULUi49k/ONmWc8lHOx+p0UZH7HDPPybBUBrkUvy208MHjvPeOJmcPwCtWaJSwe2m
-  GyUFDO8wbn1S+bNeXUEGfFPp3bhqu0zLEX/MZ6DqoqHqcu8HMeSDuQ+8ZFnR7WaQ
-  +8azLj+PBaIeIybNuNfp7RBattgmnFDXiyaFROj/UqU646+b/MnnetUSF9H0fh0/
-  84RLJQ==
-  -----END CERTIFICATE-----
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAq+3xSt0u7XnsqybhZAHB8aQy78dwHi4VGJ8TKn279sBSqa2i
+  G3iZkBYc6+YR+cEPSjH+CAwzXnloBCB+X2f7faXGX3MP19iYaVMJFgkQ0i8PfW8U
+  eiMVq/qmbhMmmbybZlDFjHF0oOESwA1aiNiYM5nh1TtanmAZdHk3Jxq+K9f/oCao
+  PWZkZyWA46PbRqDFbrS+OiPw60MFYHBm05UvgiyAPk/sA3M7EfYpUjS6xgedZibw
+  ZnFLT9IlrO9s4URMefPL2Tl2mXfWVO6BWUakvSkTRkG+3shOYwJxJGvAKpVwtaJ0
+  uwb3btyoczI28jZiE3Vl5gLZuQXEDeY9jgPyKQIDAQABAoIBAAV7nxhOGXMFUmDa
+  6pEv5Sl5nQ48g/zSZ2XTnN7cB6SE2Z4DpYnOvMb1jZKQUb5vQ7eQBJPpH7JBmOmY
+  x67vN/v3z22306eEhsfFGCMVwu2RBqNvaW3DtKs5YRldjvuUIjiPFt21uIxw4RIy
+  2tJGZgQvQh50uB0Y33bxbqrWlX38ZgegcPcOAdSVX9PtyrnOXLkFs+26lj5lOQCB
+  BuzNztHar+N7rexX1wHcJ/FRpdDVKl++aUQkD79SfNPG8iti6QowVDiLsyscEG6D
+  4ejFUcqoagagI4B3KW854cOp2NywXUKytFTnArN6MQeOa8AzO8WT+Dz+EzM6PWdb
+  DlxmXckCgYEA4AE0hea1YnTnFGVI6rs5t7sMwpBLgLkxHC19w21vnm5wJLKqmMz0
+  4FPyadymtOUok7MDYxlQt9qbYsdJs9R5U7hCnul2mHvqElP0N5psNhl7btX0CIGi
+  gpf5ByuLYCGH8uYcikdttRykvjeVyDL+SZBGrbaZME4/rD8RNnDuYVcCgYEAxHyX
+  a6Xx0V5gLhwqmWHeSsa2UfbzJN4byKaSrXa3IOtgCHpOL7BGlFkv3iVAt21eCF0O
+  XD0KirbWtl7wM74F9W/yiLIJdK00KRukP93QkHLnIMJZs1mi/biAmJLE35osXVf6
+  pK55NzzL0YVqitfXVWl93odSHtiXeGDIFCn6mH8CgYAMlOS/VJsBgbFs+tdin8t5
+  H19zGimzfDNe8ssqi94GFwvjc8mTNYfXhb+K5KLUbD6gNSDOkyBugy/RF4JzQE7k
+  Peg4BsLrg6I9D0wbR2gmjb3aFthTFfzrut944KA+cQOyx+v4dFScJJS4PmUCTqLr
+  vNfLcAMgrHR1F0G/Pg6VlwKBgGmUyYj+0sI+hFBCsmFZRanIvY+ts1nMQAHCAG9V
+  q3H1CNWFYx4dCtAMXLxyKCRokG7OEjleU5vWQ+obeddT9L++OAVcJdicebrdL5Vi
+  DACSvb/Mr4bAU+Uij3ds5n2AyvYdoIF9f4U/FgawOmABO6SZ2xkIfgg1Oq9k0h6D
+  sDThAoGAT5zW4CMr7BNRz+F7yddu6Qw9A0MxWCtJd2GKTytPyM9u+C5TFX/FbGtx
+  wYpTYAbKSoaeZRdUwewi6C/6CZZysoVHmE5c3DmMLtjcjbC5zx4I1Xe8+sYv+2Xv
+  1TjHvL3HxaSgVZXDhF7hhhU3hQFgumBtYEpk2vOqhOyvHR3V1Ow=
+  -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-genesis
+  name: cnx-api
   schema: metadata/Document/v1
   storagePolicy: cleartext
-schema: deckhand/Certificate/v1
+schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUY+VLaTuWchrs5fudFJywl4KrcDUwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqpLC84cUExAIqC4mmfIvl9wsXp18o
-  7xc9PHqey+xM8f2MuBQDjP8lgO7gRo7pY0rN+5DoDFixoqXBUybJs2ebs05yTIX+
-  Fd0np4tAZVAXghNP++Lc7a/sz1gKnsyk4LKEtowWF2uGP0wAtq5IUeisaWlpLq1X
-  1pFX4myV2uDKCF37e+wWs/L6WCM+E5+x6HHbRWLqOM5P/IwrdPuPXCPdOEBhn6Rj
-  YiIalHrDNHGUAnZ/le8yAAY7pmhNUmJhM3fyUdCBFEd9v7/juka57fNVPGPVsPlZ
-  dGKZaFC3jqlPOdGeKUFd40nSNJkz/KRsw5fUBGmRQzxaYg+1GxH7DSURAgMBAAGj
-  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRvmQ5O90PIFB4HTE2BeS3VxdOf
-  JDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAtxPKkcY3CIvfzr+l
-  k1K4xCvDuGJIvFxbnftTA3G4uJDav+i+9FG/wt9KRXQdrvwp8abdt7O8JdlTuKqS
-  ABkbS2dcJ48qd9Y0lzc3ijniULOtK2IRalqGccSRzrfog9GNkVh6uySl7qvPYtp0
-  cB0mhDvJtoN7xiucnvmPIQcDMNz+X7SXFxLrDQ8q5i1pLTzrC0cvKBu9igkxeQzm
-  rc0wjRANxnzXXRS5B7lXXnfM2kdL6t6htAA5NhC+vEuUaxr4iQGhSnzvBWMF+gQF
-  zGmwmD6Ze+/vHShu2TEfJ0ADsjdeFpsM/2bOSDhvZqQgDbKEkEA9CTOr6fx60KVj
-  AujQIQ==
-  -----END CERTIFICATE-----
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEogIBAAKCAQEAuc/QBeFOCTrLk0d8B6zGRDyPg9yLJRFWBBXd2X4btDm4HnTk
+  8tsu4unlH9CZB69veMyxLXkXiowqalvQ2vOHIN2cibmzKiZ08518YxzmUJ0Gqxsl
+  3zNblS1ztHvWhHyh+xeF+39sLVRgHI2Lilq/5IzAntU41Soq+KKEUuNWor482gfz
+  0kUjScI8sCV64SFZ12Jg3vZsUvK+suLXQ38sZMqT8ScRvCAOTKN98jvck62sDWbs
+  h4syjGZ4NANifoYJx3IzHZEWrvCPIAakYDVP5cD5ZzFnDOmqQO0Rsp3gnHbBQKop
+  762/k3D52Wx0Q3TKDjGLN3D1d4efwcWzu09h2QIDAQABAoIBAB3gpohrhArD43wZ
+  IH5zb6YFPuZrDgy1zuj1Qyj3uCiwp0Ruc2oBiHaAOZF2D0VHFluMPmkbcYebpi5X
+  +StbwTytpcAXlhGPAXsytY+SVA5eUXYt9VcAgRdpqZM53nKLP9iKHcck5BYd3R56
+  PBfRI83yO/7ONkdAcoxsRW62k3WzbxddA/K6RRDmuC6wpNWAk2wykw6xGwzrZSjn
+  0G6om6YCdlUaVIyOfjviM/zH1+iGydnYT0lCtLLfl3kdsVse3SdOX1xYluMzdzIv
+  TeYVGg0xZRNIqBznWPCF+nfrAWdpohC1zzf8RJcMuWkYzsJxP+xCeOipu31BSH1u
+  mOLFEAECgYEA3/TUV59xFUFoTgk0A/xSuTlyhMveS9e5bDYz1mgVjKNJhQTpaEns
+  cxUYYsKsosydt6xilJQ3fQcVEhHqzmrNBN2zxGTynZM3jfe/PlB05CewhvmVr1yg
+  /cSTqMRDHHDe4M3gnMgGoAcigu9BSjoUp5wK0zA61lsriMbBK+4FZwECgYEA1GXO
+  bA5VvG2cIPP7DCWJwivO77iffnI5g7763L8DV8jvY5IAHJ9DntoNnIvs+uXyNfRs
+  Vr8Mby2pYUHkPWE2UOXFdha7QTDZWmsfBYkxSHY4CcHc70gg4rX/pbb6rfTPw28l
+  elto0mjz1x6Wchukxx2y9V1jNKi0w/pog0x9EtkCgYAr3uPxvjQCu+tYzgi4dycl
+  TZGXXfBP3xRdlEiXSZBfGmV+fzXRzhlZedprDkOPKJIEtuogvOAZx9di0Mu0X8uF
+  loBuim/UWlBZqRx3cn9Takr0RdQCpByNWYKrXrbezWV7mBjV3YEevAcQqxmZFsOR
+  Cco9EIeWEgn3IygYGOpKAQKBgDvjZNvlAtm5kk9cXAolv30nexbu2NH/hSYXwIZj
+  uZ6UAqPxs+ReJ+PvmeztK2nnUm9SNwYSon/qwRqySJfiBD21PAM7D5unGXI8SCf4
+  chP7eXuO1SwHC3bBWI8yU+ae48I4Ybnpcln5y995OXR9RO37+szigymC9E1aGwQC
+  mjWpAoGACCphg7Zb8FZPvP/AgMzPUDPSsyonMe+LKEpIhNdbGcIn2jC42gRQl0yE
+  qLcRlAgzmzNWMD6+kz5q29eHwtn8Szb7mpaQu7MeGCuVvqm73xwfLMnXVBL2UFJo
+  T9ZBeov9vckYYyO4TGZYK49xjo2mi0OZ94YCcHk+qlMt5QPxMGM=
+  -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node1
+  name: kubernetes-agg-api
   schema: metadata/Document/v1
   storagePolicy: cleartext
-schema: deckhand/Certificate/v1
+schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUS4ybhWAn2ul0kdRon9o0Gqcj0dUwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTIwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDid3ZrOh36OIIYkTM+8m49tew+Tch4
-  DyBZbww6+1ZIpD5CsXf2kMBLmoe5lDYcjMPWfigwlX6AjLrOJTBnibx/SGwpKSFv
-  fj1VtVi4RNw+KcGJPU5MO0o3Kvai+Ch4kgDm2z1GuKmkQN8lepTS6qeNTKKc9LOa
-  nZkxBcAz3O6bmFZwAHlO8+Ig85hl+wMejF/BKPRGAO6dnLS7vDmHV2rIA5vTPzeD
-  oR2SKPmBwkf9U1kt1+F2EBOBv0RcgzFIrS+I4WAWNapI9dEiKu6e8ty0lQkxp4vH
-  CBkxpitBzQrYZvhJNb137mbzxjxK1bzsy+JX1UKYX2FaoWoUWjm00s7hAgMBAAGj
-  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSfnhRZlVizKtR+6A9A6Uf/gCHG
-  BDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlMocECgqsFjANBgkqhkiG9w0BAQsFAAOCAQEAv4vdBQJDZ2zBy3FH
-  0JaVSwQ0BaWBkBkj76sP5Z1KYLUy7sV/qf0P2QHwU0oi9ZULhtyxrheAWBucbW20
-  ZVZkVF/hH54u13WhQLx+pjy/aahm8lvpiduf2Xr8gbFY6MVLCoP2JroZoTlZGPFJ
-  CL1mZBWQ18GfVUH4k2Wzbofp7W9ei81/I/3cSvq4HvmdVeehNORYL3VYbyMgWmAN
-  VnyFXYpp7FzZHw6UdnIol5fmXH7QG+9ldmYGT6URF0LlK0+ThbKwERtBUULXn1ys
-  HJSnywhPbPu1R/3Y9Q8Nii3HULGpqrbvKwUQ9oaOzMm0G9EY8UbWzkztfPEW3oRV
-  QGF7FQ==
-  -----END CERTIFICATE-----
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAwhb43Cu+agUtCtdNOo4TpnBrIaXeP8bBySLZ6S401d+bPFHD
+  psjmZJkHVpDwtZTs7hmDvGRMbxp9qJ7zFPRPonzXJTSX7izlxxKiKSl4OKxOePZ5
+  ab2QWnJbYWokJ5f0I5LZuFz19yZXaCen1DLmtKrEQSlTbijZj++1XklonzdJZmKy
+  ffYt6oXLV58rVjZ6WZSH38I0gepmwhTrzdOIJT+hnYa1syHQYL2EYFaeJeU/370H
+  j6SZM0zOd85x83iN1jnSqub2KT2euEvOOs3pl9i/4tu1fQmnykuuD2BEHGjjnGQy
+  y5NOYzt/Rd52C4SmFHsztJtq7k3xvI+6qFLfOwIDAQABAoIBAEo/nX4kodhPGJcQ
+  HDQtS+kdEm6x1F7Teyil03T3vzCeNPWTVeSE8FZFkGAWXG8qhKTlT9cPC4ppOO77
+  t4QpnhlL5sYN450ywcgxIaXbfmk3yWFO8M15vjJLkxemEiSvZa8CK5XywgmFOmTW
+  3sY3nrg4p5FB7O+0Yt5EVj62mHZndndsG4SRbz4JgzJSwy/NDWWia26rdWPrFtrT
+  hTQ7aIet4ghmHkL1SNBefUjlOZl0cm/WQ7Oo0NjxYzNasyRApFGwPQ9KPyGEo8nw
+  I9PufUzx25QOM6r2PbvRrQ38c08/1jUCMjiY6m+JQlKN7OVwgkTvGWwAclVve+Qe
+  xbzudokCgYEA3IbXyMQxyMXaFuydD1eKyXQ/77iFUqDohUCw7R1qje/59Bk8Ef4L
+  8m0Fz8UsdrV39BkJvkHDypHvcibj8+Biz3jmes0uIDdqwPcmdwfaTYi0JJ2QACUE
+  SAz+CmzralbZ7n46MX3PJEii8mC+Z8nl+gFjBTmqbvJ9zYfR3kKDwL8CgYEA4U94
+  QhMVUbeUMld8N65o5hksbw2Wwkrev0TQq5WUWyu9uKTVHUS/pcuIwkO2YwtGuuuG
+  NaDeLYDR4HrNcoQksmdy/VxQm5S43aq5JbIDmQBqyAlenzmiTLx2OBCt1dK4CrnT
+  oL2ODliEvhK2/Xc5Mr4ySZbj4/Ac9JiebtOTRIUCgYB4aCuTlAP2soiEccbDpLHD
+  kvSB6Abrea3ba9nubVxLiVa5f7m7vTE6uWot6mN/oU+QeMdIGVJU3V+WvUNDWiW5
+  UDLPpA3mSzu/hnJ7FU+Ne/GX+GuymIOA748ZlCTpl+g//q25bg7Wqc5Gdqofsy4d
+  VfqB1N2I3F/yA5GEQF79swKBgQChOk3y8lbyJ+zrbUEdUzgLV/485bt5AzyMIEE2
+  V45XA2D67TD3hceia5hMc0njbCFMBtf+LkRuyVzmRtoXVUoxQ+e8N8AS5QS40r80
+  o0MBzJOc21+Tjxl90erCyeSrOuOqATnYL2ylBWDP5vJ9REBw+Dth/5DJ/nup6ECP
+  S+V5RQKBgDUXncKiBjNwt4xCjR2mUU2v2u6blqkAfIxJaRwD9PZwRW30papp6ADG
+  tiiL8OGEUGfLbk406cD4O4Mhx5nfGZdPsKAfNLRdIcnHbl0Xvj/UhOnA9N90TH7o
+  xbP18UiMlNRAyJN88ErKftFTHIpbcX28sWj7+2NAUksLglsDQ2xL
+  -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node2
+  name: keystone-webhook
   schema: metadata/Document/v1
   storagePolicy: cleartext
-schema: deckhand/Certificate/v1
+schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
-  -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUQaJdvhhNGVfd6aKFeSt5QKyUAFgwDQYJKoZIhvcNAQEL
-  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTMwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOkfuOqtogUj+IVz27FIiHapHuAxK
-  +yVEhjjlGl7Pv3NpPw6jJWcIQZewTMV2oc44yELnLL4Nnbv3JuKaXTM5EmZKu9IQ
-  i+ybDLqRRXN8Cfpr/nf3FrqKffD9SHC0vUIH2YVC9nblYCxZoJ8M8uzhnu5F1MzO
-  T1ROrqno98W6etVJ9fPet/CZId5wztJcRHHRWlHqY2BwO39MpepZQ53I9qByKrLS
-  g4TT837MWCEIEXL5nRkzoKPJKi9KZQf0/eU6+BArpNNaQvwDEaPo9ktaJxP7cjEn
-  2jSOHFRbirL6LsO+UoI+qNCrA9OArP+QBT+wF+89XkGLJoxgKqe7GZlfAgMBAAGj
-  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTsvkdp9Y77gMsZAcj5OqrdKehs
-  4DAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlM4cECgqsFzANBgkqhkiG9w0BAQsFAAOCAQEAL4dKt+X1UT2ONUni
-  kiEiyWpvQOPycEQY6zvONYCLImM3Ska4UDZ6tK7tG/eEqzju+jNPdlNQEKBt436W
-  HgPckPHxD3fnsj0SgbQ6JHSBaU75qSXFSkTxG4na4acQetoDpYdYIE7Q6mqjUYEK
-  /CzVLPG2AFSDAntnmQjWc1hTKJqaF86gzlrC8h/La9aoldsZMprQrNPMSYeJe5O+
-  SltKx8rcYMtv57tYevKKuADUzXYS/ZcUzBMU+gcV5pntFgnl59NPTn4oDmEqHZYv
-  CUjUzMh2tBCxGtXvpxaicehCbKyYbLr2hh0wFFCcRKMUZ4L2Vay4yBuPMGzHikGC
-  ing5Pg==
-  -----END CERTIFICATE-----
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEAr37c+I2K481vaFQVkoIx/B8b75Qg4I2wNrHOLDnAzlzif5cf
+  iaNJu3HhW4k1EcFP2PQbKmJgQGRy3Ss4CZA4xAyar5Ihm1vKFp8zccetXYq9akg3
+  /Ua41XG3X/zjUBDk4I0IqvfF0qMkjHGvEF0KQtlZwW+Gsg6s3KP4i25IHo4nuRNL
+  ea/SEhMAOUmrOOH5F1YpvTKhdK1Hj/yUhTf88kvw3KD2lvb/PVJYHdwKlMDPCAiF
+  5l3uPJ74kDQsTcd4/gsBpKRk3qYt+2UMtDXlg1oyhOA5E+3MvxY+sxklZSE7N7sc
+  wBHEKcp+W3pjcL7N/n4QE3mnbLVmo26sN9a0AwIDAQABAoIBAQCPRrKfFefbncAj
+  2+oUx8iJPtiu2y+QRP0lWjqprqjzka+1XSr5Ut+CcjH7amRyT3Gh/YEkNFbCm3+P
+  g5ZncGB35pZvWo2naePuXiFA9jVa1kdYOwfC9vc2A3YjnrHyjyhdD6eQ9WKDWoAf
+  TT0QzfTvqMV3gFbmjcahCBmFtA6bKje1n7BR2LbkIobkqgz+XZ8aXza6ObHVcqj3
+  3d2emZSoP6p5LeZGKBQJj+jQaZkZCJqtR/MGPGLjTdnC2tAGjRztgxi1eTGOZeil
+  KPeQAg2mGcFXV96Eil6NyeJH7w+jZ/bVVntTriDZiREXYIeSJQvQUPnbMb+/EHOo
+  tnZ+/X3JAoGBANILUWzazaohSrLN5dOpsMMEy6eSq/G7KA9tuU6EvLX/ZfpZqMr/
+  2sLrTJ06CBbA/zDL97r9EdsJjuKaeuTQ80JL2qNYqeBV4JQ2ntzf+n2EjEt51iM7
+  pusjAp5DCBL+kHYhos7fF0jaUCZc2b+pXOEF3Um3arzsgzHw2m41WT1dAoGBANXk
+  dS1y+tJm9v7E8ssLrgZbC5xfwe8QAlz/JQXbeMJb20QSGVNMIkmHEcpLeYkR9lr3
+  70eip8aqnyUebuOMyPGR6Dmf+QKq9xZqrV7VQziboI/AnmTsODnBbscc0CHvGwPT
+  SAIeYvhS9136YW5AE2zJBuzbDZEp4sJHIrFvn0DfAoGAerFVzOo6vKhZw/x1xaAX
+  urMwayBIBBo5GloTpoPu37jiTszUxk+R784WoLjnRLNT3aMngDiXl4ULy95E7ygH
+  ELDSdBw0jvBbEPie75J99ZfZg7UVmtsbc7qtqtio/L9qjzayrXivV0T/EImoQEak
+  FGWij47ucJEPSbrRPRM4n5kCgYEA1EAy73jr4aJ/c+3oqQjcFj5+1RxJDHwsfDBM
+  gvV5bhVNDs2PCBPC6of4ZXBkGFsUxszGS6XjK8fgySrcCz6HoQCTG6vdpIIXU81k
+  YXjrjd8Rg9U22Rt36AhFb5zuBN6LRk6BZGjW+WkLQ9zUll1LaWZLUvtFCUoxVWzV
+  xpHnzK0CgYApfElPuHsX8OKVaJOgYCGah7wiNB00IejhWbC2oqsHdFfLYbpxmnkp
+  6AeJ33zpIuteaYKQYyM8QwEmX6NmAqdpC2KYCSq2ntY2sV3tQEYmv5y7cysN0YLc
+  9WEIXLtvfp8mxBqEybPdi3UZe45yOzVsvcqVkULQD0FQWiFw/6WUOw==
+  -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node3
+  name: apiserver-webhook
   schema: metadata/Document/v1
   storagePolicy: cleartext
-schema: deckhand/Certificate/v1
+schema: deckhand/CertificateAuthorityKey/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUMfsgZ5GHfSJ1o1vQY06+DbK0yKwwDQYJKoZIhvcNAQEL
+  MIID8jCCAtqgAwIBAgIUTe+awv9G7pRcm15VMGgfGBfQM0IwDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTQwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8RE4jZkWHyd+w7JndS+7LkEwrGmly
-  0b+U/d/hrZdC/x4IZMr9OvPTTtPpVn1R8lOUov5dwssrZ8zpSJVNmowVLB7Z01wF
-  AxxAxUfFUBEdzoA7GvpcbqTI8SUHfMjrd3PYrvFgYidsTkAxBYfC0zEn0gYaAOfl
-  FLlLS36csWJXun863o/2A6dAQbtZS/3zK0lG3X+ZMSEd+VciWsW6kvblTVqydewu
-  c7mNSj5mKW+CxL+GZ+aZApE1xGZt7eKZGm74kRCmnmWPa/Gp1aLUnn7L0uG9kmQj
-  YsDIlGk12OvAmAr++bhvuR8XszlHj4ruGaFvLdm09pAFEnTiMq75rd5rAgMBAAGj
-  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZC7bCPP7UuV3cPAXKe+ET9j7l
-  DjAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlNIcECgqsGDANBgkqhkiG9w0BAQsFAAOCAQEA0rde3nCEuxbDznCE
-  tcaIHDyLJKJGoA/Yo7jxmYHCSgo7CpAiVL+f+yCQZ81gKyb0xgWd/gQvfa5ZhsTX
-  1IQw/8XBE/qjaLZfsVGkR3I3jtD3GWSG1xLx9jnaxOJuIZtxTG16JFRwX9f5Zpbn
-  X406rArVnw5brHF+In7uagc1wsffIVXrFm9xfv/e8PqaU/x/UU5onwHkzVDk+Oez
-  fTZPjx9aF3k3p5IKIN05li1HNyppnqiILayJTNvhga0TzPT/DxCM+pCzitbhWE9n
-  b1gwwVZZPPHrJx18PvWcDaSae4uOPx/t8LTAumpF7jXBoXRADXjU/R2N+jWXFyrW
-  gkJWgw==
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMBQxEjAQBgNVBAMTCWFwaXNl
+  cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSiSlTHYr2HS4M8
+  5V2D4ZRea7Pm6koZ+h4+eVJZlOn7lutxkvmxbM15L5PqAiiOLilAMM3JcD2/OR1b
+  lOEJB7Cchv4TxSSiml6UqrNPH2MQfFHZ9rX8uurfq5THMMlspB3YtIkL+hTpv33i
+  Uc6itbT1e8Blek0P+9BUPopdnT0evsPRKlIXqSUQOD2RTWMRwjLl/SQ03lb283Nj
+  noDoUekYHgp87hCvRpgrqBFfe0VAP/VFBL0ztyS0boBHZg14aP/0q2Fr9xMKk2YZ
+  EoVrKvR+5ZMC/TfSl+shW6t/+6rj+HCjCL2aqThVSNJuQX46zlTcbnzA9hfQCbvN
+  swJWVXMCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJ1eZGBzY
+  9P+d/0eMzKnZcu1cP4gwHwYDVR0jBBgwFoAUBvmNwm3mSP14sWWdXIUC+9spuOgw
+  gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+  LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+  YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+  LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQA+rLR6IV2use28
+  PpF0l+k33WqfVLmUjk5/JM/bhhvMt+BM8j2kG2sUYr/Cdg40BQk8IzPsb/PdGbwL
+  bOp9vY0G1DhDvLABel7+oly+hyLY+voFqIr06lPXG8U2G3qCYSuAFznGvE7cJ3WA
+  LnFRyVg+e0nPsZ240izbj4qH33KlSF93W2ybH3/OmQykAw5mZBgVDuH+/XYVQba6
+  SgTfK5rr4aPfiHDa+NgZta3yiiASGQYHzeF+61s8BgQAvwHlXudvSXOP5d778tse
+  096vdramkrWwd3NqzoM9d8/JxOWupRMpT/f1KasEnaHVfkRCYsnMHBOwvppwdh3B
+  GRjvohlh
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node4
+  name: apiserver
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDkDCCAnigAwIBAgIUMo9BJfD/2nc+Z4U/s9+9nFab3+AwDQYJKoZIhvcNAQEL
+  MIIDkDCCAnigAwIBAgIUcJTa/5rHiI1F1DfxQSUu06Vf/J0wDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
-  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTUwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0n2GbE7V+KzIiq3adpd7oSVYzJeR+
-  gXUDfXqOrxuGtwFkklR4LmFMnno4TNh/xiv6t/kPrPDW1K8YgxhtVU5QE4vU4rBN
-  GiT60rnHGMDtepNOIoklF0THJmOPQ1zMbMivVK0imnPNEQGCQCl0bb68PrSoZTZg
-  R1YGNHwuNvVJMubLjgiHpFgIrADb9/AlVDsoSiVUI/8m2FQKpAcjhS/yL21aWGTV
-  dK0ddN1D2IjyUq/AyFaAAc0qZDbnWVQ5YVf8TCirNWoiR9uLPAH3lRONCNHMWp1N
-  W6i8wxeW13WRfQNwRSCz4XkrrTqpwPVwGelmGm/IYdgo+Qd+rR56Wp6dAgMBAAGj
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs/OBDncXLo8r6R5UqDkzuPOTxYxkq
+  BoEZvTiAjrU7pEmVQEV+S/02BuzHGHEFS6L3EyCUzQ6ttVlR2jdiQHzSEio0f9w9
+  P+30kEcUy3l5XRZquQ9Jp+Bdubb9gHuOLFq5MrP5xv8qIQ9p0NVAM6rtjLP9Fd7f
+  JF7CpQtxAkB5JCahN9S2ULNwMDS2PNdf9HL2pa7BMnIipW5dNhFUBkGimEjN8K3c
+  aC9s876N5rUt6SW54MadxPp2Eluis1YOAdpVTFzGcHpwirUMbv3bZ8UsR79sO/m3
+  mJeTWcxMZHKlL+nsg0xtIYT4e7K2Y8C1lc7+VTat5ss6E3eRjwW8oBgVAgMBAAGj
   gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT3PeuL49Gx89TnQj9wgmwEqyGP
-  5zAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0ktmxrhi+mOnDAcBgNVHREEFTATggtw
-  b2QxNy1ub2RlNYcECgqsGTANBgkqhkiG9w0BAQsFAAOCAQEASFtX+vOtGs7Eb8tJ
-  F6H+KDrPWwOtWRXxJDys+omRLXtsIrepCE/qrXr5cl5DKOV7f8HlfewHO5eqV16Q
-  whGAOz0tLvOje6LHuAp6xXDxabbWSit6864ro8TbQLkf453Vp4PrBxkIlxSkmrTG
-  CX0Iu6q78tdS2dFqBWN31wUKyXK+xKXeeKFVMvoiVK/SNo44uYi9+OKVvbdEni0V
-  oActentkNIbJhwNpgQyFdmWW17BcBprx60aZQjJVGixaLh78vbqVXUeG95WbtDOH
-  CVECRTd/sqsXGMQrN7SulGr2zU/Y6Vrcmo9UcraePd/EOHeR5QpDFeZhYwA6hpAT
-  aZ9HqQ==
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQU6oFLEF0GuXqr5dNQ4tslqW9f
+  FzAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAehBDm64iza0KK1vC
+  TaGy6j617xjpvmtXb7PpKOzmmCWUYipEGIzJM/EvCv86F5TJX3bjEIVUXDbHN+rx
+  OXBEOCsA43AWxWn+dVcHmo+2FETfn8jI0sgHm9m9kA0OsDI8fHFoY3/w7Mv8O8WO
+  QEcQislvCcQub1pddX+NBk6ABRT3cqNyLe6mu7nX/uEwA5DcnjkS+kqaZoZP9aOk
+  6IBzKDQMpHY5vAAHjQEysw1u6OoCSsGm98ffNmI+OynuOhPbqbbAd5EVYDdY0W6Z
+  u6hBrWA/Dhe0NkWCC6tdIp7oBJBNaUpU7WnSB1K5tP9s4irlG/k6MJe3O5xrMdmh
+  NpaeDw==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node5
+  name: kubelet-genesis
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDVzCCAj+gAwIBAgIUdANeJE8ljUjmV5Hp65SOSeKxaOAwDQYJKoZIhvcNAQEL
+  MIIDVzCCAj+gAwIBAgIUOi46TCA2iVJac8laAa1bUyZSExkwDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
   bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-  ALWjoL+bP6neihd1/6yhLgB30pyNyMHIWA4HSpxln/7IvziZY9XH1NuJ3ztFgTuB
-  riAg/jYEjqeK4L79BiMv4AxK8cGSCYcRZzLfdq2bJILsG+gQqmYvMaiUgx/yDMBv
-  2YltX5InDK0RNj4/oeHs+eQpkw5DA3k374czdhb765vzCJ6kH7TS5aEl+DJjrFLX
-  CuZviqHYTGGKcEQaqN3F9oPyec0B1YBDsHiQet7tknW0kebBK0xEcHBeQRStiz25
-  kg0n1I78dmdq9HQWue8sPxe+VKLWPblKTvZYMrgXPjpNiVXACtUz3ftzUaOvq3OU
-  Xi9GhvgeNwsXEsTd7zCjFFsCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+  ANxUDbrytO+CUceKZq6XgHidD90bHfbq5FZjM6xtCcD8C0RkVq47K8hC+4OmupkU
+  4P9c+/tFk78gFKIt1hnD+VyPomSesI4NsA/DULEzW9Ve7HIyjikoeaIt4zo3crAF
+  s66NrcViJ8W1JPOMYVgpKZL7XlLvIaVmT6V/i2giyKaJ+6DkrakIKOtinJ/HRMCh
+  Mb3vkcYo+RwoPOzPTkeTaI1DXGRh2Gceh1pTrnqb8yJDmU8QKdA6H1spd3Dlbslv
+  Tab+OsILgcxFVKQSe+b0DPnW7eO0ED88B5cqmdq9mszZcty4Tx001DHiSKggGzyR
+  Wc/COy4iXVgy9X1gRUpzE0kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
   JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-  BBQtFWNeRnICxihONdRZOBHqBGLWrDAfBgNVHSMEGDAWgBRaM0cZ12BKgOZkl0kt
-  mxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAWi8hn0bB3lpgs9AldNGECvvqttOI
-  myNSR5EPhz21ylaUJl7fiZKYK2X3TVZ1wSsYBERYtXxF1SiKTWg9PoqDseF5o97N
-  jRNujC7w3mM9JKZo4vlZT6dbY7KBxSw2PwA7IcUkSbU/wdFpCdHALT+rJYC9Px1/
-  ZBzKeDu8HVik81cdOiH5r64qZ0YTzIYL3+ARnfiCq5f/XdNS4L8c/QFoY3kbzUHN
-  /TzYGkSmZucGhMP+nuLMyWqh4WBr+MuYCeSn6fxPArWokkgt8918YS1J66mAqVpS
-  5oQ2iOaA6Y1bs9lKUb4+bdDOF/6sU5fIzekUtm8OGgOu/Dwt2ej2sSSBWQ==
+  BBQ8GAMTGcwl/wpuezgxGGL/zsQTyzAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1c
+  hQL72ym46DANBgkqhkiG9w0BAQsFAAOCAQEAYH9cCQzA0XNbOB290/tVp5CDOqcU
+  okEWUeaD9LUmL2/2flq+Aorh1eI/UpHPrmhyjyXiDCAPok+UbqDp05WeecCWZtPm
+  GuNXC50Y53GVNNMLBffx61YDP/uC884O9Npcurx/SOIs4PqYv67/Ti/6+rWBHfNL
+  91epGdVDN3mSWdL8GiTf8kFPnEpWyYjwYk3l0ja582SONh9wFuB9rgmIOqcBmwc6
+  7G6nN0s24He8Q1U3POQYEb+dqFnbSQa648h+sc+QPrzjqAi31CARvbG2rqem9rrO
+  PonpWW4fLzyYrPVUF5zwnw+930BQFfEuWaF7K9oh91c7XPeNVTuIan/+Kg==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -594,25 +767,25 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUIBIki+x+3WYc+Ojs0hPtefTRRlMwDQYJKoZIhvcNAQEL
+  MIIDYDCCAkigAwIBAgIUNWjbBsiIn0ilZDPpt/RfciZokpcwDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
   bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAK8+fcuOH1BiIZ9oNhSWh/VxNYZQptOuLsZ7l+1o0/OdXBVmDNEg
-  LHTT3duNPgRz8d0FoIeEr8r8SbJC6YgqnRgT7icZBmy6PRH5qCCFXm+7RW1nbQCe
-  AQBjGaQ99b+Jg7mH8Gkn/bU5/PaKOsxtbISn/Z+qJ34CuVks2HWQpjgBeb6KPlsv
-  XH29R8H+ZDXI44t7499opZkyYDMNi75MXGdDBbjaTCZNVqP2BfrdDZ5S/DAW0i6E
-  +gcydlr92BjhSfDXJ3MXF+JHhD00slyUfmp6OYywlNdK6ZaG6G0bWYvxWWXm0ib6
-  jHduUDBIfBPZFWMIntLaTaG9QHsDONbRfjcCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  ADCCAQoCggEBALLsl9mXWlGwFuy9AXnKx2GagGR73qGcwQc5CaOTRgkzTqwNCze4
+  Duv7nr2xUV+sL5OYKhI3Dwt9sMujC5TWI8VVTUbmYKyGQMr32YH+4D5ty5wKqTwR
+  BnJuPWYCI9daSq6RaagVUmJIAokXVEjZHB9ahcao7XIjWX8ozLOyJle9Cv8+fvkc
+  mu31h2vQqlidvwPoFaudanRTfK9sksOfoLoUe+yiFpUL1rMbY0vtj7kD23qaVARG
+  lUGBhTWhnJnJSVFAHgqLPouKxgvapgRa9JiBWDAfbQMHQIHThrAuWkEqsjbbJpFi
+  tY2+arZTbXS5LFtfHvebOqpkiDeCQbjdhj0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
   AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBSc7Kr5cBGsRfNZx/J7h4xuas6LpDAfBgNVHSMEGDAWgBRaM0cZ
-  12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAmSAOjQCEtfUCcyub
-  KbnVzvA8A7OEFhxid9p70l9wFaAMB5sA7hhX8u5ERfcRtBNK51sW6TSuqAT29amX
-  PWykBeSglq1mE+jtyiUoknXXnTMIMoGHC+oR+2bfLqiOOCcFDHVWptt1TyANVACl
-  0SdQvHUBBdiAyJ/2CaqSkJ3A95iUPZsAuj7zJa/0g1WFFhDzTACN4TKWgudLKISt
-  aSNegUJHiIh+5pxl3GH51CU1rxdLC2TI3jrz1snlTxQLNJ7NMKbHDHDj20dElf68
-  65PrT9xTiyxghZiFANZGMuT7aAF2SIKvko6nAu7mzIOPeIFUi4Xnjd5huSFqnlat
-  WvV4Zg==
+  MB0GA1UdDgQWBBRmoS8r9TgbCkBHHBcDe4F3tKKAfjAfBgNVHSMEGDAWgBQG+Y3C
+  beZI/XixZZ1chQL72ym46DANBgkqhkiG9w0BAQsFAAOCAQEAnzptAvtd3E5ZtlIc
+  eedOl4m2s3vcIqTYis8popcvunYqOBzUfHF9NvG1TFIVD6wm+u21IgtdIgxDTsZe
+  kp3ev58yNnPhX0wCUxuQpQ3ICFwlEb2p5fc7GrA7FL3mixs03pabqlMp9sPv9Q4c
+  xP6+Dv2XJX2eEy1WD8JRgJoGuc5XqFKxfaWgabZ/gjLmRROp1EOLeyQsxhvtqhNc
+  q6AuPYd/QSrB0NGmLmhJ0fXMOvv7oO4KK5uXaQA6tDnR7XyRF0UXG+yY348SDoYE
+  ydKfoMWtuK+ddgY9rc1SDLzD3kA50r7dHtKqpiGbW3M0w0tghbdArHgCMmSDEKuJ
+  zzw1SA==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -625,25 +798,25 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIUcC62P1LOxZR3gRBd2a8vicle1o4wDQYJKoZIhvcNAQEL
+  MIIDYDCCAkigAwIBAgIUDbB/Wgx6o9geZZYj3yFK9eKxfpswDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
   bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-  ADCCAQoCggEBAM/1/HvXestZlloGb1hW6TJ/SLcWkgbHPkobv8dsLvD7jl7g19Zx
-  IAmIlBJmtWe8BWb8L5UDSEUQ3YuwGQ4nW1EcJLS7s+X0X8nw6iRWERr1E+qwNsix
-  HC34W4sfoN2/aZLQWVhr7U0Lj8htrnNWwjLuSCWrVki599bXZeIYBqrWEst3kFqK
-  sJrcvTfhlk+Q2Jy8uFzF73Pqf80TAcWBLuwAp0yc0U8I2/pfkO/vNuzIes8KMbIW
-  dg97celLiuvc0faxKBFH8BTFa7D21WQPyNeE82h+LFg6Z+9XY+bb5mP+unNxVC7T
-  LALbUOAKGv3DR90y3wfZezNiyXtQyoJ6qRsCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+  ADCCAQoCggEBAPvn7IgTMGeK5cXAbMzkmi3ZQ4jsuCwxIZJWAzuuki9ie9mj7cKb
+  EMLpcTr4u11nFqqnz44N/M9aFyqnDG0v4JnCptLvM1Jfy1PlQ2iO4uVT937TAKEs
+  gGoVNK8ftmzfsfIIMGOpLRggih85J8ztqt825c3hGHGpVcOWQMy+g5syTqwLtyuB
+  Jhr++WVPWTdaoYExuh9OyRJZDtdkSpKgiNNqolCojxYVbpiex3cjnjcPJmUqXH9A
+  vCe7m5YrllEl634AEvOjpQRkMN+iiFYHVF9mU28ocU68flZ/ijPyt+OpKUeN1Llj
+  342NHSRfZjvbsATzUy1lq3gwJgP8zrsb8K0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
   AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBTbkpexepJLkJJrOZBUN26bptUWVjAfBgNVHSMEGDAWgBRaM0cZ
-  12BKgOZkl0ktmxrhi+mOnDANBgkqhkiG9w0BAQsFAAOCAQEAmjPjiRVuU5fLxdXf
-  pKQkvUbpdiJ3e5n4IaP3tlO7oZBg6xSIDQ2vcYgIVtMvmBu0FtPE7lOjW5a6e77y
-  Mn1qWLryiqvnwNn38nN+IEwkktLVgcbYxUxNqA8MYx6Grj0wTj3o/emDH9bW0Hvo
-  F3e987CgNA/B7UdOtbY1ni+SzGX2fT5ZzxarhUwOmAEzoXr25SbU6iegGWx5xwY3
-  IWhPq+ZtkD6yz3yL6G5IpWBxMaJyHhEfZ+X/9Z9tZtSURtXApiJpnY5a3Y8jLvni
-  8D5YTLwODCQcDP8kDgfQo+kupYz2zZMJ20NoUuJrxBL4iFBys/MIjNo41+XlvGRJ
-  +itGpg==
+  MB0GA1UdDgQWBBShRlbqYml9+9Il3YaRKAzBvCPNzDAfBgNVHSMEGDAWgBQG+Y3C
+  beZI/XixZZ1chQL72ym46DANBgkqhkiG9w0BAQsFAAOCAQEAf8J5tCFlgm6dKCzq
+  UN8sGqoiuu0G9/XRXN1w2kXACfli1BG4Sw88ANTwvK8vD6Zwhoc9rN/h1MWWB4z+
+  8q7myQA4/K7J0xi7O0RSN4pAxGWfcd5Sunzxw6FgmRx4r6czVBVn5vx0OLGvysH3
+  90A1yidAkWwiNOK67REjjEwZ33/1yFt6V8LFq/rHnEe3/tnug0kwLxIqE/EsZYxd
+  cjZtVUK+fuWRm9wuDF4pn3eM6q/TJ2eyIFI3poRc7GqoqVpN8Fv+P9mCTfuxaCC4
+  rvwNBi2DxCmqTEMJMAwxGNnnlWlGsrCX77xyPAU0VrigZIoiLUI8Alfkf4g2Aezo
+  7HElCg==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -656,25 +829,25 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDYTCCAkmgAwIBAgIUZmcwpoYd+/0q73sPH/f8rAUb7FYwDQYJKoZIhvcNAQEL
+  MIIDYTCCAkmgAwIBAgIUAKV8EJ8dU4o00wQmQnxbqQm6ko4wDQYJKoZIhvcNAQEL
   BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
-  Fw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
   bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-  DwAwggEKAoIBAQDmCkPOCT230f9da6ZctuRYJs3t8qgO33OQsVPKamOKkTQnrAF2
-  A8jTQgD8gSYmORFrnrtRmRwXDm4c0Ff1KBogAEVersHaZT3dhsL+ATSONsvixMA8
-  JEW8P6avaUP3ZJaQkgpq4WG50VAsR32hv97QWyOYxhbovuKHEtxOPAHiOev16Knh
-  2VqHpgoa1btXaMTlWAJa9eX++pY5TwIccGwdLwTB1dXnEs9Ts/5M7RXaJLKLuSfK
-  F4jWAkjRg/9RXf8ZqmQrXC+bS/cbeFbQ3wPMuPSKnjyX+fflISisMqAuUVrQC508
-  NS8EBdERUzwelzHad3d2ekvO02OI2fvL1ZkfAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+  DwAwggEKAoIBAQC8brp0uuwUuE6ssiuPWul1K8qROJGT78Zf58Su3IhdDlft+HDa
+  +KNQHMsURiOaQrLcdSSv0F8xcu80OPklO3VFXJlbhIKC8rwOZ7GNBddMvY0LI0Fg
+  Negaz0VfKujouzKFN49SknG+QLoy7E1PefMkJLIAbPjouN2/Pk+PC0B6l2ZE79vR
+  sPTtJdRgc8FQJuN9uCofnVkt3GWPQqTQY4X181BPfBe+oLvNqwrzMUCUTgJLaWrt
+  9RAu2DKxUQbtRjdI16MWTZWQVeSaeEtoLMt+UlMjwKGEpEY7paUIXqr5CxYGpKKS
+  oONXJ7ec49Ptn80+hfW+P+99Kh4CpxNP5nvVAgMBAAGjfzB9MA4GA1UdDwEB/wQE
   AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
-  ADAdBgNVHQ4EFgQUJ4vrlNY68btmrQdGdH2veBcAEFwwHwYDVR0jBBgwFoAUWjNH
-  GddgSoDmZJdJLZsa4YvpjpwwDQYJKoZIhvcNAQELBQADggEBAHm9ITTPb2ISBeR0
-  OywVEVmCnKGAvkLJZ+xzzXAeiRZ4EbKAs6RBriD6k+rNzZsl7n8pfAZcjQjoteTq
-  qga7qAtskU1YWYNfZt23ywzDGWSOFHW7I+PyK7jDXWTMXLfEvlMBCblITOnPg8Dv
-  z9NB01PYDIWZ4UrVdDvqBe7X33UW2y0rfKjEpsbnwxzWhJdWVKcu1a4mSWxUMYwj
-  qMEHmrVLxo9WkZYylDxN/TOQVptPRee8qjwvDdslJbw+GZGrkpJ1g9DMpS2o//qk
-  puRo9h+GfRpCLXlqdEqc+BoklmEZpyc0ZXKXcOy6d7kadEZSH49gvsgBuAPQPp1f
-  aXVztl0=
+  ADAdBgNVHQ4EFgQUYQCjOHgEZ6yOBPTVcck+JvtC6yUwHwYDVR0jBBgwFoAUBvmN
+  wm3mSP14sWWdXIUC+9spuOgwDQYJKoZIhvcNAQELBQADggEBACStTbmOcM9LqI2s
+  3AZYwr8NSOulWINr0ub35sHlTYVsbE0PUVBj+MfE8mPyOMgqgQVPutSvM1LgHusq
+  Z27rGZ678g0vLTB48m+t7GXgHL8kWt0gA0QtqoWLo4jEvgJpxX4SL4A2gQBymugg
+  BWyh9M6xCM3IsSo/jjXjeRWOfpWxfmd7P4Sd0bS+ZQLl42j2ep20/uQQR4CuKSQH
+  x4EcHxHM5U7K3TBGRgux6y7VhEfWzQis427964l0eCj13ACdOmWn/a7ZX+N03yDm
+  K/t6y/CfCXejEGcwAjydH5gmkw/uZ/PlNX6gtMYSmy8uWYaUCp39yS9pXPVn0UPD
+  mU/j16s=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -687,219 +860,286 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDUDCCAjigAwIBAgIUAyOHMCp041+x7gW0UsC76+W6rZYwDQYJKoZIhvcNAQEL
+  MIIDUzCCAjugAwIBAgIUL5z/InmUf9DPSlsZMnzMcFTtN/MwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMBwxGjAYBgNVBAMTEWFwaXNl
+  cnZlci13ZWJob29rMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtym8
+  +NSb4lxFcX+TAwWIY6qPz9fc6UF4jpEu+RXdBB60SGCAsjkbYER3Rj8M8osFzEy9
+  EKqMkMbGFdArZ6yHXew7uvdQGuohPXb4RjJ+g7apjL3FRPfbdq+i7LcwP8wsCjAV
+  xJMiWUaaFZWpoosIfqsQWa8jNlgas5Ft6v4J5UuB8NJc4iEqddhKyWiJ3SPzMrOw
+  +ETKTCt9Latf9UFycq8uxfRhJI5+1p4/OUW5eaQzglIW4KKAtzzwduOvP4Aro0Gy
+  rizSlitUKYGwqbcUXdP/FjbmUzbtfeu48z0mH7YqIITwnBvPg3yOIrHAQmD/iJfK
+  werUjVWwExNVfkbdcwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
+  FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNRQ
+  eQyrEGYxxHwzlxWJKIOhuvO7MB8GA1UdIwQYMBaAFAb5jcJt5kj9eLFlnVyFAvvb
+  KbjoMA0GCSqGSIb3DQEBCwUAA4IBAQAWfnpFJzfxk4q4OAVVmDUGGUrJrqCl9mIu
+  oCDie0p7KIC8B06VFh5SGaSUmvgStTR/xzIL7z3IP0W3roGDxKdKGvKA/dn8ACge
+  3QCHoN02Qf7lENQRHlvRlxTLVe1zaAG1N9xCyB+qaTtDS6nHT0NartDBlvgvnqlr
+  rISKhj90oP08ze2X3HyeGyczzvORyE+rgsV9cf3BhZLb29nruOUzRtR/RUtKvL1s
+  AMnjD2xblMMUD2y6IL2dqMrciddgUDlFiIyb7B/DiAzvlJSHoycgR8pcAg90zZlE
+  3IXxcvL3eZy5RtiZW83b7TnFY05kCgXmZ1Hov5n4+zMb5yVpGxzu
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-webhook-kubelet
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIERzCCAy+gAwIBAgIUeTwgGg5JrGflVk1RvVutEBr53IEwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowFDESMBAGA1UEAxMJ
-  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQJM8mAj
-  V8nHY0GuLluLDNLzCujY5hPPSeIhY+0hhcgwOrMUG7hQW2+xwhW1otLUCPMz2xrW
-  ACXjLRGmjj3dMA3D8X4eg/aI+yH0BlZ3cYX8VY2wKYEdDdiaworJNOAebKNiQS3e
-  petmVDPO33teqUwKn7JdyuaKjpHeJ3zud2YUKFOcuIzWwfZsurhmU2bMOZPS204l
-  YCPU4T1xZqQ3NPRNOR/g2+z7ta3tI+40LSFmEj3B94hXbIRO//RoWkUeLLqyYKqh
-  lpexB4YccXfaPG1gn7UmUmA1oI9Vm0NHpjGyRj0N9NOdYBXIcp5NItHPB7ovZbMR
-  HltiDw+C1ZY+LQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFiyW/oW
-  i5TizXKs+iGHJcf2UI1/MB8GA1UdIwQYMBaAFPsKmWFu5VTreuIK37mRikavvt2K
-  MA0GCSqGSIb3DQEBCwUAA4IBAQAWEmNkvx72BsS3ybrmlaLcPfoXOQ4J5fdZcV5H
-  eBD5Hlg4E++6wdsoN53Li1lz6BZHvBeKS/C+m5+p8ThSI4kebN0ap1OI9eXaSEw4
-  RMCk7xAo/6DetwnqNlbNOd/zU27u8VVWmRoTS0WuQW6hyklhNgxd5P93nV4aNL9J
-  AHFE8HOALZkYQqdfwdHpVh1c4aJwS9oNZC6iYbeZES5L/GT+GpcmoREb58Iq+I/B
-  gYv2vIZZByyY0q6aBn5albW6bGgQ1Lo3UZlpy8Nkw2Kf8FLI+MECQgqlyg3v4p7P
-  b1rEqXRgTIQbxMVJrfOAumVTlQ0FgjrkOjXq9HNJoTTz6TtZ
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowIjEgMB4GA1UEAxMX
+  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+  ggEKAoIBAQClCPKlpfxaLuz0/kcDlrYtxRhbDcC3P0RbANHNFBviWRlK6ieu2Z8M
+  VgHETVkmvy6jNbvWis7OExNE7t2fXpiMWI/N90NBrUZgq71UVnKZH4+z9MTu53uG
+  DCjDaK2B9Zy7xRt9j+ujeRgxVunPum819YyFXpZ/Iz2s/9xKnQugRqdo+gaMUkuQ
+  rmrdLXCeb24QJqme5xhhUjcQrqIZsrpIyLN9AllxnWNKNyb+uRbdQYILmv6L+2xQ
+  s/9P8DV8GYg39WU16YkD2Go12NHsLKBzfueofwh3JgfY9LxEgHNWIiIfPZnfRIni
+  /k63byWnMh97rD+YhL/adFOTj0hLTYM3AgMBAAGjggFmMIIBYjAOBgNVHQ8BAf8E
+  BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+  MAAwHQYDVR0OBBYEFHUE3iiiJCQQzaCIETCmIw3Rr5ITMB8GA1UdIwQYMBaAFAWp
+  cJINDv1NeDr231leeSn53SsCMIHiBgNVHREEgdowgdeCCWxvY2FsaG9zdIILcG9k
+  MTctbm9kZTGCD2t1YmVybmV0ZXMtZXRjZIIba3ViZXJuZXRlcy1ldGNkLmt1YmUt
+  c3lzdGVtgh9rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjgidrdWJlcm5l
+  dGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXKCLWt1YmVybmV0ZXMtZXRj
+  ZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcEfwAAAYcECmAAAocECgqq
+  FYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAk+DCuaVFL8v+JMJGQ207a8HfZKpE
+  krPE+REut8ADzjKv6qg+VM+sIBYNTiY/w4rd8m69SKM2syoYoPJxGMOLDOAHdkSH
+  6R2n7hCROhnuzIxUUNf+Zq8bGgIQteCA9SeziqfV/ND+5bhrgLVA2oOVJU+Oysg5
+  2VOY12ses3V7qwwJ8MnmXOb0lXFqDM0p+6QVl5MHhWhOhvPmxhtcRhKIVvIVDmuL
+  +uqmGSl9UcinaWVM024pzvrsiC5MwRDHtGQxnHIC5OCZxxRgLPh5GG0T+Q9pwjfF
+  8T9/YbNM3LYNf1vZUgtjzTLbb++WfAeJH+uClRb5GyJkPsMe16ItSoMsIg==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: apiserver-etcd
+  name: kubernetes-etcd-genesis
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDTTCCAjWgAwIBAgIUU3erVbxk5JoPoPSupaOPCn8cL+wwDQYJKoZIhvcNAQEL
+  MIIESzCCAzOgAwIBAgIUa0fECtmQHXBdnAJc2pRIH2rKFAIwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowETEPMA0GA1UEAxMG
-  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvayGQGKWLAr1
-  a1/L0QTuIPkDK7G6Ec1IOdykJttLbjVCKBZ5DurV0h86bk9tfYJYOY0FmX0Pyc11
-  D7LtJUMmrVv0VeR25Mlxm72JABAoNlRXsLPJvXEIIjk6DyooLwQnTb+Qa1fcXzpi
-  ceUBBKwDNYj80cRsGMHTxMIVkxDEiKM0Vb9XAKaCqmkhqWrgx7luQICboCBm0N2u
-  qrFEl7Z9movu+DlKcKir4GQT/DWZxT68+oQGkT7880s/MmQmkKRNUwf/ViCs6oxV
-  nUrSwsj5KaC1swIWdcfIwySxS3DMeFNLMohf8so1h6yvMf6QrB6Fw24LQrivFvhx
-  /COGQBDStwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
-  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEl/BcA8+GQz
-  BtZFTnDDP3pEreJSMB8GA1UdIwQYMBaAFPsKmWFu5VTreuIK37mRikavvt2KMA0G
-  CSqGSIb3DQEBCwUAA4IBAQBVJzvYvrRsqEdN0ogq3FDSad2dtqTzYkN3B+pWyHiW
-  q+dsZt4yt2UyZbeJMoTtCBIPSf85g8KtDjYYxDl2XquOBR96R1WPVyDcUhwOX0kV
-  am/m4SGUyccEj6otwVr0XiZGTjWsGi0Kr5bAlYUoLiYzvfPeWO4+Qvcr5lVZ8koN
-  NJh/P3uPFAAU8QGaPG8OFyPG86BGDfXXKBuRlxUYViJko8N7sOxhVBmoP13rUfbG
-  YEFNA5OP4G5o9KSPwgOd6VKOnKGTsU5a53LeB6jiT0SVHuHZYPBvbhUzvYXQrQsp
-  +zl9N5zYd7j/DIZNH9I+c1F5v5bIC7isk9C+T6gRwfyH
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEA24O5Sw4lD3MJUEA6crbruA3w1BjX7/ydWwBNjCp77sdgCKUE
+  YEPqosLMv9I1KJZxJMg5XMNSy2SEYqLS6NceA/0tQ2fNzjNilguoX2GR6ughjFk0
+  CrRvNK2lBLtM0RLthxUjPsSbWEFtmv0NPTo3ng03F4mguZ2pnQbELYhUzK2fJAdP
+  +c5lTYcxbI301aIebpypgxigsO0VyBEK5xiCLd9S0Zygkbh4JFMZatMDpccNeSJf
+  1a7IPr/n30DAsbDq7yrV36CSmgEbZprREFnxyjAfesYdeZN44ygr4tYvZLTaY8Tz
+  nwmOMpZub/swEprFv1JVRh8ioQv5+ko6tFe7IwIDAQABo4IBZjCCAWIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBSmeOKXmZLTXLSQ4VIBIVQ4GVVFeDAfBgNVHSMEGDAW
+  gBQFqXCSDQ79TXg69t9ZXnkp+d0rAjCB4gYDVR0RBIHaMIHXgglsb2NhbGhvc3SC
+  C3BvZDE3LW5vZGUxgg9rdWJlcm5ldGVzLWV0Y2SCG2t1YmVybmV0ZXMtZXRjZC5r
+  dWJlLXN5c3RlbYIfa3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Y4Ina3Vi
+  ZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVygi1rdWJlcm5ldGVz
+  LWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBH8AAAGHBApgAAKH
+  BAoKqhWHBAoKrBUwDQYJKoZIhvcNAQELBQADggEBACyajVsA5kePz38rpT30t24L
+  tYlWbEUTIM/5dNJJA0gBANcEiWCT/lK5x9J8BQPramf1zODoOzLbB2X0rS1Qp31Q
+  a651Ofa8ZFvGYyU2fu49ehaqO4o8gAjzSId9rle2akRK+4AtNTo8YCyLdovx28OD
+  mjguj84HZqKq116IErJ4yHuW9QaSuTpi9kDppq29b2tvdaASc/R44LIj8FOSDFld
+  YeTZDbXCZqXxH+ytO7PltywDVrFgn/uS3Q2sCVRqV79wxiLAfIOKe3qGLBax+pYn
+  NXz2zMOS09KYNSTNXIcKFWnhx+vZ0Z6yxy4OkP+hLzzyU4pG2P7kb07KHNgqsiA=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-anchor
+  name: kubernetes-etcd-master-0
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDxDCCAqygAwIBAgIUHv/dMYKu0vefmwR5xfaMtJmQfPUwDQYJKoZIhvcNAQEL
+  MIIESzCCAzOgAwIBAgIUH7CAkj+jGd+E6BDekZGRye2Wl3EwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowIjEgMB4GA1UEAxMX
-  a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-  ggEKAoIBAQDepls1Xn0Vbixtybe2IXqPUWC+5JrdPZHSKDhEDk+yDcEkK8eLTi/E
-  rLJPyNUuC8S0mDUpufR/OpO87LMgobdxZdMJfknZt74oo9r1tfH6tq1EAezVCMpy
-  wyMm7VWWacPoQnD8vXrD9RbjqByXDiksdSioDQyz1+jzGnFUxDsWJmZSb1yjLoE8
-  S9h+NT6XXGY9AzvbtXf2fU6/6BeGMgyxvJVLtwlf2LgXeOBrpQH/J9jn4lsGazDe
-  s68XRQMNHOr5SCJOvLlsks8sPwE7EzuxibWv/ItgT+SsYRv7h1a0vFGfvUqIaLc6
-  Z08HIZBFogcqEYHMrSR5LyVs6bg1cT4BAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD
-  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
-  MB0GA1UdDgQWBBQpUyWr5A6tBqT+YBZXmyD4doxdJTAfBgNVHSMEGDAWgBT7Cplh
-  buVU63riCt+5kYpGr77dijBiBgNVHREEWzBZggtwb2QxNy1ub2RlMYIJbG9jYWxo
-  b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j
-  YWyHBAoKrBWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAFSUhchQuhaU
-  TLHOr3zsyaoRQ4TXNRYWJGwDYgR+RhyzmKL/DIp/7DFou/4sGqTFsR+bqQgOpdG0
-  p0/FmYXgTSFKSNkaZzmWG51mfy6mdKQhEHeZw+ZnABn6PcJL30itTz7zeDWruq02
-  6zVXLWYiSWtmppqRJltnQkUwqdrDOBQwX8Dh40Nb56NaCZJ6Xc9LuIp2blBNGQH2
-  8y9ccV21FBktDqAwmMJXyvfF2mhqeqhmBbxaRgmcaGlkZhzWx2Umw/2v5zQyvM22
-  KSrW+5/4UvMGOIIJxkRO5UZj1xuow6/szayNhE2b+6r/DAaGg9x4kmpe3ahYYhXy
-  TG5QIhlMe1M=
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAuurQqfhhGwSdxcjWIwiqI9SqL7RX/2r1ZzdD6tB07+T7cSRg
+  sBNXE0/X//Y0SMAwZOlRMAUNRQgcmRFwOEpxvzuKTP6R2dFgg/JyEKZhyXJ1WvoD
+  ZJK5jcJZL/WVd4BLfHPd3zMKPVaj6KOkhuGgCXCuQYiy2PhCmo/YKuqKyJufplxF
+  WMltwyeyI+u7978zNnUd7HLOluTjg/Aofj/olONPbKtabLSnciTCtXqz08TX1Cu7
+  K5nQo+2GudhL4C3k6iMslvJMwaetHe7XrE3gsI6IXwQcoDrO0zqIAlJe91I1LJ6V
+  aZIqQumgcp2H6HrPsWEs8eRYbOtUz7ip1sJ6EQIDAQABo4IBZjCCAWIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBSt9dDBvL7XeQ2Z98i3ooCr4P1d9jAfBgNVHSMEGDAW
+  gBQFqXCSDQ79TXg69t9ZXnkp+d0rAjCB4gYDVR0RBIHaMIHXgglsb2NhbGhvc3SC
+  C3BvZDE3LW5vZGUygg9rdWJlcm5ldGVzLWV0Y2SCG2t1YmVybmV0ZXMtZXRjZC5r
+  dWJlLXN5c3RlbYIfa3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Y4Ina3Vi
+  ZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVygi1rdWJlcm5ldGVz
+  LWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBH8AAAGHBApgAAKH
+  BAoKqhaHBAoKrBYwDQYJKoZIhvcNAQELBQADggEBAJcu7+F6jNyNLgTgaW4CWGsS
+  P/+n1nqL1Fo0hLrMDJsq7pHiu3K7f/SlgiNGbwDIwwRs77xxUJfF1K4T8cisUhEs
+  /cPurVm1Rkj38SoX+lNyUa6TDAPQSKuBIXZIK1jGy1nXFoEKOvA1PbGS2Q5j2fJD
+  zaLREX6Q8/CAKmzFoRahIXFMOGDUL2DtuY/iwrUUDKfgrXHbvx9SXV/9oaDSqARc
+  AzEcNTunSUEwOow8bPGdSWsszlPCufXs1JvXQYKR31p1Ep48zSBoaNPspb8yTJ7I
+  ojCzdsLawLjtoy86lGPn8adMRdgXorzfzFP1gkxX+vMmpnuz20uHT4Zp7G6L3oI=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-genesis
+  name: kubernetes-etcd-master-1
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDyDCCArCgAwIBAgIUJMAodb7+QU61HEMjnP5btUZUAVEwDQYJKoZIhvcNAQEL
+  MIIESzCCAzOgAwIBAgIUEw3y76fn8/IqDgCRRREONwd44ykwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
-  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
-  AQ8AMIIBCgKCAQEA4dhLOL41j6N+qdWkAFVTObTMuqPLdmZw/yVEuoDUY8/TF/Jw
-  dJpOu52OvHRxNi/+5NXarOSrZbF4w6p7QbMrC7hCOBAhoqm6Vgy9ON9i4xThNxly
-  GtFCeRyiJhRA6eCyoA6gyzAARMqbRvswZickwrq/CvZbgVK/9bdJuMD6ehjQ78uT
-  zD2dkUX/ifelGD1/ZshiM+0wF90EZpYMWwPN4VThAmEIU8FmO+PJEsZyp4BGrr4I
-  roZeQ8N48ep/vY03KqoOXzDUMsQuoZaxk8subJa/ZdmvAuS0GtFPzf9s/NruNmYU
-  jaQmYbdB5lvpe9hJQldtPJhcwBfJVN/F8PhLowIDAQABo4HkMIHhMA4GA1UdDwEB
-  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
-  BAIwADAdBgNVHQ4EFgQUzjhJCoBb1eCRc/AfeVUm0qsuRRcwHwYDVR0jBBgwFoAU
-  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTGCCWxv
-  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
-  LmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCevsfP
-  9TggL9p5ENDNNmMg5md3gSSHwZsBZ9ZxrzCdaFBFy8bSxzt6CE9ngdj2G/fYzk4Q
-  UgLDwpIw52NGCklzfszapomfqIViEQbeHnB8oYCoGS+n7pIjYdMRnO8Vu74noEPB
-  vNDcB/RYh38ARZHCTNbGuPqwcC2TYr741S+lR4aRNJHv6QHpYmqfXs/b0WblPlR2
-  bucwJTeXHsenDiXsevZoxSGRLaiSSXkYUsuoaDHjMd40AWW86aK+h1nY0PFM5IcU
-  KBQsiaRPN7avd9A0kLK4ozTQ8dMIhs+TWIn7dnJNlkziMeeLUQsUMy2yPCrjctEH
-  /1JzyJjzXQf7w+33
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowJjEkMCIGA1UEAxMb
+  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+  AQ8AMIIBCgKCAQEAy+4FvqTdqTciUNHW9UADChDf1QoALAEjkPXCiHi4bPzvryKx
+  22sAVLD/LjIgZ4q/dNB0+eEnrcjd8uHGDmsV5Pxd+6LrbUfRVUxkkNmu9KcBetJ8
+  HZIxjXWgKCa4/cSlYgBfdkyyvtvFfrp1TwpOYVQ7KIEeleueorM0ruaN+ilKbMPv
+  77cJbFHaM/FcIU9R+GDystdWWG5kVoUqNw7Y4+1Q8KzCavdN31EB15KNjZLF1eQ8
+  EoHuYiXzbsF37oWlslKtxEqU/WNggUtNCi/cP8QmrVf00/lGmpErUFfx+0untvIQ
+  OZ9vVjSPMdc+TesKsb2Hx14GyFL4PyAT3GqQVwIDAQABo4IBZjCCAWIwDgYDVR0P
+  AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+  Af8EAjAAMB0GA1UdDgQWBBToA58Zu91f75etkeIXIRFie1yakDAfBgNVHSMEGDAW
+  gBQFqXCSDQ79TXg69t9ZXnkp+d0rAjCB4gYDVR0RBIHaMIHXgglsb2NhbGhvc3SC
+  C3BvZDE3LW5vZGUzgg9rdWJlcm5ldGVzLWV0Y2SCG2t1YmVybmV0ZXMtZXRjZC5r
+  dWJlLXN5c3RlbYIfa3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Y4Ina3Vi
+  ZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVygi1rdWJlcm5ldGVz
+  LWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBH8AAAGHBApgAAKH
+  BAoKqheHBAoKrBcwDQYJKoZIhvcNAQELBQADggEBAFN9EtjG/hnaz8JeMWmn7iSo
+  fytSmULuTYN0CYWzgztbd7I0Ej0hw1E4bzJSlhOCIG3EcT3eefzqRDFBQuIXGEPt
+  fpriLQnSlZA+9TDgZWDebKyyPiAOFluN/97rTS3LpzgYQZliNLyEdI9Kt4s37sWR
+  NUJ0c24PZMJC2afqtBO71JyJOAvXZwiOaGv540/YA5rTl0fnynZDVazzgjFxpl/j
+  tm4W2OVCfYntA4Ebjwlya4GKGEzSpMWH+GbIvivGgKrx6MyEHy6ts7zV8GFvalDn
+  rD7jVFpYd3vWpMo283R1NoL5YnjGqDDhY7oJXgsUPQrpjJ19KKLS7r9b9h7gokE=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node1
+  name: kubernetes-etcd-master-2
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDyDCCArCgAwIBAgIUI6pAybIRlbmXEHaBfpBzVIcdtxQwDQYJKoZIhvcNAQEL
+  MIIDUDCCAjigAwIBAgIUfM8Q7FOAZqTrm6JkSt91ku1xIfMwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
-  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-  AQ8AMIIBCgKCAQEAux+xSWNsUUyGLvhlh1Hbr5VFhmCI4biss7irvqvX2eD9Znve
-  bNKDBwv9oTndTI+Y65BZKGnfxhVKfn6RdCx7dgDrslwYissk/xrhL7bZbXqvDjDF
-  aTbGr8ZIaMMVbWC+IMss2cBZKZ8jrTWcRjZ+6wYVWi97a5JA9Ggy9YwCe1FGfEJU
-  SfG3QDh0npdxl07MBQowYADmKJOky++7O2Q8w/paA/Jv40gguUTliJopYHxTyfBd
-  Ffxc20dmFg2VbjKN0fPEnhXapDoAhwxL5Jjknl2QXNMSAaFjN9/aRGfdyR+1lzbO
-  EuUjVyyWB21kTs69Etljwj2KMz/gp4fCyDzPowIDAQABo4HkMIHhMA4GA1UdDwEB
-  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
-  BAIwADAdBgNVHQ4EFgQU6fWNQW4fBLLsnFdbgKKT9RL207AwHwYDVR0jBBgwFoAU
-  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTKCCWxv
-  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
-  LmxvY2FshwQKCqwWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBTL7kX
-  HDfygdH/mw398Cf2CgXpudM8B2LWuAxRhVbQZ2nns06BsT5trHCSVLxX/+z6R+el
-  XKoSY9YEm7cKa1rffVJavcHYA21bd8qxaPQWlTw0YWShbcmKwqRefSPDyPTOytYf
-  PNtVtVjQUg/maX4eBog0rYzBmKvqMGv7IYx8g3P5iKD0DIdMD1MdZOUB48/JDpuU
-  JAdJP0ULCr+i+GeMuTS8Pi9ecFjlZV/t1TnxG1X1tIZjlTXJm1/tQ1VoWOU3PsP4
-  L9UKSwJdTLPj0G7pNTYkGwKq38yro2nzA08Obiil+WveS9nXJVwTX/FXc0WvXpv3
-  gh+cno/nlkrOj80s
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowFDESMBAGA1UEAxMJ
+  YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMu2UYvn
+  vcj1t216FqNYgit7urLtKqKphmkO5oIEByDG4isadtiME0QuckbxU+BRqjYRZJU1
+  ccnmOH6W7s5CsTUQmXvYRNyHAfiL0EyHqPNcByH48ZAJibHdb/BXSr1LsBIESOp1
+  Uof5+U9zhY/orbz7T2MoLtaOHBZtXf9MaZAwOI8pq1lT3IQFNQJT9sJg72/re2oM
+  oR+aaw4R5iNQpcSo3GK3AXLy6WuHge0aHisAUvVvS+BHXieFhTscBfjTwNvedpEc
+  qEU2cOzGAeve2PDEal/L9RU4bF0vDcGvKe4IZIl5Ttjj+s8+HMppEoev3TcaPPnb
+  A/8nEFGu9F3gzwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+  KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCp4Dv1p
+  DYHGGDVll5BenoSm9cZAMB8GA1UdIwQYMBaAFAWpcJINDv1NeDr231leeSn53SsC
+  MA0GCSqGSIb3DQEBCwUAA4IBAQBYo8ZE8G9JZ5q4Xv60E+XfIpGMkdzP2m1EWhYO
+  9cpB3dmZdmriBrNp0s2XfFJoI1FqVW1iXlu0MFRGYxhsq12VLy8ZiAHS6OBT+/il
+  Xjjudmj+uObwvtBVRLk2Pr0O9Ui6oF7NmW7d0Vcmr9XhXVsuetaEUu/wIAIqNQcn
+  8FfcoL3LP01VMSMJzNxXj3ryJG4JBa7ub08iN01gd6XKv4npQU30F4BcwuSHdK5x
+  /twxGqOSTCiXq/jdJGsngxHtpPwYJNK/hLCZzMSTHkpPNqD/eFin5D5VBe5TFxOS
+  i7y8VvS26JGvXw+ZmcJTIsx2cKex0bTX9W+rS1rqusfDzgwi
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node2
+  name: apiserver-etcd
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDyDCCArCgAwIBAgIUbiiJWxGEnVn3sODZ8MYbAO2UT3MwDQYJKoZIhvcNAQEL
+  MIIDTTCCAjWgAwIBAgIUBEGvMph2qr+jT4AVFSdM3x2toEMwDQYJKoZIhvcNAQEL
   BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
-  dGNkMB4XDTE5MDkwNDE1MjMwMFoXDTIwMDkwMzE1MjMwMFowJjEkMCIGA1UEAxMb
-  a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
-  AQ8AMIIBCgKCAQEA7Fl5RnxJmm4r3cdTLkppA73Z4M7kHI6HDFsmjLP4C54aWcrb
-  zAw6sRGjsFPT4Tw4HzuHpC4DV2rFCZ03u95U8ZzBPpTBoKyhVXEz8atYTze+0Tap
-  gLxNMQo2mhenshuuIi6xWK/sJDgR7ASsqpq5RX/H7I13BfjyA99okil9c5j842xT
-  zhEkO3bZkDei1Hcs8yrbsQifY9bnEdNADYMWnrXIRb9Xyy2Fz0g7gYjoWbRThom+
-  x2pRul/RRpxjrCe4zlfrrn/W0YLzGngXI0G8Kv10XUo8p2Rvc+2j5ep5Gz0kAeLA
-  t8sdOAckw3ervruCtngrotqP6wIxrOSiFe2YEQIDAQABo4HkMIHhMA4GA1UdDwEB
-  /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
-  BAIwADAdBgNVHQ4EFgQUA5r2w09PQgXPwYyiSl9jqBjcHgQwHwYDVR0jBBgwFoAU
-  +wqZYW7lVOt64grfuZGKRq++3YowYgYDVR0RBFswWYILcG9kMTctbm9kZTOCCWxv
-  Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
-  LmxvY2FshwQKCqwXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCQFfcm
-  jLfRdKFg1XXFXSfrTZAb7KTHG/4C1oC7APC3Rhqxryue1R9QZSVES28o9U9rCVim
-  YB3HRYu4u5soJddhGtm5qk9QTG1tXWg9LrhhEXNdQr075kMjQzd5ysFUVxyChHZl
-  qw+xgl0j1B7SINt3re3H4V55VBpgiH0Cox1juWYUoerGif3CCik5kmhwlA2qphmC
-  xkvrvAQXHgDRsLlXvrnc1jWEb86HuXUdEDnBmPC7WBM+u6uMCNFRXZDFMP1tLPZV
-  q2l838WadhIJh3g2eF0lyc5NazsP/frbYr+SxiZ22kNh2rZ8tN/q4gWvkZCuM78y
-  MdPeZBuM94qYYQb/
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowETEPMA0GA1UEAxMG
+  YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7g0AkP0mdZIK
+  e0ed0ThF8nny+m2g0RBPhGF20kGSkh6VgzXzW3c5K6M5r12n/GtH57KvM7aNVu/V
+  PiTxQVZzRkTFgiULyHL6Mp2t8wEVjiHokKBg+3OQr+8AMoWLKNqHjkyTr4ie6716
+  wKKnG3P/cxZ95MSA/qcsmsO6bBTPKEGW3dyyFzvgvflUs1ljVLGX0OJVwRVsdRr+
+  oZLdSHzSVNXplkVtJBn5Bnz26TvvEQBHODXrRMYGnNEKCouUPeaErQlZAIB+vXi4
+  JiyXZqUby/c/kts3BCS1QYb6uhsOMUyyKKWdr2cCsf3a8x3YOjG1NzcHR4vKOrU/
+  b+3yto6XgwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+  BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIUyHyIMqcKf
+  HdkF1RO+CPkWAo95MB8GA1UdIwQYMBaAFAWpcJINDv1NeDr231leeSn53SsCMA0G
+  CSqGSIb3DQEBCwUAA4IBAQCV5fOypdVCJJPOlVqrahfk5OK60HLf6QshH79KWOWk
+  XGOUzxIuPP6o7ObzuBAsDnYWZxqghS0aQweh98MrVKvnik3BukvUsMsoe55jbK8Y
+  ufJQzwfNmMYmmGvaitjwWrSc+ruQwOi629tfInE9glKs8Wyl7fW1UrX+0woL/O9q
+  HCmtoLkv3NcKBDTGn8ka4QBM9LHWaPfKhCcDBxnUGCwixeFD6/vtAMZhmjwaJFIC
+  0AThH8ArEBRXETdbTgQs/f1iKBABoXXkLtK6/6KbfFZSsJJvI7l5Wm1Tqx23vH0O
+  tNRun008QSl0m6qWaFbylr/DxDl+y1U+v7ChiBkI3SRh
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubernetes-etcd-anchor
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWDCCAkCgAwIBAgIUCQK0saKhI81qKatOEHQtyInSsUgwDQYJKoZIhvcNAQEL
+  BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+  dGNkMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowHDEaMBgGA1UEAwwR
+  YXBpc2VydmVyX3dlYmhvb2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+  AQDc1oS78o3OmA+uWbaEnqfY/A8koSc7jSggizTYl/PbhxajfWO8CqAgn6iWWUXq
+  kfJhaRIn0bOdZwjl4tMjQGE1y8gQNvJBWqRxue6WCIpTcsukzhpf13nzTawuoik2
+  lDzzUjOzn3gvV376dE9JBGb7mmCmZ7kUaxz+zQnnEBwqauqrMU9CD7gnGoY508OX
+  IL5gB5wddpwjrbZDLBwdMR3V0zNQKOSs6Nfe4zLDIzPyORd8nP6zit6CiMxzxHhi
+  wVuJGawbKm9/LBu0TFDey34aQVkRtTRUWpW9lPt9c3HufMxt4LMCSIn1HY7ajQ8O
+  1v4Z74+6PN5f1cfQsa1ONOP/AgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNV
+  HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
+  FgQUCvviQdisbGI5bAFVCvBVIKuERkkwHwYDVR0jBBgwFoAUBalwkg0O/U14Ovbf
+  WV55KfndKwIwDQYJKoZIhvcNAQELBQADggEBAHRMEvpeSA2ic/lI/XMb8kul6U1L
+  4T56pE84Zglt1CQkn19F0K8Uyb6WkSf/kT8hMLngOtx1UxaMvG2KWyhmwiSiLIeO
+  Vfhk07i0MD5qQYrRbF/ZvDyluu1QLp2xazqFRGTB3ZCQiNQXjULdOO+tZ7TADkcN
+  Df8OOAB/53IYNRABI0GYTUjaZoTePJMz2MNhkTUFYJ40ZnU+TIOdYosqjvYXDwQy
+  Z+in5glq8LcbGJJUQyagNopRo5siyzl2I7whVFTkIQXxjG4rCEp/ywhdxbGVaSB3
+  Xlb0MNMtAEUlWg3bVQWIuklvJa5eFNaj+oH+dKyx1hh1REn5LwmgnXiiNK0=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node3
+  name: apiserver-webhook-etcd
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDzjCCAragAwIBAgIUJPSMB26Kdp+OJFGAo5ybtZzWaZMwDQYJKoZIhvcNAQEL
+  MIIDnzCCAoegAwIBAgIUOslDu2vKPRkalzd+eSzChoh0p3YwDQYJKoZIhvcNAQEL
   BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAnMSUwIwYD
+  dGNkLXBlZXIwHhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAnMSUwIwYD
   VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
-  AQEFAAOCAQ8AMIIBCgKCAQEArs0iErZfH9UxosjE3NJWRJNsYm2ty7r2Ruk+hdyn
-  n0evCzXP2kZRgddqQSSKZsignr6Fl2pmugh/GQWBB6FiJCC6QS9kdaTk6tyN2zH2
-  MRlax3ArwRfgigltFD4jNBA74rkXNSGJkXijXPCRyzGipqRrljEzJksvZxkg8fgF
-  JfCKze573sz1k178gI8WhqPq2YdItk5/AOcj/m1fEdWjQSpxy+bm6KWnu5EykpoE
-  0wvpHsNYtfKf74fXkwyx6+9OZCpOOYIJ4buBuRgEhOQbAi1Qajt2qXjXE6qYTYyS
-  zxqSSIf/X6agvGkiIYJY06HLc+3lhpSg62vvj7/ayTvj7wIDAQABo4HkMIHhMA4G
+  AQEFAAOCAQ8AMIIBCgKCAQEAuVRmkbZxhzARYXVcA6NTXJKW53JHnSAvuzzDNQ5K
+  m92PTLyCK4ZfXGDrXb64/sC7hdmBK+6UXA/UIHK5M8R6XkTSELtri+/bJlPDZzuD
+  jbSaEIRKC4LHXm/C8UP1qk4JgXD1SRJVNXr+dEKD2FW44/krtSuJ51kvX+SBr7hd
+  kF3kf+E/caBgg/4RM49HMDiSVQ2ZRZ6IYu7lkM00aIp4ZOlp4NX730cy0CD3w2XP
+  1p1UPjbPayFB+H+TG/IlrNv/3JLDl1kJd3zDSFdDkpz8/h+hqt5gMRrAQJTGuic1
+  tvZjF/I6odkgYA6ktMNHWqeNfRV7bQglRmmaaPL/W7lhnwIDAQABo4G1MIGyMA4G
   A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
-  VR0TAQH/BAIwADAdBgNVHQ4EFgQUlcyw2AfuALCYYXhQc4W6enqMyHwwHwYDVR0j
-  BBgwFoAUi8BbrX2MTQYodKFYA8/Brc3zRFQwYgYDVR0RBFswWYILcG9kMTctbm9k
-  ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j
-  bHVzdGVyLmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB
-  AQBZ0Qo+27gkR5K6+pFRG+XVi+HlO9RtwjTrQAY/V93XPsg6pWsBh1equ+KxEPLT
-  9Dj6TqQtkHzsZvSrI0eai9bj5KmYXmf4u5n/4wMPbpAtdUKBPMfsNhmaaAnpmh+a
-  DIArqvObndKCH1DDVtV/GZ0Z1BgEheM0GePDPMEpJZZXFU/9vkwm70g5Ayaetblb
-  iU/iNV1K3niLle1tYwwOwAjkZBsYRMoMG58lFuLudXFZAo/CLx1EHgubgR0VpjCK
-  OxMSH6TYum/ko8S2FGp8gH5EVuj4sBj33OXCOu5etuyKsEraqzJ49GhrztqEMHNR
-  V6WKtYphPBqyIiZgaWu51BqM
+  VR0TAQH/BAIwADAdBgNVHQ4EFgQUrYV+KsAWrf+7Q621hpvSK/He86swHwYDVR0j
+  BBgwFoAU9d8/Uem24SB2+15DqLwjRVIWKgMwMwYDVR0RBCwwKoIJbG9jYWxob3N0
+  ggtwb2QxNy1ub2RlMYcEfwAAAYcECgqqFYcECgqsFTANBgkqhkiG9w0BAQsFAAOC
+  AQEA2T5sx9HsYL60KI0fuSR+VZfgtSWylkXQfJD0NRho838FmQM2jzSN8bZ3KM2X
+  XumTvCFK/NcIA6GOE8BtQW1bNrgdOeo2sZGfn/mk0C3p1zip1HtTstNrrBTJgiuL
+  HsgiQOZnrJzSF3K8eGEgn+AlRsz6uiUmXr7VBO867l85nUukIeNYMidBbs02yxCD
+  L1BnZf1jIoj5VcSBaqTKuUi7hbLiRqS+8RcYZB0BC5LUg5j9skLwhakKLMnHxlXr
+  /ZXly9NypgqMQfHdQtHr5SFyDMmeU8v/mOuqcqiF2cwWqhj1SR1Tm87siAA94L7i
+  OSyUvXr3XTqM2wYcCC3hBoYNsg==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -912,249 +1152,255 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUCbCjBspRcoJukAC+f6sIaTTDV94wDQYJKoZIhvcNAQEL
+  MIIDozCCAougAwIBAgIUMPb2QujIpit/NRpilkqA9Gu54/8wDQYJKoZIhvcNAQEL
   BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  dGNkLXBlZXIwHhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjArMSkwJwYD
   VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTEtcGVlcjCCASIwDQYJKoZI
-  hvcNAQEBBQADggEPADCCAQoCggEBAMu40wgd7p0a59IdUyVKPhgm1ykpLg0BP9+w
-  +O1Kn3hUtbmv+6Nn0OYGX0o4G1x6csrAxPAWSBEhYOuWNaEhvsD9WN5l0s5D6bLF
-  KRpH4XHgXwtndgWrNDYE/QYHcga9JqIsR6K7vtG0/tgW7XQsBjYONDCRXCBy3aM+
-  uk7InfpO1g98yMxQUwUXB+rihPAU4sSLd1+vhJJnI4Hp4aCPnECPiuKx2p5EPcDT
-  dDcHjkGzUanj1wL9PLj6uECtRZVqpv4UkD25tnR41qmw+vPHO/UThCNqtEKOoptr
-  O9lPv/Y9zKS58y1y+wyL1cszRGmIV/cE7m3cpoWMtp6DjsHnGAUCAwEAAaOB5DCB
-  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDgIm78p9oba84MR59zoB+Zvt9W3MB8G
-  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
-  LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
-  dmMuY2x1c3Rlci5sb2NhbIcECgqsFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAhZpNuZQ+g8CUMUmGSZJr4cYjQra29HmJRRf897BH3qXGhPTldEziSV4k
-  s74BRyEDS8pTsCuJ8RQgRX2LtGdrIMR4cuvGcMZkX/0Hab7F5u49AZT5bPe0v3en
-  yTzQF4jDHBv1MsjNVHEw2XbP1LAlX4BCLtCqtVITKUHTik1ee2Mq6/xrwF62l6u0
-  NXmoBUx39rVDOsRceQPHgc6KDTzp7GvV3sFpeimuwry/G/23PbbbUxhVksY0TtbY
-  4/jYrKnp+E4xPZB29r2iicbUNZJQZndUkXSKjG5B0UwghxzuQrw0RalXsvU5AkI0
-  4CJTEkP+xZtsUGbeeg6VCgl4DNBduA==
+  hvcNAQEBBQADggEPADCCAQoCggEBANtFO2ZjIz3bBPt71XXo9P19dXnk258fIeiP
+  xNbWAj107Hb1kd5ev2tuIAZLhx+JKGVYnxzjmJWl+dEe401eaNAbYzhb61GP9vMf
+  +/kkCT274ev+dxHh0HhSh0cy5lF0ORbT1R9ScMe/SbibR5ane1ft3yVp1VEOuq/O
+  pOx320lJB5H5O9vHIZd1gFP7lxKxROkbzHIrhf4zD208ViPsoGtqXnxXyKpmAlOy
+  rq4KS8kMDGpccD+M8zE71P/h/XCi5tMM1NLEN5hVy0kMK4a2pYgICTg4pZY27YRL
+  AYI6A2uFpsQhPRdripT9DYH1VLWDRkp5gzwjBiesA4i9KTqfyMsCAwEAAaOBtTCB
+  sjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKhVk3uVVP4xoRzG2qUZKtz/tfExMB8G
+  A1UdIwQYMBaAFPXfP1HptuEgdvteQ6i8I0VSFioDMDMGA1UdEQQsMCqCCWxvY2Fs
+  aG9zdIILcG9kMTctbm9kZTGHBH8AAAGHBAoKqhWHBAoKrBUwDQYJKoZIhvcNAQEL
+  BQADggEBAFG/0D5cbLHRjgCe6a4Iwpu+DQc/5ho7jl1xlp8U5I1JwKzRGirymiaO
+  KTvUdTKsX3Vz0F04nfZyyvcBvHoJtxDFRzTvvJtVXFRmhignxo//usaBDSvL9yAn
+  0Yi3qCuSGU+RggtGQe52xtF77QNB9mjfGSvTPu/u8MnZKcFHDvaqC6d1BTZgR1Gk
+  le+UaMGiW/fg3nNpiZ7Xr9jiNfj5Gbmcx4tg+n20qQNhgGwhXrIA2t5iglKoh8UE
+  rnzwbaMDlqy2nFTSI//AH7LDcniiWQaeVwPyLIi0iwScITIh4pcAFDOO4+/2KI39
+  HxbgV9Xx/IHenuJECIpk8p5pqIWC1k8=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node1-peer
+  name: kubernetes-etcd-master-0-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUXWuF69CeVDhjVKXF5g25ojeTopUwDQYJKoZIhvcNAQEL
+  MIIDozCCAougAwIBAgIUIOt7MrpRGm9AfhbM/YvIBn39BWUwDQYJKoZIhvcNAQEL
   BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  dGNkLXBlZXIwHhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjArMSkwJwYD
   VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTItcGVlcjCCASIwDQYJKoZI
-  hvcNAQEBBQADggEPADCCAQoCggEBAMjOSPr5rLVY7yTlmA9FgTaIvuj81kQXYHfJ
-  07BT55vJ34zqqIp8vDy+ioyOT2ZhWy98Ngc7mUzbQLHe6K43kHR62VuMIOXO9KUg
-  pX4jfv40rmlrZZy2+w0/3hJptAIG1og9BSuSpAP1CRMSy+fjrqCJ+EnkTgth/kQ0
-  yGKgMbMM/DgEBVj6aqmaBxhZEtwFup9VX4Uc/SuwaoID522+DHVsctCM7kF6OnLK
-  ZltC7Cnx17koFBCV6yKTGu+XxGbgAAGpx6cLu7Aqbt2H1hZswd0MErgQeD6Z2Qvx
-  3P1zRvueFhjEMYIGafaQtXre27i4xXJOTZ/oRuQ3qyk5am7D4XcCAwEAAaOB5DCB
-  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNlFMf1eHoTuvKg7GcIdwMr2G1suMB8G
-  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
-  LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
-  dmMuY2x1c3Rlci5sb2NhbIcECgqsFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAlfvCu66v1KUVCyJgc9ur6BetavU7DnBQbXsmXwO9pmlEDei6fGGNYF2i
-  D51qv2Txbbnjjvg+d4mc1LbMBSlmNBHv+RF24yXokNZSseR5MLaphAxy4Ma5Uwp7
-  kRBAlq5JDwLTI2jJ8xNDTTwX/yXp/g6ErqH7xE7YAiP+qOMSzTnIBI0G7VB1dnUO
-  e2mv0Qu94mbzHYZ86OT3C/RA0wkLok4ESQiL1+Mv7KcrAyIUsAeWc/bbBhV7m6zW
-  iHDnY+XiRh/4obl9zZONnYYH0ZX1cokCkSlxuobfrh6fiDRjAkIScS8GGZe/WtPz
-  uKsHXyzfuiDzSZZwfR7qy30TvUbLsg==
+  hvcNAQEBBQADggEPADCCAQoCggEBAK5aNET80B3bOInYFJEM8ZLtdzs+i6n5CoI/
+  z1w10faoSiTDVQLsMVPv4GU2Z0saaeTqR7fQvF+kFnySprK8lxW9RTj7tErh0YDi
+  Xr6pf0vMaW+InNwgKBhnKenkczbZyyGN+f4jH87x05cC5F6zjvRLLGDKlSvqHRzg
+  8GibqidESGrpYFesjM+yiRTNg4i6bIxQewWUXZs/Ml4B3cHFFeJ6Cm49Nz9mXHXe
+  bs6sLWWbuagX3oQpor2fij3WHJMGVFaHB7LhYtPwE9JV3SLlKd8FIEHrybhmbjOT
+  ev8tZra39jRnsvkEQhqSkCzfCrDXujrALYu9rCctyue/W+rXk0sCAwEAAaOBtTCB
+  sjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFI+AnOQKhBFgC0aOPq6ChvUK/rHSMB8G
+  A1UdIwQYMBaAFPXfP1HptuEgdvteQ6i8I0VSFioDMDMGA1UdEQQsMCqCCWxvY2Fs
+  aG9zdIILcG9kMTctbm9kZTKHBH8AAAGHBAoKqhaHBAoKrBYwDQYJKoZIhvcNAQEL
+  BQADggEBAIEtWR86fuJ4VP5JfDnJf3/cBuDa7PMaWHJHGPnm7HavSQrfBuZGGD+k
+  xdIxhO2XU/WFLFLEpdVDHkaubdaCTVT07LrKoejKOlSLPECQLXPuXE5Tns1m2Afb
+  dzvT3NwpJYTe5O1zAUO6hjty8ZyoJzZMiUrNn2p3vANdFoulyolOEBv++RcmVQHs
+  FP4Q87nSuq+ki2MppNmtN3c1qUZeYUQ4ii0nFYWH15w3wELO0/o8pN9Av3kZvXKa
+  T4bstkfKZrbxcy9OaEvT7hCVZXiMGfGQozGMNEWJEnMYuiCFS/L1IGgabYwbt+MY
+  t2mqMgUA7LFeJiODk1tNt6E7a1ME7R8=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node2-peer
+  name: kubernetes-etcd-master-1-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIID0jCCArqgAwIBAgIUXbtrSK1U14OboeGYYoNge+jMP0QwDQYJKoZIhvcNAQEL
+  MIIDozCCAougAwIBAgIUJPsaAUemgyCKWbGmb+u4l6XHg68wDQYJKoZIhvcNAQEL
   BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
-  dGNkLXBlZXIwHhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjArMSkwJwYD
+  dGNkLXBlZXIwHhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjArMSkwJwYD
   VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTMtcGVlcjCCASIwDQYJKoZI
-  hvcNAQEBBQADggEPADCCAQoCggEBAMvKgPa7nRujdtHxJ4gRJgWGAP0BV5B+Xf4y
-  TCNEdpk+pN2G0v/1XFyw5P5sLDR+yGpOjZ4xu2/ABbbOSq9R1n6l0gw8AnrNVGEi
-  zpybKGTsHBYKdFyrl2e7WmrY7nz16ZYBLJukCKYiXQ64m0hePxj5ouKBebKxaNnJ
-  T57DVwBjggTtD9ne7RkU6GfTnzEk8TQk/nM9yl/Qc2ye444FnJGA/Syh2RWWJEzs
-  l+NAmk8np35uM8wlpuOMdIyOW6A13f+rLj2Num0g1EfJoVx6vSB4aEah7AmJmZSQ
-  S24S4TPA2/WachAxrXvCGBra3ySR3Np6LlQUoj2omTDgrap3np8CAwEAAaOB5DCB
-  4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJc/R1cLhxRvMqZPkdxxnBJ1MWFMB8G
-  A1UdIwQYMBaAFIvAW619jE0GKHShWAPPwa3N80RUMGIGA1UdEQRbMFmCC3BvZDE3
-  LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
-  dmMuY2x1c3Rlci5sb2NhbIcECgqsF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
-  AAOCAQEAt78o2ANU6uz0eNPTEBMgNLdw1BD1ELqI6dXrRjZf2SRJn6VPvrD0j3lF
-  mzzlent/2yEjF9Ic/GgycWaF2ee4qtjuFMQvA1H5IXZxmHED/8J+RxuDvuUtbz9J
-  5NT1nWuraG0g0zK+tcESS5u5RkPx/ldLXq1m/4sNXTOs8+jehQNjzAaMjlgWXyCO
-  rUxRPwPZLC+fXfjPPRKzW/S/I8qJfCiJj1Cd+AD2PchUw+yGaS+ps85fQ3CKLlcQ
-  er3+ac9DBNBc2UmvkusxONE89IOBKF++RLk17Qzd8YR5ftNmGSzAe+WkTeyE6k/7
-  khPHUj6fxyQYuu+IoskvqJ49E+EYgQ==
+  hvcNAQEBBQADggEPADCCAQoCggEBAJ2IlNsQ9dwwok/LbLosFUw3r1D+GBXnc1lc
+  Q69K+WKiz2BMSga6pTwqaf1H1mleCUgQbCmGMzavdQ8gLQLxiMZLUccSJWlJ+Vtd
+  vOtG28qDViJkTbK7+QTtKgE1gHJJEyYLO0hieVkKH1+77r/aDKA82ATtGOZTix1T
+  1f7CkvFS/BI2u9+Uqc49slhmlo4QB9gsH+iVTfg0LhUrSH47rn4fHl4c5ILgUv+Z
+  eOD9kGDexHhVssN6WrBfPE72XFM0PiL2CUb0YVgeZDJK+gCiJrJUsR3aW/T6UzxO
+  n/aNN5TPgF6RHk7JFvMo5bCFGPFeYmjgOdd2NXrQEOqRqIl3e1ECAwEAAaOBtTCB
+  sjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+  MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFgCNdkrsDQUNqfqY9wooXOqSq50MB8G
+  A1UdIwQYMBaAFPXfP1HptuEgdvteQ6i8I0VSFioDMDMGA1UdEQQsMCqCCWxvY2Fs
+  aG9zdIILcG9kMTctbm9kZTOHBH8AAAGHBAoKqheHBAoKrBcwDQYJKoZIhvcNAQEL
+  BQADggEBAJPmP1negIJ9O4RtybWIbZuxLl+J1fsvwToSp3qX17ouiCR9Y5Vg2yvb
+  MaeMBClnN/Fv2z2IxGrU2iIN3ObAwdss11RuE2uGQHnvtW9Sjz7YDmY0Ss/qEYVm
+  D4b5bTRCWg0cLFb1xv9R7vTOIyU/+TZPgaQ/FhXXwiXXjhOS8U54soK1zUCEH2XF
+  SasO+3dI3cXxEAPZ1G2S5Z/6x8EWpCOLcd3umw04woKNRuiI1S5g3ejseQdJ7/ke
+  G+s+LUXCZH/5j9w9wDC0tzJ8noTlIy3a8M9UXeeLoXAi8U0V9fb8DHWTV8RzrFTW
+  T8b4gh41YsVsE5VnmPYtbki/BA+A4aU=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node3-peer
+  name: kubernetes-etcd-master-2-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDSTCCAjGgAwIBAgIUYfltxN+AOAMMCWrW4Vss/qiwTb8wDQYJKoZIhvcNAQEL
+  MIIELzCCAxegAwIBAgIUXdI2/7kuOL1MjI93UzaOHdKl4KUwDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjARMQ8wDQYDVQQDEwZhbmNo
-  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1xv25ydmOBO3rw2HA
-  mOhHnn90/vo6/ZOgu29hfWmhgqUpovLkCSCdrh27XFTQHN1YDmWTLXHxwOT9NWFL
-  cQaZAWN2/j7UpU3Zlw1i3/AQZQjSIIh6MwEXB5y1OgajlE5o/gSsL+I1ZmodXzO7
-  c3H8hgGywSzwQ0PqPJE3G40xx5EyQ61ILMlPMaVROWrWO7rzOjztm2RxC84nJkxt
-  0jF6dYg8wq4tPoyAgFm/YWMC9V8iQxoYPDwXCd1z6Jnusm4aOUl3cckOdB6JG0Lk
-  /JdZSoXr9m9x7ZgRSkA7lZHd2XLEvQCMHO6L6Dz0sMp0GCg3M4q2VcnguJMePV2k
-  1tJzAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7Yq+ryvq/dBgvzqW
-  d30XFfP77/wwHwYDVR0jBBgwFoAUeKBh48Mz28KSz8WjJH+M0cCUfo8wDQYJKoZI
-  hvcNAQELBQADggEBACfroZik3fVeKvtaOhSh+iuzzV6NeYWBcMMuaJYh2WDBKHBA
-  /5mZ24839Z+OS5DLXCBKG7S8kgrrl5LzZ9Quyz0yXvjtYkjV/1JF3ZmgK1FCtKvw
-  4QI9lgxzfoNxEd82PZuL8867FCH6JYRBM9hrSzm32lY0DhSvFS5BReDnjnv4Mj2K
-  m7HuCWEh7HQ1xb5aFymHTIPd1EpPt1YNCsyFKoD5LpPv5+DND6j9i8pL+RmL5yab
-  KXbSA7KZS9wdcxaxyIvOub4P8MxExZ9me788YIR3NAwqpcJ+M9yjeg6vWWl8m3+d
-  iHBDtimDNS9DAJJ1FrdNc33b4aGGBSRQa2wTA34=
+  HhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAMRe1iJ0EVGeoI+UOd0XDf0zYrJvkiURwh/2lkJGr38WAXtKjh9OWNtG2u3W
+  QVjojx5R1uGw2qBtjYQ/6fqd3PG1rym/BW2M0YdbBXYpt/GYTV8iCEbHwJGauSFy
+  spKq0D8eNHHL4tUGzHlfILRojB/X+rQE3sNSOoj9UQwTF8XC2CFmkzCe1cBapK2a
+  U/oNm+ck+UMS8xlBJyQsbrN8BCQkNHtk+lEG1BUrBx4wiJL0Nvf21VO13LNbXIA6
+  OvATxxwuIcTALyjo6LiSDefIiufwTtLHkR7vWCHUwpX3Ct5N5s0IEm8ztWxLvvO0
+  nXDCKlwht0GmaxXkD888Mz3ogQ0CAwEAAaOCAVIwggFOMA4GA1UdDwEB/wQEAwIF
+  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+  BgNVHQ4EFgQUdLkc3IBr6OtRDrhOm75Oo5aqrsIwHwYDVR0jBBgwFoAUvrvZYR5k
+  S5HLSafKqS6ePqBot8wwgc4GA1UdEQSBxjCBw4IJbG9jYWxob3N0ggtwb2QxNy1u
+  b2RlMYILY2FsaWNvLWV0Y2SCF2NhbGljby1ldGNkLmt1YmUtc3lzdGVtghtjYWxp
+  Y28tZXRjZC5rdWJlLXN5c3RlbS5zdmOCI2NhbGljby1ldGNkLmt1YmUtc3lzdGVt
+  LnN2Yy5jbHVzdGVygiljYWxpY28tZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rl
+  ci5sb2NhbIcEfwAAAYcECmDoiIcECgqqFYcECgqsFTANBgkqhkiG9w0BAQsFAAOC
+  AQEAaBbx4jEG0DM3dAp/YeMzbjJC3kt7zz4LwjjagR+AWy9PwWdXm9Clq56r4PbH
+  l9iyqp7RqkgZmdtN1tsuZMIYI64Sl1U+/Hrkx+ivLmVFwPVDaDPh3LCM73Rgdhvq
+  eMkN/esTTSH4tCVniv3uBavSWDHPScve+2Z73k7Y8HKwCCUMf7wUZM0X+SBwQ5Q0
+  92M16yiahdOwnu+oE3/dcYghSYdhHZLpwDqocNzaLtZBmcfV/HAT1F8vYob2ti6C
+  tsUQu7DUHTc7xuza4Mi/yHEVCs+Adwnngy+ZyoM70uzvZp1/Q324ASv33s8UJ5hh
+  VM8zjt24a3SXu84beMBOC9Oahw==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-anchor
+  name: calico-etcd-master-0
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDkTCCAnmgAwIBAgIUIqLAYpCR0ldgk+pIkqVwiwuQfGwwDQYJKoZIhvcNAQEL
+  MIIELzCCAxegAwIBAgIUG1sxwfl5wuZo9oTRvHDWmIUeuu0wDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
-  Y28tZXRjZC1wb2QxNy1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-  ggEBAMx+CCs8wO3RAoFwRqipFSV0v/iqOUXGuwmEl1FLwE6B7kH1X4fCXOa/DSF4
-  mwEkZTSE5m0dnlUabcWkFaloqiBpfPrGeJQQrBFofBXt3RuVYvWWTHznW804NQjL
-  XxwksMWmkjUUgcjjsI6OWAPL4t7hCLfJnvCk/fuSJLRyOo1ZCyqXRxtb5ooHpPOk
-  G0r9wP+z7Sn38x9xFA4RafO4T2g/ttRHTdYYx+dKloZcSMj+w6JlSpV3Duqr69UM
-  1PLoPtRqTXgOKHFo7O5paEgWZU3DIfPV45Cng8Fg1+x+7Z023IDcGfv5y09Td82x
-  UylomnlfoU7Q63VnkvvYb110CLsCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
-  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
-  VR0OBBYEFDqLDUlEF0Pv0NSZejC3wT0/Rqy7MB8GA1UdIwQYMBaAFHigYePDM9vC
-  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUxgglsb2NhbGhvc3SH
-  BAoKrBWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAMOy9hLVCkPFspSD
-  3TAVEafJilarSeTGbPzYEGdDMXEPj8lzrUTmc7jr2T/9J/axfqo3QBZtbLPNn+tR
-  TPsjC3o3oZo1p73EkTKAnd1Mv7QCVBec6RUbA5NlkZ6mDjVa8eTsPaEqHnqa7zW3
-  P/sqhtY+cpqzyIML5/D0lC38i99UV3jEgg4dCncQBFC8TbZAaz16mVGq+lFqd6CI
-  6R55TOlfXU37OFLIkdV+TFOgwXUfheAra1BNxG4aREPJ4xsvX3Jzvu9XUClj4F0K
-  J8XGaMXHJ7Tu9p3Cund0zvJAzQ818LOR2tErCRyWX+4SjJEH51Zi547CW6zva0+/
-  k/HWGtY=
+  HhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBANiNXASEsjjAbBuAwycjnVF7kjmqgqOSXVuDs7AajGrL39oE+x63SvxOKbxz
+  ur0du/IrkqCpbDpJD3vQgO1qDyGd/vGb1XLL05sUZ2cDNLIQKiLhWTW1QuiBeXWl
+  l5WmEfq9L+DYpFbUzdTdmbKWioSUuaRxqeCz3SVZm26f48qzupxyoF0J90ZZAJfI
+  tSu+uovE3l0aSl+mKq9EI39YS9B8OqpRj/QSVNNoY0BhQfllyxALV7eeFyeb2oI8
+  JJ9+RY+JHPkfU9QnQM2+yWGllY1+j9F26/EFD8csDS4CFufGCaUkc9nim2pxwYyD
+  yApyF+3bZLwHONSNjkOZ5+ydqIUCAwEAAaOCAVIwggFOMA4GA1UdDwEB/wQEAwIF
+  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+  BgNVHQ4EFgQU0U3jfg9f/bU5NrHYYi3Wji0qPOQwHwYDVR0jBBgwFoAUvrvZYR5k
+  S5HLSafKqS6ePqBot8wwgc4GA1UdEQSBxjCBw4IJbG9jYWxob3N0ggtwb2QxNy1u
+  b2RlMoILY2FsaWNvLWV0Y2SCF2NhbGljby1ldGNkLmt1YmUtc3lzdGVtghtjYWxp
+  Y28tZXRjZC5rdWJlLXN5c3RlbS5zdmOCI2NhbGljby1ldGNkLmt1YmUtc3lzdGVt
+  LnN2Yy5jbHVzdGVygiljYWxpY28tZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rl
+  ci5sb2NhbIcEfwAAAYcECmDoiIcECgqqFocECgqsFjANBgkqhkiG9w0BAQsFAAOC
+  AQEATr375or+GKzJLTHbNKWctj1I22PhObDuawf2TtRhVfmUoM0R1a7VPpadiHO4
+  WfOtIvy5u9dEGeqon5YQUSKltB4PaPkpF8Q+N/9DbEyOz6pGU55+il5FUkJEFReC
+  iJE5fsanBIf4BkaFVPApNF+Kzf8WIehwllUdKgaL/gMXGYA+xEbuNwSq/BYn4MDL
+  0aIR+XZ/4A9dYsC6uW0KoKad2uTGJuQ6ZF9yI+XPSTRiYBS0ij+t1/V36ROKf6sx
+  cj2kSen/6cDpYOvuWNECR/3n7Lee+h/DI3zlwxCcqBXF1Auy3R7F9hpYgO2HXNBW
+  nYveMrakU6UUUKbZq/gscigqxQ==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node1
+  name: calico-etcd-master-1
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDkTCCAnmgAwIBAgIUVDjRkMbx8tWfi23wAXiszJz56rswDQYJKoZIhvcNAQEL
+  MIIELzCCAxegAwIBAgIUOlwzg9EF5MRn5yg1OwRQB9FcdNgwDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
-  Y28tZXRjZC1wb2QxNy1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-  ggEBAM3MOeeUh3cT0nvqSfsn8uc8wZGwtXEgFNB4Cs26oxXsjXbOiqJ0sQLsXjQM
-  jsvY7NJeFIUDxZu+y6ERD4aeQeYSpX074413+CSWoOxz5Ctbfjuu9o8szX+Bm8Yk
-  bEgEPyHy7phrRHGY5OK9YG2OtyplcP+e5jtCrhMzCpHsHnv0i6+/xvyGIoM88EWy
-  3TeBw27ZjdleSwHGAi5RNLdWZVgIZssSeI70vsbin746dVKuaK62EpBjAA5OOqfn
-  80bWgRHWuMg3KOCtL8Pa2KXxRc+qFJvFEy7QdDXFKhL+t+frtFnru5DogRWMem4Z
-  8m5EJDAWAQA+SAI2D18QP/4vOJMCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
-  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
-  VR0OBBYEFIIOXUcKJhWjdY7odNmbde/b8S5YMB8GA1UdIwQYMBaAFHigYePDM9vC
-  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUygglsb2NhbGhvc3SH
-  BAoKrBaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBABZ6qlx0nY6nafC4
-  V8rxfDZpOo6xaHxVoxxk9xBwDEHLxX3jfdhczVaYnm+AIZzuwBGNmHMDB0ya/BCH
-  i4S1g6i2/SlcOM2UtgoiGM2RaVVFEbloGJM+Jrp9bQWUNUCTHYAWaiQgF68OcNB5
-  02Tz1ANg2jyNca0E0eMLLrpPPP4p1x+9D20+qcmgYRy+c4ehKeKrqhvfOqV9LHec
-  +GQcSt0JvP13fyeA5/X/JDW3u6kJbhaI2dYXzBua8Vq+J9dmmhCB16paD/7YZ13T
-  SbxjL0oKx3MqIqCMnkLHTNZIbZvF3ERQseTh59SPmmeozP91uqs1eO1x6k7FDK4K
-  y72QA7M=
+  HhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAiMSAwHgYDVQQDExdjYWxp
+  Y28tZXRjZC1wb2QxNy1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAO1UAVDInCbL6XhtHCdiLhDcqU1Xqp5ujR6APVTrtrGLV8bQ84E10S37VUK6
+  OOmNEUszVGcquF2FRaOed+Kp0esHSWj+/ERlYqsjb3uyjHhOt14fknpBXQ2UOrhY
+  38J0PAQ1SbcLmia2CffefQb11YPNTWKSykus2mRG5UORf9acyEBtqRjCr4Fy5rXh
+  +KDvFfHhxDWcPW45ac4JOmY+aD3RM7Fq6EdpdNBFDutLlC7VgEU5gT9CmKHjYWVK
+  1jVKO0mnJsCP4YLh32ivfHZhFEmPTVMAneua6vm6wQMP8twRAujN0OK4KU5O6G7i
+  8VweVZ2s+vKsu+cVEHn6No4t6ssCAwEAAaOCAVIwggFOMA4GA1UdDwEB/wQEAwIF
+  oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+  BgNVHQ4EFgQU86grdtPYLyjerXKspZd+r8mtgGswHwYDVR0jBBgwFoAUvrvZYR5k
+  S5HLSafKqS6ePqBot8wwgc4GA1UdEQSBxjCBw4IJbG9jYWxob3N0ggtwb2QxNy1u
+  b2RlM4ILY2FsaWNvLWV0Y2SCF2NhbGljby1ldGNkLmt1YmUtc3lzdGVtghtjYWxp
+  Y28tZXRjZC5rdWJlLXN5c3RlbS5zdmOCI2NhbGljby1ldGNkLmt1YmUtc3lzdGVt
+  LnN2Yy5jbHVzdGVygiljYWxpY28tZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rl
+  ci5sb2NhbIcEfwAAAYcECmDoiIcECgqqF4cECgqsFzANBgkqhkiG9w0BAQsFAAOC
+  AQEAIJbF2h7c4tio9z/PeJN33eahfVtLug1Vvw6gMahyHGNVDXwMpk1CPI+4P9qv
+  VdMuKtkCABOPdWd5wPoDzPSI8ga+gQBwZfkx67jgXvTxSW0qnDCTZONXS+Knl/cY
+  kqsuGsXwYF1t3bTtB7L5Y816AlA0L53FUk79PVkRIWIII2Iyc4Kn9bWHn5jxL9pR
+  Htpb1p3m5F5ezzsbtYypZgF/PAoqzjrsjcKmgV5LFgq9ClV09x4tCdwtgxuMgBHe
+  C7U03PCVhnE2ofFt+CPKUmCHqD5wLoGhW6iDYMUqSQKYl16VC910JqgaQeRy75VL
+  x6TXCLD7rNbKZBv7XiRkcZIziA==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node2
+  name: calico-etcd-master-2
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDkTCCAnmgAwIBAgIUR9PiLN91r3HmtXJeCbYv+14ziJowDQYJKoZIhvcNAQEL
+  MIIDSTCCAjGgAwIBAgIUfupB/qa6MRteI84aoF2zdrmzrjMwDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAiMSAwHgYDVQQDExdjYWxp
-  Y28tZXRjZC1wb2QxNy1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-  ggEBAOtjFIHYSXlfCPZxg7uONY/k6hzK8Y8W3/SSGie7GWQ159FDIsrkbg3D1UaK
-  5FpNHtWpsk+6jNFXrSLIi/fEwE4HMJdAb8MBoBXyKsWi+yau2d5DTWeNMmeF4XY7
-  Yde9xatWJVgK/R57TWNci+p9bwU6jW+WlgwOqGdbRQ+h8VYMIWholYY5R5Fu2DH5
-  GP9t4dc/cigtzUBIbz06DFTNqZSo7LH805dtXIbmm8siQmla6gZ6bR4fuHevht3J
-  qX01Eq0z9jFptw0B+SMZyWLNbLWayFfH4tbHbscs+UFIJ9ZQQ0SCeuFULzu6LQ3A
-  3WX4Sgy9LYeeuT7JlrAY5CuwUDkCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
-  HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
-  VR0OBBYEFBK4qABDpWl+wMve+Bu1HidsPzEcMB8GA1UdIwQYMBaAFHigYePDM9vC
-  ks/FoyR/jNHAlH6PMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUzgglsb2NhbGhvc3SH
-  BAoKrBeHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBADLUjHLJQl6jyT5f
-  ZiRa7HyUD9rDDCK0kcSqK7Zb/DuQ4iZsuGHSyYsLVw8l49bLDWnoLaWRCQYel9jR
-  t/nY3Nu4modRX41Rnnr1y30+B3IwAmcXgGfJNBlaX6S3CtAmwObthcV1Wxf8nbiU
-  KHEaymhlcMxXqfI8TykssNz+0IjylC4X6Hpf1zoDq9RHuX4vt2JijFVgU7Cx6//f
-  smG9C8oJdz1sYOwpjKVbYmG0MYBQrPzAAXh4+YVplgTL+JDsYF92SHMNx8uEz9CG
-  qVApOWE+GArHRN28l1Wpeb0s5VseNcvoz8ZZtFB+Szg4Qg/npDNp/ZsUGzrLAfYJ
-  nSc7UzY=
+  HhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjARMQ8wDQYDVQQDEwZhbmNo
+  b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChe/tJNCQ53vaQyJSQ
+  k3aptUudh/va/0FUaHNljyeJdL0PTxGaz+1T2WAo9MKvIsjsQsDwFXYQzYubXe/n
+  w49o2imH52RsgnSS6GiMBZB3+ah0yByxsfqIMEgUXNUs2Nq7ZTIW2Y3yV5bnNrcs
+  TX9Y/50uBKUlCMBpAsg7kZwIeYWihhk3AlQMkqrWAFLcywM/j0eLYrpcbeyhYzMQ
+  LjJm4sYgOgTtnvKH+50CSL8KEWPCISDmkK6FJaO7HJPzzdSm5iHwPn3/LscehSWc
+  Nr/rA3fy+cVVy37GYxqiDxtBtNk9lyMHEZBxV302aeHn4iaEwB0pA5TDw/K8X/V6
+  kiHNAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+  AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUC5fMOG4Ytt1/fwFr
+  5NE+klHpt0owHwYDVR0jBBgwFoAUvrvZYR5kS5HLSafKqS6ePqBot8wwDQYJKoZI
+  hvcNAQELBQADggEBAGuhwuCbn0oi1EdlOXNmUvfL2VOoSnYWtQ7X8KaGy3yABpuX
+  Th+CM8od1CrFMs0FI4EgK3HxhNJHPheitQTLeoqYzp1J8iDTvYFrf6UrdFRVdaCZ
+  Xok2l6zJTEkD9I+eYQT2hONS+weDCwrstOCj85Ka8IEMftKUP5TQAd7w/DUre60/
+  Ryq7Sh6wBXvxdPwrIzl2H0JkZwEILWmkes0s9jU7xLy0VbHhbwg6r8dlOWxvKnwF
+  9Li7EaehB/iEHn7PZBPlMA7ARlrCnu9rGQnfEpn+lSsv5mWv6EPpzvmDtbk1ReCQ
+  uWEUIF1lEtX20TnoxQtsy/TExUK8kShZXdv5+0g=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node3
+  name: calico-etcd-anchor
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDTzCCAjegAwIBAgIUZYezY8b9NtLNI9H5WYjW1bR86xswDQYJKoZIhvcNAQEL
+  MIIDTjCCAjagAwIBAgIUV8UP58K0IOkO20Ox2nSFnDtspHwwDQYJKoZIhvcNAQEL
   BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
-  HhcNMTkwOTA0MTUyMzAwWhcNMjAwOTAzMTUyMzAwWjAXMRUwEwYDVQQDEwxjYWxj
-  aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg0chcziiU
-  H/68TxYAntIkJywRjm61+1h5qfYpiUu3xB3HN9bZ4vmybdbHMOPn3OcolovLXf2B
-  3zduUJOB32rLFKXxU+2I47gN6RAJVd8mjjutD7cxWuyRK4x4vFCitQnrKM1IV/23
-  hUHRyNDo9uN7FgIJ8RP+gVBBe6xtENMtPYi7a58bB/Y+et6YYB01WoBNJG430Q5m
-  ExeqqjOZGO2gGLn/oV1vN0OB+jKh7vtmUssDi6yWd8k5+eZSTHrTxOYi4XqnJi6/
-  Y7sadIb2eDbswz2MDtLnGrPvp+US9QKa+B7vDebI1+6h5ASMKU5AAc9/mZe0czjx
-  wCJnBZ4gvVmNAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-  BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYhnpEr16
-  GSrugQcpNf6vf5XLuFUwHwYDVR0jBBgwFoAUeKBh48Mz28KSz8WjJH+M0cCUfo8w
-  DQYJKoZIhvcNAQELBQADggEBAKKRyefSUXivcFdWxOOA9ZLxl3Xofhi0oi0LmUpe
-  7OJB/UJjqXMDQX5lDeGUK2lMxtqfHO1AAWqOb9X1em1NZxi2gkn+/a3Ji4ifU4+r
-  BJfZ5P4/RRtpC5d8lkpWgg7gWIbh7mZrVAP3NK8S+nNiP+VDIN4Gl7fwIW+nmtq4
-  8YfSjdKotEcWD0935f/rNPPPJ9wSYP66rF3erK+fFYHj4gRAh9AlxzAw4vv6hJQx
-  Oo8tVljjjNd2h23s1oQWYNf3Bw95fOVjMHD8KSIJfPMmLJcm7PbkQ7WsYgcYDO4e
-  tSrhHDc64d7jtw36llSkjLteDhx/KJpJpPvJis3cKBKkq14=
+  HhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAWMRQwEgYDVQQDEwtjYWxp
+  Y28tbm9kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqKgAIvD51F
+  fN5yD7Qvwc4MsDhVpBc9SVKLatgdQFQR8iLPxl5m/Ph7u0sYwGZowwdnGVXnrRfx
+  W2/AYhfpmxyaU2XBvE92HHXApRI2z8tsTdMi8g7+alrLDWUoOZlVtniq4Hk3w66m
+  kN90zgfQMWSjZcwTskKd1hsRpoLxdmliKkJ4VRdkN3LgV9bdqMudHy4kp/I5YLMO
+  vF6eY98LhUlGxnDP0gifRdOmt0C5uMxSSI4rDVHMMy8I2w8t0JpfoTkX3yMo15KR
+  m9QmHW05aUSwARXNhPiNWtVp4xhLrC3G40evsfzxFO6mZKAbadD6aop8nI6f45eL
+  Wdtg2QhElHECAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+  AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS74VsLpYpp
+  mWirZkY/BfmQ6udq7DAfBgNVHSMEGDAWgBS+u9lhHmRLkctJp8qpLp4+oGi3zDAN
+  BgkqhkiG9w0BAQsFAAOCAQEALky6ioIc8ddbNg7zQ63/2qCtvGvG/NpbbBHt8OnN
+  wO+hai2kxRwYClVjgqCeSI1SiPvBHi90Sp7r/95eTfDXB3lekqg4wTzI6AAKbqmw
+  lKmXZFxXeFZUesEwgBRYQCpK1Lmbd4kBsqGxfQrYmdzbtz74gtUi4Nqdb5hsVv6y
+  OCy4lhwoSJaveZMkOpGHIiWkz4xIJrKoZ04IXn/++GmsMYQpfYvHLaE2wL8oRgIb
+  PfuNWcVZUaucJmJbn+iBehBs0boBkPGEjNMkBFRxejZgO0CXp3hbrU+bvihGq/5q
+  0vNb9OMVXL8DmQtfxvlFQ3liValW2fYLyqM5ILBQX9aTrg==
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
@@ -1167,157 +1413,414 @@ schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUa3PV/q9gHVnyMm9wlctg3TkV3ccwDQYJKoZIhvcNAQEL
+  MIIDmzCCAoOgAwIBAgIUJsG0dJKVbiDOIL5rSBzTxf10pi4wDQYJKoZIhvcNAQEL
   BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  cGVlcjAeFw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCcxJTAjBgNVBAMT
   HGNhbGljby1ldGNkLXBvZDE3LW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDBeSQu0v7sLQ2i/TNMFkz4HOeBWrcbidPQ+iAsbTMZkCuf
-  KYRO/dLcDcQ2yEpZfTx1WymbT0RgmMPNnLIe4P9Pv+0pt+SuhESQB/zwhlcz5AgI
-  xeKbspnUCFKxeQX0xNF7VpC6EJ+8xIUEO8Dh3CiVa9ejO4NXfuR2raGUtdQKEdFW
-  EXwnrKV9/E3XL1FmJyb9oqrnRcwC4EBYPA6u5plYLQ0/Xe8KGd18y0sy7+O625BQ
-  K8uV1TkMRsK4EPdqAo9cwOb/ME1xHgd51PTBbhquaruE7C5lJkBbajbQCcWFESAZ
-  4u0NSA1DEni+Wch+wdIOQLI60yi/FjmjRC4rO3RPAgMBAAGjgbUwgbIwDgYDVR0P
+  A4IBDwAwggEKAoIBAQC9EwjpokRdEK3XsUj1lcmX8CpvMFCg+wvePSbZNBadCXWd
+  CAyqM9990SgkmqZjPeUi1+oHIagZOa2sxaM6gOOKU9zA8ZNXwKCHxSbN+4X8rwSP
+  PlD+Wr6Q4H+sSscCViL9VPuBjxHyJUeToHotYNT//ji1hu5JAC6loqtbuBFjO+uC
+  +yRiSdB/4xBvo9ZMvS7nQ61gHdpeBtqPTZUB7QIanOh95gALOJOzNFp6OHUSm0M2
+  TxSEZ1tym9CrVRg1jttAsqeLYyU1qi/ziPnEVKOoXegHLk+pC/Ss+3UkeS3jW7F5
+  IcYMRdmAwAF+lgbUUnQuyv7/ANoSldP2vL/dGBOhAgMBAAGjgbUwgbIwDgYDVR0P
   AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBTUXKnhSpZUKRBXxTZ7seMGEsxArDAfBgNVHSMEGDAW
-  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlMYIJ
-  bG9jYWxob3N0hwQKCqwVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQDv
-  HhgplVcK+iLZjmqrBirR31gH63q2ZqprwV6FwDLIAHnv/Ohr8qD6Z5/rWb7oRWeb
-  DMi7ss2elRytQ4JNUNx8OMVCjoQa9kUTe5JvY5OlX1Et6lXotb2b6eGzO7fgXfRT
-  N/RbFCCrMseuEq5TGg+uMKP85vsZnvigZE5EmSlE8/okeOArNWNLzirxisqTwDXJ
-  EYQcDIz0dGqLr9GsztpV8IRQ6xGcg58K9tEu0wLku6ikN26o4SagCG88/A/4f050
-  5vfge6RySqwy8Y+Mtrnm4EXCfBFX2YuFMOvyBL59zjPLxI+iAfJTZqU2xZCnA1wC
-  SU5ZJH0lUiQ83epsgTrq
+  Af8EAjAAMB0GA1UdDgQWBBRd+9u4qBPOIl37W5XoK0sjFlAMEDAfBgNVHSMEGDAW
+  gBTHWMHHaoSjZMHhCMD0lqKSshJacDAzBgNVHREELDAqgglsb2NhbGhvc3SCC3Bv
+  ZDE3LW5vZGUxhwR/AAABhwQKCqoVhwQKCqwVMA0GCSqGSIb3DQEBCwUAA4IBAQCC
+  xSNOcxAmuCN2vkzqclDCCuJqqt9o5WlV867XfkeJZazdCOmYuCoWIZC5XVIj82Cz
+  7IL6TrWYox/Rr2oaCj785VeDeqVJ2Cphrelp5mG1sdrYivc+0xsFX+nqlHGnQ4gp
+  HhfLROngpvGFGLwzdymWQs/1MUxTCAK/pg1XCz77GsykrjKc379ih+VJKqH/NfPY
+  EGlResshu33l3wUZleXzEEUMc1prL1tvArqJKX43HdwobGH7MoExG3Qv/VejER/s
+  sjo14knd1J5w/3IboK3XoRnUq6Dd0ca/wYxHxmj/nbQZgA3XNiyhy06IaB6qW6qQ
+  XyTmXRegNn9Ge2IFVl6d
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node1-peer
+  name: calico-etcd-master-0-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUIWAI+JwApwXSqKFVL+X9/yDc+/gwDQYJKoZIhvcNAQEL
+  MIIDmzCCAoOgAwIBAgIUPx16TgubZqdFbXumgwGmvVgT9RwwDQYJKoZIhvcNAQEL
   BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  cGVlcjAeFw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCcxJTAjBgNVBAMT
   HGNhbGljby1ldGNkLXBvZDE3LW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQDGVswTun6glxqcoTfAWUm4LTJyH5MGhFo6kBnuiL28vJtD
-  vCeApqnvNYcB4egrtuF/K8+3mTtndQKalfC8hEm05tUfwqlPagQ3kSpoqaCDooLm
-  zZyfGxMink+lLm6j4K8DjdsYGLgYyV62nZPjcuBtizpSVyrHFFuP7ZJskgNiDhLW
-  ANgj0dTr0X1DPPg+h+fkNG8mzzVpYE5ogBokjyhqLCvNSy5ukfBD94WMUQOvJfCy
-  2juqKyp4AugypJOh79u9IOXTtx6LMjcA/O8MXUnq9R2efpxsFcFdMq8pDCf53g2T
-  hBiXt0Lne+CoEAcU/yF5WB2otWnI88kqiEdIlOB5AgMBAAGjgbUwgbIwDgYDVR0P
+  A4IBDwAwggEKAoIBAQClgP1wUCE1c116KZLLWH7b1IgAFrrt9SKqXJ5J0o4YbpCq
+  UWj5AO3dxOYnHeYygeZ789yoynNQIItY11lTsL2NzY3YBNYNKviCcHmJ1aUX0hGf
+  clU5PZcRO4jG3L2dGyHq4I1VhSiLM+gEdJ3VjgpEpPjH2+SfM1pE5mlU2aLkd++C
+  4FzJorQh8reTpwy+vjyPngNuY7qPzMTZrNEWTP5xgQ6XyTi2H+QAlYl6G0dyhRDD
+  sdZea3WkL1rhM9SlhdhpvUTY/BNjWCl+RYzPVfa8RHUe+I/PqbKUUcDE1Vtq/GUK
+  7s2PNcl295blRMRvNjMEV4H1Bipya+LU6gTvgSybAgMBAAGjgbUwgbIwDgYDVR0P
   AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBSslKpCSulK1U0OG+fQhOCH5aegMTAfBgNVHSMEGDAW
-  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlMoIJ
-  bG9jYWxob3N0hwQKCqwWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQB9
-  sD/EwvHH/+bja0G54wswfwLf6IyFkNQ1U26iNuTsfbyRQAm2JTt93IcW5DJdSzWf
-  4w6OFTsPiMfiXPnPdB/BBPLx303T/n+VFKoa9rOEom/qEylHm51W8LAIfRQ4FhVh
-  CyW8ZDEqshEC0KfwJ2UHwJu4mmZ3lUPa1uSC5LDnE6fXuLdI1xE2lONgcEImCwXF
-  uE+hRSvI2cUJt8sDvclH7eBf0uTZN+oJCPXDVa94k8zAq2OWg60F9/Bu1sI9jVnD
-  y4yX55CMOAhoYQSTP/WKKTg+iSHf2DSrHoIBlq2AaoispKj7p6ODAATUToJWA8Eg
-  QRGkaI+oq7tzhngcAO+n
+  Af8EAjAAMB0GA1UdDgQWBBRvoIvFjUMcvomaT+ZhnzYbcehxbTAfBgNVHSMEGDAW
+  gBTHWMHHaoSjZMHhCMD0lqKSshJacDAzBgNVHREELDAqgglsb2NhbGhvc3SCC3Bv
+  ZDE3LW5vZGUyhwR/AAABhwQKCqoWhwQKCqwWMA0GCSqGSIb3DQEBCwUAA4IBAQAH
+  8hSSxEesVLd3GBtn4eOoTeQrYQ1Mf1VXd8tEswnURCKyUkOGbPnRX7Eqpk7H986s
+  Jd+F6ybMpxOENkmk3FDS3SzFmG3FoNMZmsAggtnTV3NxBa7pl52SlPlRZ+mScGNB
+  DI2X+GWUJLOWCrTtnX0jO5yocoQHjMsAhSQLKQs9hkG6lB7uOGRV0cleR1Di+ocP
+  Y2di3W2++9gM8Bo1y0Z54yTvkVf/xkkDXfaFqdCnmuF8onzmgTgEKZUEhmS1REQH
+  WKJZGEr78sN0T+N00Djetage7RHE/54gZ9v9RiqZmtriynIR5ViipnmHUQ8o53xT
+  JxoTz6qNAyFmLT+IZe0r
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node2-peer
+  name: calico-etcd-master-1-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDmzCCAoOgAwIBAgIUfWTdS+pFhTFeuJtZmXO4uPY0c4QwDQYJKoZIhvcNAQEL
+  MIIDmzCCAoOgAwIBAgIUeg1BAQHyiyowN5GpBoV1/ZEbOccwDQYJKoZIhvcNAQEL
   BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMCcxJTAjBgNVBAMT
+  cGVlcjAeFw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMCcxJTAjBgNVBAMT
   HGNhbGljby1ldGNkLXBvZDE3LW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
-  A4IBDwAwggEKAoIBAQC497jmAo4Oh/EHL1/X19gToBV0WI48gv7FBhiDRCjDfA4W
-  d3WdT/HGkbps4Hid0UPCQBSVD6IS4CMF0BQ1GFd7tOU8E7Zv79HCqD+8ml5LWsua
-  twzMuHDhGqrL71691JrSrLNg3Vg8lOMmtCblb9O0eN7zxzMhH0vnxsIosKYQt6JQ
-  wDq294QO5Vi/YydzzwDO8VTGSsce6qbD9wqWODDa6qvMLP2feOmimvtoFvcZ2Yga
-  Ozfcg8lGCaLurvk/wXQLUTNtbIwu676lwcfFN04BPyTgMINuiAd7V8yXsGgWpWPN
-  OMf40hpUJ1SITdBSfk4WjdCUXYfaTeK7hm01ora3AgMBAAGjgbUwgbIwDgYDVR0P
+  A4IBDwAwggEKAoIBAQCw0VPwa9D7mCYeO+u9xElHdN2r3y0yPeRYDeN3LexoEy6v
+  ODnYLwM7+hhG8eRPrUkGJkg1fDYJWOJ84BcOtkJ/0PotykKcE5OAhUHXzzFW5mz2
+  9M4rfj1jCmHGcxzpxvI5Z4rzmZimLrZC4F50t6FT66YTWAYR+O8S3sv5doi7uluC
+  qus+Nj3bnq7CvaNpgOxXXb5axKHMN/tSpQhjjsftULKr3ZoK7TBxfumpX9I/OuSq
+  7cknSIG9HWA5s4cAVrdzD8rsoXnbS1v426VoubFdZGZyHUbKlQeAFWGSkkJ5F6R5
+  jiCvIpWxYm+N338qb9lDem8aKeJkI2jr41BM0F5JAgMBAAGjgbUwgbIwDgYDVR0P
   AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-  Af8EAjAAMB0GA1UdDgQWBBQK9+JumUrrRmYiz3ZWerJdFqh8jjAfBgNVHSMEGDAW
-  gBRkog4B28If3kz5RH66owjWIWRnPzAzBgNVHREELDAqggtwb2QxNy1ub2RlM4IJ
-  bG9jYWxob3N0hwQKCqwXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAE
-  0NvMse1y9qbcaLFnkH+w4E2QLF7NZS7AxaBjYsjVCluwCE4TBBAnQ/+Zu50I2WIL
-  +Cl0RHwDsEuhnAiBHcX45JxLU3oB5ZllLfiyRcckt4B+ePvRHlRabPtMPuT3QyVv
-  8MBmor9WL+YxMmVyBWdfe1inXHnxUGPFFFnt7mXHz455ys4Hq4Q7QzPYt2I8xQ0L
-  zqs2fIsQ5+17eVcCUt92JzkFJIGrSmCSdvMWFzbgCWf9JgDb01l2V80cA1c1zFF7
-  pFi2M+TnmEMM4vogOSOxYwn521WTuEr7wPGe3lKm6DjpvAazBcl+bQoKqNqKwHaI
-  55lfOSpS5imkbdT+wDsb
+  Af8EAjAAMB0GA1UdDgQWBBT/O5Yi8OQ9dvnkl8EFioKo7pw20DAfBgNVHSMEGDAW
+  gBTHWMHHaoSjZMHhCMD0lqKSshJacDAzBgNVHREELDAqgglsb2NhbGhvc3SCC3Bv
+  ZDE3LW5vZGUzhwR/AAABhwQKCqoXhwQKCqwXMA0GCSqGSIb3DQEBCwUAA4IBAQCr
+  YYhs1mi0WKYpvzJXOE7lM7cQmauoZInx0CFwHp0H4Jo1etHIa8sc3KWaN83RTG4f
+  LI8SjX0Q2sUPoZhBP+MXJoUeIL853KpdrqWjaCHXWLWxDYQsaFJJBHh5iyCAuQVy
+  mmD0OeJjM4C2yXSf616vrlPDG6C7FXcbBlkrrT+3Ja1JW8rSs11d+LYZxGbCFoZQ
+  zzimzVNCXeb236a245vm7zOH8numc+Hfho6PRVzQIEtW3j9x7/pPPcrnvMsmckSV
+  5ybMsvYthFjmVWDhdeqDGBlwmahxppR1LY7OlCNQzH3e2WDSvmpay/NUUwynk0zl
+  O5yzIDySUEzRBKxzBu2C
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node3-peer
+  name: calico-etcd-master-2-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIDWTCCAkGgAwIBAgIUKD7BTtQKeJTABTYFwq2SWKF4kgowDQYJKoZIhvcNAQEL
-  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
-  cGVlcjAeFw0xOTA5MDQxNTIzMDBaFw0yMDA5MDMxNTIzMDBaMBwxGjAYBgNVBAMT
-  EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-  AQEAoHdWmHeeNXLHssgpq4q6KaCMUUY86jZ9+qnXig4BLUmVshe+yGZ06eSO52q7
-  I190uiGTsnIrSJAx2pUffzDDJzY3OhgCgSfQ9UMmYlEPAP+KUakbw6nc1y27wScU
-  G7EQmDC9Rgv+vCK7JVwA95UVTuRb/WoZ7izUqLjWYABLQiV2YGHXr1VHDso9gcgr
-  j1g0ybwdEqUy5rldYEIrpuSPwVccnq7PMjd+b0MqYroGobQDS6/3vrR5i8f4dZkm
-  0VWl6hlTyIXyZOFmfzh013JpFys9STIsLqVz5Uqu/U6uDEjIc35dufh12X4f/xe1
-  5YzEHT2EaT4zSeIaih8lZRhMeQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
-  VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
-  BBYEFIQkwQwaFGqeAIpUPaXGawhS7fYlMB8GA1UdIwQYMBaAFGSiDgHbwh/eTPlE
-  frqjCNYhZGc/MA0GCSqGSIb3DQEBCwUAA4IBAQBDej+PSFlXPvOia8N0lnZyaPcL
-  CxHSp6EdHe7SkkYf6bh0ktCGSVnZOzONodsQLihPAv9d7WxpE7hjokty6s+KFpwk
-  6knmSertXdqSmHPP2sW/iwWJmpJ+Yh6AW+BHW/hMLmCXa44kTFQQ31vcgO4WdZF6
-  nO+PzQxjz/Un8F4H/DuMugVYz5O6YDK/37jacIXmEVf4cqMltr4kGMTTvY9JjEC0
-  CSEAUgf+25Kli/gWrFinUTLK+bkBfTeSEJmvjLEtWzEx+dLd0fOpqG9io71PHsFv
-  /HyF1ToLZFXup0i30n+f5v3quoyiWfsKo+hkFTHrBNqSjjPqcQYrlT07iaC8
+  MIID1jCCAr6gAwIBAgIUGY8nN1M09rRtXje0UeOrGjyytTIwDQYJKoZIhvcNAQEL
+  BQAwJzETMBEGA1UEChMKS3ViZXJuZXRlczEQMA4GA1UEAxMHY254LWFwaTAeFw0y
+  MDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMBIxEDAOBgNVBAMTB2NueC1hcGkw
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzawcLTbCvOYK+fG6jwO6T
+  nHfmdqvLsIo0LqEXEiXU9nuq13Wk20G1I5dhufbrpzH6pxKhqqxjWUFjBaXjzkU9
+  ZKc03+I6cOY0boOyheVVXACJK4qe221jmMJ5VwwBqYVBDmyMYFkSSbKeOBqD9wid
+  tUqVl9OKDU93Kp4p0RhqpIw7klg8vClWRGuTcnFI8JwZ+7PAkN04NaBTfU3ZOLCT
+  uqblC1mlDef/VnsWQHkFw8k9LBv1U0d96K4QXEp8f1ZWP04LmW2RFXxEHBOay5+i
+  hOEnn6q2edeFP3Fn/aPQkgAsWQp4sNpdZg4f+bCK71KpaLHINhraHxzLdblRelKP
+  AgMBAAGjggENMIIBCTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
+  AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN8AuAlzeGiFvKKC
+  F9m7yHkJvVqFMB8GA1UdIwQYMBaAFNWwpjW3wur+jzSjykTDwnHzN33yMIGJBgNV
+  HREEgYEwf4IHY254LWFwaYITY254LWFwaS5rdWJlLXN5c3RlbYIXY254LWFwaS5r
+  dWJlLXN5c3RlbS5zdmOCH2NueC1hcGkua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXKC
+  JWNueC1hcGkua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcN
+  AQELBQADggEBAJW5tWK0KbhDJXhQVipjffGWq0ghRPdrMJzjNZ/KUiiRCdPbdBrT
+  Zq/nAyXJ2rfnHfo2U0A9a6nozC0F03X7nFn7PBbhTFa5RVuiy7Zub3JLlWpm3YAC
+  +fEiO2pXINgIZcmkNAkluJOmhDanSb4tIoZDcw7KaauqcxYJ7g5RHxLhoK/1qlQ+
+  hGs18F0VAN5eTFhh2GYxNzOwvq+7+zqtvCn6/xRtt3RNX4q+tjuBeNs/5s4EJHkD
+  E7ls6z6fxWS3gJRaIJZpBqJZz0yBt6HyMo0tiCrj5pjQHJ9IP+gPp7raUZzph7az
+  OTEqMIBSXkxDg58B771F37JNBIr+2xUrWqw=
   -----END CERTIFICATE-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-node-peer
+  name: cnx-api
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID4zCCAsugAwIBAgIUXMVTCWm5dfGM1q1dMpmTplRAHXIwDQYJKoZIhvcNAQEL
+  BQAwMjETMBEGA1UEChMKS3ViZXJuZXRlczEbMBkGA1UEAxMSa3ViZXJuZXRlcy1h
+  Z2ctYXBpMB4XDTIwMDkxMjAzMTkwMFoXDTIxMDkxMjAzMTkwMFowFTETMBEGA1UE
+  AxMKYWdncmVnYXRvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJf+
+  fWavRZGy6qICuYy049223U5q66P+fAy7ujKIJrwRGv5Ca+iUc3VxIHfq1tB6BocE
+  4uOreHB8FM/S1h+GP5JnkmsYjM6JyIu4PvO/iKhDsu0OXJJg6csBfhEcv8JuXlLT
+  JHGaWr8lZrhRF6tMGSJhV9gLbHMDzxhQsxjevkGrSDPMMy7O5u/UQT1DudS+wg5s
+  n2IuLLugSrWGtJ9x0yN6RW2/YnWhoyQkp/zXHu10E1LLcOrwyYEEJvgWB/A1ltIv
+  lfGoSjzvfAvqb0IklkfRyOgm5qHzuqYy/5Bs0VkX82vtxM2V5QFGzTvamL0HNfwQ
+  /rGV7kaz+fCdI5f21n0CAwEAAaOCAQwwggEIMA4GA1UdDwEB/wQEAwIFoDAdBgNV
+  HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
+  FgQUY4WLTa3Ik7YWc/KOHtuX6VnPfUMwHwYDVR0jBBgwFoAUtmJJABI696xdNsYL
+  dpZWY9En3Q8wgYgGA1UdEQSBgDB+ggprdWJlcm5ldGVzghJrdWJlcm5ldGVzLmRl
+  ZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVmYXVs
+  dC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxv
+  Y2FsMA0GCSqGSIb3DQEBCwUAA4IBAQBSdBzsoZN0PlroR5eAKfPjk+SYdUOGAFax
+  AjD7h0S3IYXEyg8OP167uZNQ5u2qSDDZ1WmBubQHlnwJWZtnWk0uWD2bowIxNKOu
+  0rr0zr7JHE1okQlPK3Gcige7GSKG8C6ijbkBV3pHDQwiKmAC3v/3QPwp2rIkjkjj
+  EC8H1PZCcO0xbbHzA5siPrAHZ8j2t8FNKm0GYnpRuz4j+AM7pkP16KIvj2ZNMl2H
+  avqwu0USptxpLHC6mBwdsOmtvcuQ3uWl+VCSbLIEqRx/fMIC72L+/F/uH9Wq3+Nc
+  xrmZHYG7t3aTx6+KO2+ugCQACDXdWRWS3kCwkX6h5JDWbU8vS55e
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-proxy
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDdjCCAl6gAwIBAgIUfjPKHTZq1/rv4fULgwnlt6ihtL4wDQYJKoZIhvcNAQEL
+  BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQa2V5c3RvbmUtd2Vi
+  aG9vazAeFw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMBsxGTAXBgNVBAMT
+  EGtleXN0b25lLXdlYmhvb2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+  AQClKfMCVYU51JKjZYbMffJN1KniGjm3tQ/uBEQQk/6+YwTGNetHApCHnWtQYypJ
+  XuJ92fN0zOG9t9zIlNu2Y1HmIJqfFVBUcQ6KEjxGrEG8IGPzL+g4kqZFUofHB/oZ
+  XeEv9dxIa/2AcAJY9WYtXMwEXl1SNR7Dx/mxALkQCEdlw+gXjDoj6bGTHJTvfNfW
+  ZK1On0ARbMh4UQubEDTXNTte4r0NDLPa+Wi/9Cb+Z4lbR0zfsbsbKid0jHqZtzOl
+  /D4O0k7RzIpP8XnzioEaalTPxpTou5qPVMqYEwZxpd2yhPvbHNSyXE+s9016trGW
+  bxy4CYGz1HlR+L5HPKecNWfTAgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0G
+  A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
+  DgQWBBRQSfYu9CVO11iEOAT8rr9MSKcWizAfBgNVHSMEGDAWgBQcfw2E4iAF32F1
+  d2kDLLpUj/ca5TAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcN
+  AQELBQADggEBAIhlp9L8xGZql/Zky7GaKRx+B75M09Xysf9dz+rdkwTWw5q/04XW
+  sfN3oDsKfXdM+eRsyatCw3Qxjam11731MK3WXFvVPn3VctR4GMAypEJqhORbX+Fs
+  v9gV0dzUFwiZ7m+iQM1R55H69WY3JGQ0Hg2un+pXi9L+4tA+nC9wVVDi0sbLDk7B
+  hI9S6qn0x4YRJLwBSDWn8+4gBj3tesx0AA8ab/RzvXyPv/DMk5vxe5joZhTJ4mZH
+  hbODDO1lit5HQQ4QZwiPuMuNwlGxUCK16bS0/T++2Qbs4uQhhwhWKfYouMVvw2j0
+  zEunGQaojSwQN38P34rIBlyzJlWynabs7ZQ=
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: keystone-webhook-server
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDWjCCAkKgAwIBAgIUHJRb7VZXvPiWjPTYTKTx1tgcERwwDQYJKoZIhvcNAQEL
+  BQAwMTETMBEGA1UEChMKS3ViZXJuZXRlczEaMBgGA1UEAxMRYXBpc2VydmVyLXdl
+  Ymhvb2swHhcNMjAwOTEyMDMxOTAwWhcNMjEwOTEyMDMxOTAwWjAcMRowGAYDVQQD
+  ExFhcGlzZXJ2ZXItd2ViaG9vazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+  ggEBAO8c4RDJKuXDrMyZeZkdyPoSBTvXhC7S0WiVJwmYIahuhktD8F91pC/0ZHOs
+  IzMKlWscwgnoNPiW1SLCdy3cw+jAs5oD16DdSBlWz0SaxLxlGZYhZe9YFTtzoJxO
+  pYdf3iZJGQHi8hKM9dF60dCLtQ388CC0G1J486CUYVfT8r5SzWl1IqBl6eoI+Pcz
+  Ml6pD4cSf8NmyLdpEIie/WFMN9aJxQUpY1KREmXQgmHuTf/SK792FY8EJ/z63aJO
+  3OzISDusexJC18ACVgZ7XzOcvg1/jTzaq5BSKWvuEfWeHPVdaNb1eLEBANTZEpfI
+  XA4VTcdU9bfd/M4VPiKXk6HDwH8CAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0G
+  A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
+  DgQWBBRJE2UgdvL2ECJM1nEuGoGU1l+vzDAfBgNVHSMEGDAWgBT9NRvRcbBPMX15
+  k6+lAQz+EH6IbTANBgkqhkiG9w0BAQsFAAOCAQEASZPkVsKJyzVbivAJkkesGVjB
+  I/6XhceQ/4i4udRWyDlXhLniVNwzUynZNf2XqVxy5mIzd+6vvuetMh8O8pqGE65j
+  mNoslF6pozBwvcBEMRN/I5RkN0sGEg3cpA3iovLSgYHDvn7vgCJ8k62xvUUgxb0P
+  eaVzB6QTbHSISnZofVxAxuy59b+dUAubxhlLMyDak8DYxyYflPa7o3I7CzcBPbD4
+  6RYlmk+xA/y8dzQACw3vLy4N8/iWxhztbTUwJFJb/g/BgAw76/ymzE6M1udYlYBX
+  h29k4BHifN3op+qSv4L2sdC1ZJWkjj1PedZcapxBaBhw4akU6qgXrZc37KRB+g==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-webhook-server
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUHpsv6LwH+MZweGRpcCq//SO1pygwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCla033aYAywYZYS17OEh3n/k6pIPz3
+  VJPaasU0Uljq7iAuEO3rOphpVkgOVL2OTPvXynGfAWwh09FjkaGMqT7UgQfIlPpG
+  kYLZwfUG45NtDlA280UAEIlQFVpBW8bz0caE4IDzjYFy+5UYxjvoV129Ni1QQbFp
+  rLP3zfX9Wk3m2kzZ1On7xTcgZu64kAaLDjJXrTzS9wIIj6zXSi0zKF5VKW10hDPY
+  XqtD16OJZhG6zcDxtrnwfT2jGObN0hmbF/EO9Dm6XS0Ng/yYbQBfQuTQIuxdt/RN
+  DPvVLEooIifGHRLIRrq5q6bLAzg75VL1Hqr3glm5P8RZfqSAmm39X4VVAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSrBz+hjBkTeInEru2sN0RiyVUF
+  mjAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEAmatoUSXOiubjHhne
+  MaM+2PEjoUrg2cwXN9O/mqqxxWtHwqVq6/41a8yvJBw71yG3qX0x5jx+19WNT535
+  I7ZFp+8WhdyoSC7tV6Bta504HbBT+CikNuet2g5qQIMGJaHcH8r30jwYVZvW50/Z
+  1gRxI3YH5+oip8Mor+7lQSSX+cKnmbcgbCcrUp5StcyoH1WVxQOZwbJPhsPPCnLV
+  op7nQ62d6hdjuanB6aRqHtK5onuxCZUZpBh5rzrAkHr3y4tFaLW49r46XeXGu8v0
+  BduR98o2ngeRcBKwxleFhf7Su0cDm5iSZzVjag8lSzLhnmr+5gCfHxKVgGOiLMn/
+  KQzKsQ==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node1
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUDfCWoE4dt+MuTvRzZKeBTJ+e87gwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTIwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnUDefSlFyfYSL0rsqf0Cj5iLsISzV
+  393hE3A1wfGop2QBQlGbGbfKGXIGWraFwaZnsin2uYr0ge1WHKSfmpQEplZX3vjA
+  RpPaqp5FO/2J8/AotHCXPmBzLwRndm6okyvAyQDk4TR/Fs8CfGOgKO/lMkRJH8w5
+  iEj5i7KpiK6VBaUP1E2pLu0WYrnTqG4b3AiZjJlo5+fSxcjg8VyuuWA4t2Iglv7e
+  RoQjfRK7YLhSImHrfHf7HXfNCgr6NiaUBlSSUsgDV+vsHrtdKRueJ1B7CnltflG3
+  C7BI0RlJZ4wngR0sLmDmKdLkgxO1UuhFtU0rm6JFjIeIKg9mtOsWbZxVAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRrjqNjaX1QxcsYX9t90tAOEdcA
+  ZTAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlMocECgqsFjANBgkqhkiG9w0BAQsFAAOCAQEAnXDS/u4nmj7PMdER
+  L5PJmkQC6wiCdzRcs0aivlFvcFO5eD7GXc/q5W6YW4RRYahYNcUZ8bN6vH49qPce
+  Se1o+nuyEiJtgbikQCKavroEnd7WuOf8O7kqSTqikM0aiKCKC99Obo8ICmsfGsBN
+  /eCMHUxvO+r0NZwTvS7mDPujFxS3dry9D7PZhqa05zCKxzPGeSz7Ny7luTaaX0EP
+  31au24qs81693SGMiTCjGuJgMyZYSPQt3wY5M5RYWq3rxjXWxSc2RJBIfVz53Ovc
+  YyxoYgc7gbWJCmf+PJ58PpUoXMCf79/sznL2xFK69QEdNLX+ulV9jO63+DP5jj6U
+  +euztg==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node2
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUIh/JdCSPL2z+2vei1jiDFdJEEdYwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTMwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiF8JGtlLMqyZwupArbL44xnce6YUo
+  lUqM225RGBvQyVsHf1oLIDCU6Os03UphPmMy2WHTJJd0wue3YhSXNxv/wTmd/hzy
+  KlFQsCERyfNEoWWPGQrASa57LfjsTSnC/QGNfSEbs1sfzMoRqFtCgESpJ64k7eSc
+  Y3B5GX28LK7XWPbTLf7L88FNVDQl/QFjPtgilCSUOlqSPxD5MLbM3Fnzgzq+lAEk
+  I2Ul7ZA2xZINKpgFmiiOEu0a01Ktlu4UEYY/t119v5WdBuT1h5m45ITWd4un/1PU
+  RbRXXAMlACFPTL3yaI+tL4h6W/mZdAqQ8k6e8f+O5o/7rThoj8koG+7bAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT8BdFG66a2OqhyksCPInJTcNX3
+  fDAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlM4cECgqsFzANBgkqhkiG9w0BAQsFAAOCAQEAQjwabqSUknT3L6yG
+  LDUnh/Fi4IbzUTxs8vNmvu/abcCCYsvtYWwF9Bo0ASkAnHlo09hIGQ2owT0axksE
+  797dbXyWeKcPLVPSeqGRTlnUidWQ2uFHGRC28L8GXO+h8N3cQJRp++S1dGuhMenN
+  O4K2iO0MqUez5Dc4kqc5IfwZMVyziRj7yAljheGcoMfEupBxal2cIRM11oa0iUQe
+  43wI3tjVBWThoUglQk6kU10cWUrJdad9Ox+6tuaPEcc/3iH2VEemJWk7T+zq3MSo
+  2DDemD+p85bLDVjSuoHXH61gse+hP4uA1eRa/yQ1uz8NpauwspkhLCVtDu5/1Opj
+  GhtR9g==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node3
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUId2FShZ5Iabpg7mzxgKixGjvdOQwDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTQwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWw4G9jBlAeP7HKfBKiShzjSbqCsOp
+  j9lPUEi7yptwMRoG4b++zQ705aPVzi8wxj6WSnxacUfUzUkdHw7xKRDp/YcqP+Iy
+  4If7BSHQWd1UiHvJDNB3Te92u2dd7GZfmhbcft8cxTM0PyKnQyzLeld+QbUboKoM
+  AppsQfGHBhj+taXB3D6iAXhJQ5c3prvqhNJgnuCccvRUaeIPaoGIqj5bZV39KDvL
+  6EJa9n2rQGxrjQT2PLUmj2nhc5vJsiNC12o1OLRdoS0KNnGrkvZ9LPNgFkDvPAft
+  SARpSIvOyVEzKZ1pDep7wOYNCSsfr4iGt32INsgVfyzrwe26oaezpFVtAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTXhgxQRrhvBXbbGjptahicYImo
+  AzAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlNIcECgqsGDANBgkqhkiG9w0BAQsFAAOCAQEAEU01vdaaEPgF08Dr
+  wnr4URsEbt6XgAqsXWhSQ9W1AV6oCF26lLmmZMe56rxxw29p3PMdDJ+oxGxg9Qnl
+  zqXfElm1pg6JYokNH26twiPav6Roa4EKOWxx/PPE7rqMm3X/2a8JpjMysRl1QJo1
+  4Bzi3JFfEQgm4uKCVBGR+ap41h8c3juMyMtm1APURuGXIWFm2EJNWXJhCuYvS10H
+  2g4srJcQbxH1s3NTVr8FqOFthSrBYaHinZr/LTX8hdM7sfemzvtx4D3tNBNymZU1
+  eaUAu8GBdEKCAB95e4fesWX59NeachaDm0TIobcP1Evtj3l7CTqyxxqyc9BTQ6Z8
+  7UYf1Q==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node4
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIDkDCCAnigAwIBAgIUTgwk6WNsSDq3vp+li0o3FVWQvP4wDQYJKoZIhvcNAQEL
+  BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+  Fw0yMDA5MTIwMzE5MDBaFw0yMTA5MTIwMzE5MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+  bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTUwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNOQahpnBFKuLY6WTpYOgu4RD8jOJj
+  UTxgPl1DeEtAfLDOcme6dX42hDucS4Hc4RWc56Vb6JYJQerD+Xo7b2LnzSRituq+
+  g8bWfDRSBGnqepWBudIilJTgwSOIm2UUDrB0lKUdVk/Je+X8TMjxqCN7HlYgKpOq
+  /cRiO2IIo4O3v7XD2avdydQyxWppm/Jqq7ZFEi+HkWDZ6lQ1yYYa8ynmDg2HxLvz
+  oY0MW3D6EP0NkxOGuiG1WnhT8ZSoz43Tee6ICy7FmTtnMVKzo5MW33QAaav/EjaS
+  9GM+NFYbB47UrLp9W3ohYoNFcdrMs3jsRdCRVgvaffKfyGBWvnOxbhBXAgMBAAGj
+  gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+  BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ7qh/tts1ZIK07nwkf/xCds9ud
+  xzAfBgNVHSMEGDAWgBQG+Y3CbeZI/XixZZ1chQL72ym46DAcBgNVHREEFTATggtw
+  b2QxNy1ub2RlNYcECgqsGTANBgkqhkiG9w0BAQsFAAOCAQEASfIiPKzu8jjy1sU4
+  B6axHAzUbPkxIDweGMNo9hjdOqAJZZT5WCJFQqk1OKMMxETcpIPSMs3UCGZU1lkV
+  8FXfxdckCil6eQ4TrEeEyCDF03CDv/oMaQhbupinS5dQ8dtEwVGy5cDqD1vtON2B
+  WeeWDVv6f17IyQQy3mxppYPSnLXtZV97Adg1RLvwK8J750ZfGDd6RqeZbxFBoBtH
+  UMT6pytrMuRJtdKHJhziRXJzAEm7TFRdpr4Vs69mKGAMuCZLiaGIHYbHAVckdg83
+  RmWVke7/NKDVt9xxOQfgrckWPcps/M3ULMDGpgYLJXYvzbsHKQ5bqO6w/ZZAUEc3
+  K9Bdjw==
+  -----END CERTIFICATE-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node5
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/Certificate/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEAqJxD7JNGSgkZlRgr1w0SKjGJwdIWipB7GRk3d17tPpqLaxVm
-  ujN7NM0bFU39v7Ud5P9YpChuetzMEJ4ry4xbwVxqgbs1XxP0vDNaGZJCvcckxDDt
-  hiRgEICj6kpFlLAIabMCP/PB0VPGNT0WQPfBPSk8gUJBOfgjnzXIZp9l1h7vIy7+
-  GivvuWaQu7x6zeQ1yhj4KrHokq8jD8J4xAVV7Yq4IY/852ZyPlwVGG6d/r4XOb6o
-  WiWc+fRfQxDQlv7+Qfjsp2p4VqftC4+UF8W6carZwwQBpuDaLKuEY5HmAJb5wZzb
-  uqnkPVZ/Cr4Kcn457nf0RnHAvuWv09NoCPPnKwIDAQABAoIBAEzN6c7xAzqkTIfy
-  2715EcYwjJzCc0wpJjm3l+GDVzSGN23O8N1up/fUWjrpLOZPvU9b1WfplvHWdAo5
-  0p9Ez2MUEtwHh/dIYtn71lYBnu9NsHzCAOBy32OFBaWqsWlaimqDhUnWYnpU29vS
-  eLmdYePXTd1fbdDXLHrQh/nfMAdJkMPDEZWGOruLM38jrG3wUmAuTgW3GHMap6pU
-  HNhPBfIbqn/LJ0VAnv30/5wZQiA8sw6Lee5Kqiodbx0ERwke2yluufI//3sXkEiV
-  hPak9uzclCx/bHS0lC69WA8OolihShamt/hzGWahVjNYLBgesLb0h4Me66QUXYvO
-  td3kvGECgYEAz1i6oEVLKa/IejBZGamj76XoX19vDqscgf+tG+1Z0+v5ff0hv8XO
-  xHQvDaOH2YUznT8fn30c9fHDRP0TQPvwg9WVviViRXvdfeddhShB2J2S1t9OUNG8
-  s7PrChJgObbHRo0YZAHcBrjxihwaiVrogbAmNYrmPtheKShYB6cJF7ECgYEA0Cyp
-  MkFObthndnT2UmMB9EbYd1mV0yvU6Peg4dSAY4c3rZadSoxUsddHdBjSB8UXXfPg
-  XbxUtA9SRSelxBvx7a6mb1Z6cRo0gg6ugfsrcIyw6wg+gspYNCEmbpDECJ3r6CH6
-  rG7iT2rVX10WBjsFIdFQ3/t0Dk4ERmEC6aj+P5sCgYBG3B7jeOrn8zADOhSpJYVl
-  +AAC3/13ONkEQFlrquDBAOsBuIlZHYO9NauC8LkTiGcMPS9UdRB5qMbAA/EZi0A1
-  /b8v/VypPFyEk5YtVIW0Pp2ZGzWLfzILA9i2V3NVJfbSUJPeUZhdH8VEGrii6lN9
-  RrK4J6DqJ01+qU/0RYxg8QKBgG+3+BlbSN9dzbCZtnOiZLMWribm8ewBMuLPugxY
-  AYroTy4ejU0roGxMjzEz/Mtkr1Shg8BqSL7VFh681042fRBEUVeg/lbibFl7zZU+
-  GSLurieEJiAEvW9Edx6RHFNPhQHv8lpFq7hZKidiimZPmEJ81b1OcgsXPV4Tw/9n
-  zQKPAoGAajWZK0pvEgZk07M6r0o5NVa+CepqAaisCjdJvDNkiBfAQz8D7eczZuTt
-  1Hr4IDDvrrLPX+r8Rof+dEkVv+fpZx/RVlfimjLmdfvoeUmCp3w2S6I6FikYrHGS
-  FALCC7cukRHdgdczTl3YNSGyMnFWzdjKE6aW6rPgqc1XvMs2pbs=
+  MIIEpAIBAAKCAQEA1KJKVMdivYdLgzzlXYPhlF5rs+bqShn6Hj55UlmU6fuW63GS
+  +bFszXkvk+oCKI4uKUAwzclwPb85HVuU4QkHsJyG/hPFJKKaXpSqs08fYxB8Udn2
+  tfy66t+rlMcwyWykHdi0iQv6FOm/feJRzqK1tPV7wGV6TQ/70FQ+il2dPR6+w9Eq
+  UhepJRA4PZFNYxHCMuX9JDTeVvbzc2OegOhR6RgeCnzuEK9GmCuoEV97RUA/9UUE
+  vTO3JLRugEdmDXho//SrYWv3EwqTZhkShWsq9H7lkwL9N9KX6yFbq3/7quP4cKMI
+  vZqpOFVI0m5BfjrOVNxufMD2F9AJu82zAlZVcwIDAQABAoIBADhwFxCnl3K83XMp
+  D6whnBdYdHfcu6UNfhDW/ja4ZkkwqR83Fw7FZB6potI803PWQTRbwFhutib9gXhk
+  XYDZd7wN39rCfpo5uoWOKjzLrIYL0yOamdw2B5rd4VntAOsFtg3h/hE+J5Ozc0tD
+  bflNwLMWUVGA3dRkgK8MHUl2jYyyB0H+kQ50VQDz/7qX3GeiR6LmvG49EBYAavFS
+  xCrL+Nt9kfa7SrNscvR/1L9BZL82ISd/4vTZT5+NCtec4e9xyu51wwg7qYB8ICAU
+  +XHx2MKpu98eNOjRwz/jmyJ5ZxvUVFnzjFdiwlwe6Ve7jw6pu2XKtkFMJYbZTYsw
+  puZxDskCgYEA2Yv92orMbCslE1hh7bjAwT2UPjKTbDOknX1EWPu0bqIEVYUgm8pJ
+  DRnWCycewP1cL+uoYb6HBt1a9ec/I5UhHwC3BtCdl6L8fF1gtKCSyIm/mmJEU4Em
+  c/RbjxODxouwN1I1a+TQ6CkUcTjDuFVBg25uUZMvrqX/Occ2B/Vg9PcCgYEA+jf9
+  anW6LpQ1zrggxksh4FfQWamoarg/vAbYRSipM3pQrM38ERGXzNbu4rOBBpBuoZ9P
+  sK925DdyCt+07LXF8I8Sw+1owbb+7/Usua8rJEogm8g9NoJurosMGfHD0Y8PBLWW
+  LsuG1xtzF+7ViqSoUcen0S3gl0Tbrqxftpob0GUCgYEAwGRdCbRsm1EAxf4JBTq6
+  RWvXObZyyGNXtuw80NExvhHM8XD96KlaN5rcwBpFyXmH2N15mY/tTHXg5s4u+aH+
+  m7N/Kii+5ob+8mGGj9feWDnyWG+Fa7AxOKUnf/5LMQECw7oRgqzm0BrceFEyTkgf
+  20ODjuMzbSpi8E8sipdIuvsCgYEAnI1jdLRr5LC+abQybV6ct2y54x+PTBYzakUu
+  Ezc5hgfFahkG2PcU7wibNiPxWlYLofu3NGjUDj3SkJMe8+tXCQe7SfLEVE9WenP/
+  o73BVFc8x7sk8XHyJirBS4pEZl0HnH6wlF6q4vM9s3+vA6u51FEC4pG9r2dZu5QF
+  3o3VUTECgYB6i9efJNxarROhguJ1DXlXm69j49vtgZVR/4hvbVoUoZkFFobQuJmr
+  S3y6mvdOb2duhIFqOMfnBket6pGV48N//XhwaKFYgRvt2LSsyRtagwIEOSbBe+A6
+  JqKQCFlkvLVOBinkiS7pkkn93ZdWwTOxBvJ/qx+qw151+fodGIQ1Fw==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -1330,31 +1833,31 @@ schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAuBp27zYA0f3B4KoJoQl7crkSAiaD1U1VOaxzay/ErmKW0qDX
-  K5dYSXW2Aej6QEaJ+y7soWlibhIBimF4JEEO0MDywvDuB+/JzypGH4bEzJUBHZmi
-  TvefEJWpA55sZBml9EMAXcdB0jGjxNeVbKl5T4d7KxLdlQnDdY9Jku5H27lyen4M
-  zPGn3pec/oFv8qdKyI5wI/TCBttH+raV9yhfsAfhCiYnplacYSduiQxOkOC2rPJh
-  OAHDSQsOvwgP9P1efMOu1L+fXum9hMwODXw77PTeXHNoCxFeemTKVELgWj/AKK4q
-  /hjefDVr+S0FA2SNETBwMHfDB3YXG4EaXXWg3QIDAQABAoIBAQCBvlTXHC3Tz4uU
-  swB6Nt6C6R5h2ZbK+eb38Cqe/VkUtHIqGiPJmq0jiAsuqWvDZHLVTCqDTmuJurLP
-  PQWYNykjwPbUn0qA2WJV1yr4CNgkfVX98EnMcQHuhCpKXJlyqgikbZuSe1xNr6IE
-  lRG/NGhDvez1XCRAZlMTRFnLbJXDqGk9kw42NNIl6fgOmdmvUruj0z8lDhyCnXJk
-  ZzGWbQnEohgW4FjDV9W44H4ErhV7afU/z0WXiP5BDTYWHifP9GhnYw4HNjbIa0I1
-  /KZ7kneZyKrdGdhGen6q6zRpVV68pFsN/TdOZQS0+MYwavGXqJw+eg+cu+wTfgAu
-  RuR9J6vBAoGBAM5uqNlZzqSfGnUHoMz5+osgnr04ZED03gMgbUfcscUyhWd+uy/t
-  +jJdsUcYtUnJK6rR13kx+M+Hd0jSCuCb3aWTNt8gFynaBS5M4i6dYerohK15R8v4
-  S9CjGi+2ye8wguqfrcijxGUlyj8uZ36MhuC04szEnppTDq6+ytwzNkrZAoGBAORP
-  QPzQGFAn6L37luHosrftHeBNkL1IhQo4wp1vIbhKS39K61oj0lNqxzqwIxTploNL
-  JPyJ33W8FOzfinMDm7lVrp1XoFJ/BGeodgO1cvkB3Wn1F4PQ88CmSzH5ngMOHgjQ
-  tnr3Dnkr3SaZheTPhDOtNFF+hN7gtnMrSUoJlpulAoGBAIsqwx40k0EcGeQHznoh
-  lKyywxFhsQSxj/Kfq8yklhwRYSpSn7NCRkgqLdd2atFhk9THPvJvpAOUmfA32ilu
-  KtDzHCz0H2mRl6iNIHa4l0iclMW2W5bAv6vaKU89dYmRNNEj8S6waTifb2eEyzTf
-  XBalG7lcXGhB0kYwTeaBh/qRAoGAMP6RA6/kh88Iszx6dKBrOe04rBn5JaWaZ0cm
-  /IIMym+nI/n/56goSp5vgripzqMSGbrWhRtRSQLDutF99JChqnQotLtJPGrllxkf
-  ukwGEEnGKibelPsSVBVbra3TqvQsndesUVcTVA2Ft/LaOPAPfsd8osBz4yB2BuET
-  KUBFgcECgYAOdiDDHX5xZnUvQBBYSf6CwyxWbv7f18I4l77lfeDZpIHOaBmCcgOV
-  xwWNN2fbcrPDD+joEEL40FGh5mZuGzeUhCFDa3VFvY6CMJRcsx5JzHP2Q0Bc8rBr
-  reVyVHwQaIbVnbPVlk6qSMN4XKJd1vxg2sQcMfjyoGEn0TzHilmoIQ==
+  MIIEogIBAAKCAQEArPzgQ53Fy6PK+keVKg5M7jzk8WMZKgaBGb04gI61O6RJlUBF
+  fkv9NgbsxxhxBUui9xMglM0OrbVZUdo3YkB80hIqNH/cPT/t9JBHFMt5eV0WarkP
+  SafgXbm2/YB7jixauTKz+cb/KiEPadDVQDOq7Yyz/RXe3yRewqULcQJAeSQmoTfU
+  tlCzcDA0tjzXX/Ry9qWuwTJyIqVuXTYRVAZBophIzfCt3GgvbPO+jea1LeklueDG
+  ncT6dhJborNWDgHaVUxcxnB6cIq1DG7922fFLEe/bDv5t5iXk1nMTGRypS/p7INM
+  bSGE+HuytmPAtZXO/lU2rebLOhN3kY8FvKAYFQIDAQABAoIBAEY2PTA0kVueF3yO
+  IVT4iPEJdkMjXctY6H1x98T2J0kV3WfetlYUsamEFgaZPQZRNMvjz42VzSdkO+Sl
+  FWWjlwYMqWS1oMabdBGXncIq9Br2VWrrwfC7Wq2v+z3ZMEz8Y7ZXhgUTZ+3JjV/9
+  ixCL6AyS11sZzWP0dyG5q3Mq3tBL2RzWHEJTaaqiFPCDaZrTUh+x3UT6AUedRlxV
+  JyZpNK/soyWiBoENhTNz7hK9psHvhocefex/pYz9dWeQeY27UnHjVJB9/XpzDcbq
+  y4JexWTt2l5us/7BNZtioQ+hORWmzYH1RcjTxdxLpLi+1bgv3WToxsDJgnN0H99E
+  O3F+GuECgYEAzJ9VucwAzGLLnhpv6S3Zpo4tGBMrUhTW6YkLktZJ8aFxVsX7qQO5
+  eY+SVfKS4x20i5YtY6qyzpKsV28iLbPB2MmF6qcWBV4Hm7qvCbSr79CJN3nKtsrK
+  lbyOS+5TmjgVeX5FqMH+HEzGdon/Zatdm/BC0N5pDTaMMuyYKC/oW2cCgYEA2Gwj
+  7FSkUysnJwWB/xLzyuqMyjLsgKn2HMvk3ACyRg/EmLKtON0b+sOACXTzBs6f2SHh
+  r/19BGxqiTIzmdtRyiNlELCwyREfAanmlKGDyQEED9/gfgCyGAuvvckj7sPMQuu2
+  NkfNkyuAQSK71XemKwB2OME+uzG80qmyxyqw/yMCgYBDq+ZD/g29imbgsMmWCk3S
+  4W5UafKHwNCah3JGa4wk10mOcweZi9vJMgwpVIHzjp1pFI+KSKe93ZAVknFxP+O5
+  +FvLkNqdh81oWUMOKKw8MXFP4X2DGmoJP0SoI/eOJ0Ii3fnXp+CMJ2/zQAww6Y2Z
+  xsmyHfwMHKAdL1Xa5I0pvQKBgHhHiaOD2xvZ5NWcCwZ/OvzwZDTQHn7Xds/ERbo7
+  rNihVMrkqr7qq+0vEA6xb4u99DrRyMNtpzh5JLCBNQpySL+F8lpXSLlGiav8CAlc
+  xohEx0QnUXXV3yTcAd0BV7YQHYqnw8nhGBCN4abRrgDSkYheplWemMWiu+V8qL5m
+  LJ5vAoGAZk5ifNyO0g2CCW1n7i+amq4RE1XrXHgj5iruku5/aHHWmZjfhJYgzB7y
+  DMhMG7kHgU+Ffysw/HciAl++PykpCrp7AiDE18whv1TcA76U36Xb80ksDCqbTQtA
+  DiS6Z8nU8IvBl77xVTuvrenqqwWSCi2TgrCaSdBNP49EgefevLw=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -1367,364 +1870,364 @@ schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA6qSwvOHFBMQCKguJpnyL5fcLF6dfKO8XPTx6nsvsTPH9jLgU
-  A4z/JYDu4EaO6WNKzfuQ6AxYsaKlwVMmybNnm7NOckyF/hXdJ6eLQGVQF4ITT/vi
-  3O2v7M9YCp7MpOCyhLaMFhdrhj9MALauSFHorGlpaS6tV9aRV+Jsldrgyghd+3vs
-  FrPy+lgjPhOfsehx20Vi6jjOT/yMK3T7j1wj3ThAYZ+kY2IiGpR6wzRxlAJ2f5Xv
-  MgAGO6ZoTVJiYTN38lHQgRRHfb+/47pGue3zVTxj1bD5WXRimWhQt46pTznRnilB
-  XeNJ0jSZM/ykbMOX1ARpkUM8WmIPtRsR+w0lEQIDAQABAoIBAEP7q2lOUHLtB2N/
-  LEacVzwts30K9Ts66pTHbQ+NLc2tXzTiMIpG07XeAVfhmY5tQkMj2/wfd6Mf6L52
-  hQpzfFVUQipDmZ7gXs8ab/IcaHQnL8lAxZ4VD5+hA3UwRUKQB6kD6tqLto+Sz0Z1
-  p1E0yiEJ+YyMBZUpibrY03UnkXF3JRQKq1DkK7RwMY9QtN/grjMIH166wLBhGtV8
-  vJPtRyTczkmBZduwrTGHudr73J7zwaYNoinJTESYytE9aeQkq/tg0pLm2klsrfvP
-  SVl9XaIunodKVSaWRMvkjfiqK2YgzqJ5DUvRn+kZ4AGyxO9hHwmTI1mZ8y1iglTM
-  UuJGmvECgYEA71jRolBZ0K/X77sd+Gr6e59Vzvwcyh8THCu11LTeJQ0/TxU3fg97
-  RNdY9EVv3D3SCnZEXArlvEiUDn+L5Vt2lg5mBLwn+0JiDc+eSW9K7tDmYmmZFQKX
-  nzBKYc1z4xvQ6KYagsZQaB5Ae5urDvv8QvJ0D62k1CunqQoF/RvVcGMCgYEA+vgX
-  gK4lHSjZwACw5EM9zWn1sX+id/zme2WfvMQ/nL2w9YcV6rjEtyi9t77kB3dL3RnG
-  0Cdu+7opmh0MLRQ1yf/KmntmG15hNX8WQeDmVSWGlfhnifE24vvWxqrKT8ToK/VP
-  u1g40v9gOlhEjSkUXPzuLL2iqCarhUFYmsvIfPsCgYEAmIHwucsXH6kcH64MD8Ei
-  r+i8BXKRaZzZUWbsqodA0T0arOpo/JMiyZ+qF6Oy/hQKJQ5synVLI2jfpklRO6jG
-  7CBqkvPNSgVnc0NqqYIXrgo/8k808rU/JXjgvGbsQ7byq3tDgzaX/2/fSKPNIHQh
-  rgrNNzw+vc6/Oy+e10OIAd8CgYEAhDYAQ6T6HlNv6wsyJP4bZ8RjT5+6mlVbojQW
-  I56LGGqB98azUBUIZKkM0Oi6PgilqZOzveKYP/qBghO9X14fPAwJ0rohP1fIBCOw
-  OQJetQpwzT6wZOXzET60lbJRpBZKbSXtW/eM7/Li4bmwW2EBvj7sxhscvlKo1ylm
-  oR2rv9MCgYBybhTL+IImXo8pfO5IK/AWtfp+v/gCVLVHnypTezI/L1iXM6pPnn0o
-  iLzFRass2XYyf8U4nD94xOjv/f4lSTOXFKCsX4juWPMIwpxBOCAn2YegHKMusj8k
-  6RmTDpmjGa179aKwt1VQRFWBp+aGV9ewm614ahsdRT+p4R72IDj4wA==
+  MIIEpAIBAAKCAQEA3FQNuvK074JRx4pmrpeAeJ0P3Rsd9urkVmMzrG0JwPwLRGRW
+  rjsryEL7g6a6mRTg/1z7+0WTvyAUoi3WGcP5XI+iZJ6wjg2wD8NQsTNb1V7scjKO
+  KSh5oi3jOjdysAWzro2txWInxbUk84xhWCkpkvteUu8hpWZPpX+LaCLIpon7oOSt
+  qQgo62Kcn8dEwKExve+Rxij5HCg87M9OR5NojUNcZGHYZx6HWlOuepvzIkOZTxAp
+  0DofWyl3cOVuyW9Npv46wguBzEVUpBJ75vQM+dbt47QQPzwHlyqZ2r2azNly3LhP
+  HTTUMeJIqCAbPJFZz8I7LiJdWDL1fWBFSnMTSQIDAQABAoIBAQC+eKumAkwJAlBQ
+  gIVkSfT2UFF2hArTex0K0ZfKaDkWbM4Qwe1tkhm3drCYj3qg/DvGh0wPXYbso38y
+  9Q0yGQlpy4JIGifnpk2eUutfRVcOjpE56Bqd2i/M1H6rxWOQaF19eV3QVZqsgH0B
+  T0qYPH2EY2qXp8MeieQw3qJV1DxCO0uHuvhovNREBdvSJlH3IOFQ3DMvLvS/WZ3K
+  EYJZYSq2FmPXbE9RWaZQU1G7wgHfsD9FUgo/ikECR7sA9XROm/o6iak/4Akv29Cc
+  HGC+fcRz+4mV9Cn542vLFS+Y0UEsATIXWkknu79ZWVJsj7sP5XNBhcgDG0y8YD8v
+  kzLz2w1BAoGBAN3aKWQS4asqV0CUJ5AOuq49JmkFkQmhmPZs8d1YKA/B1YURZY/h
+  /vx2mme1dbZyTq4zTZxKVyb3UoljEuueZCK1LED/Idjow/y3LsmQlEDe8Jt1ZyNz
+  eU+L5CsEZAYDHyaeds06LwhzmjCilBrzRlu6CkPsrmKqq0Ifk2Rt3mZjAoGBAP49
+  2JESCr48/HegU7RFzhyeOLGOoJfdG0DX/zg0vDpAwqv02v8mcoDwnwYRxCRjYr2b
+  705URW9VH76EKzIbIyFMwD76UmAo0IFjLeLxhy9ui9GFOn1li7+R0EDLNmZ1a4D7
+  CXnH0TRnocKKj8xhJfZ2VmU//f4viCeL/JUQSAljAoGBAK+XP5FsfF68WWjMmm+j
+  qM/FqIQRGtWTqHzKh7hYUQT/tt7mgQsbpXTu7pDNB8kKugmYo4HjOQ2nTRVebBg/
+  OiRaXxdml8SVnqGD3y08GIsrqSZyCtr9R3PVVhdSF1TG3b30SDVxKs62qMB7vVuD
+  Vxm8qulOCEwhpwDj+wXPC+rfAoGAScMbwAsh/sum2/YyEs1l3TuyayFcSnMl4wxH
+  ycDTE3uSf11M5FX9RpeJK7Of2obTMPu61FjyxDhIO3gRKDpjWNfxttPdbnSo+cES
+  oRM+C27hNeqXa6Y4g14Es6fBorxScltjBmgItFGUxuJ4ke1lnDn9GucUA9k6gW7F
+  22Gb5M0CgYBY4kPkU9HU/JotqH6Uqtz4rLvwf9ZKgYb6qFkBSsWjBIOFvy6bVnDQ
+  GwTh19zOTztdP0mdJkDyinG8lR5j5Yw7iVxafYh3ZYKd92RAjBG5oIkZk388olgC
+  HiAX/Micr5SBvGcsBuNszBi49oZB+khs0Rxsg8l6MTvk7ZBo4niuAQ==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node1
+  name: scheduler
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA4nd2azod+jiCGJEzPvJuPbXsPk3IeA8gWW8MOvtWSKQ+QrF3
-  9pDAS5qHuZQ2HIzD1n4oMJV+gIy6ziUwZ4m8f0hsKSkhb349VbVYuETcPinBiT1O
-  TDtKNyr2ovgoeJIA5ts9RrippEDfJXqU0uqnjUyinPSzmp2ZMQXAM9zum5hWcAB5
-  TvPiIPOYZfsDHoxfwSj0RgDunZy0u7w5h1dqyAOb0z83g6Edkij5gcJH/VNZLdfh
-  dhATgb9EXIMxSK0viOFgFjWqSPXRIirunvLctJUJMaeLxwgZMaYrQc0K2Gb4STW9
-  d+5m88Y8StW87MviV9VCmF9hWqFqFFo5tNLO4QIDAQABAoIBAQCozccU8gL6Sjie
-  u0xpdSc7FGl9n1j4NL42K5IAPOv5xYMrD0GOJiNPt2XHrHQRH9OyA+NNI4FhrIRp
-  uEq2QnKgpYkJvUDQ7FYnlr8Eyz8njtRVyb6dD+yn5nxkyXjRNnM5oN2x419/sWMj
-  epWICaTOq/rh53wgmaxgYBr+DYZFrwZsGdvRsglQyIoBkPsOVOv75YqL8uIk5qt7
-  J8t6/J1BON5eVWQTAuCT1QGSb92DagwD3YBhQw11pcypy6aAI5F+87cBYioaPWvQ
-  b8s9nozXuCUQFoB8tuGbBYOdaURq0KetBTcI+J46Zd0cogM4H4AwGXeXo7sad1Ef
-  VPeZklABAoGBAOxz9dV0vfuYiZvcrxFRCn8lSqK6CCjZA02i7YGXTtWd22ibhToM
-  Q0TtPGvSjR7x7zM6VOZ+22vcTXfEeK9cSKz6qIM62L36x/3tnWOhcMmukGcxleUr
-  p0tayYR8eGXeAHS+O5jc8kirzwtay6uLAweFdkWEHEDhjvhI/4OfLvpBAoGBAPUw
-  KZSgMCl9+cL2mTfZ8CBEPR4RAsq8s+WYAm3CUItdoP8ZerwYAT+LKexXgUuH7fTO
-  U83EbYrUhNTIIGPy2+wzs4iH7XWrCIMcF5c5iMTwK55HPNcbYE9NSsXM52FX6Cl7
-  FUnlZEiGY+yelcgA2hgww+xAUVMl2aZXz4SRtGyhAoGBANGoKGwybVou8KUw0lIq
-  Z4JBkKIlDaMaeSFXu/xSK2ah57AjZcgIo4T0TcTVFqg/oPbtW+ZcyTYkStRNcy0a
-  SJ6ISu7BOPmK6dWv4QQ8W4OYsxWtE9n2EQpx34kHzMGWTRU2sCVkk7f4D0dkJH9g
-  bTk4D5yn/V1SIrDoGReeB8uBAoGBAJWS6ArPHhJx02foX9f+j8pfVpl87yMWsvgh
-  H3otzEz4tTpqJMGSM1C8aLrRNwMIzVVGeUFRzzGeK9pSq8/NW/RgJenoYigiSnMR
-  NCMA6jqZ+UH5W1guTzaRhEfelFiB9BM6DuahlefYdCTpKZ51RpbzSNJa+kGrGXes
-  od/RsyuBAoGAFvteJZO7EAZifAdWtHVsL2w3V6Sv7g6nwWLa3ISqPjmYmeCabIQS
-  wxsujakaK1dsnlU455qq+tf444gwALtaSV4TkuIqVnqXJKvPKo4po13RcFSymJ6v
-  J9pBXdKhQu0lWAXxNl2a0aR5lcpcz0c48Ijg2ibv6p2eI3QeKiPwq9M=
+  MIIEogIBAAKCAQEAsuyX2ZdaUbAW7L0BecrHYZqAZHveoZzBBzkJo5NGCTNOrA0L
+  N7gO6/uevbFRX6wvk5gqEjcPC32wy6MLlNYjxVVNRuZgrIZAyvfZgf7gPm3LnAqp
+  PBEGcm49ZgIj11pKrpFpqBVSYkgCiRdUSNkcH1qFxqjtciNZfyjMs7ImV70K/z5+
+  +Rya7fWHa9CqWJ2/A+gVq51qdFN8r2ySw5+guhR77KIWlQvWsxtjS+2PuQPbeppU
+  BEaVQYGFNaGcmclJUUAeCos+i4rGC9qmBFr0mIFYMB9tAwdAgdOGsC5aQSqyNtsm
+  kWK1jb5qtlNtdLksW18e95s6qmSIN4JBuN2GPQIDAQABAoIBABxPt49klZQLavU2
+  yv78iSP2kI5V01p7NUfxTIcnjJN0HOS4g6fjZekNPYcCgb/DvRt7nlyXfbfxwYHX
+  YMPCRpK49qtbVLy32ZTENxSMwere8LLWNQUeJIkCzJBRkl5HGT4aID/Kb+jBQDV1
+  DY8hW4PSjQxsOnYvBcBLMmjUraCAM1bJoKgd7c5dv9EinlknFnYiMc9kpKy2hqkQ
+  5/J6s8R1KXHvV02o/n2DwILaA8mr4GkKMvZGrAIzeoRPzEfHC6GENUYyiTdhyRD2
+  Cmu4a6pNgKJJYEQvYdCT5sqpT/+1LakfPSDRilSLttxK7qntQ7lx8tUdo2urb50E
+  mMruijkCgYEA5JFltPrqnlvHMR+x9HdbIbyOp6Aql6aNWHybRpOGZfE+9X/dULEZ
+  BKzaizEK9K/EQPkBauPqu76CPicqGVziQBPd14iWM28Px6AWDzBL1Xfe8SyHLbA/
+  FuFXzrEjjbP9AR/BPRQkEnaMXKTOPKEoeq/zbonaDfd3ydGXX6hsTOcCgYEAyGXs
+  WsLu10l3G9FRbfLmfldH2rms4niTWhMhdGSQ9BpThyNuF61VnMmd9hvotkxBk5JF
+  ORln/QnyX5mkYNXT8Xo3M9WmQh1xdChYoBEpjSmXax4CVjGpQUcTT1xOOfyVr/J+
+  VLn1CuuZD+UjjmqyxSeNjWWYrOOJRkMOCpx7KzsCgYAiyt8ohWlhYacYmzKDfAer
+  QwCUE5VoMDoj1hPs0lgK/IYQ6L3PoqWkSIub1INOa9L78Ot+UeNRYNaCj4OhCLqH
+  9n42aNw0SBumz3+MIFXq0KxnGdgZ5FI2MWckV2KKF3PTz/miSoaTKOiE0bFzGTUI
+  N/BeSy2eIqVhWz4nmYOi0QKBgG7DHvsfaSGnImVGsWpC6jEEjtuO6saV/GO51TDe
+  8NtqvaYg6BXAIWSyb1N7I4m25jvpicdAiqBqYgODCT7YkPeUJHTK7sT2PyIDttBq
+  C/xQ87cp9AKuGi3RWhPwIfCc8iM4taigy5bIl2YYsSljQgIElZGEiPluHg6uu1EU
+  ImPHAoGAOAR/Gbkt6+TkNScBGvTsBGlEHDI0QLHS0pOCbFrqAktQMldEXRpr1CT6
+  JkMYUGeWXMDGcmybVHCpAUqcztlfU9PCVf8HpZtUjfNa33xJIQz6pbVm6rtyL+Ap
+  F62rX6xIquQlY90t585Yjlqd9LkZ/oxu+zSYwrA1sbKAkNtyk8M=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node2
+  name: controller-manager
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAszpH7jqraIFI/iFc9uxSIh2qR7gMSvslRIY45Rpez79zaT8O
-  oyVnCEGXsEzFdqHOOMhC5yy+DZ279ybiml0zORJmSrvSEIvsmwy6kUVzfAn6a/53
-  9xa6in3w/UhwtL1CB9mFQvZ25WAsWaCfDPLs4Z7uRdTMzk9UTq6p6PfFunrVSfXz
-  3rfwmSHecM7SXERx0VpR6mNgcDt/TKXqWUOdyPagciqy0oOE0/N+zFghCBFy+Z0Z
-  M6CjySovSmUH9P3lOvgQK6TTWkL8AxGj6PZLWicT+3IxJ9o0jhxUW4qy+i7DvlKC
-  PqjQqwPTgKz/kAU/sBfvPV5BiyaMYCqnuxmZXwIDAQABAoIBACS9zt8kgd0Tm94V
-  AtTPz2qVAEJhlYuNfq9UgLdet48JJWSu+5YwZbXIlIscweI2+2qiiyyO/IsYCd95
-  xjx03LpXbkblyAOCW8fRTTHYtfr4pLCc4wTxUN5xQQT7Y7d5kN7BFdOLaQZOt+jL
-  x69E4ZDDHv+Lx0yH8LWMkuJiYNOAYQQ0o4M2WyvmoImmKpG6F8JLj773NYM5hiDJ
-  MrUUxlEaRwynCUAtx24PUVWNlf/dhlZHTbEfbD3rgI1AV6CfFZoTAKl3ZR3AOC7d
-  cF7mS+q48OmizKUYqujnJomtNK6uTyv/73fQtQs6Gus8SaiAsXs3cJv0OeaKB0Nw
-  OStLuDkCgYEA1Xs6gHvl5wRgEq+oXrGWaJM/eX5TCg7L0pcTemnfvwdAgg/43QGi
-  5igqRnN1IxzQyRGelvSwntg2sqmsK5Ucsnl/wIxiPBlnnNcpc38MlRW0nmrM0FfO
-  3JfISMywx7tD2Hx13WrvcivHwMrqQ0NsdZp1uaaKTH7OUtRloTP1fmMCgYEA1uyP
-  NgheyYiHGVvrDdwE1xBstCHFNvN9aAe6zgWeJqIlPisMeIUdhq8p26rmUN/i0L5U
-  EKIw/SkNlTGsXP6Xgmui070Pg1uCEEiNrL0+2hcBHBeY0NZYcFdkTzl9tNPjNGIj
-  dhcxh+KVQ/DdTMHGzouGz94dYLY3/OyO6uhhG9UCgYApOqhcwhDvod+wHC6nQyLq
-  RW3f1+7PpXXl0PmZDbOBoDPsKouEm1lLm/w2KPw5cMo92uJHAzDNLLK7pJs0u5KU
-  QXTTygj61Gk3WDKQNLxIWq3MXpH5tsujvMiYjrehi2AaAkd9ILbn1N66NDY0EWRz
-  /gW4ehqBlYfhZVXPYUqLQwKBgQDEaWNnSbb2DmMIdcwV2mBB+qyc4c/NLDALBiVd
-  ahzhyYSnj8fRzDTzhNiH+2KHvlMV2RoSKWcDtKTJF6AhTDlB4wPm5PxsWxA9uVBf
-  8IKj5CoLdjUdhQVFhVgSXsPWoV0d3iHyJbgKKrOmZ1SWdPAuiawmAyJt45i+96CU
-  ZNF6EQKBgF1cALg9ZkJuiQopPNohrhUydRQgy/mM59zOw+G+Mxo0wKRsBDUWrP8C
-  1hENjxAnc5x3Wh9qOIP8X5/VXS33AWbb6AOsk3OkS0vt1jt6nhxXp1t4YBDjhJ3f
-  iC9yQocJWDFHdXV4+OsoK8yIYGcYplfj5fct8p3F7EiuLUbW7Jjs
+  MIIEpQIBAAKCAQEA++fsiBMwZ4rlxcBszOSaLdlDiOy4LDEhklYDO66SL2J72aPt
+  wpsQwulxOvi7XWcWqqfPjg38z1oXKqcMbS/gmcKm0u8zUl/LU+VDaI7i5VP3ftMA
+  oSyAahU0rx+2bN+x8ggwY6ktGCCKHzknzO2q3zblzeEYcalVw5ZAzL6DmzJOrAu3
+  K4EmGv75ZU9ZN1qhgTG6H07JElkO12RKkqCI02qiUKiPFhVumJ7HdyOeNw8mZSpc
+  f0C8J7ubliuWUSXrfgAS86OlBGQw36KIVgdUX2ZTbyhxTrx+Vn+KM/K346kpR43U
+  uWPfjY0dJF9mO9uwBPNTLWWreDAmA/zOuxvwrQIDAQABAoIBAAUQ5vrdl+2dJ33Q
+  nt+IAWnGossQJ6wL2Ob+f9Ylbp8xVdhMqa1uPOoOk85hzjLUreoEsfHjaiApaanb
+  7i4L9nJhLcW0Nc4ESyyGwdJKfVmrVKDiUXLsWDDJ+GNFOf/6h7OcYoy+jD+d9+kk
+  1x4R8YvHqNt5GWq/ww/J58e2VSM7145Y8iZwomwJVjVHI+vCunzruR6zAcUM0rJJ
+  y0UFpUs177cAnDVaDk18emhoSZsQ1bZgkCkFLxxW441XvjZ2fcPuQ6CUjEDFfLV0
+  XyMz5i5YfkRaj8+oMGE2xBnn8S0aHGLoWOpHMiHLtCm6+iSogmPRlrWKsvhpVP+h
+  EIXXa+kCgYEA/rOv4N0QQYnOwNTf8yqolTlRYFBdLP7seyKZqZmZYIMmuCN574ii
+  4NUB2LKcShULrjOjusGOLSRb5tR8f+gVuXPr67aOiNTP4OZieNx3EBLDDwbcB4IT
+  HUv4vSIB8pauk8yZz0r4kP88trmOKGdxIGvabpjaAF9kFumV0Tw0blsCgYEA/TCW
+  yZs0g1HqP9NgyuBIuZr3pqSTgm0LgmXWXmLm2nQnYHoJGF+Oly0f3eQ/daqrIuI5
+  nGIlhQFufSknNdYV+mgVBBzOP0e2/KigrH+T4fg1mbSqY+4R3qHOaX3tEHXoCW8o
+  HDq7QGDlMOstuKgBFSrG0uEwR276ZrXG6YIF25cCgYEA+ng5vSenlMuwRnEQylBo
+  +FYlcFGXT2hhpbWg5uflrMNMkEhS4Pu9MNxHtJHwn+mSUvz1RfKRnlLjDVxoEmBo
+  /LbCiko8YNLmmoP00mX7sBLDP0O/nKKNqYHMWjHXOHh1tWK+3tsbFXvqeMaAxbrz
+  xK5LX/dwam1kQCP08I4EAYECgYEA1l4NTSTbkVQJwYB2s06yRHOwuqcdPZCV7hHL
+  Lp8OVmeB721jxf8h+115XaWjFT0rKJ3hqUZv/ez4X4A4cpyQfzMgmBrLhUhy5fjg
+  ESzzSJ+ewkT0/ybSem0FFsxHq2gozdQPYddYM2nWo1R7oZydTg6pyGJhPhn4aH3/
+  rDUqQIECgYEAiAF6raY1bg/92qDRt1oMGj6z72cvaY1xpvfK0Vf66iqRQPArl92Y
+  NOHvybykwEDD9u8timjRxbvhCEb8K9z5IDd49jWOnQ+B8NxV4qhdFCs+pv79UNqR
+  MHFZ0Dtp39u7KT3pMl7tJVKl87pHauzQUbkby9bb4qS+jGFGI8gVJu0=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node3
+  name: admin
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAvEROI2ZFh8nfsOyZ3Uvuy5BMKxppctG/lP3f4a2XQv8eCGTK
-  /Trz007T6VZ9UfJTlKL+XcLLK2fM6UiVTZqMFSwe2dNcBQMcQMVHxVARHc6AOxr6
-  XG6kyPElB3zI63dz2K7xYGInbE5AMQWHwtMxJ9IGGgDn5RS5S0t+nLFiV7p/Ot6P
-  9gOnQEG7WUv98ytJRt1/mTEhHflXIlrFupL25U1asnXsLnO5jUo+ZilvgsS/hmfm
-  mQKRNcRmbe3imRpu+JEQpp5lj2vxqdWi1J5+y9LhvZJkI2LAyJRpNdjrwJgK/vm4
-  b7kfF7M5R4+K7hmhby3ZtPaQBRJ04jKu+a3eawIDAQABAoIBADmWr0w2yYgK4WkO
-  Rtahlo8gOZxpvN3JeVALBIPVBNMSlM4+frVNZi46C6pxsW3ysUxjO2nU3y8M1mp5
-  sGoHn1gOofVBqQFDfU32ysh5gHLcqu7phrHlinSJBymuKwuUA5TBlsZD4AlKOmqE
-  ZY3b6kpi/UjRBB5X44I7uqQVwp5QwHP0xVda7nAbX1ug7ldtXH/AOgSthrE07hgU
-  lQbp63uyVUkmFTtC8GiY4eP275sQvJLJMvKUBDHd/ORvi0GXOzBzPa73C8Qo3IfG
-  MyS/YbRRaaHU00vluvaQG+f6crtSkptbHlG8sQ1fXZ8xxYjxBeYwI9+8air5zInI
-  oZDvSKkCgYEA6QrG23vTw4Wg7X0xeYg56Pb0CKzrUTKFWyvIAUWfWqYtjDaxoGnE
-  6hREBMOH20DJbhBL7jfvPD3/MUYMCtqsapkEXIC4FOdiz4CzU9OSvto+R7PjlSQq
-  8IHvQZf0EOWf+ClpzkdM3fwzD/acKagWRFN9FaBFYCxyVW2bLESHWJUCgYEAztBQ
-  l2yIT8aBtAnxtGpigap68XcJiHmdCTFYThXhNCaIFie/kPOizE/Mj/mipP/KXNh0
-  MFCJ8UYmdEW+4eg0+fG44tuojNAtL+SgYABp2Jf1jVdh5K8WA2Cx6zNpy1Ez1okF
-  uNRLRapdrreXQr59qffRr6nHMNmb9Ar00QGHmv8CgYBIZdixhx6at4DvRt1/7BpR
-  jabyqwXQC+nyEP/ppT+EYev0i2lTdIiAUBtxf21NaCsrzlRIhYgFJx2IqUJEfPrj
-  gvYf5r1JgTjpTgpoGGqWcCa5D+G8C6hrX3J85kAkn7G63uLH+s6eiCM06mBJcLa6
-  M1XAyjHDVwuODqcOcZu6oQKBgGxkKZjzPQ3ykA/4FkHkb/RdkUn0hX6Nnowu3IUw
-  WnOmrjROaMxjpLNIL4JV57Rqi3jVyS95RpK5nXXbCAwGU52b3ranQVNr2AL95D/s
-  d40ZN4z4e0oLqZHjn9wReiUhTfXmoqUYPssoWyky94f3pozqYW+bn9YudtoU0/Km
-  xpepAoGBANfJW5kL6PEQUv1Wg0zM1cchDvBa8DM5XpykFIX/Z7oMEdjRJHU2FZ5j
-  XLRXX04SHh34tdjewEsimMxQyBcWcOehKVXlh6b2pAwWjJqlz9gB5dbeQvdaNMiW
-  OUGS65IIwQjqK5PSDMDyEhNoSmDRoyu6+kfMcaIrKJDCZ1WySxIp
+  MIIEpAIBAAKCAQEAvG66dLrsFLhOrLIrj1rpdSvKkTiRk+/GX+fErtyIXQ5X7fhw
+  2vijUBzLFEYjmkKy3HUkr9BfMXLvNDj5JTt1RVyZW4SCgvK8DmexjQXXTL2NCyNB
+  YDXoGs9FXyro6LsyhTePUpJxvkC6MuxNT3nzJCSyAGz46Ljdvz5PjwtAepdmRO/b
+  0bD07SXUYHPBUCbjfbgqH51ZLdxlj0Kk0GOF9fNQT3wXvqC7zasK8zFAlE4CS2lq
+  7fUQLtgysVEG7UY3SNejFk2VkFXkmnhLaCzLflJTI8ChhKRGO6WlCF6q+QsWBqSi
+  kqDjVye3nOPT7Z/NPoX1vj/vfSoeAqcTT+Z71QIDAQABAoIBAGcX7cuPuTpc3C6A
+  DHUSOEhy/REW8g8OUGqIU4OYBMNk5Za9JoGnJzLdjf45oaD0fQdA0CGgz3QufdEE
+  mstUDIU2dHEtvnoGc/0tnmaZm4HQ8yn0z//jfmmsnTfEMkmiobFhBHkYxkJhB350
+  6pdhETXlHb494LDy899+J+kLLuvimCs2LRujnsho7VW6oJCxDs4vtOh2yRCcJQ1k
+  qkLZokqKaSxJbHONXgsa+cCvQLdLcyWB5IxsYyhbmgDKHOOAnMy+G293XcTEexCk
+  F4b0s8Z8glEap/bbFWovd38k17TOMK9CO6VA7sOZUxgZTXKSMS70mDVftr6DDjSp
+  zCG1vsECgYEA8Kt3j0/ism/xCh5h0C88XHBCSWZR834yXHVnXiQvkWXXoDsdI2hV
+  bpgXW04i/hAY54PbUdknHuw4EGuFXB5dvlrL4y/S5eVcDPejRxQR1jwXfXuoYClA
+  BYPJSLG9lwxfATJCr7iJCSbw7XR0Knw8LWOpWWnCVZzfh4Jb3HKdeU8CgYEAyG9x
+  f+ZTucdKHGcGeTcuKHi8y6VyzBoYAM7ZZMbn89kDcYudCSY+1q/43Qbj+6Tn6++6
+  zmI/uSMbCJh43RaqU5gQQrdlAFheQX69bR38JvwzsG7igA+h2hkKKCSe28Qw5as8
+  vpfciSnflK+aANyoey1phnCmaRxPEQUXddb9J5sCgYBFAXUTg11FunELbLCxB4ow
+  GwP2lb7zqQB5oDQWOxvkfaX4zFpLd7PfNP6lcF76J9VsNFNjQXdFF4fvtVSUmCRa
+  2x/QsTqwLjZZhXuseqWunqZBlX4urEUuD55cGJJ6x9JJvoZ+adPo6uBzxUs1j0+V
+  2BiLiZZuA7/X09nQ+JAMYwKBgQCJTgajhkYuyv3S7SS7Hvjo0qUKoKE+flWZIBo+
+  dh/ppO09+FUwMlnzugKybwj4lyQlNUl0Hkvm6MyZG9IYKnGt6EqjWXzAOsj+9vKO
+  8G6OylAieiOBdLP8cxDJJSUKCaExhBeNvPxfnibCdXT7SC3Gi/pxFXR6JuFnGGTU
+  3dz4JwKBgQCZ+h+JW1NL8fzqa/G6umdCDFgsi/0C8P45Tm2QKDhXlX4Zl/pxwyaq
+  84ZKyilsmfX9D3Fk0cki0jOtLu0+ViC2x5H84QRwHmRYLx2DcVvE3M+kX7mRy1g1
+  u04Uc4Tvf3cQY5dRLyF2cNQAMv5S8eUxUS2b8U+dL6ouHh878b5xmQ==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node4
+  name: armada
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAtJ9hmxO1fisyIqt2naXe6ElWMyXkfoF1A316jq8bhrcBZJJU
-  eC5hTJ56OEzYf8Yr+rf5D6zw1tSvGIMYbVVOUBOL1OKwTRok+tK5xxjA7XqTTiKJ
-  JRdExyZjj0NczGzIr1StIppzzREBgkApdG2+vD60qGU2YEdWBjR8Ljb1STLmy44I
-  h6RYCKwA2/fwJVQ7KEolVCP/JthUCqQHI4Uv8i9tWlhk1XStHXTdQ9iI8lKvwMhW
-  gAHNKmQ251lUOWFX/EwoqzVqIkfbizwB95UTjQjRzFqdTVuovMMXltd1kX0DcEUg
-  s+F5K606qcD1cBnpZhpvyGHYKPkHfq0eelqenQIDAQABAoIBACfdBS20q9msruP3
-  87XXZdreVKf1NPi2mZyrlODoxKp2uVf486uSkObYEyFZ1G5ezlYHRHCxOnYvenVu
-  eXWn3iDOL45MeZyKqJ6y402NqQbAhsI33QzSldteHZsAwvpbB++qQIviiqw3lJ2q
-  i3umvPHO5RBFRjr5g4LbEo0glAITWnaKznS57AWDMrHCxkzaxaEXidgPeDZyAOOp
-  cLQg83LRdmDRkFtNX2jj+h9DpsSvHCcQrcvfG4B0/ab0EBXaUHddfi4flteoTTqT
-  7lr2EKXb17ARpwcOAm6EtuuJI0xrnK4dGDDaNjTVJZHKyD9UIIPsyQsw9PaMGz0H
-  qlCvrgECgYEAwnA+31/D+v8mpvlO13lMMOUqr8pYe/qkw51a82V4gm5G7dMPzGtC
-  rhY7ZW9pYCVVYDTM7bI+dux00YjhWgvUp/m02z6cK1q/ewhm4JT5Nxmjop4hyEL3
-  pZWN/arT6tG/otR46XQVCv62LzwjS6vSHY+Xr9BpsQwTbUvhzCbox5cCgYEA7c9S
-  eHTBMyK8/lQfCs1tqOtiqe9LOXCNNEqN0GMeGeiiq/LA7bWQG4TmKHr8pUFGW51P
-  /vQMRLEu3PH6Zr7sSuIPjurwYOqptNl3hV6Q5QS7UPO4bGQSSXHXjb2SAU4zloZi
-  wlRtuKuhnyDdxMYLMn3r3Y/c9tal2ppji6o0sesCgYBPTo8mdx4tw2KVmnyhALWl
-  /+MgXo0mzH3l18ngGxRDRw2hNYRtIZbKAQFrBz1Y3QFswzyO+zPlN98SFB2up8Ku
-  XPh6sJfsSxBs82la0wivg8Ktsoge8cmm/VA0Fjhnv/PFS5qhxhpLKMdQjtvqooOK
-  USZSrNRfRYiq/Nd1eK1bswKBgFhCYMZJ9sZGt0Pg7qBwu6k8qyKMqCuKRS3KGbXk
-  g3B0MaOFdesDPpeoDE+rzYZ7omQwD1d9NexsogroV9m4NDRakBGnykz96rwvFbfO
-  8BG/XtHdkm3P+iV99dUqLT0EzAqql46uDQbD1Dkd1pDIO7GioF5bnVOTOHzYXeeg
-  5Ou/AoGBALxJnY5bzXyLXTF28+HXn/3RNABR3HhisF0SCtTXIBfocUK3nwUhiA+Z
-  cTTt/30ZC0zv/xSp9R145nwMM1iS0QxFwiNcJ3reoeQzRQRdKIwN4LYf/4FmNdqb
-  QhRGAVq8rInVwnD9vRbV//UgQYq7mvPDDH5x6RarYzmUYnXIYgpJ
+  MIIEowIBAAKCAQEAtym8+NSb4lxFcX+TAwWIY6qPz9fc6UF4jpEu+RXdBB60SGCA
+  sjkbYER3Rj8M8osFzEy9EKqMkMbGFdArZ6yHXew7uvdQGuohPXb4RjJ+g7apjL3F
+  RPfbdq+i7LcwP8wsCjAVxJMiWUaaFZWpoosIfqsQWa8jNlgas5Ft6v4J5UuB8NJc
+  4iEqddhKyWiJ3SPzMrOw+ETKTCt9Latf9UFycq8uxfRhJI5+1p4/OUW5eaQzglIW
+  4KKAtzzwduOvP4Aro0GyrizSlitUKYGwqbcUXdP/FjbmUzbtfeu48z0mH7YqIITw
+  nBvPg3yOIrHAQmD/iJfKwerUjVWwExNVfkbdcwIDAQABAoIBAA2TCU9Dqn3fKsJb
+  mxCZQ19nj5ruu4+J655dQibxqNyaTfAjPsZ2lwHOcSyClboP9ZELiuOGUD6WjK2n
+  LOBVF/8s98xGcehcu7PrckD5kwi969jjY5BV8izcnW1/shK4Vfc3UxWrdds58Udy
+  PQ0v0qRYlzCeWzS22NvABm5o/2C/1IYGgrgmC7g4UEGevuLeBVsatGY5XU34hoYN
+  4C1QTAzDU9PoQkNiBeHVJRgQ17OtCE4Ji19b+JJRbUaNjG9R62PTd6z1vjJ6fkdu
+  cdQiMRziJpt1dmg2KvsWys5kNMo+PvfmCTRaUxV8aaWoHFokoaMcRa4xG1WQSMYo
+  wxSc4ZkCgYEAwSTGJ3rAgDP+LASI002YJ5MFa4Twg+Yzn/3tlflm1XruFc+WWfQd
+  Ly3XaIVn5GHdT1dTnT8jUf5xDdDex22odtJt3DJv6+mNGdVj1yaMlkj0uPCXDML2
+  TOPNeQFXBtxg86iESVbDJsa5nxFPI0W/O2gDASF+7KMlzL1sVPRNfAUCgYEA8sV1
+  HB9JRRkAhNBqrQqEdRJQ89z3o+I1ZnVzxow/UWHVn00egbM/VJ8TviE84ErPzMMd
+  moZ+FEzaCEheCNJMXPdCO8O21Nj2GppI5d4+TCnjdvmBLmMNR7lHvG4hMpU9Akfh
+  ZHhW2BQfzB6FqcgH3zuE/IR/bsH9zFSs5IgUJRcCgYBZqlHX2DPwELMqCjzfJAHE
+  NYvpm4DxKvjCiOc4nd0wtG49b+7T+fFmiribDHvr2ccdY2Qs9zfVg/NGP7Z9DRqN
+  dymLdVriQb3AxYEhTAMubdY22XK2ePhRP9yPFaEqTTsxQwWO6pmUseNQxn9f16xs
+  zt++Mae0AhW1VCcr1XL3ZQKBgQCfE1GkZr+8/h//5w0va8fVanYPBQhjo3L4Oxfs
+  zrMioWe35XGK7SgfS8lE+USJd5voASXhviTZKm5npPuw7hPJit8kiB7CI5RHZDdG
+  IDVT9NKuf9jsy0zFZZui1cr8+Rsr5mvDSLMnDTC0sH9G++JknPyL9koGCilCfW14
+  pc4FawKBgF8Qi+D6ShnEYamvoMwb1xpi1zVUylwzxXozXRdb9XjHEyhqZQC2iLp9
+  NLMqHwJnVj+XH10tkUcll9JgHUUlZE/ob3c7XjiEZgvjcDiKffGMBlHBvCP4jwF1
+  5un+NxAjTpfRUOHedeBAkyZQphtHHspyXJFTbuww+Djn52rz9EIV
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubelet-pod17-node5
+  name: apiserver-webhook-kubelet
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAtaOgv5s/qd6KF3X/rKEuAHfSnI3IwchYDgdKnGWf/si/OJlj
-  1cfU24nfO0WBO4GuICD+NgSOp4rgvv0GIy/gDErxwZIJhxFnMt92rZskguwb6BCq
-  Zi8xqJSDH/IMwG/ZiW1fkicMrRE2Pj+h4ez55CmTDkMDeTfvhzN2Fvvrm/MInqQf
-  tNLloSX4MmOsUtcK5m+KodhMYYpwRBqo3cX2g/J5zQHVgEOweJB63u2SdbSR5sEr
-  TERwcF5BFK2LPbmSDSfUjvx2Z2r0dBa57yw/F75UotY9uUpO9lgyuBc+Ok2JVcAK
-  1TPd+3NRo6+rc5ReL0aG+B43CxcSxN3vMKMUWwIDAQABAoIBAQCH9Kf3gx7N6RJ3
-  qQzsi+BA3W85Wy7vTSQLrA1+rtpo/J2UocuGUoLSqIn8dXPbtJ8+0TM1/4c/hMXg
-  bsdPQyByUw5Nkx+qh6409+p+22ciz9O7ie3hemWzByZ2nNhKme273a/xV2U3jXCK
-  e1qSHqyUyUGXJTXOX73b9vrnDT03hhjqVBjYy14oAiKMIIpsIGkw5Lf1JbP4zofT
-  cJD6xdHPLIk8Uo4moXOjUUuIWgTkQxH/1c4FM/e2y/8WyT2P4vfclYlcq1VuO8eS
-  wKXzHQMQS2B6BNxSUMr3xYCIrVz0swdE2VVsvUqXRAWdIYS24qZLpAPni4mHgX16
-  tR5yIGWxAoGBANCaMERJNefhYxyxH7xNZFy1mPD3PXzb+Ei3RssATUatb7c92NJP
-  UdASdcMvyZRR64bHtkM7VOYHkx0W14RnntNk7VcrMTWSKVWEeZIFigawtqMB6mrK
-  HhhLi9oaMoijyi6OUE+Xe/86MUua4H7TDQzGP+czI6uE5Wj1aS4CdSE9AoGBAN7p
-  Ed0rUTh5O83UmltmCDNrGcrT4FQt72uk9P423T+5S2MVSGqWzmXukctUTjoJ++y+
-  VHh5TNN3uyamJinxL9xwBpr6n0+atMn6NO8c9c1+uIgx6WE7kbjEc3rZy2vWHoID
-  oFECEHeJKeiNjsFJM5fEjOzs8ls+0+CggVNkezV3AoGAfmbwGHDEWV4Z0KkDsfaz
-  efoQUvN+LsqcCHQGUbw9FzbBGyg+2jF2Qb7t3Ph4DYgWT/V0XAj3yOuOGXJd5b1k
-  YHQn3Uou52dJ5KgBgpoYqTUrdlsS0OLomZAtjluRg3q8aLmTsKb6XA3HESkoH7GD
-  ltoKnu4+DxDYcmFC+r5Ce4ECgYEArjew25AgcafnAs74ORj8rds2FF0WRhSEvDf3
-  trwAne5fKjiXGZ91/xq/XhAs95WYDQcQk/wR/HDml6VhzIQRqRLxRq08WAYM6JMi
-  TgPvZMV2yhNgWLsrACKiMtEH+OcnfuwAn2+imRpd48DHYu+oYCShFAd4v7HR/QzV
-  Ju0wkq8CgYB1gemGvxGOTDBzuNxvdkU1t1lKWCaoWeLClXmkE6msc6hj1ZoAZLyM
-  c5XncV824rtlN7S5ID45yCDT3ayfPjm4w9Rn66b4I8994VbUoCqyDsMr5pX918LY
-  X/ZxhimoHcnnhYlCxPlsFpAcXZpcbLXIPR9dGuiqj7MTSAAG42TS7Q==
+  MIIEpAIBAAKCAQEApQjypaX8Wi7s9P5HA5a2LcUYWw3Atz9EWwDRzRQb4lkZSuon
+  rtmfDFYBxE1ZJr8uozW71orOzhMTRO7dn16YjFiPzfdDQa1GYKu9VFZymR+Ps/TE
+  7ud7hgwow2itgfWcu8UbfY/ro3kYMVbpz7pvNfWMhV6WfyM9rP/cSp0LoEanaPoG
+  jFJLkK5q3S1wnm9uECapnucYYVI3EK6iGbK6SMizfQJZcZ1jSjcm/rkW3UGCC5r+
+  i/tsULP/T/A1fBmIN/VlNemJA9hqNdjR7Cygc37nqH8IdyYH2PS8RIBzViIiHz2Z
+  30SJ4v5Ot28lpzIfe6w/mIS/2nRTk49IS02DNwIDAQABAoIBAHEsN6mcr/bwIxLG
+  pNAzM+8jL9aREc0YF7oIT9dAqPaJfyy+ckQXfFgrSr7hA/fsNwE5QfyX58WtkxM8
+  csJtTlNAEC2AGKEbQB3e59DED4Yt/I+9lKb4Gt8Ly5BlYkayta6WNonefgr2ab68
+  CU6oXMc2Ag0bljzNX+gY9Wo9U9GuR8bCEB3H7HKxybtWXE4DvSQPiaGfJmGMnlSQ
+  3ozo6kDCl7Da6SFr45vHG4tFIH4WoiLbwRkG1cmSPl9ypK2rhXkB6pmpAf+/yedU
+  fl1bAqFFUkTFu5G456PfRC1RxSIte/sn59YcRh6OaZLZvLLdYNatCM77MBsSwMwn
+  AgK99CECgYEAxNZRZodozs8AfaazmjcGdqoocN2GhCrEyurw/o0IdL+EwJR/K1vg
+  vCqxdjuZ7iZYv+zGdhHxG/436z2KOzFcXLMQZWbvhncW5FX0SVU5LBCTF0slmRqp
+  lCL9PJoirL3ZjNNrA2Ia0rV9U+TvnNmXy67Wz3tP6j2qij1QtQD+n0kCgYEA1qOZ
+  poCcdisO7lWQv/KAFiXWls4QYy0LoPqaIjNirL4KuNI8mpLMLMUedLLwywcA0WC5
+  jlbiL1PLbV4kGxPiEzdK5UoNNUyGxiT8WHUVs1EXm/KIm/dC7HdqwYWgPJ79e7GU
+  qgbiwxEWhyLRp2CH7iIs5ptjqaLVLf7anfGSjn8CgYEAklJ3ZG5YnRQIW1+mt4cc
+  CO5o7a3fpzRb4jRQPgn9NTyBpN8+wa6lG3vpO+kGfqCG7PVIetDPmW2biAXRUjtZ
+  W5fJIngoqp6wp8C1viXaQEV58qDsLCpD0VlJQtmZ2SuwIx2uuW8eXXCI3+qZrNGc
+  I8+u48HZIFoDAoyeCE/a9/ECgYBnRsTx1sRyH3nJuCY0Fc0H2yEL4w8DiXMk/DAZ
+  8Luz/qVOFOrQPX48tIRZBpjSOAZuuKnQEYI334vsjfW1ibWoJVzGQwFj+fSHdths
+  /7l3VLeVc/fDhBARk8wsXc2iHaY+VE4CGdoWnixGzbwvW0VMkekk9PPZdd45iX1L
+  rickpQKBgQCO7NhZzzjNOOKx4BDZFaLBgP7h4nxKRJNBJWUF8FxknoYPv+Glr68+
+  +/pzLYUe1PfEQmjw+QAUEmeSqJndbfgiRCcjrXy/ydTS7ouQxz1XQfg2m5GR035m
+  ozw8u0wFxroXg7NyNx+EGe2IXlJXWD3Xaos6XztGjNcoqpolzYSZ/w==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: scheduler
+  name: kubernetes-etcd-genesis
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEArz59y44fUGIhn2g2FJaH9XE1hlCm064uxnuX7WjT851cFWYM
-  0SAsdNPd240+BHPx3QWgh4SvyvxJskLpiCqdGBPuJxkGbLo9EfmoIIVeb7tFbWdt
-  AJ4BAGMZpD31v4mDuYfwaSf9tTn89oo6zG1shKf9n6onfgK5WSzYdZCmOAF5voo+
-  Wy9cfb1Hwf5kNcjji3vj32ilmTJgMw2LvkxcZ0MFuNpMJk1Wo/YF+t0NnlL8MBbS
-  LoT6BzJ2Wv3YGOFJ8NcncxcX4keEPTSyXJR+ano5jLCU10rplobobRtZi/FZZebS
-  JvqMd25QMEh8E9kVYwie0tpNob1AewM41tF+NwIDAQABAoIBAQCV59H51zhILblv
-  P9jLIb1poo7Tt5gNiXlvxfe/WSW9xgUoNOSP24LL6RRmI9tCOeBSXeblJgauj8OG
-  3qAgH7vEBgB5p3mMdn+ZKcO9FfkjgMGyBYADwCVBLISZr3rRfpOUmIl5moD3joQq
-  bTJA/vWOQJm/A/HGZBQjCS6c2sClNIoqJizzPSvk4sNCY64H24GxRutTosG/vOGp
-  hjpU+sTNF+iBALiFQRmnvLIw/sm8htlTFtIK1wiV0ZIi7hOPegQ/E4gWjr/bSCe3
-  +aKjvvAR0OoyLd1K0nnW3XHdaXOuY/XTXFrxM1GwI5pS+UW+0s/8AdGq4A7s4Y2G
-  fMMRdVkxAoGBAMILaOMxmPQuCmbblq6J+/Q9Gn2BWxs0qScpW3SqKNeAskauRST3
-  GUdhbdDfquU4LB0kKNKQfrN7JAxVXPh/l1Q7Kz6aRXQr3mmePk/jukm1xPjBdA/6
-  mY9D5X9bCXeKp8a5Xfcw8bLXAHi5ONqBGUX5ijLzPmphGB87f2RAXNy/AoGBAOcy
-  ZCmyXIXBbFzXj1JcqVK0hlJLmEuNLd1PRUpb55lgk+0lCPqR+2iZR4YhV6wmIKJZ
-  fYDYTR9GuR4X3/9zrCF13rqXyezEO7DK8xEM6sFsHFA4DNfSgY6qnsbdwCNoEPPW
-  Z1FhYa+5CU8eBFzHd2fG+FVgPh3RTIsaV7v0i6SJAoGBAKgsOVBGaPifenZgs/w7
-  LHkmB/JkDPDMOBnvtwqqetEjAd9OJDEAUxFROFrBrpwQjfMHprWvc4/cFob16KiZ
-  9C6VRUpxa+ZeKtnAwuJ8TLSba8Xn6835c+L9hkZVQSQwsG4Ds5OMAL3tpsP6S3Lc
-  VmoV9pdnx11tHvnal/Lr8U+DAoGAfVueYdl7P28sYX7kEGV7zgNiXZbtofGP79K+
-  oF4KyuhJ7SjKoIqtBf8uf/TuQ8J8qWramRUvZAkF8OJDK5C9wXrW5NfOvhl8wBSb
-  DSCy3WPQSlLJ6/ARHZk39F5igxA3OO+FH+QsgopTGNoOxXvGK7gACNLhe2t0FGyZ
-  K6miWfkCgYADm/e+tgbz+J3Q20iAToY0qoHGu/ntaYqRagwdhxqtdoQPv70/u58g
-  C+r+VgscMQCFyhmZMDSqHFZtGrwOLV3n22MxjUhP9Jd2wFEMgTDL5hnaN7l7pdjp
-  ZecquU7BtQKyrcqM+PQtrXCtavGQaY9KdEeVVOrBEAEhUJxj+MjB6Q==
+  MIIEpAIBAAKCAQEA24O5Sw4lD3MJUEA6crbruA3w1BjX7/ydWwBNjCp77sdgCKUE
+  YEPqosLMv9I1KJZxJMg5XMNSy2SEYqLS6NceA/0tQ2fNzjNilguoX2GR6ughjFk0
+  CrRvNK2lBLtM0RLthxUjPsSbWEFtmv0NPTo3ng03F4mguZ2pnQbELYhUzK2fJAdP
+  +c5lTYcxbI301aIebpypgxigsO0VyBEK5xiCLd9S0Zygkbh4JFMZatMDpccNeSJf
+  1a7IPr/n30DAsbDq7yrV36CSmgEbZprREFnxyjAfesYdeZN44ygr4tYvZLTaY8Tz
+  nwmOMpZub/swEprFv1JVRh8ioQv5+ko6tFe7IwIDAQABAoIBAA5hGZEuEwVpDrIg
+  EvQSwWwkFaN/IR4KWTBt26aT3dxtWQAX9yprKIKS6iCin3LSMAUtzHwkG1dRdU6U
+  xeYUuVWfjwh8U0HvocScbOIanRlbLV9pNHyDB0nXGhkuP8DuUXroyo9BB8AHQSvG
+  6cgZ+Sy0RuiWzl16U3MCz3UAGjXyBnbcaWldiCYBiu6z36c2uHtgFsEpl8HL6v9D
+  WJrIAR0xKX/0YGoEv75voiIpTHWV4RuFKbJLBFUBiPrzShdYwM/ynHTp34DjrwE8
+  r90omczm5tcmVxpSbuKaQisXReVcBKCV3OWn+9TS2IRGl6mMovUGGQ1j80x3KAA5
+  ofReCWkCgYEA2/98lo9yMbQJN7dxzX/gMOWymFVEvA68qiwGaEjWYQkQ4bRRZgmd
+  BUAcZasQ9hvi2zZxdcFT9Cwq3XpsCP0Huw65BNwgrKhSRIL7n85w5oitByTHnA5k
+  8Q9ecKNp3M++0PYSVnemEO0w5D+JjqxP40CSjSKyVrqbKGbQZfw41t0CgYEA/2/7
+  1HEpXU9UDs1zjYn5C8MzSZNre3qsK0F/8G4onPzWJxqta6UUINOsUnEjKAWqygAB
+  pKQGeLcOGCPQ5g+6aUKxXCnSwwOPt8QYTIS65CrAHSm8iZu/9efgG2nLjjxaZfD6
+  YcoDGFNeqW3buCuoDy4BEwHK2siJt43F6R0Euf8CgYEAntRWS5DmvfGgEgSz+cxP
+  vJ2pEgfFpwvws98zBQlJFSdpc7ouZj+ciJTfq5sUlMpPPzqQMZbRGODmVZ4z701W
+  znrzowmV4XFoa6QxLA/sPNQCL70jC4zs3YjeAu5H2K53sf9l/91EHMZR3QfuNP48
+  cvJEm/an0KvKpyGLZYXyN1UCgYBRdcD1yvDKFRZVcie7p5iIq8ObXywTwNdPJCBM
+  6JSDHA6fgd50SbzViyuVTwdLKCODL+VWQAjgTmBsSl/APpvQHbi6D4xrLKOUkzC8
+  lkeTpB6ILls19zmMjlnl5CNKROz/PY5byTSbeVri5WoAncuGq8Ej8ppikzl4E/pd
+  kSeEuQKBgQDT5dNsDfP9MOLSyUySna8Nf2XbNLZ5z3lZiUn0a/4T3650oInsUU2H
+  aI58Hn/IcK5PbxWw6jWEQWrz/dubroAyXH8NUWjxE50AvDb8erpessLK6RDYEcSb
+  Nl6wKfOovatAWaOD4GEhh0qFo8EXIKBUnt7nWR6gGCpBm3PfjnOAlA==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: controller-manager
+  name: kubernetes-etcd-master-0
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAz/X8e9d6y1mWWgZvWFbpMn9ItxaSBsc+Shu/x2wu8PuOXuDX
-  1nEgCYiUEma1Z7wFZvwvlQNIRRDdi7AZDidbURwktLuz5fRfyfDqJFYRGvUT6rA2
-  yLEcLfhbix+g3b9pktBZWGvtTQuPyG2uc1bCMu5IJatWSLn31tdl4hgGqtYSy3eQ
-  Woqwmty9N+GWT5DYnLy4XMXvc+p/zRMBxYEu7ACnTJzRTwjb+l+Q7+827Mh6zwox
-  shZ2D3tx6UuK69zR9rEoEUfwFMVrsPbVZA/I14TzaH4sWDpn71dj5tvmY/66c3FU
-  LtMsAttQ4Aoa/cNH3TLfB9l7M2LJe1DKgnqpGwIDAQABAoIBABUn1g6XJiPHslbo
-  Lq2S8dg0QKZ3glV0MW8Ckajs5X2YaaxXPT3Qdkzh+wZAMpYh9365ivGiythT1eXe
-  /T2GXXDL5yQHsE5lZNU7T+ZwZv8SDXujf389HTvD9zQY/JlyXoAT9/LZz+M1mOPv
-  3H5ZRho+SVKjsnxlhsPxV6j/frYkMASfrKTgzT/DdXo/QiU10LkYTf6WivvXkt81
-  g7mG6L+ptUhelCIj2er2nbjZFn2NtxjibEf9bSOu7lyzhbMu3c0oXMvbzNqohZFl
-  Ty+X2NASTZGS1UFfggGVOc54ruFip7MtkGjj8G9qVTW5uyjuhDxcdG8g8C2QL4aZ
-  DZIjtJECgYEA6TZEqXGTfIVZ3Qt/ZtwAGS4VVysNVcDtFXeeBrL8q7r4NL0PPIG4
-  IW/AmAl1GFyo/muhZFdnpNYPPdt1EBQJt4nefzEenoEjc0sOFDVfrp/q/CTQz9UT
-  PYM3apW8QZ+bK4tXUmj9CWjjBg6gLnnF4EWzhn98TYT7MnlhJJQBxBkCgYEA5EgR
-  o5O0bJ9o8p2hLnk2IYEfSx6UBgFgm8yDumiLGznY1gJA4Yg83+jxzxr5eQrpgvhC
-  Pn9dQTowG8zzEi5j+tKSTma5SLo/KdHQAQD0W83jFvKQpWwfjF9UVXvhWTJ0pGCp
-  UwtJAnyuWhkkxfoTjc11aJlcKxbfMkw21OxjXVMCgYAEIowxHOxqhsrDGpMVtczi
-  pWiHdSH1ZUhO2yIYKFBGkzgXZ0q/3eTv4tVdXL2QwwPUDwB7kPkreQgoJp36vQA3
-  GuCxDKPoV43TW39SaGfb5sX51oVFShffPVZcM291Emlj6kKQGYBzDEMKNnQsnsgd
-  Y979AYGotjTl/jT0uxMU8QKBgQCc8re94RVRASBkfd+NViTTUDU1rmZS4quLMkb2
-  6F2LcHAWYyI8bTB9OWjW3VLb15bIRus0kNiKufjNhFEyFNcEYbXZVWLaD8LRe8Eo
-  j4FxhNI2urqcIQRnvDr9MtiyPLBZO2PvBnlBznsI0vSncNH00meAbMAjl+wIZsHk
-  DkoapQKBgA2t+RPk/uN5p9fAWBSA1upiBRlUa+Yo7F/2nnkXhe2TYtC1XC2hqtAB
-  0x67VxVma+blByx1o7+PYKU43Os0odAobmnjiywoEmZAeayw/JZJFbmOadiorlmN
-  SlzK7xKL6tpCcU1HBXLCteAz1/DRenHBGM4sF4aY+CUezDJXJSt9
+  MIIEowIBAAKCAQEAuurQqfhhGwSdxcjWIwiqI9SqL7RX/2r1ZzdD6tB07+T7cSRg
+  sBNXE0/X//Y0SMAwZOlRMAUNRQgcmRFwOEpxvzuKTP6R2dFgg/JyEKZhyXJ1WvoD
+  ZJK5jcJZL/WVd4BLfHPd3zMKPVaj6KOkhuGgCXCuQYiy2PhCmo/YKuqKyJufplxF
+  WMltwyeyI+u7978zNnUd7HLOluTjg/Aofj/olONPbKtabLSnciTCtXqz08TX1Cu7
+  K5nQo+2GudhL4C3k6iMslvJMwaetHe7XrE3gsI6IXwQcoDrO0zqIAlJe91I1LJ6V
+  aZIqQumgcp2H6HrPsWEs8eRYbOtUz7ip1sJ6EQIDAQABAoIBAQCEP5mNePgzpot+
+  of+oX/wJR/F1uTK9u86PzdFW9VCXXzrsLWHfkn98YXShXHBXvOtAqrfPsvNVkUyy
+  nFz65ukd9aF/ompNY8/W65X6482yOzJ/QP9fjFSO0SBLR4YOPA6sqkokHrey+HcW
+  JZpF+KNDqp8QLQjlbJmrQ/UdQD8beZExZdpTDejvYWlT7nPQcAnwRbha/8ql6F8g
+  Ux5fQ/ngaRjcZ3chiiiM6WT1rCopqnhySj83Iz5ehjR3EkO5uzhXDpuTSytxhaob
+  /Iy8nT3HFoh3WW6cNE7Gc04QnJYZ22VToKmF5N/dlyJaaVXSAVisqdyUULEIHvnb
+  fyhme3FBAoGBAMTVQtTPB88bNPGTqLMA5aza6TY/zpNQGCYFAlfPXGVA7nlr1FBS
+  UIiqlaqKLnfQwA4BanqyFaBAwpkPdo9w80cCTwMb+pPp1zy2Gm6J9Gx4V0/4TLG2
+  gOOZNCJlKpjeIIcaFUm6QvQW9nqASPQfgoCqBKgnO6u7Vh3QXdbJLNtZAoGBAPMa
+  gswK4lH9pdHUwuELA1DyR+OhC/jF6d5TL27fS1gm8y2cteqclu8zI94cVHHodaQd
+  25hOFhDUvbgLdTFlObBcSwYvgk3qVLCBaPr9n9O9q+KzU1FgC7YnwXtZqfbmpxkc
+  sHoS+JbsZJIN787Yl+BbK/MjMlCiGiXdCV6DhJV5AoGALpUiCectO/B+aSW+6Q4v
+  TOdKBhK3utlbvbO1yD5E6ZmiVo4UYyX39UAZx5CISsbWjPn8zyjSQWjSJRMpxey/
+  RnDfbiby+IqA69dVDhAMDpe0YjKrQ+ujOToKwpEasa7wF8kufJJeQhIlJvyxR0Ul
+  x3l1PK58Sro9OTUU4D4gJZECgYAN5EjvIfwW1VjBadgNBhUVbhLflhdaCu03UCeY
+  vVfP3MHurFLU6kfRuWlmStYkgDUgwLgItwWZxp5kwvrabL9kLZH384UNsMNQJsT5
+  +r5EWkVVOgwbzVI+AX2T7+a/fiS0UahgAW+FKFMC6Zr3hfb/0hXr2eoJI4o8+amM
+  ZhWQeQKBgFRd/nfz+BBKleoaA5eWG9KHpGUaNauBay1/hlYHnNIvppabR/SZLAhz
+  ftAvTtml7rDdiGMnQrr+0qSiljf0ONF/6otTAjc+/1aaftmG1G2lSiUGbWjjcBW/
+  gEsMv7xkZGqvmge0ycSuQU96dyLK4C2Iu683kBJuu4jeBc0Im869
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: admin
+  name: kubernetes-etcd-master-1
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEA5gpDzgk9t9H/XWumXLbkWCbN7fKoDt9zkLFTympjipE0J6wB
-  dgPI00IA/IEmJjkRa567UZkcFw5uHNBX9SgaIABFXq7B2mU93YbC/gE0jjbL4sTA
-  PCRFvD+mr2lD92SWkJIKauFhudFQLEd9ob/e0FsjmMYW6L7ihxLcTjwB4jnr9eip
-  4dlah6YKGtW7V2jE5VgCWvXl/vqWOU8CHHBsHS8EwdXV5xLPU7P+TO0V2iSyi7kn
-  yheI1gJI0YP/UV3/GapkK1wvm0v3G3hW0N8DzLj0ip48l/n35SEorDKgLlFa0Aud
-  PDUvBAXREVM8Hpcx2nd3dnpLztNjiNn7y9WZHwIDAQABAoIBAQDPSMScbbtNXk7L
-  MWtw8+SCgkThetxwumz6Hq+wH3merQTgEqAmZXaa1kjpPr7PhnDqFtgXyO2E4R3b
-  nOkFIaOY3mWj0bkgQEYkzX/7Pb7LvxitODk4eD7WSEy8lxAFZoA9uTrl4D0dIT0r
-  CShtjeUKvnUu/qA6DXc124rkfDH+VBmu8c+Z3zgDjmZY98Zl0V+evyReMJ4Ucgf6
-  OADlc4LZYAIQZPQfU5f0xVGiJ2rCjro7VWGDgifL8hT4TxVILgjH7zdYU+zXpfQZ
-  xdIUCNuKKG4au6G/c80VKEbJFPYZTqmxcNeFv0mnjdzvg/WDvMS+DUrJ7ITD8Lkq
-  575BrQhRAoGBAPD8G5WScAsKsQfgxu3/szIi8e+IvQxD9cPvUC55hpizm6zWGhX4
-  mOfio7SzIJ4HDZ0wch0aPcJIh19Mk6Imfz7zWLoFwnNP5xwGByedggzCawhQmrpX
-  5IXPuvhWjQilCRihoQZz0+1+ynTyrm+/4oBCAfP0NmYRdazXCpxlfSTdAoGBAPRf
-  lK2s/fwUPRd9Cr0Wi9sDz5DMtCMeJI+C6gxo/LU1+ftQgmmew+E/6palG8lFXQeh
-  snoi5Q7t/Jyj845oYw9MbH4qcQrAYA/2pYI3gNxbsKojez+dzwrsZIh33CFGn67K
-  U8Pqlp0otRf3n+4SWP9WDhx8fD2vv2ca9MvP94grAoGBALDpY5a6mmaAwtX1vhSa
-  0wLLhLFEwQRwH8xns4Vq0dTohjCsPRpEFnyldWkC178rjmMHXb7ftNccR8U+gmNX
-  v7KHE2v9LnNZBWEdS8NZbk/PqqPACNckDy/tAGWvpHnkLnlWrs/92GdR3W9deZGw
-  XKerzaM6dXUY/DqW48NM/kJBAoGBAId1lAzRn9hjv5mNjq5SGSRGcIBreE8fHlUO
-  1H4clDg+u1s7vY6emyX5MChhTY28DV11nGFnhmFIOob5usBtzLtmOZ2WGSNEj/tJ
-  VWVhLuT3Tm6BTIhvCZ2ce/3JsxQe+dUCAnzPRL3JGtk2QkjNkte29AuGVbg7+3VD
-  0/5GQYgRAoGAX/ZzE8rjmHw/ONQlh95rJotWaCTsUoK6F3F6vb1KeJ/5prlKKv/G
-  O4CsoHmchVAI6xC2wPqpMRAAM2XnJpUqpBHW23dHA+evbSFEovL9X+2ex4F6eGOm
-  bIlq12a6nme44B4CWHJ/YCwZb9Uucr0iJqh0hlOYDFsj37a+356ihaM=
+  MIIEpQIBAAKCAQEAy+4FvqTdqTciUNHW9UADChDf1QoALAEjkPXCiHi4bPzvryKx
+  22sAVLD/LjIgZ4q/dNB0+eEnrcjd8uHGDmsV5Pxd+6LrbUfRVUxkkNmu9KcBetJ8
+  HZIxjXWgKCa4/cSlYgBfdkyyvtvFfrp1TwpOYVQ7KIEeleueorM0ruaN+ilKbMPv
+  77cJbFHaM/FcIU9R+GDystdWWG5kVoUqNw7Y4+1Q8KzCavdN31EB15KNjZLF1eQ8
+  EoHuYiXzbsF37oWlslKtxEqU/WNggUtNCi/cP8QmrVf00/lGmpErUFfx+0untvIQ
+  OZ9vVjSPMdc+TesKsb2Hx14GyFL4PyAT3GqQVwIDAQABAoIBAQCQfy544E7jyNo6
+  1ATxMBM3Pa+sP3LRu1jdLRZTJt7e8vZObVIC/DV2zRdzPzdwxoJUniRUrnI0FGEX
+  6Vwx+TTBVQSu+cjBXSL5wrB7ZpMubWuCAMTLGzybVF5QNOfdgEoDP+pkY4I/9G9j
+  FXFruQzCsDFeyObIKfT0qfBJgbnWJ8m4/GyPnwW+e0IoGA4s4jdNaIZBWe+4e52g
+  NzcEexKlej05ED80dMxIfGPKrBPQUpZBsz2stuE4fsQjmiwODscBgbQ9NZ2h3Q5R
+  0HaUQPZJxwBAMbQMsEQX5bLJhkgxWnIPBaK4yxI0Io8W6LPqntIYFdxVVUMvbdac
+  h2M3+oyRAoGBANvyjS8BEoNLcW1aFTF/y33Vn/J+ftxhZ3vVEmgWfFBJNHVvxK9H
+  ijwim7i+FPr1vsj0gv9HEefxUAgb3iWKAde0Yr2jUfzMfJVvNa3B9hEOpPqp6Mht
+  aXO30exyGmLVJDGCCGIq4MvNZ9NbuUMm6All7y+FMnyhOGXAZRJhV6yZAoGBAO1b
+  VeuVt55Q5iewv+PAqneX/EsWDS0TMh4H4qmKp9Q7aUDr889khY8MTe3fZwLqQ9RI
+  Py1TbOe+QKk0yT97eKV0VS1jVHpbvlsDAg4Qd0JK9uJHLSZ3dmOCQcInwmddZn5M
+  Bjt7VRQwMATS6lDNvmH7HWFPO3PPllXc3MG+pspvAoGBANpZl8lzEhLfwZIinOmQ
+  Cc85VVliNMTJufcYVvaYY/88PWTceXDc36HFZbxoj+F4N1e+TZHp1x/g02fJaqbv
+  s9aVUHUc/tatlnyvc6W06XiThjsGlH7tB4QGl9NYj1NQb2bqxTHXiWUp3InaBDhj
+  FnXGCUauv6k0UA3Li0tM8cH5AoGAQa0iKxu0QRQ1ewoHLqfjA1CEuOoTH0POfEzG
+  RQ9evPTrfNFNFzfDVP+cmJNWV5ImzphnEs2gtscH8Unv3ab2jSGRaAuyFmFIXLqK
+  WQXpWeiQQ7BaJ+iqU4J5W5XQzvUjJRM4LkFEG1/yCYOq3kzvvwDS8lgQJU1tVbjV
+  RK7SS/UCgYEAhY84WVT2TNXQQYXFXaTq/8Kpc6yDHP+56jQ5m7W1BCUbfi8VnXv9
+  bKV9ekU5hBEapZz9L3O2U326oX2Y6NR+NoaaxUih3CWPlapV/T6DpFSKHwjdIEWc
+  d+W4c+CWpC0KqXFP8bSrAX3EGR/I2G0cM/Sj5AMIrN8xuFi8r5VAcq8=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: armada
+  name: kubernetes-etcd-master-2
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEAyQJM8mAjV8nHY0GuLluLDNLzCujY5hPPSeIhY+0hhcgwOrMU
-  G7hQW2+xwhW1otLUCPMz2xrWACXjLRGmjj3dMA3D8X4eg/aI+yH0BlZ3cYX8VY2w
-  KYEdDdiaworJNOAebKNiQS3epetmVDPO33teqUwKn7JdyuaKjpHeJ3zud2YUKFOc
-  uIzWwfZsurhmU2bMOZPS204lYCPU4T1xZqQ3NPRNOR/g2+z7ta3tI+40LSFmEj3B
-  94hXbIRO//RoWkUeLLqyYKqhlpexB4YccXfaPG1gn7UmUmA1oI9Vm0NHpjGyRj0N
-  9NOdYBXIcp5NItHPB7ovZbMRHltiDw+C1ZY+LQIDAQABAoIBAQDFvt6l/xAl+BqQ
-  Ofg6INLNneV90Q44Yjql67F/lbRJ4WQZCz13+74KBfrw/dx/vzrbRy63mVH4OU2h
-  c+DPxGqKMLCYLcOlfO7LaF6hsYS2COLx437vhdZoXbP6OQCyZN1pcN5jUtXbkpZL
-  teAJmVvJ30YATz/YMS8UDMppPI14pRQgfwVvT4uq4/e+FFGRhd89aig5Y1XsPcxy
-  cvIMTcwYSjAIkQoH8Jv2uBeTpINHlNcsNCiOSUvpOiyPA48CRG84VyDLNN+xp2DR
-  5H5kxZqSH/LTDuYDeqJTuRvaWcWsMI2vkotDv2fjdPTImLJF+/xlCPmV99ld8KM6
-  cyjdjwGdAoGBANxRhaXW0I9x7Lmiivn9y9kd28DYuMToZuQ33YQewjeVw/lYmw7K
-  cdkGkerl9Y406kr0OP5kn/OusOKwDW3HwbyU2ocQ8CK2KQ6mAU8QK4S1lfenQc27
-  jgp7uuVJlD3YwWBtgXCcIJYU8Cf5JBOjcrn3eCS4IX3VohACIkDrBuqrAoGBAOmQ
-  M6YuTj5uuoCbfZ6w3G9C9Zzq1C3vVM+X0J65cK6yEXBKwN7RcZclXwQvTacDdKj0
-  8N0uzNs3ZysDkuuCIu+h5W4FZSutbsuTTTQ7Gr5EBnJVUkEb8k3GRVyjgSlIMM04
-  57msBlqnbPRpdj4XxaSNC9X5yaCyohZpMgALUXqHAoGBAK9JtRmi9cCLFZsEdao8
-  gOk3VlXyl98iQGqm//lUN5Xd9FP4aTW1YCsZjRLk7x+7fgUwlf/gs1o/zMAu7iA/
-  5CZUECGSGlyjrbrX3Qa4iMdHag/l5Pb4mCRDGQnAJs+mGwTLW0brEQoXkpNbJ5bw
-  XiETgWVFkm/5fr1Z1ULtO02NAoGBAOjmgYpZrG43LkSmSJqgk/9ijtbdl50ChdjH
-  8yEDm6ioKhmGgVLvGUz12AytOsqq+H6uWSzFyUNjuL28v5mWWE4Ka2TNfngSZmQb
-  y6WktmM6JA+IoxAH1RPW/T2GUXqf4QITl4afUmq9fzktnNoIDG6sszu47GURG+4r
-  Ec/XeXUrAoGAaRZ+5Y10fsFcbJKV7W+oepRrsqA2PuaFIqKdxhyl1uwpGIOLjfMN
-  JtJlVPzZJR73/xDF7FyzLyrTiOVDqSWISXhGQM2wHCA9bTaVC5aVMWqREbkAaack
-  CmQDBqZpgZSDsWG5orC7pjEfVn78BXwrBPKpR616xmbGcquuIW0TRS4=
+  MIIEowIBAAKCAQEApMu2UYvnvcj1t216FqNYgit7urLtKqKphmkO5oIEByDG4isa
+  dtiME0QuckbxU+BRqjYRZJU1ccnmOH6W7s5CsTUQmXvYRNyHAfiL0EyHqPNcByH4
+  8ZAJibHdb/BXSr1LsBIESOp1Uof5+U9zhY/orbz7T2MoLtaOHBZtXf9MaZAwOI8p
+  q1lT3IQFNQJT9sJg72/re2oMoR+aaw4R5iNQpcSo3GK3AXLy6WuHge0aHisAUvVv
+  S+BHXieFhTscBfjTwNvedpEcqEU2cOzGAeve2PDEal/L9RU4bF0vDcGvKe4IZIl5
+  Ttjj+s8+HMppEoev3TcaPPnbA/8nEFGu9F3gzwIDAQABAoIBABcJy6E219z2XTOZ
+  gHntuA/qmE+PeAx/1QdPZJ/hCUMd1/ACap62w05mN8AOHurE72XGTUQsf946hY7c
+  U6lq+HPhoUJzx9ZIpi8mWhVyvXxnGTR+EVlj85FmZjih9vIh6JTiz+qJrIEvNUkf
+  TF0dsz+mrdN5X0K9B/zxPbToXfxbzH2G28VRaYTvzaYQpqB8RupLNpBB8Ek9m8l0
+  s/kgYO6CjZgGycxVuIxkboIj1bz/DM5m2ZGcciY3K14a4y5VxG9IahIrsc3qYQN2
+  u8smFMoWaKkK8K4zYuXWBBkII2SCl62m7Yfoty8OnMlV1bNNvzVaIdLvWXwPt5PK
+  JpnGomECgYEAwlQEolDcBMR1ir3pnzrxx1GeN3tJ8EgXpW8jJ+PKJzBoejoHIfr5
+  L43+Qffi1E0kj0foBQhbmvrQrhefDjpEQuxUrjfILPmjt7Y9H/TH7eUhbmfB8vhA
+  +LAeRoaTOQsQsl8AnaWQWbKjAK6kkmR90PID2Sk8GYD1/LRyk7zbj6kCgYEA2Rhc
+  5FZ9Hi/FFnA261sAD7y4B2SIfCd3P0dYko6a0qW2mRM7ECj4CLRryyO1chvGSx0r
+  CK3c+afe7aJM1O22KjMdQJpFnKaia0lOfSX0uMkGo6WjcZJ7XUNmsugwEfXKf4kt
+  kWzd8NVlE8yETsvlQMuIcWLWuVBCrd2HFGayF7cCgYEAiyS5xLd9MvSw7U0akOcV
+  5BAu568hvCkCtXQkihVy1Ci3Rn1ySgR4lHJpkja6diVefjGQkrnvTcM11NIZE4jp
+  A7pQ0AYlEP8XGR4mGlGdLlwYWgN1PlI/w1Hn+7u0gu3HYNDhkf/QoklkqcJjGGdY
+  J1qDIuWBoQlUGUPjnqFl3TECgYBGSFXicoGlIS/8OK3++gIGFkG52vk4wIohiVaK
+  c/J5mb6IxioL7EeIgeiX5mKao5VJwhKph6gPhyJr6mxXTvH3rX6d6JP6yBOzChOH
+  /p7AqAwnNLu6TAL2SZjY+MR/PASnz2BaQVWE34EOrNp0rBv3Iy10D9yWN/6uTRar
+  Kygi9wKBgCg7X2uppX4/kPYtr4KhBOP/ceqEObQqd+Qv97h0MP9L9Z1guP0kI4jJ
+  R/BROJ8e+xlUUEDLOXAfKX5XAz6z0ZKDHoVMUIUN6QV6p2balYJJTWxgnBbHfDP0
+  cYIfp60GWJ8eJ8kbdQ3jRcXH33NytNLH2FGBq3quLn9OWKEH3Omy
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -1737,31 +2240,31 @@ schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAvayGQGKWLAr1a1/L0QTuIPkDK7G6Ec1IOdykJttLbjVCKBZ5
-  DurV0h86bk9tfYJYOY0FmX0Pyc11D7LtJUMmrVv0VeR25Mlxm72JABAoNlRXsLPJ
-  vXEIIjk6DyooLwQnTb+Qa1fcXzpiceUBBKwDNYj80cRsGMHTxMIVkxDEiKM0Vb9X
-  AKaCqmkhqWrgx7luQICboCBm0N2uqrFEl7Z9movu+DlKcKir4GQT/DWZxT68+oQG
-  kT7880s/MmQmkKRNUwf/ViCs6oxVnUrSwsj5KaC1swIWdcfIwySxS3DMeFNLMohf
-  8so1h6yvMf6QrB6Fw24LQrivFvhx/COGQBDStwIDAQABAoIBAAPlQTSdUbxB1VyJ
-  MSRv13wx4RDKq6ml76/QikaKBniS+3LbU00tIYsZPRf65aLIRIuaC91lJifc4mSa
-  Jii3wlmZI+GHubFlOcIbGG855bmH7e0hJCmR4rrhNgINuZmNmkkMgCjUOyBxkIgK
-  TgUMi1xUHe0o/Zdck77cxZippX+w4VhtJJUqVDPEnthbkLRGHR8roSZdZuzBPf8e
-  cXNMx/TjrxY+sr+n83LeHPzuGgxFN3MO/haZxVtLuWQl2NNKB0I4nCr87xqTWqZ5
-  joK75wI7TC/ZJbqyGauJXfBXXKMFq7l7LP9JbpqqqLoBDYvK8Q+xXW8QmFuvFklf
-  RpsOHbECgYEA5zkKAenZIPtfWbvxAlgpRREI4CBe0f1QK84tmXU7aT9Np0Tb5Qnf
-  kH74sz3fXN3z4GsTItjNVfzOeigmT17soPQ84Mu2p59K3Gl+X5yxjS6DdzOyk/I0
-  ErVM5X7X1fklorOd3QmYtRytvBB6lhX68dg6/5y7VbtDfBm20mSNKQ0CgYEA0f+0
-  wpTqyqbkxFFwiaPmn58ojRfOROpYHTrEOdQTwX6wBSWFhzBB3BSqK0p9/hGnuqdS
-  PZGr3AOYaEAFW7uipds0aY2gx2JfSnKF5BF42YG2ddDXAfkmFx8ku+DkF+XS+/Yv
-  ppRJGzdnSn5fKrwVuLIPdI2jsAiB/ovHnn4usdMCgYEAh24/UFOaG9lgRfzw80CU
-  G6IYor4TC8flV2MSDlo+DC1J3HlWmtanncjg/ot08r4GBCJzOOvniT/j6GTv23lr
-  +/JSXhCz0YZZoLQhkvsCfAEMe5tKM6Gfon2SprEe1nNx+dRe2IKwcRR1Jjw4sQP6
-  0gCmveUdTN+8bUnabWz7yVkCgYEAs1zcX3YiNITn0GZe4LEFQkEGubwjiek+6XhQ
-  MbRaS2KRpVOvARDOr9NWpTMy+dbKlDplnADX8UuA2UoVSYyyF0drNNyq/qGfEk9O
-  3MWvmteXqHl/q0fKqOUI0w/6wg6ibmKPwI/XAVAJAS9+yVlslBxB5yMzNB+QKIHr
-  NgxAhdECgYBqAH1yYo68Km/rlZqizNNLcOKPb/U0xG22ek4rFlOoYi+3q0wAXWLB
-  ZWah2/YVJGkXREYrsi5RcdUOh6ef33n+H0rJfnroAqkx2QpfN6TH84Xa2e6Bq6tX
-  YSw80MefOpa4MTHptxBukcj+KBsJWvqoGydZmcZPHH6ZqEPEK6R/Hw==
+  MIIEpAIBAAKCAQEA7g0AkP0mdZIKe0ed0ThF8nny+m2g0RBPhGF20kGSkh6VgzXz
+  W3c5K6M5r12n/GtH57KvM7aNVu/VPiTxQVZzRkTFgiULyHL6Mp2t8wEVjiHokKBg
+  +3OQr+8AMoWLKNqHjkyTr4ie6716wKKnG3P/cxZ95MSA/qcsmsO6bBTPKEGW3dyy
+  FzvgvflUs1ljVLGX0OJVwRVsdRr+oZLdSHzSVNXplkVtJBn5Bnz26TvvEQBHODXr
+  RMYGnNEKCouUPeaErQlZAIB+vXi4JiyXZqUby/c/kts3BCS1QYb6uhsOMUyyKKWd
+  r2cCsf3a8x3YOjG1NzcHR4vKOrU/b+3yto6XgwIDAQABAoIBAAv/XcLw70pHpP2X
+  m22a/3N8D/HtKoi+4LMUUm/AXEm+/twREQXQGXKIlHSxLLE9Gu+jgs8BaVgzWDT8
+  magoWkD1YFrx0Qk2OkPozIaNzG9QaC851gl2RpmHWyQwtNXHRcO3Ok5DfXb2IsSo
+  rfFlRD+hp5CrErFC7a2TJcciuVoW80UtGF4Yl0iVWkFcdmwBgxa36QhrRWltKDt0
+  GVlugIcORYNnj93QdMa48KFn7py4ODGjBkFcvurZofkZKgIl/qKv905LPZ4JdiPl
+  5WX/xneYP6zKj9gwPPwQSuDcmGGwwNUFbWoS03yqKhJh25f4+e/7bg2gO5aLFBh2
+  a2HTlnECgYEA7yh/X0P6BHB8BBT9VsJlPem0mw8CkNt/rdPbDcN5PQ67axuOp1LL
+  vbzbjnJouxYF9yr2qIuusDiFAZW7Kah4qqc9ctaRNj7p4dhe/jSA/4qmd32sAUss
+  A/7mFEvjPNaDWy3UK2hVtvFiGBNeucqdzdEputlgd5sSgF6eEED5zmkCgYEA/tCK
+  Y7Tg3zwAY41UjEOO1+imu/zXvABVqjKG17GrJxh3691LfADebFWqcuaLRtdWoNLK
+  i8fRLGpMvol/Vmh5zeEDKS+M27ugQxfvIp7x7aVRxKtfDxEWrG55nAN034QWG2VK
+  UibOhTkn/R2Z6xAf4qyNpQO7d00Kefftitv30QsCgYEA7nuryAu5HQQuJsPnfMSM
+  wJh0CMuG+3xmbah9H9R06XXvXnc0YZYmpSXWqs1bsnPbrwWgwaHIqOEzgMkWwgvF
+  iCcNF57vXvCNuTBSSZuBp1FTfoRLKV8UnUdpl4O1Lc2bXyjsEf0QvEUoVGm8Y/iw
+  M7UHr9NkZuC0Kl4vsHWapUECgYAxp6vAIEhN2CBvReQ67RNR6alMKspTfXE0GGKE
+  d7/Vf4Qm91m1UWoGjG8JsvljFaVw84K62HZfhFtuKdchnHxX7UgzZ2u4igiB6pEU
+  Gwsj9zpG6+o7QmY7tc+G4nmM8O1p60QfXCaUeX3caj9LOjosbtmvVVnbtqya9gBZ
+  NeJF3wKBgQCSrAKCZcNc6SoKJ+khRqjH3WL2cddMODGovYJiyRVmadZetbODCs67
+  9G0Dq6co33iO+/USDiBvrni7XZSJs33pHocHVhRdexXEjwtRH39458S+MNFBg7Vq
+  2425fL32q0LucXEMO8risJTjJ/SGIkwSde4eZ1kXI9ZlVLQ2OIu2lg==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -1774,327 +2277,327 @@ schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA3qZbNV59FW4sbcm3tiF6j1FgvuSa3T2R0ig4RA5Psg3BJCvH
-  i04vxKyyT8jVLgvEtJg1Kbn0fzqTvOyzIKG3cWXTCX5J2be+KKPa9bXx+ratRAHs
-  1QjKcsMjJu1VlmnD6EJw/L16w/UW46gclw4pLHUoqA0Ms9fo8xpxVMQ7FiZmUm9c
-  oy6BPEvYfjU+l1xmPQM727V39n1Ov+gXhjIMsbyVS7cJX9i4F3jga6UB/yfY5+Jb
-  Bmsw3rOvF0UDDRzq+UgiTry5bJLPLD8BOxM7sYm1r/yLYE/krGEb+4dWtLxRn71K
-  iGi3OmdPByGQRaIHKhGBzK0keS8lbOm4NXE+AQIDAQABAoIBAEgpkNw+ULo2aC35
-  OBLOzQNQc9PLEipsvytnH71nCguCi7vmeJk88RyEgJJ9XCK9a7bAslJg0868tI+C
-  BBiqcWNOhlTIWrU26WoQmXIT02bX+FZXbWQqojsJ5gXC3H+Qrg9EIYy4+OY0NIP6
-  w7FtxIiFPHUjLZ/Iddb9FghMRX5KvsspU6sQD2w6u9wzqwiATKkb8n0NPH+B1c2o
-  SvTJOl3euDKTvyJ0G4Zc/ZVmveF6Xx0K2k3FVCckPw/UugTl7TG5M4ipEKfu92O1
-  l6Hfny0b9swl9RPfQpPSRseXAC19DtRbO6WJlNWtXIwN96T6jT7pt0cg/9OxrsKT
-  olNK5rUCgYEA4M5bB+hAcko4b2N4DnuUzaPNpg1xWyEKuQlaDb2Ht+S6ATT+cScl
-  PoZ9ogVRODEipijMTsabNxAHcVvSmyOSsyHWYoVA+2yqXzztuZOdsxZH/KTtGqij
-  lhQFOHbOardxHrOiLIhNlGIH8uJI2PA8ejlgi1b2bCZQjihgnnHKEisCgYEA/Ytn
-  2sHyknSQDY6XEGjG5SYdqp6s5kntgEdGq4LI4bOUN0uqud5kLAFG+u1Ov0GoY7KE
-  IM2Ah2P1SW8WQcJ3qzJyCQqwvmjQhZiy5fc6tNdVx1wdM36aHWjHXNlkNcE8J2tm
-  bl30FSac3xkEZZWbtdPc6igL2FBYLgBBWvSO1oMCgYEA2aMNgAc6NStjnXrn5OWB
-  duBJHKRRBM9lSSQjmb/OX5rA9KAwYK1sIi8j+7I4IjV3fPNscCtYYyNSgU1LBESZ
-  JnDw0yp8cayO+GrNHucpOhKtGIs2vKNc09OIBlUGm0wC6J0xuPkwWiHZ3ityKQvT
-  EOTxcZR8NtGVFTtD5sD0x0cCgYAWuZH7Z3rIaa4nqOodTGbXTw1Fp6czlNi2sKzC
-  3pwGrsPQGPYaZrZvw0WLZA200ru3A98X2ZN1jx4DEPPbvQRg0cqqyMyCpH5cGw2d
-  0wTuBIbpsXXkkapajHOh/NIgh0tO9S9fIQiphKZ20JU2TayBJZYdXq2BG+JrbRZu
-  gpDy5QKBgQCfDRwcetYACo26Is9fzBCjp/sedCgc4HWC+YiZqHO/cIxIMfvSixUm
-  XO/0ZYQGNE1kWsPAMWLa63zbihXch1EAojZRPJXA9sNVnF+LrDSIH4ad6HkinsZY
-  nrr8TtqGphn1AiblPjTKs5a8G7xrDxco8pc8Luj+VD3buSld9O8CZg==
+  MIIEowIBAAKCAQEA3NaEu/KNzpgPrlm2hJ6n2PwPJKEnO40oIIs02Jfz24cWo31j
+  vAqgIJ+olllF6pHyYWkSJ9GznWcI5eLTI0BhNcvIEDbyQVqkcbnulgiKU3LLpM4a
+  X9d5802sLqIpNpQ881Izs594L1d++nRPSQRm+5pgpme5FGsc/s0J5xAcKmrqqzFP
+  Qg+4JxqGOdPDlyC+YAecHXacI622QywcHTEd1dMzUCjkrOjX3uMywyMz8jkXfJz+
+  s4regojMc8R4YsFbiRmsGypvfywbtExQ3st+GkFZEbU0VFqVvZT7fXNx7nzMbeCz
+  AkiJ9R2O2o0PDtb+Ge+PujzeX9XH0LGtTjTj/wIDAQABAoIBAQDcm9v7WWH6GQPJ
+  O0vOjiPE6oBCKk7j+a41XHsNSDbOfdPKvM8uITs3e+dRUps6qlOEpg8CAkW5Hx3P
+  cNlVJNI3iHwyXoGBcghGp+REswFkPZBb8Zx9U+c6e8RezZX4NPvyYpLNhKfuOyzZ
+  C+nMWn56KA0XDxTf5eUQUUnsLrbEUzFLcY+MTxHFlbFSnLkc0u1rz+B7WafdA2rf
+  Cca1XSXyUzBG8bvwsIjTMd+1GPXLpsNCdy01TMHobM5XHBysrFy9Pa33/yj4Oegu
+  EqOdqbjwMhNp0BpwqsKfLGD5fp51GRwqzrBuVTwIoY0Qno8AfIDRASM2Nf4tGKfr
+  a55coVgZAoGBAO+O/wCf0Jtimu/MIABRnWABGbxcb6sOqsOoMCmUTnZE0pS5as3P
+  I9xQd2N2T9XET73sCNasSWTodQq4XApp3gfcG8gGpsqaW47fB24HrRmQS7uso0hV
+  BdoF9iY3fDrwBGZjC+W8pbGF9Vkp5lU3J7o7ZUdAdGG7fS3Wsd+bWJobAoGBAOv+
+  mrT3KLfTbQeqCIG5z8Qe0cwcqMk56VMDwrjPo1CtygSyVUyOZbwdFnMOtnG3acdE
+  D7Gvzp9VxSpl4pgpJOtuGwN+DyNvi/t7P4G+Z5YYAsc7IW3NiH/6DTgD71b7H/Sh
+  O07ch6v0ppAQIheCJ2AAZTCNLFtkjhL0ldkvnjvtAoGAUBhnejX08X8Ofo6pRHIF
+  REwZ5rihPXgx8CkTsVM8yJ5KKh+0bguL2eWthTvRhY+VedKpQd1ozKxMNcFeRL0Q
+  11/oigBvU944LpSzTz6RybJNH/qgvVZwFm1X139Fsg796Z3EJJPmcmxvk9hGgsdm
+  KQYi3qfWQbcGK4VVA4ZVIXECgYARys9FJ4E1YsZMlqAvj5+/bIdquRpsmWYi8Ryk
+  LFtmwMODWSKfM/ktlo/Tut88cZSTBmmcfuG4F5JW4PmVeTykV1fICp//jvBh1Gf0
+  UzOiGEtVU/rwOVe6NlL6zykjSKmfGuzKxEuiRj6si9rWJOTtEvqOD4axmUIw4anO
+  hw2J/QKBgGPLhAByaZlprkbhdmEs4LU0zvWUVsT88rohpvypxV9SSeXUMSM5wLic
+  RKdW9+7qU3iPlvjkKtIzw47341X/U0JW4LO6GQLRFJQ1jCst+Y5hA6ws8+sl2Jmf
+  /+Q/nPOHvwdZw4/m/lkb9AcytPvsL70WSAmAs1TDwxWmmQus51Gp
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-genesis
+  name: apiserver-webhook-etcd
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA4dhLOL41j6N+qdWkAFVTObTMuqPLdmZw/yVEuoDUY8/TF/Jw
-  dJpOu52OvHRxNi/+5NXarOSrZbF4w6p7QbMrC7hCOBAhoqm6Vgy9ON9i4xThNxly
-  GtFCeRyiJhRA6eCyoA6gyzAARMqbRvswZickwrq/CvZbgVK/9bdJuMD6ehjQ78uT
-  zD2dkUX/ifelGD1/ZshiM+0wF90EZpYMWwPN4VThAmEIU8FmO+PJEsZyp4BGrr4I
-  roZeQ8N48ep/vY03KqoOXzDUMsQuoZaxk8subJa/ZdmvAuS0GtFPzf9s/NruNmYU
-  jaQmYbdB5lvpe9hJQldtPJhcwBfJVN/F8PhLowIDAQABAoIBAQC63c6PqsKCkRLy
-  z3SdWfw82R40p+ZnlyeT1XBiqMoTtBfDzrPBpxPSJPG/eNFbtqa/DTucprAyun9j
-  1qGZoPfTAKi53o8WGj21iWDft+YIYnRetM0250KLF2gK/eMgIO1rhe8BcDwor0N/
-  ncNUIrtF7GK6XVElViTC2N9E4VfewS/b8B0ZSL6m6G6eSBb0qo1SIfw1mxjkCoz/
-  K4OcY21eaLtt23lBj6zRb6UrPfjfrKHzyJ1efDEhEKkz+Zl9XSq172IKjFxakvBM
-  rT8ssbZruA5I4RY4Ovv4MANvtSLpnskGearRBt++WRPatQ8xokhyq2siesPFANwf
-  mcEvnINxAoGBAPQU3L35WlpoDCaB9XB/0lh1YMBvKNdNKttLiS8GHzJfuD3we5Lc
-  f6L6ur4CtwGWDS9+00WQ/Wpqufu12LjjyMpabJTFrTSwQ9YzqfruyBB+/cOtfSr5
-  daJ2B7H6dv7y33/0dQuIiPWgIvKtM2x5vPjhjkukiHO2JGd4UKxH7F33AoGBAOzf
-  dxjHk7bO0GSIb1Rwh1FL4YkW2WjWdpiDQkFU+Rtq2Mh3fNPCA5N96GG8XIGmYUjo
-  Ft6dV+6B1QJt8CgNFzimnC2SwuFHMLUwZyhV5zhXCKTZg91cbrf3w32OEzu1sfWv
-  6xSomtBZEmCsTHGbxvMbGFwT+DNKpOLKF1DVLgS1AoGAC0rLy541p+kYZs+sY0AG
-  o0EK8Nwzr4JKcUrVVe+akeILzBHMJcc9wHSJHzFQ9inTAleDvrwufTXi1Npc5HDl
-  YTc9vsRGdyGQgeByBMH3T4wQgXUNTWetIY8EXB+SUck6vdi5cYcnjvWRqFiLAIHB
-  VGJbCvTZu0C5/m96i/3n2ZECgYAKt2129IiNS7wH4FhRFKo6lllEz4DUimdhLQcR
-  V5vRjrryDt3Z4rwwrxCVY2U4BGQAXWezeKDizILrkje8SCNVz8vfD/W7JXJhsCfq
-  nkBQvzdH5gNeP3FO52mzw3rBR84eVHApRhuC85SuRP1MYoTUuNQYTlr7TxQ4onX9
-  lTd4xQKBgQCxt7MwJBbGpbYcitLZInzEMcAz4GrcoUhAbdtpSQO2brpHqMrvzIuB
-  wR00IbEM+enKm8rh+7qJJAnlnUbbAHC9JlAgbjKzUdBeO8ToW5wjOqNA2wgW86Kb
-  ltwavNtN6CLSZ9RjLC02oLAp/oSS6gthrtEcfyNor22zVNeNTqNV8Q==
+  MIIEowIBAAKCAQEAuVRmkbZxhzARYXVcA6NTXJKW53JHnSAvuzzDNQ5Km92PTLyC
+  K4ZfXGDrXb64/sC7hdmBK+6UXA/UIHK5M8R6XkTSELtri+/bJlPDZzuDjbSaEIRK
+  C4LHXm/C8UP1qk4JgXD1SRJVNXr+dEKD2FW44/krtSuJ51kvX+SBr7hdkF3kf+E/
+  caBgg/4RM49HMDiSVQ2ZRZ6IYu7lkM00aIp4ZOlp4NX730cy0CD3w2XP1p1UPjbP
+  ayFB+H+TG/IlrNv/3JLDl1kJd3zDSFdDkpz8/h+hqt5gMRrAQJTGuic1tvZjF/I6
+  odkgYA6ktMNHWqeNfRV7bQglRmmaaPL/W7lhnwIDAQABAoIBAQCqs361/+GZr0CT
+  D9Hs1+bUgYDVNYGYzCiqwVDb8Ynu/qga+ha7mE0FfY/NDPrASy1uH+TGXj3wffPY
+  31KOyA4d/i2uk7J/djHYn5Z/42VMhGjThcXdzFtuNGrOZtZEQxSmUTDcWTJ6zArL
+  cuiVvn9KHBuSB8RBfvgPzx1UiPBFI2NGgZHg/JQiTL+M1a1SF7LIciB2KbFEOIDU
+  K7vgrRHBmqVe6cRajK5Lt5mn8GUmPA9uY5IL0vIScfDKVT8hCQcam0HyZcEEuJOp
+  JPmL2fRC1gYuNSTWEKnr78JGi2xOXCRe9GlZzkaoZj2b4ZRQWafv4ECFkrowJM8o
+  /atH9ISBAoGBAMWW89oW1ussK+T8zGxVk70ezoRUxrQaxotPuJ188kiqqyg4GQO2
+  YvzBgMNhxy7QrngaVlyOPAqWN8i055OT2VrSiMA6C8w8/FvwqBGnvFqJUk8OsOuK
+  b+tAf8GxW95cAWIO4sDNF8Y/x/cqh9AZ95cHLHmHnhGrSbg6SOPnZoRRAoGBAPAd
+  paeR/li63lyfKvgibh78lS+bSSZGywN2/SU6PAMVpGZLUoq5p94U1+y6d5Ll7yzX
+  4iSpnBgy2YeMFNyKvBMrYT0IwXGAFIM5P6nzErYLyWZWgqJ9jsp/SUI2fMl2gRia
+  FIv5Dy4Go9ns1D2VrzK57xzYBCR0rAYnnvpVkbrvAoGAHIrYwOlJtIEV+icWdJPM
+  GqanmHASoBO6GIe0mHNjIGIfBVlNK78d/3sIWbD3L+kPOuQ7E3WscK8QcdrIFQZn
+  gHonLPV1nNQ2dCWIcbx0NfPeQvNRVUUTM72Gdvli1vUdcgfKc6VsyMOP5EFtiv8l
+  R9jOcOPJTq4aoRUyUFGt+nECgYAAgl+WkmWytHrCQYgqzI/lOu3qEu89yIqnsDnr
+  OUtlSkd1/BTpvGkRvIOUufSE+D3gn3iYUU/GcV0qv25P5W9urvne0kTuw7HHcXik
+  GKLihfXgZLCUPaXu4gQ6wrjTCJBPiAwhG98fXt48GRd+JfIgLmrGaeLgXOr8fFsG
+  9uV/OwKBgF4QcsgNfXJHR/ciaWWM2DLa/kdin7lvRQfKeyzPU2w1KY0Cp2YlORDG
+  8W0lJBAG8OEazGwdMGrh6OhraebFP8fEZWdR+oKK/joVswfUr58e158dPVcOmzu5
+  /CKhhTmgRXJmNDp3F19/q+z0yfZsgY332vWTbPoqfv1GwhKiUoBX
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node1
+  name: kubernetes-etcd-genesis-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAux+xSWNsUUyGLvhlh1Hbr5VFhmCI4biss7irvqvX2eD9Znve
-  bNKDBwv9oTndTI+Y65BZKGnfxhVKfn6RdCx7dgDrslwYissk/xrhL7bZbXqvDjDF
-  aTbGr8ZIaMMVbWC+IMss2cBZKZ8jrTWcRjZ+6wYVWi97a5JA9Ggy9YwCe1FGfEJU
-  SfG3QDh0npdxl07MBQowYADmKJOky++7O2Q8w/paA/Jv40gguUTliJopYHxTyfBd
-  Ffxc20dmFg2VbjKN0fPEnhXapDoAhwxL5Jjknl2QXNMSAaFjN9/aRGfdyR+1lzbO
-  EuUjVyyWB21kTs69Etljwj2KMz/gp4fCyDzPowIDAQABAoIBABAmNA65XefGSu5S
-  0bBUCDmnEFEAk8+nOIBqN6hE/GP5XuUxW4jYwiYhisoXTFoHKpNp6cfrGzzlKYCx
-  O6xjCmSsv6qs+BFCZvb9QuHzTeB87g6zdtYVvB//ZNBlxbui1cXOwxgn2YoWCeYw
-  8kO9AEcYR095OZWXEbQGKh+27Z/mxfXVLOhdbyV+7RbXhWqresIrYj/qft1I+zr1
-  g4rwBP/hUj5H8h7OLtC1Ue6AHNZiS4M5/V/D6owpdGgkPnH1yLEGzNVnl3GCDhhH
-  9mxLnmKznkFiRSZ9gRZ7MdTmDY+8W7LPU6GGMsZ5m0cdctiCBhsPlAKyXpVXKhmG
-  ZAoQCcECgYEA0W3WKZ2eI9iJq14VoYD+LriBcOsoBnFZtpwheWK9jVRDxww9rZ67
-  pTjpcggqMo92oFT20VhGdvAKHCV3kAwNfAUV1p7REKVYiave00R3zxefOx6TrS2g
-  B0wDsiqpFG4d136xo2KZXm0zXmQTCqaMOAObsajXx7PgEqPz52p/tQ8CgYEA5LwV
-  3UvnVP4J6qpkSmAkMYBlyXIZBQVyCBRAvxwzit6W+dHzBU/CisJu4n3PZ9uP71CE
-  M0+TZQKYJgUyJbDjxdCCx2zIXyDZhCXbVav8ZC03OpV9BB1j3hg0IZQjVk9VWw4+
-  oQ3+z5CzQQUV02nCZsaQqDg/rph16vNC27UuRC0CgYBwrfUFbQ2R4caokjV3MM0R
-  3Cmg1JUzajdHvhdwlQTBjq3s4ZQp3va8/bL0rJnvnCrKNwyZNDKteZcm7621rhZv
-  PNk0IT0BBMVvRS7dYsBHh0Ef8OKp0ZuBcY+ng7Z3DIw3zq3K55j3Ki/yQEvSdiuJ
-  U7+oRdzbUNdlkBsBztYpVwKBgQC+sD7aGqlkpdTGmf66MqR50D0LT9+j3AJQ0fGY
-  YX5my2K6Klmbl/7rh2TB1XjPcK/yJwHPdQvALgWBzNsdqPZ6t3YPo5T4GX69OII+
-  Tf8/1KIyaOWsRIQ5Z5wuUj2TetgB7UIxKmW/zTZjgkXL1mOHIwr98sbEW74SfXLD
-  j6xekQKBgQCfiI3XRg7MqmS93U8DjKDkxaB3AK64LQ2NOAfxB44yCH4g/6/YEs2P
-  TZsD9vAkB2mrREqwmUsD9EAmPzR/LN7p7mTAtbrNg8wYGkaOp3j0ughinPBO767x
-  x0uxaHRS+Dq7N8YUVHW+rp8rmrzE0PY+tfsyy509j/yIol+gEVDqLA==
+  MIIEpAIBAAKCAQEA20U7ZmMjPdsE+3vVdej0/X11eeTbnx8h6I/E1tYCPXTsdvWR
+  3l6/a24gBkuHH4koZVifHOOYlaX50R7jTV5o0BtjOFvrUY/28x/7+SQJPbvh6/53
+  EeHQeFKHRzLmUXQ5FtPVH1Jwx79JuJtHlqd7V+3fJWnVUQ66r86k7HfbSUkHkfk7
+  28chl3WAU/uXErFE6RvMciuF/jMPbTxWI+yga2pefFfIqmYCU7KurgpLyQwMalxw
+  P4zzMTvU/+H9cKLm0wzU0sQ3mFXLSQwrhraliAgJODilljbthEsBgjoDa4WmxCE9
+  F2uKlP0NgfVUtYNGSnmDPCMGJ6wDiL0pOp/IywIDAQABAoIBAQCOFX+XKhh1BY5l
+  82lv3UObWwebs/vIUWEklLzFRanv7usnbptWD+lUEOk5iwmFGtiNS27XRnfiSMnn
+  g29g/BNI/uY9Z/rFQFeSVaBuYbaHRU7xIFRBxyTSQxAbx9TM5VX0/9EzWbVxCfgY
+  Yq5x5hcb9CzLzpeGzdeVAn+GJ2h2RGQvSN0YPYNOeBhDbhCV2lFTiP2G9ThuiWc+
+  mobO0F98NGqWnNIbx4UhHJEQtECR/deckGZCuREdg+AsY5m71r/FbMO6+yJ4xAz2
+  cMieaDOHv2Y+nApG3oEd8HDP+cdYIeoXBoa9mfQJqIFHcwnXE0vH/ACiN7dS73ig
+  Qbog2i0JAoGBAOYSdSYuQLfoyKiviQwxIadHrxKFWGRA9N04OVAmttCLYhrki+ak
+  D9hZwgv1yzrh8vW2OCOtX+sNp1WOgjs7nXvExY3sQcpccQ9ip9lFjLtFetASEr/g
+  OwDdlK3b43eDoWkFAGWxZO/iuAqf3EOApop5DhDglfsK2ATxcoCMY5pfAoGBAPP7
+  JfIkEnmYzvUltVdMVtpgsqpJyYtqS7f9uPI+oh56wL8g/vrNmGPzrCdyfGnY9ZjT
+  gB8yKBbyYLxHKOzfRFfOgLTvVF5SHclevAyrddKbBzK1+S/PaAdE5SY8mxE21d/n
+  4yf4h/73RvoR+mNN0wFHiCANmqVUENoXgOX+/kEVAoGBAJ56QlXNcGj+IRII79cF
+  FNBcUVzpmyxbjg+/xcLPGAhoqmgp27BAfGWj1kVUxuvFbg0QunTg3PxVSFlns49H
+  jkAOF6KeBed1a6+UXlgMT1dEEce3W1DuDNaYyuxDVdkiQ5HKjy59VjDjM7Cl0xxw
+  RseFgUng2Y62NnyZMC0aBxXzAoGAMITseef0iJv75EKYeoDi8NC0FytPWltMLY3W
+  fs433UnaFOhR7LyAJrhprvqUhVQxGzBMVWfbEx0mYarhF6Ia7D9T1yeVJqC77bTa
+  PsbGSpir6MjJglmDvZZU37LDv7ug8sMhqGxDV1ADnG2A1si+Qo3gI0exTlmWdFii
+  OJrqIzUCgYA7G+v1m/j6RL99Pu7x/Ubqhr3XRg/O5H2YNIP7HwMJxu5uUhdWDetG
+  ya9ZZ9l+EydO1oAFXAolgxTHQxrb+bJ4ePz1FJMUqfqk/4Rp//A/hssExF0pwZhA
+  7G1rj+Yoevlec207Q9xoHYcCO3t9nTlFCrcSgQcvHMlYKfgOM3Abjw==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node2
+  name: kubernetes-etcd-master-0-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEogIBAAKCAQEA7Fl5RnxJmm4r3cdTLkppA73Z4M7kHI6HDFsmjLP4C54aWcrb
-  zAw6sRGjsFPT4Tw4HzuHpC4DV2rFCZ03u95U8ZzBPpTBoKyhVXEz8atYTze+0Tap
-  gLxNMQo2mhenshuuIi6xWK/sJDgR7ASsqpq5RX/H7I13BfjyA99okil9c5j842xT
-  zhEkO3bZkDei1Hcs8yrbsQifY9bnEdNADYMWnrXIRb9Xyy2Fz0g7gYjoWbRThom+
-  x2pRul/RRpxjrCe4zlfrrn/W0YLzGngXI0G8Kv10XUo8p2Rvc+2j5ep5Gz0kAeLA
-  t8sdOAckw3ervruCtngrotqP6wIxrOSiFe2YEQIDAQABAoIBADjDlHj1SMgqRabS
-  RIwNmwMnCbkQd4DUSmMRUUThxGUl57ZBHmD3XvFAB0xGFdE2oVP+/CjWVD8eiYwx
-  kj0wvL36o/7fw1FPpL/cnFkiieccwFuHAVbF4tQwW8TOgZwpQb078aQXPGPGg6dn
-  yACBgJXMhrutjjSFAbskYP0ZseOdGJfhyfFpTq6/hAwJPNU7ij6HDC2lfR6NDaUE
-  Dvnt26LEoO1r3bDVWveRZslDT9qFF2HtQibXqk57+1oKYIvQulF7bPO1oCDD5Nvo
-  c+jE9pDPd2/FIklqMdysW48t6aoXcoSq53wprLXIyJgl5+VFXTKv0DC+WJ25UZq+
-  Brj5qAECgYEA9ataVOCN8wHUqsge8L9IbtTXAGWGaMqsqzBuQB0buf58D6YrCssP
-  l1mOPNCZiDp7mMlckZmSKaMVCrRrMN/CGU8J9z3HDTMfxSOM93bcOZiqEw/CsGtZ
-  VEFNsJxRb+u4u+6mp1JTJRGxN8yu4xaCChn0K8hQeO8jyfl0x5idmnECgYEA9knK
-  yyfANuJbKO8LeZKr/HmER7vmfIi8OBLPbvWYQmXMwV9rhj1JQ0eHqtqq6stIT+5Z
-  agGCyGwGPZfCTIaBPNWsDZEDaSpCjzptLQ4pzGH0hc/1uKCMhEiT+d2k3NEJPk56
-  jTabzTiHAU/Okrz1Dk6gL/ynNpm7J68E4CpsZ6ECgYBr9lbnUBvxvE86kmHOiTGK
-  y2yFFxjfepoxTUJWWLRzo5vfwLXPs3dxmwDARygBzzm75loQ/n1WYP4BS1KEEwGY
-  37xQdEzCx0HiAAKWShz0DtxHLjjwEO0b8uryf2/mkKAJrxJ8G9jARKsuC3yb/as+
-  RzOf/hMnYmjG/SLOCIrScQKBgH/kcdptGfNmN9BZ0auf7o98yqQ1fsrMdnDn06/a
-  +OYB1wHTexKKYLD/RAQE6Rxj03kuXGAfyLoq3lK9q7fxYMsmaeHhm9PQjh+yR19O
-  K4Zml4OlKgRl2pIW3kCySBoispoYRqtt4BoBcJnNx4eLd/Wl/qjsmihQTE+fIvkF
-  DqYBAoGAHyLlp/SbIxS5GNkAUAB0Bs1sM+nvCjRBlqWj79Po7VkNg/3fDjIjYza0
-  mdFCz9b9WiWPSBcAkGFjXSzhuaBg+KyKbGqTJKaOm28I/lu4Yfsy0rGaBPxyqape
-  ktzKZt1UlaMHzfNOALevwEw8UCxSztEqDJYgySStHhb2u1n1ah8=
+  MIIEpQIBAAKCAQEArlo0RPzQHds4idgUkQzxku13Oz6LqfkKgj/PXDXR9qhKJMNV
+  AuwxU+/gZTZnSxpp5OpHt9C8X6QWfJKmsryXFb1FOPu0SuHRgOJevql/S8xpb4ic
+  3CAoGGcp6eRzNtnLIY35/iMfzvHTlwLkXrOO9EssYMqVK+odHODwaJuqJ0RIaulg
+  V6yMz7KJFM2DiLpsjFB7BZRdmz8yXgHdwcUV4noKbj03P2Zcdd5uzqwtZZu5qBfe
+  hCmivZ+KPdYckwZUVocHsuFi0/AT0lXdIuUp3wUgQevJuGZuM5N6/y1mtrf2NGey
+  +QRCGpKQLN8KsNe6OsAti72sJy3K579b6teTSwIDAQABAoIBAQCDzh2FqbmLWJa9
+  XmTt4uMdN/fTCc17iZGwNZ0FEIrR9RdYA3LY6sW/tq/k0+Pymt1C+PmOtHYzt1Bo
+  jFUI+hkdjiAum9oIYf6HeJo3eNuK6dUrRBORNZ4aFKNS9ilDZhJyI2rB/LunLpnO
+  p5kNHqELfWjnIz7yG+I2WrZj3oobc/t6j4H1/ChllChfHTuUDwq4h/dtIytyAhHc
+  JOiirOUF+QsJy6obkgHQGogcMrzGmREWEKb1zYIIelvSVO5wwo9mx37wscNCTO59
+  vVhhqSeTIg1PFXcXOLiAV2+R4QZ78lARpkri5R85xjkega7kOxtcardJ0KebPmPG
+  o/SvgsyBAoGBAMepWASJca4H8nMeaRAqmK6G/HlX6EFck10hVWK4f05lWR5f7s8C
+  MfiMUoF4Z8M5/wmIWNnipvYptAxRn1D5O6RTc0cmAngNlTwhw02+yV5z4dIFkrSY
+  8FfwKt42Xu6aWbpLxplsYvZ5fOG5LeEscpqaZADCc1KjkU2zj2Ks0TqJAoGBAN+M
+  pBos5sIAMXFCTKsAKMafAVUxsHKcxF39L74BGcHE+3cueSEktj5I43pNfTTr4a5Z
+  22QA2g+23kh9t2QFrRbkk37IOiCdraLuD+dR6ZBTZu4+0FljLBhdswT8+IHMn/r9
+  OTzi5nuLZV0921bf56BkwxW8+OiPsSmiw+bJvxozAoGAN2FPWqLM91qY8zliJuvJ
+  wc8LRJUPhOGqtlBCoMlP9mzCFVzCnoSbW7eAQw0kqs/xX7GEA5uMeAcFO82ABTO8
+  SU4kUX3HfYk29aDfzTa4IAzAfEKzeIhbUej52vz1w/ToInZWNcQMhxUXgHyerzBm
+  8V8VkehdmHRqH0VI5jPNLRECgYEA2rgnAvk1mVBJD7A3hQN14cdGrY0dPzYEppUG
+  thcrlTteceBFYVki+dOkxU+1libHuydtkO2IbOGVoEVoPfOTw5dGfD/5J1o+ve/A
+  Hao2JCCFz8ojXaG7Tee3NMUxewWy7QX+j4TMzsm3FkBkLx6I6JRNjyJCQn/8bWkz
+  1MVFNaMCgYEAueieU5z/eT+/ESrpUrxVB02ndrnWjdtNjR52MzsOdD4/setbKz1M
+  wHAgnh8SzTpBV4dcrKo/nVTixOqfZ0b+e+YXn4Xfn04NNdcxcJK6TyIFX4RM0NVG
+  /NJqQu1Lkwnym8caL537jhZxgMjEJrLl1+5ZUYlFHPsRazyIrLdW8OE=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node3
+  name: kubernetes-etcd-master-1-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpQIBAAKCAQEArs0iErZfH9UxosjE3NJWRJNsYm2ty7r2Ruk+hdynn0evCzXP
-  2kZRgddqQSSKZsignr6Fl2pmugh/GQWBB6FiJCC6QS9kdaTk6tyN2zH2MRlax3Ar
-  wRfgigltFD4jNBA74rkXNSGJkXijXPCRyzGipqRrljEzJksvZxkg8fgFJfCKze57
-  3sz1k178gI8WhqPq2YdItk5/AOcj/m1fEdWjQSpxy+bm6KWnu5EykpoE0wvpHsNY
-  tfKf74fXkwyx6+9OZCpOOYIJ4buBuRgEhOQbAi1Qajt2qXjXE6qYTYySzxqSSIf/
-  X6agvGkiIYJY06HLc+3lhpSg62vvj7/ayTvj7wIDAQABAoIBACBPhqbS0w59R+mB
-  FvKCZrPSVEx1XZS1AGTnJEl2Gf3VMEPwNHVyXgqUGO3lpTeOijINoX/1iPuGKogj
-  flA8wnlPG16FNhqQ2keXcRk9SPaWazNGRrAwi664Q1NkkPlEru0frWyCwH0FQZ0i
-  UrCughQvfDuM6JmBeEekW3SelcUHPStgfdvI0ry+1mChZIFcHcnjoYLoKyM1d791
-  f7HalOSRw/0Ofd909t4Mmt4BgQ1bqpYQs7B0kd4zX9+eH4IZkRLv6OIEx1yd77Gx
-  Mqxxu7HLKIVkdXM4aCJ3i966i71X1cJehTvSACJyGP89EmVZJRqXo2uWZPJnRVMB
-  XE5v/LECgYEAx6vaVgzlIa/wb0rRvjKpm/frC8IpwC8A5AXLRykwp9aj7zla2nIN
-  N+8YvOQiWOvAUTtS6YUfid30R5+4FHRddxjXZAnaGl/H4hk19vbL8Plv1xNuPbtx
-  6c4z+66/U83Wy34KKkDHC7omHRwx1njBZLM4I/BDss0EYv3YqH2CFVsCgYEA4B0u
-  4B5u8DcVZAM81cFN+Aa7OyrMlFB4gmR3rVRqLO0yAp5UMmBN1PXGVcInucpe6N/G
-  9M8EfMG2F2Or3myECanketGqW5emBKVmoYhsGY+MRUyNgtDozjAgTJtI8kD3ojox
-  QaZ55KB/YtI253ySU/4bBfI/KuESuoxvujmLq/0CgYEAtgM9I2Xb1QqJtRnR+nw6
-  SlgDphNXdb4jJLj3ZaXxmX26sI5q+GgxDoTg2wdnHAHDrQjT+tUEO+vdCxFYfyTY
-  MoGtjp7Ad3xKPBvZKogsvjzTK46l1pYxL/1tO4c/F4iyvYrmfz/Pciw9JBoYgDZR
-  rJcGnRQe0jW7QvW9c1H9q7MCgYEA0uWjfvQkoZi0YHFLhjtqC8UJ3BvieI9hWBMD
-  K/EMGUr8jMpBoUZO9+Bwy7LxfzyZI7uxlh5Zsqz3lfsNeTnU5uMhRxKWpaqHaEfd
-  1JR0ZXlYHr5zTG8bJSzUuEJI2u+YGOl6ALWQbz05otz/Hcd0S+YLuATGvKsg3Lvb
-  R/tvHGECgYEAjulLqu2uSZyu6XCHn7CzB3d2WMelmRxMaxlQ9zqOVb1CAVOPVHyY
-  eL1YJy5uNvWhsdw2KEe3bGfWyHybtBixb1Pbr8SUY0U49TfvkBEJItu6W859FRNy
-  VLSWkZ/dcCEosjItKVIEp187iT7GsfBjE8uib7LaFxgphz8tEbQ7U+A=
+  MIIEpAIBAAKCAQEAnYiU2xD13DCiT8tsuiwVTDevUP4YFedzWVxDr0r5YqLPYExK
+  BrqlPCpp/UfWaV4JSBBsKYYzNq91DyAtAvGIxktRxxIlaUn5W12860bbyoNWImRN
+  srv5BO0qATWAckkTJgs7SGJ5WQofX7vuv9oMoDzYBO0Y5lOLHVPV/sKS8VL8Eja7
+  35Spzj2yWGaWjhAH2Cwf6JVN+DQuFStIfjuufh8eXhzkguBS/5l44P2QYN7EeFWy
+  w3pasF88TvZcUzQ+IvYJRvRhWB5kMkr6AKImslSxHdpb9PpTPE6f9o03lM+AXpEe
+  TskW8yjlsIUY8V5iaOA513Y1etAQ6pGoiXd7UQIDAQABAoIBAGxM3IEqTMwex0dy
+  Q4JOEio+0hEtTmOopb1WV9XoBkDQSx8Z835izHvrcMhGndn8Ywce+y0k7Ip431IR
+  vcAbSvuABm2ERSH4UCyG6f0ZzrqPxiSIrn3lCpJfdZQ1MuPe5wItkIj34hLbiawo
+  KD/O6QU0LxJb6dVWs/nqi+DD5X9viDvX0xEikx/3DqOKgROs3qfm/H7EgidJqOcM
+  CUGP8+ZesNis5JdcXsmSt4hrZ19SYa7N6ZeU4UaB1aT67JLItr6FNX5+jdCm3xKx
+  RIGBFvSRm5sX0K0TcTIl6y4t5jQNZ/hJS6nndZ1DoG8qqHUuP7KMpzcA/fZQEFPI
+  IEZ/+gECgYEAwZ23PqUEGCmhLDMiNnbqflUG3wZNPdm+2ieWqKvL5h6CV4Vypbda
+  Sansrj1ITFWTYozed5wC0hgwRuk/4m59MXZYNOa7KQDHURwomMKeIcPBwqaER8xE
+  Ryny7W5lOXT5iH6u7YyCLeHgBUEyrLt9Z9i6nfrUgb9vVt1ok3m/DzECgYEA0Eqf
+  KqFtT5wtqnSab64/M1u3ASJG94ARylvFVu4+LrEt1ebDbozhX3TKx78hJmoSGNw8
+  GMl2UBF7H8qWOOet69qihdYG6Q9RTaK83XfH2Ej/t467auOLTONSiUZTI6GS6Opt
+  gCsqPIOdihTzOsLsY4hPPHDzssrt3kk6N/wZZiECgYBWuHedHXhKAktoarbGQlkh
+  oJ/lQQNT0rXDLLw0bE51kfC7ltAVHZzZJb0XBefeGO5c08/JLx2sUJ0/BbZRiz+T
+  6ff0KexmnyynTb95PKJraSzeLItPRVTHsyhV5H5+T8B8vJFJYQfl2Sfn8p3p9Ehl
+  PRPJMtIAE2ihNaZjd8J14QKBgQDKclz1gGTQZcn0zNR2C/QdpNzgW0KCuJWSC1Ro
+  w7Loiwkzx9DXmFJNByU4s8oynhHs29IFfXpjJDp5kdwkfvoKLTydvIKG735kaPIM
+  h6lTzM/OxwneQD9age/swM956Ebz3zaCxnGM05fBZ89oo6BCtW/eHSKf+qDr1lyh
+  oYPGQQKBgQC/x/vmIFqljEz3pvkBSFXvPWmT1SHxCOKTdgOj+gK4QpnwKlo3GJHA
+  pAvxSLaGbFeBVmyTMGhTn40hK3MGCDRa2jyznvyT3SIauVVlDJTo/m0bRD8D1wh6
+  icIkie/oMYWXdtVpzxlAhdhF2E6DgoLVaG8QiZ7sr3T9z0k/5hafOg==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-genesis-peer
+  name: kubernetes-etcd-master-2-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAy7jTCB3unRrn0h1TJUo+GCbXKSkuDQE/37D47UqfeFS1ua/7
-  o2fQ5gZfSjgbXHpyysDE8BZIESFg65Y1oSG+wP1Y3mXSzkPpssUpGkfhceBfC2d2
-  Bas0NgT9BgdyBr0moixHoru+0bT+2BbtdCwGNg40MJFcIHLdoz66Tsid+k7WD3zI
-  zFBTBRcH6uKE8BTixIt3X6+EkmcjgenhoI+cQI+K4rHankQ9wNN0NweOQbNRqePX
-  Av08uPq4QK1FlWqm/hSQPbm2dHjWqbD688c79ROEI2q0Qo6im2s72U+/9j3MpLnz
-  LXL7DIvVyzNEaYhX9wTubdymhYy2noOOwecYBQIDAQABAoIBAQCXGR5shsbT/4Cx
-  ds6UedxUTXqILOLbAnI9lyUJ2q8ssKeYcc5SBE4MTe2fPr4MeUVq3E81Q1FwYzFf
-  iql8OWsh+MZRLXSNSBGtZk52D5pGvAPCkZoX2kN/TXPdZOhN1z0wS2dWa6m8IGJk
-  I5067Owua5qJ60ZJSujYi03j4ShK3ZsPGFGpTLhFKvHTtTSUFAHswI8VcmKDOYxw
-  4/THV/pLRlTnjluwyhVIO0ePFaRw2ZR3V5i1FOi4EZufFr/fADuaN420Mriy3MUK
-  aVgVSAaqo4xyYZm4PELN1Agljd2LHWXRLGvu3OLlN55ofvedUa/gpqglXkxCiO0j
-  zzasVHqBAoGBAO6t+6yfoHHffaQ+l9Jez677w1EYLaHma+NTfCbIejTWvRU01pZ6
-  VemugHdCo9nlOlmCNbQ7chOA5y5t3IZsowyPvC4snKHD4Hq55AA7IklCgtaFq+Q6
-  6uiCfTyAn+5MDtANWWwWlFB7tEjzzASypZlbPqb354j0J6P/YTvXcSYTAoGBANqB
-  bGBr5SCW1fCSo007GvQTQoaQTjBAT28llCASfzu/GJFp68PkXTDAf7wD6L3u7+zG
-  NIow+Q4vgtWTLp/dyE5IqWe8K9f9KgNrbWicf7lMYYlELlEoYzSRJCYkfpdjw4rs
-  juOjYQQ2tNBA6wpPMIlsoqwt9d2FfGqHOMSHpGyHAoGAP7jxnWfMtTo+2A/iBsdL
-  WWNcBRWYcUYMfde3KL+TaPH/7155ABnPQCFXqP+AsVby2hzaa7EHRs++aPXpz3XH
-  nj3ttsIwWzvpfbqNdcZT5A0+0zlC6B8Wwla8St/oUv25YrB9tE7e8BHm0ydLy+FK
-  NwRWWMuM5FKTFsTC1/AwBEMCgYBBZCwn6wJGL33VIj1G1qJpWv40wSj1Hbnn/GoI
-  8yAqpDTZB8br+AK/nUxc2xqjBMe+p05/8MoIKcXQ3tw8MaZJb0trZRAF8pjJLzQt
-  82/x517lModd+GVADROxaoiMC+owQD0++N0G4sxX6qWsjyhqaB2Cw7pp0hH6237s
-  qd9WLwKBgBsYJjTv8SxNckDtUmKc2VB/KPS1yJN3q6sMw1TPUb9IHW4ZkrU9rcXC
-  xbld/dXKuI2vwv84kCM21A+5OJGyGJ8AtQoncAY92UnhamU8Fv39zlQxbGlhvwxz
-  GAbdbPreRN/iRDbmotgNirlEN2EEiNL5IB+x3+Zuv3SMXpJG4j/7
+  MIIEowIBAAKCAQEAxF7WInQRUZ6gj5Q53RcN/TNism+SJRHCH/aWQkavfxYBe0qO
+  H05Y20ba7dZBWOiPHlHW4bDaoG2NhD/p+p3c8bWvKb8FbYzRh1sFdim38ZhNXyII
+  RsfAkZq5IXKykqrQPx40ccvi1QbMeV8gtGiMH9f6tATew1I6iP1RDBMXxcLYIWaT
+  MJ7VwFqkrZpT+g2b5yT5QxLzGUEnJCxus3wEJCQ0e2T6UQbUFSsHHjCIkvQ29/bV
+  U7Xcs1tcgDo68BPHHC4hxMAvKOjouJIN58iK5/BO0seRHu9YIdTClfcK3k3mzQgS
+  bzO1bEu+87SdcMIqXCG3QaZrFeQPzzwzPeiBDQIDAQABAoIBAAlOfVOQsKlvnShw
+  2/UwfIc9gjX2t7RuDQc6xpBJjVO2lUdklyvAqNFroECZYOt3yiCjvE1h9lqYFpbn
+  +IzaIniKJc0Sso0omV2S4MVi4MbgcvpJQJ8qJGRCMvf02aW91rTHF7E0+oEiG1q9
+  OW2TbuCrecRCXtRe90s6xjaOSRgkOIlj8LcV3XcqDH74mwHdtzKRE/K0tC/0bjWM
+  kFkbOhSP8JWnVY1yJ3bC+ZjsIXKlS96+kxAZlanoNTmNu6G0/QSf0DaoxtBFdcnp
+  6N0ArYekNKC8WKK7yaGVQQvnzubOIAmoigUzQZYWVRA0IbEiYoQHMtP7bMkOylrk
+  F9T5YUECgYEA9EqWS5no3Ieu5Pi046Hef5EhCK3cyMTA//rzIV2OUwyCj6tmNwbt
+  BDi8/Gta8eMRtLHSwtnPxWDg/l8nVVXumlz/2FzZHpMrAUMNINranz/KYWp4aAmk
+  NK29GDnXrTi+LvUGtRDAO6bIXr7I8gYEFmigVex0ArH9eenwrmf+TUUCgYEAzchE
+  pknYtbdPTORx4t73JDmjy1ipJtBpOfRpHWTMoCGFMkfXmIfw2yjhZtqVbznL4gtB
+  bhKneHTGmKr3w9sKvYKdfHfPiSm/Yf0LX4ppgiGooATUPW9DMi0jJwzDUTul5wGp
+  sfRaMKK8+cunGpTFXB45G9Y/Xfcjyld+ZUNFLSkCgYAh0eWmx8L+LOagmnHohbNY
+  882f9vn27Y5Oof5g4yPeCYBVxYPcIGBV0kkPpQktLaN44ZltElx6VeQwMxot7Tyg
+  MDnXSVthqTwt64t4vfPAUkOBYw0SUitig58HKJLcT1u9An0QOiZy268ntr/5Ca4t
+  MATqgFa7PMr7wtBoRMtnBQKBgQCYL8g1gt+2ZD9NipV/R45XSBmOxZ8ziWaI6ezj
+  RCzhMGklamRT9hV2v6ETRAzIGWJjZheZpEoel55YQfjC7DfhN7vo1WKy+iEEAvRq
+  UB7/koz26xtb4/E6Jo+czZ+VcBud4GjzptccqP5Bbw/CZMwg+Gkb4TMz9xaNCm/7
+  y+hZIQKBgCvqAqK1j6tgXpdmz1LzIyrywZahqXw80XreJ7XBGGjIyInbwrQs1490
+  BYVyvyuuzMvSfz29TSJNtOlTa7Ih6B6hiM9olZ9/yS6792ttYGnfh5LtHuB7GNAH
+  DpB2a3KekgRsFOYe7MD+/42M8YHvilfJ76loORlEW7UyxIgD/Reg
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node1-peer
+  name: calico-etcd-master-0
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAyM5I+vmstVjvJOWYD0WBNoi+6PzWRBdgd8nTsFPnm8nfjOqo
-  iny8PL6KjI5PZmFbL3w2BzuZTNtAsd7orjeQdHrZW4wg5c70pSClfiN+/jSuaWtl
-  nLb7DT/eEmm0AgbWiD0FK5KkA/UJExLL5+OuoIn4SeROC2H+RDTIYqAxswz8OAQF
-  WPpqqZoHGFkS3AW6n1VfhRz9K7BqggPnbb4MdWxy0IzuQXo6cspmW0LsKfHXuSgU
-  EJXrIpMa75fEZuAAAanHpwu7sCpu3YfWFmzB3QwSuBB4PpnZC/Hc/XNG+54WGMQx
-  ggZp9pC1et7buLjFck5Nn+hG5DerKTlqbsPhdwIDAQABAoIBAFMz/lNXrrM5lWVx
-  aI8zWnXRNWFumg1+ri8URo1yRq5reCB4frtbMdftj5TrxoSCZHkJe42FqWCKHIVW
-  +oxtY4KQAI4JQvxVw1LEcy4P4SfNhlMR9/l2bBGyW/6/I6IPWUb8Ga9TRHiLSGZJ
-  zIlZ8tp8MI/VdG0M/oEeacVL4SvxwhbNqMs456r1a4a2/9krFiVNOHsWxhJRA1cw
-  lrhWuYLCeqJe6XUTZaYNqMs1KKScjm06J7y2w3oR80qDNqq6xrzJK7PjuHGp/pP9
-  SM5huFYGvZp7742RcFVJmfJOcNrqNozq8EyWSf0bS4m+pwOrlIN2/QQN3Z7hZam7
-  AIz3TWECgYEA0zSj/8smrHp4/t6QXFuhyl0Hm+2YnBVHsLhkKH3HvdY1SsASxbgP
-  jFu6qY/fdpsmFlKaG+lGU4r0ts0MVInNUZ1taNPHuEBKYpZl2ANEEhlSjFodLjeA
-  nZvCAzga+9QbpnrHY9bv30rlQUPrWqtjHHYQuqHcH9APNPOMKl3/IzECgYEA82T9
-  BPOnpvTUU5igtREl7CBLutJNwW8vjVEa8/BMHcsGRZxzEhJNqkvJKmrHAQ5/QIfW
-  S+EShRjrnd+HvWA45TTTlKeo/wV5Tmk0Xksr3cNWY+YAPfS5hsswmkdJug3xHkbR
-  SN6aYL5OEeMLvn8gbnW3fmSn7vXGBCDCtrWKlScCgYBwdLPpy/Jwndl04258LrIL
-  vNMDXFQIr2/3kYaK5MYIt1iyz2hvbFyjAGh4RknWri9ubVbvC5tNekxoVO9+x8zR
-  6v/JdBIAcgLpUWkyxjJlbKQ+ZPDqndTWlouMCUCc28hJMVCfQV+BRjChOpfDNERW
-  cCriJLK/IZonOJJmMJxb0QKBgFzVxyAtY2Pt/FKKY7nMeZ9vzhLLBjdilkubhOFI
-  ZW/zsUe53bYl3xO2ZltUcOU5R1YwuY8loO+9Splj2h1kZy8dkBoiPPZQey1qOTxC
-  BdBHIltmLe9zuZPtSnN9/2QEz1QSBN97cHy3+YUfCaq2SIN5SOzfraIaglWuvTX9
-  Vod/AoGBAImmS19bxFMtN818j2iGEKksrVED0K5Eec2YS3Cc55i2C+Oofn5EU7Lt
-  tU9FBM+mKCTbG7HsFzuYLytOMzzclKQqQX3Y/fN2q4DHvSwd2fo08TX/K2uvZlZr
-  n+5bzxki8WjPtOcRyCNQsSkJPCKyRoaw1mRNczSXLVDutA5czi/w
+  MIIEowIBAAKCAQEA2I1cBISyOMBsG4DDJyOdUXuSOaqCo5JdW4OzsBqMasvf2gT7
+  HrdK/E4pvHO6vR278iuSoKlsOkkPe9CA7WoPIZ3+8ZvVcsvTmxRnZwM0shAqIuFZ
+  NbVC6IF5daWXlaYR+r0v4NikVtTN1N2ZspaKhJS5pHGp4LPdJVmbbp/jyrO6nHKg
+  XQn3RlkAl8i1K766i8TeXRpKX6Yqr0Qjf1hL0Hw6qlGP9BJU02hjQGFB+WXLEAtX
+  t54XJ5vagjwkn35Fj4kc+R9T1CdAzb7JYaWVjX6P0Xbr8QUPxywNLgIW58YJpSRz
+  2eKbanHBjIPICnIX7dtkvAc41I2OQ5nn7J2ohQIDAQABAoIBAAHQZVXwWqHZEs7E
+  LF5WkQnOtDHheMiwADI1DztJbaWzYYOtCQF/3ZPxf64Bdi4BYsKrlMXdxXdTh1qt
+  K3dRrSDF9w3FFWupw3MIH7mgMD/RnNi/9IRbqVzTQNY4deWeB4aHMTB8ABxuGe9P
+  j+sMEcr8h/WVsiucthyK/J9XnYvkI5diHS84ZIihW1ftdAPPwbgH4Az/IEmUrb7N
+  kBBRlLKowA6gGXCj+5PSM1VVmdMzggwloNm4jwpKWozee4pgQnMLaflkzDPzZMvE
+  3TtIyaMpRsYfa5+ctiNMcPZuFNTLKV2+AlugJx4cqgi2FEodN3vbS4lCL+n6E44c
+  gkTV6yECgYEA+fUX3uzuwsWClum8s1SzSxCNrWhcM0aTNL5pOnOdWpqmIQ7DnW8y
+  xUpjcM5LwpcJkOAKH4ch7FL15DgmpF9UZsFmCtpOGL9Ne1HSLM7qJ7pNSNZcaBFx
+  3BIf0sy//YCuvma7h9Q3zL7wfbCGbxElgMBG9I1Vnv1PAns5zXYk5u0CgYEA3cmI
+  MEMSdcZeHnj7tqRS/6r3vHCyTNwBFtLePJG5iRzp0SfWqPbrlTjrOnkb85X27HnU
+  7ATtlxVH1+A30PykltpTF1bhRex4bq0LYyYTIWAOVbdmLKjchyuvT+PNZt4AXt+T
+  TwxscUk3hW7ScofAa8cYr1dkHUL29CWbJX5PvPkCgYAyV0FSfWdsxLiTSknd2C4v
+  7QqLpRwEm68kDUFGK2jCiajxuXZ+K5oPD/dNDc9GRoL/sY94YA/d96tcJk7qBeUK
+  uOKjRuo5o7WoI4dvzNBt5eCQzdNYhkLnLqNIIkJ8fME0yZ31MjF2w/HNbpL0pYBn
+  GNJxiFF5Ls0N0+GFVskB1QKBgFehFwQqnBKYq/tSRfIl/v0xaey0gl5H1s5Txqcb
+  1LjOCbwwB2p/FRnCgX5694ZIzGUmxe/zCoTVTauH1cXm7IkF/iqMkzlzcyoXiRZF
+  pu1a7I8FhYNDvM5TflMMaM2qDW9u2t8yw24HRb6cyN2jsW1kHua4mr/NA5H3gdNQ
+  kuTRAoGBAOQlAbUpsRjvdJzeij332u2BhzzEbBcCs3FWX66tuin+Ki/VYWAYfzM4
+  VAtpLBqA8BpzFN/TZIKLEC9aM+PLmDMMcKxnDWBwC3/kus6AJStZ9AQcL/gKyKmT
+  6+5BKMftkem8eIFCRqOIKuCBZhbI6p1165PwXzolM1CFHqLzAiIy
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node2-peer
+  name: calico-etcd-master-1
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAy8qA9rudG6N20fEniBEmBYYA/QFXkH5d/jJMI0R2mT6k3YbS
-  //VcXLDk/mwsNH7Iak6NnjG7b8AFts5Kr1HWfqXSDDwCes1UYSLOnJsoZOwcFgp0
-  XKuXZ7taatjufPXplgEsm6QIpiJdDribSF4/GPmi4oF5srFo2clPnsNXAGOCBO0P
-  2d7tGRToZ9OfMSTxNCT+cz3KX9BzbJ7jjgWckYD9LKHZFZYkTOyX40CaTyenfm4z
-  zCWm44x0jI5boDXd/6suPY26bSDUR8mhXHq9IHhoRqHsCYmZlJBLbhLhM8Db9Zpy
-  EDGte8IYGtrfJJHc2nouVBSiPaiZMOCtqneenwIDAQABAoIBAQDInCXrvLBhvr5+
-  2Ifzt/3XvhxG8wVB5kOcseKlbQXawQIGWGxpLx2m2TPzCIVTf+LGU2Gxcn9y+HIn
-  jFeU0lj1/0IQbRp7zJjdrif5nftbrdnQEKaPexLmOFY/jCDoviMdWTaSWB1zfaxh
-  i3TA/pXafhPMKWylbWMr0LIiNWT1qTyIUxW3nqHBDMMxvYJLY/I5YiLJ5UIiiLIF
-  xI2VSCjglJ+ECTmV0B3jwumYP0RHFcCdKeAUaF+f9cExi74uIM5D5/xgkTh8ny0T
-  a0ILVpbv6wTAZST/QX2IlBxWY3Z9ssvrvEPUCqUyD9ZvdFXi3sswyYST75S+487D
-  p/FDmZGhAoGBANaS+QgNiQYRsohacjgVwVxtRNCZ2e/iCTqke4AngJdg6NkTzjsn
-  mFTxKg624PZEThDsK8n+OvEejFYRR88MjZUqblhivZPIKKu3PbAE5xFPmd2hQ52/
-  doNooj/gJRESckLz/QFhTn7mxHdwswoEACrvKBKakkL96sDFC4Jxr+g5AoGBAPMi
-  l5a2Kw6btgGuIG2uvZiEesDD3+m60hWXL2Hu03AWnOsSg60rzNw9TicyEYOfEUUq
-  Wx8zzwc520AkWprrCiUd8NQjaF1BI/W7AyO8KJQBTfK7fLZI16444BTktnhPjfBB
-  ZeNYVSpjizFSXJJUsyFWi3VPs8/xKZbmzWE0wM2XAoGBAIUlwEhB9eQBOVKpJTUu
-  MsVCvK/guD7FeUqdZFFasc29gd+qDY/hewJCgAGPc7r9GaAgnO+DxVl3xkdmA7Q0
-  KusD4GMSKmc4jhw34ZyG/kdcqLLBbe7GLylN1VhjozybwLFRK48erZHLauBe24p8
-  fwolSy14IwhU/cXOv9ya5TfpAoGAJs0/efrqljM9cbkzTa3UbjG+UWMxKeD5xB5T
-  noJ51eqV8mILB6j00bUq8tBnwSSyoeInlqwy/wk5t1vV5eFaxh+oHoLkFfXeYkoN
-  LzfJFg27PeCz/3dSjGhhQpRZlovDsDMPqp+fP9uRDDcDtQq1Z72jFf65SJdJNt7w
-  qfG8T1MCgYBdfCPtjEAij5B95Fy1BGu92BsoczD94FgGhYNalrsYeoUXo1gVcO7+
-  vWZCM47aGAHMHlvCh9u2EQBNW1VbEMVI3HGVJIikLqjj2bYbaBa29i/3UA6Z1EqM
-  /EjCkKacuh1oqTRuKK+bOo57dfHRS9kGG7EBGSyEFM/KFmCXsuSshg==
+  MIIEogIBAAKCAQEA7VQBUMicJsvpeG0cJ2IuENypTVeqnm6NHoA9VOu2sYtXxtDz
+  gTXRLftVQro46Y0RSzNUZyq4XYVFo5534qnR6wdJaP78RGViqyNve7KMeE63Xh+S
+  ekFdDZQ6uFjfwnQ8BDVJtwuaJrYJ9959BvXVg81NYpLKS6zaZEblQ5F/1pzIQG2p
+  GMKvgXLmteH4oO8V8eHENZw9bjlpzgk6Zj5oPdEzsWroR2l00EUO60uULtWARTmB
+  P0KYoeNhZUrWNUo7SacmwI/hguHfaK98dmEUSY9NUwCd65rq+brBAw/y3BEC6M3Q
+  4rgpTk7obuLxXB5Vnaz68qy75xUQefo2ji3qywIDAQABAoIBAAhzu3BDFLyU+oWd
+  bSlB594V3bmxa5Qk38W8T3Lcyi7chY3BF0r8vaxjjQ/JTgmTSpBhDZp2/QXnnylK
+  lX5vCdjS85xXqGhPLApoQqonG7WVKBakDTVpaoT3SHgUQjPMq+6Cb1OjiCPky8oW
+  FGHRE3+UKjNegvHbABQeKkATyHe+IBuCsvIhQs73xXyMgJJ1NgRMWL+hLrPB+mPX
+  BCOd6jnemSvnstkkarNa6HmDi6/9bw3ObzFi8mSvmLp6t7VJcr6jiwFS63v3wjqJ
+  qAezWnZ3fNdwz1hZ7OzV/EzdQtHLbFTlRZlQJ3JPPYG7ho5FBPOXbFhzR0G6AlC7
+  WPTAbjECgYEA8BdK+pXkucEEfO+n/xDUL9FBeW9x7WTkx5G0+RhPAFSyN7Rkp9xn
+  GHVx6tZiSMWUF3eXp7lQ3jmRh60XgHWedtwgbS+JPuDsGIs9B25k4woBI/MAvxgK
+  PSPh9vOSHrnIIX2kW1Zf7XRikxcYzQWR3UUYFxETb2S/kItgZWXCpn0CgYEA/Q3Y
+  fGekmkBCDSqygM5txGYgEU2FiE9z/KJmPtJtHqqC5qeYfG6ZhWa2pF1MwUL2fbny
+  ByvFAGztcfN9dcaQV9UJETfAkaTlFV2Rw6J8gOXXESSW7WWGAm1UKu1RjSm3bVbN
+  7ep6z28EQ6/ciXz7/k/ED4yGr1U5orreEvTvcOcCgYBoR6WwW0SCDbzWSv1rwrJ2
+  pmvKw8X29ziLGdVBz/YYTbEukrKZWhiJPhGhj0YXF4HwA2iiV9IxA04bYOnxSKTw
+  OUH4SopQ/j5tlqSGQsOc/S5rn9M2LMndrmUp7rcLk2PCcCDf7w8xQrjB7GlAO2gU
+  dDs3YZpQarDtpivTPrShvQKBgCsLi+O9jZZfj9zFgo++jZV2+cV3tls1iLlUtqfB
+  C6bHwnSR1bJ07dBvZGoZJNFLHrrMQotNurkTzmAv1wuNt0f5iQ1QuoUL05wKypzI
+  qv0SG79ixfmj52PKTSLwM4sbqYQD3Au4cyON8t/ArncEt6jO0L8EXHS+vosb1mLL
+  H1/JAoGABu0RHmwMvzNW+dWY4qn97hZ+XTM4wewSngHVNUq801QljhCEXy6vIVtj
+  H51EKN8n7nDtjQG+Mio6Uik6A3f1pGrHpxY4gMgpHhMHD/36AkThoA90cc7mZUg6
+  ExHIfvqAqBhLok95lZ2OymBFuujQdzStQNRSn8m7Ymo+I9A3k5A=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: kubernetes-etcd-pod17-node3-peer
+  name: calico-etcd-master-2
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAtcb9ucnZjgTt68NhwJjoR55/dP76Ov2ToLtvYX1poYKlKaLy
-  5Akgna4du1xU0BzdWA5lky1x8cDk/TVhS3EGmQFjdv4+1KVN2ZcNYt/wEGUI0iCI
-  ejMBFwectToGo5ROaP4ErC/iNWZqHV8zu3Nx/IYBssEs8END6jyRNxuNMceRMkOt
-  SCzJTzGlUTlq1ju68zo87ZtkcQvOJyZMbdIxenWIPMKuLT6MgIBZv2FjAvVfIkMa
-  GDw8Fwndc+iZ7rJuGjlJd3HJDnQeiRtC5PyXWUqF6/Zvce2YEUpAO5WR3dlyxL0A
-  jBzui+g89LDKdBgoNzOKtlXJ4LiTHj1dpNbScwIDAQABAoIBAF/FjO6zA5WI0VWz
-  JjCUH2WEg4C/ylUEPyCjQGar7dhzfdN3D+PHT1DkaLPLTMAtRQ1c4HVvryYBTGSA
-  GFfoH+LDUYVjJPVidqbap+ndNJ1ergwPqfhAISXiE9WD0fWjcMBufUW/IL6jy+rX
-  uujbRUYX0JM+pg+cUQ77hEL1mCmOKWp2zonN2+QSzTUEQS+e289A+blbPieQufpd
-  64u5ZLpVrvrie3wJIt20eE7yvBiWIESiTxHDwtJOroi3CR+boTEAOtIc5obwuzxs
-  tUdV1bR3V3jbawfEymHeYRdyw2sYyUIdEiQtQq9+Y9KlAAfCevSGOLESVffdpIyF
-  t2ZLo5ECgYEA3sj9GqKNA5fKldUfTHDbODjxR+sVu00yU7zf0DZx6M5Wjp9Ft8PB
-  BWncO2sbYyzTd1XWg2vO9ZuUI40iF8Ni1mvAo1F8lSOi4bPX9KfX7do+Pl4irpO5
-  QgLuZ0qVFnc6D1hnx0vZasWLo6jaRgp1DvdBfycq7xFtC4XtVgIyEnsCgYEA0ODc
-  3t+wJROXXGoVGvbXKXvcNxqNI0BA7/T4iriJb5sHTpsRVlxoR5xG6KnDvc/X+yD2
-  X6VXHEBUOwtDYJJBxjFRoVG10pvipuW8w9FsbCZvTz2ssmyMWs+fbyx6gOr/xLvB
-  3CS5laqzBarSHZ5XALtBOca8TaybiBzb8tEKWmkCgYBEN/9o/IV5qC1cnBotahF2
-  sdkQUKgi5oyWn6tZMpLG2wgePB85GjQs2DGb8Dw+ridCz4IUVBrXkoBWMo1SAX5u
-  cihW2kjv0i26NzvVqt+v8bhFmMW993YvBH7EGk50xqV8tXFx0YQN8dfEkZvk/qbB
-  omzn5rJ66jcd5DC8uYdjqQKBgAw0JxNqdEsmQuCmXgdORrHox6v8hCR8G48pe9/2
-  +iioIRwpmTC3g2wzqDzttj7/xrmoalyaN2WyKHmupcgdo3Ql64QGVx4v92US5R13
-  veLvt+8kRlPCXczsdn8zVRD1Ke5fnerzxlgFOiJpoY8TcjfbuOrcPqI3JHsmXH9q
-  UTWJAoGBANeCD1Jz9+7nzPzCE4qwYICRrPDNa2xIVMDlo9DjnRDC3Vh7EJgp5UVN
-  dFOdP/tNaZMxZwzWanElITFZd5Pw2YSi+MdztD8o0D0rCjevjL9HHTUm7dgIgo5k
-  9D9i+qa5zBoiYyhUb+36X4+XHdh1FSFX1XGmXXo6xStkK8StZlXn
+  MIIEogIBAAKCAQEAoXv7STQkOd72kMiUkJN2qbVLnYf72v9BVGhzZY8niXS9D08R
+  ms/tU9lgKPTCryLI7ELA8BV2EM2Lm13v58OPaNoph+dkbIJ0kuhojAWQd/modMgc
+  sbH6iDBIFFzVLNjau2UyFtmN8leW5za3LE1/WP+dLgSlJQjAaQLIO5GcCHmFooYZ
+  NwJUDJKq1gBS3MsDP49Hi2K6XG3soWMzEC4yZuLGIDoE7Z7yh/udAki/ChFjwiEg
+  5pCuhSWjuxyT883UpuYh8D59/y7HHoUlnDa/6wN38vnFVct+xmMaog8bQbTZPZcj
+  BxGQcVd9Nmnh5+ImhMAdKQOUw8PyvF/1epIhzQIDAQABAoIBADyAYRN6L6BnAuYX
+  4GGSfkDzJdNtoVTZkbZ4M9P3II8FZ9gWfbgM8xQZO0fc/Bv14mVyVSseP0/oUsfx
+  F/Mzd8WHB0xdy2hEMDziSlk7tHbe2Nh4KRgCYKUpwbevWEcnMDxJm8yn0eDcJDOY
+  cmRs3KuRiWg2YVFQyBYP7skyss0Rch280EBmBAuYkXPPMVlSpuImiPA01/nyklaT
+  nIbBrTPW/YzP6vtKgmJguNf86TZB/RvTiTNt6dGAeaMtqngsN1UOv8IIvPfV+3Jf
+  Mdvt/9z+FvHGPbTgAzbAwwy5D7e5en2fCOkkjSG+pvMZtFIOifUzkSraZqn0dlmK
+  pQAIulkCgYEA0+ddyij19vX/hXOIi3Hkx61HZNObHg2oVCOOGKl0polvVcyteBmB
+  +8tt0KLmX+ljOWPMrbFc0k83mM9jYlam5V2WxGE9a13qimM2zxYtcvsQMCh1hR4P
+  hgOA5bGEXe6nHX/0xDOoA73yCo7I1NHaYN/XUhVyXS1OzkQpaI/l1FcCgYEAwxal
+  dm6BwXlIIWXhgeRCCrpH79N5NITgiJHJz4nrvM9KWIlKSNv6ynAJUBZXnswnl+KW
+  X5N2fXxywPZdfYml+GKqSuNNvDFCs6BGbsNCX+b8BKDSM3crQgb3NPHqwidl312I
+  R22TpZ2mX66bkrVJ+hxKwIqzAJ4+lyfReaRyRHsCgYBackXZFRSvXZ68Em00v99b
+  zz1K7vsln8S6bRaotiOhNcY8xAlC2vhdRh5QUEeupoqAo3Voqeypo8BiTBrqjXvd
+  KM5CchLqMgL7II/zYk7x5fGp7IsEz6jmlbY91EBga44PDF+oIzhSqI+YLAvSsuPY
+  N5LLaXYQCVe6uONHyyvZLwKBgHwIcuyIN8ENXfm175kIyaBObRwiZKYqcSMDJb7o
+  nlNtq4P8zZjjG2EHuDQN8GlKvUWIzzg25hfEPqVGPYxqLnZsLH7uY2bqHtFbbkxP
+  omycy9AZe2szMfKJwTQNNsd4CwHnUpSvKzcZs0SUG987mawFvtUJmeMjuQGbVEg1
+  cFzvAoGAbMP4BPBJVrUcwJN6GgyVdWxH0zDkYnBlqVWeYclo1DOj2Vh89lDtDi8C
+  AiN1VjpGeAqzV8ygq+YNjOuu0jQGwaRubs+5DbGMxMEfjxTHrtRTuS6aV6idaYzV
+  JqYiH/Sr006nDDem3ExUDHjo0mMJCUidGiKuHQS0ohSTcI9Zn8o=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
@@ -2107,309 +2610,494 @@ schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAzH4IKzzA7dECgXBGqKkVJXS/+Ko5Rca7CYSXUUvAToHuQfVf
-  h8Jc5r8NIXibASRlNITmbR2eVRptxaQVqWiqIGl8+sZ4lBCsEWh8Fe3dG5Vi9ZZM
-  fOdbzTg1CMtfHCSwxaaSNRSByOOwjo5YA8vi3uEIt8me8KT9+5IktHI6jVkLKpdH
-  G1vmigek86QbSv3A/7PtKffzH3EUDhFp87hPaD+21EdN1hjH50qWhlxIyP7DomVK
-  lXcO6qvr1QzU8ug+1GpNeA4ocWjs7mloSBZlTcMh89XjkKeDwWDX7H7tnTbcgNwZ
-  +/nLT1N3zbFTKWiaeV+hTtDrdWeS+9hvXXQIuwIDAQABAoIBAQCQFLzsugG1jm6V
-  hOZEL94WZgxcyJNR9pQSQLndLeJxblrRXnHQ1cFfU32M980/IMWuG3W/q/7DN7vg
-  ZZxdoME91RWaG/0ZViXmnhfP26jOppLzNtLtrpWgIto7OA/rZG6o1JRvkeNgCA1+
-  ZAzfn+hZ4XSjCgxSwe2yM2ZpPZLDw5cI0O4YyqRx5srzr3GDefIL5CPt4ufMRcOa
-  7MMzWlgq5xjnG1759g4acQWHa/zdZg4oIsbnC+HLk1+HDUUPT7uhKEvFN2G1cXdK
-  ml2qIdnc/vryuL51oSEifza5ioIyM4s3H9qajQarmwqnslJYxps4byxt1VP2hFEA
-  Pg5fzOcBAoGBAOIjG4sB8yp/+Xs8+EKWl1dAiWAI0RrPvX1jb3ZlkejIh4WvjPvp
-  UspymmKcFr9TaFasYd3kstoKZbjFVFbuooC3dr+pLIZ4ytGw4lwBhP4VBa3YFrt3
-  S1vZV0JrEt0hccdQFBkYfgla8qRZqFHb2aHtpYSxYut4yaYARKjsIZN3AoGBAOd/
-  MJBnJ3axHIzqVAApbQkG5L3+hO2xjj6rEviFpeS7ZjVSkGr/o7Sgg1GVjQI45dcm
-  WhgDKDc6z/vrGogl3V2v0tbTTJJJw6V2jhkzloahGIIz8USVBAkEa7pyVel4z5Bu
-  GmZlqKKYHdHXZog/wnxdixJXhWhqHtwaikqfpt3dAoGAdJDQQ8lPhRrOiP4Wooxp
-  mqpDpeMlloJ7FMVK0Wbt3WZwpTKmo7vT11NXzXjUKO9fmz3kfLLElqxBXwsovF7q
-  GRt49LbJos9lDM33AKIv4aEIemIm5Z9Kkx/nYO88nAv/UFQw5/a+ESh2Zs1ofDmt
-  Z1DOvyWI7gQnPZBp1AFUFWUCgYEA05QB1NkSzn5Nc9VvdL5n80ojoiqPX5daRJii
-  vBWaa5WDctTFPaXr/1h87QHcYN2T47IfwbaQ+Pl9wec81paU3d2mu8VfRIy6je3v
-  LcVinCV8evPyXRY9G+i4dS2uq7ZJLt4SrufW2tRg3Lsb8QclP/lW9CqdubLUBaMU
-  JeQI5NkCgYA1lO0QKRcXWCfWLXh9pP+vmjrS3nSSlMZRwUFmqPcAbPVOnoRKlav3
-  ygIagqyKxnr99RUJlpmZwDeOE2Z+pWgWR58PDy0lOEtOou/Avwr1WKJze7+pD5qj
-  wn9l0PliTrKQSZU60bkcUD1P0bjPB5T6m4oLaV+6Uh57UG7BEhPTLQ==
+  MIIEpQIBAAKCAQEAyoqAAi8PnUV83nIPtC/BzgywOFWkFz1JUotq2B1AVBHyIs/G
+  Xmb8+Hu7SxjAZmjDB2cZVeetF/Fbb8BiF+mbHJpTZcG8T3YcdcClEjbPy2xN0yLy
+  Dv5qWssNZSg5mVW2eKrgeTfDrqaQ33TOB9AxZKNlzBOyQp3WGxGmgvF2aWIqQnhV
+  F2Q3cuBX1t2oy50fLiSn8jlgsw68Xp5j3wuFSUbGcM/SCJ9F06a3QLm4zFJIjisN
+  UcwzLwjbDy3Qml+hORffIyjXkpGb1CYdbTlpRLABFc2E+I1a1WnjGEusLcbjR6+x
+  /PEU7qZkoBtp0Ppqinycjp/jl4tZ22DZCESUcQIDAQABAoIBAQC7CTs8yQi6SzkM
+  kng+BPwLs1voKe3mKApV17lK6XhGKmxYCVc+RgzFyj0jFDBYYdX4OBUFZ3RI7/Fo
+  OVhcjLVYrIrnJQkouAGAG+5T65noWJNlrpepkPfV8DzmdUb7elOPCv1P81cZKWgP
+  cmXwgSmbreiLlITBT9AwHxSNRz36Aa5ljLVoUdIKVeJOANRS6encXK/BYiegIK7V
+  ZYxZmAiJZNPbJM5Pt9m1Nmhd8WmXzX9XpRpB73BxlEC7r25lMHDI52KtkgZ6l4jA
+  PEWYVhjtPazlYd5si6ZIlux71rC5kUA+k1EEdORuO3/3CQtWZS+vG8CQwwtdcqPP
+  bRyWarABAoGBAM8vxQlBrYgjkjdTAil8y4CAmcv6u5PiUmKxD4O6pSmpz4gjYEz1
+  Vw7K4BdVp5bp8p1NHoM3r0kSXqLOgKEWpnIPzzaujm9wB7iDEeVpczlduevIuC3n
+  SglpE4lqoa41aLB6fQpnDyllNxiYw/ZNwWoumid9yc/h6+TrinIJKhiRAoGBAPpC
+  iX3C74avI/n9F9MDKPDZTcKyR8l9SO0gj9l6tQ+UCfxH2WYxraCpWLBHRwa9SfJ/
+  3wQ8HXIlCZI7zYckB1RYhhiulcmTIgTJFqFw29+NQdeQXNP6T4W40+Ac/ABFLTC8
+  8IhrdLbnALcfKSXiyOW+EurpXQwpOpusy+Uae63hAoGAKL2U+i//BpEwFE7vUucm
+  QRuIopKoRfkwCBYXHekaxymMFJIYQqnPt6nvDMecD9HrEkFy6YyOnEjPcSY4JvUE
+  P9OaBH+opIMcEY08fKcSsEoc4B91EBm19knCPLhKGK6J6oH7iosfcR1lCyInDozV
+  pqKJT5CtmYIsV7R1Yd0pePECgYEAsbq1SGI7l6wkYbKzy8EPv1SkW+QfBWJ7eyRH
+  5My3b7PUD527ME+RnmsGOFK2h3vA236ilLBYvSq+jGL6SMJ2jhk8SqUabYiXfUyO
+  TOMI08/O9ddphYXcGfy0RBJxiYOXX2ifblLaFdcic+qmX2ibAkYlyz0mPq+9Frf2
+  KePP+CECgYEAm/DK++jYjwUhwxIVWwOZLEYWiVZoewbjT4KSx7KzMFH+ol14w+3O
+  prFnMvWq/nv08BDI7xPHQfa+x0WQihFkEj5ZMDGKrS4/TocgUiiUzsCEBJmFREgT
+  WxSPXrQGrEfdRQXcnIDJtZH1QT6lGjZgsBXeLwM6JI6/X8oGd0An/9w=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node1
+  name: calico-node
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAzcw555SHdxPSe+pJ+yfy5zzBkbC1cSAU0HgKzbqjFeyNds6K
-  onSxAuxeNAyOy9js0l4UhQPFm77LoREPhp5B5hKlfTvjjXf4JJag7HPkK1t+O672
-  jyzNf4GbxiRsSAQ/IfLumGtEcZjk4r1gbY63KmVw/57mO0KuEzMKkewee/SLr7/G
-  /IYigzzwRbLdN4HDbtmN2V5LAcYCLlE0t1ZlWAhmyxJ4jvS+xuKfvjp1Uq5orrYS
-  kGMADk46p+fzRtaBEda4yDco4K0vw9rYpfFFz6oUm8UTLtB0NcUqEv635+u0Weu7
-  kOiBFYx6bhnybkQkMBYBAD5IAjYPXxA//i84kwIDAQABAoIBAQCMNxVMv1n8u7ix
-  TNPTF0jcW/zWsrsstFr6Ho/d08fB7EYGKHs0bKUeBMW6WMQCB25zdj4s0oEUuE4t
-  E16sra7gftvaE6/ad17OLwK9l8hh8hhzuaWrry7kLP5hZfeQqbQKAWam2o7rhuyL
-  v9OvUYlijXML9suOnMPVuPT+rw2mDaIQWh8D9n3IBmrXF3OkHmYVw/xKzqQykkHf
-  bdWRgE3br2vO8QFOZ8D0aahkYnW1MZoUc4IXw7XSpxwt2MOCejPisfsHMhyGM3Cm
-  UNacCZgu4Pv0UJMhdFggIYsIUS86vvl7q1AxB3UC4fGdWmN7cAcj2atCkB654lI1
-  zFxjBzNBAoGBAPq2Tae2PSqZCykJm40YuQTjKjYNEjNwzY17CZ5auYpGerpTow2U
-  74dV3fpLuFynBZWwr/NRyhR6UcUR0rwXhirNxkKAX3ldfM5Plbv8fpCDa2jUVOP6
-  j4khtZ2BFZ0bYLNOG95Cy3IO8Rvst9vkoIIc1Qid5u1w0N5SuOV20FnLAoGBANIj
-  aXUIGvR7v5oSObJYJozZXqc4uujYUtrVc4tEHBF3KWn4c3m/sihCSfHk1dXYlse4
-  b7am1wlO+chqF5fCduWFx4CpmVUnr9ktQtv2kfzG5/3HmIDs46/c5cUoX0HyI+tc
-  APbxMP+luKywDTVlFkKJlTsYOcNQX97hAZhQQ+NZAoGBAIUbwzD23ZS/OqCoHDEW
-  Xi0NGr0lxXMQQeIK3/l2O6oBb2l7vEcauu2Ell0sVI7Ekn9+Fny+AOdMZhuWMedx
-  KeeR5uAp3gbGrtuuf1YWYXAChkVa7lM4FXr+LbmY7kvCXF32a29e0TsWWca0sI0L
-  3ngWLLjtdMy9p/dRvh7+LPJvAoGAfPxbCSTdA3VnLPiSIKWVqEjRp5xyb3PbNBWp
-  N7g3CZxaoZEI/e0qxg9Hc/yrwxmj9P6aU4VAeWTj5HRVvAoKNdIwKzK05JVKXl4x
-  Wit6AWM9MRC6gFRlyIAWmgG9RrgC7UY3vKkQf73N7ch40r1hVAoJHLD4CleP7jze
-  ef2jo2ECgYBEDlv8Dzpd6QvrFVX9rtNNVVJKfQX6lrNyvukJ3OMNjf2/t7eLHlup
-  PigIahmxLO1ymA1+tzPDjUSWRdw01+QVGVO0Kzl1BEM9TO7Z75TaX902Ydoh9btE
-  cTUPuAuglJDBzEWOGnneYnXkvEwoTAtzTEbNSsuMxTN4km6OhmaxoQ==
+  MIIEpAIBAAKCAQEAvRMI6aJEXRCt17FI9ZXJl/AqbzBQoPsL3j0m2TQWnQl1nQgM
+  qjPffdEoJJqmYz3lItfqByGoGTmtrMWjOoDjilPcwPGTV8Cgh8UmzfuF/K8Ejz5Q
+  /lq+kOB/rErHAlYi/VT7gY8R8iVHk6B6LWDU//44tYbuSQAupaKrW7gRYzvrgvsk
+  YknQf+MQb6PWTL0u50OtYB3aXgbaj02VAe0CGpzofeYACziTszRaejh1EptDNk8U
+  hGdbcpvQq1UYNY7bQLKni2MlNaov84j5xFSjqF3oBy5PqQv0rPt1JHkt41uxeSHG
+  DEXZgMABfpYG1FJ0Lsr+/wDaEpXT9ry/3RgToQIDAQABAoIBAD8IEXiRt+iunsXB
+  PGlivgoA7qSSns6L4rD8Ae93BfLkLGllPZOgJ2lySMerJrz+7VxoToSCG+AM8nEe
+  kgP24+RBgN5xqoUemmWou/7/UvOiBQsb4zRoXA9ASE/Pvfhxbsi1hAL1By6Kbwov
+  /YsTNO8CeTVK/jUn8mUVjbrN6j4CL8+fOMt+AIJDIRPe3Byatu92ObIMb6B6ks/z
+  reabi4wqk0QUowc7YzT36yfuSh60XdcToBX1XFwZ0vNFrLPgas1S6zwAY+MO0aVV
+  DlLOkyi1ttdp/+sJcQHMSU0WvhPfSVrlaj01d27xIfGCID0TY2D7iPYdeRVBvFbc
+  kDKwE2ECgYEA+yGgLXOo0DLzEEzwP0oz3QRPCcMVoMiWqZiY0x+5BlMSke65Gsyl
+  IlmOMVppKHWQsIYfK4J6ybhfW34SoBHzFcF3adQk77AYh5Y3HA17eDPXQ5K2PhOI
+  nmBcUq6a4/jIrZbS41PIL7XCUtdyHugmYfSusSZjgXN9zk5vef5VJf8CgYEAwL1q
+  /S5Knv8vhCGT0A5ceKs25hIiK78gSZZcSxcN/oBSMgRZhoXt9zRl8sH15UFJ+xKY
+  cEDyQphS91Hncw8dDWvCr87qmHgh9b5yubhibUSdhRYQftL9VlrmzuxadIll9Zw0
+  xCGTQzD4zCZLuXAFEhUAuOBRzWNBb5MzOYFlBl8CgYEArgC5fGS0JjX3Jmc425Ft
+  aAlRPmFWfgYeJjqeQUKsr84lgsnWpdP/41IL7PRJAoibDUSRGlOZAmXmZH1xKEnn
+  lT5sn/4m7ZClHmUdoClTUJES6TYhYdelBJ+duIhUt/qsCWMEkhB+F1in4UB4SSPv
+  XFXuKL6BmbNNCwJbyTpJAz8CgYBlz+lDQn/Ci3RTLNWC8wMf7vl6ARwx1a09kgLA
+  27XVuX0x1KBh8j9o9THhUVoONzXYPdNugLA4Q3SYFpjXa6ViIIlgC0JbNiJiSK8b
+  se20YKmA0s314IhYZH5F0g5aPvYwDsrEzCOZO7ZBSP15QFY9XgDaqAwuHX9EbBKE
+  DvkJqwKBgQCpSMNtoGiLp8YWXw0QzVEEsaaCu5V5ZcBI5kmF4yCEm2blJhk1NDPt
+  nFtkyRqc8wB0L5U5SUYKYAs02AVNC6ffoP84w5mfD0L4P+gRcIXU0yjsVAQgKuJu
+  jC1TsIMwU++SjaL8bsun8F+AbJXdYUrkaLLKfxzJPOpUfvKdCIP64Q==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node2
+  name: calico-etcd-master-0-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA62MUgdhJeV8I9nGDu441j+TqHMrxjxbf9JIaJ7sZZDXn0UMi
-  yuRuDcPVRorkWk0e1amyT7qM0VetIsiL98TATgcwl0BvwwGgFfIqxaL7Jq7Z3kNN
-  Z40yZ4Xhdjth173Fq1YlWAr9HntNY1yL6n1vBTqNb5aWDA6oZ1tFD6HxVgwhaGiV
-  hjlHkW7YMfkY/23h1z9yKC3NQEhvPToMVM2plKjssfzTl21chuabyyJCaVrqBnpt
-  Hh+4d6+G3cmpfTUSrTP2MWm3DQH5IxnJYs1stZrIV8fi1sduxyz5QUgn1lBDRIJ6
-  4VQvO7otDcDdZfhKDL0th565PsmWsBjkK7BQOQIDAQABAoIBAHo02YvEJ/lMftG8
-  A4GXhnVriqRiNOFuJd3LEKs59yfQ2McLTP/7cqvQ1WSnbYD4cx7I2JuOJdf15hyd
-  9BUx4AlisDaGrL+Yk21xagVr5Wqi8tfzJzew1c9rca+5isXAb+TRd9fq9JkjuPzy
-  Km4Wq1ISoSWjD8m4vnPSrds835gk+zSYg4quWRjbzJZlu59gIIgkAqlDsa22TkFM
-  auRVEzeGiNn0r6wPatjGycvrRgBhvpjuo0JgMxZv99hOAu6vnBuJmHc2tBjrdT5N
-  DZf0YSwUvtccLPIgMQUiQo0nGx+PBS8KFmiNWYN4kJfbPDmUOPGF+OZ2q/hS0Eqe
-  oDFVMgECgYEA+MeKlAW1G+Uol/n+4cEM6MwIXDNEQpf5DiQn/yZpmh8EDRnq8SLe
-  6bLbdIfIa4sUPZhNTHhsNbk1l2zW2G2rkJwxmQvrqFhnUwJA3FCHupt9DKzmeAH0
-  pY+rLRDiAWXAw9NXPHKoYWNI0eNAueQ8DddCcDQWKwxZeLSBLUALDnkCgYEA8jgI
-  FfzycTbwt04eJlJXbukwKGNcMs47BRlSPmluVXjlbthR2vxqGfRr69Oe7Jeg9dQI
-  ZP58sDDmKBvoPH0p28mf+VvSMdRtCbdYZXvFtL84hMgp0bXqDHpU/sqkITpo/Co7
-  U5mFfAZOynqIiOR3waWV/ORsinFRD7qzJeP338ECgYEAzquWKBoFtsLM0lRQteLW
-  gp7dYxsD3f66XFEVGRYkLHEPwIKDdwds/+AiB9C1YwILMpBPxvNTkd3m84Driqix
-  GlVnrqkEgLnQPFlm4J/V4eRCIkGQxKl7P/72SV35IwgQ952enwzxbNY6LIMJxmQg
-  r67f9q6Oq/x6Z5gsqBbIGKECgYAIVKECkJaOCkOxKkCjNMXJDMAZQ4GSRcGF5V8M
-  wneG/Qd3Dn2SOIg1qFBl5ftbS8O/cLFxN8d2D9h6nKsaGXvtETwtSVkrWZD+eo3R
-  v7YHB2ScPH4jtkv8beCqerG2atndgl5T+725jEX9dMVpX+I2iMllzz1kbY1KKzOq
-  I/MMgQKBgQCmy17TQ5UxthgubcU2fSRSV+S7nib2RB95+gvuahDIgQbX88vPYxJT
-  3DAKs/DpUAlJrr4KcN8Fy/2iLZ2+1vIHsRF2QgBvVmQHK9aBhFshoOQVyfGiF2/1
-  m7vCpauBNnx5E4nMgksdrrqIdFRMoHTsPdDfQvinlkbEtT47QurH6w==
+  MIIEpAIBAAKCAQEApYD9cFAhNXNdeimSy1h+29SIABa67fUiqlyeSdKOGG6QqlFo
+  +QDt3cTmJx3mMoHme/PcqMpzUCCLWNdZU7C9jc2N2ATWDSr4gnB5idWlF9IRn3JV
+  OT2XETuIxty9nRsh6uCNVYUoizPoBHSd1Y4KRKT4x9vknzNaROZpVNmi5HfvguBc
+  yaK0IfK3k6cMvr48j54DbmO6j8zE2azRFkz+cYEOl8k4th/kAJWJehtHcoUQw7HW
+  Xmt1pC9a4TPUpYXYab1E2PwTY1gpfkWMz1X2vER1HviPz6mylFHAxNVbavxlCu7N
+  jzXJdveW5UTEbzYzBFeB9QYqcmvi1OoE74EsmwIDAQABAoIBAQCI3IE4Rlsf61XK
+  tuRYWccWHMuWXzWXn9ZZ0RtoasDsvUnOPmIzP6x0buXwRQ5eiANET2YTAs+W3EK/
+  Zd3NkmM+B1Sb5WvpGbbFjyNCczUB3MqL8y08l4z8SCIUaOg4Kf7DT4www1vCuVrN
+  jG4U8k/VciL0iwelCv9D6NIDw7GrgZmjyk9Jz+rey/7EEOZkNbfLeUXCWXQWU1/d
+  SaKa/N49a8owt+T4Gav/lTTgCrdr/lRNnccr5YgrCmpH3sQO1bn79OBJs1zPwkDH
+  27Wc64RKJpqQ4s+Fn40nyG9OScVPHScNrsAPaNitPp5CKu5cLkGRQImKCANhzNSR
+  0TikK8KBAoGBAMEjYx1DtOLSD0Qwrx6p9Gqo7zp12xD6H43J9D/gTsrRwDjQpbud
+  6sxcuIaak48Hz1UFsL2p2f6plWt7Rwpy6/q4kwIUjPYP8PbLMrcouQJejaflGw+e
+  tL2FycVjaOWVTMd7G/3Lc0aDVM8qKYBpSObJdMWht6GpJfUdKZnd6LjBAoGBANtf
+  D0QpRxZYZrR+Kg9vQrLuhhR4o50cR8+WBIPeSAlWFSLAq+fGNLkyw2IRgQF+W1vE
+  RHsYspFqJy5jGZgkhoX6vx34ycwiclHccizXoocK787z3Pqt07tem+a8Eh8reuX8
+  cNbBRo1fKN+tHmjBBQkUmYihp+i/rHMcjSGMJ4BbAoGAAOnf8CV/14rS06m/Sk/X
+  fiGqcAZasOvd9le8NgkjlkYDuMET551JnQnbPZfBlu2ch3Rtb5g8Fb5LnKSKo3wD
+  rb3txBbAy/ErXJ99b+xbY6160g59YEeJ51OYrrxXpK5eHJtyeHLb6rt4TTqP07Gr
+  zJurV7v6GGOqcExhA/9OuIECgYA7kKUxic++loRUsAk1pa1DrpaDinpKl7o7+G0D
+  bWC8AD6+7/f9eAkq3EjHIR+ZSzj9Qt6hWgRqjZtT8h6p/Aj26i3osnwAzL2j0qrB
+  2E9OQb75v6eZ/YcHUlocnaaCBilZt2DgPxysGFGd4oDmSrrWS1yhB9vyy9DEdNUx
+  bb/wDwKBgQCxWppF9SXeqadYjAjiSLCF6oWxeHkKWBk3ra4F+k4jMRwdspnhizox
+  yNGLTJugFXtGxEnrP9si3CzyRdiOj4bmsBCG4kqGc8SL+NdFLtbsPYiwrFgWb4Rk
+  0odYrZg5KwLxgDwLgu+4qOg5i5HUm2nWNmhLlQO/nfK/S2sk5znDKw==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node3
+  name: calico-etcd-master-1-peer
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAoNHIXM4olB/+vE8WAJ7SJCcsEY5utftYean2KYlLt8QdxzfW
-  2eL5sm3WxzDj59znKJaLy139gd83blCTgd9qyxSl8VPtiOO4DekQCVXfJo47rQ+3
-  MVrskSuMeLxQorUJ6yjNSFf9t4VB0cjQ6PbjexYCCfET/oFQQXusbRDTLT2Iu2uf
-  Gwf2PnremGAdNVqATSRuN9EOZhMXqqozmRjtoBi5/6FdbzdDgfoyoe77ZlLLA4us
-  lnfJOfnmUkx608TmIuF6pyYuv2O7GnSG9ng27MM9jA7S5xqz76flEvUCmvge7w3m
-  yNfuoeQEjClOQAHPf5mXtHM48cAiZwWeIL1ZjQIDAQABAoIBABFMv+sL2l2k23hS
-  YaGLdDujYyA4XDyDX08nM23gcR7BoBpwLVKfEhFZs4MWBU5J+yvolf04jS7NXl8l
-  l9ieuhRCkl9VkfXp2UDV033NmQXCwzSoviI3D7/GGYRbbakzJHABoaOoo4h8c0on
-  +iE1fd8dzPZY0rfMHWAN98x7xNvW2RXIi6dxF63Ja3EEZ4JgMzfceaKkr5y94jJ3
-  vbazHMqsU+UuHqlP3PXShxdclCs7nxBQEUVB76FS6Cdz++m43o0BUoFg0nzCNnAw
-  bEzArzp01tsHXdkFacooDiOGNq9gE73T2d8OB5qY7F04hNtz5futtyzMGKu8Hbje
-  b7uGeJkCgYEAxgdINH7785j0jdXT2XLOm2vXGdL6z0zkeXbxz3+PlMx8zymqkNbq
-  t8Yz+SirVoyTSHnwDTDpf7CCNIHN1u8WQY2tKx/Di89dBYK+pzM8IQWbblPJA1JH
-  W8OE8rAqrsg1YdpUzdGBpCAFsO8rEQJvroX2c9fCegoT9hN+0wiFSk8CgYEAz+X4
-  znfaXgxkpVnm8/2HHZjoLrvmy6WVM6ZSyIXcl7oTzJHE/ByZ4XD9dVHp+GAJpfsB
-  dO+kn40Bswk1h979NlgPN67FoMYrV0/amqeHeFb+guWLt0+RqawbF7re31lgzP01
-  JoOT7Mym876DbdO65DRBgJWeLFsLL2nQ/kvGU2MCgYBUXSXVt4N+89q70iy+prp+
-  XCL3TXqsdgWf+Zxq2d1Bdxx05TtVGTpFsJrTuw/Df3//kHNEK2JOk9PkqqgWuSSy
-  KLltdcrI9T6b6mdus9UZ/FmLVwZ788GSxmkNOx/z9jdHyMv4Ixkn4ryJ9FpUlMUf
-  hNLJ51FizIhUfVm6bhba4QKBgQCQ0/1TIC1wbSPECPAaMxjoZngA7odmgPCCrbBn
-  3tEApfFbBoV6uBX+9i6rhyf+DjFKfqTSKIu/VoTDi3vOLmqpbAkV2lv0l3jj904r
-  hN+b1sawu2ZsijLIR4wMKPNQFryXsSFQtkLbqOn5TVPTs7czeK/U+uXYsogFPKsK
-  LBF6TwKBgAU8D40jvTAZ31D1pFJIxOn5af9fUF2HD3YMrbketQW0z8Bl0SE7M3zw
-  NolX2hqNKQM7m6u+5TkgLtsbcX5640HH1sQmgTHMbyt5OHE2V3FuzWOvAvjtAw0w
-  RxO3I16DjkxPaoGx55oHoRaOyleEQKo8qvQO6cY2zgKuQgPB4vSp
+  MIIEogIBAAKCAQEAsNFT8GvQ+5gmHjvrvcRJR3Tdq98tMj3kWA3jdy3saBMurzg5
+  2C8DO/oYRvHkT61JBiZINXw2CVjifOAXDrZCf9D6LcpCnBOTgIVB188xVuZs9vTO
+  K349YwphxnMc6cbyOWeK85mYpi62QuBedLehU+umE1gGEfjvEt7L+XaIu7pbgqrr
+  PjY9256uwr2jaYDsV12+WsShzDf7UqUIY47H7VCyq92aCu0wcX7pqV/SPzrkqu3J
+  J0iBvR1gObOHAFa3cw/K7KF520tb+NulaLmxXWRmch1GypUHgBVhkpJCeRekeY4g
+  ryKVsWJvjd9/Km/ZQ3pvGiniZCNo6+NQTNBeSQIDAQABAoIBACQdfXGb9AGPoCmI
+  v6vxDa6ktipG2Wprrdo2bAGJxcG0OVLcvyPi5lw3xwGmoqWLlWDGLPWPu1HJb+ll
+  tA/zNj35J0B3EYfjj7sufLZhwYgoZJVEh1/m1w8Frdbk6EDvu8Xx2jXLZ5x56gxa
+  27AnWbJUbYWB8yt0lxBZpXv8tAzzulEWy0/kDRtlHhQDRT/wJxBvU3kAiTudlT96
+  Gu3gVBAykmsNy13TDz7N4zFGgTF2uWM7fmfGRWjXJgAOX8TB4VCTxEywq1VelNAP
+  wbZvR35zL1u7TVPWt8KXOMKPIeuWutrT/WmK9NrOWmlsY2wQ7pToCrLw5UK5cgmV
+  X9/nTiECgYEAxHr0RZ07AT/JU7rmTKwKaNuor41oVOIIVBBVDRle4hd/PIhKsQ8f
+  2FQDbGurgc8jANiJMnHqSGn4m8P/1zCILzSJs+JtfVWryoVlr8KNGPpx0tIQmclm
+  bMhfWUgKKmZ0JysAtRNk0i1Z+q3BkrQQCQfo8gJldYq9WxgcP+z9j8UCgYEA5mGJ
+  9u7UgoAFrI5CpCH+FjurzahzPsxMUtLKfDBiHqm+SXisc8vUcCNZ3lUx6ikucMUa
+  i7TvM/LcRQeTfAoRC7JvgaF/TE73nRrJ9WCx+HkUqP0ifuSSLIkksux6xjTSGz69
+  TascOx/pmsjO2NT+zUCa8ZSLAnx6gKtIgjeGWLUCgYBLNsZL3+S2lbR8WQ/QSguy
+  GGR6z6cg12ZYx+fHG+82ncgXZBUzspZ+OasV1iHRj3nW2Q2sQe9tySNifaVyuyFm
+  8LXGJufDEwiwfmBu6AsbhMQN8Fxqgq6y9gGKLAm4MYBFfjDHIKV3z+SiEeIIRuXc
+  jyqdek1csb/LH2+xCQgIAQKBgH+fTv9VJLI6W2pQ0If+MLR+T9k41MbYA/vpu7P6
+  VZCo9bnbuKTZKJEKdFFfHqyaLZjZB7CXBd/gTLeMz93p8bFqIq1MGqnaIP+OBI0D
+  CPQdlx1aRU7ILlWvj33y1LySLEZdhh7NiHEUZ6OQVE34CEMJ5Aup/yvcazx2Jk/E
+  lI71AoGAWAVIP1yJp3bxXa1K8etCwJYiyELYobYLGk6AVQ1zF1z0uuP0CbbJ89b5
+  31PA+si/WZgDSiOHNvcnAPFZFQJBMgW/77pn48t4NlZ+ycCSrekYkRq1elFCplmh
+  32joC4meTJ7MlFyeimRPUh0LrPggGiPzo481h0ut5hwpa/cvQ3c=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-node
+  name: calico-etcd-master-2-peer
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAs2sHC02wrzmCvnxuo8Duk5x35nary7CKNC6hFxIl1PZ7qtd1
+  pNtBtSOXYbn266cx+qcSoaqsY1lBYwWl485FPWSnNN/iOnDmNG6DsoXlVVwAiSuK
+  ntttY5jCeVcMAamFQQ5sjGBZEkmynjgag/cInbVKlZfTig1PdyqeKdEYaqSMO5JY
+  PLwpVkRrk3JxSPCcGfuzwJDdODWgU31N2Tiwk7qm5QtZpQ3n/1Z7FkB5BcPJPSwb
+  9VNHfeiuEFxKfH9WVj9OC5ltkRV8RBwTmsufooThJ5+qtnnXhT9xZ/2j0JIALFkK
+  eLDaXWYOH/mwiu9SqWixyDYa2h8cy3W5UXpSjwIDAQABAoIBAG/fLGU/7AtWMM/V
+  hqdUhW5FAf4RwM0hJwuih497IVvI1RORhSlmDXKE3r9w1SXa+q7vvg5P/W11GfBE
+  dUu2MjY1rIyrjMQj4WaQAk4ubvDqjOr621RyPaL8fUZroHDo4s3N0KE28lMU4OsG
+  0IG4ZwbvI7JjGOPbqNEFIdmxJyhWpkuC4k13SimQzlXqZo9HnaSTXaTQ8VfLN2k7
+  vX9LNpt/jac94KY66kXu+mCNTJCvYAGfbMzFLmUVK+vt6BzLRXJHTnxiRNaOHSMa
+  Pr9mImxtSrJMWycPu3xsJx62J40eZ1RxDjnrKhLqJtgc9dmX6N80Jjx8Ka6R4Kzi
+  lKLzjwECgYEA0p8hEDXqsgmPhrydLUWLF95yvxrXxbi1uvjKZ3QU2qKLPc0uSCbW
+  vQcgl+9/A7AJBlFrVfuCg71Fwadrs588f8BvklYCbk4t25O/s6m3Q2aE91OkbPiZ
+  QQEUq4ruBcujdOHXvq2qUMj46EiztpPJkYDIXvHxeQ/czInUMeZD6BsCgYEA2hLc
+  2N0pH7BfJL85HyqZjsf1MgpEeuBZHCeo1ZYzVczC5iTSZNzddFYSmkiWRnAEOrIF
+  cbO9Jh5vGIGi4cXimUG8FRiEWIPwUzMfBPfda43ktIFxonTWjGqo2KO+Y0LW9gX9
+  +LrUMck5Q+Wu72ZScaC58xvQ7Bje/ERqyoqijp0CgYEAxL6W4RCsaqDZrI/V9usm
+  ciZ+Y5vMgUr4n241jAv4Sv9ZOGLI3+c/4pWc0bCLokM3OuqlbE0j7rHITox44/JU
+  TjXRQw4K+UUYOyu6ADcCFPjYLjy4tH5IkltTFqcRjuJZjx5ELT8GgK4rLLh0/5Dv
+  0nZNNbulyGOT6pC5Yd9qAY8CgYAzpV36Wj5gC+QsjsEXeX5Oi1qtlDLtqu5PtbDN
+  jLnxqwHJgZT2YDxuTegv89rrKaJGyFxzti6otXJ4KlOKBtSImUHS+TB2yiCDg8rn
+  4U/mJf+xJCrmX6dkL+p3DCiN14mTUI36dzzD4bUXOHE6r0/9KyR+x+qtz6IXuphU
+  CYtAHQKBgGE2CG1bsGjwndKv9/Z1JURZj95j3Rb1us2OcA/FF8meWyrVD5xvS92s
+  TzwmQaTFyv+Y/8dZdbKNQPN86VgJlucoftAPMq496d00WpQ9DIftQeOu7FsYjZe2
+  QwbNaxlk8ajrwxt47a0n8onUg4S1rn7Mn57dNpsVwmwyUTFDS+il
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: cnx-api
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEAl/59Zq9FkbLqogK5jLTj3bbdTmrro/58DLu6MogmvBEa/kJr
+  6JRzdXEgd+rW0HoGhwTi46t4cHwUz9LWH4Y/kmeSaxiMzonIi7g+87+IqEOy7Q5c
+  kmDpywF+ERy/wm5eUtMkcZpavyVmuFEXq0wZImFX2AtscwPPGFCzGN6+QatIM8wz
+  Ls7m79RBPUO51L7CDmyfYi4su6BKtYa0n3HTI3pFbb9idaGjJCSn/Nce7XQTUstw
+  6vDJgQQm+BYH8DWW0i+V8ahKPO98C+pvQiSWR9HI6CbmofO6pjL/kGzRWRfza+3E
+  zZXlAUbNO9qYvQc1/BD+sZXuRrP58J0jl/bWfQIDAQABAoIBACUvrDqNMzYcUe9l
+  P0Q/lWhPLwHaguBSiMMMwtdOHDvy62m9km0KtNzM2qa8G+ZRlHtAJMqSzxqmIOlf
+  qed4juEg2d+91+VILHqSj0RPXf3c4k/BLcDaWRjDurYxFHFbU1RsOARbQUx2uBTs
+  MiBEs/mHW1iOIvBYxDgstkSlamLiRneDlsHdrnHE10hiiiF+NhK0oXEnfccZpxYy
+  qYT6zpA+3PR5OpMwD5mAH4p54ziPu1OoYvE3q43cAL/xtPgYBt4OycfrC0wIUVRC
+  gFErvV/YupDa6NLUe/m+2lLQKLx8bJWTmjmwpDuwr1lOEtACHEs1+rnX1vG8Z791
+  SdB9vMECgYEAw5txaTo9OI+loHZbwN3qJ2ua4OSghUJu5EHYboMpTvUKAeoTLaMc
+  WZN3lDPmIdgNb7bB1ZxkkWJRVKZUKNElMxzFZs6Ys33f6izAd8P/16OuybpJ4rEG
+  36ldkt4C3YJBbObt4QolKgaL8h7zfLp+MYkNvvsXEBO0HxIsnP5gLBkCgYEAxuvr
+  kJ0p7bzkfyovnrkyLBKBuERhQO4KsgmjW4rsRYuwhiKo7rmB9C+C0H6McGpTQhEK
+  nnFHtmMar+W5PD0YpQIvZk3uvkLZ1pSa5swnIYJ6hCa4CwjB9SsXE3OxAjr1ay+D
+  pReJKOJyYqIRrE9ZZtfRb4zQqmFPubm7pEzlCgUCgYEAqgdJSsW0B6FdwCCB2yFK
+  818mrowtOAiqKcFOp6ldU+POAiH877OT5g04aVu/k/WgoFXFIbAi/vjuZ115VE2Q
+  P2Cn+phkxckJxR2HY9O8ZS5Dtdg3d1SX+/zVeN+AsBkUU9xcNDxEV8Z/CUR8NBRL
+  szVF/Jd30aK+9C8xFnpLEKkCgYBMyffWjIUKDDgcytk1KYKvtrkyu9rbKMkiL0xL
+  Y1aQBjuvnCOgfCYpcEnMWH24S6M2RsPVpB8tzhYYPtMB6QfhcvV/Raha9A2JozYk
+  0Dxu2CKZbyTuxYOyM98lmCyFkuL4bJAiI/LDwJ6taqjt3nfBlqB3smE+1G/lX0iL
+  RU/JTQKBgEgOeAddqUTXBUe/DHKTcvObLa1cnsqDGE4OsF6Fbr/7iiouUKD6Nxfk
+  aiEoJphfsU/oCw1ZVqFPTfK+XyNdpI9tzMxtmiX7ykdyO9KoKc7LfxTzkUSwl3L7
+  6Ra7gF9tVd/P4ry/AOfcK/kDK75KgHHCkwLHYCPkBbBkglMEiDiv
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-proxy
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEpAIBAAKCAQEApSnzAlWFOdSSo2WGzH3yTdSp4ho5t7UP7gREEJP+vmMExjXr
+  RwKQh51rUGMqSV7ifdnzdMzhvbfcyJTbtmNR5iCanxVQVHEOihI8RqxBvCBj8y/o
+  OJKmRVKHxwf6GV3hL/XcSGv9gHACWPVmLVzMBF5dUjUew8f5sQC5EAhHZcPoF4w6
+  I+mxkxyU73zX1mStTp9AEWzIeFELmxA01zU7XuK9DQyz2vlov/Qm/meJW0dM37G7
+  GyondIx6mbczpfw+DtJO0cyKT/F584qBGmpUz8aU6Luaj1TKmBMGcaXdsoT72xzU
+  slxPrPdNeraxlm8cuAmBs9R5Ufi+RzynnDVn0wIDAQABAoIBABKalQrQQz9uWE4b
+  Y4GpNh/aMoCLX7D3riGrTVdotCsR0DnbXPMUsN71tl7JrLuy+mQeprOjWFIcYbwe
+  OFlk+panWYNNzUyVp4OZ5jw3rvfX1ipQXSHyMtRgJXcfyOYOkwzp7rQhpd5Pv5Px
+  oF6/syNS1cQqw5pd7hwn7rCFnjUyG5aqq1z/rans61bpYoHJ0gfrS/lJ6P1HEOxy
+  mTW1R+/jSBummUHHrO1gy7RCrlfChN/Bqemlrlj42vQTxVYl5XShzY00c9dnOl+1
+  DUuSyVX2lFKqTcIN2DI207U0XTryBany5xetWkXzCCVl9jBha3/sOS8Ywo1Dfs2B
+  PvboISECgYEAxPXmTiDRnBObFSMj4MwTv/dpugXfk6CbvpxWKqOmvBxkUVUUzvJF
+  naFn1mIQSWP2tdDTUaO7kp1r+58K4Afg2nJAHz7FNY/FggHIqBj5uSTq3WMbRxPK
+  1mSUu03RfjnFukSZ6joPBvNokpFhuxyrgYw/s4Q5n29jPRnUhYEdz3kCgYEA1qwT
+  2mgcxv+otkAC6XmOCaXQnJDuTD6QZTfBZ1aifAdbz7NL/mto3MTgwVma7BjaqN+e
+  Dy+64BItm3P0eqs+Ay+Q7lfL/me0DnQIAMudhT0jE4RJZ+5FR+oCAcIaEALvF47c
+  xILUL9l8fFXxT0+tam9r/sKTgujTF5R4jgV74qsCgYEAuz6Kk/vfSeHZrV6a3Tsm
+  C3nKqW6r/kzRw4Qc5qxt9qeHN0sLXTI1vIWVkdnoYd0GzhKY0yQ1Tk0aOzwXuqPC
+  v+mdzBaApUrpGY9Yk3Yq8jiGj7GIXSoTy34TZ32zi6ygrVRKfsJzRshgwfY0Uw4O
+  fjo21RL/NPNQBOZphAIbtQECgYEAoX42OTnVXEb8Do69IhLVraBV/VJyUl1Glz6I
+  eksMVS3b/bYuVylKa7qYMhxMlYxlAmGnMFmBxgsm0Ck9JAMq1Y61Avh9d9df9veH
+  BcInsBI8DvSXnF39NIpwFA6HOMBcSWap4hNhuNVt9sNYk4enN8i2f6K1AehQ1Q5W
+  WtD5T50CgYA9qn+nxpOzdIG06mKfepVtlq71d0OHnOZy67o0ecXFwzKCO+gBQv9j
+  Hsp40grA7dQUU8lhWlaLaFq+4u3DTZZSg1V96pwxfgZ+qscLbch+BX79ngKmuUU6
+  XE0C72qyYfgEn7cZBB/+PCsYxq4eN5XCY3njunW1Lk2X91EhmvZ84Q==
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: keystone-webhook-server
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEA7xzhEMkq5cOszJl5mR3I+hIFO9eELtLRaJUnCZghqG6GS0Pw
+  X3WkL/Rkc6wjMwqVaxzCCeg0+JbVIsJ3LdzD6MCzmgPXoN1IGVbPRJrEvGUZliFl
+  71gVO3OgnE6lh1/eJkkZAeLyEoz10XrR0Iu1DfzwILQbUnjzoJRhV9PyvlLNaXUi
+  oGXp6gj49zMyXqkPhxJ/w2bIt2kQiJ79YUw31onFBSljUpESZdCCYe5N/9Irv3YV
+  jwQn/Prdok7c7MhIO6x7EkLXwAJWBntfM5y+DX+NPNqrkFIpa+4R9Z4c9V1o1vV4
+  sQEA1NkSl8hcDhVNx1T1t938zhU+IpeTocPAfwIDAQABAoIBAEsyJ81hli3/pV4K
+  feUbKtMJy7+P/S/EeLqM/WPVBfC0IWOWEAfVNTcnglemMMOidm7i8lqvPclXlduC
+  kHxJywptX43121/pdv0RAcmvamNc3/kIs8fbSYIS0NWXHhM+oNwlbMndFweicMPZ
+  /hW5eczWWKXQPi9nfiZnw10deF9Fi1hk4hm4NFA38smvAQ/GADGZKd8hiwWFm7rz
+  iJer0yLuK8rHHyhh4HgTLkWqn+JVWQfIFjDDjySVCWAL/FP7ODrpa6hevZBbZOrU
+  oqBmOYbCqunRTd1UROnFayeDeFpbZn/XqYCP7wM07igwQxDGWvyzXGmMHzopOeIS
+  eW4N2UECgYEA+fKzzni0unE6Xv6OPLKlwdPvbgVMnUz0Qd37jmyw5miC2MWjUXRZ
+  v579gGiX/zNOrcCjF5o9IM7JMrp6YlHPrr7KU/K07LIOC/eTS69Emq26/k/LCpKK
+  KVt5/Kc8H7DoyiWllDUgJYaKQG4YNk4zQhjSFWyYfzYbF9rIFwXRdjECgYEA9OcD
+  xpiYvX15YTxqsfeLkGGphcCktpgVcmuMT5br0m0w5bpIdi/78Iz+5la7q4X4lPXk
+  VRFMrkr76MyV/vDU7GKODfXp6PqdcxhNcInfoQoCfoYpWDhoTf59A9SZF1qeMf35
+  M3Ruwt8qAzZm8knKMzFTlmB66rKT34nP4/JVBa8CgYEAqSXdFupK7C16IhVErsD7
+  OcuyKZN+gKk2V2jhN0ZJBPRPMGG3n4UMw4fV6FNgIX1YTm+iL3Pa0FwAfssBzY2t
+  7YUCKYODevcYWHLoBH0NAVx2wmm/b10yEMDuMdP+9TdkooCNqFm3co20+9tFmWKc
+  f6uKaKNAJD66YQ9W/3WZhdECgYBLvgsH5/gNWvooXZQuGH58mAfjCxKmOmEfsy2B
+  DA9BVG30DuoMS4ji++h1+ssuIFAiWe5VdPU/Toecl3GomHlx5oVCwhSm7qO1jgWd
+  UbbtSng9A2dUFpYD0Tp+7civVWJp2b+x70e2U2jd93xdYP79WDse3hYF8lcTor6+
+  JBuxlwKBgGdLjg1o+CtmfOibRL3oxqTv1NydTp0K25QFc3cfgr+t1/I3Zfgw/s2s
+  81bTRe1xlQN/ku/aQmMjyz96lNRpASdcScH7rEP5WZ9EZc+xG61wbjShyjQat9y9
+  7B4l1S7b0bNjF3TrqpL/qemQYe46eQWwNN42g1/gSuXCrE9xyxMt
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: apiserver-webhook-server
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIEowIBAAKCAQEApWtN92mAMsGGWEtezhId5/5OqSD891ST2mrFNFJY6u4gLhDt
+  6zqYaVZIDlS9jkz718pxnwFsIdPRY5GhjKk+1IEHyJT6RpGC2cH1BuOTbQ5QNvNF
+  ABCJUBVaQVvG89HGhOCA842BcvuVGMY76FddvTYtUEGxaayz9831/VpN5tpM2dTp
+  +8U3IGbuuJAGiw4yV6080vcCCI+s10otMyheVSltdIQz2F6rQ9ejiWYRus3A8ba5
+  8H09oxjmzdIZmxfxDvQ5ul0tDYP8mG0AX0Lk0CLsXbf0TQz71SxKKCInxh0SyEa6
+  uaumywM4O+VS9R6q94JZuT/EWX6kgJpt/V+FVQIDAQABAoIBAQCJnd29KT4H+8xC
+  hGGY2qWarYzPU6xgLzLaEN2DC8cBm52V9WuZuKO3bpp/oawZSJ50Be3EtLA67DdU
+  uIFHvj2RGM9a5eXY85GCi8PHOWka3z+Il5Yd2aQCxeDSYwH/MdQQE530ARNijz6Y
+  38JTJuvLT9ke3ag1HAKU8/nkDk6k8Dz76cnpou/MCoeab766wSoUwZH4Ey/C9IfW
+  JryHPH79o+l8q2V8Z9P40MiVT3+0NQ+gswbKzb0BN+I8dDGbo8B7AvXZVNv8rrv+
+  lyvU1B4mIpqZ4oPTLpCjCxirgRiMO5GV7dYL3XGjqo84OOcdDmqGppMP9KZVXfyq
+  4ULBemVBAoGBAMLud4xcsunqBjzKivPh0rRD9nz3LUT2BNBsEgLi9P27NXywSjm7
+  sO7Y85D0MpuaHhoQt2Efjjt+js5L1ELc6QzVC/nXzQUkSEDKVG5GRWKSMXUbE6op
+  5QW5Q7kVbkgSfXQ3KH2gA4dTOuLXjVbQWQRvt2hDCwSi/qiB5ggMjeH9AoGBANk9
+  8WRndxNvqzsRLBrFtJwgrLd+O3+ScUSC9z6A4JZ8Dtu87P3EFKDQs427aVJeh5xV
+  khHXjTSAJqaWahEA7QivzP5iK4mm1AnMTABpBKG36mG+cY2QYw7TwsxymgL3hvNs
+  czvrHAGs5Tvm5IeC407tzuXmOEAQoWMNyVdYFUQ5AoGAMky0fnyhEij4KRGen2Xj
+  J+7tmLtza/sLrPhmAWatDxgSqjUXQiSDeG51Ey9gK7SuFc3AdAhffEyg7uy0Pfih
+  DlWfPH4KAkyldEqBVN8/IjtVFcHB5kPfPAXdStIT3fcfdjCRezEiF/ZLGKPEbeVf
+  QvzM19OM8UpZ6gNy5xrONcUCgYBh6nR5/9SA8y0nk2bgrknosSWIEyJ4LqZU7f7I
+  skgIK+R6kF31R0LQ9SBo+pbPJIJVKZCL8C7aAgTpwxQNk/BCoRJxeggLpCEgRW/g
+  I3WN+ppu8eq2luS/Ex1TDzhxq+WspC4QTLkz3Bz6ceiBV7Jiqfc+UhT6c0R6pAUj
+  FDWJqQKBgF0nthNx9s1icuV2xcDz5HojVCwyasvdOJqEKwHmE1mhTq8H3s6y9AEj
+  /K9ztL6OnTDT1n325RIAM+v8diRMzWLYLe3GCvL8m/ZrBP96Y6jWn7oq+M6GczR0
+  0UB7knERheZ+1QBPZofvFwIyr46zynkydW2tZ77B8wd21QYF9uwQ
+  -----END RSA PRIVATE KEY-----
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: kubelet-pod17-node1
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAwXkkLtL+7C0Nov0zTBZM+BzngVq3G4nT0PogLG0zGZArnymE
-  Tv3S3A3ENshKWX08dVspm09EYJjDzZyyHuD/T7/tKbfkroREkAf88IZXM+QICMXi
-  m7KZ1AhSsXkF9MTRe1aQuhCfvMSFBDvA4dwolWvXozuDV37kdq2hlLXUChHRVhF8
-  J6ylffxN1y9RZicm/aKq50XMAuBAWDwOruaZWC0NP13vChndfMtLMu/jutuQUCvL
-  ldU5DEbCuBD3agKPXMDm/zBNcR4HedT0wW4armq7hOwuZSZAW2o20AnFhREgGeLt
-  DUgNQxJ4vlnIfsHSDkCyOtMovxY5o0QuKzt0TwIDAQABAoIBAFs7fMx3wq4sMJoD
-  PAVNHs6BEsn0tRPPUorg5/sLI2WSjn9nXHTDTINoGnaazDSW0cOlUWFjZ6MFZo+2
-  rGfTQZGht3xMsxF4Xbxth+ED+GsHxKIeblVtSwypQBVgNGbPyNiYYXbcD/c71F3C
-  r5nR73FGgVD/51eDBsjP57nwZCS6nsdUqNrF68ybb6tqvMIPlMGQA3ww2cLsrMrp
-  d27Yd/Vyf8QCNgq83mLBEAD3OuZe+OcpAb3ii+KfAOFb+t1CbhaKCBQmlNT9CLrC
-  kzcU8Fapl6yLosQIKpV47t2u/sdZ9tN6d0ZShiRCFVS21pHOTclV68bRUJGUlbaL
-  n4H30kECgYEA+yEjxp2J3i0PfRfAjkOIuKZ3GrvFhdVOc+MRqMvM4E9f9XViwDH8
-  7qyZRJzWPXShdHcDpZZXx2T/GMYTFSRE+3mdJeGixW8Bqqu2qMyMXRvfZHw2OmNb
-  dAFB6zthPS1tIBjwJ/6W7pbPCnIRPRL8tdjQwPjVXPnElqJgiBhaqU0CgYEAxTm8
-  3ecOYRtzo4+y0d+mhpX0UZOTLY+HdoJeIp7o5FNmh8wV32l8Fj8zqN02xrM5pqHw
-  NZSgr07JMTLlVD8A4UhEK/USua5UlAJxrkmByWem2w8LlFD10ZtnahOELgfHiSMR
-  CD+Vg76NTvZc/qihqMUUULaVfhQjHwjUnyKn5gsCgYEAkngxtZYM41jEv+Eqnc8l
-  3wy4Sw9ZlUVkDJNTqW+0ft/MyA0/G3oMW+ivPCV9jzqHMLZ5mgqmB9YQMxLT7nDJ
-  CyNTVNTVavHjtveQAcPL2kJ3eNQ5jLSGkpJpMBniDRyBmUbyS2FiBqZO+3isNULt
-  weJDX0nCqAfFcVYjlz0dI8ECgYA2m7ABuRIwLQutxAH9PnG7XhXR6Iyd1tnpJFuw
-  NlPBtJ31B7seqvRirIk/PlEGX2WdD8WU8Fw1bhki+DarRu6Vcg7+JNNUekKM4Mhd
-  O5kmDP8UNGw+WtRVfzP5GQJGRH0pKX5zzDc3zTEPJgPFtydbtYXUe1mVGTpIQ4er
-  sErQ1QKBgGEHqg4NvyQdovYEjrFYeetZpwaxXUxt8gxhX7YGmDL4k/xK4s1ReZic
-  6Hda5FpZGj0MRXB/gRrtPBjV0C0qV2jpFu92bepnrkvXMab7fQOI8APuiemBPtuS
-  5oMFCTYw7dqM2ljr+MivKIkaXedoBfTn9Ff40tPK2Y4Cc/AhSr8O
+  MIIEpAIBAAKCAQEA51A3n0pRcn2Ei9K7Kn9Ao+Yi7CEs1d/d4RNwNcHxqKdkAUJR
+  mxm3yhlyBlq2hcGmZ7Ip9rmK9IHtVhykn5qUBKZWV974wEaT2qqeRTv9ifPwKLRw
+  lz5gcy8EZ3ZuqJMrwMkA5OE0fxbPAnxjoCjv5TJESR/MOYhI+YuyqYiulQWlD9RN
+  qS7tFmK506huG9wImYyZaOfn0sXI4PFcrrlgOLdiIJb+3kaEI30Su2C4UiJh63x3
+  +x13zQoK+jYmlAZUklLIA1fr7B67XSkbnidQewp5bX5RtwuwSNEZSWeMJ4EdLC5g
+  5inS5IMTtVLoRbVNK5uiRYyHiCoPZrTrFm2cVQIDAQABAoIBABRrD03fSIs7qyyQ
+  gHcC3pjZIrIHR6blaPeKOLh2EzfY9snpqbxwK7oKPvdyoHP0IRU8M9oUjMCCi4mz
+  Y5C3G2PBrxN4miqW0ExYDTp9TicUQlnFe77OAcOJHfFoEeKNgyo0VADgJDsnr0Q/
+  6Kdlla98nWx7AxL9BbwJac7vQsHin7ZSGX+HfOX/oK+VD7Bg4Jv/HLzQDDMZJ5o5
+  7+fb0qJ5v3tp4U4ecxrsGc6ZLoogJUPhPwZD3Fbyag21rmJK7N9E00D4sWVK54Gm
+  d4C5GkiB2MmKEHnNMAHyKFKkoKSDU61qZXxr14FSwjuBy7Q2cnR1rmTUNq0CuqQe
+  51boFQECgYEA9C/Ta1wOOB0ncxyOpNav4ifnZPP0R3P9g5WDFJHReedLlTjbq7Au
+  DiQ7IBEsdP4OSk5INJzxF3luVD5srQBrrcJojJGJyy/S0QdP0V4MTKnyj0M54adU
+  ZHZFmQPhJUpOqEIL+/zGI0i9BfSFeEl9ug7RpKF3WjMfG8xHNYoFERUCgYEA8oD1
+  KkWmVIau4J2fX0QsgTYMuRWkPLUaX0EB8i8PtHoHIMzxae0C2xjqNRnaeAT4G4HV
+  Y+o8uQ+lwlJ6ZErW6oJ8mI+AOjm9HzFA1XXBwfE3AtdBpjAfptf7DKYhURXuFA66
+  USORF5giHkqxD/UKoQMHMsP2OOqZD7XL8kVorkECgYBPXcAU0/3XJTquQmjmkNTn
+  59pgyJ3sH3oVq6HILMDuI0xAuxNDEWdWt1X0TUCq4exZIGp9l0kRPSmr/gIqlMlq
+  15ZNofwsa2XVBNBfl3bd8Brjj5Efk9htMrfaTRV/nlBEhfsJMxZfX4P4jIpZF2Hi
+  +HARV13IlncU/OdkMnEFJQKBgQC6442NzW2ZWM6vRmqLldOipM/7V+Vh78RqQoRI
+  a+JzmVOjAK7QjpsT1UiyMcF/m3zGXjHhNaUkjh2V+9BdOJwW0QdK39TXiqXowyGP
+  IJh5afeWVeQ/Onk6MNtGbUXh4r+/b3ZBj+KCx3kL1U5N2PAfFGFYy1MXnBzn0Zhi
+  lwFMwQKBgQCzSR5J0H+SVsVxS2DfmfYf+zVSpJCCjSb2LmgvWYaNPVb2Q4bD7LSJ
+  FAgaaH/Yru5UQL9o9o8vaiUdStBtYZ07GcArZ7WO8OJw0I+HL1Jxa1wIr5S0Zip3
+  8CQ1FJTktSGu1XpkRZjqC8QeMn71ZArotCeankDvFNWCsWii60CNaw==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node1-peer
+  name: kubelet-pod17-node2
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpgIBAAKCAQEAxlbME7p+oJcanKE3wFlJuC0ych+TBoRaOpAZ7oi9vLybQ7wn
-  gKap7zWHAeHoK7bhfyvPt5k7Z3UCmpXwvIRJtObVH8KpT2oEN5EqaKmgg6KC5s2c
-  nxsTIp5PpS5uo+CvA43bGBi4GMletp2T43LgbYs6UlcqxxRbj+2SbJIDYg4S1gDY
-  I9HU69F9Qzz4Pofn5DRvJs81aWBOaIAaJI8oaiwrzUsubpHwQ/eFjFEDryXwsto7
-  qisqeALoMqSToe/bvSDl07ceizI3APzvDF1J6vUdnn6cbBXBXTKvKQwn+d4Nk4QY
-  l7dC53vgqBAHFP8heVgdqLVpyPPJKohHSJTgeQIDAQABAoIBAQCiYf3DSTTTFeNb
-  yUJz4KZSe+6JMQCWnVWiDMiuWpW9KE2WLz3IPqtyhUh7ahFDeP81txDhKDtSgKIZ
-  Hhlyvnv59+MVlbI4qnu5Ysht2DLqkurJPB22xdvsw+BBRLqgwRuItWNjXxmacYNx
-  z6F83liQVyTwtRz40NoGBGOVMBZE9/7ZcZO4P7rogHPxgzeQ7VpX2OofosyRF0KQ
-  pm8QCV8fgQHsGeZ099Jvnl9hh9cOzEfWEfzkYDCPkhgROXGELs2KQQOQxBXFaaOF
-  vXaTyKoWrbqo+9J1ONCWlRWRYG6eD31IhfCqxmfh6eozk/tvP9OmVdgRtIe26LvQ
-  Kd/7+uWBAoGBANHGYOBkF0AU6/tHGOj4dLi1zZxxVcxao1hL8Pkh+KB09kJ/1/wv
-  RDi3tZmVknDw0NFlXn8St4anFG0h7b2bb6VXp/VahHSUDOUHOb9SZK5f543Io+tQ
-  QzlsjoYw4FKxqQeF/vYPCxBdIx18zkMRkq/0+Eqj27Y8i2wVmr4dC/x1AoGBAPIL
-  T0q4RPeod4V8ssTJPRQOcEeUeQI2JgX9hdrwYRkv4DcHUK3h37dvoHin0IKHM0+d
-  DqKk+j0asyEpSbKT4KhTdqjcGHymzX0cEl3d7hVEeq5M6S3+MAR9E45HCb+IaqKf
-  T4BtKDv3dqrUPXUQdj0yMG0Ih+X0Ep90GCuDbKN1AoGBAMp/A/83v1XlnFJotDwX
-  spynKr6sjNUCXZGbZRco2tcRcLKKtFTEz8csV0nVn5IUdI7dmpVx3OVHnaknSlZw
-  mBp0fjaS1S+vxq7DBdSQ1Y2aGGy+VLWPOgVRrFcPEUviIbeYeqDNrrFyJraNRpJp
-  gT8HazKp8Cp/UVrZlBGW+n4NAoGBALkUXthS2SHK50HiXUxOWO76L278oB9Jyn9w
-  IaeNgaHh0wAhDtc3TXsV104LfEwjF+A7x1Ik9tg8j1a/HIR5wSLVV3m9etfuMFkH
-  Wx/9sK0AhRK86tzpbkwwXADCXzjfFjMtwHwCe+6Gxm3QBwJ5yP/4XcEx8cCrhoX5
-  HvY+85Z1AoGBAIEd/fJXUHUaw0ri5CqGLPsxIR1O5B98J/96D/3xeY69QnW32OR/
-  s/vw6J3gOoNo2wP31ZnN8tbRvc4LcWZJifgD5U2Se0kHe0oJBWG6ffmbsxuNWcWM
-  0HrUGB+k7n6wNlq3gVwewpaKOoFAyKqCXDBCWLzKkmNTfEfRWwkDnJFS
+  MIIEpQIBAAKCAQEA4hfCRrZSzKsmcLqQK2y+OMZ3HumFKJVKjNtuURgb0MlbB39a
+  CyAwlOjrNN1KYT5jMtlh0ySXdMLnt2IUlzcb/8E5nf4c8ipRULAhEcnzRKFljxkK
+  wEmuey347E0pwv0BjX0hG7NbH8zKEahbQoBEqSeuJO3knGNweRl9vCyu11j20y3+
+  y/PBTVQ0Jf0BYz7YIpQklDpakj8Q+TC2zNxZ84M6vpQBJCNlJe2QNsWSDSqYBZoo
+  jhLtGtNSrZbuFBGGP7ddfb+VnQbk9YeZuOSE1neLp/9T1EW0V1wDJQAhT0y98miP
+  rS+Ielv5mXQKkPJOnvH/juaP+604aI/JKBvu2wIDAQABAoIBAQCkj7B7MXeAus4G
+  3PPUd5jY0DOhz0x5ZnhVn91irw6H4BcelOYgFPTnXcTcvHjH4NXpC+o0+Xw3oylv
+  A7eC/LynYaejRHMjHAQFm7zmKryi5mp6RjraDIcv5x04OU29O9PmfP4dIGWh9rfZ
+  NFYASEYxbM1G2dQ8s/AIZLJsxYUY/ayoRguGCcG84gmzDqoBpIvR3ucx85B/bcjW
+  V3x7fODVEyYHTjuAzLR/UTbFUoQuUlYFToUOT5A7ADpRzhfvJUw/q5dFZRFYeeVR
+  VmTelXZGB1Gfk49M3yTCKbGHDzCjHfpt2ozbjltYqETrNyRkawLQQd4qvHrMNjHZ
+  rPAumf1xAoGBAO9gwpQAFOQ6mLac0Wl5nZtGM+BEjijfckUaJ0Ts3vBY8boKKpId
+  N1anS9ANfDFxQENEmKc2DjeUp3+Sr8nFyDLcf4Yd84sgs4ZYCKbEML8xNnmN/Vpj
+  ZMri4NjuLzMwyQB6UQdwGMOfBBvccAY333cgAl1CDjLpPP9RoagQifQTAoGBAPHK
+  1rBrQE8hK5EWIFrlb3ghD7Yb3ll4uCeEzyLI/Gr+eIUZAUxMbQoyHTOq0TqbnK7S
+  JPjlDxoCJBbjG5kUdrMZPlc8yE6dIaMLqpcoUWfIl1Ujbka90cj2hU9LX1KgVVSt
+  t3wZM0L7JhNa5nK+oG/ulSMohlnm5Ho+JtG0OaMZAoGBALJm770zrl5GGYiHqT6t
+  p7uQf5sWHMjzdwtvKXMiAikocMdRSlbpNVP8jPD7C+MhX16C4i5EiCX+QTM/1IlR
+  QRo+4T/IVLkM3x8xvwji0N29RLclDnvt9bGLkz25ji3dnwAfKQKdFae9fGdzS34m
+  6AG1Nm3gjAp/b7ltUkiaQuZHAoGBALbW4d3qXGj59k3yY2kY0mAO8CiPjmYuCWOo
+  5FGzllz6LPzI2dhueo4ZM0fcxfcBsUvpkRe9btwF/nBoMHhjpxbr4d5qEjaQT91R
+  dyBy1owafYVeE4ffBoJnGIvLvTtoDt7HtlZbYA4oiLReKqFeUUgTLCe3/1CAbwmZ
+  chVlqagRAoGAQXMSp0XJGteGNaRhUhOHqci5D0lIl1lKmy4r975lz/bYs2Yg7rP5
+  jzYMC356yF7JowGvV1h0UGAg475APp8N7GXO8VDMMSCQqrg/BKGlRzo3vCDwtIxK
+  UkMk3MMx5Q1hX+Lh3xzLHPbodiSXi/lEzg4a7SqUIziJi9AZaQJF/rc=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node2-peer
+  name: kubelet-pod17-node3
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEAuPe45gKODofxBy9f19fYE6AVdFiOPIL+xQYYg0Qow3wOFnd1
-  nU/xxpG6bOB4ndFDwkAUlQ+iEuAjBdAUNRhXe7TlPBO2b+/Rwqg/vJpeS1rLmrcM
-  zLhw4Rqqy+9evdSa0qyzYN1YPJTjJrQm5W/TtHje88czIR9L58bCKLCmELeiUMA6
-  tveEDuVYv2Mnc88AzvFUxkrHHuqmw/cKljgw2uqrzCz9n3jpopr7aBb3GdmIGjs3
-  3IPJRgmi7q75P8F0C1EzbWyMLuu+pcHHxTdOAT8k4DCDbogHe1fMl7BoFqVjzTjH
-  +NIaVCdUiE3QUn5OFo3QlF2H2k3iu4ZtNaK2twIDAQABAoIBAHJgzTd+cPXPXl6B
-  DxVb5cQNA/dUI3CL2JthL5tMdKCdf+CoslQ68VlHGC7nh+6fTvU5xwB+EEz3yPB5
-  QWWrzb0zmWVTE0eY1u82N2ObWZ/jX3AmrYWSsEqiwOcm+EEOzUZlgO7vMPcVYnm2
-  gS7zvcglzkiU76sVvUxv/fRHeAlxVsEdLGOQVGkvZjcaOAL2y0KlPHeh6ByDh+CO
-  TkYfYtQXbk+KSJchSHt+JncpgeFqvfr4BdZApvWFYueMpc+80g9CiwXVPzC2vnkk
-  eyc2nc9G90BJxOSgdRwyKF4m7TQbdvwRDRZ+8aomgiohRXArfQVqgIRx1XBpFuiO
-  QOYy5YECgYEA6yYRjXshKnPjPv2tcvZR8vHFs5m339UpNmHeYM70rL4hZ4qrrYWG
-  OSVWoJVRk/aauXK76jfmMSbYRvW0e0HR912rL/rw/o5HsdTN9dNBQmUvpARdz5eE
-  dKbXHuk/kjWBorLsG+kSdRDyys4nsJ18aXyScEuewu7+KtOJQAgpBJcCgYEAyV6I
-  PCfvNrBFrtVG4umD/R1vjgp8PWxS+oixD22AlQhRVK+4HiaYZcsDBnvmmFh+PuU2
-  tDpwAOstUFF4CfXIXHldodxgw1JZY5lVBe95RE+iJ2crCyzgt+gGzwHxQ0UBkqNq
-  I762/YdGgFlJ5J87v6EMGpCEFe0NMVhcH5fnguECgYEAq9HqO3X/+vQo1SspZPpF
-  UP6GlkA5Eg3AimMiyZwPPnXDFNRHs4gAVptI3BefPz2POvhyBKeJxNp8aAU7NmEW
-  2egQoQN8upQeIPu87uXJJomnMPKb1YcCGvaZ85U9hUkhi0+vpIk+mlmi/rt6VtwM
-  P0vt+K3YuNlG0OY2wJn11ssCgYEAkFqhJSanmLfSrFueHmqyQNBKOTQRDmNKNOmq
-  rFmedLfqvd/eCFc4prha6doGW64Min/8sES4KCBvcoWEnPdB8/DZC4CVKVAuXnT7
-  +25Jq4u+vap6s98vFQdTYjCNSOD+GKXnH8rHGYZRJw9bJnZz+ZK0v5Jb7e/qpjYm
-  jEt0HmECgYAc/JS3UEupoNZWXfD8PqF6PNFh+jL4FdyK/KMWMNaD5mKVnuPZn6vF
-  pYeNGlYH6ieQG4g9yQMPcvBDO1Kb5tecYekjnbVYYeBjKIbfaGPjPLR7CdX1AmYu
-  6wr3YdCGwNKaGsODDGZugzw10LwkaEr9fXGD4LY6Sog76pZNaauydA==
+  MIIEogIBAAKCAQEA1sOBvYwZQHj+xynwSokoc40m6grDqY/ZT1BIu8qbcDEaBuG/
+  vs0O9OWj1c4vMMY+lkp8WnFH1M1JHR8O8SkQ6f2HKj/iMuCH+wUh0FndVIh7yQzQ
+  d03vdrtnXexmX5oW3H7fHMUzND8ip0Msy3pXfkG1G6CqDAKabEHxhwYY/rWlwdw+
+  ogF4SUOXN6a76oTSYJ7gnHL0VGniD2qBiKo+W2Vd/Sg7y+hCWvZ9q0Bsa40E9jy1
+  Jo9p4XObybIjQtdqNTi0XaEtCjZxq5L2fSzzYBZA7zwH7UgEaUiLzslRMymdaQ3q
+  e8DmDQkrH6+Ihrd9iDbIFX8s68HtuqGns6RVbQIDAQABAoIBAArQZWQJ/euFLC8T
+  KYpXRbYr0V3PlPKgz6xyunbaSOFpV4opK+KLqMkkFw/ZBf9KvDQNJB3Zvmg0vg29
+  Vp9GFhfyMDAsb1NogvBc3csD+2UaSkFhZ83aGsi7vwS3tp/xvlzz9oAYXe+vjisl
+  8sd8LZOp81ikyms4ZlY1K9hEslWA8GAyYRPhG/PNPGgNm91O/l9NyBelKmP7BJq0
+  uLKSLspRURw16NmpZaxwPyi+AF5ZFtqZ2hS14orxbhqBh/HRtRYOFntJR0X+yvzl
+  r6A3W+pV0Q9+KnwpoYP+YbWGQn99FRWNUTPH4yoxQol+qVUrjPBJCYQ0OqWQvtTR
+  tvAucIECgYEA+0UBOTPhHwwj+ov1EkNdS51P31UtTj/2vqfu8qOkXoUY70khA8hA
+  zZb3durqkjJHu+llq1+Qb6AklBLXCiEy5aOW7PNMYJSqVPSDWV4jBMn1VM0Dz6Qp
+  2NnFdA+SBhEIVWJ7EzRKnUd0lbB9SUIrkuMojtboPpL+57KU6MDNnwUCgYEA2s6P
+  1Doi2BUAkMd3BZYtIvo4ZlOWK2vYj+Bl4hxX/8JuTML/sHHymdwNBW7yKLQJnSqT
+  B2gLwgap3iN9gcECn+TbdCXF3FdJoYx/SELNaaUy94NnivS02OTad1PagtosGPcu
+  ta5l64UBIhkmPHz0A8rCXrHjC2BBmK7zUeKYmUkCgYBLI5GAF6GEdU71B5FbysVF
+  bV+LO592vO3+iZ2M9Z6bnVWdiNLUnLe0QybxasKGwX5uFReQLd21Y8BMf23K266q
+  uUbSyNbYMtzU1uHIgbwbHIG+wCgZmc/hxw2i7V0Pb1x8nByN259MdSfJ86MjmyQI
+  ouFoBaAhxjdv9hlNmQpkOQKBgE7jvO3KzDdWUy7gC+TCwaFj0CPsrS8Yois1v+Yn
+  S/8Vzgj1IZUvcEXTFgrIdp0AVJsK95nrBJo/Js3FxAGdYmHd9NXKrK0F97E8Y8Pc
+  +gzGGDsvcIykL/QnhzEQ1a7qFI4nyPqOV4b0HHV71dJnRt97IltcDb1TRjNTmL0E
+  UvqpAoGAUhB3xAwHrKAPrq4nbT7Wu2WCZ/ieFOM0UuBttTZV45pJg0K76RlNiuNk
+  ZXTv5pCYriFLDN3fEahq8coB9Tv/iWn/rrMBDEfrSRH2A6RUP++PSG8dl8K5p29X
+  wxdUQEkzzeI4zknxiM1LUhltDga1gXUHqiOnTOW/v4Hff2u9cu0=
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-etcd-pod17-node3-peer
+  name: kubelet-pod17-node4
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEowIBAAKCAQEAoHdWmHeeNXLHssgpq4q6KaCMUUY86jZ9+qnXig4BLUmVshe+
-  yGZ06eSO52q7I190uiGTsnIrSJAx2pUffzDDJzY3OhgCgSfQ9UMmYlEPAP+KUakb
-  w6nc1y27wScUG7EQmDC9Rgv+vCK7JVwA95UVTuRb/WoZ7izUqLjWYABLQiV2YGHX
-  r1VHDso9gcgrj1g0ybwdEqUy5rldYEIrpuSPwVccnq7PMjd+b0MqYroGobQDS6/3
-  vrR5i8f4dZkm0VWl6hlTyIXyZOFmfzh013JpFys9STIsLqVz5Uqu/U6uDEjIc35d
-  ufh12X4f/xe15YzEHT2EaT4zSeIaih8lZRhMeQIDAQABAoIBAQCBVq9dxUyoGBQO
-  bnfn5LGYy+dNuyduQO3aFPu+MvuP3TfjjHAiZzLlM2xb6xNbt50GSfoaYxuwKUmF
-  vZzdkBg8it6I3MFoCQfMKIvPwzYsv8xldcEDPO7cIeisDyuOBnIxuVdWFmUEj5n4
-  yuecp3W9WSMsZ1DvQQNH23QvfQ0sCm7r/ckEOK2Dl7cKACep0bkt9pFMgPsb0sil
-  csUfAXgUgIVGe1D1av+pe6YU1btIWkYu/JCL05WZKKXMpvKz/DT+eaVGq9Jktvew
-  XKslhWQXba2ujkK5+2KagVenSsusm1bUpBwANNNXfHhMzRFJbIiwFWucyH4rWcYp
-  cTWgy9hhAoGBANVztb0zxfBvz0Ar+NCOJIAmfpw+M8Y/9yOes3KSkQOWh8jbAEUV
-  oGjAkfB2+VxuxRe/rAJlkp/N8yutkvbJiWeA+FWyY/sGxHtL2S8jZlxgzhJLwmhL
-  f5Xfr3kEcy0BJ8L3XXY6q7EPVGi6Cttx4gcPkhoY+pjkqTjPoDZL0XMjAoGBAMBz
-  zXXau5EayYt1aWGzz1CcpokSsnGrEokx+YXHGlO6QcS0/CkHA8WZn74z4rRdtW5Q
-  GiMiSoN+VYWwlXxQ7H7zPDDpqGqXGUDFFqN6WrTpw8SdsZdC9VftAb9o2lObjY+9
-  XVgQrzBvDcN56CWsZf0UWOTu5F56CsbObUJeFjmzAoGAZFgOEtD494wIeRly0dBQ
-  tnHiSV8whb1iWDtuDql6RJ6KXNEfclq1WylUMiAsH9jvDLgNi97mK/vsmhbyJNQf
-  pSnLFLZVLBhFW9UPV4qjvz+/AHje/pqncvSCEDkYUArf/1a8eC0is40KWGVFX15N
-  LJaUT3J4tFGif9OTdJL19tMCgYBhXHRuEhlgAGBECEMm5XOVQZrSr73M2ZIIDFtC
-  vYZpI0pQfIsxKlZTKjPxYohnXR0DUMzYR2nQ+iHD/6CwgrQSSXWC/UJxoj1pUgvw
-  6l5nNfgPSQPmFT7Pm5yNvDrvnztPo6pMeixW4WfiI5M5M+1oyllqgBzSWwWGrDoE
-  IFs4FwKBgCzsbb9qRCRIvK9sz50Hdybgbi8iKoG1QLLOTYgHinSu5GyTOsLBYDHP
-  OChQzqdGIOTMaUyeTj7lgQpVndqNietirbhuFw4s4zA2oRNhbaRcX6+z1W5sYds5
-  LN8A3eEY/T0Pns4PS0MEF1EoXZr0lP8vpIdj14qKeUAgRX8xjIV9
+  MIIEowIBAAKCAQEAzTkGoaZwRSri2Olk6WDoLuEQ/IziY1E8YD5dQ3hLQHywznJn
+  unV+NoQ7nEuB3OEVnOelW+iWCUHqw/l6O29i580kYrbqvoPG1nw0UgRp6nqVgbnS
+  IpSU4MEjiJtlFA6wdJSlHVZPyXvl/EzI8agjex5WICqTqv3EYjtiCKODt7+1w9mr
+  3cnUMsVqaZvyaqu2RRIvh5Fg2epUNcmGGvMp5g4Nh8S786GNDFtw+hD9DZMThroh
+  tVp4U/GUqM+N03nuiAsuxZk7ZzFSs6OTFt90AGmr/xI2kvRjPjRWGweO1Ky6fVt6
+  IWKDRXHazLN47EXQkVYL2n3yn8hgVr5zsW4QVwIDAQABAoIBAGzNwSBPF9L0C9Uo
+  2KGLCU5hcRoUr6osVbBJIDU3P95uvWaW7TvEMyhAL0KMHcu3YjgP8HGr/G/oDMne
+  KNn+EhgHgTT8+bQMNY1dyHd7c5QnbcCbfjdrQwtuGqLAkHRz3UXR0UCelCqkj6iW
+  JStKE5Wg3dSr/iJ37HiQN0eRObJe89QSD/HA5ecKxqVLUAdW1OAVQxTXq+QLgLIf
+  uXdjpDpIZaqcW3v5kUB4hTEKVgwiMTwRcLT0U4LZUj9yy5aZS3fvG+FuqIaPc1vY
+  Xk9iEMeDYCt6FnfD7hwmNn0Ii3OeOzRwAIpOkgaDXwwuTY01aSIYZA5eNNCFjp4X
+  s1E4j3ECgYEA+cSOXKyZU34S1pteH2KMmPPSQGQNV61L2jQvfdJuxVX9F2yf9fgM
+  qFViiWr56W6TG1lAVtornDLyvYDx3sY4GCEhW3kiX2ZErzFQTXCQ3GSPxZ3e/xrQ
+  DONkMRLRDxeifl81WlGuAcKFy5kmRfAOyZVMIdGWzang3ohzKB5xZC0CgYEA0lft
+  14bEYEnFjxq/omobOQcz6oaXfvydf6NSIEd6Pi1khtw5DHmXiWnKE9tsbnKC+QfH
+  ADIhMlZzI8ZS7TXrsXc8bxukPry+S877PbG9LldnUaXdmpESTU56IPh7hDtIC1LV
+  jtsaKepicpxEUb3n+ACNIf6hXO92ULHpQ6PBxRMCgYEAmh7nmdgHZLXO+g41Ljip
+  eVg6zPDwKsIMpEC/bWyEXdCJtAKbUjQV22mUvCb+v0Q0EhQo128YqfHmR3lhxo2Z
+  34nSA5fj1epNR62uV5q2SMjkzpR0HgZ1iv5lvMJXrnBvHHuzeGAed4eI9/Ew5McU
+  2N7/c37ZB19kGu0n4gGnBqECgYAzRbm1KqWdrv3YJzYFOgYOvaG7DjnJe3xMy5vO
+  QH4cv+XcNbw2PUFh/oaClp70wTcJywqIErAi3A3O753xMo6UQLNbhgpgPJPKWNbH
+  MBckP6vwrBS7g5dJftKoTMmW7vhdwkBKRUA4bWi39T12C2uK+V9tpOrig4B8pRFu
+  KnGmPwKBgGd6hYp0vhVthAEC+/Aidh0e9ZprB9gmhM9hZvNo8jn4VM6BEVtdFtKP
+  et83FKrVq6+tAHj3Udy2GP3zwB0ccZGDTQXEepuNyMCQ5hJF2EUoc7PzMbATUc6b
+  EiG6E/rIyFyZm/w3FJwiGlE/74RxXCkinc+YQmfGzrFVk3JY1yag
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:
     abstract: false
     layer: site
-  name: calico-node-peer
+  name: kubelet-pod17-node5
   schema: metadata/Document/v1
   storagePolicy: cleartext
 schema: deckhand/CertificateKey/v1
 ---
 data: |
   -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA228brw1/tThwr2MG3Etj
-  VJc18or2iyIAqsn9uFxt7HzE7gHrZjparrMwR77ClL7+tuV1V2k1HmyZPcVA3vc+
-  gHb+/Gsv1NF0H1emcwBjIt68NXyIgw/8mIZnK8v+Zitcr4yyfxt4f8LdZ4ZjLNMA
-  OXS1fteAkP42QKFkZ0lI9UjPavBAg+wK0dlBMrUDucoAXZEK8h98r1C5J/1VSkaT
-  mGjYm6vdZaFyK3rDA02WOwTYYjaahjAibHdRAnQHUVkN6JUHkbdGVwEiNYLFcm4d
-  HeS9oeucMvXUkQ5yMvN8/FEgzdN6l9uVBxg1nxxsWm99/F4DVhRrAipWsg6To3pJ
-  fwIDAQAB
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYkqmbbAUULU3y6kgF4I
+  wc4lIxuwX2t4VMN+ENKeAmYfgwcMkMS+nmndC4MMjWVsn9ssC8mkFcPfw5GJowJQ
+  cZtko0e1/b9UiDc0DLYoSYI7ZyHCIAIGgtAn3algr+pB3814470pJqQL3r8nft79
+  EFKn/vrZMmIXxrX5zHtxsYNGeTV8RX01EuvwG9xPXptsCtDv72qSfnNpCVx7VP+o
+  m2uWFlY5KegepciAopZScSe0V/TX4dblFYe8fwAh6/Qt65SPV79k+lsyhPzeAEqM
+  jvFnHZ6PvQ+Ypwl+dLlkefmjqEendE6N5rfwe4E3zhGdxzULYiOPIanD3txcd/XE
+  QQIDAQAB
   -----END PUBLIC KEY-----
 metadata:
   layeringDefinition:
@@ -2422,31 +3110,31 @@ schema: deckhand/PublicKey/v1
 ---
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIEpAIBAAKCAQEA228brw1/tThwr2MG3EtjVJc18or2iyIAqsn9uFxt7HzE7gHr
-  ZjparrMwR77ClL7+tuV1V2k1HmyZPcVA3vc+gHb+/Gsv1NF0H1emcwBjIt68NXyI
-  gw/8mIZnK8v+Zitcr4yyfxt4f8LdZ4ZjLNMAOXS1fteAkP42QKFkZ0lI9UjPavBA
-  g+wK0dlBMrUDucoAXZEK8h98r1C5J/1VSkaTmGjYm6vdZaFyK3rDA02WOwTYYjaa
-  hjAibHdRAnQHUVkN6JUHkbdGVwEiNYLFcm4dHeS9oeucMvXUkQ5yMvN8/FEgzdN6
-  l9uVBxg1nxxsWm99/F4DVhRrAipWsg6To3pJfwIDAQABAoIBAQCYBhYL5TJA/uUy
-  3Ux3etNKW6hIbPX51ojXyjE5dO/DE33r1vCbVnpU5lfgnMx5+QjG9ZmiAYWHmn1g
-  SjRzRJ/MqKRnhGsS6jmlLThoHDCSi/WgqLJ6+qxpj1QTB7UsW4ZPKQ7Q+Ns2yG5T
-  tssm1tgk9jJ3uh2cVkKH7Eh/NkqRg6OkJeKyQFagaMBYetaOkoggsnWKbO1RKToX
-  7yJFnMbWpkfeMzuT6aGg7qhbdqVOOZIcsJuxmkexRWvJI59kSfQJVNDSkI/FzTd7
-  5PvO+QzXF+CyfYkk/VsTG/5S3YUDpWtEZHCuyIsDnHkWm0cyuOxVKC8qOQBudOhM
-  kxiwwlQBAoGBAO7ycs/MwNhLSxsiXYSfhmT7GKMaCZZTnph8kRcQB1w3Ymx7R3yG
-  4Db8Ef8mdcQMGhNDeIkSe4684PO1+xQfHAuPDNlGBzXFRCsMcFuuR7eTmoJL9NCy
-  p9vJ+Czx6LUG9uiA+3QHzZIVp4vUxRYkAxFFXZ5P1T+0VQ9GBYvto6aBAoGBAOsY
-  KD3Eb3Xo9TZFxk4hxKP1jAOiwZNIjnPt1bBXhrUAvVvXKtXhXTjezYwqysfwc41y
-  Q4M4RFKq+vH6C1bKiBvt0EsfOlMQo4SygfwizOg2QM5HPzE/FutbIXLiqIphxh62
-  +vRMkaqOhnIRIhnwgiBFTv2DxriDDQPBIaakhe//AoGAZ/j9dmhM/ZD9tGfms3/K
-  tgQAu2/n/g6Ssx148MUbvsemvzeBarExvRtAJXsxwUXWzs0MFPEC7KBJbiKghyfm
-  Ry1O1PhAyOf2epjmBy61rC7BC7NLashifCPNJpl4vdSy+YauY9XFYKylhBXoUHMJ
-  FqnNS8bHLvokDQpV/YZBMIECgYEAgfxdY6mVJ1CjJFr4BoNNQoql2+zFszXO7fJ2
-  0IXUiYfbK0iQ+qkc7jDi3blbXalpeq/O/GLEBCFdlyV114ssLqUTIjYl/X+Zqek5
-  TbvAKDS3KFbkbcpAVemRWQBRyBG/hYQOxb0AXZloZPFsNYNxr34i6rFN0v9C1uyW
-  OpmFJOkCgYATbBShSS42L/vLFw16fxqWK3Y8nQngrg9Kls0O2c82a9SCWxqwTieq
-  ZQnEsbTN5WcR+wHnoqD29b9fcFXTGbTcadaAge2KL8hpfrJh8vqlqofqEJuh3xD7
-  Ts69XDvpXOXUla2jajault/2STKAFsnEhXuD/UFCNEmEM7gRaUUpdQ==
+  MIIEpAIBAAKCAQEAsYkqmbbAUULU3y6kgF4Iwc4lIxuwX2t4VMN+ENKeAmYfgwcM
+  kMS+nmndC4MMjWVsn9ssC8mkFcPfw5GJowJQcZtko0e1/b9UiDc0DLYoSYI7ZyHC
+  IAIGgtAn3algr+pB3814470pJqQL3r8nft79EFKn/vrZMmIXxrX5zHtxsYNGeTV8
+  RX01EuvwG9xPXptsCtDv72qSfnNpCVx7VP+om2uWFlY5KegepciAopZScSe0V/TX
+  4dblFYe8fwAh6/Qt65SPV79k+lsyhPzeAEqMjvFnHZ6PvQ+Ypwl+dLlkefmjqEen
+  dE6N5rfwe4E3zhGdxzULYiOPIanD3txcd/XEQQIDAQABAoIBAQCrg4qGagmt99TT
+  sKn34eCv60nxewSPirH7ocme0vsX8jUrTpoTGh/Vxwxn3Lk5uOySGxmYYbuF02/P
+  7kB8HPY+axN0swjdFgTCfCJqzWhqa8ibv/9dENfddN+uw73G9ZeicU0DJ3IkBIP7
+  M80iQqdVJ6VpLkq65A14ScIEjJWwGTcB4Hg/QknStHyaYGKG59OViEwsByh+WgKF
+  +bCFNu345d/J29qS1NSi+AJKEbMakRrGTPNFPV6UjygcthmLua0mJ2BvUVZVpfyW
+  myX/ivnGZCumFU/qqYESsCfIXhnNqQQwTratZVobc4vEBHnHZnw7jruy8bwFC5Dm
+  O66JhGPpAoGBAOteO4sVgd+nKhHwcVWbFfOmuwIf1IbgR/zLfc+kqa/vbIuY8DGR
+  t8j7yaM/ltev2mD7CIK45tO8g5Lllq3LboEXzI3tGNwigUPzv1fl55VgDHFtmjRt
+  SzY/1c5pm6OoT7TciU/PyyLhZSOYJPa5odY35VueJJN/Z8tQTqcdahBrAoGBAMEZ
+  Jp7bqOjtD+IB3VFQIZDCOzOfMrkBnhiywPlwRn8rkoPU36S7aKDOaELwXHrLYJEG
+  vIi2M41ErehCaiHBv9rwLffUwbtAZQOEfRthYCd2lT/I52gIM83Axei6mxBNzqOL
+  Qbbtcm4Q9Beik7anDh5BxbTiwpJRXkprSxRDH3kDAoGADbvB3auzmEk4uzM8abJS
+  5ZSk9MrGq9gKW0XEYYlKHWnq+3pBCaNnBeMrMMtVEeDA7Ue4h2gij9hAFSIwWJO2
+  LvIkjWN4P+ADiuN+FrLjgGPKVhP/G3AFI3U2FIU0/6eifvsfR/jn8XEVZa5K+dp7
+  BvTb/SyNFc4pUEOvUzD0L2ECgYAE5l17hHlpx7Iyevehu5XOdY9JBQ4lcawQVmDd
+  M4MmcPWb0MgIBxVllzdAE5dVKln99BzOn0j5mbeMADtvNdpndNbFxilQVhb6Gt+N
+  1U+6UKEC6Fcu5Z5i5zRebnXG2SKYNc1qFeZkcpuvCdoTtXN/Qw4ARAzJ57Sr0MMr
+  9XQT/wKBgQCTv1ep8B5mIdSMpoef+DyvCiXyNJeVp/Ui/9NO6aExYtR34T+FUxUk
+  pXb9mMVkUhnYKbxCM+DYczghdpPkJCeDmohBvnQvnKu34w4TI9OxrQgYminOCoCB
+  qX97umXbkbH2fILGBXs0M31m6SlLaOw9BoiWiAemGwKTXIC6bG9yRg==
   -----END RSA PRIVATE KEY-----
 metadata:
   layeringDefinition:

diff --git a/site/intel-pod17/secrets/certificates/ingress.yaml b/site/intel-pod17/secrets/certificates/ingress.yaml
index b799fdb..5a30cf1 100644 (file)
--- a/site/intel-pod17/secrets/certificates/ingress.yaml
+++ b/site/intel-pod17/secrets/certificates/ingress.yaml
@@ -14,34 +14,24 @@ metadata:
 schema: deckhand/Certificate/v1
 data: |
   -----BEGIN CERTIFICATE-----
-  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
-  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
-  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
-  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
-  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
-  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
-  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
-  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
-  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
-  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
-  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
-  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
-  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
-  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
-  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
-  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
-  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
-  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
-  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
-  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
-  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
-  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
-  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
-  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
-  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
-  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
-  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  MIIDNjCCAh6gAwIBAgIJAIqyyCruEs0zMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
+  BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ2WhcNMzAwNzA4MjAxNjQ2WjAi
+  MSAwHgYDVQQDDBcqLmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzCCASIwDQYJKoZIhvcN
+  AQEBBQADggEPADCCAQoCggEBAMv+Q9RnipooU3zU9Om0ghzpY2L3TbxShyizObld
+  4SLungyjKy0ElIn4dRQar/x8BF//K/qgQK1P3vhDoosVzQsT6lwQqzOyfVCOetjv
+  HMIjzHjLcYEfSCon8tZwmFzz7v5hAyvP5qQJzCjXOBt52HCMIkLxgScN7lIJMzgv
+  kezZnvfWd0pntitjIoIl/47uQD2nopJiCeA4lF8iz3kAjxeU5fxejlDiQ+sxq+EW
+  CJ2FO8ou95Yh7BauFPr6zAwOuirUroxVjR3J/aLjy0uGsPCDUl6thCwAHoIqdlok
+  F+6SuiZ14rZMq5HmlXT+ALNh+TTyIlLP60uc62N3V5kssAMCAwEAAaN8MHowCQYD
+  VR0TBAIwADAdBgNVHQ4EFgQUfTsTBuqoBACa4kZjMfqLESGFS90wCwYDVR0PBAQD
+  AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAiBgNVHREEGzAZghcq
+  LmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAgMQGUeL5
+  h3Ysj3/zaxUM4Jrb4j6qn2szjz7q/ZPYo46Vdbg789HMvGfsPsLccBAdxIvzfp35
+  OkP6tmFlmNHg22Nmu0G9EKfy+lXuspsMEU2O8S+jFB6mVrQihnq2MXHxXdQzYAEg
+  x4ZAAC78PMHdRjXgfcTufxkwjJx5FHiIQhv3e6f9+Jr8LQLUxDIJTmpNkHXzPgjM
+  tVPUNuqZprX3m3oDM4PXv1xF42I89cNZRvR7/YFl8ZhITAdCOQ7HiJeBO/1Yyd3R
+  zyp7fclTXDZh6s7bmZBfFXDiyJpJeFHInTVrMqK3Q4u0jDmDJH+t01MEUjMaqOlz
+  usMQUi0wphAWpg==
   -----END CERTIFICATE-----
 ...
 ---
@@ -57,28 +47,23 @@ metadata:
 schema: deckhand/CertificateAuthority/v1
 data: |
   -----BEGIN CERTIFICATE-----
-  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
-  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
-  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
-  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
-  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
-  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
-  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
-  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
-  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
-  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
-  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
-  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
-  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
-  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
-  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
-  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
-  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
-  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
-  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
-  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
-  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
-  +g==
+  MIIC/TCCAeWgAwIBAgIJALiv9mc7SJL/MA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
+  BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ1WhcNMzAwNzA4MjAxNjQ1WjAV
+  MRMwEQYDVQQDDAppbmdyZXNzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+  CgKCAQEAsdLuV9LVazMW/f5pQ/yRsKIDm3/W8+dqSvuXqa5wKmkKre3BICauTqcK
+  vDqn4m5MOrYgJJAeFBDpLPIk07XJPSDLZ+04qg621Jv+2fEJipPFmSebUbqdoG/S
+  MBDyzeBb/WKHGhtxcgpBzfnj7HspreIcFLh1TfYHS34uJDpOs4yDv8tWkyEFEAv1
+  w3n1W/wLyVLDHN6KpUVQsAsPzt+4bcYRr4tapU45ZPANEvmfSVSqZIJKeShunyZ8
+  bQIr8b3XCbjY/zexu8+RMXUkb404MR5vvOf8yNfGZEv4xoyMN+BWcE1GbObH1HJf
+  xwor9z1NnlJboyCWDYPp/3EcVjpHzQIDAQABo1AwTjAdBgNVHQ4EFgQUgNkj8PoW
+  nHPtt7Nj7JFCal7vxIEwHwYDVR0jBBgwFoAUgNkj8PoWnHPtt7Nj7JFCal7vxIEw
+  DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj72hoR/6JO22k+2N4RzW
+  4ITjPZRzgbs+LU7MA6Fw4MapSQx5MwgUMI23bez3AG7MefN7E3IKT+j3CDkA5v9S
+  X/pLo7bLvLWVOFjHFqiLZ01xGm9nw7QmpNLmR42PrZTiNx5cBBJAvtkx1i8mY+fA
+  mhAxPzwy7mLkpXkeEha6zDyf5Cuy/42mJ/BpRrAlzaU/59w0YwQuTXzNrp5HIYlI
+  Fy9xE9rME7Y9zy0V2VhaFncmQD+DedJMjm/guBTy1D6Hyl0v+DPfEmLs3NCZ7coG
+  3kHS35ipqgT6GnZpKlqxcpBD2EWN5XC+Romsu1D+1OPc0ZnTUENs9836UFgaOAhT
+  YQ==
   -----END CERTIFICATE-----
 ...
 ---
@@ -94,42 +79,30 @@ metadata:
 schema: deckhand/CertificateKey/v1
 data: |
   -----BEGIN RSA PRIVATE KEY-----
-  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
-  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
-  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
-  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
-  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
-  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
-  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
-  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
-  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
-  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
-  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
-  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
-  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
-  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
-  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
-  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
-  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
-  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
-  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
-  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
-  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
-  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
-  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
-  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
-  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
-  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
-  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
-  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
-  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
-  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
-  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
-  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
-  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
-  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
-  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
-  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
-  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  MIIEpgIBAAKCAQEAy/5D1GeKmihTfNT06bSCHOljYvdNvFKHKLM5uV3hIu6eDKMr
+  LQSUifh1FBqv/HwEX/8r+qBArU/e+EOiixXNCxPqXBCrM7J9UI562O8cwiPMeMtx
+  gR9IKify1nCYXPPu/mEDK8/mpAnMKNc4G3nYcIwiQvGBJw3uUgkzOC+R7Nme99Z3
+  Sme2K2MigiX/ju5APaeikmIJ4DiUXyLPeQCPF5Tl/F6OUOJD6zGr4RYInYU7yi73
+  liHsFq4U+vrMDA66KtSujFWNHcn9ouPLS4aw8INSXq2ELAAegip2WiQX7pK6JnXi
+  tkyrkeaVdP4As2H5NPIiUs/rS5zrY3dXmSywAwIDAQABAoIBAQCCVFXjy69K5H7K
+  n4hGFDSY4ifEX/pDWnrN7wvvOWKQneFOc6UvIuD/8URj7tUHO/jTmETx4BbSY9gx
+  x4x+zhPtgvDVlzS6V8wmfpFQLhyykIqflmNTOrgxbsqAZPmDUbocvcB36mER5syQ
+  P0iyjTtSVMXC/Wclm4nq0cPunr3dktwsVxVpqV/BH2kmFXNQMl57+6jYXvLcM5Nk
+  iA1usA5c+rGozXk2ADsEpBGlm/bz/2zLMpIr9NOylyq3Cy7UtXztnH5jpV2CB2jh
+  JR+e6Md0fd68EHM8g6MnOgwcIZH3jH8ScbqDYq5pAzsYvlgZn/5Srg0YsXV4P3am
+  TPFhCrVhAoGBAOepIpJ+GOzhcrZ8FNAPel9hhOgjnWjEI2kwVmmV48NDLn6ECmGB
+  9MhMBsXeiNuHln0t/sHqimuFCUo4eluUhMu3x17gs30Uc8R3ZOtdmgqk7zpB2arW
+  C7eO8D/U8ctkJPJ8rMRBTzbt0ihxHYPCwr3Yg32INEt3DWuj2pHrgHOTAoGBAOFs
+  +L00jAP/qkF/aIpJfHVRfLpGBol6ZRTUTVlUn1Fj4idydvOUBcSFG+36ft2qMfgu
+  l6NiEh1losdVqq6MoVT+PCm1KQKh07bNrp7aAjSUN5Z1jAHnCPQRjTuvgFZzaa+U
+  mg20MhFn/MBvWK2oF0GnhbN3dcJdM/9M8LzpN3fRAoGBALeFJ9xBhOFzoHqsRZim
+  Cl2xVabJQBQU/bCBGJPAqJSxjg2v8MFaQF7Ey8DJEEZJXZCBdYaNlWakF73yjAws
+  1h7E0m55N/fo0eVcaFiE6FlyXAoczKEnvFSIKg+HVJ26EgL/faZjzqtHL+vV4HnX
+  OotHELPLyRHXmIwjXC2pETN9AoGBAIX34QtwwxVNR72NHm+wpIqEVv/Mxe3GE3SB
+  h0ZjiBsypSCUYiT3/0V/Zc3UZLkPgIriBbRPgDyAPnEAdGMvqGF+hfqzcx/hVJT7
+  P5+gKFdfDnoYeZBX4XZLSAgEkNzP0itKwRML2AWIKymiAq2Ri+C00jyJ7i4IffJn
+  o1phr1lBAoGBAN53tvpr8KzKK6EPy5Q7fZf0nfrA6H4GQhCkLciGZWDPBBLQ2w64
+  3APepY2w6ecgg/Wc2tHtuavoKD1HdSsGE0E09JZ1bXXKHOdwS2s47qITMzHZzmLF
+  7Mtu9Fw2+TEsC/utmtoa3lNaIES4mQMSB2NVCJxEfRySMISlM1NbeVVd
   -----END RSA PRIVATE KEY-----
 ...

diff --git a/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml
index e21876e..d2270aa 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml
+++ b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -1,13 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: apiserver-encryption-key-key1
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
-# use head -c 32 /dev/urandom | base64
-data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+data: HliiOP6v0mr/Ut/3F3EaMi+ySwGMXZjXrIvD06DdFdU=
 ...

diff --git a/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key2.yaml b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key2.yaml
new file mode 100644 (file)
index 0000000..0961a52
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key2.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: apiserver-encryption-key-key2
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: KdSTgZBjuiAGiCDCLxN0zupEXAVL8QXVCG3xpoDAWW4=
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod17/secrets/passphrases/aqua_executor.yaml
similarity index 77%
rename from site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml
rename to site/intel-pod17/secrets/passphrases/aqua_executor.yaml
index af90ec0..da565c0 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/aqua_executor.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
+  name: aqua_executor
   schema: metadata/Document/v1
-  name: osh_tempest_password
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 4e016fdee23330f49442
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod17/secrets/passphrases/aqua_orchestrator.yaml
similarity index 75%
rename from site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml
rename to site/intel-pod17/secrets/passphrases/aqua_orchestrator.yaml
index 2edf0f2..8118840 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/aqua_orchestrator.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
+  name: aqua_orchestrator
   schema: metadata/Document/v1
-  name: osh_keystone_ldap_password
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 4196a0c5553b1f89a63b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..867eff2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_oslo_db_admin_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 4cd27c12008c9f1925e3
+...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_artifactory_password.yaml b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_artifactory_password.yaml
new file mode 100644 (file)
index 0000000..2ea70cd
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_artifactory_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_oslo_db_artifactory_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: ee967e33d13fb25d6735
+...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_audit_password.yaml b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_audit_password.yaml
new file mode 100644 (file)
index 0000000..c903de2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_audit_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_oslo_db_audit_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: f8ec1ec496f21ae9911984c5
+...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_sst_password.yaml b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_sst_password.yaml
new file mode 100644 (file)
index 0000000..20edc8a
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_oslo_db_sst_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_oslo_db_sst_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 2b4dd533625d1d225673
+...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_access_key.yaml b/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_access_key.yaml
new file mode 100644 (file)
index 0000000..96eec3f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_rgw_s3_admin_access_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: bfd0dea7a4f611285532
+...

diff --git a/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_secret_key.yaml b/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_secret_key.yaml
new file mode 100644 (file)
index 0000000..964b784
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/artifactory_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: artifactory_rgw_s3_admin_secret_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 302114310a41157d839b
+...

diff --git a/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml
index 7201502..aeebc70 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml
+++ b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml
@@ -1,12 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ceph_fsid
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-# uuidgen
-data: 7b7576f4-3358-4668-9112-100440079807
+data: b8f87e6e-19ca-4665-9eaa-705d9de1c329
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml
index 9a9af1f..46d2904 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ceph_swift_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: c2c2cd6119b839215387
 ...

diff --git a/site/intel-pod17/secrets/passphrases/control_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/control_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..c5cb94e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/control_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: control_db_admin_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 9da2ef6c8af985399059
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod17/secrets/passphrases/control_db_user_password.yaml
similarity index 73%
rename from site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml
rename to site/intel-pod17/secrets/passphrases/control_db_user_password.yaml
index 2176e71..d424679 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/control_db_user_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
+  name: control_db_user_password
   schema: metadata/Document/v1
-  name: ucp_postgres_replication_password
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: d421b168e30d0200b86d
 ...

diff --git a/site/intel-pod17/secrets/passphrases/control_insight_password.yaml b/site/intel-pod17/secrets/passphrases/control_insight_password.yaml
new file mode 100644 (file)
index 0000000..1fa2c62
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/control_insight_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: control_insight_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 0363656f0436655d1b88
+...

diff --git a/site/intel-pod17/secrets/passphrases/distribution_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/distribution_postgres_password.yaml
new file mode 100644 (file)
index 0000000..947ffbb
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/distribution_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: distribution_postgres_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 3b7d8106e5e00a45ea8e
+...

diff --git a/site/intel-pod17/secrets/passphrases/distribution_redis_password.yaml b/site/intel-pod17/secrets/passphrases/distribution_redis_password.yaml
new file mode 100644 (file)
index 0000000..4092cd8
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/distribution_redis_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: distribution_redis_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 5c403969218eea99dfb3
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/global_passphrase.yaml
similarity index 74%
rename from site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml
rename to site/intel-pod17/secrets/passphrases/global_passphrase.yaml
index abdaa5b..e100c02 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/global_passphrase.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
+  name: global_passphrase
   schema: metadata/Document/v1
-  name: ucp_postgres_exporter_password
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: mWPd8-UhfHeddODwz1TXGNd3
 ...

diff --git a/site/intel-pod17/secrets/passphrases/global_salt.yaml b/site/intel-pod17/secrets/passphrases/global_salt.yaml
new file mode 100644 (file)
index 0000000..c5d28bc
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/global_salt.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: global_salt
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: FQO6ez1aS0EOMEv1y0ae?Moe
+...

diff --git a/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml
index 0b49b62..3e65fd0 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml
@@ -1,13 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ipmi_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
-  labels:
-    name: ipmi-admin-password-site
+    abstract: false
   storagePolicy: cleartext
 data: root
 ...

diff --git a/site/intel-pod17/secrets/passphrases/kasparss_crypt_password.yaml b/site/intel-pod17/secrets/passphrases/kasparss_crypt_password.yaml
deleted file mode 100644 (file)
index e0e57f3..0000000
--- a/site/intel-pod17/secrets/passphrases/kasparss_crypt_password.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kasparss_crypt_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# Pass: password123
-data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
-...

diff --git a/site/intel-pod17/secrets/passphrases/maas-region-key.yaml b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml
index 73d4a69..29b5c2e 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/maas-region-key.yaml
+++ b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml
@@ -1,12 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: maas-region-key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-# openssl rand -hex 10
-data: 9026f6048d6a017dc913
+data: 2610ca1466a610967b8e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_keystone_ranger-agent_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_keystone_ranger-agent_password.yaml
new file mode 100644 (file)
index 0000000..00a149c
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_keystone_ranger-agent_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_keystone_ranger-agent_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 1f315777a20097bd175f
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..0adfcc7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_ranger-agent_oslo_db_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 9b507c12deb83969bfa5
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..e2dbbb9
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_ranger-agent_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_ranger-agent_oslo_messaging_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 7b72d693bd2a5ed7cf6a
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_ranger_admin_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_admin_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..5dd1dda
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_admin_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_ranger_admin_oslo_db_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 321a480812552b7336a5
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..62133cc
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_ranger_oslo_db_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 58dba6634fab9d618f31
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_sst_password.yaml b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_sst_password.yaml
new file mode 100644 (file)
index 0000000..4587190
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_addons_ranger_oslo_db_sst_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_addons_ranger_oslo_db_sst_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 6246846c2b514ade61c6
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml
index c5f866c..e83e234 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_barbican_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 81d61e27283f43107c6b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
index bb19957..67a7e18 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_barbican_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 2a40bf53de32d5ee7a8a
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
index 9bf0217..341b6e9 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_barbican_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 82d4b0a3ecd325f15291
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml
index 5122192..76b2c0b 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_barbican_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 49b51eb652aaf8c75fdb
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
index 32f8dae..ab060d2 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_barbican_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: b8a80c017ee76079f72c
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml
index b22f898..54da3ed 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_cinder_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 4334b35ef18a44842897
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
index 040e657..0c8c00f 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_cinder_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: b24ee59712be5f0f24d1
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
index 5d76ba7..e62096a 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_cinder_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6766eeeaf6d9aef59e65
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml
index 26565db..da3e404 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_cinder_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 3c100d5335a363626794
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
index b1ac8ff..0cba9ef 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_cinder_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 0d763879b2cc170b4d10
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_test_password.yaml
new file mode 100644 (file)
index 0000000..fb9ad40
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_cinder_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 9074a5045a7316388d7f
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml
index 0739069..22e52c7 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_glance_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: b9b4cb6776ff5975fa93
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
index 57db752..d591aed 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_glance_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6546d19d7c8f75975bb7
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
index d103c27..de95c75 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_glance_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 55da947a21fbdb92d6e9
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml
index 93ae0f2..68ce63b 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_glance_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6e443487d422016970b1
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
index 496fae3..924bcd0 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_glance_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: a1380168b04bd43b93d2
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_test_password.yaml
new file mode 100644 (file)
index 0000000..e8d7f4a
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_glance_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: b1a57860260ed26b0553
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml
index 3352d4c..41e8fca 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 1197453ccd2b82a97cc9
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
index 074e688..8b2036c 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6816f32b46947f5a7354
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
index 39f1327..54a274d 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6ac74e28984cbb81647c
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml
index 5777ebb..7ca7b13 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 00d5066ecfcc04211133
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
index 74e2a99..9a7d7ac 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 0a3895e96e31c1cef0b4
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml
index 36db28b..5d5c445 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_stack_user_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 06c494fc73431239bf06
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_test_password.yaml
new file mode 100644 (file)
index 0000000..985b273
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_heat_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 5ecfb0db3050d1876ee2
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml
index 58129ef..2977f08 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_heat_trustee_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 5314abff4622367f1b9e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml
index 7c78d45..6914d49 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_horizon_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 0bdeb5c331a30eb92c0e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_horizon_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_horizon_secret_key.yaml
new file mode 100644 (file)
index 0000000..3bf8fed
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_horizon_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_horizon_secret_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 6a921508-b29f-47c1-a8af-a1764254fa0b
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_dmaap_mechid_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_dmaap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..cbd1c19
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_dmaap_mechid_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_dmaap_mechid_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: password@123
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
index 78c265e..dffee24 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_elasticsearch_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: ecc30a41c669a5d94fd3
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml
index 9232de7..12faa2e 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_grafana_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 784304aeb93212318487
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
index 6d5f49e..73f3d76 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_grafana_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 17b95b8d80f1065116a6
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
index bd4e573..e5aefa0 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_grafana_oslo_db_session_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 10b6f8b95fa1d353812b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_kibana_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_kibana_admin_password.yaml
new file mode 100644 (file)
index 0000000..e66e256
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_kibana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_kibana_admin_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 78652003acb1807ef2cf
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml
index 52dbe16..5510ac1 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_nagios_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: b476fc58d4d05adb92b7
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
index 64f78e1..c443b63 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_openstack_exporter_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: d85c6c4a1437346fc6c4
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
index 9c68e9d..9141509 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_oslo_db_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 40e1fff98f774a9aae9c
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_audit_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_audit_password.yaml
new file mode 100644 (file)
index 0000000..67b89e1
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_audit_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_oslo_db_audit_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 14735c537fa4d19114993a1d
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
index f134f46..cfecffd 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_oslo_db_exporter_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: e0eb681ab3ec0835eea2
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_sst_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_sst_password.yaml
new file mode 100644 (file)
index 0000000..bbb716b
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_sst_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_oslo_db_sst_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: b5e7ed62c1aaa0642a6e
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
index b3df5f6..7da4cb9 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_prometheus_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 5445cb252292fc7ecef0
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_ks_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_ks_password.yaml
new file mode 100644 (file)
index 0000000..4edcede
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_ks_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_rgw_ks_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 87c1e15d9f330cdbf757
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
index 9f64719..f487ac4 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_rgw_s3_admin_access_key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: admin_access_key
+data: 4c05ba07638ef552637a
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
index 3e06f91..a56df5d 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_rgw_s3_admin_secret_key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: admin_secret_key
+data: 84823aa4fea390be81da
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_access_key.yaml
new file mode 100644 (file)
index 0000000..dc8760a
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_rgw_s3_artifactory_access_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 237cbd434aab9b2ef9a7
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_access_key.yaml
new file mode 100644 (file)
index 0000000..f2f5598
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_rgw_s3_artifactory_edge_access_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: ae0bedce798aab5e4894
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_secret_key.yaml
new file mode 100644 (file)
index 0000000..e65248f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_edge_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_rgw_s3_artifactory_edge_secret_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: e76cca7d9079565fed68
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_secret_key.yaml
new file mode 100644 (file)
index 0000000..b63316f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_artifactory_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_infra_rgw_s3_artifactory_secret_key
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: a86e188093b546b2f134
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
index 97c7d23..4bfe501 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_rgw_s3_elasticsearch_access_key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: elastic_access_key
+data: 4be40165cf243849ce24
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
index 60f0134..8e168b9 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_infra_rgw_s3_elasticsearch_secret_key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: elastic_secret_key
+data: 41db866f111b9e98bda7
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_ironic_password.yaml b/site/intel-pod17/secrets/passphrases/osh_ironic_password.yaml
new file mode 100644 (file)
index 0000000..5dc8732
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_ironic_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_ironic_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: df799986b06062b67600
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml
index 6c3f446..8254de6 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_keystone_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 0bbaf9908f63abec8ffb
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..63a18a2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_keystone_ldap_mechid_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: jaBKI5mnShZo
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml
index 07b2206..e971645 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_keystone_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: e28ff33112f431393c5f
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
index aec85c0..44e4286 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_keystone_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 251f79f6619507cb564a
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
index be716f4..98ba6c8 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_keystone_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 8705f5bffc21bf936ecc
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
index ee7e4bd..0ee87aa 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_keystone_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 77053705b0d876d70e06
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_test_password.yaml
new file mode 100644 (file)
index 0000000..e5ccdea
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_keystone_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 1ab4a7eabbfb8caff443
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml
index 4d0b157..c7495dc 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_neutron_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 1c52321dd18be8539320
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
index 4ac42c9..0e66a44 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_neutron_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 02c86d0afc3756f32191
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
index 6be02b9..3e6ecef 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_neutron_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 7167d842dc91f63563f9
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml
index dd0b2b6..7423bba 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_neutron_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6dad3c0076fc2f75adf5
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
index 9e8ff8d..3f24985 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_neutron_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: c3174153efc80db4f9e0
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_test_password.yaml
new file mode 100644 (file)
index 0000000..4cc9c40
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_neutron_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 87f7ec3f8587c42b339f
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
index 37d5c62..dbc4142 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_metadata_proxy_shared_secret
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 97116c2cc10b6432e586
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml
index 2cd60f5..086b0a1 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: de987b0a8d611000bbbe
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
index 487bcc5..e208a45 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: cc66bf25afc7279f48fd
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
index 13569ba..e14016a 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 15cbdb5512e2ba31b3f6
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml
index 4c2223d..52770a6 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: c097b9f5328cb1c48d19
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
index 7a885e6..d26ee15 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_nova_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: bf390ed87e3685e4120f
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_test_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_test_password.yaml
new file mode 100644 (file)
index 0000000..831640c
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_nova_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: c174c2656414b7f92086
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml
index 11747a7..57c41f9 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_oslo_cache_secret_key
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6f53155f59500f1e7891
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml
index 48df9ee..6179e9d 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_oslo_db_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 542429244cb5fa5144d7
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_audit_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_audit_password.yaml
new file mode 100644 (file)
index 0000000..c789f01
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_audit_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_oslo_db_audit_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: e07f4cf97ba8eb6a4b93af8a
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml
index 61b4144..2e79144 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_oslo_db_exporter_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 9347f3f993afdcc54aa7
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_sst_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_sst_password.yaml
new file mode 100644 (file)
index 0000000..095b03f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_sst_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: osh_oslo_db_sst_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 6205c5348408e50800a3
+...

diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
index e7d97e2..aed4d7b 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_oslo_messaging_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 2baf2f74d688f61b01d5
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml
index c72b59a..dd1f7b3 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_placement_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: ba05f4a3db6f5d385cc0
 ...

diff --git a/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
index a3b5a2b..6795073 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: osh_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 44c9d5f99a0dc430d736
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ozone-mariadb-admin-password.yaml b/site/intel-pod17/secrets/passphrases/ozone-mariadb-admin-password.yaml
new file mode 100644 (file)
index 0000000..051fd29
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ozone-mariadb-admin-password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ozone-mariadb-admin-password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 77543b92b70888c87a86
+...

diff --git a/site/intel-pod17/secrets/passphrases/ozone-mariadb-ozoneuser-password.yaml b/site/intel-pod17/secrets/passphrases/ozone-mariadb-ozoneuser-password.yaml
new file mode 100644 (file)
index 0000000..432ded0
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ozone-mariadb-ozoneuser-password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ozone-mariadb-ozoneuser-password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 520dc65817c81cce0262
+...

diff --git a/site/intel-pod17/secrets/passphrases/private_docker_key.yaml b/site/intel-pod17/secrets/passphrases/private_docker_key.yaml
deleted file mode 100644 (file)
index b423174..0000000
--- a/site/intel-pod17/secrets/passphrases/private_docker_key.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: private_docker_key
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-# sample key for potential private docker registry
-# see Docker documentation for info on how to generate the key
-# base64 of password123
-data: cGFzc3dvcmQxMjM=
-...

diff --git a/site/intel-pod17/secrets/passphrases/ro_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ro_keystone_password.yaml
new file mode 100644 (file)
index 0000000..db5224d
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ro_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ro_keystone_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 7d3836bec472b1f52b5b
+...

diff --git a/site/intel-pod17/secrets/passphrases/ro_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ro_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..4a3f755
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ro_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ro_oslo_db_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: b7ff6432ccdfc2933aa1
+...

diff --git a/site/intel-pod17/secrets/passphrases/ro_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ro_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..dc2aef7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ro_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ro_oslo_messaging_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 4b66b507477a671b884b
+...

diff --git a/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml
index 18bd485..517a78a 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml
+++ b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -1,12 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: tenant_ceph_fsid
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-# uuidgen
-data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+data: abd60b4a-bddb-4cfa-8219-80a1b19294f5
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml
new file mode 100644 (file)
index 0000000..c9bfd95
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ubuntu_crypt_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: $6$IKfnXwwYKa2QoNdY$Xc9TJGLvVUV1E2AMiSedzUNaqYc2tT4nTZDbBDBXM8KAx9DlZExkP7LR2JutAk4NdjEYsd.9eP07DIz4CscGs1
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
index 33c4125..b853fbe 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_airflow_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 89c4981c0825adcd6f5b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml
index 8a1d648..f141587 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_airflow_postgres_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: a31326f9cf7f5f2f2125
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml
index 866efcc..4f0aa77 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_armada_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: fea9b3b1e3650aecab84
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml
index cb2da22..f1d7afa 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_barbican_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 164a0ffdadc9ad1f8345
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
index 95a76ed..5b2f60f 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_barbican_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 7fd97744a43f7e20da0a
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml
index 5ee27f2..12d9aed 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_deckhand_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 2b357afcb6076ec8659e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml
index e63319b..396e2f2 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_deckhand_postgres_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: d7ac199f84434fe1dc9e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml
index b8083b5..b4d92c8 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_drydock_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 154e98e5d9dc3ef90514
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml
index 2eff525..75cfe3b 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_drydock_postgres_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 38bd15f7d982b9050fd1
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml
index 91f74fd..8f14ee6 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_keystone_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: e8c0978f627217977f5d
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_ldap_mechid_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_ldap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..485c256
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_ldap_mechid_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_keystone_ldap_mechid_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: jaBKI5mnShZo
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
index a9cb153..ba5ac0d 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_keystone_oslo_db_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6bd6f4cf671aae6ae404
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_test_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_test_password.yaml
new file mode 100644 (file)
index 0000000..54e9c62
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_test_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_keystone_test_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 8a1c6c8f9bcbe9f1008f
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml
index 402c129..d13b16a 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_maas_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 1f87e617edd38f29edb6
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml
index 96ec574..6f2cad3 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_maas_postgres_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: fc586150e1147a00625b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
index b513af4..47caf53 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_openstack_exporter_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 6524330ecaa616f414b9
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml
index b3c1325..0bc3f2c 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_oslo_db_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 54ad0456aa41636984ef
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_audit_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_audit_password.yaml
new file mode 100644 (file)
index 0000000..631e486
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_audit_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_oslo_db_audit_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 7fa670df72ad480bd3551cd0
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_exporter_password.yaml
new file mode 100644 (file)
index 0000000..01d253f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_oslo_db_exporter_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 0fd79883de23224dab16
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_sst_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_sst_password.yaml
new file mode 100644 (file)
index 0000000..36c25fe
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_sst_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_oslo_db_sst_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 2e182479b83b3f0f33a8
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml
index 95d6c0e..aefd9ef 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_oslo_messaging_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: b57377ddd63f59a35f0e
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml
index 546de05..dc29155 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_postgres_admin_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 23d988007e8348692e89
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_audit_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_audit_password.yaml
new file mode 100644 (file)
index 0000000..0d844e9
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_audit_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_postgres_audit_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: ba09e179bda413b215493acb
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_postgres_password.yaml
new file mode 100644 (file)
index 0000000..f93f605
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_postgres_exporter_postgres_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 5db4f4d08d7cf340e3c3
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_replica_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_replica_password.yaml
new file mode 100644 (file)
index 0000000..5588807
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_replica_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_postgres_replica_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 747d2a08baf907500062
+...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml
index ac40d1e..c571bd9 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_promenade_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
 data: password123
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
index 6a2aef9..4e718af 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_rabbitmq_erlang_cookie
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: 66d5e88c2baee8bec7f8
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml
index 181a52a..528712f 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_shipyard_keystone_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
 data: password123
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml
index de0eed7..3ca5fc1 100644 (file)
--- a/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml
+++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -1,11 +1,11 @@
 ---
 schema: deckhand/Passphrase/v1
 metadata:
-  schema: metadata/Document/v1
   name: ucp_shipyard_postgres_password
+  schema: metadata/Document/v1
   layeringDefinition:
-    abstract: false
     layer: site
+    abstract: false
   storagePolicy: cleartext
-data: password123
+data: aa9548df9b68d0b4041b
 ...

diff --git a/site/intel-pod17/secrets/passphrases/ucp_webhook_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_webhook_keystone_password.yaml
new file mode 100644 (file)
index 0000000..51ad440
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_webhook_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: ucp_webhook_keystone_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 2ff5613d2f0e82fbec42
+...

diff --git a/site/intel-pod17/secrets/passphrases/xray_mongo_root_password.yaml b/site/intel-pod17/secrets/passphrases/xray_mongo_root_password.yaml
new file mode 100644 (file)
index 0000000..a6b9a11
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/xray_mongo_root_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: xray_mongo_root_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 264845d431d8770a74d7
+...

diff --git a/site/intel-pod17/secrets/passphrases/xray_mongo_user_password.yaml b/site/intel-pod17/secrets/passphrases/xray_mongo_user_password.yaml
new file mode 100644 (file)
index 0000000..55f05cd
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/xray_mongo_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: xray_mongo_user_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 753439fbb71c765022b4
+...

diff --git a/site/intel-pod17/secrets/passphrases/xray_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/xray_postgres_password.yaml
new file mode 100644 (file)
index 0000000..c6b9013
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/xray_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: xray_postgres_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: 3638fa6b3c97d0a83c01
+...

diff --git a/site/intel-pod17/secrets/passphrases/xray_rabbitmq_password.yaml b/site/intel-pod17/secrets/passphrases/xray_rabbitmq_password.yaml
new file mode 100644 (file)
index 0000000..a74d3aa
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/xray_rabbitmq_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+  name: xray_rabbitmq_password
+  schema: metadata/Document/v1
+  layeringDefinition:
+    layer: site
+    abstract: false
+  storagePolicy: cleartext
+data: e7f9baece7597844b147
+...

diff --git a/site/intel-pod17/site-definition.yaml b/site/intel-pod17/site-definition.yaml
index d89dc73..951ec63 100644 (file)
--- a/site/intel-pod17/site-definition.yaml
+++ b/site/intel-pod17/site-definition.yaml
@@ -8,10 +8,10 @@ metadata:
   name: intel-pod17
   storagePolicy: cleartext
 data:
-  site_type: cntt
+  site_type: cruiserlite
 
   repositories:
     global:
-      revision: v1.7
+      revision: refs/changes/79/755079/2
       url: https://opendev.org/airship/treasuremap.git
 ...

diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644 (file)
index 8d397e4..0000000
--- a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which calico etcd will run and will need certs. It is assumed
-    # that Airship sites will have 3 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis hostname - pod17-node1
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - pod17-node2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - pod17-node3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod17-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod17-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...

diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml
new file mode 100644 (file)
index 0000000..1d34c8a
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml
@@ -0,0 +1,135 @@
+---
+schema: nc/Policy/v1
+metadata:
+  schema: metadata/Document/v1
+  name: site-policy
+  labels:
+    name: site-policy
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: type-policy
+    actions:
+    - method: merge
+      path: .
+  storagePolicy: cleartext
+data:
+  policy:
+    sitelevel:
+      priority: 5
+      rules: []
+    hostendpoints:
+      priority: 9
+      rules:
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node1-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.170
+          node: pod17-node1
+          expectedIPs:
+          - 10.10.170.21
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node1-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.172
+          node: pod17-node1
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node2-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.170
+          node: pod17-node2
+          expectedIPs:
+          - 10.10.170.22
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node2-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.172
+          node: pod17-node2
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node3-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.170
+          node: pod17-node3
+          expectedIPs:
+          - 10.10.170.23
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node3-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.172
+          node: pod17-node3
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node4-oam
+          labels:
+            host: nc-compute
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.170
+          node: pod17-node4
+          expectedIPs:
+          - 10.10.170.24
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node4-ksn
+          labels:
+            host: nc-compute
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.172
+          node: pod17-node4
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node5-oam
+          labels:
+            host: nc-compute
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.170
+          node: pod17-node5
+          expectedIPs:
+          - 10.10.170.25
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod17-node5-ksn
+          labels:
+            host: nc-compute
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.172
+          node: pod17-node5
+...

diff --git a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644 (file)
index dd24889..0000000
--- a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which k8s etcd will run and will need certs. It is assumed
-    # that Airship sites will have 3 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis Exception*
-    # *NOTE: This is an exception in that `genesis` is not the hostname of the
-    # genesis node, but `genesis` is reference here in the certificate names
-    # because of certain Promenade assumptions that may be addressed in the
-    # future. Therefore `genesis` is used instead of `pod17-node1` here.
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - pod17-node2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod17-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod17-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod17-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod17-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - pod17-node3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod17-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod17-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod17-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod17-node3-peer
-        path: $
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...

diff --git a/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
deleted file mode 100644 (file)
index 1620f26..0000000
--- a/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentbit
-  labels:
-    name: fluentbit-type
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: fluentbit-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...

diff --git a/site/intel-pod17/software/charts/osh-infra/fluentd.yaml b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
deleted file mode 100644 (file)
index 0032414..0000000
--- a/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: fluentd
-  labels:
-    name: fluentd-type
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      hosttype: fluentd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data: {}
-...

diff --git a/site/intel-pod17/software/charts/osh-infra/prometheus.yaml b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
deleted file mode 100644 (file)
index c4cd4bf..0000000
--- a/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: prometheus
-  labels:
-    name: prometheus-type
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: prometheus-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      resources:
-        enabled: true
-        prometheus:
-          limits:
-            memory: "4Gi"
-            cpu: "2000m"
-          requests:
-            memory: "2Gi"
-            cpu: "1000m"
-    storage:
-      requests:
-        storage: 10Gi
-...

diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
deleted file mode 100644 (file)
index f7092cd..0000000
--- a/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: libvirt
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: libvirt-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    network:
-      backend:
-        - openvswitch
-        - sriov
-...

diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml
deleted file mode 100644 (file)
index 4431b0b..0000000
--- a/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
----
-# This file defines hardware-specific settings for neutron. If you use the same
-# hardware profile as this environment, you should not need to change this file.
-# Otherwise, you should review the settings here and adjust for your hardware.
-# In particular:
-# 1. logical network interface names
-# 2. physical device mappigns
-# TODO: Should move to global layer and become tied to the hardware profile
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  replacement: true
-  name: neutron
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: neutron-type
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  wait:
-    timeout: 1800
-  test:
-    timeout: 900
-  values:
-    labels:
-      sriov:
-        node_selector_key: sriov
-        node_selector_value: enabled
-    pod:
-      security_context:
-        neutron_sriov_agent:
-          pod:
-            runAsUser: 42424
-          container:
-            neutron_sriov_agent_init:
-              privileged: true
-              runAsUser: 0
-              readOnlyRootFilesystem: false
-            neutron_sriov_agent:
-              readOnlyRootFilesystem: true
-              privileged: true
-    network:
-      interface:
-        sriov:
-          - device: ens785f1
-            num_vfs: 32
-            promisc: false
-      backend:
-        - openvswitch
-        - sriov
-    conf:
-      plugins:
-        ml2_conf:
-          ml2:
-            mechanism_drivers: l2population,openvswitch,sriovnicswitch
-          ml2_type_vlan:
-            ## NOTE: Must have at least 1 sriov network defined
-            network_vlan_ranges: external,sriovnet1:100:4000
-        sriov_agent:
-          securitygroup:
-            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
-          sriov_nic:
-            ## NOTE: Must have at least 1 sriov network to physical device
-            ##       mapping, otherwise sriov agent readiness check
-            ##       will fail.
-            physical_device_mappings: sriovnet1:ens785f1
-            exclude_devices: ""
-...

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
deleted file mode 100644 (file)
index eb921b8..0000000
--- a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for ceph
-# client update
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client-update
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-update-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
-          # your HW matches this site's HW. Verify for your environment.
-          # 8 OSDs per node x 3 nodes = 24
-          osd: 3
-...

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
deleted file mode 100644 (file)
index e1e8ecf..0000000
--- a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
----
-# The purpose of this file is to define envrionment-specific parameters for the
-# ceph client
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-client
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-client-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      pool:
-        target:
-          # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
-          # change if your deployment HW matches this site's HW.
-          osd: 1
-        spec:
-          # RBD pool
-          - name: rbd
-            application: rbd
-            replication: 1
-            percent_total_data: 40
-          - name: cephfs_metadata
-            application: cephfs
-            replication: 1
-            percent_total_data: 5
-          - name: cephfs_data
-            application: cephfs
-            replication: 1
-            percent_total_data: 10
-          # RadosGW pools
-          - name: .rgw.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.control
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.data.root
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.gc
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.intent-log
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.meta
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.usage
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.keys
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.email
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.swift
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.users.uid
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.extra
-            application: rgw
-            replication: 1
-            percent_total_data: 0.1
-          - name: default.rgw.buckets.index
-            application: rgw
-            replication: 1
-            percent_total_data: 3
-          - name: default.rgw.buckets.data
-            application: rgw
-            replication: 1
-            percent_total_data: 34.8
-...

diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
deleted file mode 100644 (file)
index 25297d9..0000000
--- a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-# The purpose of this file is to define environment-specific parameters for
-# ceph-osd
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-osd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-ceph-osd-global
-    actions:
-      - method: replace
-        path: .values.conf.storage.osd
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      storage:
-        osd:
-          - data:
-              type: directory
-              location: /var/lib/ceph/osd/osd-one
-            journal:
-              type: directory
-              location: /var/lib/ceph/journal/osd-one
-...

diff --git a/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
index 41d5a9b..6130675 100644 (file)
--- a/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
+++ b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
@@ -8,6 +8,7 @@
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
+  replacement: true
   name: ucp-divingbell
   layeringDefinition:
     abstract: false
@@ -41,30 +42,18 @@ metadata:
         path: .
     - dest:
         path: .values.conf.uamlite.users[2].user_sshkeys[0]
-      src:
-        schema: deckhand/PublicKey/v1
-        name: kasparss_ssh_public_key
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[2].user_crypt_passwd
-      src:
-        schema: deckhand/Passphrase/v1
-        name: kasparss_crypt_password
-        path: .
-    - dest:
-        path: .values.conf.uamlite.users[3].user_sshkeys[0]
       src:
         schema: deckhand/PublicKey/v1
         name: jorgeas_ssh_public_key
         path: .
     - dest:
-        path: .values.conf.uamlite.users[4].user_sshkeys[0]
+        path: .values.conf.uamlite.users[3].user_sshkeys[0]
       src:
         schema: deckhand/PublicKey/v1
         name: trungdt_ssh_public_key
         path: .
     - dest:
-        path: .values.conf.uamlite.users[5].user_sshkeys[0]
+        path: .values.conf.uamlite.users[4].user_sshkeys[0]
       src:
         schema: deckhand/PublicKey/v1
         name: jamesg_ssh_public_key
@@ -80,9 +69,6 @@ data:
           - user_name: grego
             user_sudo: true
             user_sshkeys: []
-          - user_name: kasparss
-            user_sudo: true
-            user_sshkeys: []
           - user_name: jorgeas
             user_sudo: true
             user_sshkeys: []

diff --git a/site/intel-pod17/software/config/common-software-config.yaml b/site/intel-pod17/software/config/common-software-config.yaml
index 6122372..6d93f11 100644 (file)
--- a/site/intel-pod17/software/config/common-software-config.yaml
+++ b/site/intel-pod17/software/config/common-software-config.yaml
@@ -13,4 +13,7 @@ data:
   osh:
     # NEWSITE-CHANGEME: Replace with the site name
     region_name: intel-pod17
+  location:
+    # NEWSITE-CHANGEME: Replace with the site's corridor (c1 - Dev, c2 - IST, c3 - SIL, prod - PROD)
+    location_corridor: c17
 ...

diff --git a/site/intel-pod17/software/config/corridor.yaml b/site/intel-pod17/software/config/corridor.yaml
new file mode 100644 (file)
index 0000000..f31186a
--- /dev/null
+++ b/site/intel-pod17/software/config/corridor.yaml
@@ -0,0 +1,26 @@
+---
+schema: nc/CorridorConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: corridor-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      corridor: '1'
+      region: 'global'
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  corridor: 'c17'
+  infrastructure:
+    dns:
+      upstream_servers:
+        - 10.10.170.20
+        - 10.10.171.20
+      # Repeat the same values as above, but formatted as a common separated
+      # string
+      upstream_servers_joined: 10.10.170.20, 10.10.171.20
+...

diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/chart-group.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/chart-group.yaml
deleted file mode 100644 (file)
index 73396e7..0000000
--- a/site/intel-pod18/software/charts/osh/openstack-compute-kit/chart-group.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# OVS-DPDK NOTE:
-#   This replacement chartgroup deploys libvirt, openvswitch, neutron and nova
-#   that contains config changes needed to support ovs-dpdk deployment.
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: openstack-compute-kit
-  replacement: true
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: openstack-compute-kit-chart-group-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  description: Deploy Nova, Neutron, Openvswitch, and Libvirt for DPDK
-  chart_group:
-    - libvirt-ovsdpdk
-    - openvswitch-dpdk
-    - neutron-ovsdpdk
-    - nova-ovsdpdk
-...

diff --git a/tools/clean-genesis.sh b/tools/clean-genesis.sh
new file mode 100644 (file)
index 0000000..4d18f78
--- /dev/null
+++ b/tools/clean-genesis.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+
+set -x
+
+log ()  {
+    printf "$(date)\t%s\n" "${1}"
+}
+
+TO_RM=(
+    "/etc/cni"
+    "/etc/coredns"
+    "/etc/etcd"
+    "/etc/genesis"
+    "/etc/kubernetes"
+    "/etc/promenade"
+    "/etc/systemd/system/kubelet.service"
+    "/home/ceph"
+    "/tmp/tmp.*"
+    "/var/lib/etcd"
+    "/var/lib/kubelet"
+    "/var/lib/openstack-helm"
+    "/var/log/containers"
+    "/var/log/pods"
+    "/var/log/armada"
+    "/etc/modprobe.d/krbd_blacklist.conf"
+    "/srv/elasticsearch-data"
+    "/srv/elasticsearch-master"
+    "/srv/prometheus-data"
+)
+
+prune_docker() {
+    log "Docker prune"
+    docker volume prune -f
+    docker system prune -a -f
+}
+
+remove_containers() {
+    log "Remove all Docker containers"
+    docker ps -aq 2> /dev/null | xargs --no-run-if-empty docker rm -fv
+    log "Remove all containerd pods"
+    systemctl restart containerd || true
+    sleep 60
+    crictl rmp -a -f || true
+    log "Remove any remaining containerd containers"
+    crictl rm -a -f || true
+    systemctl stop containerd || true
+}
+
+remove_files() {
+    for item in "${TO_RM[@]}"; do
+        log "Removing ${item}"
+        rm -rf "${item}"
+    done
+}
+
+reset_docker() {
+    log "Remove all local Docker images"
+    docker images -qa | xargs --no-run-if-empty docker rmi -f
+    log "Remove remaining Docker files"
+    systemctl stop docker
+    if ! rm -rf /var/lib/docker/*; then
+        log "Failed to cleanup some files in /var/lib/docker"
+        find /var/lib/docker
+    fi
+    log "Remove all local containerd data"
+    if ! rm -rf /var/lib/containerd/*; then
+        log "Failed to cleanup some files in /var/lib/containerd/"
+        find /var/lib/containerd
+    fi
+}
+
+stop_kubelet() {
+    log "Stop Kubelet and clean pods"
+    systemctl stop kubelet || true
+    # Issue with orhan PODS
+    # https://github.com/kubernetes/kubernetes/issues/38498
+    find /var/lib/kubelet/pods 2> /dev/null | while read orphan_pod; do
+        if [[ ${orphan_pod} == *io~secret/* ]] || [[ ${orphan_pod} == *empty-dir/* ]]; then
+            umount "${orphan_pod}" || true
+            rm -rf "${orphan_pod}"
+        fi
+    done
+}
+
+wipe_disk() {
+    CEPH_VG=$(vgs | tail -n +1 | awk '{print $1}' | grep ceph-vg- | paste -d " "  - -)
+
+    if [[ x$CEPH_VG != 'x' ]]; then
+        vgremove -f $CEPH_VG
+    fi
+
+    log "Wipe out CEPH disks"
+    apt install --yes gdisk
+    echo "====Earsing disk sdb===="
+    sudo sgdisk -Z /dev/sdb
+    sudo dd if=/dev/zero of=/dev/sdb bs=1M count=200
+}
+
+service_exists() {
+    local n=$1
+    if [[ $(systemctl list-units --all -t service --full --no-legend "$n.service" | cut -f1 -d' ') == $n.service ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+FORCE=0
+RESET_DOCKER=0
+while getopts "fk" opt; do
+    case "${opt}" in
+        f)
+            FORCE=1
+            ;;
+        k)
+            RESET_DOCKER=1
+            ;;
+        *)
+            echo "Unknown option"
+            exit 1
+            ;;
+    esac
+done
+
+if [[ $FORCE == "0" ]]; then
+    echo Warning:  This cleanup script is very aggresive.  Run with -f to avoid this prompt.
+    while true; do
+        read -p "Are you sure you wish to proceed with aggressive cleanup?" yn
+        case $yn in
+            [Yy]*)
+                RESET_DOCKER=1
+                break
+                ;;
+            *)
+                echo Exitting.
+                exit 1
+        esac
+    done
+fi
+
+if service_exists kubelet; then
+    stop_kubelet
+    remove_containers
+    remove_files
+    prune_docker
+    systemctl daemon-reload
+    systemctl start containerd.service
+    if [[ $RESET_DOCKER == "1" ]]; then
+        echo "hi"
+        reset_docker
+    fi
+    systemctl start containerd
+#sudo crictl pull docker.io/busybox:1.28.3
+#sudo crictl pull docker.io/haproxy:1.8.19
+    service docker restart
+fi
+wipe_disk
+

diff --git a/tools/deploy.sh b/tools/deploy.sh
index 7fb5273..7a940a6 100755 (executable)
--- a/tools/deploy.sh
+++ b/tools/deploy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -x
+set -ex
 
 export OS_USERNAME=${OS_USERNAME:-shipyard}
 export OS_PASSWORD=${OS_PASSWORD:-password123}
@@ -15,10 +15,10 @@ export TERM_OPTS=${TERM_OPTS:-" "}
 ## Source Environment Variables.
 
 help() {
-  echo "Usage: deploy.sh <site_name> <deploy_site|update_site>"
+  echo "Usage: deploy.sh <site_name> <deploy_site|update_site|update_software>"
 }
 
-if [[ $# -ne 2 ]]
+if [[ $# -lt 2 ]]
   then
     help
     exit 1
@@ -35,6 +35,8 @@ fi
 
 cd ${WORK_DIR}
 
+AIRSHIP_CMD=treasuremap/tools/airship
+
 ## Deps
 
 pkg_check() {
@@ -42,20 +44,15 @@ pkg_check() {
     sudo dpkg -s $pkg &> /dev/null || sudo apt -y install $pkg
   done
 }
-pkg_check docker.io git ipmitool python3-yaml
 
+pkg_check docker.io git ipmitool python3-yaml
 
 
 ## Cleanup
 
 genesis_cleanup() {
 
-  ssh $GEN_SSH sudo systemctl disable kubelet
-  ssh $GEN_SSH sudo systemctl disable docker
-  ssh $GEN_SSH sudo touch /forcefsck
-
   # reset bare-metal servers
-
   ALL_NODES="${GEN_IPMI} ${NODES_IPMI}"
   for node in $ALL_NODES; do
     ipmitool -I lanplus -H $node -U $IPMI_USER -P $IPMI_PASS chassis power off
@@ -66,17 +63,9 @@ genesis_cleanup() {
 
   while ! ssh $GEN_SSH hostname; do :; done
 
-  # cleanup previous k8s/airship install
-
-  ssh $GEN_SSH rm -rf promenade genesis.sh
-  ssh $GEN_SSH git clone https://review.opendev.org/airship/promenade
-  ssh $GEN_SSH sudo promenade/tools/cleanup.sh -f > /dev/null
-
-  ssh $GEN_SSH sudo parted -s /dev/sdb mklabel gpt
-  ssh $GEN_SSH sudo rm -rf /var/lib/ceph
-  ssh $GEN_SSH sudo rm -rf /var/lib/docker
-
-  ssh $GEN_SSH sudo /etc/init.d/docker restart
+  scp $WORK_DIR/airship/tools/clean-genesis.sh $GEN_SSH:
+  ssh $GEN_SSH chmod a+x clean-genesis.sh
+  ssh $GEN_SSH sudo ./clean-genesis.sh -fk 
 }
 
 
@@ -87,7 +76,6 @@ read_yaml() {
 }
 
 git_checkout() {
-
   git clone $1
   cd ${1##*/}
 
@@ -100,7 +88,7 @@ git_checkout() {
   fi
 
   git log -1
-  cd $WORK_DIR
+  cd ..
 }
 
 clone_repos() {
@@ -127,19 +115,89 @@ clone_repos() {
 ## Deployment
 
 pegleg_collect() {
-  sudo -E treasuremap/tools/airship pegleg site \
-    -r /target/airship collect -s collect $SITE_NAME
+  if [ -d "collect/${SITE_NAME}" ]; then
+    sudo rm -rf collect/${SITE_NAME}
+  fi
+  sudo mkdir -p collect/${SITE_NAME}
+  sudo -E ${AIRSHIP_CMD} pegleg site -r /target/airship collect -s collect/${SITE_NAME} $SITE_NAME
+
+#  sudo mkdir -p render/${SITE_NAME}
+#  sudo -E ${AIRSHIP_CMD} pegleg site -r /target/treasuremap render $SITE_NAME \
+#    -s /target/render/${SITE_NAME}/manifest.yaml
+}
+
+pre_genesis() {
+  
+  scp $WORK_DIR/airship/tools/files/seccomp_default $GEN_SSH:
+  ssh $GEN_SSH 'sudo mkdir -p /var/lib/kubelet/seccomp'
+  ssh $GEN_SSH 'sudo chown root:root /var/lib/kubelet/seccomp'
+  ssh $GEN_SSH 'sudo chown root:root ~/seccomp_default'
+  ssh $GEN_SSH 'sudo mv ~/seccomp_default /var/lib/kubelet/seccomp'
+
+  scp $WORK_DIR/airship/tools/files/sources.list $GEN_SSH:
+
+  ssh $GEN_SSH 'sudo cp -n /etc/apt/sources.list /etc/apt/sources.list.orig'
+  ssh $GEN_SSH 'sudo chown root:root ~/sources.list'
+  ssh $GEN_SSH 'sudo mv ~/sources.list /etc/apt/sources.list'
+
+  ssh $GEN_SSH 'wget -qO - http://mirror.mirantis.com/testing/kubernetes-extra/bionic/archive-kubernetes-extra.key | sudo apt-key add -'
+  # thsi fails but appaerntly not required.
+  # ssh $GEN_SSH 'wget -qO - http://linux.dell.com/repo/community/openmanage/930/bionic/dists/bionic/Release.gpg | sudo apt-key add -'
+  ssh $GEN_SSH 'sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32'
+  ssh $GEN_SSH 'sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1285491434D8786F'
+
+  if [ -d "render/${SITE_NAME}" ]; then
+    sudo rm -rf render/${SITE_NAME}
+  fi
+
+  ssh $GEN_SSH 'sudo cp /etc/default/grub /etc/default/grub.orig'
+  ssh $GEN_SSH 'sudo sed -i "/GRUB_CMDLINE_LINUX=\"/c GRUB_CMDLINE_LINUX=\"hugepagesz=1G hugepages=12 transparent_hugepage=never default_hugepagesz=1G dpdk-socket-mem=4096,4096 iommu=pt intel_iommu=on amd_iommu=on cgroup_disable=hugetlb console=ttyS1,115200n8\"" /etc/default/grub'
+  ssh $GEN_SSH 'sudo update-grub'
+
+  # upstream pre-geneis is not ready to be used directly yet
+  # sudo mkdir -p render/${SITE_NAME}
+  # sudo -E ${AIRSHIP_CMD} pegleg site -r /target/treasuremap render $SITE_NAME \
+  #    -s /target/render/${SITE_NAME}/manifest.yaml
+  # sudo -E treasuremap/tools/genesis-setup/pre-genesis.sh render/${SITE_NAME}/manifest.yaml
+}
+
+generate_certs() {
+  # create certificates based on PKI catalogs
+
+  if [ -d "certs/${SITE_NAME}" ]; then
+    sudo rm -rf certs/${SITE_NAME}
+  fi
+
+  sudo mkdir -p certs/${SITE_NAME}
+
+  # remove old certificates before collect
+  sudo rm -f airship/site/${SITE_NAME}/secrets/certificates/certificates.yaml
+
+  pegleg_collect
+
+  sudo -E ${AIRSHIP_CMD} promenade generate-certs -o /target/certs/${SITE_NAME} collect/${SITE_NAME}/*.yaml
+
+  # copy certs
+  mkdir -p airship/site/${SITE_NAME}/secrets/certificates
+  sudo cp certs/${SITE_NAME}/certificates.yaml \
+    airship/site/${SITE_NAME}/secrets/certificates/certificates.yaml
 }
 
 promenade_bundle() {
-  mkdir bundle
-  sudo -E treasuremap/tools/airship promenade build-all \
-    --validators -o /target/bundle /target/collect/*.yaml
+
+  if [ -d "bundle/${SITE_NAME}" ]; then
+    sudo rm -rf bundle/${SITE_NAME}
+  fi
+  sudo mkdir -p bundle/${SITE_NAME}
+
+  PROMENADE_KEY=$(sudo -E ${AIRSHIP_CMD} promenade build-all \
+    --validators -o /target/bundle/${SITE_NAME} /target/collect/${SITE_NAME}/*.yaml | \
+    sed -n '/Copy this decryption key for use during script execution:/{n;p;d;}; x')
 }
 
 genesis_deploy() {
-  scp bundle/genesis.sh $GEN_SSH:
-  ssh $GEN_SSH 'sudo ./genesis.sh' && sleep 120
+  scp bundle/${SITE_NAME}/genesis.sh $GEN_SSH:
+  ssh $GEN_SSH PROMENADE_ENCRYPTION_KEY=$PROMENADE_KEY sudo -E ./genesis.sh
 }
 
 site_action() {
@@ -147,16 +205,25 @@ site_action() {
   # Site deployment with Shipyard, see more details here
   # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#deploy-site-with-shipyard
 
-  sudo -E treasuremap/tools/airship shipyard create configdocs \
-    $SITE_NAME --directory=/target/collect --replace
-  sudo -E treasuremap/tools/airship shipyard commit configdocs
+  sudo -E ${AIRSHIP_CMD} shipyard create configdocs \
+    $SITE_NAME --directory=/target/collect/$SITE_NAME --replace
+  sudo -E ${AIRSHIP_CMD} shipyard commit configdocs
 
-  sudo -E treasuremap/tools/airship shipyard create action \
+  sudo -E ${AIRSHIP_CMD} shipyard create action \
     --allow-intermediate-commits $1
 
   sudo -E treasuremap/tools/gate/wait-for-shipyard.sh
 }
 
+shipyard_action() {
+
+  # Site deployment with Shipyard, see more details here
+  # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#deploy-site-with-shipyard
+
+  sudo -E ${AIRSHIP_CMD} shipyard $1 $2 $3
+}
+
+
 create_public_network() {
   export OS_AUTH_URL=${OS_AUTH_URL_IDENTITY}
   sudo -E treasuremap/tools/openstack stack create --wait \
@@ -165,11 +232,22 @@ create_public_network() {
 }
 
 case "$2" in
+'pre_genesis')
+  pre_genesis
+  ;;
 'deploy_site')
-  genesis_cleanup
+  read -n 1 -p "This script will clean up the genesis node. Continue (Y/N) ?" input
+  case $input in
+    [Yy] ) break;;
+    [Nn] ) exit 1;;
+      * ) echo "Please answer yes or no."; exit 1;
+  esac
+
   clone_repos
   pegleg_collect
   promenade_bundle
+  genesis_cleanup
+  pre_genesis
   genesis_deploy
   site_action $2
   create_public_network
@@ -179,7 +257,20 @@ case "$2" in
   pegleg_collect
   site_action $2
   ;;
+'update_software')
+  clone_repos
+  pegleg_collect
+  site_action $2
+  ;;
+'generate_certs')
+  clone_repos
+  generate_certs
+  ;;
+'shipyard')
+  shipyard_action $3 $4 $5
+  ;;
 *) help
+   echo "*** $2"
    exit 1
   ;;
 esac

diff --git a/tools/files/Corefile-intel-pod17 b/tools/files/Corefile-intel-pod17
new file mode 100644 (file)
index 0000000..c5c093d
--- /dev/null
+++ b/tools/files/Corefile-intel-pod17
@@ -0,0 +1,11 @@
+.:53 {
+    forward . 8.8.8.8 8.8.4.4
+    log
+    errors
+}
+
+intel-pod17.opnfv.org:53 {
+    file /root/coredns/intel-pod17.db
+    log
+    errors
+}

diff --git a/tools/files/certificate/ingress-ca.crt b/tools/files/certificate/ingress-ca.crt
new file mode 100644 (file)
index 0000000..7de203d
--- /dev/null
+++ b/tools/files/certificate/ingress-ca.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIJALiv9mc7SJL/MA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
+BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ1WhcNMzAwNzA4MjAxNjQ1WjAV
+MRMwEQYDVQQDDAppbmdyZXNzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAsdLuV9LVazMW/f5pQ/yRsKIDm3/W8+dqSvuXqa5wKmkKre3BICauTqcK
+vDqn4m5MOrYgJJAeFBDpLPIk07XJPSDLZ+04qg621Jv+2fEJipPFmSebUbqdoG/S
+MBDyzeBb/WKHGhtxcgpBzfnj7HspreIcFLh1TfYHS34uJDpOs4yDv8tWkyEFEAv1
+w3n1W/wLyVLDHN6KpUVQsAsPzt+4bcYRr4tapU45ZPANEvmfSVSqZIJKeShunyZ8
+bQIr8b3XCbjY/zexu8+RMXUkb404MR5vvOf8yNfGZEv4xoyMN+BWcE1GbObH1HJf
+xwor9z1NnlJboyCWDYPp/3EcVjpHzQIDAQABo1AwTjAdBgNVHQ4EFgQUgNkj8PoW
+nHPtt7Nj7JFCal7vxIEwHwYDVR0jBBgwFoAUgNkj8PoWnHPtt7Nj7JFCal7vxIEw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj72hoR/6JO22k+2N4RzW
+4ITjPZRzgbs+LU7MA6Fw4MapSQx5MwgUMI23bez3AG7MefN7E3IKT+j3CDkA5v9S
+X/pLo7bLvLWVOFjHFqiLZ01xGm9nw7QmpNLmR42PrZTiNx5cBBJAvtkx1i8mY+fA
+mhAxPzwy7mLkpXkeEha6zDyf5Cuy/42mJ/BpRrAlzaU/59w0YwQuTXzNrp5HIYlI
+Fy9xE9rME7Y9zy0V2VhaFncmQD+DedJMjm/guBTy1D6Hyl0v+DPfEmLs3NCZ7coG
+3kHS35ipqgT6GnZpKlqxcpBD2EWN5XC+Romsu1D+1OPc0ZnTUENs9836UFgaOAhT
+YQ==
+-----END CERTIFICATE-----

diff --git a/tools/files/certificate/ingress-ca.key b/tools/files/certificate/ingress-ca.key
new file mode 100644 (file)
index 0000000..bdd0634
--- /dev/null
+++ b/tools/files/certificate/ingress-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCx0u5X0tVrMxb9
+/mlD/JGwogObf9bz52pK+5eprnAqaQqt7cEgJq5Opwq8Oqfibkw6tiAkkB4UEOks
+8iTTtck9IMtn7TiqDrbUm/7Z8QmKk8WZJ5tRup2gb9IwEPLN4Fv9YocaG3FyCkHN
++ePseymt4hwUuHVN9gdLfi4kOk6zjIO/y1aTIQUQC/XDefVb/AvJUsMc3oqlRVCw
+Cw/O37htxhGvi1qlTjlk8A0S+Z9JVKpkgkp5KG6fJnxtAivxvdcJuNj/N7G7z5Ex
+dSRvjTgxHm+85/zI18ZkS/jGjIw34FZwTUZs5sfUcl/HCiv3PU2eUlujIJYNg+n/
+cRxWOkfNAgMBAAECggEALapbZtZP1E20c9mnsrvjthaFEqPL0ar2Evd1RS/0wg9j
+nLLXy6fjT3N6QEhX4MAud01aB8myz7hgCRjN+EhQu4/2bGPxD0rkDMlasyFBMAMu
+1VvkeSKRZCgTNCDGGbSqKvHoe/3cLksQBxNLQumGFI9iYrfT+AdcbDilJMyMdXMM
+pqyh135moH/TmPTobMY9jr1pNPq0LOWftg4yvnmrNhr3MqfciJZ6kljZB5vXDUpL
+TvqVb8pHl19O8UHPsWyFk0+4L/kiZbM0yjdmVrlsPza7Vva0LUITFB2krl4WJF2h
+ByToJ3b30crN+5Ccg56wbuXdNtk+TdrulDX6/SxXCQKBgQDcPMDe/hC0RfniTQ+i
+FPGYhMsjHwGE+WTZkHchKXxtcBu3muPQe/DUiFVcTwrlfNt+A3tJPBPR1vh56sa/
+EZsJrNM5hXFuwd3YAqDotyNxxsh0dl5AK63A6rn80BzULQnknx/TOTWagcwnZuBr
+YiMUVnmEtorStKc3OWNO78cBVwKBgQDOsw635GZ37bfX4ndTKSBB+Cf6u/DHX5y8
+rDBo/hd8hWe1Sou/FrsyiApRWv6I/B+5Vaa2m6qaBNPGFREnpaGla+fZ84CuYh1f
+DT2LmzY5w/GchBx5eTOhK80NJpzrBcK9jkfltESsUpQ2wfXZ82RUot1e5ii2rMb4
+c+gH0rOVewKBgHHIhZDvzCuHF6H+VDxV+7fjq5uakktkGeF5jMK6T0mvKPLD+D0n
+O3ZidU96mtOTnUbOf6yHeGnqWXeLf2EJtILcIkjOk5s4V+gY+48fxxUqMThSS0F2
+D4/i9XITB0Hrfvf56hRTs0j/FD2rHfj8u8jvIFsbgD96DAYxBQisQrGDAoGBALwr
+igSi6x3WzXy9cD/GutUTouHB4qq+QiQI5XFPj/YORKFoIdxuRzDzY+E4Y2w1inPg
+o4quIBtitaAoYZukT4oWt9VUthsKuw5jMVo8jJr95KDGLF3xlqztARktw8C5V9XV
+B2L4P2RZMRDAdp5Z00axlbHk+b+DfweEDQHCMTatAoGBAKf7JUi0YEu5/fIrUfrm
+tQXOrEwvnD0jkDp/tQc0+veuraLxCvQXGD86+s1vyIx/ZGhMp9e/dgWsMGG2UAKk
+f8Dpo0M9dW/6R4Y0v7KiRW7OVrvDY0PjRP+6jls2VL3Lcwsow8awbo4TFL0Wlim7
+fdymzMEIIJD0XzfApzKEuvdr
+-----END PRIVATE KEY-----

diff --git a/tools/files/certificate/ingress-ca.pem b/tools/files/certificate/ingress-ca.pem
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tools/files/certificate/ingress-ca.pem.orig b/tools/files/certificate/ingress-ca.pem.orig
new file mode 100644 (file)
index 0000000..7de203d
--- /dev/null
+++ b/tools/files/certificate/ingress-ca.pem.orig
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIJALiv9mc7SJL/MA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
+BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ1WhcNMzAwNzA4MjAxNjQ1WjAV
+MRMwEQYDVQQDDAppbmdyZXNzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAsdLuV9LVazMW/f5pQ/yRsKIDm3/W8+dqSvuXqa5wKmkKre3BICauTqcK
+vDqn4m5MOrYgJJAeFBDpLPIk07XJPSDLZ+04qg621Jv+2fEJipPFmSebUbqdoG/S
+MBDyzeBb/WKHGhtxcgpBzfnj7HspreIcFLh1TfYHS34uJDpOs4yDv8tWkyEFEAv1
+w3n1W/wLyVLDHN6KpUVQsAsPzt+4bcYRr4tapU45ZPANEvmfSVSqZIJKeShunyZ8
+bQIr8b3XCbjY/zexu8+RMXUkb404MR5vvOf8yNfGZEv4xoyMN+BWcE1GbObH1HJf
+xwor9z1NnlJboyCWDYPp/3EcVjpHzQIDAQABo1AwTjAdBgNVHQ4EFgQUgNkj8PoW
+nHPtt7Nj7JFCal7vxIEwHwYDVR0jBBgwFoAUgNkj8PoWnHPtt7Nj7JFCal7vxIEw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj72hoR/6JO22k+2N4RzW
+4ITjPZRzgbs+LU7MA6Fw4MapSQx5MwgUMI23bez3AG7MefN7E3IKT+j3CDkA5v9S
+X/pLo7bLvLWVOFjHFqiLZ01xGm9nw7QmpNLmR42PrZTiNx5cBBJAvtkx1i8mY+fA
+mhAxPzwy7mLkpXkeEha6zDyf5Cuy/42mJ/BpRrAlzaU/59w0YwQuTXzNrp5HIYlI
+Fy9xE9rME7Y9zy0V2VhaFncmQD+DedJMjm/guBTy1D6Hyl0v+DPfEmLs3NCZ7coG
+3kHS35ipqgT6GnZpKlqxcpBD2EWN5XC+Romsu1D+1OPc0ZnTUENs9836UFgaOAhT
+YQ==
+-----END CERTIFICATE-----

diff --git a/tools/files/certificate/ingress-ca.srl b/tools/files/certificate/ingress-ca.srl
new file mode 100644 (file)
index 0000000..f48a4f3
--- /dev/null
+++ b/tools/files/certificate/ingress-ca.srl
@@ -0,0 +1 @@
+8AB2C82AEE12CD33

diff --git a/tools/files/certificate/ingress-crt b/tools/files/certificate/ingress-crt
new file mode 100644 (file)
index 0000000..0cb15d5
--- /dev/null
+++ b/tools/files/certificate/ingress-crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh6gAwIBAgIJAIqyyCruEs0zMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
+BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ2WhcNMzAwNzA4MjAxNjQ2WjAi
+MSAwHgYDVQQDDBcqLmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMv+Q9RnipooU3zU9Om0ghzpY2L3TbxShyizObld
+4SLungyjKy0ElIn4dRQar/x8BF//K/qgQK1P3vhDoosVzQsT6lwQqzOyfVCOetjv
+HMIjzHjLcYEfSCon8tZwmFzz7v5hAyvP5qQJzCjXOBt52HCMIkLxgScN7lIJMzgv
+kezZnvfWd0pntitjIoIl/47uQD2nopJiCeA4lF8iz3kAjxeU5fxejlDiQ+sxq+EW
+CJ2FO8ou95Yh7BauFPr6zAwOuirUroxVjR3J/aLjy0uGsPCDUl6thCwAHoIqdlok
+F+6SuiZ14rZMq5HmlXT+ALNh+TTyIlLP60uc62N3V5kssAMCAwEAAaN8MHowCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUfTsTBuqoBACa4kZjMfqLESGFS90wCwYDVR0PBAQD
+AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAiBgNVHREEGzAZghcq
+LmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAgMQGUeL5
+h3Ysj3/zaxUM4Jrb4j6qn2szjz7q/ZPYo46Vdbg789HMvGfsPsLccBAdxIvzfp35
+OkP6tmFlmNHg22Nmu0G9EKfy+lXuspsMEU2O8S+jFB6mVrQihnq2MXHxXdQzYAEg
+x4ZAAC78PMHdRjXgfcTufxkwjJx5FHiIQhv3e6f9+Jr8LQLUxDIJTmpNkHXzPgjM
+tVPUNuqZprX3m3oDM4PXv1xF42I89cNZRvR7/YFl8ZhITAdCOQ7HiJeBO/1Yyd3R
+zyp7fclTXDZh6s7bmZBfFXDiyJpJeFHInTVrMqK3Q4u0jDmDJH+t01MEUjMaqOlz
+usMQUi0wphAWpg==
+-----END CERTIFICATE-----

diff --git a/tools/files/certificate/ingress-csr b/tools/files/certificate/ingress-csr
new file mode 100644 (file)
index 0000000..df7f144
--- /dev/null
+++ b/tools/files/certificate/ingress-csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC9DCCAdwCAQAwIjEgMB4GA1UEAwwXKi5pbnRlbC1wb2QxNy5vcG5mdi5vcmcw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL/kPUZ4qaKFN81PTptIIc
+6WNi9028Uocoszm5XeEi7p4MoystBJSJ+HUUGq/8fARf/yv6oECtT974Q6KLFc0L
+E+pcEKszsn1QjnrY7xzCI8x4y3GBH0gqJ/LWcJhc8+7+YQMrz+akCcwo1zgbedhw
+jCJC8YEnDe5SCTM4L5Hs2Z731ndKZ7YrYyKCJf+O7kA9p6KSYgngOJRfIs95AI8X
+lOX8Xo5Q4kPrMavhFgidhTvKLveWIewWrhT6+swMDroq1K6MVY0dyf2i48tLhrDw
+g1JerYQsAB6CKnZaJBfukromdeK2TKuR5pV0/gCzYfk08iJSz+tLnOtjd1eZLLAD
+AgMBAAGggYwwgYkGCSqGSIb3DQEJDjF8MHowCQYDVR0TBAIwADAdBgNVHQ4EFgQU
+fTsTBuqoBACa4kZjMfqLESGFS90wCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMCBggrBgEFBQcDATAiBgNVHREEGzAZghcqLmludGVsLXBvZDE3Lm9wbmZ2
+Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAljZ34DiXvqwLE4K2zTHQS76Iy6Sj+pI+
+BFNZxje8PlTgH1vdWHrF3APXoUM6ow/rADoDU1jEnqsFt0K533LRlQbZJXwtj8qG
+6SDJAj4P1qFuaavjtCaqdpwvNY+EModSQK2c0gVgwXVtrL9AkO0jUNk2cGDT7kBU
+BOzBnSH0FvoemDGKxNxUpKsEGIeV6xtqGejKNE3alVAXlsGN5drqgWvQuVXCXEmf
+4H9/PknUNvDCJWwE/DBn7gOtxOhTX0cbU1pY5Z7Q6fmuBKwPmCZ647FNPJx8ru3q
+fJ2Jv4NwEAGasLueV5xKwBTVSr9C3298kPehfklGlqhoAKnjJEpe7w==
+-----END CERTIFICATE REQUEST-----

diff --git a/tools/files/certificate/ingress-key b/tools/files/certificate/ingress-key
new file mode 100644 (file)
index 0000000..c5886ba
--- /dev/null
+++ b/tools/files/certificate/ingress-key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAy/5D1GeKmihTfNT06bSCHOljYvdNvFKHKLM5uV3hIu6eDKMr
+LQSUifh1FBqv/HwEX/8r+qBArU/e+EOiixXNCxPqXBCrM7J9UI562O8cwiPMeMtx
+gR9IKify1nCYXPPu/mEDK8/mpAnMKNc4G3nYcIwiQvGBJw3uUgkzOC+R7Nme99Z3
+Sme2K2MigiX/ju5APaeikmIJ4DiUXyLPeQCPF5Tl/F6OUOJD6zGr4RYInYU7yi73
+liHsFq4U+vrMDA66KtSujFWNHcn9ouPLS4aw8INSXq2ELAAegip2WiQX7pK6JnXi
+tkyrkeaVdP4As2H5NPIiUs/rS5zrY3dXmSywAwIDAQABAoIBAQCCVFXjy69K5H7K
+n4hGFDSY4ifEX/pDWnrN7wvvOWKQneFOc6UvIuD/8URj7tUHO/jTmETx4BbSY9gx
+x4x+zhPtgvDVlzS6V8wmfpFQLhyykIqflmNTOrgxbsqAZPmDUbocvcB36mER5syQ
+P0iyjTtSVMXC/Wclm4nq0cPunr3dktwsVxVpqV/BH2kmFXNQMl57+6jYXvLcM5Nk
+iA1usA5c+rGozXk2ADsEpBGlm/bz/2zLMpIr9NOylyq3Cy7UtXztnH5jpV2CB2jh
+JR+e6Md0fd68EHM8g6MnOgwcIZH3jH8ScbqDYq5pAzsYvlgZn/5Srg0YsXV4P3am
+TPFhCrVhAoGBAOepIpJ+GOzhcrZ8FNAPel9hhOgjnWjEI2kwVmmV48NDLn6ECmGB
+9MhMBsXeiNuHln0t/sHqimuFCUo4eluUhMu3x17gs30Uc8R3ZOtdmgqk7zpB2arW
+C7eO8D/U8ctkJPJ8rMRBTzbt0ihxHYPCwr3Yg32INEt3DWuj2pHrgHOTAoGBAOFs
++L00jAP/qkF/aIpJfHVRfLpGBol6ZRTUTVlUn1Fj4idydvOUBcSFG+36ft2qMfgu
+l6NiEh1losdVqq6MoVT+PCm1KQKh07bNrp7aAjSUN5Z1jAHnCPQRjTuvgFZzaa+U
+mg20MhFn/MBvWK2oF0GnhbN3dcJdM/9M8LzpN3fRAoGBALeFJ9xBhOFzoHqsRZim
+Cl2xVabJQBQU/bCBGJPAqJSxjg2v8MFaQF7Ey8DJEEZJXZCBdYaNlWakF73yjAws
+1h7E0m55N/fo0eVcaFiE6FlyXAoczKEnvFSIKg+HVJ26EgL/faZjzqtHL+vV4HnX
+OotHELPLyRHXmIwjXC2pETN9AoGBAIX34QtwwxVNR72NHm+wpIqEVv/Mxe3GE3SB
+h0ZjiBsypSCUYiT3/0V/Zc3UZLkPgIriBbRPgDyAPnEAdGMvqGF+hfqzcx/hVJT7
+P5+gKFdfDnoYeZBX4XZLSAgEkNzP0itKwRML2AWIKymiAq2Ri+C00jyJ7i4IffJn
+o1phr1lBAoGBAN53tvpr8KzKK6EPy5Q7fZf0nfrA6H4GQhCkLciGZWDPBBLQ2w64
+3APepY2w6ecgg/Wc2tHtuavoKD1HdSsGE0E09JZ1bXXKHOdwS2s47qITMzHZzmLF
+7Mtu9Fw2+TEsC/utmtoa3lNaIES4mQMSB2NVCJxEfRySMISlM1NbeVVd
+-----END RSA PRIVATE KEY-----

diff --git a/tools/files/certificate/mycertfile.pem b/tools/files/certificate/mycertfile.pem
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tools/files/certificate/openssl.cnf b/tools/files/certificate/openssl.cnf
new file mode 100644 (file)
index 0000000..732a5a0
--- /dev/null
+++ b/tools/files/certificate/openssl.cnf
@@ -0,0 +1,23 @@
+[ req ]
+prompt = no
+default_bits = 2048
+distinguished_name  = req_distinguished_name
+encrypt_key = no
+req_extensions = v3_req
+
+[ req_distinguished_name ]
+commonName = *.intel-pod17.opnfv.org
+
+# Allow client and server auth. You may want to only allow server auth.
+# Link to SAN names.
+[v3_req]
+basicConstraints     = CA:FALSE
+subjectKeyIdentifier = hash
+keyUsage             = digitalSignature, keyEncipherment
+extendedKeyUsage     = clientAuth, serverAuth
+subjectAltName       = @alt_names
+
+# Alternative names are specified as IP.# and DNS.# for IP addresses and
+# DNS accordingly.
+[alt_names]
+DNS.1 = *.intel-pod17.opnfv.org

diff --git a/tools/files/intel-pod17.db b/tools/files/intel-pod17.db
new file mode 100644 (file)
index 0000000..de46e07
--- /dev/null
+++ b/tools/files/intel-pod17.db
@@ -0,0 +1,24 @@
+intel-pod17.opnfv.org.        IN  SOA dns.intel-pod17.opnfv.org. admin.intel-pod17.opnfv.org. 2015082541 7200 3600 1209600 3600
+dns.intel-pod17.opnfv.org.     IN  A 10.10.170.20
+iam-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+shipyard-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+cloudformation-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+compute-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+dashboard-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+grafana-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+identity-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+image-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+kibana-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+nagios-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+network-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+nova-novncproxy-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+object-store-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+orchestration-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+placement-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+volume-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+kubernetes-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+mini-mirror-nc.intel-pod17.opnfv.org.   IN  A   10.10.171.129
+ranger-agent-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+ro-nc.intel-pod17.opnfv.org.   IN  A   10.10.170.129
+drydock-nc.intel-pod17.opnfv.org.   IN  A   10.10.171.129
+maas-nc.intel-pod17.opnfv.org.   IN  A   10.10.171.129

diff --git a/tools/files/seccomp_default b/tools/files/seccomp_default
new file mode 100644 (file)
index 0000000..35d26da
--- /dev/null
+++ b/tools/files/seccomp_default
@@ -0,0 +1,767 @@
+{
+       "defaultAction": "SCMP_ACT_ERRNO",
+       "archMap": [
+               {
+                       "architecture": "SCMP_ARCH_X86_64",
+                       "subArchitectures": [
+                               "SCMP_ARCH_X86",
+                               "SCMP_ARCH_X32"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_AARCH64",
+                       "subArchitectures": [
+                               "SCMP_ARCH_ARM"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_MIPS64",
+                       "subArchitectures": [
+                               "SCMP_ARCH_MIPS",
+                               "SCMP_ARCH_MIPS64N32"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_MIPS64N32",
+                       "subArchitectures": [
+                               "SCMP_ARCH_MIPS",
+                               "SCMP_ARCH_MIPS64"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_MIPSEL64",
+                       "subArchitectures": [
+                               "SCMP_ARCH_MIPSEL",
+                               "SCMP_ARCH_MIPSEL64N32"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_MIPSEL64N32",
+                       "subArchitectures": [
+                               "SCMP_ARCH_MIPSEL",
+                               "SCMP_ARCH_MIPSEL64"
+                       ]
+               },
+               {
+                       "architecture": "SCMP_ARCH_S390X",
+                       "subArchitectures": [
+                               "SCMP_ARCH_S390"
+                       ]
+               }
+       ],
+       "syscalls": [
+               {
+                       "names": [
+                               "accept",
+                               "accept4",
+                               "access",
+                               "adjtimex",
+                               "alarm",
+                               "bind",
+                               "brk",
+                               "capget",
+                               "capset",
+                               "chdir",
+                               "chmod",
+                               "chown",
+                               "chown32",
+                               "clock_getres",
+                               "clock_gettime",
+                               "clock_nanosleep",
+                               "close",
+                               "connect",
+                               "copy_file_range",
+                               "creat",
+                               "dup",
+                               "dup2",
+                               "dup3",
+                               "epoll_create",
+                               "epoll_create1",
+                               "epoll_ctl",
+                               "epoll_ctl_old",
+                               "epoll_pwait",
+                               "epoll_wait",
+                               "epoll_wait_old",
+                               "eventfd",
+                               "eventfd2",
+                               "execve",
+                               "execveat",
+                               "exit",
+                               "exit_group",
+                               "faccessat",
+                               "fadvise64",
+                               "fadvise64_64",
+                               "fallocate",
+                               "fanotify_mark",
+                               "fchdir",
+                               "fchmod",
+                               "fchmodat",
+                               "fchown",
+                               "fchown32",
+                               "fchownat",
+                               "fcntl",
+                               "fcntl64",
+                               "fdatasync",
+                               "fgetxattr",
+                               "flistxattr",
+                               "flock",
+                               "fork",
+                               "fremovexattr",
+                               "fsetxattr",
+                               "fstat",
+                               "fstat64",
+                               "fstatat64",
+                               "fstatfs",
+                               "fstatfs64",
+                               "fsync",
+                               "ftruncate",
+                               "ftruncate64",
+                               "futex",
+                               "futimesat",
+                               "getcpu",
+                               "getcwd",
+                               "getdents",
+                               "getdents64",
+                               "getegid",
+                               "getegid32",
+                               "geteuid",
+                               "geteuid32",
+                               "getgid",
+                               "getgid32",
+                               "getgroups",
+                               "getgroups32",
+                               "getitimer",
+                               "getpeername",
+                               "getpgid",
+                               "getpgrp",
+                               "getpid",
+                               "getppid",
+                               "getpriority",
+                               "getrandom",
+                               "getresgid",
+                               "getresgid32",
+                               "getresuid",
+                               "getresuid32",
+                               "getrlimit",
+                               "get_robust_list",
+                               "getrusage",
+                               "getsid",
+                               "getsockname",
+                               "getsockopt",
+                               "get_thread_area",
+                               "gettid",
+                               "gettimeofday",
+                               "getuid",
+                               "getuid32",
+                               "getxattr",
+                               "inotify_add_watch",
+                               "inotify_init",
+                               "inotify_init1",
+                               "inotify_rm_watch",
+                               "io_cancel",
+                               "ioctl",
+                               "io_destroy",
+                               "io_getevents",
+                               "ioprio_get",
+                               "ioprio_set",
+                               "io_setup",
+                               "io_submit",
+                               "ipc",
+                               "kill",
+                               "lchown",
+                               "lchown32",
+                               "lgetxattr",
+                               "link",
+                               "linkat",
+                               "listen",
+                               "listxattr",
+                               "llistxattr",
+                               "_llseek",
+                               "lremovexattr",
+                               "lseek",
+                               "lsetxattr",
+                               "lstat",
+                               "lstat64",
+                               "madvise",
+                               "memfd_create",
+                               "mincore",
+                               "mkdir",
+                               "mkdirat",
+                               "mknod",
+                               "mknodat",
+                               "mlock",
+                               "mlock2",
+                               "mlockall",
+                               "mmap",
+                               "mmap2",
+                               "mprotect",
+                               "mq_getsetattr",
+                               "mq_notify",
+                               "mq_open",
+                               "mq_timedreceive",
+                               "mq_timedsend",
+                               "mq_unlink",
+                               "mremap",
+                               "msgctl",
+                               "msgget",
+                               "msgrcv",
+                               "msgsnd",
+                               "msync",
+                               "munlock",
+                               "munlockall",
+                               "munmap",
+                               "nanosleep",
+                               "newfstatat",
+                               "_newselect",
+                               "open",
+                               "openat",
+                               "pause",
+                               "pipe",
+                               "pipe2",
+                               "poll",
+                               "ppoll",
+                               "prctl",
+                               "pread64",
+                               "preadv",
+                               "preadv2",
+                               "prlimit64",
+                               "pselect6",
+                               "pwrite64",
+                               "pwritev",
+                               "pwritev2",
+                               "read",
+                               "readahead",
+                               "readlink",
+                               "readlinkat",
+                               "readv",
+                               "recv",
+                               "recvfrom",
+                               "recvmmsg",
+                               "recvmsg",
+                               "remap_file_pages",
+                               "removexattr",
+                               "rename",
+                               "renameat",
+                               "renameat2",
+                               "restart_syscall",
+                               "rmdir",
+                               "rt_sigaction",
+                               "rt_sigpending",
+                               "rt_sigprocmask",
+                               "rt_sigqueueinfo",
+                               "rt_sigreturn",
+                               "rt_sigsuspend",
+                               "rt_sigtimedwait",
+                               "rt_tgsigqueueinfo",
+                               "sched_getaffinity",
+                               "sched_getattr",
+                               "sched_getparam",
+                               "sched_get_priority_max",
+                               "sched_get_priority_min",
+                               "sched_getscheduler",
+                               "sched_rr_get_interval",
+                               "sched_setaffinity",
+                               "sched_setattr",
+                               "sched_setparam",
+                               "sched_setscheduler",
+                               "sched_yield",
+                               "seccomp",
+                               "select",
+                               "semctl",
+                               "semget",
+                               "semop",
+                               "semtimedop",
+                               "send",
+                               "sendfile",
+                               "sendfile64",
+                               "sendmmsg",
+                               "sendmsg",
+                               "sendto",
+                               "setfsgid",
+                               "setfsgid32",
+                               "setfsuid",
+                               "setfsuid32",
+                               "setgid",
+                               "setgid32",
+                               "setgroups",
+                               "setgroups32",
+                               "setitimer",
+                               "setpgid",
+                               "setpriority",
+                               "setregid",
+                               "setregid32",
+                               "setresgid",
+                               "setresgid32",
+                               "setresuid",
+                               "setresuid32",
+                               "setreuid",
+                               "setreuid32",
+                               "setrlimit",
+                               "set_robust_list",
+                               "setsid",
+                               "setsockopt",
+                               "set_thread_area",
+                               "set_tid_address",
+                               "setuid",
+                               "setuid32",
+                               "setxattr",
+                               "shmat",
+                               "shmctl",
+                               "shmdt",
+                               "shmget",
+                               "shutdown",
+                               "sigaltstack",
+                               "signalfd",
+                               "signalfd4",
+                               "sigreturn",
+                               "socket",
+                               "socketcall",
+                               "socketpair",
+                               "splice",
+                               "stat",
+                               "stat64",
+                               "statfs",
+                               "statfs64",
+                               "statx",
+                               "symlink",
+                               "symlinkat",
+                               "sync",
+                               "sync_file_range",
+                               "syncfs",
+                               "sysinfo",
+                               "syslog",
+                               "tee",
+                               "tgkill",
+                               "time",
+                               "timer_create",
+                               "timer_delete",
+                               "timerfd_create",
+                               "timerfd_gettime",
+                               "timerfd_settime",
+                               "timer_getoverrun",
+                               "timer_gettime",
+                               "timer_settime",
+                               "times",
+                               "tkill",
+                               "truncate",
+                               "truncate64",
+                               "ugetrlimit",
+                               "umask",
+                               "uname",
+                               "unlink",
+                               "unlinkat",
+                               "utime",
+                               "utimensat",
+                               "utimes",
+                               "vfork",
+                               "vmsplice",
+                               "wait4",
+                               "waitid",
+                               "waitpid",
+                               "write",
+                               "writev"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "personality"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 0,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "personality"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 8,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "personality"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 131072,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "personality"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 131080,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "personality"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 4294967295,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "sync_file_range2"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "arches": [
+                                       "ppc64le"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "arm_fadvise64_64",
+                               "arm_sync_file_range",
+                               "sync_file_range2",
+                               "breakpoint",
+                               "cacheflush",
+                               "set_tls"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "arches": [
+                                       "arm",
+                                       "arm64"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "arch_prctl"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "arches": [
+                                       "amd64",
+                                       "x32"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "modify_ldt"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "arches": [
+                                       "amd64",
+                                       "x32",
+                                       "x86"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "s390_pci_mmio_read",
+                               "s390_pci_mmio_write",
+                               "s390_runtime_instr"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "arches": [
+                                       "s390",
+                                       "s390x"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "open_by_handle_at"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_DAC_READ_SEARCH"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "bpf",
+                               "clone",
+                               "fanotify_init",
+                               "lookup_dcookie",
+                               "mount",
+                               "name_to_handle_at",
+                               "perf_event_open",
+                               "quotactl",
+                               "setdomainname",
+                               "sethostname",
+                               "setns",
+                               "umount",
+                               "umount2",
+                               "unshare"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_ADMIN"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "clone"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 0,
+                                       "value": 2080505856,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_MASKED_EQ"
+                               }
+                       ],
+                       "comment": "",
+                       "includes": {},
+                       "excludes": {
+                               "caps": [
+                                       "CAP_SYS_ADMIN"
+                               ],
+                               "arches": [
+                                       "s390",
+                                       "s390x"
+                               ]
+                       }
+               },
+               {
+                       "names": [
+                               "clone"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [
+                               {
+                                       "index": 1,
+                                       "value": 2080505856,
+                                       "valueTwo": 0,
+                                       "op": "SCMP_CMP_MASKED_EQ"
+                               }
+                       ],
+                       "comment": "s390 parameter ordering for clone is different",
+                       "includes": {
+                               "arches": [
+                                       "s390",
+                                       "s390x"
+                               ]
+                       },
+                       "excludes": {
+                               "caps": [
+                                       "CAP_SYS_ADMIN"
+                               ]
+                       }
+               },
+               {
+                       "names": [
+                               "reboot"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_BOOT"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "chroot"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_CHROOT"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "delete_module",
+                               "init_module",
+                               "finit_module",
+                               "query_module"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_MODULE"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "acct"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_PACCT"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "kcmp",
+                               "process_vm_readv",
+                               "process_vm_writev",
+                               "ptrace"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_PTRACE"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "iopl",
+                               "ioperm"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_RAWIO"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "settimeofday",
+                               "stime",
+                               "clock_settime"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_TIME"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "vhangup"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_TTY_CONFIG"
+                               ]
+                       },
+                       "excludes": {}
+               },
+               {
+                       "names": [
+                               "get_mempolicy",
+                               "mbind",
+                               "set_mempolicy"
+                       ],
+                       "action": "SCMP_ACT_ALLOW",
+                       "args": [],
+                       "comment": "",
+                       "includes": {
+                               "caps": [
+                                       "CAP_SYS_NICE"
+                               ]
+                       },
+                       "excludes": {}            
+               }
+       ]
+}

diff --git a/tools/files/shipyard.sh b/tools/files/shipyard.sh
new file mode 100755 (executable)
index 0000000..a6d5832
--- /dev/null
+++ b/tools/files/shipyard.sh
@@ -0,0 +1,33 @@
+#!/bin/bash 
+#Checks shipyard action status 
+ 
+set -e 
+CONTAINER="shipyard-api" 
+TEMP_RESULT=${TEMP_RESULT:-$(mktemp)} 
+API=$(kubectl get pods -n ucp -l application=shipyard,component=api --no-headers | awk '{print $1}' | head -n 1) 
+# this doesn't actually get exported to environment unless the script is sourced 
+export OS_PASSWORD=$(kubectl exec -it ${API} -n ucp -c ${CONTAINER} -- cat /etc/shipyard/shipyard.conf | grep "password =" | awk '{print $3}' | tr -d '\r') 
+OS_AUTH_URL=$(kubectl exec -it ${API} -n ucp -c ${CONTAINER} -- cat /etc/shipyard/shipyard.conf |grep "auth_uri =" | awk '{print $3}' | tr -d '\r') 
+SHIPYARD_IMAGE=$(kubectl get po ${API} -n ucp -o jsonpath="{.spec.containers[0].image}") 
+SHIPYARD_HOSTPATH="/target" 
+SHIPYARD_IMAGE="${SHIPYARD_IMAGE}" 
+LIST_STEPS=$(mktemp) 
+ 
+# Define Base Docker Command 
+base_docker_command=$(cat << EndOfCommand 
+sudo -E docker run -t --rm --net=host 
+-e no_proxy=${NO_PROXY:-127.0.0.1,localhost,.svc.cluster.local} 
+-e OS_AUTH_URL=${OS_AUTH_URL} 
+-e OS_USERNAME=${OS_USERNAME:-shipyard} 
+-e OS_USER_DOMAIN_NAME=${OS_DOMAIN:-default} 
+-e OS_PASSWORD 
+-e OS_PROJECT_DOMAIN_NAME=${OS_PROJECT_DOMAIN_NAME:-default} 
+-e OS_PROJECT_NAME=${OS_PROJECT_NAME:-service} 
+EndOfCommand 
+) 
+ 
+echo "$OS_AUTH_URL" 
+ 
+# Execute Shipyard CLI 
+ 
+     ${base_docker_command} -v "$(pwd)":"${SHIPYARD_HOSTPATH}" "${SHIPYARD_IMAGE}" "${@}"

diff --git a/tools/files/sources.list b/tools/files/sources.list
new file mode 100644 (file)
index 0000000..eb659ec
--- /dev/null
+++ b/tools/files/sources.list
@@ -0,0 +1,56 @@
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+#deb http://us.archive.ubuntu.com/ubuntu bionic main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+#deb http://us.archive.ubuntu.com/ubuntu bionic-updates main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+#deb http://us.archive.ubuntu.com/ubuntu bionic universe
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic universe
+#deb http://us.archive.ubuntu.com/ubuntu bionic-updates universe
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+#deb http://us.archive.ubuntu.com/ubuntu bionic multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic multiverse
+#deb http://us.archive.ubuntu.com/ubuntu bionic-updates multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+#deb http://us.archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu bionic partner
+# deb-src http://archive.canonical.com/ubuntu bionic partner
+
+#deb http://us.archive.ubuntu.com/ubuntu bionic-security main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-security main restricted
+#deb http://us.archive.ubuntu.com/ubuntu bionic-security universe
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-security universe
+#deb http://us.archive.ubuntu.com/ubuntu bionic-security multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu bionic-security multiverse
+
+deb http://mirror.mirantis.com/testing/ceph-nautilus/bionic bionic main
+deb https://mirror.mirantis.com/testing/kubernetes-extra/bionic bionic main
+deb http://linux.dell.com/repo/community/openmanage/930/bionic bionic main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic main universe multiverse
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main universe multiverse
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main universe multiverse

diff --git a/tools/test.sh b/tools/test.sh
index a41977c..afac473 100755 (executable)
--- a/tools/test.sh
+++ b/tools/test.sh
@@ -45,7 +45,7 @@ object-storage-feature-enabled:
 EOF
 
 cat > openstack.creds << EOF
-export OS_AUTH_URL=http://identity-airship.intel-pod17.opnfv.org/v3
+export OS_AUTH_URL=http://identity-nc.intel-pod17.opnfv.org/v3
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USERNAME=admin

diff --git a/type/cntt/profiles/host/cp-intel-s2600wt.yaml b/type/cntt/profiles/host/cp-intel-s2600wt.yaml
index 1eca33e..a5c49e4 100644 (file)
--- a/type/cntt/profiles/host/cp-intel-s2600wt.yaml
+++ b/type/cntt/profiles/host/cp-intel-s2600wt.yaml
@@ -22,6 +22,11 @@ metadata:
         path: .
 data:
   hardware_profile: intel-s2600wt
+  oob:
+    type: 'ipmi'
+    network: 'dmz'
+    # Not used. Keep for lint purpose
+    account: 'tier4'
 
   primary_network: dmz
   interfaces:
@@ -44,6 +49,13 @@ data:
       networks:
         - private
         - management
+      sriov:
+        num_vfs: 32
+        promisc: false
+      ovs_dpdk:
+        vf_index: 0
+      pci_whitelist:
+        trusted: false
     data2:
       device_link: data2
       slaves:
@@ -51,6 +63,13 @@ data:
       networks:
         - storage
         - public
+      sriov:
+        num_vfs: 32
+        promisc: false
+      ovs_dpdk:
+        vf_index: 0
+      pci_whitelist:
+        trusted: false
 
   storage:
     physical_devices: