--- /dev/null
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
--- /dev/null
+# Akraino Edge Stack
+..............................................................................
+. Copyright (c) 2019 AT&T Intellectual Property. All rights reserved .
+. .
+. Licensed under the Apache License, Version 2.0 (the "License"); you may .
+. not use this file except in compliance with the License. .
+. .
+. You may obtain a copy of the License at .
+. http://www.apache.org/licenses/LICENSE-2.0 .
+. .
+. Unless required by applicable law or agreed to in writing, software .
+. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT .
+. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. .
+. See the License for the specific language governing permissions and .
+. limitations under the License. .
+..............................................................................
+
+The files in this directory were created with the following commands:
+
+(
+rm -rf airship-treasuremap
+git clone https://git.openstack.org/openstack/airship-treasuremap
+cd ./airship-treasuremap;
+git checkout 059857148ad142730b5a69374e44a988cac92378;
+rm -rf .git/ .gitreview .zuul.yaml
+# SR-IOV UPDATES
+sed -i "s/ceph-common=10.2.10/ceph-common=10.2.11/" ./global/v4.0/software/config/versions.yaml
+sed -i -e 's|docker.io/openstackhelm/neutron:ocata|docker.io/openstackhelm/neutron:ocata\n neutron_sriov_agent: \&neutron_sriov docker.io/openstackhelm/neutron:ocata-sriov-1804\n neutron_sriov_agent_init: \&neutron_sriov_init docker.io/openstackhelm/neutron:ocata-sriov-1804|g' ./global/v4.0/software/config/versions.yaml
+sed -i -e 's|neutron_linuxbridge_agent.*|neutron_linuxbridge_agent: *neutron\n neutron_sriov_agent: *neutron_sriov\n neutron_sriov_agent_init: *neutron_sriov_init|g' ./global/v4.0/software/config/versions.yaml
+)
+
+Akraino Team
--- /dev/null
+---
+schema: deckhand/LayeringPolicy/v1
+metadata:
+ schema: metadata/Control/v1
+ name: layering-policy
+data:
+ layerOrder:
+ - global
+ - type
+ - site
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/Script/v1
+data:
+ $schema: http://json-schema.org/schema#
+ type: string
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/SiteDefinition/v1
+data:
+ $schema: http://json-schema.org/schema#
+ type: object
+
+ properties:
+ revision:
+ type: string
+ pattern: '^v.+$'
+ site_type:
+ type: string
+ required:
+ - revision
+ - site_type
+ additionalProperties: false
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: private_docker_key
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+# sample key for potential private docker registry
+# see Docker documentation for info on how to generate the key
+# base64 of password123
+data: cGFzc3dvcmQxMjM=
+...
--- /dev/null
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: airship_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
+...
--- /dev/null
+---
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: airship-target
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: global
+data:
+ signaling: false
+ assets:
+ - path: /etc/systemd/system/airship.target
+ type: unit
+ permissions: '444'
+ data: |
+ [Unit]
+ Description=Airshipt bootaction target
+ After=multi-user.target cloud-init.target
+
+ [Install]
+ WantedBy=graphical.target
+
+ data_pipeline:
+ - utf8_decode
+...
--- /dev/null
+---
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: promjoin-systemd-unit
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ application: 'drydock'
+data:
+ signaling: false
+ assets:
+ - path: /etc/systemd/system/promjoin.service
+ type: unit
+ permissions: '444'
+ data: |
+ [Unit]
+ Description=Promenade Initialization Service
+ After=network-online.target local-fs.target cloud-init.target
+ ConditionPathExists=!/var/lib/prom.done
+
+ [Service]
+ Type=oneshot
+ ExecStart=/opt/promjoin.sh
+
+ [Install]
+ WantedBy=airship.target
+
+ data_pipeline:
+ - utf8_decode
+...
--- /dev/null
+---
+# The global deployment strategy assumes nodes are marked with node_tags
+# of masters and workers.
+schema: shipyard/DeploymentStrategy/v1
+metadata:
+ schema: metadata/Document/v1
+ name: deployment-strategy
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ name: deployment-strategy-global
+ storagePolicy: cleartext
+data:
+ groups:
+ - name: masters
+ critical: true
+ depends_on: []
+ selectors:
+ - node_names: []
+ node_labels: []
+ node_tags:
+ - masters
+ rack_names: []
+ success_criteria:
+ percent_successful_nodes: 100
+ - name: workers
+ critical: true
+ depends_on:
+ - masters
+ selectors:
+ - node_names: []
+ node_labels: []
+ node_tags:
+ - workers
+ rack_names: []
+ success_criteria:
+ percent_successful_nodes: 60
+...
--- /dev/null
+---
+schema: promenade/Genesis/v1
+metadata:
+ schema: metadata/Document/v1
+ name: genesis-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: genesis-global
+ storagePolicy: cleartext
+ substitutions:
+ # Software versions for bootstrapping phase
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.armada.api
+ dest:
+ path: .images.armada
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.armada.tiller
+ dest:
+ path: .images.helm.tiller
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.apiserver.apiserver
+ dest:
+ path: .images.kubernetes.apiserver
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.controller-manager.controller_manager
+ dest:
+ path: .images.kubernetes.controller-manager
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.etcd.etcd
+ dest:
+ path: .images.kubernetes.etcd
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.scheduler.scheduler
+ dest:
+ path: .images.kubernetes.scheduler
+
+ # Site-specific configuration
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .hostname
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.ip
+ dest:
+ path: .ip
+
+ # Command prefix
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .apiserver.command_prefix[1]
+ pattern: SERVICE_CIDR
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_node_port_range
+ dest:
+ path: .apiserver.command_prefix[2]
+ pattern: SERVICE_NODE_PORT_RANGE
+
+data:
+ apiserver:
+ command_prefix:
+ - /apiserver
+ - --service-cluster-ip-range=SERVICE_CIDR
+ - --service-node-port-range=SERVICE_NODE_PORT_RANGE
+ - --authorization-mode=Node,RBAC
+ - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
+ - --endpoint-reconciler-type=lease
+ armada:
+ target_manifest: cluster-bootstrap
+ labels:
+ dynamic:
+ - beta.kubernetes.io/fluentd-ds-ready=true
+ - calico-etcd=enabled
+ - ceph-mds=enabled
+ - ceph-mon=enabled
+ - ceph-osd=enabled
+ - ceph-rgw=enabled
+ - ceph-mgr=enabled
+ - kube-dns=enabled
+ - kube-ingress=enabled
+ - kubernetes-apiserver=enabled
+ - kubernetes-controller-manager=enabled
+ - kubernetes-etcd=enabled
+ - kubernetes-scheduler=enabled
+ - promenade-genesis=enabled
+ - ucp-control-plane=enabled
+ - maas-control-plane=enabled
+ - node-exporter=enabled
+ files:
+ - path: /var/lib/anchor/calico-etcd-bootstrap
+ content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
+ mode: 0644
--- /dev/null
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: DELL_HP_Generic
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ vendor: Dell
+ generation: '8'
+ hw_version: '3'
+ bios_version: '2.2.3'
+ boot_mode: bios
+ bootstrap_protocol: pxe
+ pxe_interface: 0
+ device_aliases: {}
+...
--- /dev/null
+---
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cp-global
+ storagePolicy: cleartext
+ labels:
+ hosttype: cp-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ substitutions:
+ - dest:
+ path: .oob.credential
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ipmi_admin_password
+ path: .
+data:
+ oob:
+ type: 'ipmi'
+ network: 'oob'
+ account: 'root'
+ storage:
+ physical_devices:
+ sda:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ metadata:
+ owner_data:
+ control-plane: enabled
+ ucp-control-plane: enabled
+ openstack-control-plane: enabled
+ openstack-heat: enabled
+ openstack-keystone: enabled
+ openstack-rabbitmq: enabled
+ openstack-dns-helper: enabled
+ openstack-mariadb: enabled
+ openstack-nova-control: enabled
+ openstack-etcd: enabled
+ openstack-mistral: enabled
+ openstack-memcached: enabled
+ openstack-glance: enabled
+ openstack-horizon: enabled
+ openstack-cinder-control: enabled
+ openstack-cinder-volume: control
+ openstack-neutron: enabled
+ openvswitch: enabled
+ ucp-barbican: enabled
+ ceph-bootstrap: enabled
+ ceph-mon: enabled
+ ceph-mgr: enabled
+ ceph-osd: enabled
+ ceph-mds: enabled
+ ceph-rgw: enabled
+ ucp-maas: enabled
+ kube-dns: enabled
+ kubernetes-apiserver: enabled
+ kubernetes-controller-manager: enabled
+ kubernetes-etcd: enabled
+ kubernetes-scheduler: enabled
+ tiller-helm: enabled
+ kube-etcd: enabled
+ calico-policy: enabled
+ calico-node: enabled
+ calico-etcd: enabled
+ ucp-armada: enabled
+ ucp-drydock: enabled
+ ucp-deckhand: enabled
+ ucp-shipyard: enabled
+ IAM: enabled
+ ucp-promenade: enabled
+ prometheus-server: enabled
+ prometheus-client: enabled
+ fluentd: enabled
+ influxdb: enabled
+ kibana: enabled
+ elasticsearch-client: enabled
+ elasticsearch-master: enabled
+ elasticsearch-data: enabled
+ postgresql: enabled
+ kube-ingress: enabled
+ beta.kubernetes.io/fluentd-ds-ready: 'true'
+ node-exporter: enabled
+...
--- /dev/null
+---
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: dp-global
+ labels:
+ hosttype: dp-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .oob.credential
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ipmi_admin_password
+ path: .
+data:
+ oob:
+ type: 'ipmi'
+ network: 'oob'
+ account: 'root'
+ storage:
+ physical_devices:
+ sda:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ metadata:
+ owner_data:
+ openstack-nova-compute: enabled
+ openvswitch: enabled
+ contrail-vrouter: kernel
+ openstack-libvirt: kernel
+ beta.kubernetes.io/fluentd-ds-ready: 'true'
+ node-exporter: enabled
+...
--- /dev/null
+---
+schema: promenade/HostSystem/v1
+metadata:
+ schema: metadata/Document/v1
+ name: host-system
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .files.kubelet
+ dest:
+ path: .files[0].tar_url
+
+ # Initial CoreDNS image (used during node Genesis and node join)
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.coredns.coredns
+ dest:
+ path: .images.coredns
+
+ # Initial CoreDNS image (used during node Genesis and node join)
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.haproxy.haproxy
+ dest:
+ path: .images.haproxy
+
+ # Operational tools
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.armada.helm
+ dest:
+ path: .images.helm.helm
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.kubectl
+ dest:
+ path: .images.kubernetes.kubectl
+
+ # System packages
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.named.docker
+ dest:
+ path: .packages.required.docker
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.named.socat
+ dest:
+ path: .packages.required.socat
+
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.unnamed
+ dest:
+ path: .packages.additional
+
+ # Docker authorization
+ - src:
+ schema: deckhand/Passphrase/v1
+ path: .
+ name: private_docker_key
+ dest:
+ path: .files[2].content
+ pattern: DH_SUB_PRIVATE_DOCKER_KEY
+
+data:
+ files:
+ - path: /opt/kubernetes/bin/kubelet
+ tar_path: kubernetes/node/bin/kubelet
+ mode: 0555
+ - path: /etc/logrotate.d/json-logrotate
+ mode: 0444
+ content: |-
+ /var/lib/docker/containers/*/*-json.log
+ {
+ compress
+ copytruncate
+ create 0644 root root
+ weekly
+ dateext
+ dateformat -%Y%m%d-%s
+ maxsize 100M
+ missingok
+ notifempty
+ su root root
+ rotate 1
+ }
+ - path: /var/lib/kubelet/.dockercfg
+ mode: 0400
+ # NOTE: Sample key, this repo does not exist
+ content: |-
+ {
+ "https://private.registry.com": {
+ "auth": "DH_SUB_PRIVATE_DOCKER_KEY"
+ }
+ }
+
+ packages:
+ repositories:
+ - deb http://apt.dockerproject.org/repo ubuntu-xenial main
+ keys:
+ - |-
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
+ ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
+ mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
+ TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
+ dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
+ X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
+ HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
+ NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
+ hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
+ 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
+ zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
+ tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
+ Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+ AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
+ Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
+ 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
+ uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
+ 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
+ L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
+ YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
+ 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
+ jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
+ HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
+ MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
+ TvBR8Q==
+ =Fm3p
+ -----END PGP PUBLIC KEY BLOCK-----
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: armada/Chart/v1
+ labels:
+ application: armada
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ additionalProperties: true
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: armada/ChartGroup/v1
+ labels:
+ application: armada
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ additionalProperties: true
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: armada/Manifest/v1
+ labels:
+ application: armada
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ additionalProperties: true
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/BaremetalNode/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ addressing:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ address:
+ type: 'string'
+ network:
+ type: 'string'
+ oob:
+ type: 'object'
+ properties:
+ type:
+ type: 'string'
+ network:
+ type: 'string'
+ account:
+ type: 'string'
+ credetial:
+ type: 'string'
+ additionalProperties: true
+ storage:
+ type: 'object'
+ properties:
+ physical_devices:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ labels:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ volume_group:
+ type: 'string'
+ partitions:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ name:
+ type: 'string'
+ size:
+ type: 'string'
+ part_uuid:
+ type: 'string'
+ volume_group:
+ type: 'string'
+ labels:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ bootable:
+ type: 'boolean'
+ volume_group:
+ type: 'string'
+ filesystem:
+ type: 'object'
+ properties:
+ mountpoint:
+ type: 'string'
+ fstype:
+ type: 'string'
+ mount_options:
+ type: 'string'
+ fs_uuid:
+ type: 'string'
+ fs_label:
+ type: 'string'
+ additionalProperties: false
+ additionalProperties: false
+ volume_groups:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ vg_uuid:
+ type: 'string'
+ logical_volumes:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ name:
+ type: 'string'
+ lv_uuid:
+ type: 'string'
+ size:
+ type: 'string'
+ filesystem:
+ type: 'object'
+ properties:
+ mountpoint:
+ type: 'string'
+ fstype:
+ type: 'string'
+ mount_options:
+ type: 'string'
+ fs_uuid:
+ type: 'string'
+ fs_label:
+ type: 'string'
+ platform:
+ type: 'object'
+ properties:
+ image:
+ type: 'string'
+ kernel:
+ type: 'string'
+ kernel_params:
+ type: 'object'
+ additionalProperties: true
+ additionalProperties: false
+ metadata:
+ type: 'object'
+ properties:
+ tags:
+ type: 'array'
+ items:
+ type: 'string'
+ owner_data:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ rack:
+ type: 'string'
+ boot_mac:
+ type: 'string'
+ additionalProperties: false
+ host_profile:
+ type: 'string'
+ hardware_profile:
+ type: 'string'
+ primary_network:
+ type: 'string'
+ interfaces:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ device_link:
+ type: 'string'
+ slaves:
+ type: 'array'
+ items:
+ type: 'string'
+ networks:
+ type: 'array'
+ items:
+ type: 'string'
+ additionalProperties: false
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/BootAction/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ additionalProperties: false
+ properties:
+ signaling:
+ type: 'boolean'
+ assets:
+ type: 'array'
+ items:
+ type: 'object'
+ additionalProperties: false
+ properties:
+ path:
+ type: 'string'
+ pattern: '^/.+'
+ location:
+ type: 'string'
+ type:
+ type: 'string'
+ enum:
+ - 'unit'
+ - 'file'
+ - 'pkg_list'
+ data:
+ type: 'string'
+ location_pipeline:
+ type: 'array'
+ items:
+ type: 'string'
+ enum:
+ - 'template'
+ data_pipeline:
+ type: 'array'
+ items:
+ type: 'string'
+ enum:
+ - 'base64_encode'
+ - 'template'
+ - 'base64_decode'
+ - 'utf8_encode'
+ - 'utf8_decode'
+ permissions:
+ type: 'string'
+ pattern: '\d{3}'
+ required:
+ - 'type'
+ node_filter:
+ type: 'object'
+ additionalProperties: false
+ properties:
+ filter_set_type:
+ type: 'string'
+ enum:
+ - 'intersection'
+ - 'union'
+ filter_set:
+ type: 'array'
+ items:
+ type: 'object'
+ additionalProperties: false
+ properties:
+ filter_type:
+ type: 'string'
+ enum:
+ - 'intersection'
+ - 'union'
+ node_names:
+ type: 'array'
+ items:
+ type: 'string'
+ node_tags:
+ type: 'array'
+ items:
+ type: 'string'
+ node_labels:
+ type: 'object'
+ additionalProperties: true
+ rack_names:
+ type: 'array'
+ items:
+ type: 'string'
+ rack_labels:
+ type: 'object'
+ additionalProperties: true
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/HardwareProfile/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ vendor:
+ type: 'string'
+ generation:
+ type: 'string'
+ hw_version:
+ type: 'string'
+ bios_version:
+ type: 'string'
+ boot_mode:
+ type: 'string'
+ enum:
+ - 'bios'
+ - 'uefi'
+ bootstrap_protocol:
+ type: 'string'
+ enum:
+ - 'pxe'
+ - 'usb'
+ - 'hdd'
+ pxe_interface:
+ type: 'number'
+ device_aliases:
+ type: 'object'
+ additionalProperties: true
+ cpu_sets:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ hugepages:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ propertes:
+ size:
+ type: 'string'
+ count:
+ type: 'number'
+ additionalProperties: false
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/HostProfile/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ oob:
+ type: 'object'
+ properties:
+ type:
+ type: 'string'
+ network:
+ type: 'string'
+ account:
+ type: 'string'
+ credetial:
+ type: 'string'
+ additionalProperties: true
+ storage:
+ type: 'object'
+ properties:
+ physical_devices:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ labels:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ volume_group:
+ type: 'string'
+ partitions:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ name:
+ type: 'string'
+ size:
+ type: 'string'
+ part_uuid:
+ type: 'string'
+ volume_group:
+ type: 'string'
+ labels:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ bootable:
+ type: 'boolean'
+ volume_group:
+ type: 'string'
+ filesystem:
+ type: 'object'
+ properties:
+ mountpoint:
+ type: 'string'
+ fstype:
+ type: 'string'
+ mount_options:
+ type: 'string'
+ fs_uuid:
+ type: 'string'
+ fs_label:
+ type: 'string'
+ additionalProperties: false
+ additionalProperties: false
+ volume_groups:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ vg_uuid:
+ type: 'string'
+ logical_volumes:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ name:
+ type: 'string'
+ lv_uuid:
+ type: 'string'
+ size:
+ type: 'string'
+ filesystem:
+ type: 'object'
+ properties:
+ mountpoint:
+ type: 'string'
+ fstype:
+ type: 'string'
+ mount_options:
+ type: 'string'
+ fs_uuid:
+ type: 'string'
+ fs_label:
+ type: 'string'
+ platform:
+ type: 'object'
+ properties:
+ image:
+ type: 'string'
+ kernel:
+ type: 'string'
+ kernel_params:
+ type: 'object'
+ additionalProperties: true
+ additionalProperties: false
+ metadata:
+ type: 'object'
+ properties:
+ tags:
+ type: 'array'
+ items:
+ type: 'string'
+ owner_data:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ rack:
+ type: 'string'
+ boot_mac:
+ type: 'string'
+ additionalProperties: false
+ host_profile:
+ type: 'string'
+ hardware_profile:
+ type: 'string'
+ primary_network:
+ type: 'string'
+ interfaces:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ device_link:
+ type: 'string'
+ slaves:
+ type: 'array'
+ items:
+ type: 'string'
+ networks:
+ type: 'array'
+ items:
+ type: 'string'
+ sriov:
+ type: 'object'
+ properties:
+ vf_count:
+ type: 'number'
+ trustmode:
+ type: 'boolean'
+ additionalProperties: false
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/Network/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ cidr:
+ type: 'string'
+ ranges:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ type:
+ type: 'string'
+ start:
+ type: 'string'
+ format: 'ipv4'
+ end:
+ type: 'string'
+ format: 'ipv4'
+ additionalProperties: false
+ dns:
+ type: 'object'
+ properties:
+ domain:
+ type: 'string'
+ servers:
+ type: 'string'
+ additionalProperties: false
+ dhcp_relay:
+ type: 'object'
+ properties:
+ self_ip:
+ type: 'string'
+ format: 'ipv4'
+ upstream_target:
+ type: 'string'
+ format: 'ipv4'
+ additionalProperties: false
+ mtu:
+ type: 'number'
+ vlan:
+ type: 'string'
+ routedomain:
+ type: 'string'
+ routes:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ subnet:
+ type: 'string'
+ gateway:
+ type: 'string'
+ format: 'ipv4'
+ metric:
+ type: 'number'
+ routedomain:
+ type: 'string'
+ additionalProperties: false
+ labels:
+ type: 'object'
+ additionalProperties: true
+ additionalProperties: false
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/NetworkLink/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ bonding:
+ type: 'object'
+ properties:
+ mode:
+ type: 'string'
+ hash:
+ type: 'string'
+ peer_rate:
+ type: 'string'
+ mon_rate:
+ type: 'number'
+ up_delay:
+ type: 'number'
+ down_delay:
+ type: 'number'
+ additionalProperties: false
+ mtu:
+ type: 'number'
+ linkspeed:
+ type: 'string'
+ trunking:
+ type: 'object'
+ properties:
+ mode:
+ type: 'string'
+ default_network:
+ type: 'string'
+ additionalProperties: false
+ allowed_networks:
+ type: 'array'
+ items:
+ type: 'string'
+ labels:
+ type: 'object'
+ additionalProperties: true
+ additionalProperties: false
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/Rack/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ tor_switches:
+ type: 'object'
+ properties:
+ mgmt_ip:
+ type: 'string'
+ format: 'ipv4'
+ sdn_api_uri:
+ type: 'string'
+ format: 'uri'
+ location:
+ type: 'object'
+ properties:
+ clli:
+ type: 'string'
+ grid:
+ type: 'string'
+ local_networks:
+ type: 'array'
+ items:
+ type: 'string'
+ labels:
+ type: 'object'
+ additionalProperties: true
+ additionalProperties: false
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: drydock/Region/v1
+ labels:
+ application: drydock
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ tag_definitions:
+ type: 'array'
+ items:
+ type: 'object'
+ properties:
+ tag:
+ type: 'string'
+ definition_type:
+ type: 'string'
+ enum:
+ - 'lshw_xpath'
+ definition:
+ type: 'string'
+ additionalProperties: false
+ authorized_keys:
+ type: 'array'
+ items:
+ type: 'string'
+ repositories:
+ # top level is class (e.g. apt, rpm)
+ type: 'object'
+ properties:
+ remove_unlisted:
+ type: 'boolean'
+ additionalPropties:
+ type: 'object'
+ properties:
+ repo_type:
+ type: 'string'
+ pattern: 'apt|rpm'
+ url:
+ type: 'string'
+ distributions:
+ type: 'array'
+ items:
+ type: 'string'
+ subrepos:
+ type: 'array'
+ items:
+ type: 'string'
+ components:
+ type: 'array'
+ items:
+ type: 'string'
+ gpgkey:
+ type: 'string'
+ arches:
+ type: 'array'
+ items:
+ type: 'string'
+ options:
+ type: 'object'
+ additionalProperties:
+ type: 'string'
+ additionalProperties: false
+ required:
+ - 'repo_type'
+ - 'url'
+ - 'arches'
+ additionalProperties: false
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/AccountCatalogue/v1
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: object
+ properties:
+ ucp:
+ type: object
+ properties:
+ postgres:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ keystone:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ promenade:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ region_name:
+ type: string
+ role:
+ type: string
+ project_name:
+ type: string
+ project_domain_name:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ drydock:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ region_name:
+ type: string
+ role:
+ type: string
+ project_name:
+ type: string
+ project_domain_name:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ postgres:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ shipyard:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ region_name:
+ type: string
+ role:
+ type: string
+ project_name:
+ type: string
+ project_domain_name:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ postgres:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ airflow:
+ type: object
+ properties:
+ postgres:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ username:
+ type: string
+ maas:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ email:
+ type: string
+ postgres:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ barbican:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ region_name:
+ type: string
+ role:
+ type: string
+ project_name:
+ type: string
+ project_domain_name:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ username:
+ type: string
+ armada:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ project_domain_name:
+ type: string
+ project_name:
+ type: string
+ region_name:
+ type: string
+ role:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ deckhand:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ region_name:
+ type: string
+ role:
+ type: string
+ project_name:
+ type: string
+ project_domain_name:
+ type: string
+ user_domain_name:
+ type: string
+ username:
+ type: string
+ postgres:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ ceph:
+ type: object
+ properties:
+ swift:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ osh:
+ type: object
+ properties:
+ keystone:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ keystone:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ cinder:
+ type: object
+ properties:
+ cinder:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ cinder:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ glance:
+ type: object
+ properties:
+ glance:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ glance:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ ceph_object_store:
+ type: object
+ properties:
+ username:
+ type: string
+ heat:
+ type: object
+ properties:
+ heat:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ heat_trustee:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ heat_stack_user:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ heat:
+ type: object
+ properties:
+ username:
+ type: string
+ swift:
+ type: object
+ properties:
+ swift:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ neutron:
+ type: object
+ properties:
+ neutron:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ neutron:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ nova:
+ type: object
+ properties:
+ nova:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ placement:
+ type: object
+ properties:
+ role:
+ type: string
+ region_name:
+ type: string
+ username:
+ type: string
+ project_name:
+ type: string
+ user_domain_name:
+ type: string
+ project_domain_name:
+ type: string
+ oslo_messaging:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ nova:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_db_api:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_db_cell0:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ horizon:
+ type: object
+ properties:
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ osh_infra:
+ type: object
+ properties:
+ grafana:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ oslo_db_session:
+ type: object
+ properties:
+ username:
+ type: string
+ database:
+ type: string
+ elasticsearch:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ oslo_db:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+ prometheus_openstack_exporter:
+ type: object
+ properties:
+ user:
+ type: object
+ properties:
+ username:
+ type: string
+ nagios:
+ type: object
+ properties:
+ admin:
+ type: object
+ properties:
+ username:
+ type: string
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/CommonAddresses/v1
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: object
+ properties:
+ calico:
+ type: object
+ properties:
+ ip_autodetection_method:
+ type: string
+ etcd:
+ type: object
+ properties:
+ service_ip:
+ type: string
+ dns:
+ type: object
+ properties:
+ cluster_domain:
+ type: string
+ service_ip:
+ type: string
+ upstream_servers:
+ type: array
+ items:
+ type: string
+ upstream_servers_joined:
+ type: string
+ genesis:
+ type: object
+ properties:
+ hostname:
+ type: string
+ ip:
+ type: string
+ bootstrap:
+ type: object
+ properties:
+ ip:
+ type: string
+ kubernetes:
+ type: object
+ properties:
+ api_service_ip:
+ type: string
+ etcd_service_ip:
+ type: string
+ pod_cidr:
+ type: string
+ service_cidr:
+ type: string
+ apiserver_port:
+ type: number
+ haproxy_port:
+ type: number
+ service_node_port_range:
+ type: string
+ etcd:
+ type: object
+ properties:
+ container_port:
+ type: number
+ haproxy_port:
+ type: number
+ masters:
+ type: array
+ items:
+ type: object
+ properties:
+ hostname:
+ type: string
+ node_ports:
+ type: object
+ properties:
+ drydock_api:
+ type: number
+ maas_api:
+ type: number
+ maas_proxy:
+ type: number
+ shipyard_api:
+ type: number
+ airflow_web:
+ type: number
+ ntp:
+ type: object
+ properties:
+ servers_joined:
+ type: string
+ storage:
+ type: object
+ properties:
+ ceph:
+ type: object
+ properties:
+ public_cidr:
+ type: string
+ cluster_cidr:
+ type: string
+ openvswitch:
+ type: object
+ properties:
+ external_iface:
+ type: string
+ neutron:
+ type: object
+ properties:
+ tunnel_device:
+ type: string
+ external_iface:
+ type: string
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/CommonSoftwareConfig/v1
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: object
+ properties:
+ osh:
+ type: object
+ properties:
+ region_name:
+ type: string
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/EndpointCatalogue/v1
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ # Namespace the list of endpoints
+ additionalProperties:
+ type: 'object'
+ additionalProperties:
+ type: 'object'
+ properties:
+ namespace:
+ oneOf:
+ - type: string
+ - type: "null"
+ name:
+ type: string
+ auth:
+ type: object
+ hosts:
+ type: object
+ properties:
+ data:
+ type: string
+ default:
+ type: string
+ discovery:
+ type: string
+ public:
+ type: string
+ internal:
+ type: string
+ additionalProperties:
+ type: string
+ host_fqdn_override:
+ oneOf:
+ - type: object
+ properties:
+ default:
+ oneOf:
+ - type: string
+ - type: "null"
+ - type: object
+ properties:
+ host:
+ type: string
+ tls:
+ type: object
+ properties:
+ crt:
+ type: string
+ ca:
+ type: string
+ key:
+ type: string
+ additionalProperties:
+ type: string
+ public:
+ oneOf:
+ - type: string
+ - type: "null"
+ - type: object
+ properties:
+ host:
+ type: string
+ tls:
+ type: object
+ properties:
+ crt:
+ type: string
+ ca:
+ type: string
+ key:
+ type: string
+ additionalProperties:
+ type: string
+ internal:
+ oneOf:
+ - type: string
+ - type: "null"
+ - type: object
+ properties:
+ host:
+ type: string
+ tls:
+ type: object
+ properties:
+ crt:
+ type: string
+ ca:
+ type: string
+ key:
+ type: string
+ additionalProperties:
+ type: string
+ additionalProperties:
+ type: string
+ - type: "null"
+ path:
+ oneOf:
+ - type: object
+ properties:
+ default:
+ oneOf:
+ - type: string
+ - type: "null"
+ public:
+ type: string
+ internal:
+ type: string
+ additionalProperties:
+ type: string
+ - type: string
+ scheme:
+ oneOf:
+ - type: object
+ properties:
+ default:
+ type: string
+ public:
+ type: string
+ internal:
+ type: string
+ additionalProperties:
+ type: string
+ - type: string
+ port:
+ type: object
+ additionalProperties:
+ type: object
+ properties:
+ default:
+ type: number
+ public:
+ type: number
+ internal:
+ type: number
+ additionalProperties:
+ type: number
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: pegleg/SoftwareVersions/v1
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: object
+ properties:
+ charts:
+ type: object
+ properties:
+ kubernetes:
+ type: object
+ properties:
+ calico:
+ type: object
+ properties:
+ etcd:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ etcd-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ calico:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ apiserver:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ apiserver-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ controller-manager:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ controller-manager-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ coredns:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ coredns-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ haroxy:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ haroxy-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ etcd:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ etcd-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ingress:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ingress-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ proxy:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ proxy-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ scheduler:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ scheduler-htk:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ osh_infra:
+ type: object
+ properties:
+ elasticsearch:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ fluent_logging:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ kibana:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ prometheus:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ prometheus_node_exporter:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ prometheus_kube_state_metrics:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ prometheus_alertmanager:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ grafana:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ prometheus_openstack_exporter:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ nagios:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ osh:
+ type: object
+ properties:
+ barbican:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ cinder:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ glance:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ heat:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ horizon:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ingress:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ keystone:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ libvirt:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ mariadb:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ memcached:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ neutron:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ nova:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ openvswitch:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ rabbitmq:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ucp:
+ type: object
+ properties:
+ armada:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ barbican:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ceph-mon:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ceph-osd:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ceph-client:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ deckhand:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ drydock:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ ingress:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ postgresql:
+ type: object
+
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ promenade:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ keystone:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ maas:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ mariadb:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ memcached:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ rabbitmq:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ rabbitmq-etcd:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ shipyard:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ tiller:
+ type: object
+ properties:
+ type:
+ type: string
+ location:
+ type: string
+ subpath:
+ type: string
+ reference:
+ type: string
+ files:
+ type: object
+ properties:
+ kubelet:
+ type: string
+ images:
+ type: object
+ properties:
+ ucp:
+ type: object
+ properties:
+ armada:
+ type: object
+ properties:
+ api:
+ type: string
+ dep_check:
+ type: string
+ ks_endpoints:
+ type: string
+ ks_service:
+ type: string
+ ks_user:
+ type: string
+ helm:
+ type: string
+ tiller:
+ type: string
+ promenade:
+ type: object
+ properties:
+ dep_check:
+ type: string
+ promenade:
+ type: string
+ ks_user:
+ type: string
+ ks_service:
+ type: string
+ ks_endpoints:
+ type: string
+ deckhand:
+ type: object
+ properties:
+ deckhand:
+ type: string
+ dep_check:
+ type: string
+ db_init:
+ type: string
+ db_sync:
+ type: string
+ ks_endpoints:
+ type: string
+ ks_service:
+ type: string
+ ks_user:
+ type: string
+ barbican:
+ type: object
+ properties:
+ bootstrap:
+ type: string
+ dep_check:
+ type: string
+ scripted_test:
+ type: string
+ db_init:
+ type: string
+ barbican_db_sync:
+ type: string
+ db_drop:
+ type: string
+ ks_endpoints:
+ type: string
+ ks_service:
+ type: string
+ ks_user:
+ type: string
+ barbican_api:
+ type: string
+ drydock:
+ type: object
+ properties:
+ drydock:
+ type: string
+ dep_check:
+ type: string
+ ks_endpoints:
+ type: string
+ ks_service:
+ type: string
+ ks_user:
+ type: string
+ drydock_db_init:
+ type: string
+ drydock_db_sync:
+ type: string
+ shipyard:
+ type: object
+ properties:
+ airflow:
+ type: string
+ shipyard:
+ type: string
+ dep_check:
+ type: string
+ shipyard_db_init:
+ type: string
+ shipyard_db_sync:
+ type: string
+ airflow_db_init:
+ type: string
+ airflow_db_sync:
+ type: string
+ ks_user:
+ type: string
+ ks_service:
+ type: string
+ ks_endpoints:
+ type: string
+ maas:
+ type: object
+ properties:
+ db_init:
+ type: string
+ db_sync:
+ type: string
+ maas_rack:
+ type: string
+ maas_region:
+ type: string
+ bootstrap:
+ type: string
+ export_api_key:
+ type: string
+ maas_cache:
+ type: string
+ dep_check:
+ type: string
+ keystone:
+ type: object
+ properties:
+ keystone_bootstrap:
+ type: string
+ test:
+ type: string
+ db_init:
+ type: string
+ keystone_db_sync:
+ type: string
+ db_drop:
+ type: string
+ keystone_fernet_setup:
+ type: string
+ keystone_fernet_rotate:
+ type: string
+ keystone_credential_setup:
+ type: string
+ keystone_credential_rotate:
+ type: string
+ keystone_api:
+ type: string
+ dep_check:
+ type: string
+ tiller:
+ type: object
+ properties:
+ tiller:
+ type: string
+ mariadb:
+ type: object
+ properties:
+ mariadb:
+ type: string
+ dep_check:
+ type: string
+ postgresql:
+ type: object
+ properties:
+ postgresql:
+ type: string
+ dep_check:
+ type: string
+ memcached:
+ type: object
+ properties:
+ memcached:
+ type: string
+ dep_check:
+ type: string
+ rabbitmq:
+ type: object
+ properties:
+ rabbitmq:
+ type: string
+ dep_check:
+ type: string
+ ceph:
+ type: object
+ properties:
+ ceph-mon:
+ type: object
+ properties:
+ fluentbit:
+ type: string
+ ceph_bootstrap:
+ type: string
+ dep_check:
+ type: string
+ ceph_mon:
+ type: string
+ ceph_config_helper:
+ type: string
+ ceph_mon_check:
+ type: string
+ image_repo_sync:
+ type: string
+ ceph-osd:
+ type: object
+ properties:
+ fluentbit:
+ type: string
+ ceph_bootstrap:
+ type: string
+ dep_check:
+ type: string
+ ceph_osd:
+ type: string
+ image_repo_sync:
+ type: string
+ ceph-client:
+ type: object
+ properties:
+ ks_endpoints:
+ type: string
+ ks_service:
+ type: string
+ ks_user:
+ type: string
+ ceph_bootstrap:
+ type: string
+ dep_check:
+ type: string
+ ceph_mds:
+ type: string
+ ceph_mgr:
+ type: string
+ ceph_rgw:
+ type: string
+ ceph_config_helper:
+ type: string
+ ceph_rbd_pool:
+ type: string
+ ceph_rbd_provisioner:
+ type: string
+ ceph_cephfs_provisioner:
+ type: string
+ image_repo_sync:
+ type: string
+ kubernetes:
+ type: object
+ properties:
+ apiserver:
+ type: object
+ properties:
+ anchor:
+ type: string
+ apiserver:
+ type: string
+ dep_check:
+ type: string
+ controller-manager:
+ type: object
+ properties:
+ anchor:
+ type: string
+ controller_manager:
+ type: string
+ dep_check:
+ type: string
+ coredns:
+ type: object
+ properties:
+ coredns:
+ type: string
+ haproxy:
+ type: object
+ properties:
+ haproxy:
+ type: string
+ anchor:
+ type: string
+ etcd:
+ type: object
+ properties:
+ etcd:
+ type: string
+ etcdctl:
+ type: string
+ kubectl:
+ type: string
+ pause:
+ type: string
+ scheduler:
+ type: object
+ properties:
+ anchor:
+ type: string
+ scheduler:
+ type: string
+ proxy:
+ type: object
+ properties:
+ proxy:
+ type: string
+ calico:
+ type: object
+ properties:
+ etcd:
+ type: object
+ properties:
+ etcd:
+ type: string
+ etcdctl:
+ type: string
+ calico:
+ type: object
+ properties:
+ cni:
+ type: string
+ ctl:
+ type: string
+ node:
+ type: string
+ policy_controller:
+ type: string
+ packages:
+ type: object
+ properties:
+ repositories:
+ type: object
+ additionalProperties:
+ type: object
+ properties:
+ name:
+ type: string
+ url:
+ type: string
+ distributions:
+ type: array
+ items:
+ type: string
+ components:
+ type: array
+ items:
+ type: string
+ gpgkey:
+ type: string
+ named:
+ type: object
+ properties:
+ docker:
+ type: string
+ socat:
+ type: string
+ unnamed:
+ type: array
+ items:
+ type: string
+...
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/Docker/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ type: object
+ properties:
+ config:
+ type: object
+ required:
+ - config
+ additionalProperties: false
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/Genesis/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ definitions:
+ abs_path:
+ type: string
+ pattern: '^/.+$'
+ hostname:
+ type: string
+ pattern: '^[a-z][a-z0-9-]+$'
+ file:
+ properties:
+ path:
+ $ref: '#/definitions/abs_path'
+ content:
+ type: string
+ mode:
+ type: integer
+ minimum: 0
+ tar_url:
+ $ref: '#/definitions/url'
+ tar_path:
+ $ref: '#/definitions/rel_path'
+
+ requried:
+ - mode
+ - path
+ oneOf:
+ - type: object
+ required:
+ - content
+ - type: object
+ allOf:
+ - type: object
+ required:
+ - tar_url
+ - tar_path
+ additionalProperties: false
+ image:
+ type: string
+ # XXX add regex
+ ip_address:
+ type: string
+ pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
+ kubernetes_label:
+ type: string
+ # XXX add regex
+ rel_path:
+ type: string
+ # XXX add regex
+
+ type: object
+ properties:
+ armada:
+ type: object
+ properties:
+ target_manifest:
+ type: string
+ additionalProperties: false
+
+ apiserver:
+ type: object
+ properties:
+ command_prefix:
+ type: array
+ items:
+ type: string
+ additionalProperties: false
+
+ files:
+ type: array
+ items:
+ $ref: '#/definitions/file'
+
+ hostname:
+ $ref: '#/definitions/hostname'
+
+ ip:
+ $ref: '#/definitions/ip_address'
+
+ labels:
+ properties:
+ static:
+ type: array
+ items:
+ $ref: '#/definitions/kubernetes_label'
+ dynamic:
+ type: array
+ items:
+ $ref: '#/definitions/kubernetes_label'
+ additionalProperties: false
+
+ images:
+ type: object
+ properties:
+ armada:
+ $ref: '#/definitions/image'
+ helm:
+ type: object
+ properties:
+ tiller:
+ $ref: '#/definitions/image'
+ required:
+ - tiller
+ additionalProperties: false
+ kubernetes:
+ type: object
+ properties:
+ apiserver:
+ $ref: '#/definitions/image'
+ controller-manager:
+ $ref: '#/definitions/image'
+ etcd:
+ $ref: '#/definitions/image'
+ scheduler:
+ $ref: '#/definitions/image'
+ required:
+ - apiserver
+ - controller-manager
+ - etcd
+ - scheduler
+ additionalProperties: false
+ required:
+ - armada
+ - helm
+ - kubernetes
+ additionalProperties: false
+
+ required:
+ - hostname
+ - ip
+ - images
+ - labels
+ additionalProperties: false
+...
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/HostSystem/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ definitions:
+ abs_path:
+ type: string
+ pattern: '^/.+$'
+ apt_source_line:
+ type: string
+ # XXX add regex
+ file:
+ properties:
+ path:
+ $ref: '#/definitions/abs_path'
+ content:
+ type: string
+ mode:
+ type: integer
+ minimum: 0
+ tar_url:
+ $ref: '#/definitions/url'
+ tar_path:
+ $ref: '#/definitions/rel_path'
+
+ requried:
+ - mode
+ - path
+ oneOf:
+ - type: object
+ required:
+ - content
+ - type: object
+ allOf:
+ - type: object
+ required:
+ - tar_url
+ - tar_path
+ additionalProperties: false
+
+ image:
+ type: string
+ # XXX add regex
+ package:
+ type: string
+ # XXX add regex
+ public_key:
+ type: string
+ # XXX add regex
+ rel_path:
+ type: string
+ # XXX add regex
+ url:
+ type: string
+ # XXX add regex
+
+ type: object
+
+ properties:
+ files:
+ type: array
+ items:
+ type: object
+ items:
+ $ref: '#/definitions/file'
+ images:
+ type: object
+ properties:
+ haproxy:
+ $ref: '#/definitions/image'
+ coredns:
+ $ref: '#/definitions/image'
+ helm:
+ type: object
+ properties:
+ helm:
+ $ref: '#/definitions/image'
+ required:
+ - helm
+ additionalProperties: false
+ kubernetes:
+ type: object
+ properties:
+ kubectl:
+ $ref: '#/definitions/image'
+ required:
+ - kubectl
+ additionalProperties: false
+ required:
+ - haproxy
+ - coredns
+ - helm
+ - kubernetes
+ additionalProperties: false
+
+ packages:
+ type: object
+ properties:
+ additional:
+ type: array
+ items:
+ $ref: '#/definitions/package'
+ keys:
+ type: array
+ items:
+ $ref: '#/definitions/public_key'
+
+ required:
+ type: object
+ properties:
+ docker:
+ $ref: '#/definitions/package'
+ socat:
+ $ref: '#/definitions/package'
+ required:
+ - docker
+ - socat
+ additionalProperties: false
+
+ repositories:
+ type: array
+ items:
+ $ref: '#/definitions/apt_source_line'
+
+ required:
+ - required
+ additionalProperties: false
+
+ required:
+ - images
+ - packages
+ additionalProperties: false
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/Kubelet/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ type: object
+ definitions:
+ image:
+ type: string
+ # XXX add regex
+
+ properties:
+ images:
+ type: object
+ properties:
+ pause:
+ $ref: '#/definitions/image'
+ required:
+ - pause
+ additionalProperties: false
+ arguments:
+ type: array
+ items:
+ type: string
+ required:
+ - images
+ additionalProperties: false
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/KubernetesNetwork/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ definitions:
+ cidr:
+ type: string
+ pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\/([0-9]|[1-2][0-9]|3[0-2])$'
+ domain_name:
+ type: string
+ format: hostname
+ domain_suffix:
+ type: string
+ pattern: '^\.[a-z0-9][a-z0-9-\.]*$'
+ hostname:
+ type: string
+ format: hostname
+ hostname_or_ip_address:
+ anyOf:
+ - $ref: '#/definitions/hostname'
+ - $ref: '#/definitions/ip_address'
+ - $ref: '#/definitions/domain_suffix'
+ ip_address:
+ type: string
+ format: ipv4
+ url:
+ type: string
+ format: uri
+
+ type: object
+ properties:
+ dns:
+ type: object
+ properties:
+ bootstrap_validation_checks:
+ type: array
+ items:
+ $ref: '#/definitions/domain_name'
+ cluster_domain:
+ $ref: '#/definitions/domain_name'
+ service_ip:
+ $ref: '#/definitions/ip_address'
+ upstream_servers:
+ type: array
+ items:
+ $ref: '#/definitions/ip_address'
+ required:
+ - cluster_domain
+ - service_ip
+ additionalProperties: false
+
+ etcd:
+ type: object
+ properties:
+ container_port:
+ type: integer
+ haproxy_port:
+ type: integer
+ # NOTE(mark-burnett): No longer used.
+ service_ip:
+ $ref: '#/definitions/ip_address'
+ required:
+ - container_port
+ - haproxy_port
+ additionalProperties: false
+
+ kubernetes:
+ type: object
+ properties:
+ pod_cidr:
+ $ref: '#/definitions/cidr'
+ service_ip:
+ $ref: '#/definitions/ip_address'
+ service_cidr:
+ $ref: '#/definitions/cidr'
+ apiserver_port:
+ type: integer
+ haproxy_port:
+ type: integer
+ required:
+ - pod_cidr
+ - service_cidr
+ - service_ip
+ - apiserver_port
+ - haproxy_port
+ additionalProperties: false
+ hosts_entries:
+ type: array
+ items:
+ type: object
+ properties:
+ ip:
+ $ref: '#/definitions/ip_address'
+ names:
+ type: array
+ items:
+ $ref: '#/definitions/hostname'
+
+ proxy:
+ type: object
+ properties:
+ additional_no_proxy:
+ type: array
+ items:
+ $ref: '#/definitions/hostname_or_ip_address'
+ url:
+ $ref: '#/definitions/url'
+ required:
+ - url
+ additionalFields: false
+
+ required:
+ - dns
+ - kubernetes
+ additionalProperties: false
+...
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/KubernetesNode/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ definitions:
+ hostname:
+ type: string
+ pattern: '^[a-z][a-z0-9-]+$'
+ ip_address:
+ type: string
+ pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
+ kubernetes_label:
+ type: string
+ # XXX add regex
+
+ type: object
+ properties:
+ hostname:
+ $ref: '#/definitions/hostname'
+
+ ip:
+ $ref: '#/definitions/ip_address'
+
+ join_ip:
+ $ref: '#/definitions/ip_address'
+
+ labels:
+ properties:
+ static:
+ type: array
+ items:
+ $ref: '#/definitions/kubernetes_label'
+ dynamic:
+ type: array
+ items:
+ $ref: '#/definitions/kubernetes_label'
+ additionalProperties: false
+
+ required:
+ - ip
+ - join_ip
+ additionalProperties: false
--- /dev/null
+---
+schema: deckhand/DataSchema/v1
+metadata:
+ schema: metadata/Control/v1
+ name: promenade/PKICatalog/v1
+ labels:
+ application: promenade
+data:
+ $schema: http://json-schema.org/schema#
+ certificate_authorities:
+ type: array
+ items:
+ type: object
+ properties:
+ description:
+ type: string
+ certificates:
+ type: array
+ items:
+ type: object
+ properties:
+ document_name:
+ type: string
+ description:
+ type: string
+ common_name:
+ type: string
+ hosts:
+ type: array
+ items: string
+ groups:
+ type: array
+ items: string
+ keypairs:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+...
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: shipyard/DeploymentConfiguration/v1
+ labels:
+ application: shipyard
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ properties:
+ physical_provisioner:
+ type: 'object'
+ properties:
+ deployment_strategy:
+ type: 'string'
+ deploy_interval:
+ type: 'integer'
+ deploy_timeout:
+ type: 'integer'
+ destroy_interval:
+ type: 'integer'
+ destroy_timeout:
+ type: 'integer'
+ join_wait:
+ type: 'integer'
+ prepare_node_interval:
+ type: 'integer'
+ prepare_node_timeout:
+ type: 'integer'
+ prepare_site_interval:
+ type: 'integer'
+ prepare_site_timeout:
+ type: 'integer'
+ verify_interval:
+ type: 'integer'
+ verify_timeout:
+ type: 'integer'
+ additionalProperties: false
+ kubernetes:
+ type: 'object'
+ properties:
+ node_status_interval:
+ type: 'integer'
+ node_status_timeout:
+ type: 'integer'
+ additionalProperties: false
+ kubernetes_provisioner:
+ type: 'object'
+ properties:
+ drain_timeout:
+ type: 'integer'
+ drain_grace_period:
+ type: 'integer'
+ clear_labels_timeout:
+ type: 'integer'
+ remove_etcd_timeout:
+ type: 'integer'
+ etcd_ready_timeout:
+ type: 'integer'
+ additionalProperties: false
+ armada:
+ type: 'object'
+ properties:
+ get_releases_timeout:
+ type: 'integer'
+ get_status_timeout:
+ type: 'integer'
+ manifest:
+ type: 'string'
+ post_apply_timeout:
+ type: 'integer'
+ validate_design_timeout:
+ type: 'integer'
+ additionalProperties: false
+ required:
+ - manifest
+ additionalProperties: false
+ required:
+ - armada
--- /dev/null
+---
+schema: 'deckhand/DataSchema/v1'
+metadata:
+ schema: metadata/Control/v1
+ name: shipyard/DeploymentStrategy/v1
+ labels:
+ application: shipyard
+data:
+ $schema: 'http://json-schema.org/schema#'
+ type: 'object'
+ required:
+ - groups
+ properties:
+ groups:
+ type: 'array'
+ minItems: 0
+ items:
+ type: 'object'
+ required:
+ - name
+ - critical
+ - depends_on
+ - selectors
+ properties:
+ name:
+ type: 'string'
+ minLength: 1
+ critical:
+ type: 'boolean'
+ depends_on:
+ type: 'array'
+ minItems: 0
+ items:
+ type: 'string'
+ selectors:
+ type: 'array'
+ minItems: 0
+ items:
+ type: 'object'
+ minProperties: 1
+ properties:
+ node_names:
+ type: 'array'
+ items:
+ type: 'string'
+ node_labels:
+ type: 'array'
+ items:
+ type: 'string'
+ node_tags:
+ type: 'array'
+ items:
+ type: 'string'
+ rack_names:
+ type: 'array'
+ items:
+ type: 'string'
+ additionalProperties: false
+ success_criteria:
+ type: 'object'
+ minProperties: 1
+ properties:
+ percent_successful_nodes:
+ type: 'integer'
+ minimum: 0
+ maximum: 100
+ minimum_successful_nodes:
+ type: 'integer'
+ minimum: 0
+ maximum_failed_nodes:
+ type: 'integer'
+ minimum: 0
+ additionalProperties: false
--- /dev/null
+---
+schema: pegleg/Script/v1
+metadata:
+ schema: metadata/Document/v1
+ name: configure-ip-rules
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: global
+data: |-
+ #!/bin/bash
+ set -ex
+
+ function usage() {
+ cat <<EOU
+ Options are:
+
+ -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
+ -i INTERFACE (optional) The interface for internal pod traffic, e.g.
+ bond0.22. Used to auto-detect the service gateway.
+ Exclusive with -g.
+ -g SERVICE_GW (optional) The service gateway/VRR IP for routing pod
+ traffic. Exclusive with -i.
+ -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+ INTERFACE. It is used to provide a work around when
+ complete Calico routes cannot be received via BGP.
+ e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
+ -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+ e.g. 10.23.22.192/29
+ EOU
+ }
+
+ SERVICE_CIDR=
+ OVERLAP_CIDR=
+
+ while getopts ":c:g:hi:o:s:" o; do
+ case "${o}" in
+ c)
+ POD_CIDR=${OPTARG}
+ ;;
+ g)
+ SERVICE_GW=${OPTARG}
+ ;;
+ h)
+ usage
+ exit 0
+ ;;
+ i)
+ INTERFACE=${OPTARG}
+ ;;
+ o)
+ OVERLAP_CIDR=${OPTARG}
+ ;;
+ s)
+ SERVICE_CIDR=${OPTARG}
+ ;;
+ \?)
+ echo "Unknown option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ :)
+ echo "Missing argument for option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ *)
+ echo "Unimplemented option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ esac
+ done
+ shift $((OPTIND-1))
+
+ if [ "x$POD_CIDR" == "x" ]; then
+ echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
+ usage
+ exit 1
+ fi
+
+ if [ "x$INTERFACE" != "x" ]; then
+ while ! ip route list dev "${INTERFACE}" > /dev/null; do
+ echo Waiting for device "${INTERFACE}" to be ready. >&2
+ sleep 5
+ done
+ fi
+
+ intra_vrrp_ip=
+ if [ "x${SERVICE_GW}" == "x" ]; then
+ intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+ else
+ intra_vrrp_ip=${SERVICE_GW}
+ fi
+
+ TABLE="1500"
+
+ if [ "x${intra_vrrp_ip}" == "x" ]; then
+ echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
+ usage
+ exit 1
+ fi
+
+ # Setup a routing table for traffic from service IPs
+ ip route flush table "${TABLE}"
+ ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+ # Setup arp_announce adjustment on interface facing gateway
+ arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
+ echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
+
+
+ if [ "x$OVERLAP_CIDR" != "x" ]; then
+ # NOTE: This is a work-around for nodes not receiving complete
+ # routes via BGP.
+ ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+ fi
+
+ if [ "x$SERVICE_CIDR" != "x" ]; then
+ # Traffic from the service IPs to pods should use the pod network.
+ ip rule add \
+ from "${SERVICE_CIDR}" \
+ to "${POD_CIDR}" \
+ lookup main \
+ pref 10000
+ # Other traffic from service IPs should only use the VRRP IP
+ ip rule add \
+ from "${SERVICE_CIDR}" \
+ lookup "${TABLE}" \
+ pref 10100
+ fi
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ name: kubernetes-calico-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.calico.calico
+ dest:
+ path: .source
+ # Image versions
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.calico.calico
+ dest:
+ path: .values.images.tags
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.etcd.service_ip
+ dest:
+ path: .values.endpoints.etcd.host_fqdn_override.default
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.networking.podSubnet
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.api_service_ip
+ dest:
+ path: .values.conf.policy_controller.K8S_API
+ pattern: SUB_KUBERNETES_IP
+
+ # Other site-specific configuration
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.ip_autodetection_method
+ dest:
+ path: .values.conf.node.IP_AUTODETECTION_METHOD
+
+ # Certificates
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: calico-etcd
+ path: .
+ dest:
+ path: .values.endpoints.etcd.auth.client.tls.ca
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-node
+ path: .
+ dest:
+ path: .values.endpoints.etcd.auth.client.tls.crt
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-node
+ path: .
+ dest:
+ path: .values.endpoints.etcd.auth.client.tls.key
+
+data:
+ chart_name: calico
+ release: kubernetes-calico
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-calico
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-calico
+ values:
+ conf:
+ cni_network_config:
+ name: k8s-pod-network
+ cniVersion: 0.1.0
+ type: calico
+ etcd_endpoints: __ETCD_ENDPOINTS__
+ etcd_ca_cert_file: /etc/calico/pki/ca
+ etcd_cert_file: /etc/calico/pki/crt
+ etcd_key_file: /etc/calico/pki/key
+ log_level: info
+ mtu: 1500
+ ipam:
+ type: calico-ipam
+ policy:
+ type: k8s
+ k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
+ k8s_auth_token: __SERVICEACCOUNT_TOKEN__
+
+ policy_controller:
+ K8S_API: "https://SUB_KUBERNETES_IP:443"
+
+ node:
+ CALICO_STARTUP_LOGLEVEL: INFO
+ CLUSTER_TYPE:
+ - k8s
+ - bgp
+ WAIT_FOR_STORAGE: "true"
+
+ endpoints:
+ etcd:
+ hosts:
+ default: calico-etcd
+ scheme:
+ default: https
+
+ networking:
+ mtu: 1500
+ settings:
+ mesh: "on"
+ ippool:
+ ipip:
+ enabled: "true"
+ mode: "always"
+ nat_outgoing: "true"
+ disabled: "false"
+
+ manifests:
+ daemonset_calico_etcd: false
+ job_image_repo_sync: false
+ service_calico_etcd: false
+ dependencies:
+ - calico-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: calico-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.calico.calico-htk
+ dest:
+ path: .source
+data:
+ chart_name: calico-htk
+ release: calico-htk
+ namespace: calico-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-container-networking
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Container networking via Calico
+ sequenced: true
+ chart_group:
+ - kubernetes-calico-etcd
+ - kubernetes-calico
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: kubernetes-calico-etcd-global
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.calico.etcd
+ dest:
+ path: .source
+
+ # Image versions
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.calico.etcd
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.etcd.service_ip
+ dest:
+ path: .values.service.ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.etcd.service_ip
+ dest:
+ path: .values.anchor.etcdctl_endpoint
+
+ # CAs
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: calico-etcd
+ path: .
+ dest:
+ path: .values.secrets.tls.client.ca
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: calico-etcd-peer
+ path: .
+ dest:
+ path: .values.secrets.tls.peer.ca
+
+ # Anchor client cert
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.key
+
+data:
+ chart_name: etcd
+ release: kubernetes-calico-etcd
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-calico-etcd
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-calico-etcd
+ values:
+ labels:
+ anchor:
+ node_selector_key: calico-etcd
+ node_selector_value: enabled
+ etcd:
+ host_data_path: /var/lib/etcd/calico
+ host_etc_path: /etc/etcd/calico
+ bootstrapping:
+ enabled: true
+ host_directory: /var/lib/anchor
+ filename: calico-etcd-bootstrap
+ service:
+ name: calico-etcd
+ network:
+ service_client:
+ name: service_client
+ port: 6666
+ target_port: 6666
+ service_peer:
+ name: service_peer
+ port: 6667
+ target_port: 6667
+ dependencies:
+ - kubernetes-calico-etcd-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.calico.etcd-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-calico-etcd-htk
+ release: kubernetes-calico-etcd-htk
+ namespace: kubernetes-calico-etcd-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-apiserver
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.apiserver
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.apiserver
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.api_service_ip
+ dest:
+ path: .values.network.kubernetes_service_ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.network.pod_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .values.command_prefix[1]
+ pattern: SERVICE_CIDR
+
+ # Kubernetes Port Range
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_node_port_range
+ dest:
+ path: .values.command_prefix[2]
+ pattern: SERVICE_NODE_PORT_RANGE
+
+ # CA
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes
+ path: .
+ dest:
+ path: .values.secrets.tls.ca
+
+ # Certificates
+ - src:
+ schema: deckhand/Certificate/v1
+ name: apiserver
+ path: .
+ dest:
+ path: .values.secrets.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: apiserver
+ path: .
+ dest:
+ path: .values.secrets.tls.key
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes-etcd
+ path: .
+ dest:
+ path: .values.secrets.etcd.tls.ca
+ - src:
+ schema: deckhand/Certificate/v1
+ name: apiserver-etcd
+ path: .
+ dest:
+ path: .values.secrets.etcd.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: apiserver-etcd
+ path: .
+ dest:
+ path: .values.secrets.etcd.tls.key
+ - src:
+ schema: deckhand/PublicKey/v1
+ name: service-account
+ path: .
+ dest:
+ path: .values.secrets.service_account.public_key
+
+data:
+ chart_name: apiserver
+ release: kubernetes-apiserver
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-apiserver
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-apiserver
+ values:
+ apiserver:
+ etcd:
+ endpoints: https://127.0.0.1:2378
+ command_prefix:
+ - /apiserver
+ - --service-cluster-ip-range=SERVICE_CIDR
+ - --service-node-port-range=SERVICE_NODE_PORT_RANGE
+ - --authorization-mode=Node,RBAC
+ - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
+ - --endpoint-reconciler-type=lease
+ dependencies:
+ - kubernetes-apiserver-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-apiserver-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.apiserver-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-apiserver-htk
+ release: kubernetes-apiserver-htk
+ namespace: kubernetes-apiserver-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-core
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Kubernetes components
+ chart_group:
+ - kubernetes-apiserver
+ - kubernetes-controller-manager
+ - kubernetes-scheduler
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-controller-manager
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.controller-manager
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.controller-manager
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.network.pod_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .values.network.service_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.command_prefix[1]
+ pattern: SUB_POD_CIDR
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .values.command_prefix[2]
+ pattern: SUB_SERVICE_CIDR
+
+ # CA
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes
+ path: .
+ dest:
+ path: .values.secrets.tls.ca
+
+ # Certificates
+ - src:
+ schema: deckhand/Certificate/v1
+ name: controller-manager
+ path: .
+ dest:
+ path: .values.secrets.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: controller-manager
+ path: .
+ dest:
+ path: .values.secrets.tls.key
+
+ # Private key for Kubernetes service account token signing
+ - src:
+ schema: deckhand/PrivateKey/v1
+ name: service-account
+ path: .
+ dest:
+ path: .values.secrets.service_account.private_key
+
+data:
+ chart_name: controller-manager
+ release: kubernetes-controller-manager
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-controller-manager
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-controller-manager
+ values:
+ command_prefix:
+ - /controller-manager
+ - --cluster-cidr=SUB_POD_CIDR
+ - --service-cluster-ip-range=SUB_SERVICE_CIDR
+ - --node-monitor-period=5s
+ - --node-monitor-grace-period=20s
+ - --pod-eviction-timeout=60s
+ network:
+ kubernetes_netloc: 127.0.0.1:6553
+ dependencies:
+ - kubernetes-controller-manager-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-controller-manager-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.controller-manager-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-controller-manager-htk
+ release: kubernetes-controller-manager-htk
+ namespace: kubernetes-controller-manager-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-scheduler
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.scheduler
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.scheduler
+ dest:
+ path: .values.images.tags
+
+ # CA
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes
+ path: .
+ dest:
+ path: .values.secrets.tls.ca
+
+ # Certificates
+ - src:
+ schema: deckhand/Certificate/v1
+ name: scheduler
+ path: .
+ dest:
+ path: .values.secrets.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: scheduler
+ path: .
+ dest:
+ path: .values.secrets.tls.key
+
+data:
+ chart_name: scheduler
+ release: kubernetes-scheduler
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-scheduler
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-scheduler
+ values:
+ network:
+ kubernetes_netloc: 127.0.0.1:6553
+ dependencies:
+ - kubernetes-scheduler-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-scheduler-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.scheduler-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-scheduler-htk
+ release: kubernetes-scheduler-htk
+ namespace: kubernetes-scheduler-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-dns
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Cluster DNS
+ chart_group:
+ - coredns
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: coredns
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ name: coredns-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.coredns
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.coredns
+ dest:
+ path: .values.images.tags
+
+ # IP Addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.service_ip
+ dest:
+ path: .values.service.ip
+
+ # Zones
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.cluster_domain
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(CLUSTER_DOMAIN)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(SERVICE_CIDR)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(POD_CIDR)'
+
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers[0]
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(UPSTREAM1)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers[1]
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(UPSTREAM2)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers[2]
+ dest:
+ path: .values.conf.coredns.corefile
+ pattern: '(UPSTREAM3)'
+
+data:
+ chart_name: coredns
+ release: coredns
+ namespace: kube-system
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-coredns
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-coredns
+ values:
+ conf:
+ coredns:
+ corefile: |
+ .:53 {
+ errors
+ health
+ autopath @kubernetes
+ kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ upstream UPSTREAM1
+ upstream UPSTREAM2
+ upstream UPSTREAM3
+ }
+ prometheus :9153
+ forward . UPSTREAM1 UPSTREAM2 UPSTREAM3
+ cache 30
+ }
+
+ labels:
+ coredns:
+ node_selector_key: kube-dns
+ node_selector_value: enabled
+
+ dependencies:
+ - coredns-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: coredns-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.coredns-htk
+ dest:
+ path: .source
+data:
+ chart_name: coredns-htk
+ release: coredns-htk
+ namespace: coredns-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Kubernetes etcd
+ chart_group:
+ - kubernetes-etcd
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: kubernetes-etcd-global
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.etcd
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.etcd
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ -
+ src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.etcd_service_ip
+ dest:
+ path: .values.service.ip
+ -
+ src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.etcd_service_ip
+ dest:
+ path: .values.anchor.etcdctl_endpoint
+
+ # CAs
+ -
+ src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes-etcd
+ path: .
+ dest:
+ path: .values.secrets.tls.client.ca
+ -
+ src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes-etcd-peer
+ path: .
+ dest:
+ path: .values.secrets.tls.peer.ca
+
+ -
+ src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.cert
+ -
+ src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.key
+
+data:
+ chart_name: etcd
+ release: kubernetes-etcd
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-etcd
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-etcd
+ values:
+ labels:
+ anchor:
+ node_selector_key: kubernetes-etcd
+ node_selector_value: enabled
+ etcd:
+ host_data_path: /var/lib/etcd/kubernetes
+ host_etc_path: /etc/etcd/kubernetes
+ service:
+ name: kubernetes-etcd
+ network:
+ service_client:
+ name: service_client
+ port: 2379
+ target_port: 2379
+ service_peer:
+ name: service_peer
+ port: 2380
+ target_port: 2380
+ dependencies:
+ - kubernetes-etcd-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.etcd-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-etcd-htk
+ release: kubernetes-etcd-htk
+ namespace: kubernetes-etcd-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-haproxy
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: HAProxy for Kubernetes
+ chart_group:
+ - haproxy
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: haproxy
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.haproxy
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.haproxy
+ dest:
+ path: .values.images.tags
+
+ # Kubernetes configuration
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.api_service_ip
+ dest:
+ path: .values.conf.anchor.kubernetes_url
+ pattern: KUBERNETES_IP
+
+data:
+ chart_name: haproxy
+ release: haproxy
+ namespace: kube-system
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-haproxy
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-haproxy
+ values:
+ conf:
+ anchor:
+ kubernetes_url: https://KUBERNETES_IP:443
+ services:
+ default:
+ kubernetes:
+ server_opts: "check port 6443"
+ conf_parts:
+ frontend:
+ - mode tcp
+ - option tcpka
+ - bind *:6553
+ backend:
+ - mode tcp
+ - option tcpka
+ - option tcp-check
+ - option redispatch
+ kube-system:
+ kubernetes-etcd:
+ server_opts: "check port 2379"
+ conf_parts:
+ frontend:
+ - mode tcp
+ - option tcpka
+ - bind *:2378
+ backend:
+ - mode tcp
+ - option tcpka
+ - option tcp-check
+ - option redispatch
+ dependencies:
+ - haproxy-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: haproxy-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.haproxy-htk
+ dest:
+ path: .source
+data:
+ chart_name: haproxy-htk
+ release: haproxy-htk
+ namespace: haproxy-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ingress-kube-system
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ingress for the site
+ chart_group:
+ - ingress-kube-system
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: global-ingress-kube-system
+ labels:
+ ingress: kube-system
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.ingress
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.ingress
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: ingress-kube-system
+ release: ingress-kube-system
+ namespace: kube-system
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ingress-kube-system
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ingress-kube-system
+ values:
+ labels:
+ server:
+ node_selector_key: kube-ingress
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: kube-ingress
+ node_selector_value: enabled
+ deployment:
+ mode: cluster
+ type: DaemonSet
+ network:
+ host_namespace: true
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "603"
+ pod:
+ replicas:
+ error_page: 2
+ dependencies:
+ - ingress-kube-system-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ingress-kube-system-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.ingress-htk
+ dest:
+ path: .source
+data:
+ chart_name: ingress-kube-system-htk
+ release: ingress-kube-system-htk
+ namespace: ingress-kube-system-htk
+ values: {}
+ dependencies: []
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-proxy
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Kubernetes proxy
+ sequenced: true
+ chart_group:
+ - kubernetes-proxy
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-proxy
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.proxy
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.proxy
+ dest:
+ path: .values.images.tags
+
+ # IP Addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .values.command_prefix[1]
+ pattern: POD_CIDR
+
+ # Secrets
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes
+ path: .
+ dest:
+ path: .values.secrets.tls.ca
+data:
+ chart_name: proxy
+ release: kubernetes-proxy
+ namespace: kube-system
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-kubernetes-proxy
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kubernetes-proxy
+ values:
+ command_prefix:
+ - /proxy
+ - --cluster-cidr=POD_CIDR
+ - --proxy-mode=iptables
+ kube_service:
+ host: 127.0.0.1
+ port: 6553
+ dependencies:
+ - kubernetes-proxy-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-proxy-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.proxy-htk
+ dest:
+ path: .source
+data:
+ chart_name: kubernetes-proxy-htk
+ release: kubernetes-proxy-htk
+ namespace: kubernetes-proxy-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-helm-toolkit
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.helm_toolkit
+ dest:
+ path: .source
+data:
+ chart_name: helm-toolkit
+ release: osh-infra-helm-toolkit
+ namespace: osh-infra-helm-toolkit
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-osh-infra-helm-toolkit
+ upgrade:
+ no_hooks: true
+ values: {}
+ dependencies: []
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+
+data:
+ chart_name: osh-infra-ceph-config
+ release: osh-infra-ceph-config
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-osh-infra-ceph-config
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-osh-infra-ceph-config
+ values:
+ labels:
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ deployment:
+ ceph: false
+ client_secrets: true
+ rbd_provisioner: false
+ cephfs_provisioner: false
+ rgw_keystone_user_and_endpoints: false
+ bootstrap:
+ enabled: false
+ conf:
+ rgw_ks:
+ enabled: true
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ceph config for OpenStack-Infra namespace(s)
+ chart_group:
+ - osh-infra-ceph-config
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-dashboards
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OSH Infra Dashboards
+ chart_group:
+ - kibana
+ - grafana
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: grafana
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.grafana
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.grafana
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db_session
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.grafana
+ dest:
+ path: .values.endpoints.grafana
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.monitoring
+ dest:
+ path: .values.endpoints.monitoring
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.ldap
+ dest:
+ path: .values.endpoints.ldap
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.grafana.admin
+ dest:
+ path: .values.endpoints.grafana.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.grafana.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.grafana.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.grafana.oslo_db_session
+ dest:
+ path: .values.endpoints.oslo_db_session.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.grafana.oslo_db_session.database
+ dest:
+ path: .values.endpoints.oslo_db_session.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.grafana.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_grafana_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_grafana_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_session.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_grafana_oslo_db_session_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_session.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_oslo_db_admin_password
+ path: .
+
+ # LDAP Configuration Details
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.ldap.admin.bind
+ dest:
+ path: .values.endpoints.ldap.auth.admin.bind_dn
+ - dest:
+ path: .values.endpoints.ldap.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_ldap_password
+ path: .
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.subdomain
+ dest:
+ path: .values.conf.ldap.config.base_dns.search
+ pattern: SUBDOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.domain
+ dest:
+ path: .values.conf.ldap.config.base_dns.search
+ pattern: DOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.subdomain
+ dest:
+ path: .values.conf.ldap.config.base_dns.group_search
+ pattern: SUBDOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.domain
+ dest:
+ path: .values.conf.ldap.config.base_dns.group_search
+ pattern: DOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.common_name
+ dest:
+ path: .values.conf.ldap.config.filters.group_search
+ pattern: COMMON_NAME
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.subdomain
+ dest:
+ path: .values.conf.ldap.config.filters.group_search
+ pattern: SUBDOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.domain
+ dest:
+ path: .values.conf.ldap.config.filters.group_search
+ pattern: DOMAIN
+data:
+ chart_name: grafana
+ release: grafana
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-grafana
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-grafana
+ post:
+ create: []
+ values:
+ labels:
+ grafana:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ conf:
+ ldap:
+ config:
+ base_dns:
+ search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
+ group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
+ filters:
+ search: "(sAMAccountName=%s)"
+ group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
+ template: |
+ verbose_logging = true
+ [[servers]]
+ host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
+ port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ use_ssl = false
+ start_tls = false
+ ssl_skip_verify = false
+ bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
+ bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
+ search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
+ search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
+ group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
+ [servers.attributes]
+ username = "sAMAccountName"
+ surname = "sn"
+ member_of = "memberof"
+ email = "mail"
+ [[servers.group_mappings]]
+ group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
+ org_role = "Admin"
+ [[servers.group_mappings]]
+ group_dn = "*"
+ org_role = "Viewer"
+ pod:
+ replicas:
+ grafana: 2
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kibana
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.kibana
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.kibana
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.elasticsearch
+ dest:
+ path: .values.endpoints.elasticsearch
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.kibana
+ dest:
+ path: .values.endpoints.kibana
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.ldap
+ dest:
+ path: .values.endpoints.ldap
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.elasticsearch.admin
+ dest:
+ path: .values.endpoints.elasticsearch.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.elasticsearch.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_elasticsearch_admin_password
+ path: .
+
+ # LDAP Details
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.ldap.admin
+ dest:
+ path: .values.endpoints.ldap.auth.admin
+ - dest:
+ path: .values.endpoints.ldap.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_ldap_password
+ path: .
+data:
+ chart_name: kibana
+ release: kibana
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-kibana
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-kibana
+ create: []
+ post:
+ create: []
+ values:
+ conf:
+ apache:
+ host: |
+ <VirtualHost *:80>
+ ProxyRequests off
+ ProxyPreserveHost On
+ <Location />
+ ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ </Location>
+ <Proxy *>
+ AuthName "Kibana"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+ Require valid-user
+ </Proxy>
+ </VirtualHost>
+ labels:
+ kibana:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-ingress-controller
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OpenStack Namespace Ingress
+ chart_group:
+ - osh-infra-ingress-controller
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-ingress-controller
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.ingress
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.ingress
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: osh-infra-ingress-controller
+ release: osh-infra-ingress-controller
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-osh-infra-ingress-controller
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-osh-infra-ingress-controller
+ values:
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ ingress: 2
+ error_page: 2
+ dependencies:
+ - osh-helm-toolkit
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-logging
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OSH Infra Logging
+ chart_group:
+ - elasticsearch
+ - fluent-logging
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch-global
+ labels:
+ hosttype: elasticsearch-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.elasticsearch
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.elasticsearch
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.elasticsearch
+ dest:
+ path: .values.endpoints.elasticsearch
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.prometheus_elasticsearch_exporter
+ dest:
+ path: .values.endpoints.prometheus_elasticsearch_exporter
+
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.ldap
+ dest:
+ path: .values.endpoints.ldap
+
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.elasticsearch.admin
+ dest:
+ path: .values.endpoints.elasticsearch.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.elasticsearch.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_elasticsearch_admin_password
+ path: .
+
+ # LDAP Details
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.ldap.admin
+ dest:
+ path: .values.endpoints.ldap.auth.admin
+ - dest:
+ path: .values.endpoints.ldap.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_ldap_password
+ path: .
+data:
+ chart_name: elasticsearch
+ release: elasticsearch
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-elasticsearch
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-elasticsearch
+ create: []
+ post:
+ create: []
+ values:
+ labels:
+ elasticsearch:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ conf:
+ apache:
+ host: |
+ <VirtualHost *:80>
+ <Location />
+ ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ </Location>
+ <Proxy *>
+ AuthName "Elasticsearch"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+ Require valid-user
+ </Proxy>
+ </VirtualHost>
+ elasticsearch:
+ env:
+ java_opts: "-Xms5g -Xmx5g"
+ curator:
+ #run every 6th hour
+ schedule: "0 */6 * * *"
+ action_file:
+ # Remember, leave a key empty if there is no value. None will be a string,
+ # not a Python "NoneType"
+ #
+ # Also remember that all examples have 'disable_action' set to True. If you
+ # want to use this action as a template, be sure to set this to False after
+ # copying it.
+ actions:
+ 1:
+ action: delete_indices
+ description: >-
+ "Delete indices older than 7 days"
+ options:
+ timeout_override:
+ continue_if_exception: False
+ ignore_empty_list: True
+ disable_action: False
+ filters:
+ - filtertype: pattern
+ kind: prefix
+ value: logstash-
+ - filtertype: age
+ source: name
+ direction: older
+ timestring: '%Y.%m.%d'
+ unit: days
+ unit_count: 7
+ 2:
+ action: delete_indices
+ description: >-
+ "Delete indices by age if available disk space is
+ less than 80% total disk"
+ options:
+ timeout_override: 600
+ continue_if_exception: False
+ ignore_empty_list: True
+ disable_action: False
+ filters:
+ - filtertype: pattern
+ kind: prefix
+ value: logstash-
+ - filtertype: space
+ source: creation_date
+ use_age: True
+ disk_space: 1200
+ storage:
+ elasticsearch:
+ requests:
+ storage: 500Gi
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluent-logging-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ hosttype: fluent-logging-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.fluent_logging
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.fluent_logging
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.elasticsearch
+ dest:
+ path: .values.endpoints.elasticsearch
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.prometheus_fluentd_exporter
+ dest:
+ path: .values.endpoints.prometheus_fluentd_exporter
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.elasticsearch.admin
+ dest:
+ path: .values.endpoints.elasticsearch.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.elasticsearch.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_elasticsearch_admin_password
+ path: .
+
+data:
+ chart_name: fluent-logging
+ release: fluent-logging
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-fluent-logging
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-fluent-logging
+ create: []
+ post:
+ create: []
+ values:
+ labels:
+ fluentd:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ fluentbit:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_fluentd_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ static:
+ fluentbit:
+ jobs: ""
+ services:
+ - endpoint: internal
+ service: fluentd
+ fluentd:
+ jobs: ""
+ services:
+ - endpoint: internal
+ service: elasticsearch
+ manifests:
+ job_elasticsearch_template: false
+ conf:
+ fluentbit:
+ - service:
+ header: service
+ Flush: 5
+ Daemon: Off
+ Log_Level: info
+ Parsers_File: parsers.conf
+ - containers_tail:
+ header: input
+ Name: tail
+ Tag: kube.*
+ Path: /var/log/containers/*.log
+ Parser: docker
+ DB: /var/log/flb_kube.db
+ DB.Sync: Normal
+ Buffer_Chunk_Size: 1M
+ Buffer_Max_Size: 1M
+ Mem_Buf_Limit: 5MB
+ - kube_filter:
+ header: filter
+ Name: kubernetes
+ Match: kube.*
+ Merge_JSON_Log: On
+ - fluentd_output:
+ header: output
+ Name: forward
+ Match: "*"
+ Host: ${FLUENTD_HOST}
+ Port: ${FLUENTD_PORT}
+ td_agent:
+ - metrics_agent:
+ header: source
+ type: monitor_agent
+ bind: 0.0.0.0
+ port: 24220
+ - fluentbit_forward:
+ header: source
+ type: forward
+ port: "#{ENV['FLUENTD_PORT']}"
+ bind: 0.0.0.0
+ - elasticsearch:
+ header: match
+ type: elasticsearch
+ user: "#{ENV['ELASTICSEARCH_USERNAME']}"
+ password: "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ expression: "**"
+ include_tag_key: true
+ host: "#{ENV['ELASTICSEARCH_HOST']}"
+ port: "#{ENV['ELASTICSEARCH_PORT']}"
+ logstash_format: true
+ buffer_chunk_limit: 10M
+ buffer_queue_limit: 32
+ flush_interval: 20s
+ max_retry_wait: 300
+ disable_retry_limit: ""
+ num_threads: 8
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-mariadb
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OpenStack-Infra MariaDB
+ chart_group:
+ - osh-infra-mariadb
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-mariadb
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.mariadb
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.mariadb
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.oslo_db
+ dest:
+ path: .values.endpoints.olso_db
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.oslo_db.admin
+ dest:
+ path: .values.endpoints.oslo_db.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_oslo_db_admin_password
+ path: .
+
+data:
+ chart_name: osh-infra-mariadb
+ release: osh-infra-mariadb
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-osh-infra-mariadb
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-osh-infra-mariadb
+ values:
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_mysql_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-monitoring
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OSH Infra Monitoring
+ chart_group:
+ - prometheus
+ - prometheus-alertmanager
+ - prometheus-node-exporter
+ - prometheus-kube-state-metrics
+ - nagios
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nagios
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.nagios
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.nagios
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.nagios
+ dest:
+ path: .values.endpoints.nagios
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.monitoring
+ dest:
+ path: .values.endpoints.monitoring
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.ldap
+ dest:
+ path: .values.endpoints.ldap
+
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.nagios.admin
+ dest:
+ path: .values.endpoints.nagios.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.nagios.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_nagios_admin_password
+ path: .
+
+ # LDAP Details
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.ldap.admin
+ dest:
+ path: .values.endpoints.ldap.auth.admin
+ - dest:
+ path: .values.endpoints.ldap.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_ldap_password
+ path: .
+
+data:
+ chart_name: nagios
+ release: nagios
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-nagios
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-nagios
+ create: []
+ post:
+ create: []
+ values:
+ conf:
+ apache:
+ host: |
+ <VirtualHost *:80>
+ <Location />
+ ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ </Location>
+ <Proxy *>
+ AuthName "Nagios"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+ Require valid-user
+ </Proxy>
+ </VirtualHost>
+ labels:
+ nagios:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ nagios: 3
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: prometheus-alertmanager
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.prometheus_alertmanager
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.prometheus_alertmanager
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.alerts
+ dest:
+ path: .values.endpoints.alerts
+
+data:
+ chart_name: prometheus-alertmanager
+ release: prometheus-alertmanager
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-prometheus-alertmanager
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-prometheus-alertmanager
+ create: []
+ post:
+ create: []
+ values:
+ manifests:
+ ingress: false
+ service_ingress: false
+ labels:
+ alertmanager:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: prometheus-kube-state-metrics
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.prometheus_kube_state_metrics
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.prometheus_kube_state_metrics
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.kube_state_metrics
+ dest:
+ path: .values.endpoints.kube_state_metrics
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.kube_scheduler
+ dest:
+ path: .values.endpoints.kube_scheduler
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.kube_controller_manager
+ dest:
+ path: .values.endpoints.kube_controller_manager
+
+data:
+ chart_name: prometheus-kube-state-metrics
+ release: prometheus-kube-state-metrics
+ namespace: kube-system
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-prometheus-kube-state-metrics
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-prometheus-kube-state-metrics
+ create: []
+ post:
+ create: []
+ values:
+ labels:
+ kube_state_metrics:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: prometheus-node-exporter
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.prometheus_node_exporter
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.prometheus_node_exporter
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.node_metrics
+ dest:
+ path: .values.endpoints.node_metrics
+
+data:
+ chart_name: prometheus-node-exporter
+ release: prometheus-node-exporter
+ namespace: kube-system
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-prometheus-node-exporter
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-prometheus-node-exporter
+ create: []
+ post:
+ create: []
+ values:
+ labels:
+ node_exporter:
+ node_selector_key: node-exporter
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: prometheus
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.prometheus
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.prometheus
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.monitoring
+ dest:
+ path: .values.endpoints.monitoring
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.alerts
+ dest:
+ path: .values.endpoints.alerts
+
+data:
+ chart_name: prometheus
+ release: prometheus
+ namespace: osh-infra
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-prometheus
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-prometheus
+ create: []
+ post:
+ create: []
+ values:
+ manifests:
+ ingress: false
+ service_ingress: false
+ labels:
+ prometheus:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ prometheus: 3
+ storage:
+ requests:
+ storage: 500Gi
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-infra-prometheus-openstack-exporter
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Prometheus OpenStack Exporter
+ chart_group:
+ - prometheus-openstack-exporter
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: prometheus-openstack-exporter
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh_infra.prometheus_openstack_exporter
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh_infra.prometheus_openstack_exporter
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.prometheus_openstack_exporter
+ dest:
+ path: .values.endpoints.prometheus_openstack_exporter
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_infra_service_accounts
+ path: .osh_infra.prometheus_openstack_exporter.user
+ dest:
+ path: .values.endpoints.identity.auth.user
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_infra_openstack_exporter_password
+ path: .
+data:
+ chart_name: prometheus-openstack-exporter
+ release: prometheus-openstack-exporter
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-prometheus-openstack-exporter
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-prometheus-openstack-exporter
+ values:
+ labels:
+ openstack_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-infra-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh-helm-toolkit
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.helm_toolkit
+ dest:
+ path: .source
+data:
+ chart_name: helm-toolkit
+ release: osh-helm-toolkit
+ namespace: osh-helm-toolkit
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-osh-helm-toolkit
+ upgrade:
+ no_hooks: true
+ values: {}
+ dependencies: []
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+
+data:
+ chart_name: openstack-ceph-config
+ release: openstack-ceph-config
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-openstack-ceph-config
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-openstack-ceph-config
+ values:
+ labels:
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ deployment:
+ ceph: false
+ client_secrets: true
+ rbd_provisioner: false
+ cephfs_provisioner: false
+ rgw_keystone_user_and_endpoints: false
+ bootstrap:
+ enabled: false
+ conf:
+ rgw_ks:
+ enabled: true
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ceph config for OpenStack namespace(s)
+ chart_group:
+ - openstack-ceph-config
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-cinder
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Cinder
+ chart_group:
+ - cinder-rabbitmq
+ - cinder
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cinder
+ labels:
+ component: cinder
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.cinder
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.cinder
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.image
+ dest:
+ path: .values.endpoints.image
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.image_registry
+ dest:
+ path: .values.endpoints.image_registry
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.volume
+ dest:
+ path: .values.endpoints.volume
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.volumev2
+ dest:
+ path: .values.endpoints.volumev2
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.volumev3
+ dest:
+ path: .values.endpoints.volumev3
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.cinder_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.cinder
+ dest:
+ path: .values.endpoints.identity.auth.cinder
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.oslo_messaging.cinder
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.cinder
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.cinder
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.cinder.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.cinder.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.cinder.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+data:
+ chart_name: cinder
+ release: cinder
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-cinder
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-cinder
+ post:
+ create: []
+ values:
+ pod:
+ replicas:
+ api: 2
+ volume: 2
+ scheduler: 2
+ backup: 2
+ labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ backup:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ scheduler:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ volume:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - cinder
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_cinder:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: cinder
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.cinder', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cinder-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.cinder_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.cinder_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.cinder.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_cinder_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: cinder-rabbitmq
+ release: cinder-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-cinder-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-cinder-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-compute-kit
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Nova, Neutron, Openvswitch, and Libvirt
+ chart_group:
+ - libvirt
+ - openvswitch
+ - neutron-rabbitmq
+ - nova-rabbitmq
+ - neutron
+ - nova
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: libvirt
+ labels:
+ name: libvirt-global
+ component: libvirt
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.libvirt
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.libvirt
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: libvirt
+ release: libvirt
+ namespace: openstack
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-libvirt
+ values:
+ labels:
+ agent:
+ libvirt:
+ node_selector_key: openstack-libvirt
+ node_selector_value: kernel
+ dependencies:
+ - osh-helm-toolkit
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: neutron-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.neutron_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.neutron_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: neutron-rabbitmq
+ release: neutron-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-neutron-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-neutron-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: neutron
+ labels:
+ name: neutron-global
+ component: neutron
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.neutron
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.neutron
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute
+ dest:
+ path: .values.endpoints.compute
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute_metadata
+ dest:
+ path: .values.endpoints.image_registry
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.neutron_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.network
+ dest:
+ path: .values.endpoints.network
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.neutron
+ dest:
+ path: .values.endpoints.identity.auth.neutron
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.nova
+ dest:
+ path: .values.endpoints.identity.auth.nova
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.oslo_messaging.neutron
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.neutron
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.neutron
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.neutron.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.neutron.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.neutron.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+
+ # Interfaces for neutron configuration
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .neutron.tunnel_device
+ dest:
+ path: .values.network.interface.tunnel
+ pattern: 'TUNNEL_DEVICE'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .neutron.external_iface
+ dest:
+ path: .values.network.interface.external
+ pattern: 'EXTERNAL_INTERFACE'
+
+data:
+ chart_name: neutron
+ release: neutron
+ namespace: openstack
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-neutron
+ post:
+ create: []
+ values:
+ pod:
+ replicas:
+ server: 2
+ labels:
+ agent:
+ dhcp:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ l3:
+ # To enable the forcing of routers onto controllers that have
+ # a public cidr so that tenant floating IPs can route properly
+ node_selector_key: openstack-l3-agent
+ node_selector_value: enabled
+ metadata:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ lb:
+ node_selector_key: linuxbridge
+ node_selector_value: enabled
+ ovs:
+ node_selector_key: openvswitch
+ node_selector_value: enabled
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ network:
+ interface:
+ tunnel: 'TUNNEL_DEVICE'
+ external: 'EXTERNAL_INTERFACE'
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - neutron
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_neutron:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: neutron
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.neutron', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ neutron:
+ DEFAULT:
+ l3_ha: True
+ min_l3_agents_per_router: 2
+ max_l3_agents_per_router: 5
+ l3_ha_network_type: vxlan
+ dhcp_agents_per_network: 2
+ oslo_messaging_rabbit:
+ heartbeat_timeout_threshold: 0
+ plugins:
+ ml2_conf:
+ ml2:
+ extension_drivers: port_security
+ mechanism_drivers: l2population,openvswitch
+ type_drivers: vlan,flat,vxlan
+ tenant_network_types: vxlan
+ ml2_type_vlan:
+ network_vlan_ranges: bond0
+ openvswitch_agent:
+ agent:
+ tunnel_types: vxlan
+ ovs:
+ bridge_mappings: bond0:br-bond0
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.nova_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.nova_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: nova-rabbitmq
+ release: nova-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-nova-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-nova-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova-global
+ labels:
+ name: nova-global
+ component: nova
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.nova
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.nova
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db_api
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db_cell0
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.nova_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.image
+ dest:
+ path: .values.endpoints.image
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute
+ dest:
+ path: .values.endpoints.compute
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute_metadata
+ dest:
+ path: .values.endpoints.compute_metadata
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute_novnc_proxy
+ dest:
+ path: .values.endpoints.compute_novnc_proxy
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.compute_spice_proxy
+ dest:
+ path: .values.endpoints.compute_spice_proxy
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.placement
+ dest:
+ path: .values.endpoints.placement
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.network
+ dest:
+ path: .values.endpoints.network
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+
+ # Service Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.nova
+ dest:
+ path: .values.endpoints.identity.auth.nova
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.neutron.neutron
+ dest:
+ path: .values.endpoints.identity.auth.neutron
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.placement
+ dest:
+ path: .values.endpoints.identity.auth.placement
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_messaging.nova
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.nova
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db.username
+ dest:
+ path: .values.endpoints.oslo_db.auth.nova.username
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db_api
+ dest:
+ path: .values.endpoints.oslo_db_api.auth.nova
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db_api.database
+ dest:
+ path: .values.endpoints.oslo_db_api.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db_cell0
+ dest:
+ path: .values.endpoints.oslo_db_cell0.auth.nova
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.nova.oslo_db_cell0.database
+ dest:
+ path: .values.endpoints.oslo_db_cell0.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.neutron.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_neutron_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.placement.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_placement_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_api.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_cell0.auth.nova.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_nova_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_api.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db_cell0.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+data:
+ chart_name: nova
+ release: nova
+ namespace: openstack
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-nova
+ post:
+ create: []
+ values:
+ labels:
+ agent:
+ compute:
+ node_selector_key: openstack-nova-compute
+ node_selector_value: enabled
+ api_metadata:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ conductor:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ consoleauth:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ novncproxy:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ osapi:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ placement:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ scheduler:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ spiceproxy:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ api_metadata: 2
+ placement: 1
+ osapi: 2
+ conductor: 2
+ consoleauth: 1
+ scheduler: 1
+ novncproxy: 1
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - nova
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_nova:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: nova
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.nova', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openvswitch
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ name: openvswitch-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.openvswitch
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.openvswitch
+ dest:
+ path: .values.images.tags
+ # External Interface
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .openvswitch.external_iface
+ dest:
+ path: .values.network.interface.external
+ pattern: 'EXTERNAL_INTERFACE'
+data:
+ chart_name: openvswitch
+ release: openvswitch
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-openvswitch
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-openvswitch
+ values:
+ labels:
+ ovs:
+ node_selector_key: openvswitch
+ node_selector_value: enabled
+ network:
+ external_bridge: br-bond0
+ interface:
+ external: 'EXTERNAL_INTERFACE'
+ dependencies:
+ - osh-helm-toolkit
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-glance
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Glance
+ chart_group:
+ - glance-rabbitmq
+ - glance
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: glance
+ labels:
+ component: glance
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.glance
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.glance
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.image
+ dest:
+ path: .values.endpoints.image
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.image_registry
+ dest:
+ path: .values.endpoints.image_registry
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.glance_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.ceph_object_store
+ dest:
+ path: .values.endpoints.ceph_object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.glance
+ dest:
+ path: .values.endpoints.identity.auth.glance
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.oslo_messaging.glance
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.glance
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.glance
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.ceph_object_store
+ dest:
+ path: .values.endpoints.ceph_object_store.auth.glance
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.glance.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.glance.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.glance.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+ - dest:
+ path: .values.endpoints.object_store.auth.glance.tmpurlkey
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.ceph_object_store.auth.glance.tmpurlkey
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.ceph_object_store.auth.glance.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_password
+ path: .
+data:
+ chart_name: glance
+ release: glance
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-glance
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-glance
+ post:
+ create: []
+ values:
+ pod:
+ replicas:
+ api: 2
+ registry: 2
+ labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ registry:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ manifests:
+ job_bootstrap: false
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - glance
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_glance:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: glance
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.glance', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: glance-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.glance_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.glance_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.glance.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_glance_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: glance-rabbitmq
+ release: glance-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-glance-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-glance-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-heat
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Heat
+ chart_group:
+ - heat-rabbitmq
+ - heat
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: heat
+ labels:
+ name: heat-global
+ component: heat
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.heat
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.heat
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.orchestration
+ dest:
+ path: .values.endpoints.orchestration
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.cloudformation
+ dest:
+ path: .values.endpoints.cloudformation
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.cloudwatch
+ dest:
+ path: .values.endpoints.cloudwatch
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.heat_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.heat
+ dest:
+ path: .values.endpoints.identity.auth.heat
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.heat_trustee
+ dest:
+ path: .values.endpoints.identity.auth.heat_trustee
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.heat_stack_user
+ dest:
+ path: .values.endpoints.identity.auth.heat_stack_user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.oslo_messaging.heat
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.heat
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.heat
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.heat.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.heat_trustee.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_trustee_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.heat_stack_user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_stack_user_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.heat.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.heat.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+data:
+ chart_name: heat
+ release: heat
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-heat
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-heat
+ post:
+ create: []
+ values:
+ pod:
+ replicas:
+ api: 1
+ cfn: 1
+ cloudwatch: 1
+ engine: 2
+ labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ cfn:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ cloudwatch:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ engine:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - heat
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_heat:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: heat
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.heat', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: heat-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.heat_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.heat_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.heat.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_heat_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: heat-rabbitmq
+ release: heat-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-heat-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-heat-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-horizon
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Horizon
+ chart_group:
+ - horizon
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: horizon
+ labels:
+ component: horizon
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.horizon
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.horizon
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.dashboard
+ dest:
+ path: .values.endpoints.dashboard
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+
+ # Service Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.horizon.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.horizon
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.horizon.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.oslo_db.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_horizon_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+data:
+ chart_name: horizon
+ release: horizon
+ namespace: openstack
+ install:
+ no_hooks: false
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-horizon
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-horizon
+ post:
+ create: []
+ values:
+ labels:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-ingress-controller
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: OpenStack Namespace Ingress
+ chart_group:
+ - openstack-ingress-controller
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-ingress-controller
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.ingress
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.ingress
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: openstack-ingress-controller
+ release: openstack-ingress-controller
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-openstack-ingress-controller
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-openstack-ingress-controller
+ values:
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ ingress: 2
+ error_page: 2
+ dependencies:
+ - osh-helm-toolkit
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-keystone
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Keystone
+ chart_group:
+ - keystone-rabbitmq
+ - keystone
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: keystone
+ labels:
+ name: keystone-global
+ component: keystone
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.keystone
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.keystone
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.keystone_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+
+ # Service Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_messaging.keystone
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.keystone
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.keystone
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_cache.auth.memcache_secret_key
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_cache_secret_key
+ path: .
+
+data:
+ chart_name: keystone
+ release: keystone
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-keystone
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-keystone
+ post:
+ create: []
+ values:
+ bootstrap:
+ script: |
+ openstack role create --or-show _member_
+ openstack role add \
+ --user="${OS_USERNAME}" \
+ --user-domain="${OS_USER_DOMAIN_NAME}" \
+ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
+ --project="${OS_PROJECT_NAME}" \
+ "_member_"
+
+ #NOTE(portdirect): required for all users who operate heat stacks
+ openstack role create --or-show heat_stack_owner
+ openstack role add \
+ --user="${OS_USERNAME}" \
+ --user-domain="${OS_USER_DOMAIN_NAME}" \
+ --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
+ --project="${OS_PROJECT_NAME}" \
+ "heat_stack_owner"
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - keystone
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_keystone:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: keystone
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ keystone:
+ identity:
+ driver: sql
+ default_domain_id: default
+ domain_specific_drivers_enabled: True
+ domain_configurations_from_database: True
+ domain_config_dir: /etc/keystonedomains
+ pod:
+ replicas:
+ api: 2
+ labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: keystone-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.keystone_oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.keystone_rabbitmq_exporter
+ dest:
+ path: .values.endpoints.prometheus_rabbitmq_exporter
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: keystone-rabbitmq
+ release: keystone-rabbitmq
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-keystone-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-keystone-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ monitoring:
+ prometheus:
+ enabled: true
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-mariadb
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy MariaDB
+ chart_group:
+ - openstack-mariadb
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-mariadb
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.mariadb
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.mariadb
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_db
+ dest:
+ path: .values.endpoints.olso_db
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.oslo_db.admin
+ dest:
+ path: .values.endpoints.oslo_db.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_oslo_db_admin_password
+ path: .
+
+data:
+ chart_name: openstack-mariadb
+ release: openstack-mariadb
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-openstack-mariadb
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-openstack-mariadb
+ values:
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ prometheus_mysql_exporter:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-memcached
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Memcached
+ chart_group:
+ - openstack-memcached
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-memcached
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.osh.memcached
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.osh.memcached
+ dest:
+ path: .values.images.tags
+
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+data:
+ chart_name: openstack-memcached
+ release: openstack-memcached
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-openstack-memcached
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-openstack-memcached
+ values:
+ labels:
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - osh-helm-toolkit
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: openstack-radosgw
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deploy Radosgw
+ chart_group:
+ - radosgw
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: radosgw
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+
+data:
+ chart_name: radosgw
+ release: radosgw
+ namespace: openstack
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-radosgw
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-radosgw
+ values:
+ labels:
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ deployment:
+ ceph: false
+ client_secrets: false
+ rbd_provisioner: false
+ cephfs_provisioner: false
+ rgw_keystone_user_and_endpoints: true
+ bootstrap:
+ enabled: false
+ conf:
+ rgw_ks:
+ enabled: true
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-armada
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.armada
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.armada
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.armada
+ dest:
+ path: .values.endpoints.armada
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.armada.keystone
+ dest:
+ path: .values.endpoints.identity.auth.user
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_armada_keystone_password
+ path: .
+data:
+ chart_name: armada
+ release: ucp-armada
+ namespace: ucp
+ wait:
+ timeout: 100
+ labels:
+ release_group: airship-ucp-armada
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-armada
+ values:
+ pod:
+ replicas:
+ api: 2
+ conf:
+ armada:
+ DEFAULT:
+ debug: true
+ tiller_namespace: kube-system
+ manifests:
+ deployment_tiller: false
+ service_tiller_deploy: false
+ dependencies:
+ - armada-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: armada-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.armada-htk
+ dest:
+ path: .source
+data:
+ chart_name: armada-htk
+ release: armada-htk
+ namespace: armada-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-armada
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Armada
+ sequenced: true
+ chart_group:
+ - ucp-tiller
+ - ucp-armada
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-tiller
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.tiller
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.tiller
+ dest:
+ path: .values.images.tags
+
+data:
+ chart_name: tiller
+ release: ucp-tiller
+ namespace: kube-system
+ wait:
+ timeout: 100
+ labels:
+ release_group: airship-ucp-tiller
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-tiller
+ values: {}
+ dependencies:
+ - tiller-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tiller-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.tiller-htk
+ dest:
+ path: .source
+data:
+ chart_name: tiller-htk
+ release: tiller-htk
+ namespace: tiller-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ceph.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+
+data:
+ chart_name: ucp-ceph-config
+ release: ucp-ceph-config
+ namespace: ucp
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-ucp-ceph-config
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-ceph-config
+ values:
+ labels:
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ deployment:
+ ceph: false
+ client_secrets: true
+ rbd_provisioner: false
+ cephfs_provisioner: false
+ rgw_keystone_user_and_endpoints: false
+ bootstrap:
+ enabled: false
+ conf:
+ rgw_ks:
+ enabled: true
+
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-config
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ceph config for UCP namespace(s)
+ chart_group:
+ # NOTE: This will probably expand into one config per UCP namespace
+ # that requires ceph access.
+ - ucp-ceph-config
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ labels:
+ name: ucp-ceph-client-update-global
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.conf.ceph.global.fsid
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_fsid
+ path: .
+
+data:
+ chart_name: ucp-ceph-client
+ release: ucp-ceph-client
+ namespace: ceph
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-ucp-ceph-client
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-ceph-client
+ values:
+ labels:
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ endpoints:
+ identity:
+ namespace: openstack
+ object_store:
+ namespace: ceph
+ ceph_mon:
+ namespace: ceph
+ deployment:
+ ceph: true
+ client_secrets: false
+ rbd_provisioner: true
+ cephfs_provisioner: true
+ rgw_keystone_user_and_endpoints: false
+ bootstrap:
+ enabled: true
+ pod:
+ replicas:
+ mds: 2
+ mgr: 2
+ rgw: 2
+
+ conf:
+ rgw_ks:
+ enabled: true
+ config:
+ #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
+ rgw_keystone_token_cache_size: '0'
+ pool:
+
+ # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
+ crush:
+ tunables: 'hammer'
+
+ # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ target:
+ osd: 1
+ pg_per_osd: 100
+
+ default:
+ # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ crush_rule: replicated_rule
+
+ ceph:
+ global:
+ # NOTE: This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ osd_pool_default_size: 1
+
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ labels:
+ name: ucp-ceph-client-global
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-client
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-client
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_endpoints
+ path: .osh.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: osh_service_accounts
+ path: .osh.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: osh_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.conf.ceph.global.fsid
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_fsid
+ path: .
+
+data:
+ chart_name: ucp-ceph-client
+ release: ucp-ceph-client
+ namespace: ceph
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-ucp-ceph-client
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-ceph-client
+ values:
+ labels:
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ provisioner:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ mds:
+ node_selector_key: ceph-mds
+ node_selector_value: enabled
+ rgw:
+ node_selector_key: ceph-rgw
+ node_selector_value: enabled
+ mgr:
+ node_selector_key: ceph-mgr
+ node_selector_value: enabled
+ endpoints:
+ identity:
+ namespace: openstack
+ object_store:
+ namespace: ceph
+ ceph_mon:
+ namespace: ceph
+ deployment:
+ ceph: true
+ client_secrets: false
+ rbd_provisioner: true
+ cephfs_provisioner: true
+ rgw_keystone_user_and_endpoints: false
+ bootstrap:
+ enabled: true
+ pod:
+ replicas:
+ mds: 1
+ mgr: 1
+ rgw: 1
+
+ conf:
+ rgw_ks:
+ enabled: true
+ config:
+ #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
+ rgw_keystone_token_cache_size: '0'
+ pool:
+
+ # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
+ crush:
+ tunables: 'hammer'
+
+ # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ target:
+ osd: 1
+ pg_per_osd: 100
+
+ default:
+ # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ crush_rule: same_host
+
+ ceph:
+ global:
+ # NOTE: This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ osd_pool_default_size: 1
+
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-htk
+ dest:
+ path: .source
+data:
+ chart_name: ceph-htk
+ release: ceph-htk
+ namespace: ceph-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-ingress
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ingress
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.ingress
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: ucp-ceph-ingress
+ release: ucp-ceph-ingress
+ namespace: ceph
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ucp-ceph-ingress
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-ceph-ingress
+ values:
+ conf:
+ ingress:
+ proxy-body-size: 20m
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ ingress: 2
+ error_page: 2
+ network:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-body-size: 20m
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+ dependencies:
+ - ucp-ingress-htk
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-mon
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ labels:
+ name: ucp-ceph-mon
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-mon
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-mon
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ceph.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.conf.ceph.global.fsid
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_fsid
+ path: .
+
+data:
+ chart_name: ucp-ceph-mon
+ release: ucp-ceph-mon
+ namespace: ceph
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 1800
+ labels:
+ release_group: airship-ucp-ceph-mon
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-ceph-mon
+ values:
+ logging:
+ fluentd: true
+ labels:
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ mon:
+ node_selector_key: ceph-mon
+ node_selector_value: enabled
+ endpoints:
+ identity:
+ namespace: openstack
+ object_store:
+ namespace: ceph
+ ceph_mon:
+ namespace: ceph
+ fluentd:
+ namespace: osh-infra
+ deployment:
+ ceph: true
+ storage_secrets: true
+ bootstrap:
+ enabled: true
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ storagePolicy: cleartext
+ labels:
+ name: ucp-ceph-osd-global
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ceph-osd
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ceph.ceph-osd
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.public_cidr
+ dest:
+ path: .values.network.public
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .storage.ceph.cluster_cidr
+ dest:
+ path: .values.network.cluster
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.object_store
+ dest:
+ path: .values.endpoints.object_store
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mon
+ dest:
+ path: .values.endpoints.ceph_mon
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ceph.ceph_mgr
+ dest:
+ path: .values.endpoints.ceph_mgr
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ceph.swift.keystone
+ dest:
+ path: .values.endpoints.identity.auth.swift
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.swift.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_swift_keystone_password
+ path: .
+ - dest:
+ path: .values.conf.ceph.global.fsid
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ceph_fsid
+ path: .
+
+data:
+ chart_name: ucp-ceph-osd
+ release: ucp-ceph-osd
+ namespace: ceph
+ protected:
+ continue_processing: true
+ wait:
+ timeout: 900
+ labels:
+ release_group: airship-ucp-ceph-osd
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ values:
+ logging:
+ fluentd: true
+ labels:
+ osd:
+ node_selector_key: ceph-osd
+ node_selector_value: enabled
+ endpoints:
+ identity:
+ namespace: openstack
+ object_store:
+ namespace: ceph
+ ceph_mon:
+ namespace: ceph
+ fluentd:
+ namespace: osh-infra
+ bootstrap:
+ enabled: true
+ conf:
+ storage:
+ osd:
+ - data:
+ type: directory
+ location: /var/lib/openstack-helm/ceph/osd/osd-one
+ journal:
+ type: directory
+ location: /var/lib/openstack-helm/ceph/osd/journal-one
+ osd:
+ # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
+ # cluster with only one OSD. Depending on OSD targeting & site
+ # configuration this can be changed.
+ osd_crush_chooseleaf_type: 0
+ dependencies:
+ - ceph-htk
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-update
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ceph post-install update
+ sequenced: true
+ chart_group:
+ - ucp-ceph-ingress
+ - ucp-ceph-mon
+ - ucp-ceph-osd
+ - ucp-ceph-client-update
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Ceph Storage
+ sequenced: true
+ chart_group:
+ - ucp-ceph-ingress
+ - ucp-ceph-mon
+ - ucp-ceph-osd
+ - ucp-ceph-client
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-core
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Common UCP Components
+ chart_group:
+ - ucp-ingress
+ - ucp-mariadb
+ - ucp-postgresql
+ - ucp-rabbitmq
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ingress
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ingress
+ dest:
+ path: .source
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.ingress
+ dest:
+ path: .values.images.tags
+data:
+ chart_name: ingress
+ release: ingress
+ namespace: ucp
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ingress
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ingress
+ values:
+ conf:
+ ingress:
+ proxy-body-size: 20m
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ ingress: 2
+ error_page: 2
+ network:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-body-size: 20m
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+ dependencies:
+ - ucp-ingress-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ingress-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.ingress-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-ingress-htk
+ release: ucp-ingress-htk
+ namespace: ucp-ingress-htk
+ values: {}
+ dependencies: []
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-mariadb
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.mariadb
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.mariadb
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_db
+ dest:
+ path: .values.endpoints.olso_db
+ # Accounts
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.oslo_db.admin
+ dest:
+ path: .values.endpoints.oslo_db.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_db_admin_password
+ path: .
+
+data:
+ chart_name: ucp-mariadb
+ release: ucp-mariadb
+ namespace: ucp
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ucp-mariadb
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-mariadb
+ values:
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ prometheus_mysql_exporter:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ ingress:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ error_server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ server: 1
+ dependencies:
+ - mariadb-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: mariadb-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.mariadb-htk
+ dest:
+ path: .source
+data:
+ chart_name: mariadb-htk
+ release: mariadb-htk
+ namespace: mariadb-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-postgresql
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.postgresql
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.postgresql
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.postgresql
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.postgresql.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+data:
+ chart_name: ucp-postgresql
+ release: ucp-postgresql
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-postgresql
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-postgresql
+ create: []
+ post:
+ create: []
+ values:
+ conf:
+ postgresql:
+ max_connections: 1000
+ shared_buffers: 2GB
+ development:
+ enabled: false
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - postgres-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: postgres-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.postgresql-htk
+ dest:
+ path: .source
+data:
+ chart_name: postgres-htk
+ release: postgres-htk
+ namespace: postgres-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-rabbitmq
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.rabbitmq
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.rabbitmq
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.oslo_messaging.admin
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_rabbitmq_erlang_cookie
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+ chart_name: ucp-rabbitmq
+ release: ucp-rabbitmq
+ namespace: ucp
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ucp-rabbitmq
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-rabbitmq
+ values:
+ pod:
+ replicas:
+ server: 1
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ prometheus_rabbitmq_exporter:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - ucp-rabbitmq-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-rabbitmq-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.rabbitmq-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-rabbitmq-htk
+ release: ucp-rabbitmq-htk
+ namespace: ucp-rabbitmq-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-barbican
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.barbican
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.barbican
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.key_manager
+ dest:
+ path: .values.endpoints.key_manager
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.barbican.keystone
+ dest:
+ path: .values.endpoints.identity.auth.barbican
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.barbican.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.barbican
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.barbican.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.barbican.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging.auth
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_db_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.barbican.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_barbican_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.barbican.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_barbican_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.barbican.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+data:
+ chart_name: ucp-barbican
+ release: ucp-barbican
+ namespace: ucp
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ucp-barbican
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-barbican
+ post:
+ create: []
+ values:
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - barbican
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_barbican:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: barbican
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('ucp.barbican', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ labels:
+ api:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ pod:
+ replicas:
+ api: 2
+ dependencies:
+ - ucp-barbican-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-barbican-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.barbican-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-barbican-htk
+ release: ucp-barbican-htk
+ namespace: ucp-barbican-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-deckhand
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Deckhand
+ chart_group:
+ # NOTE: Find and add the dogtag chart
+ # - ucp-dogtag
+ - ucp-barbican
+ - ucp-deckhand
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-deckhand
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.deckhand
+ dest:
+ path: .source
+
+ # Images
+
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.deckhand
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.postgresql
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.deckhand
+ dest:
+ path: .values.endpoints.deckhand
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.key_manager
+ dest:
+ path: .values.endpoints.key_manager
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.deckhand.postgres
+ dest:
+ path: .values.endpoints.postgresql.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.deckhand.postgres.database
+ dest:
+ path: .values.endpoints.postgresql.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.deckhand.keystone
+ dest:
+ path: .values.endpoints.identity.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_deckhand_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_deckhand_postgres_password
+ path: .
+data:
+ chart_name: ucp-deckhand
+ release: ucp-deckhand
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-deckhand
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-deckhand
+ post:
+ create: []
+ values:
+ pod:
+ replicas:
+ deckhand: 2
+ conf:
+ deckhand:
+ DEFAULT:
+ debug: true
+ use_stderr: true
+ use_syslog: true
+ keystone_authtoken:
+ memcache_security_strategy: None
+ dependencies:
+ - deckhand-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: deckhand-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.deckhand-htk
+ dest:
+ path: .source
+data:
+ chart_name: deckhand-htk
+ release: deckhand-htk
+ namespace: deckhand-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Divingbell
+ chart_group:
+ - ucp-divingbell
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: ucp-divingbell-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.divingbell
+ dest:
+ path: .source
+ # Image Source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.divingbell
+ dest:
+ path: .values.images
+data:
+ chart_name: ucp-divingbell
+ release: ucp-divingbell
+ namespace: ucp
+ wait:
+ timeout: 300
+ labels:
+ release_group: airship-ucp-divingbell
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-divingbell
+ values:
+ conf:
+ sysctl:
+ # Larger connection tracking table
+ net.nf_conntrack_max: '1048576'
+ # Reboot the node 60 seconds after a kernel panic, instead of default
+ # value of 0 (i.e. never reboot)
+ kernel.panic: '60'
+ # Accept gratuitous ARP to support failover scenarios
+ # https://bugs.launchpad.net/fuel/+bug/1456272
+ net.ipv4.conf.default.arp_accept: '1'
+ net.ipv4.conf.all.arp_accept: '1'
+ # Increased network backlog to optimize performance on fast networks
+ net.core.netdev_max_backlog: '261144'
+ # Optimizations for RabbitMQ failover
+ # https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
+ net.ipv4.tcp_keepalive_intvl: '3'
+ net.ipv4.tcp_keepalive_time: '30'
+ net.ipv4.tcp_keepalive_probes: '8'
+ net.ipv4.tcp_retries2: '5'
+ # Larger thresholds
+ # "Neighbour table overflow" errors that filled kernel logs
+ net.ipv4.neigh.default.gc_thresh1: '4096'
+ net.ipv4.neigh.default.gc_thresh2: '8192'
+ net.ipv4.neigh.default.gc_thresh3: '16384'
+ # It was necessary to set rp_filter to zero to support certain
+ # multi-homed storage backends
+ net.ipv4.conf.default.rp_filter: '0'
+ # Enable byte/packet count for new connections to enable creation of
+ # rules for the connbytes netfilter module
+ net.netfilter.nf_conntrack_acct: '1'
+ # Added in response to error messages seen on genesis host when services
+ # were restarted. "Failed to add /run/systemd/ask-password to directory
+ # watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
+ fs.inotify.max_user_watches: '1048576'
+ dependencies:
+ - ucp-divingbell-htk
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.divingbell-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-divingbell-htk
+ release: ucp-divingbell-htk
+ namespace: ucp-divingbell-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-drydock
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Drydock
+ chart_group:
+ - ucp-maas
+ - ucp-drydock
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-drydock
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.drydock
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.drydock
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.postgresql
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.physicalprovisioner
+ dest:
+ path: .values.endpoints.physicalprovisioner
+
+ # Drydock IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.drydock_api
+ dest:
+ path: .values.network.drydock.node_port.port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.drydock_api
+ dest:
+ path: .values.endpoints.physicalprovisioner.port.api.nodeport
+
+ # MaaS IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.ip
+ dest:
+ path: .values.conf.drydock.maasdriver.maas_api_url
+ pattern: 'MAAS_IP'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.maas_api
+ dest:
+ path: .values.conf.drydock.maasdriver.maas_api_url
+ pattern: 'MAAS_PORT'
+
+ # Credentials
+
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.drydock.postgres
+ dest:
+ path: .values.endpoints.postgresql.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.drydock.postgres.database
+ dest:
+ path: .values.endpoints.postgresql.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.drydock.keystone
+ dest:
+ path: .values.endpoints.identity.auth.user
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_drydock_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_drydock_postgres_password
+ path: .
+
+data:
+ chart_name: drydock
+ release: drydock
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-drydock
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-drydock
+ values:
+ labels:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ network:
+ drydock:
+ node_port:
+ enabled: true
+ conf:
+ drydock:
+ database:
+ pool_size: 200
+ maasdriver:
+ maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS/api/2.0/
+ plugins:
+ ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester
+ dependencies:
+ - drydock-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: drydock-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.drydock-htk
+ dest:
+ path: .source
+data:
+ chart_name: drydock-htk
+ release: drydock-htk
+ namespace: drydock-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-maas-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: ucp-maas-global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.maas
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.maas
+ dest:
+ path: .values.images.tags
+
+ # Drydock IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .bootstrap.ip
+ dest:
+ path: .values.conf.drydock.bootaction_url
+ pattern: '(DRYDOCK_IP)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.drydock_api
+ dest:
+ path: .values.conf.drydock.bootaction_url
+ pattern: '(DRYDOCK_PORT)'
+
+ # MaaS IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .bootstrap.ip
+ dest:
+ path: .values.conf.maas.url.maas_url
+ pattern: '(MAAS_IP)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.maas_api
+ dest:
+ path: .values.conf.maas.url.maas_url
+ pattern: '(MAAS_PORT)'
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.maas_api
+ dest:
+ path: .values.network.gui.node_port.port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.maas_proxy
+ dest:
+ path: .values.network.proxy.node_port.port
+
+ # MaaS Config
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers_joined
+ dest:
+ path: .values.conf.maas.dns.dns_servers
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ntp.servers_joined
+ dest:
+ path: .values.conf.maas.ntp.ntp_servers
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: maas-region-key
+ path: .
+ dest:
+ path: .values.secrets.maas_region.value
+
+ # Endpoint substitutions
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.maas_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.maas_region_ui
+ dest:
+ path: .values.endpoints.maas_region_ui
+
+ # Account and credential substitutions
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.maas_db.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.maas.postgres
+ dest:
+ path: .values.endpoints.maas_db.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.maas.postgres.database
+ dest:
+ path: .values.endpoints.maas_db.path
+ pattern: DB_NAME
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.maas.admin
+ dest:
+ path: .values.endpoints.maas_region_ui.auth.admin
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.maas_region_ui.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_maas_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.maas_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.maas_db.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_maas_postgres_password
+ path: .
+data:
+ chart_name: maas
+ release: maas
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-maas
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-maas
+ values:
+ labels:
+ rack:
+ node_selector_key: maas-control-plane
+ node_selector_value: enabled
+ region:
+ node_selector_key: maas-control-plane
+ node_selector_value: enabled
+ network:
+ proxy:
+ node_port:
+ enabled: true
+ conf:
+ cache:
+ enabled: true
+ drydock:
+ bootaction_url: http://DRYDOCK_IP:DRYDOCK_PORT/api/v1.0/bootactions/nodes/
+ maas:
+ credentials:
+ secret:
+ namespace: ucp
+ url:
+ maas_url: http://MAAS_IP:MAAS_PORT/MAAS
+ proxy:
+ proxy_enabled: 'false'
+ ntp:
+ use_external_only: 'true'
+ disable_ntpd_region: true
+ disable_ntpd_rack: true
+ dns:
+ require_dnssec: 'no'
+ dependencies:
+ - maas-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: maas-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.maas-htk
+ dest:
+ path: .source
+data:
+ chart_name: maas-htk
+ release: maas-htk
+ namespace: maas-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-keystone
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: UCP Keystone components
+ chart_group:
+ - ucp-keystone-memcached
+ - ucp-keystone
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-keystone
+ labels:
+ component: keystone
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.keystone
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.keystone
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: osh_infra_endpoints
+ path: .osh_infra.fluentd
+ dest:
+ path: .values.endpoints.fluentd
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging.auth
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.oslo_db
+ dest:
+ path: .values.endpoints.oslo_db.auth.keystone
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.oslo_db.database
+ dest:
+ path: .values.endpoints.oslo_db.path
+ pattern: DB_NAME
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_messaging.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.keystone.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_oslo_db_password
+ path: .
+ - dest:
+ path: .values.endpoints.oslo_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_db_admin_password
+ path: .
+data:
+ chart_name: ucp-keystone
+ release: ucp-keystone
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-keystone
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-keystone
+ post:
+ create: []
+ values:
+ conf:
+ logging:
+ loggers:
+ keys:
+ - root
+ - keystone
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ - fluent
+ formatters:
+ keys:
+ - context
+ - default
+ - fluent
+ logger_root:
+ level: WARNING
+ handlers: null
+ logger_keystone:
+ level: INFO
+ handlers:
+ - stdout
+ - stderr
+ - fluent
+ qualname: keystone
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ handler_fluent:
+ class: fluent.handler.FluentHandler
+ args: ('ucp.keystone', 'fluentd-logging.osh-infra', 24224)
+ formatter: fluent
+ formatter_fluent:
+ class: oslo_log.formatters.FluentFormatter
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+ pod:
+ replicas:
+ api: 2
+ labels:
+ api:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+
+
+ dependencies:
+ - ucp-keystone-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-keystone-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.keystone-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-keystone-htk
+ release: ucp-keystone-htk
+ namespace: ucp-keystone-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-keystone-memcached
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.memcached
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.memcached
+ dest:
+ path: .values.images.tags
+
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+data:
+ chart_name: ucp-keystone-memcached
+ release: ucp-keystone-memcached
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-keystone-memcached
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-keystone-memcached
+ values:
+ labels:
+ server:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ dependencies:
+ - ucp-memcached-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-memcached-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.memcached-htk
+ dest:
+ path: .source
+data:
+ chart_name: ucp-memcached-htk
+ release: ucp-memcached-htk
+ namespace: ucp-memcached-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-promenade
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Promenade
+ chart_group:
+ - ucp-promenade
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-promenade-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: ucp-promenade-global
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.promenade
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.promenade
+ dest:
+ path: .values.images.tags
+
+ # Endpoints
+
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.kubernetesprovisioner
+ dest:
+ path: .values.endpoints.kubernetesprovisioner
+
+ # Credentials
+
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.promenade.keystone
+ dest:
+ path: .values.endpoints.identity.auth.user
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_promenade_keystone_password
+ path: .
+
+data:
+ chart_name: promenade
+ release: ucp-promenade
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-promenade
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-promenade
+ values:
+ pod:
+ replicas:
+ api: 2
+ env:
+ promenade_api:
+ # this aligns with drydocks timeouts and allows alow responses to
+ # download the external kubernetes client .tgz to still succeed
+ - name: UWSGI_TIMEOUT
+ value: "900"
+ conf:
+ paste:
+ filter:authtoken:
+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ admin_tenant_name: service
+ admin_user: promenade
+ delay_auth_decision: true
+ identity_uri: http://keystone-api.ucp.svc.cluster.local/
+ service_token_roles_required: true
+ dependencies:
+ - promenade-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: promenade-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.promenade-htk
+ dest:
+ path: .source
+data:
+ chart_name: promenade-htk
+ release: promenade-htk
+ namespace: promenade-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-shipyard
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ description: Shipyard
+ chart_group:
+ - ucp-shipyard
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-shipyard
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.shipyard
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.ucp.shipyard
+ dest:
+ path: .values.images.tags
+
+ # Node ports
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.shipyard_api
+ dest:
+ path: .values.network.shipyard.node_port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .node_ports.airflow_web
+ dest:
+ path: .values.network.airflow.web.node_port
+
+ # Endpoints
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.identity
+ dest:
+ path: .values.endpoints.identity
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.postgresql_shipyard_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql
+ dest:
+ path: .values.endpoints.postgresql_airflow_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.postgresql_airflow_celery
+ dest:
+ path: .values.endpoints.postgresql_airflow_celery_db
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.shipyard
+ dest:
+ path: .values.endpoints.shipyard
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.airflow_web
+ dest:
+ path: .values.endpoints.airflow_web
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.airflow_flower
+ dest:
+ path: .values.endpoints.airflow_flower
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_messaging
+ dest:
+ path: .values.endpoints.olso_messaging
+ - src:
+ schema: pegleg/EndpointCatalogue/v1
+ name: ucp_endpoints
+ path: .ucp.oslo_cache
+ dest:
+ path: .values.endpoints.oslo_cache
+
+ # Database path
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.shipyard.postgres.database
+ dest:
+ path: .values.endpoints.postgresql_shipyard_db.path
+ pattern: 'DB_NAME'
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.airflow.postgres.database
+ dest:
+ path: .values.endpoints.postgresql_airflow_db.path
+ pattern: 'DB_NAME'
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.airflow.postgres.database
+ dest:
+ path: .values.endpoints.postgresql_airflow_celery_db.path
+ pattern: 'DB_NAME'
+ # Credentials
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql_shipyard_db.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql_airflow_db.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.postgres.admin
+ dest:
+ path: .values.endpoints.postgresql_airflow_celery_db.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.keystone.admin
+ dest:
+ path: .values.endpoints.identity.auth.admin
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.shipyard.postgres
+ dest:
+ path: .values.endpoints.postgresql_shipyard_db.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.airflow.postgres
+ dest:
+ path: .values.endpoints.postgresql_airflow_db.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.airflow.postgres
+ dest:
+ path: .values.endpoints.postgresql_airflow_celery_db.auth.user
+ - src:
+ schema: pegleg/AccountCatalogue/v1
+ name: ucp_service_accounts
+ path: .ucp.airflow.oslo_messaging
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user
+
+ # Secrets
+ - dest:
+ path: .values.endpoints.identity.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_keystone_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_shipyard_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_airflow_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_airflow_celery_db.auth.admin.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_postgres_admin_password
+ path: .
+ - dest:
+ path: .values.endpoints.identity.auth.shipyard.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_shipyard_keystone_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_shipyard_db.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_shipyard_postgres_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_airflow_db.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_airflow_postgres_password
+ path: .
+ - dest:
+ path: .values.endpoints.postgresql_airflow_celery_db.auth.user.password
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_airflow_postgres_password
+ path: .
+ - src:
+ schema: deckhand/Passphrase/v1
+ name: ucp_oslo_messaging_password
+ path: .
+ dest:
+ path: .values.endpoints.oslo_messaging.auth.user.password
+
+data:
+ chart_name: shipyard
+ release: ucp-shipyard
+ namespace: ucp
+ wait:
+ timeout: 600
+ labels:
+ release_group: airship-ucp-shipyard
+ install:
+ no_hooks: false
+ upgrade:
+ no_hooks: false
+ pre:
+ delete:
+ - type: job
+ labels:
+ release_group: airship-ucp-shipyard
+ values:
+ endpoints:
+ postgresql_airflow_db:
+ name: postgresql
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: postgresql+psycopg2
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ postgresql_shipyard_db:
+ name: postgresql
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: postgresql+psycopg2
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ prod_environment: true
+ pod:
+ replicas:
+ shipyard:
+ api: 2
+ airflow:
+ web: 2
+ worker: 2
+ flower: 2
+ scheduler: 2
+ labels:
+ job:
+ node_selector_key: ucp-control-plane
+ node_selector_value: enabled
+ network:
+ shipyard:
+ enable_node_port: true
+ airflow:
+ web:
+ enable_node_port: true
+ conf:
+ shipyard:
+ keystone_authtoken:
+ memcache_security_strategy: None
+ dependencies:
+ - shipyard-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: shipyard-htk
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.ucp.shipyard-htk
+ dest:
+ path: .source
+data:
+ chart_name: shipyard-htk
+ release: shipyard-htk
+ namespace: shipyard-htk
+ values: {}
+ dependencies: []
+...
--- /dev/null
+---
+schema: promenade/Docker/v1
+metadata:
+ schema: metadata/Document/v1
+ name: docker-global
+ labels:
+ promenade: enabled
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ config:
+ live-restore: true
+ storage-driver: overlay2
+...
--- /dev/null
+---
+schema: promenade/Kubelet/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubelet
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.pause
+ dest:
+ path: .images.pause
+data:
+ arguments:
+ - --cni-bin-dir=/opt/cni/bin
+ - --cni-conf-dir=/etc/cni/net.d
+ - --eviction-max-pod-grace-period=-1
+ - --network-plugin=cni
+ - --node-status-update-frequency=5s
+ - --max-pods=200
+ - --pods-per-core=10
--- /dev/null
+---
+schema: pegleg/SoftwareVersions/v1
+metadata:
+ schema: metadata/Document/v1
+ name: software-versions
+ layeringDefinition:
+ abstract: false
+ layer: global
+ labels:
+ name: software-versions-global
+ storagePolicy: cleartext
+data:
+ charts:
+ kubernetes:
+ calico:
+ etcd:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/etcd
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ etcd-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ calico:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: calico
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ calico-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ apiserver:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/apiserver
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ apiserver-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ controller-manager:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/controller_manager
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ controller-manager-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ coredns:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/coredns
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ coredns-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ haproxy:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/haproxy
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ haproxy-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ etcd:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/etcd
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ etcd-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ ingress:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: ingress
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ ingress-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ proxy:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/proxy
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ proxy-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ scheduler:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/scheduler
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ scheduler-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ osh_infra:
+ helm_toolkit:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ elasticsearch:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: elasticsearch
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ fluent_logging:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: fluent-logging
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ kibana:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: kibana
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ prometheus:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: prometheus
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ prometheus_node_exporter:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: prometheus-node-exporter
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ prometheus_kube_state_metrics:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: prometheus-kube-state-metrics
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ prometheus_alertmanager:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: prometheus-alertmanager
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ grafana:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: grafana
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ prometheus_openstack_exporter:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: prometheus-openstack-exporter
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ nagios:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: nagios
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ osh:
+ helm_toolkit:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 5ae782ff52a2604fb1f392d77a018896f29dae49
+ barbican:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: barbican
+ reference: 332a3da0054e154c003256107a0907774531df79
+ cinder:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: cinder
+ reference: 332a3da0054e154c003256107a0907774531df79
+ glance:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: glance
+ reference: 332a3da0054e154c003256107a0907774531df79
+ heat:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: heat
+ reference: 332a3da0054e154c003256107a0907774531df79
+ horizon:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: horizon
+ reference: 332a3da0054e154c003256107a0907774531df79
+ ingress:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: ingress
+ reference: 332a3da0054e154c003256107a0907774531df79
+ keystone:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: keystone
+ reference: 332a3da0054e154c003256107a0907774531df79
+ libvirt:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: libvirt
+ reference: 82d99e8f7a7c892555d97adc08b01b8e8cc1ff81
+ mariadb:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: mariadb
+ reference: 332a3da0054e154c003256107a0907774531df79
+ memcached:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: memcached
+ reference: 332a3da0054e154c003256107a0907774531df79
+ neutron:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: neutron
+ reference: 332a3da0054e154c003256107a0907774531df79
+ nova:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: nova
+ reference: 332a3da0054e154c003256107a0907774531df79
+ openvswitch:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: openvswitch
+ reference: 20d863ce9d18203f2c6a1d679d0cec2bd4fa550d
+ rabbitmq:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: rabbitmq
+ reference: 332a3da0054e154c003256107a0907774531df79
+ ucp:
+ armada:
+ type: git
+ location: https://git.openstack.org/openstack/airship-armada
+ subpath: charts/armada
+ reference: 0a5b74440c81ac9d7f84cf7b553f21bed01401e6
+ armada-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ barbican:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: barbican
+ reference: 8dc986740c83487261efa6540f89d5dbea211f98
+ barbican-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ ceph-mon:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: ceph-mon
+ reference: e19be77f087995faccf06dd834a203fb2154a5f3
+ ceph-osd:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: ceph-osd
+ reference: e19be77f087995faccf06dd834a203fb2154a5f3
+ ceph-client:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: ceph-client
+ reference: e19be77f087995faccf06dd834a203fb2154a5f3
+ ceph-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ deckhand:
+ type: git
+ location: https://git.openstack.org/openstack/airship-deckhand
+ subpath: charts/deckhand
+ reference: 0ac33c233d59a731bf289db23ec4a882ff359168
+ deckhand-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: helm-toolkit
+ reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
+ divingbell:
+ type: git
+ location: https://git.openstack.org/openstack/airship-divingbell
+ subpath: divingbell
+ reference: 4e074ec0c24ec285dc3ac02e2a347a0033dad454
+ divingbell-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ drydock:
+ type: git
+ location: https://git.openstack.org/openstack/airship-drydock
+ subpath: charts/drydock
+ reference: 7b6af1bdc9bdc8e8084dd825598100f9e1db163b
+ drydock-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: helm-toolkit
+ reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
+ ingress:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: ingress
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ ingress-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ postgresql:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: postgresql
+ reference: fbfcb51c31e21331ceb20b6108b739c5e2ad48f5
+ postgresql-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ promenade:
+ type: git
+ location: https://git.openstack.org/openstack/airship-promenade
+ subpath: charts/promenade
+ reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
+ promenade-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ keystone:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: keystone
+ reference: 8dc986740c83487261efa6540f89d5dbea211f98
+ keystone-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ maas:
+ type: git
+ location: https://git.openstack.org/openstack/airship-maas
+ subpath: charts/maas
+ reference: 10d4966810bab5d815245820db7dc5ae160e6c4f
+ maas-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: helm-toolkit
+ reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
+ mariadb:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: mariadb
+ reference: fbfcb51c31e21331ceb20b6108b739c5e2ad48f5
+ mariadb-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: c0c5199fb20335b3e8839163129372059a876ce8
+ memcached:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm
+ subpath: memcached
+ reference: 8dc986740c83487261efa6540f89d5dbea211f98
+ memcached-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ rabbitmq:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: rabbitmq
+ reference: 61829c0d45afbfe52dcbf15157048a59614aa2d0
+ rabbitmq-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: aac1c4e8c02680a159235c6097db0ed66cfbe104
+ shipyard:
+ type: git
+ location: https://git.openstack.org/openstack/airship-shipyard
+ subpath: charts/shipyard
+ reference: 165c845e3e7459d2a4892ed4ca910b00675e7561
+ shipyard-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ tiller:
+ type: git
+ location: https://git.openstack.org/openstack/airship-armada
+ subpath: charts/tiller
+ reference: 0a5b74440c81ac9d7f84cf7b553f21bed01401e6
+ tiller-htk:
+ type: git
+ location: https://git.openstack.org/openstack/openstack-helm-infra
+ subpath: helm-toolkit
+ reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
+ files:
+ kubelet: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
+
+ images_refs:
+ images:
+ dep_check: &dep_check quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ heat: &heat docker.io/openstackhelm/heat:ocata
+ neutron: &neutron docker.io/openstackhelm/neutron:ocata
+ neutron_sriov_agent: &neutron_sriov docker.io/openstackhelm/neutron:ocata-sriov-1804
+ neutron_sriov_agent_init: &neutron_sriov_init docker.io/openstackhelm/neutron:ocata-sriov-1804
+ horizon: &horizon docker.io/openstackhelm/horizon:ocata
+ cinder: &cinder docker.io/openstackhelm/cinder:ocata
+ keystone: &keystone docker.io/openstackhelm/keystone:ocata
+ nova: &nova docker.io/openstackhelm/nova:ocata
+ glance: &glance docker.io/openstackhelm/glance:ocata
+ rabbitmq: &rabbitmq docker.io/rabbitmq:3.7-management
+ rally_test: &rally_test docker.io/kolla/ubuntu-source-rally:4.0.0
+ memcached: &memcached docker.io/memcached:1.5.5
+ mariadb_db: &mariadb_db docker.io/mariadb:10.2.13
+ nova_novncproxy: &nova_novncproxy docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
+ nova_spiceproxy: &nova_spiceproxy docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
+ ceph_daemon: &ceph_daemon docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
+ openvswitch: &openvswitch docker.io/openstackhelm/openvswitch:v2.8.1
+ os_barbican: &os_barbican docker.io/openstackhelm/barbican:ocata
+ libvirt: &libvirt docker.io/openstackhelm/libvirt:ubuntu-xenial-1.3.1
+ ingress_controller: &ingress_controller quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+ ingress_error_pages: &ingress_error_pages gcr.io/google-containers/defaultbackend:1.0
+ # should probably be moved to https://quay.io/repository/airshipit/
+ storage_init: &storage_init docker.io/port/ceph-config-helper:v1.10.2
+ keystone: &ref_keystone
+ ks_endpoints: *heat
+ ks_service: *heat
+ ks_user: *heat
+
+ images:
+ ucp:
+ armada:
+ api: quay.io/airshipit/armada:0a5b74440c81ac9d7f84cf7b553f21bed01401e6
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_user: docker.io/openstackhelm/heat:ocata
+ image_repo_sync: docker.io/docker:17.07.0
+ helm: docker.io/lachlanevenson/k8s-helm:v2.9.1
+ tiller: gcr.io/kubernetes-helm/tiller:v2.9.1
+ promenade:
+ promenade: quay.io/airshipit/promenade:7a06bef72c0bfd799c2353b8213627f6a0826251
+ ks_user: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ deckhand:
+ deckhand: quay.io/airshipit/deckhand:0ac33c233d59a731bf289db23ec4a882ff359168
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ db_init: docker.io/postgres:9.5
+ db_sync: quay.io/airshipit/deckhand:0ac33c233d59a731bf289db23ec4a882ff359168
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_user: docker.io/openstackhelm/heat:ocata
+ barbican:
+ bootstrap: docker.io/openstackhelm/heat:ocata
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ scripted_test: docker.io/openstackhelm/heat:ocata
+ db_init: docker.io/openstackhelm/heat:ocata
+ barbican_db_sync: docker.io/openstackhelm/barbican:ocata
+ db_drop: docker.io/openstackhelm/heat:ocata
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_user: docker.io/openstackhelm/heat:ocata
+ barbican_api: docker.io/openstackhelm/barbican:ocata
+ rabbit_init: docker.io/rabbitmq:3.7-management
+ divingbell:
+ divingbell: docker.io/ubuntu:16.04
+ drydock:
+ drydock: quay.io/airshipit/drydock:7b6af1bdc9bdc8e8084dd825598100f9e1db163b
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ ks_user: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ drydock_db_init: docker.io/postgres:9.5
+ drydock_db_sync: quay.io/airshipit/drydock:7b6af1bdc9bdc8e8084dd825598100f9e1db163b
+ ingress:
+ entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+ error_pages: gcr.io/google-containers/defaultbackend:1.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ shipyard:
+ # should probably point to docker.io/puckel/docker-airflow:xxxxxx
+ airflow: quay.io/airshipit/airflow:165c845e3e7459d2a4892ed4ca910b00675e7561
+ shipyard: quay.io/airshipit/shipyard:165c845e3e7459d2a4892ed4ca910b00675e7561
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ shipyard_db_init: docker.io/postgres:9.5
+ shipyard_db_sync: quay.io/airshipit/shipyard:165c845e3e7459d2a4892ed4ca910b00675e7561
+ airflow_db_init: docker.io/postgres:9.5
+ # should probably point to docker.io/puckel/docker-airflow:xxxxxx
+ airflow_db_sync: quay.io/airshipit/airflow:165c845e3e7459d2a4892ed4ca910b00675e7561
+ ks_user: docker.io/openstackhelm/heat:ocata
+ ks_service: docker.io/openstackhelm/heat:ocata
+ ks_endpoints: docker.io/openstackhelm/heat:ocata
+ image_repo_sync: docker.io/docker:17.07.0
+ maas:
+ db_init: docker.io/postgres:9.5
+ db_sync: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
+ maas_rack: quay.io/airshipit/maas-rack-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
+ maas_region: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
+ bootstrap: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
+ export_api_key: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
+ maas_cache: quay.io/airshipit/sstream-cache:10d4966810bab5d815245820db7dc5ae160e6c4f
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ keystone:
+ bootstrap: docker.io/openstackhelm/heat:ocata
+ test: docker.io/kolla/ubuntu-source-rally:4.0.0
+ db_init: docker.io/openstackhelm/heat:ocata
+ keystone_db_sync: docker.io/openstackhelm/keystone:ocata
+ db_drop: docker.io/openstackhelm/heat:ocata
+ ks_user: docker.io/openstackhelm/heat:ocata
+ keystone_fernet_setup: docker.io/openstackhelm/keystone:ocata
+ keystone_fernet_rotate: docker.io/openstackhelm/keystone:ocata
+ keystone_credential_setup: docker.io/openstackhelm/keystone:ocata
+ keystone_credential_rotate: docker.io/openstackhelm/keystone:ocata
+ keystone_api: docker.io/openstackhelm/keystone:ocata
+ keystone_domain_manage: docker.io/openstackhelm/keystone:ocata
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ rabbit_init: docker.io/rabbitmq:3.7-management
+ image_repo_sync: docker.io/docker:17.07.0
+ tiller:
+ tiller: gcr.io/kubernetes-helm/tiller:v2.9.1
+ mariadb:
+ mariadb: docker.io/mariadb:10.2.13
+ ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+ error_pages: gcr.io/google-containers/defaultbackend:1.0
+ prometheus_create_mysql_user: docker.io/mariadb:10.2.13
+ prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0
+ prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:ocata
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ postgresql:
+ postgresql: docker.io/postgres:9.5
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ memcached:
+ memcached: docker.io/memcached:1.5.5
+ prometheus_memcached_exporter: docker.io/prom/memcached-exporter:v0.4.1
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ rabbitmq:
+ prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0
+ prometheus_rabbitmq_exporter_helm_tests: docker.io/openstackhelm/heat:ocata
+ rabbitmq: docker.io/rabbitmq:3.7.4
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ scripted_test: docker.io/rabbitmq:3.7-management
+ image_repo_sync: docker.io/docker:17.07.0
+ osh:
+ memcached:
+ dep_check: *dep_check
+ memcached: *memcached
+ barbican:
+ bootstrap: *heat
+ dep_check: *dep_check
+ scripted_test: *heat
+ db_init: *heat
+ barbican_db_sync: *os_barbican
+ db_drop: *heat
+ <<: *ref_keystone
+ barbican_api: *os_barbican
+ rabbit_init: *rabbitmq
+ cinder:
+ test: *rally_test
+ db_init: *heat
+ cinder_db_sync: *cinder
+ db_drop: *heat
+ <<: *ref_keystone
+ cinder_api: *cinder
+ bootstrap: *heat
+ cinder_scheduler: *cinder
+ cinder_volume: *cinder
+ cinder_volume_usage_audit: *cinder
+ cinder_storage_init: *storage_init
+ cinder_backup: *cinder
+ cinder_backup_storage_init: *storage_init
+ dep_check: *dep_check
+ rabbit_init: *rabbitmq
+ glance:
+ test: *rally_test
+ glance_storage_init: *storage_init
+ db_init: *heat
+ glance_db_sync: *glance
+ db_drop: *heat
+ <<: *ref_keystone
+ glance_api: *glance
+ glance_registry: *glance
+ # Bootstrap image requires curl
+ bootstrap: *heat
+ dep_check: *dep_check
+ rabbit_init: *rabbitmq
+ heat:
+ bootstrap: *heat
+ db_init: *heat
+ heat_db_sync: *heat
+ db_drop: *heat
+ <<: *ref_keystone
+ heat_api: *heat
+ heat_cfn: *heat
+ heat_cloudwatch: *heat
+ heat_engine: *heat
+ heat_engine_cleaner: *heat
+ dep_check: *dep_check
+ rabbit_init: *rabbitmq
+ horizon:
+ db_init: *heat
+ horizon_db_sync: *horizon
+ db_drop: *heat
+ horizon: *horizon
+ dep_check: *dep_check
+ ingress:
+ entrypoint: *dep_check
+ ingress: *ingress_controller
+ error_pages: *ingress_error_pages
+ dep_check: *dep_check
+ keystone:
+ bootstrap: *heat
+ test: *rally_test
+ db_init: *heat
+ keystone_db_sync: *keystone
+ db_drop: *heat
+ <<: *ref_keystone
+ keystone_fernet_setup: *keystone
+ keystone_fernet_rotate: *keystone
+ keystone_credential_setup: *keystone
+ keystone_credential_rotate: *keystone
+ keystone_api: *keystone
+ keystone_domain_manage: *keystone
+ dep_check: *dep_check
+ rabbit_init: *rabbitmq
+ libvirt:
+ libvirt: *libvirt
+ dep_check: *dep_check
+ mariadb:
+ mariadb: *mariadb_db
+ ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+ error_pages: gcr.io/google-containers/defaultbackend:1.0
+ prometheus_create_mysql_user: *mariadb_db
+ prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0
+ prometheus_mysql_exporter_helm_tests: *heat
+ dep_check: *dep_check
+ image_repo_sync: docker.io/docker:17.07.0
+ neutron:
+ bootstrap: *heat
+ test: *rally_test
+ db_init: *heat
+ neutron_db_sync: *neutron
+ db_drop: *heat
+ <<: *ref_keystone
+ neutron_server: *neutron
+ neutron_dhcp: *neutron
+ neutron_metadata: *neutron
+ neutron_l3: *neutron
+ neutron_openvswitch_agent: *neutron
+ neutron_linuxbridge_agent: *neutron
+ neutron_sriov_agent: *neutron_sriov
+ neutron_sriov_agent_init: *neutron_sriov_init
+ dep_check: *dep_check
+ rabbit_init: *rabbitmq
+ nova:
+ bootstrap: *heat
+ db_drop: *heat
+ db_init: *heat
+ dep_check: *dep_check
+ <<: *ref_keystone
+ nova_api: *nova
+ nova_cell_setup: *nova
+ nova_cell_setup_init: *heat
+ nova_compute: *nova
+ nova_compute_ssh: *nova
+ nova_conductor: *nova
+ nova_consoleauth: *nova
+ nova_db_sync: *nova
+ nova_novncproxy: *nova
+ nova_novncproxy_assets: *nova_novncproxy
+ nova_placement: *nova
+ nova_scheduler: *nova
+ nova_spiceproxy: *nova
+ nova_spiceproxy_assets: *nova_spiceproxy
+ test: *rally_test
+ rabbit_init: *rabbitmq
+ openvswitch:
+ openvswitch_db_server: *openvswitch
+ openvswitch_vswitchd: *openvswitch
+ dep_check: *dep_check
+ rabbitmq:
+ prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0
+ prometheus_rabbitmq_exporter_helm_tests: *heat
+ rabbitmq: docker.io/rabbitmq:3.7.4
+ dep_check: *dep_check
+ osh_infra:
+ elasticsearch:
+ apache_proxy: docker.io/httpd:2.4
+ memory_init: *heat
+ curator: docker.io/bobrik/curator:5.2.0
+ elasticsearch: docker.io/elasticsearch:5.6.4
+ helm_tests: *heat
+ prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ snapshot_repository: *heat
+ image_repo_sync: docker.io/docker:17.07.0
+ fluent_logging:
+ fluentbit: docker.io/fluent/fluent-bit:0.12.14
+ fluentd: docker.io/kolla/ubuntu-source-fluentd:ocata
+ # should be moved to somewhere...
+ prometheus_fluentd_exporter: docker.io/srwilkers/fluentd_exporter:v0.1
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ helm_tests: *heat
+ elasticsearch_template: *heat
+ image_repo_sync: docker.io/docker:17.07.0
+ kibana:
+ apache_proxy: docker.io/httpd:2.4
+ kibana: docker.elastic.co/kibana/kibana:5.6.4
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ prometheus:
+ prometheus: docker.io/prom/prometheus:v2.0.0
+ helm_tests: *heat
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ prometheus_node_exporter:
+ node_exporter: docker.io/prom/node-exporter:v0.15.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ prometheus_kube_state_metrics:
+ kube_state_metrics: docker.io/bitnami/kube-state-metrics:1.3.1
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ prometheus_alertmanager:
+ alertmanager: docker.io/prom/alertmanager:v0.11.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ prometheus_openstack_exporter:
+ prometheus_openstack_exporter: quay.io/attcomdev/prometheus-openstack-exporter:3231f14419f0c47547ce2551b7d884cd222104e6
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ <<: *ref_keystone
+ grafana:
+ grafana: docker.io/grafana/grafana:5.0.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ db_init: *heat
+ grafana_db_session_sync: *heat
+ image_repo_sync: docker.io/docker:17.07.0
+ nagios:
+ apache_proxy: docker.io/httpd:2.4
+ # should probably be moved to airshipit
+ # 'latest' refers to '4852dfd1455db6fb2330744c599b0c2ada3c78f5', however latest pushed is '11b061a3afe6e4671d98900d7249b5ad5090fd73'
+ nagios: quay.io/attcomdev/nagios:4852dfd1455db6fb2330744c599b0c2ada3c78f5
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+ ceph:
+ ceph-mon:
+ fluentbit: docker.io/fluent/fluent-bit:0.12.14
+ ceph_bootstrap: *ceph_daemon
+ ceph_config_helper: docker.io/port/ceph-config-helper:v1.10.2
+ ceph_mon: *ceph_daemon
+ ceph_mon_check: docker.io/port/ceph-config-helper:v1.10.2
+ dep_check: *dep_check
+ image_repo_sync: docker.io/docker:17.07.0
+ ceph-osd:
+ fluentbit: docker.io/fluent/fluent-bit:0.12.14
+ ceph_osd: *ceph_daemon
+ ceph_bootstrap: *ceph_daemon
+ dep_check: *dep_check
+ image_repo_sync: docker.io/docker:17.07.0
+ ceph-client:
+ ceph_bootstrap: *ceph_daemon
+ ceph_cephfs_provisioner: quay.io/external_storage/cephfs-provisioner:v0.1.1
+ ceph_config_helper: docker.io/port/ceph-config-helper:v1.10.2
+ ceph_mds: *ceph_daemon
+ ceph_mgr: *ceph_daemon
+ ceph_rbd_pool: docker.io/port/ceph-config-helper:v1.10.2
+ ceph_rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1
+ ceph_rgw: *ceph_daemon
+ dep_check: *dep_check
+ <<: *ref_keystone
+ image_repo_sync: docker.io/docker:17.07.0
+ kubernetes:
+ apiserver:
+ anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ apiserver: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ controller-manager:
+ anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ controller_manager: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ coredns:
+ coredns: docker.io/coredns/coredns:1.1.2
+ test: docker.io/coredns/coredns:1.1.2
+ haproxy:
+ haproxy: docker.io/haproxy:1.8.3
+ anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ test: docker.io/python:3.6
+ etcd:
+ # quay.io/coreos/etcd:v3.2.14
+ etcd: quay.io/coreos/etcd:v3.2.14
+ etcdctl: quay.io/coreos/etcd:v3.2.14
+ ingress:
+ entrypoint: *dep_check
+ ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+ error_pages: gcr.io/google-containers/defaultbackend:1.0
+ dep_check: *dep_check
+ image_repo_sync: docker.io/docker:17.07.0
+
+ kubectl: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ pause: gcr.io/google-containers/pause-amd64:3.1
+
+ scheduler:
+ anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ scheduler: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ proxy:
+ proxy: gcr.io/google-containers/hyperkube-amd64:v1.10.2
+ calico:
+ etcd:
+ etcd: quay.io/coreos/etcd:v3.2.14
+ etcdctl: quay.io/coreos/etcd:v3.2.14
+ calico:
+ calico_etcd: quay.io/coreos/etcd:v3.2.14
+ calico_node: quay.io/calico/node:v2.6.9
+ calico_cni: quay.io/calico/cni:v1.11.5
+ calico_ctl: quay.io/calico/ctl:v1.6.4
+ calico_settings: quay.io/calico/ctl:v1.6.4
+ calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ image_repo_sync: docker.io/docker:17.07.0
+
+ packages:
+ repositories:
+ main_archive:
+ repo_type: apt
+ url: 'http://us.archive.ubuntu.com/ubuntu'
+ distributions:
+ - 'xenial'
+ components:
+ - 'main'
+ - 'universe'
+ - 'multiverse'
+ subrepos:
+ - 'security'
+ - 'updates'
+ - 'backports'
+ docker:
+ repo_type: apt
+ url: 'http://apt.dockerproject.org/repo'
+ distributions:
+ - ubuntu-xenial
+ components:
+ - main
+ gpgkey: |-
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
+ ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
+ mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
+ TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
+ dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
+ X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
+ HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
+ NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
+ hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
+ 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
+ zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
+ tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
+ Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+ AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
+ Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
+ 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
+ uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
+ 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
+ L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
+ YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
+ 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
+ jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
+ HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
+ MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
+ TvBR8Q==
+ =Fm3p
+ -----END PGP PUBLIC KEY BLOCK-----
+ named:
+ docker: docker-engine=1.13.1-0~ubuntu-xenial
+ socat: socat=1.7.3.1-1
+ unnamed:
+ - ceph-common=10.2.11-0ubuntu0.16.04.1
+...
--- /dev/null
+---
+schema: armada/Manifest/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-bootstrap
+ layeringDefinition:
+ abstract: false
+ layer: global
+ storagePolicy: cleartext
+data:
+ release_prefix: airship
+ chart_groups:
+ - kubernetes-proxy
+ - kubernetes-container-networking
+ - kubernetes-dns
+ - kubernetes-etcd
+ - kubernetes-haproxy
+ - kubernetes-core
+ - ingress-kube-system
+ - ucp-ceph
+ - ucp-ceph-config
+ - ucp-core
+ - ucp-keystone
+ - ucp-divingbell
+ - ucp-armada
+ - ucp-deckhand
+ - ucp-drydock
+ - ucp-promenade
+ - ucp-shipyard
--- /dev/null
+---
+schema: armada/Manifest/v1
+metadata:
+ schema: metadata/Document/v1
+ name: full-site-global
+ layeringDefinition:
+ abstract: true
+ layer: global
+ labels:
+ name: full-site-global
+ storagePolicy: cleartext
+data:
+ release_prefix: airship
+ chart_groups:
+ - kubernetes-proxy
+ - kubernetes-container-networking
+ - kubernetes-dns
+ - kubernetes-etcd
+ - kubernetes-haproxy
+ - kubernetes-core
+ - ingress-kube-system
+ - ucp-ceph-update
+ - ucp-ceph-config
+ - ucp-core
+ - ucp-keystone
+ - ucp-divingbell
+ - ucp-armada
+ - ucp-deckhand
+ - ucp-drydock
+ - ucp-promenade
+ - ucp-shipyard
+ - osh-infra-ingress-controller
+ - osh-infra-ceph-config
+ - osh-infra-logging
+ - osh-infra-monitoring
+ - osh-infra-mariadb
+ - osh-infra-dashboards
+ - openstack-ingress-controller
+ - openstack-ceph-config
+ - openstack-mariadb
+ - openstack-memcached
+ - openstack-compute-services
+ - openstack-keystone
+ - openstack-radosgw
+ - openstack-glance
+ - openstack-cinder
+ - openstack-compute-kit
+ - openstack-heat
+ - osh-infra-prometheus-openstack-exporter
+ - openstack-horizon
+ - openstack-barbican
+...
--- /dev/null
+---
+# This file defines a boot action which is responsible for fetching the node's
+# promjoin script from the promenade API. This is the script responsible for
+# installing kubernetes on the node and joining the kubernetes cluster.
+# #GLOBAL-CANDIDATE#
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: promjoin
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+data:
+ signaling: false
+ # TODO(alanmeadows) move what is global about this document
+ assets:
+ - path: /opt/promjoin.sh
+ type: file
+ permissions: '555'
+ # The ip= parameter must match the MaaS network name of the network used
+ # to contact kubernetes. With a standard, reference Airship deployment where
+ # L2 networks are shared between all racks, the network name (i.e. calico)
+ # should be correct.
+ location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+ location_pipeline:
+ - template
+ data_pipeline:
+ - utf8_decode
+...
--- /dev/null
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only three bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a difference
+# place (profiles/genesis.yaml).
+# NOTE: The host profiles for the control plane are further divided into two
+# variants: primary and secondary. The only significance this has is that the
+# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
+# standby nodes. For Ceph quorum, this means that the control plane split will
+# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
+# of the 3 primary profiles. Other control plane services are not affected by
+# primary vs secondary designation.
+#
+# TODO: Include the hostname naming convention
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+ # after (excluding) genesis.
+ name: cab23-r720-12
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+ # node. In the reference Airship deployment, this is all logical Networks defined
+ # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+ # (what could possibly go wrong!) The instructions differ for each logical
+ # network, which are laid out below.
+ addressing:
+ # The iDrac/iLo IP of the node. It's important that this match up with the
+ # node's hostname above, so that the rack number and node position encoded
+ # in the hostname are accurate and matching the node that IPMI operations
+ # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+ # reconfigure identity, etc - very important to get right for these reasons).
+ # These addresses should already be assigned to nodes racked and stacked in
+ # the environment; these are not addresses which MaaS assigns.
+ - network: oob
+ address: 10.23.104.12
+ # The IP of the node on the PXE network. Refer to the static IP range
+ # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
+ # IPs from this network, starting with the second IP (inclusive) from the
+ # allocation range of this subnet (Genesis node will have the first IP).
+ # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
+ # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
+ # so on with incrementing IP addresses with each additional node.
+ - network: pxe
+ address: 10.23.20.12
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: oam
+ address: 10.23.21.12
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: storage
+ address: 10.23.23.12
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: overlay
+ address: 10.23.24.12
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: calico
+ address: 10.23.22.12
+ # NEWSITE-CHANGEME: Set the host profile for the node.
+ # Note that there are different host profiles depending if this is a control
+ # plane vs data plane node, and different profiles that map to different types
+ # hardware. Control plane host profiles are further broken down into "primary"
+ # and "secondary" profiles (refer to the Notes section at the top of this doc).
+ # Select the host profile that matches up to your type of
+ # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+ # 'cp' refers to a control plane profile, and the "primary" means it will be
+ # an active member in the ceph quorum. Refer to profiles/host/ for the list
+ # of available host profiles specific to this site (otherwise, you may find
+ # a general set of host profiles at the "type" or "global" layers/folders.
+ # If you have hardware that is not on this list of profiles, you may need to
+ # create a new host profile for that hardware.
+ # Regarding control plane vs other data plane profiles, refer to the notes at
+ # the beginning of this file. There should be one control plane node per rack,
+ # including Genesis. Note Genesis won't actually be listed in this file as a
+ # BaremetalNode, but the rest are.
+ # This is the second "primary" control plane node after Genesis.
+ host_profile: cp_r720-primary
+ metadata:
+ tags:
+ # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+ # plane node, and 'workers' tag for data plane hosts.
+ - 'masters'
+ # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+ # documentation for the specific rack name. This should be a rack name that
+ # is meaningful to data center personnel (i.e. a rack they could locate if
+ # you gave them this rack designation).
+ rack: cab23
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: cab23-r720-13
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.23.104.13
+ - network: pxe
+ address: 10.23.20.13
+ - network: oam
+ address: 10.23.21.13
+ - network: storage
+ address: 10.23.23.13
+ - network: overlay
+ address: 10.23.24.13
+ - network: calico
+ address: 10.23.22.13
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: cp_r720-primary
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: cab23-r720-14
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.23.104.14
+ - network: pxe
+ address: 10.23.20.14
+ - network: oam
+ address: 10.23.21.14
+ - network: storage
+ address: 10.23.23.14
+ - network: overlay
+ address: 10.23.24.14
+ - network: calico
+ address: 10.23.22.14
+ # NEWSITE-CHANGEME: The next node's host profile
+ # This is the third "primary" control plane profile after genesis
+ host_profile: cp_r740-secondary
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: cab23-r720-17
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.23.104.17
+ - network: pxe
+ address: 10.23.20.17
+ - network: oam
+ address: 10.23.21.17
+ - network: storage
+ address: 10.23.23.17
+ - network: overlay
+ address: 10.23.24.17
+ - network: calico
+ address: 10.23.22.17
+ # NEWSITE-CHANGEME: The next node's host profile
+ # This is the one and only appearance of the "secondary" control plane profile
+ host_profile: dp_r720
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: cab23-r720-19
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.23.104.19
+ - network: pxe
+ address: 10.23.20.19
+ - network: oam
+ address: 10.23.21.19
+ - network: storage
+ address: 10.23.23.19
+ - network: overlay
+ address: 10.23.24.19
+ - network: calico
+ address: 10.23.22.19
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: dp_r720
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
--- /dev/null
+---
+# The purpose of this file is to provide shipyard related deployment config
+# parameters. This should not require modification for a new site. However,
+# shipyard deployment strategies can be very useful in getting around certain
+# failures, like misbehaving nodes that hold up the deployment. See more at
+# https://github.com/openstack/airship-shipyard/blob/master/docs/source/site-definition-documents.rst#using-a-deployment-strategy
+schema: shipyard/DeploymentConfiguration/v1
+metadata:
+ schema: metadata/Document/v1
+ name: deployment-configuration
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ physical_provisioner:
+ deployment_strategy: deployment-strategy
+ deploy_interval: 30
+ deploy_timeout: 3600
+ destroy_interval: 30
+ destroy_timeout: 900
+ join_wait: 120
+ prepare_node_interval: 30
+ prepare_node_timeout: 1800
+ prepare_site_interval: 10
+ prepare_site_timeout: 300
+ verify_interval: 10
+ verify_timeout: 60
+ kubernetes_provisioner:
+ drain_timeout: 3600
+ drain_grace_period: 1800
+ clear_labels_timeout: 1800
+ remove_etcd_timeout: 1800
+ etcd_ready_timeout: 600
+ armada:
+ get_releases_timeout: 300
+ get_status_timeout: 300
+ manifest: 'full-site'
+ post_apply_timeout: 2700
+ validate_design_timeout: 600
+...
--- /dev/null
+---
+# The purpose of this file is to define network related paramters that are
+# referenced elsewhere in the manifests for this site.
+#
+# TODO: Include bare metal host FQDN naming standards
+# TODO: Include ingress FQDN naming standards
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ # NEWSITE-CHANGEME: The interface that calico will use. Update if your
+ # logical bond interface name or calico VLAN have changed from the reference
+ # site design.
+ # This should be whichever
+ # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
+ # network. E.g. VLAN 22 for the calico network as a member of bond0, you
+ # would set "interface=bond0.22" as shown here.
+ ip_autodetection_method: interface=bond0.22
+ etcd:
+ # etcd service IP address
+ service_ip: 10.96.232.136
+
+ dns:
+ # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+ cluster_domain: cluster.local
+ # DNS service ip
+ service_ip: 10.96.0.10
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ upstream_servers:
+ - 8.8.8.8
+ - 8.8.4.4
+ - 208.67.222.222
+ # Repeat the same values as above, but formatted as a common separated
+ # string
+ upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222
+ # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+ # Choose FQDN according to the ingress/public FQDN naming conventions at
+ # the top of this document.
+ ingress_domain: airship-seaworthy.atlantafoundry.com
+
+ genesis:
+ # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+ # the Genesis role. Refer to the hostname naming stardards in
+ # networks/physical/networks.yaml
+ # NOTE: Ensure that the genesis node is manually configured with this
+ # hostname before running `genesis.sh` on the node.
+ hostname: cab23-r720-11
+ # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
+ # the calico network defined in networks/physical/networks.yaml for this IP.
+ ip: 10.23.22.11
+
+ bootstrap:
+ # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
+ # defined for the pxe network in networks/physical/networks.yaml
+ ip: 10.23.20.11
+
+ kubernetes:
+ # K8s API service IP
+ api_service_ip: 10.96.0.1
+ # etcd service IP
+ etcd_service_ip: 10.96.0.2
+ # k8s pod CIDR (network which pod traffic will traverse)
+ pod_cidr: 10.97.0.0/16
+ # k8s service CIDR (network which k8s API traffic will traverse)
+ service_cidr: 10.96.0.0/16
+ # misc k8s port settings
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ # etcd port settings
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
+ # control plane servers. Ensure that this matches the nodes with the 'masters'
+ # tags applied in baremetal/nodes.yaml
+ masters:
+ - hostname: cab23-r720-12
+ - hostname: cab23-r720-13
+ - hostname: cab23-r720-14
+
+ # NEWSITE-CHANGEME: Environment proxy information.
+ # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+ # should be commented out.
+ # However if you are in a lab that requires proxy, ensure that these proxy
+ # settings are correct and reachable in your environment; otherwise update
+ # them with the correct values for your environment.
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+ maas_proxy: 31800 # hardcoded in MAAS
+ shipyard_api: 30003
+ airflow_web: 30004
+
+ ntp:
+ # comma separated NTP server list. Verify that these upstream NTP servers are
+ # reachable in your environment; otherwise update them with the correct
+ # values for your environment.
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+ # NOTE: This will be updated soon
+ ldap:
+ # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+ # relevant for your type of deployment (test vs prod values, etc).
+ base_url: 'ldap.example.com'
+ # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+ url: 'ldap://ldap.example.com'
+ # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+ # deployment (test vs prod values, etc)
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+ # relevant for this deployment (test users vs prod users/values, etc)
+ common_name: test
+ # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+ # deployment (test vs prod values, etc)
+ subdomain: test
+ # NEWSITE-CHANGEME: Update to the correct domain for your type of
+ # deployment (test vs prod values, etc)
+ domain: example
+
+ storage:
+ ceph:
+ # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+ # used for the `storage` network in networks/physical/networks.yaml
+ public_cidr: '10.23.23.0/24'
+ cluster_cidr: '10.23.23.0/24'
+
+ neutron:
+ # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
+ # VLAN number are consistent with what's defined for the bond and the overlay
+ # network in networks/physical/networks.yaml
+ tunnel_device: 'bond0.24'
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: 'bond0'
+
+ openvswitch:
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: 'bond0'
+...
--- /dev/null
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations). The following is standard
+# for the logical networks in Airship:
+#
+# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
+# | Network | | Per-rack or | | | VLAN tagged |
+# | Name | Purpose | per-site CIDR? | Has gateway? | Bond | or untagged? |
+# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
+# | oob | Out of Band devices (iDrac/iLo) | per-site CIDR | Has gateway | No bond, N/A | Untagged/Native |
+# | pxe | PXE boot network | per-site CIDR | No gateway | No bond, no LACP fallback. Dedicated PXE interface | Untagged/Native |
+# | oam | management network | per-site CIDR | Has gateway | member of bond0 | tagged |
+# | storage | storage network | per-site CIDR | No gateway | member of bond0 | tagged |
+# | calico | underlay calico net; k8s traffic | per-site CIDR | No gateway | member of bond0 | tagged |
+# | overlay | overlay network for openstack SDN | per-site CIDR | No gateway | member of bond0 | tagged |
+# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+# TODO: Given that we expect all network broadcast domains to span all racks in
+# Airship, we should choose network names that do not include the rack number.
+#
+# TODO: FQDN naming standards for hosts
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # MaaS doesnt own this network like it does the others, so the noconfig label
+ # is specified.
+ labels:
+ noconfig: enabled
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: oob
+ allowed_networks:
+ - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+ cidr: 10.23.104.0/24
+ routes:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+ - subnet: '0.0.0.0/0'
+ gateway: 10.23.104.1
+ metric: 100
+ # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
+ # FIXME: Is this IP range actually used/allocated for anything? The HW already
+ # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
+ # network either, as they should be routable via the default gw on OAM network
+ ranges:
+ - type: static
+ start: 10.23.104.11
+ end: 10.23.104.21
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: pxe
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: pxe
+ allowed_networks:
+ - pxe
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: pxe
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+ # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+ cidr: 10.23.20.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+ gateway: 10.23.20.1
+ metric: 100
+ # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
+ # The remainder of the range is divided between two subnets of equal size:
+ # one static, and one DHCP.
+ # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
+ # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
+ # its IP address). However, when MaaS installs the operating system
+ # ("Deploying/Deployed" states), it will write a static IP assignment to
+ # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.23.20.1
+ end: 10.23.20.10
+ # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: static
+ start: 10.23.20.11
+ end: 10.23.20.21
+ # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: dhcp
+ start: 10.23.20.121
+ end: 10.23.20.131
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: airship-seaworthy.atlantafoundry.com
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4,208.67.222.222'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: 802.3ad
+ hash: layer3+4
+ peer_rate: fast
+ mon_rate: 100
+ up_delay: 1000
+ down_delay: 3000
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater. Even if switches are configured for or
+ # can support a slightly higher MTU, there is no need (and negliable benefit)
+ # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
+ # 9100 for maximum compatibility.
+ mtu: 9100
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ allowed_networks:
+ - oam
+ - storage
+ - overlay
+ - calico
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oam
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
+ vlan: '21'
+ mtu: 9100
+ # NEWSITE-CHANGEME: Set the CIDR for the OAM network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.23.21.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+ gateway: 10.23.21.1
+ metric: 100
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.23.21.1
+ end: 10.23.21.10
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.23.21.11
+ end: 10.23.21.21
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: airship-seaworthy.atlantafoundry.com
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4,208.67.222.222'
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: storage
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
+ vlan: '23'
+ mtu: 9100
+ # NEWSITE-CHANGEME: Set the CIDR for the storage network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.23.23.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.23.23.1
+ end: 10.23.23.10
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.23.23.11
+ end: 10.23.23.21
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: overlay
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on
+ vlan: '24'
+ mtu: 9100
+ # NEWSITE-CHANGEME: Set the CIDR for the overlay network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.23.24.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.23.24.1
+ end: 10.23.24.10
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.23.24.11
+ end: 10.23.24.21
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: calico
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on
+ vlan: '22'
+ mtu: 9100
+ # NEWSITE-CHANGEME: Set the CIDR for the calico network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.23.22.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.23.22.1
+ end: 10.23.22.10
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.23.22.11
+ end: 10.23.22.21
+...
--- /dev/null
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ # FIXME: Repetition of api_service_ip in common-addresses; use
+ # substitution
+ - 10.96.0.1
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+
+ # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+ # the environment (genesis, control plane, data plane, everything).
+ # Add/delete from this list as necessary until all nodes are listed.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ # NOTE: The genesis node needs to be defined twice (the first two entries
+ # on this list) with all of the same paramters except the document_name.
+ # In the first case the document_name is `kubelet-genesis`, and in the
+ # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
+ - document_name: kubelet-genesis
+ common_name: system:node:cab23-r720-11
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-11
+ common_name: system:node:cab23-r720-11
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-12
+ common_name: system:node:cab23-r720-12
+ hosts:
+ - cab23-r720-12
+ - 10.23.21.12
+ - 10.23.22.12
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-13
+ common_name: system:node:cab23-r720-13
+ hosts:
+ - cab23-r720-13
+ - 10.23.21.13
+ - 10.23.22.13
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-14
+ common_name: system:node:cab23-r720-14
+ hosts:
+ - cab23-r720-14
+ - 10.23.21.14
+ - 10.23.22.14
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-17
+ common_name: system:node:cab23-r720-17
+ hosts:
+ - cab23-r720-17
+ - 10.23.21.17
+ - 10.23.22.17
+ groups:
+ - system:nodes
+ - document_name: kubelet-cab23-r720-19
+ common_name: system:node:cab23-r720-19
+ hosts:
+ - cab23-r720-19
+ - 10.23.21.19
+ - 10.23.22.19
+ groups:
+ - system:nodes
+ # End node list
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. kubernetes-etcd.kube-system.svc.cluster.local
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml, except for the kubernetes
+ # service_cidr where it should start with the second IP in the range.
+ # NOTE: The genesis node is defined twice with the same `hosts` data:
+ # Once with its hostname in the common/document name, and once with
+ # `genesis` defined instead of the host. For now, this duplicated
+ # genesis definition is required. FIXME: Remove duplicate definition
+ # after Promenade addresses this issue.
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-11
+ common_name: kubernetes-etcd-cab23-r720-11
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-12
+ common_name: kubernetes-etcd-cab23-r720-12
+ hosts:
+ - cab23-r720-12
+ - 10.23.21.12
+ - 10.23.22.12
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-13
+ common_name: kubernetes-etcd-cab23-r720-13
+ hosts:
+ - cab23-r720-13
+ - 10.23.21.13
+ - 10.23.22.13
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-14
+ common_name: kubernetes-etcd-cab23-r720-14
+ hosts:
+ - cab23-r720-14
+ - 10.23.21.14
+ - 10.23.22.14
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ kubernetes-etcd-peer:
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-11-peer
+ common_name: kubernetes-etcd-cab23-r720-11-peer
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-12-peer
+ common_name: kubernetes-etcd-cab23-r720-12-peer
+ hosts:
+ - cab23-r720-12
+ - 10.23.21.12
+ - 10.23.22.12
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-13-peer
+ common_name: kubernetes-etcd-cab23-r720-13-peer
+ hosts:
+ - cab23-r720-13
+ - 10.23.21.13
+ - 10.23.22.13
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-cab23-r720-14-peer
+ common_name: kubernetes-etcd-cab23-r720-14-peer
+ hosts:
+ - cab23-r720-14
+ - 10.23.21.14
+ - 10.23.22.14
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ - document_name: calico-etcd-cab23-r720-11
+ common_name: calico-etcd-cab23-r720-11
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-12
+ common_name: calico-etcd-cab23-r720-12
+ hosts:
+ - cab23-r720-12
+ - 10.23.21.12
+ - 10.23.22.12
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-13
+ common_name: calico-etcd-cab23-r720-13
+ hosts:
+ - cab23-r720-13
+ - 10.23.21.13
+ - 10.23.22.13
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-14
+ common_name: calico-etcd-cab23-r720-14
+ hosts:
+ - cab23-r720-14
+ - 10.23.21.14
+ - 10.23.22.14
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node
+ common_name: calcico-node
+ # End node list
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: calico-etcd-cab23-r720-11-peer
+ common_name: calico-etcd-cab23-r720-11-peer
+ hosts:
+ - cab23-r720-11
+ - 10.23.21.11
+ - 10.23.22.11
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-12-peer
+ common_name: calico-etcd-cab23-r720-12-peer
+ hosts:
+ - cab23-r720-12
+ - 10.23.21.12
+ - 10.23.22.12
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-13-peer
+ common_name: calico-etcd-cab23-r720-13-peer
+ hosts:
+ - cab23-r720-13
+ - 10.23.21.13
+ - 10.23.22.13
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-cab23-r720-14-peer
+ common_name: calico-etcd-cab23-r720-14-peer
+ hosts:
+ - cab23-r720-14
+ - 10.23.21.14
+ - 10.23.22.14
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ # End node list
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...
--- /dev/null
+---
+# The purpose of this file is to apply proper labels to Genesis node so the
+# proper services are installed and proper configuration applied. This should
+# not need to be changed for a new site.
+# #GLOBAL-CANDIDATE#
+schema: promenade/Genesis/v1
+metadata:
+ schema: metadata/Document/v1
+ name: genesis-site
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: genesis-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ labels:
+ dynamic:
+ - beta.kubernetes.io/fluentd-ds-ready=true
+ - calico-etcd=enabled
+ - ceph-mds=enabled
+ - ceph-mon=enabled
+ - ceph-osd=enabled
+ - ceph-rgw=enabled
+ - ceph-mgr=enabled
+ - ceph-bootstrap=enabled
+ - kube-dns=enabled
+ - kube-ingress=enabled
+ - kubernetes-apiserver=enabled
+ - kubernetes-controller-manager=enabled
+ - kubernetes-etcd=enabled
+ - kubernetes-scheduler=enabled
+ - promenade-genesis=enabled
+ - ucp-control-plane=enabled
+ - maas-control-plane=enabled
+ - ceph-osd-bootstrap=enabled
+ - openstack-control-plane=enabled
+ - openvswitch=enabled
+ - openstack-l3-agent=enabled
+ - node-exporter=enabled
+...
--- /dev/null
+---
+# The primary control plane host profile for Airship for DELL R720s, and
+# should not need to be altered if you are using matching HW. The active
+# participants in the Ceph cluster run on this profile. Other control plane
+# services are not affected by primary vs secondary designation.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cp_r720-primary
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: cp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ # TODO: fixup proper HW profiles
+ hardware_profile: DELL_HP_Generic
+
+ primary_network: oam
+ interfaces:
+ pxe:
+ device_link: pxe
+ slaves:
+ - eno1
+ networks:
+ - pxe
+ bond0:
+ device_link: data
+ slaves:
+ - enp67s0f0
+ - enp67s0f1
+ - enp68s0f0
+ - enp68s0f1
+ networks:
+ - oam
+ - storage
+ - overlay
+ - calico
+
+ storage:
+ physical_devices:
+ sda:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var_log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ sdb:
+ partitions:
+ - name: 'cephj'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/lib/ceph/cp'
+ fstype: 'xfs'
+ mount_options: 'defaults'
+
+ platform:
+ kernel: 'hwe-16.04'
+ kernel_params:
+ console: 'ttyS1,115200n8'
+
+ metadata:
+ owner_data:
+ openstack-l3-agent: enabled
+...
+---
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cp_r740-secondary
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: cp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: replace
+ path: .metadata.owner_data
+ - method: merge
+ path: .
+data:
+ # TODO: fixup proper HW profiles
+ hardware_profile: DELL_HP_Generic
+
+ primary_network: oam
+ interfaces:
+ pxe:
+ device_link: pxe
+ slaves:
+ - eno1
+ networks:
+ - pxe
+ bond0:
+ device_link: data
+ slaves:
+ - enp67s0f0
+ - enp67s0f1
+ - enp68s0f0
+ - enp68s0f1
+ networks:
+ - oam
+ - storage
+ - overlay
+ - calico
+
+ storage:
+ physical_devices:
+ sda:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var_log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ sdb:
+ partitions:
+ - name: 'cephj'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/lib/ceph/cp'
+ fstype: 'xfs'
+ mount_options: 'defaults'
+
+ platform:
+ kernel: 'hwe-16.04'
+ kernel_params:
+ console: 'ttyS1,115200n8'
+
+ metadata:
+ owner_data:
+ control-plane: enabled
+ ucp-control-plane: enabled
+ openstack-control-plane: enabled
+ openstack-heat: enabled
+ openstack-keystone: enabled
+ openstack-rabbitmq: enabled
+ openstack-dns-helper: enabled
+ openstack-mariadb: enabled
+ openstack-nova-control: enabled
+ # openstack-etcd: enabled
+ openstack-mistral: enabled
+ openstack-memcached: enabled
+ openstack-glance: enabled
+ openstack-horizon: enabled
+ openstack-cinder-control: enabled
+ openstack-cinder-volume: control
+ openstack-neutron: enabled
+ openvswitch: enabled
+ ucp-barbican: enabled
+ ceph-bootstrap: enabled
+ # ceph-mon: enabled
+ ceph-mgr: enabled
+ ceph-osd: enabled
+ ceph-mds: enabled
+ ceph-rgw: enabled
+ ucp-maas: enabled
+ kube-dns: enabled
+ kubernetes-apiserver: enabled
+ kubernetes-controller-manager: enabled
+ # kubernetes-etcd: enabled
+ kubernetes-scheduler: enabled
+ tiller-helm: enabled
+ # kube-etcd: enabled
+ calico-policy: enabled
+ calico-node: enabled
+ # calico-etcd: enabled
+ ucp-armada: enabled
+ ucp-drydock: enabled
+ ucp-deckhand: enabled
+ ucp-shipyard: enabled
+ IAM: enabled
+ ucp-promenade: enabled
+ prometheus-server: enabled
+ prometheus-client: enabled
+ fluentd: enabled
+ influxdb: enabled
+ kibana: enabled
+ elasticsearch-client: enabled
+ elasticsearch-master: enabled
+ elasticsearch-data: enabled
+ postgresql: enabled
+ kube-ingress: enabled
+ beta.kubernetes.io/fluentd-ds-ready: 'true'
+ node-exporter: enabled
+...
--- /dev/null
+---
+# The data plane host profile for Airship for DELL R720s, and should
+# not need to be altered if you are using matching HW. The host profile is setup
+# for cpu isolation (for nova pinning), hugepages, and sr-iov.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: dp_r720
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: dp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ # TODO: fixup proper HW profiles
+ hardware_profile: DELL_HP_Generic
+
+ primary_network: oam
+ interfaces:
+ pxe:
+ device_link: pxe
+ slaves:
+ - eno1
+ networks:
+ - pxe
+ bond0:
+ device_link: data
+ slaves:
+ - enp67s0f0
+ - enp67s0f1
+ - enp68s0f0
+ - enp68s0f1
+ networks:
+ - oam
+ - storage
+ - overlay
+ - calico
+
+ storage:
+ physical_devices:
+ sda:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var_log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ sdb:
+ partitions:
+ - name: 'nova'
+ size: '99%'
+ filesystem:
+ mountpoint: '/var/lib/nova'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ platform:
+ kernel: 'hwe-16.04'
+ kernel_params:
+ console: 'ttyS1,115200n8'
+...
--- /dev/null
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the site name
+ name: airship-seaworthy
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+ # list of authorized keys which MaaS will register for the build-in "ubuntu"
+ # account during the PXE process. Create a substitution rule for each SSH
+ # key that should have access to the "ubuntu" account (useful for trouble-
+ # shooting problems before UAM or UAM-lite is operational). SSH keys are
+ # stored as secrets in site/airship-seaworthy/secrets.
+ - dest:
+ # Add/replace the first item in the list
+ path: .authorized_keys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ # This should match the "name" metadata of the SSH key which will be
+ # substituted, located in site/airship-seaworthy/secrets folder.
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .repositories.main_archive
+ src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.repositories.main_archive
+ # Second key example
+ #- dest:
+ # # Increment the list index
+ # path: .authorized_keys[1]
+ # src:
+ # schema: deckhand/PublicKey/v1
+ # # your ssh key
+ # name: MY_USER_ssh_public_key
+ # path: .
+data:
+ tag_definitions: []
+ # This is the list of SSH keys which MaaS will register for the built-in
+ # "ubuntu" account during the PXE process. This list is populated by
+ # substitution, so the same SSH keys do not need to be repeated in multiple
+ # manifests.
+ authorized_keys: []
+ repositories:
+ remove_unlisted: true
+...
--- /dev/null
+---
+# Certs genrated by Promenade, see docs at
+# https://treasuremap.readthedocs.io/en/latest/deployment.html#site-new-site-pki-pki-catalog-yaml
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy
+ bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5
+ SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ
+ 1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK
+ N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ
+ uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B
+ qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+ AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY
+ /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG
+ 9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85
+ YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G
+ CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB
+ yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/
+ YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV
+ FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK
+ S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN
+ mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S
+ 8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU
+ Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu
+ 93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa
+ BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO
+ BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC
+ 0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX
+ x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY
+ sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI
+ d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub
+ /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp
+ zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR
+ t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD
+ VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+ ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt
+ +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs
+ 8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA
+ fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC
+ 3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs
+ 1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C
+ AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+ VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz
+ EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh
+ 3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I
+ +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+
+ im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL
+ hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV
+ DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl
+ cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+ ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ
+ 48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F
+ qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW
+ /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX
+ T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr
+ OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/
+ BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ
+ a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG
+ SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt
+ YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ
+ SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp
+ qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un
+ XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg
+ KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT
+ Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+ SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B
+ NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt
+ FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E
+ ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8
+ jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC
+ JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk
+ MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL
+ fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X
+ 0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr
+ EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5
+ 9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9
+ cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+
+ O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O
+ nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF
+ eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE
+ kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD
+ Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6
+ ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP
+ wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn
+ lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy
+ 0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3
+ zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G
+ 9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y
+ MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE
+ vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94
+ 79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL
+ ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ
+ SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH
+ pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1
+ 8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO
+ AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd
+ SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC
+ nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj
+ XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H
+ fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT
+ RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43
+ RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0
+ ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB
+ 6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO
+ RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe
+ jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF
+ jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI
+ 0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw
+ qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy
+ bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK
+ y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn
+ hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv
+ Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr
+ V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv
+ meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm
+ Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN
+ qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq
+ /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa
+ wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn
+ h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g
+ ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd
+ +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY
+ OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67
+ PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF
+ o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z
+ JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w
+ VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b
+ A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS
+ vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0
+ w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3
+ q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6
+ GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V
+ tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL
+ kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR
+ w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM
+ NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT
+ cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX
+ GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL
+ KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp
+ FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ
+ q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ
+ 9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/
+ yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm
+ cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG
+ t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc
+ e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9
+ EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN
+ qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O
+ s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl
+ t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM
+ E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj
+ wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq
+ IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9
+ 6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP
+ mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7
+ EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm
+ fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t
+ aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN
+ iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO
+ QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA
+ 2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f
+ 8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8
+ uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE
+ rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV
+ CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ
+ LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u
+ 3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ
+ qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc
+ ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy
+ Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n
+ +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ
+ +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C
+ N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY
+ JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf
+ SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO
+ cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI
+ OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp
+ 90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+
+ aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv
+ ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq
+ sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB
+ PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh
+ WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj
+ SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6
+ v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR
+ +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O
+ OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV
+ FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63
+ l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+
+ R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh
+ oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI
+ fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len
+ mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H
+ 9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/
+ j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc
+ V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy
+ PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A
+ gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz
+ MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
+ cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E
+ 7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo
+ BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv
+ ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW
+ nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3
+ tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6
+ eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK
+ o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw
+ gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+ LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+ YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+ LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b
+ aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci
+ DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8
+ f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4
+ xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR
+ nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE
+ hZ31xtrZ
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ
+ d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m
+ xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW
+ SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6
+ vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC
+ 87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P
+ 0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM
+ 4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw
+ bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS
+ TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC
+ 5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc
+ 2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex
+ +dVrrs9WHz75bkI2WjM=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH
+ 1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39
+ l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61
+ Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ
+ /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX
+ cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO
+ FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1
+ +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE
+ sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P
+ SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q
+ LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1
+ xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK
+ QijkMKvqKTOlnfNKDfc=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL
+ 832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp
+ Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N
+ Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH
+ ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n
+ z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf
+ zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER
+ bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs
+ /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp
+ z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS
+ 79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7
+ ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO
+ g4yoDBEEyyW9r5Eueog=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i
+ lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B
+ Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH
+ 0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL
+ K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1
+ S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf
+ UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH
+ hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM
+ R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP
+ aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n
+ DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf
+ m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq
+ 1IDSL9AZgtvpDsmvRCs=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ
+ Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g
+ CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X
+ Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF
+ lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i
+ V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ
+ 2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim
+ WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5
+ AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF
+ 242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9
+ iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn
+ W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd
+ nTuWAQKSi1NkrbMGPbM=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok
+ +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd
+ 7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7
+ KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr
+ o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs
+ aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE
+ vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c
+ +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ
+ nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7
+ 5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K
+ 3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh
+ HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz
+ zr1W0czzU7eCi2O0qCU=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-17
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk
+ kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK
+ vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO
+ 35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP
+ rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK
+ mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA
+ AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+ AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl
+ HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
+ DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g
+ CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2
+ cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9
+ kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5
+ ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01
+ 5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9
+ 84nzOVurqWynOCj0k3o=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-19
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+ bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH
+ 64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q
+ EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n
+ hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp
+ MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm
+ VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+ JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+ BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY
+ /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK
+ 5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f
+ jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl
+ tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY
+ nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR
+ n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+ bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5
+ ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5
+ PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp
+ nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7
+ VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V
+ xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh
+ lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo
+ QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x
+ CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv
+ yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3
+ OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A
+ qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG
+ IoGdwQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9
+ lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F
+ u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP
+ bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N
+ NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb
+ xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh
+ lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz
+ ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25
+ xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx
+ TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ
+ Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp
+ H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn
+ 2BPjNA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl
+ +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R
+ VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J
+ s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN
+ RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D
+ BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+ AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+ ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr
+ 4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2
+ 8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj
+ VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq
+ rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG
+ mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3
+ ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg
+ syTdZ3I=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ
+ YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA
+ bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg
+ dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT
+ VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N
+ Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF
+ 64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X
+ P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+ KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W
+ VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH
+ MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X
+ 5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x
+ yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU
+ eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D
+ UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c
+ i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG
+ YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ
+ nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO
+ FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r
+ G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv
+ HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD
+ e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW
+ PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+ BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9
+ kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G
+ CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU
+ 2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN
+ hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M
+ yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO
+ 1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD
+ PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX
+ a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6
+ 92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA
+ yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO
+ xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0
+ kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA
+ gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ
+ 5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh
+ bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
+ b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
+ gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav
+ 7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu
+ GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2
+ o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af
+ mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j
+ Tib+SzbWdTFqGbMPk9MEfA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
+ a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf
+ d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ
+ Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T
+ VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw
+ zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS
+ X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW
+ gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx
+ gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
+ c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il
+ 655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68
+ FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau
+ rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH
+ PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5
+ EQlDREoA0bLsv7s0L7v2Vwp5bFox7g==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
+ a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE
+ YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ
+ s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi
+ rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv
+ oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR
+ 4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW
+ gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy
+ gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
+ c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz
+ UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN
+ ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w
+ F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK
+ SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq
+ EWp+HehyXnaLegneQ+leO8NmE0fcNw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
+ a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC
+ hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X
+ Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh
+ 2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb
+ rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb
+ 3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW
+ gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz
+ gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
+ c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa
+ 1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2
+ MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G
+ SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs
+ TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu
+ fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
+ a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/
+ KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz
+ +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt
+ To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD
+ 0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy
+ YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW
+ gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0
+ gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
+ c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR
+ l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX
+ ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U
+ JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV
+ ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4
+ yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD
+ VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD
+ LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0
+ VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+
+ J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi
+ Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f
+ irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G
+ A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+ VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j
+ BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy
+ MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
+ LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN
+ AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT
+ 7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4
+ 5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL
+ 4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI
+ hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz
+ hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
+ VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq
+ hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d
+ uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX
+ s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/
+ zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5
+ gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS
+ 89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs
+ MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+ AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw
+ HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
+ MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
+ ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ
+ KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M
+ sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN
+ 2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q
+ biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO
+ URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC
+ NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-11-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
+ VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq
+ hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E
+ RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh
+ DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj
+ UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV
+ 6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e
+ WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs
+ MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+ AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw
+ HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
+ MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
+ ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ
+ KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U
+ Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk
+ tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh
+ QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u
+ x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK
+ 1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-12-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
+ VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq
+ hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z
+ LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi
+ ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP
+ e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4
+ cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud
+ s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs
+ MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+ AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w
+ HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
+ MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
+ ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ
+ KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8
+ gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7
+ /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1
+ ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v
+ YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv
+ N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-13-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
+ VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq
+ hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3
+ 15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3
+ chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC
+ jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW
+ bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3
+ zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs
+ MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+ AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw
+ HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
+ MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
+ ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ
+ KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t
+ mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5
+ vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF
+ kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB
+ MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2
+ 2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-14-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo
+ b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD
+ XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD
+ xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB
+ 4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP
+ CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K
+ XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b
+ 7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+ AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ
+ KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI
+ hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU
+ KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH
+ ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg
+ D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W
+ VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g
+ OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
+ Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl
+ UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z
+ /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT
+ 0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR
+ Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx
+ c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
+ oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+ BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf
+ 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo
+ b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm
+ IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY
+ Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy
+ sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U
+ EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo
+ okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ
+ gqaXdbwIVm/8DnV2w2Da
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
+ Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF
+ CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy
+ PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq
+ II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y
+ ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL
+ 2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
+ oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+ BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf
+ 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo
+ b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAS
+ W5+GtNrnYWY+o/YFB9hN50wUQJSarBHXxcH++eKrLMgqCWYoPQXLHnDzFmgl4TcK
+ J/6AEjofznb9Dnjek06Lvk4NvkaVk/cjQmAhOrZ1DuEzzPl//kV/Fi1a6R8tureM
+ SFsPZF7nLOqNNQ2ppvzwnxxMY4JKokcv1Q4XlK3w3cC1xrfizOlgaUJoZjfKXoal
+ 1yXLhfFB8RfOtBzNiKpU27tT7/v8rYQtnsCwd+ilAdcQg+WV2xzrvy8ndVfclSnK
+ FVL75ztSraPeIFJEPmBEP42MhodHkkr6QIVN8LhsqLJLAzJ08Xmn7WUYqvxHzMox
+ GPqg3xx+jfE63J0cOg/M
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUB3Gqls8WVWB8MTJQ7RV8De5J/sswDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
+ Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U40OZNRDy
+ 6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGHnTGWId3w
+ ZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG2FZrv2MB
+ v+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqjcmwLakRE
+ 2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPkKHS62+rS
+ lA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
+ oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+ BgNVHQ4EFgQUqkG3vzyHafavr43HYS2IuavXme0wHwYDVR0jBBgwFoAU8vuH+Tuf
+ 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo
+ b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCS
+ /fjOtyHhUKjt/bM7rjJDEHRCZbBa6Crm9gc0xiCMSFdmcNaykmBQbjAiMKNiXBGT
+ y7TBmRrgTQPwuistOjmLdcZRDTNt6nq99HXsCtuEgj4yYRoV5CvSCbavnIsTWBw3
+ nD8rnhAwJ36fkd5WmDScfGJCEFbRzZt3fU8Jh4QRfxPo8zdw0zRYk+DrudAl+8te
+ mUIXSXhLpb+rce3dSySj2pQnbVewpX2njiq4PC+kkWf7/lIacqfsoKPEkvfDvlWC
+ Ycamy+Fn4ShIqDVOZI9t4ZbXfY/FhWDUpsJFpQfqygdhxNTGeciqICwwJ20JQxhV
+ gB1V+8wQ7jrTcffaY3S3
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIULb78kNXKxBQESfNKmX5f1Dkn7IAwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
+ Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZhd0AnXF2J
+ WW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4YoeeV7SUxt8
+ 9ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/CrhjwcccR7G
+ KQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ43rEQLHY
+ fq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEEtstsAAhS
+ H6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
+ oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+ BgNVHQ4EFgQU9T+pH6iYmK3RQ1XZCA6pQQzQoWwwHwYDVR0jBBgwFoAU8vuH+Tuf
+ 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo
+ b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAF
+ 9dw0unYs+fXtnfMnoxDbHQOM9/PvryNQGbNYBj+lUkR4VmG6E5hO2PdnxW6g4SG3
+ pT5ZGCzpsJYGEdWuGGy8J5OHUehDYqIE7o60pXU8Nq4BdYRvwJhzV09sF5/3TrI7
+ gDpKYbkRHoJLSUFTkbn9MsvHEioYDf1Vg9553ViOFWOcZSZUxqTJKCpTbRWJlUf+
+ +HoSfMfFN1vcFnNMHGelAdDJ7S754omqyjb9iMiwX+A7wXEfEeoBGsL5yx8ZggjU
+ ZQh0LD7xsJzK7AXA2eek3IstvQUq2x0S7+XhRBv5UyST491iry7cblvRbz/vR+5N
+ MHGzukAVu/e2/W+FKXfw
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTzCCAjegAwIBAgIUMhGorPD2GdueaYnEJTPT+UjVG7AwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAXMRUwEwYDVQQDEwxjYWxj
+ aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUFwU/K/O0
+ X+4T9/R9tyol3mgT0Ovh909wyqP36L0ZHaVzOhTjYL3i4o6nJvJb6+jJdgjh50Fb
+ IxXnDWdZGdtZ20OJzvgjAIvpiEy8M9+QSxjAvkX0CkIJgwyZppjJlgHLpbnha1mW
+ V7tApu/rNDWtH3Bp13zorgBniMOxhh1gdjTUh1OEcK3BsH0KJvb/FoH/DxHX+gZE
+ ywBAojAh1k24Ii8ADPvc/6X10HtHYqP+svbu22bssK9CNMTRJV9kKg/K75XrMKh8
+ +/3QcKXN6CO+sRLcAgRRE7FmHBxq2pp68aGHIiqYLp0FOPC39PXVrmIgdvkYuSej
+ ne+1F+zvkSmpAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7wdpGoJq
+ uWefd5h5DGld/AeElB8wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXsw
+ DQYJKoZIhvcNAQELBQADggEBABLzGwaacGbF1EioZFTemH572oRQCDFVfxcvUsAQ
+ hH4wVS4LBWq/DRBEHRy0eahIvXcflDO7JXaVryISi4kBCErA5ckLc6lonrX4gG4N
+ 5z8NhwunpA3i6+kUY1GmuQM3Qqamye5c6VjiKN06GAAHjThcqk+18xTzeCP760o5
+ 3FSfPJFudUmVNAe5sX8wml1vb5IkYSySUhQNrrzSStGxVkGVGag0ClzQX4AozLfS
+ v7NahVJ6cofbWP/UjXsp9LX86doCCLL4r45rTCUDoGJ3PcrCsFLkg1SoJclCZ4hO
+ eVITmfRdeHsRYfZwEoIEzi5bgpNLORkBsHA1gF1yHiSboJA=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDpTCCAo2gAwIBAgIUbfCuuzB4Pe1LTQ3Pskfs9Y8o8+QwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
+ HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB
+ BQADggEPADCCAQoCggEBALq3J5Ng7EC0667Ta3R7DbDAfweUy1Pt+UD8pJy8qpfY
+ mTR7LvfBMPKyQOsGKp6tcmUeqRsL3pcX5EXFjK8PaxMmoWEFNrL9jWMYXa0BZV2t
+ RWauAyjFXH17wDGT1Yqqz4efdiyEoHpqdeGx29HmRdUQRsY2b5DWnFJpZKZ4WVnN
+ GhWp+DgOo38YrNqg4ksqOY4JNmEq0AH0sjYKQKeeDop69JiLbFkeJVcXrugsbWT9
+ qElJKs/fSqXV/VVWBK+OIptEpduW39bBmpgnyRJLKeHN07Juzs9Kg3pq5VDVjya4
+ +CvKmyfZnl8FfHM/7U47aXbxXu6Fcb/UF4t/zJD5GaMCAwEAAaOBvTCBujAOBgNV
+ HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
+ EwEB/wQCMAAwHQYDVR0OBBYEFBV4PR9yIeXI73RNuQFPFtkFDwXNMB8GA1UdIwQY
+ MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
+ MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B
+ AQsFAAOCAQEAbulfprS3spW8OdeIjYTMV6+Hgop7xW2ZFHjjXkMoUAK/1mOhcbmS
+ vVUasb+v7Juj75kiCLPAZgdo2aIdg3FQRhpHyPp4ki99m6fIqoWPpSAzsKEFtxO6
+ zFsgpnoUQRzUsWb8FPBwWznms7gfm/04Mv+8mcpZw0eDR3aJrYqoDlDSlrL1kKg3
+ VGgrkobxxufBLT1PCR+ZsmbrzAtJl+3XgRNESiS7/XhIT4jeZezlOHKGxGbxSNxw
+ OL9XtWmrg1lpw7TfzODUZm45pjr+UZTKREIN4Ogw6DLNQz0p4M6OYOQFJAd7cc3R
+ 1d830c3UQu+7YyYfcfehmE9rpgHix52hcQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-11-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDpTCCAo2gAwIBAgIUGpWyiTwfzPI0ek24/GJQPcnaGBowDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
+ HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB
+ BQADggEPADCCAQoCggEBAMO5C7zxX11lixThzBLqK3gtMiHMIDEB/I36qqQ6jFtW
+ phAUAOQzBLZf1W7679/xAT0auJ00nkF2VIjoBfQafvKksQJ9Y/2Xw0H+/nbQ6+g3
+ 9FTA5cG3mW7VKGR4ITHHFBWXmQGecL80+4rMxTYsplgXR54S2G104oJwHmXhdCsM
+ Yn+VMm24zxXLjNZO5Py+uHzMW7sVfGZoK8klllS0IGp03jS4KLo3sx5IF64O2GH9
+ OG8e45KOQe6Z14YTBFisjTswSlNcyenlQX71mXL+dITX9ZQtnuYzaPNaT9ze/hPC
+ cufofK0fmCVX8btZuSinyZZegCiA+oOUrMouqfUPSsUCAwEAAaOBvTCBujAOBgNV
+ HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
+ EwEB/wQCMAAwHQYDVR0OBBYEFPiJ7mhmVtYse4a1RNPKfKzbOTC2MB8GA1UdIwQY
+ MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
+ MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B
+ AQsFAAOCAQEAQPYErYGdJH30Ls4SEL6V3hnxKk09izMzBL1VmKtiWo2gnizPUzSi
+ ex+4VsSoHW1xOgU6I7Pshp6uIJSGh2dYpAinYkdmxcEREjDxGe3TOCnhRDltqD13
+ LwESCNymvXNLgxJp0+dkrx6r97rTaaeS79fJpjr/ROXOnhp8pFVu5NJ4bCAPmIJh
+ RB7ZLqNexNSwwwRaJcnOYKWpq+nZcR6RRQdcFcAs+Jxmy/2fm+wwuen0iIccIuHC
+ EslQ8dUcaTdwRMubVcCc5OlEXcdkXP9k0jjITd/B6SCISvcT9SZmHouX3pKtjKBW
+ s1kP9qWNQ+EUpRVr3FojxAsPiDj4RxPb0w==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-12-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDpTCCAo2gAwIBAgIUd+FMs/P3piVhkMLoxxDYI7zB+ukwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
+ HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB
+ BQADggEPADCCAQoCggEBAJzH9c5wHgQgzcUaYjAPEyTTRhf/jH0feZNdz3MY5xw6
+ ylyLBthr7qfjEkIywgUjUUj5LA8gKFpqeqU4ejee7a/KopmqiMrf9DnjlU9sf6t6
+ Ci5CgURnDbUdqm2ePbfGRUvvUD5g0CzJe849jeZIXXMjIpjT1XnStr2ufLGWr9Dh
+ 8oNlz887DNhuRiDsd6AaIv5zv6Gy3GlARzfJWXhTKZ0sfpEq8IyvQbAZ7KXubKUm
+ cns30UQ1gmzXJsavV/YqrIBBRSYxqDDMlmELDmrOg3Q9bQL1f3eYSFkkCE2ubuxO
+ cIrmLpGMO1YiwexUFjBQ/30+VA0JK0ypjIdbG1qXuu0CAwEAAaOBvTCBujAOBgNV
+ HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
+ EwEB/wQCMAAwHQYDVR0OBBYEFCAuHTuZgMXSFEmPOTyCp76Hu6MaMB8GA1UdIwQY
+ MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
+ MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B
+ AQsFAAOCAQEAkxVOj5i21py4hoiCMbFJy+wZr2iMTHjwdeM55e49f/xDN/GSMU1C
+ d40kfAj3BG/WQD1S3wKI1z0WvPsxQnTns8KHKrStni+vy9M79yWcvgr62ae6GhfH
+ E/DgBxOFm+uGt5iPB3O4GcDncsry6AP1Awbi/XsAOHNkv2c3sl6uOH9B3U5wo8rb
+ 6iEg+thkIrKTNxd1ErT0KSFkAr1+oYhw41LPSjEGykI6NmPLpszgyALOZAIG8/MH
+ 4m5WlTdGszEvLGHyTR9UGIpXG3o7eu8+nN9Edzt4CugREmaStz8dNhvkmZBC4ROY
+ AIxRnNa+cTbN2Qlz+y9ah9/f8VqvuNiMEg==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-13-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDpTCCAo2gAwIBAgIUQyouqBJjNbpLH4WSz+SG2Iel350wDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
+ HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB
+ BQADggEPADCCAQoCggEBANKWus3FABiJCZNbXZ/zoxYwoSCqeYZ4K1XSbp4N10JY
+ yv4yweyI+sGh0M0fvX3YUjgXqDtFoIJteCe+nLnErhwuhX3yY+Yeci/ZUrn+F0NP
+ 5KJ0XlehTl7S8uiIl7nhfwYuvUgW1CFjeMBqI+I6ovj9zI9D5zk6tf/rQf6ZIfB5
+ Bb7fmZXmWX4nx86UevofGGTKIGajITRMOugM3aRL038tAd7oHH5FNa8UOMhUB+lF
+ 0YYx6OOXNRriHIANYYYPnUtCcPXmsCUvDnLTN0Ka7iqETbga+9WurXxDEdSr83lu
+ htRWvgHCHRk1uUmxOWJGY+ASxqtqkWBZBHkNMHOHUskCAwEAAaOBvTCBujAOBgNV
+ HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
+ EwEB/wQCMAAwHQYDVR0OBBYEFGxndUTeXVH/wHeR2LW0SXIcHCIfMB8GA1UdIwQY
+ MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
+ MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B
+ AQsFAAOCAQEAkXpwJIbr27QBTsPMcuGNRFFjejJmefxO6TP93PV/UusnXAlFMZVZ
+ lOPj6C6fzY4yLVB7i7ctJjYhGp6UUYULzmCeAjZsSRId3HSyOgUDol1BeblCL5OG
+ u0Th/SX5LELJK8N7L3DGVIYHuJBwkPVSAg4CNjT9kuhhnu1ld1fkgCb3suLg9m/f
+ Pc5u99E2LzfuVgJZB4whJWja7aJ1VgEk/bzsCIK1shxGBBPv21NQFKPdg0RGp4if
+ hRZo+BWonZhRLgfr76Mo+tqXUdeYmIjqa4gH2e2wpSJtUc6CnrJLqHVRg+18WGz7
+ KqW2r2YUTk2R+4AdJP2m/mUGFMTrduRERQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-14-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDWTCCAkGgAwIBAgIUT1UJXPl56W5pfCKaC7hPjRXbkPowDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBwxGjAYBgNVBAMT
+ EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+ AQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGytoPe9i3QSImqbF
+ rmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4VnuCl4w38XhH
+ wkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeagw2wREaRd1wdE
+ MweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+26mgdoqGQ1jZ
+ TYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8iifEKt100wOQH1
+ 5hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+ VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+ BBYEFABa6Hqh29OxXGpp19Od2TiSyGrIMB8GA1UdIwQYMBaAFEt8pjwm7JWWYSbh
+ rpUHrlfTHlphMA0GCSqGSIb3DQEBCwUAA4IBAQCD4xsFhmigJ6KkkJ/ANREHFOcC
+ k0WusFQylK9c3/HWVhkVMW/UlvUBi1ZyJD8bk6H6qfBvi7ACuUWZHTrAWo89cv0t
+ z7VA39mD+yY048Yv5c80cnCogxhQtM4MXiggMAbrTgTzHExxRRDS2Mai4Uz7V2Jb
+ calUCe/YEeDDZUJu1Z16qSQ5lqXmVomkhMnqI0yTNoYbYkfI9c/gOqz5HLPOti5O
+ Cj3AKM/VqoLWHCSdck2CLqPT4ayDRQEuaYWLznOyRWmcJy72a4WZOHeyFI5O5t9h
+ lT8EGbgF7FS5++Te5Qpalti99sPkBfiwZB0FE/NCH+pWg16186czTuRwbZEF
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA73TXkNg4A/nHn0TsmUsWmvpE0jxUZFc+RMCio5h526Vhb4Qu
+ kO6TIqVZ49wfPEuv8GVdZtJV+WkaUmgFD2G8wiZGKIWs0CaEbSp9u8ycmW2W1tdJ
+ NDbKra4syqyAAWpphWxZz4GpVgPsO68BNeHb1ObV9aywwq0tPbKO3Lyhlv3kNB/c
+ 3m0vSTSqpAzonvK6m27t/wUH7aJTuZaeGRE56MPsRFK9a4ftnZqdyisUdSQJa49V
+ z/L8tG2SHqV2shecEnGddq+1Gr6xoLe0r4qAdAI8anRN3zPDJCZjfV0nm2xlzjth
+ PidS5TU5CI3Q7at7X12KlFIwdr1V8zp4XzkTLQIDAQABAoIBABgI0EI3kZfEkGbK
+ Ej1orgIsMJAxgf74SsW32Bs3iLOlK9x3lfzyFU6a7iTSyUfSCPzGD9PsNLjt9bhj
+ vG5IzxtloBEdKbVSyGP0qd4ZsXYs68DwpuZYwYshOlm1aru5pJHByFntl8OMbT+o
+ VyTDYL9D1CHujWdc3nec3n4FaOqwq2uqy1rXF3EtvJE3GmJ0wu/82WVn/tvu/dc9
+ Kv4XBgmhG0LWTyyqKKUDb7/cE7+qomLQeEIHgLn7E/43qxYhiM1kT7C50sX4wXy/
+ T1tPm8r0EzPR1rWK4EH/g0A1k0AKxagkCA4BdwLBrMbx1rSITi4xwUIFhhv2dpg4
+ +fIdjgECgYEA+5Hx6voY/DsgVkYPcmMs8lPsTih6ZTaj7ei10aBheh8Yc6o5nd+Y
+ 7dnYEnwqQs+8S5inAQ6UjghSS5VHIzRYD7QrHQD39W4bPPGViMa5qwDZ25HWl/Ap
+ u+tkEKZvWOtWLsQGkn6FQh5ScwSdxU8K0VyRqcXF9e8+0FUq2Hgtm0ECgYEA86xK
+ KMerDXM4JMXVyA4xw2ylXOPMFa4gV7gCah3aKhXTcZlWJUS9hdRCAi+7Z7jtTf8B
+ vdA+pWkZGN/vNF1sJoYVbGpzWd+3ewITJTECXzI/kS+YZbWw1jq2wWBakG8/ymya
+ JDXOPIL8oggJ+mdTRKZolO0bSN71brUKA5EiWO0CgYAxT4Qp2Of42OYXwxfYBhST
+ U1voXgrPuAwd4BVzh4pT07CJS36LsX5acO7ngKsP+YQhFUT28hKwXHU1F4egIOx5
+ 94jT4JK56uEv6vKyorFWEY6ieU2k7pBfo14z3UvKFCcKd6YKJP6d3S+wF+GNAVdP
+ fmOW8YtCD6kyUN9bGwNlgQKBgQDhTy+LIYSCfUUui1cvEiDlaDJG/8MXUNhLA7QH
+ 1u6A94l5gqTq9PKhKjCWwPfx4kZaVi6QClvCqrkwDO+rZa64uEZa5tseAQQw0yxM
+ uVJOH7IzVuT9NtD6ZXPSvns/Df7X9y9XyACYZy2dzP0c8ilGUvBktBEEglRCN1e5
+ EJvHyQKBgAh6ITrOmsOmLYgdGrvEq6IAojdJ0ab6Fv76r8PoW8H2aSy/7u1XD2Iv
+ IViMkTwg2czlfMQ8nFIkzn5dZQwCPm0luCzX4C/bFv4MBGg2gW4sCKpXB1YmlSXm
+ XtlpL4MQsa7EbrBQvP6KI++j992WuM1Fb/LlyeSHNqqTy89Syfz8
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAuvQWWgNqV6uCMfn5SfkdGq48NlB35AeKKVnHj+Gz1xeoH0W2
+ acwDHvIV7QnB4RkvRp6fsz6it6f/PhcnP8ezXXuyT+bFCCUm6e4CldVnMO0JtHaO
+ j+j70qtGPDsbncyeNq9PYuJ/kL9b2xAuoe3xs3/KcRZKRGQuI3+a7L+SZaDrO2x1
+ a3kCkOAjQEXvKySwzOUAHtSiaXh+Wx4AhcW/NjtmQfq8RLvCVAnfKG6DOiU22KdR
+ ZQ1NP5N3aw4if7Y/JUt/ekjceM6vOvj/4HTJhInKYQLzt1N+0KBOwAWGpiLiMBg+
+ GAA1hGXRTduerks0uGCcq1VP3ayxhANHZVdGKQIDAQABAoIBAGtTKu273jW8MP7t
+ yW3tBAdIFSr9IQaYSXmZn9X6tVp6qzpgs+qigvwl7+5nVpUZ9yjscTPedl1GpWII
+ urCDvXWiSGhUS7J0WZWb3IIVw6qzuYmPMiJtlvuG9cgoCp+ZUw6Dr+hNrPv0zw/A
+ h3TQe5wXdalcKYB/nnkkjVTyWWHbdxqITEPkKmXAyAe142CFfk+raKUfoRzRv3Vs
+ 1kjpKoRL7wRjovdiipVDSCkPovZKUxwvQCz8ld2IZMPkJzmXcAT4G3GtVa8EZDM1
+ L+3cMYVyNO6IMcx6I+HCK/ny20aytEJ483AvW2OSqleinM8wnFzVXhKfbc4S2GzA
+ Nf5xzx0CgYEA0MvgGp05jKpTDVH+o+6hGqRse23eGvui3B1K+4mitRzuFzcPsKD8
+ 9Pb6tcmL14VUNBIBdyhM5ti7STXkfggsutgvqM7xS/dZaAVdvw9oiSrUWKSNC7JG
+ qB/Tz+aMkQbg34EiM9R4uezTOH6nSNmsa5xoHe/zw2mihHrS2LfbLkMCgYEA5TgM
+ nHrdTkzCDVxaXaqkrV+YPq87muuiXi7oOwiXsnSnc1ywOC5Fh0zrlCtbhAtU8AiI
+ K2JlFHFLTtwbn+xiPOn9KyWR78AlZMUs8mxiLJDaYey1l8BFr8ABk/nnNXMt7l8K
+ 5yANgQ5zd7RF6+bcH36G1fo1gE3ZbRoBVZlkkSMCgYEAxr0H9s0odge5PbiKFCeT
+ GPTgfSu6eRyDi9gmAv6i7Jk41sgGGy1hGRns0ROiE+ZIm7d3xZ+Kc0BgI/M0JfJK
+ AR69XoR7kL9DToutC6ry6Xzm2ejmh/eM4YJJ7l2X9oMBkDwt/f+DWhVdhyymteTb
+ BSK+x6AZ+iqWEluGTdnSulkCgYBqe6A4LUeTsUrQhB+itbwsomUKccNB08co86eE
+ jRhTmaeUivF+F9jK4uvpeD7aV51MqNoBNYN5fKwcZVob7+cvHxAyNBDYjK2SY5re
+ v4TX6S7aIOm3JmX5IDxbbtN+3BPxUYuyFQzQ8FKpwEBfN2743oFq9AJYqVGhQlxu
+ VIUIewKBgQDPkVEdOw18HfwSM0BPZJYsSPn61ijoFGJruO2xHtDSTtrYezrvA386
+ hAy9ezPVj6NiT9agbHdnNVlKflW4B7GbT6wgYp4Mi81j4WWmQvXuruU07IMExlYc
+ QnCkn4BoQUst+rBSR+xX+DJiVJW7CVPEto3YnHeX1EBapsPswyuQtQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAu9dXP+k6eAfX/wj7EzOUCCPrmMfW/t1db5MnHtHu8wDbqWVx
+ I6i4H3V1S4E3g1P05likijkhskXNyPJu3svDyJqj7f2Xyt/nmVWJafUoPs464grE
+ KjhCo1hYrT9vViAPpEvNyhYMqIi3ulBjClfFWD+A/rUGeKDbnEXQJ2emvwgCYtiY
+ D9QLYm9GFj4aHfrTQ8sXH3/Fkh0BqyzdH9YUVvPuwtn8SNt7O2Da0anR0O9IL3qk
+ 789XEKJi09If+19bLl2wP6d+UX7y4Ld0Yd4ukBc72ZdwRypgcQZSd8ndOKxCLWyi
+ lR+tTJSTpr+T2zvPAbMjZqvvrdCk8xNUhAEFOQIDAQABAoIBAGZMxOu9rWYpf20a
+ CwNOF9THG0w9qc1r6bMWRTv3wVb+pKMA6DkvbfdUFOlmGkGfu8SnihTtQHjCo2xI
+ /DDCcIIUFitK7RxEDPHpL8lRBvYNguwQSP1lXoVvW/wejBgvpdUoo47nq0UuEEGb
+ /hRn8MY675nIJRoVIQVe0BplzN5EIteAGElvn2es0vmt1keFIgc9Fzd4hh9ZsaEv
+ as6FRM8jPn7EncrwbuiNfWVX8Nt/PRFWQSrAiH0ilnj+vCkN7k8wkv1QXScDMh2f
+ wGCgjgXQ13OrSfBEcgoMYgPYh+D5+O8YpRsR1LeFv3LNKmpHGqW4Tug7QzDE/o8v
+ VyZfwDECgYEA7N3b6UVNnHPm2E618EK9ON9BFFYTZTzMKsRi22BL1JRaboMsHLEk
+ iRNg19PmfdjzeofJQJRgKLRvjcnvjgstzHadDNI0wLkYfixZTaMavAKpdxzAi6BU
+ ca70zHPwF0YWg0M5e+u33yUUnk5dEgUChPaLPZctMOvilwAHGdCgKvsCgYEAywOw
+ dIolSIVh/nkshzt4hWOZQZ0ZbCAu8xyalR1E977emm2eO79vJol08BB1kAVLh02j
+ 48pdr4nv2BUuIYhg5oA3g4LE+hP+aw8SZUlUOfV+xcROzjDRJ1ER+2mYcsPHR46j
+ ldZQFIyzPA/aMVZBhD/d341gxLI03bETeJno2lsCgYBtwAaLOV9SpKlLhHzsjB/c
+ 4CTpZVCrUdZP4prjhuTb5LlaB1FDIhkJon72wepEWWfHWG85iwZbFe+yROTIbgmU
+ eUkfja5/tcPRgn8GaBKVFq6q0BmvGGTIIAaxTO7r+b+opldWQcv6itXY2/pnxQZ7
+ 0TiHGysHReTBjnO71FzCTQKBgQCWy96+Mf8Pp0Pq6ccRjDMxoZGtEyxXDHDTVGPe
+ bydTfwuKWfI3HzNIxMF/sDojCEvZ7OnXwfFk+miVcOYbMloH3SVfIjt+JmvMyh03
+ 7wgJJTlNXUvMDKbPNYDN5tm+JX5YwLLyEYbaPMjFzGCeVRvFSEteSn2enWB3a5iy
+ 9F/qEQKBgEEh+k7wtEDVPeEo3syrq8tjavexVOsmz1zgLhUDIkNfSNWu4ZLXTLHC
+ slASf16VCVhPhZZHTzro2lIdyR+NIIaoq4aVggSYryIGLZJ9G4JomAn+54xErDUf
+ 1CfiuMFlITDCky8uL6MwdhVkU0ecJ5D94eIRaJnESWLz7BqdgPAE
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAzFx6tEfd6wm8IJJhov7U8u2bkEvzfYX1GcCA/qNrYp+WqIoB
+ CQZuyvVbGcYB4OrYXFjrK8BzNiYvVQgn5UnS5C04hSkat2/cgnDHk17iFlygPYLb
+ U2cVR1sn5PQVD+yyKlOdlUgUcqv/hDRVIOtMnFxZDs0t78njkf4I2BAfh5FvZ+hw
+ 1fuiBrTL49oAkRtmf8B1NeZT0r+7lc0usW6cRnLHVUdk46UxqHWZqK9vzsxcboNw
+ EWnNKVl8b32HAwaR03rWFWxARwYTT/ktM5VyeNMGfWfP7Qv5gy5tThGwsoyXFAIJ
+ JZlpJ/IK1SdkXAJa13KeVOxylyNWnT0P2xkCAwIDAQABAoIBAHNptxKhk77tnIV4
+ phN7f6BCeJyhiD3XrXiBs1gbysXEAz3j0nnaXC/bKTwBC4aOmupsfUQUR/zIy+pl
+ 1MI1UxjyQP1THXeDgTFZqByedWjTntueT2dmzCmkXX98KXj44BXvawunzYSFhqSP
+ OZSBzp5vuQwW7F6D0jXdFfmQAX55reooHC+xpytDLkjjsXv98ST3Mxp37CR9JY8A
+ 6s5y4GdBHjR0bO/AbEvJ0S/ZLfd6PvWux0Qq6+mjcs9sGCPOg4Fg1C+DGhlnNaJS
+ oFj9W5MV+c42TH/UIKrxOkDv9J5q1VlxNm9PblNKaRmcPJ6Set65UhGVMHEmeUGB
+ yeUXzkECgYEA44m4LSKxerHnCWPTtEdOiupIdMaTcaV0Guh5c++pSJzAXYPVjOnA
+ oYgVlFHo/SUfqErPsBuRuZhgoi+IJpvhGNWBCO0HyxxbF7vAoRP5FEewb4trr050
+ QrsVwTdEF+UvAuQtVybkvXSxnJ094jQ2aPgRPpPry+W60Llj+sd5FCsCgYEA5eyW
+ wN2pjmk7slCI7HsNCWE7TOv4EDYjzRTBeIb3qRU6FK1EIO6YbISY0FiAd1yQ6NE+
+ TFIgAmGjhnudkMPW0imhrBDohwIZdmiWtNLoK7mMhO7UhIJeRkSAHBi5ePEBCQyQ
+ 1Gig7tsrbcaNaw/fBl2C9LgSQsW5IIwKXGGpJYkCgYAeK7rCMWF7NW+/LP97XiEq
+ BlrJMTOH1DqK/txr5RF7UV2oiLyeTLiAMr05x4qvVmbWN+VGIsG17GCT4N2a0PyO
+ AHF1r4hjBEWH5htqwG08pSzd/Yyv2CVOW+RMlHlw+bC8H2lrrvqRrJGIhMkZ33Z/
+ gLU4qQCRLssQtiRtsll5tQKBgQDMqvffIvHmBSLQrgPUjgyixtyksoCU3byst8co
+ 5OvcpTqYYUv+DKW+I6JsA/wHRGzx8iEEiy5XMFcCRVOTI+E8Hzb9FegHFgVYc+2D
+ dSKamYbOZlLiybHl1uA7In8ne1Eynu7lRWXMeWiFRXNpVC1xWxhRgvEuYxdSM5ad
+ eYm6EQKBgGNUKKRlnR3wtbtVyrYhQHsgthXK1kH59B2IoMhbdd8RT0Oqv33Ykfom
+ vim0bsHLoxaTJVN0V8vj7OLv2FD7MoUfTb5R58fnRq8spPyAnHcFTvnqwE44UKRu
+ 4FYt3jp6TqdORkb6E/IITG7Yp6xyck4gkrWgW9jQK5Ibheg235nP
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAxLFuHbk7jwcIfi5S5OTiilwJHeKWuAGGcv2o4GKhA9tK2698
+ ZXnHR/ObTpyxrOX7quGXtfsNF31nYKP9t7cytzOgTsEKbOH7V+fV6Qhr+qGDFq+f
+ cp42HNYpGli6nE+3bkCYYl7yqVx6NQ7LlVlKvaAK0YfQ/EMMLRR89yCdxAxTYUni
+ sRSJltwHpBpP8EZ3L/wOVSArm5iStKp6yJSMCCuuBksr6jjGr8Snv79Edg+u+p9F
+ D1B3wCCorcx+Is/t3IbM17d/nJjqw/hij9Fbs614oLVLWNSwvvn7atke4QbA/ME+
+ YP2liD5pmdm+cCxgIzPOniLjtP5cAyX3D35qTwIDAQABAoIBAHiMXfatngkMwHHF
+ JlzOwuEVgyjjxIfFt4cmW6gaCqD4d6qopM70keRRMzA87NAQq+uRE5Ae62koHIGo
+ QEmmZ9jMNUXPHfqZjZfUqM+Hr9YNwu/WdxyiRnvp7YsOMmC2oq9Zu4sesg6GdQer
+ p65C6YHKYpcEbFsPJJlEY0p6nPaXm1f1IdWuoIwqPr+X34iU4uO3HB8vi38+EPjo
+ 1A+FwgrVvqLglCOIApMijLcTSxKrLKZHXv/rM2a16oVnCuTAru86lft0LAr9afkP
+ yAhXQjCTth/UxpG7sP+69+q6K5RcnB8FVitk4eH96n9nbepJUtBKKm6F6m5SJjJ3
+ XAk54dECgYEAzw0a8mTjFlJAQPjAjOk94kLIYhqno5cS/tx48JZvBCYNyWceEdvO
+ 5r1Jk1rQP3USwfnOg7yQkduGavNS+xlBZHszqLdS0qNNthf9eymD5lKOPvnSa714
+ MP8NZmTWm3RN13ejXACOLD8iwsNyRBB6rSeY0jeCQkhV1NnRNLdDkA0CgYEA8zFx
+ ySip/4TwJK4jZqi6UWN7cKJChHtQliH83NVFu5Tr9Aqz9amiUXpyaZ+vXA3V4sIM
+ cRJwb9r7mHq3aO69VU8PrP3sk2IKR1Sc8CSyoPz+f7nCShFB8TCYkXgOvGNaG+LZ
+ gFJER0kvjz85XQTgO1dNQySVIGjX3g30AWab8MsCgYBUq1dJqFf02M3Nw+t5tCfK
+ TuUCuUO0ciMidaY/PEVJvQYGRlTVmL2TPfTIfWqLiKSTDkSVOpckDlF5iud0J2/G
+ V1tYsx77ZCxzOnw90UxO85OXzTFvPZvY7XPdW38nMvhiFFqJVPDOx0K/wo0HqHWC
+ OZ8U1/48fLgcwrX6iLboQQKBgFgt3nc08mb++eAi8B0iIuSt8K1HeFz3JaI6Uqh0
+ AGPivKdxVg1GY9+tSVz5FKmJLruY5s/9Ap3cRgvkuyomHqqXDzUHoUdTbiytBnag
+ p9Bty43eeg9HMKTWnQtp/9XZJGwmFf1MVwuOAtuq7g7HXNLHdfFZi2UD/vm6D3aO
+ kQ5/AoGATAcH1KOpUVPTcDU2NFcDAY4iQp/bb7UqEiL5jQNXRAzX/cBINQ+CE9MX
+ /tnj0oR1u+njTZPXe+FYgkjRQOeossC2nY8p6zPvccCyZp8g9HM2tK4UdlF0spbw
+ SNcmdx781iNauZdUwWUFPk+ieTiqzvQhDjwbvabImKhDPd4DrrM=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAvU7PJjD5H2MY43qepZ9OxDY/2IlDUTeaKQAFEZKe0Gz6NK00
+ P2hD8qZohaswKWX876ISqxcjE7X9vecMWwlsdHq2D+AJExLDLyKgQY+vlC/GVdnd
+ oHDYFZj2svPmGTef2yFxhREvss6+v1wLEMJmQ7lbX9cWngCbe1IxWQKXPRPOEz0h
+ f8VoksOSGt1oFKw3UN0J8zeKB451tAPnAjGnM2Pq8gWW54HrRH9tmJZnrYgWihKY
+ +oG1nAbDp3bUXvdacgQmf2n2sQ3UcXya2oLXqLNynSJXroPbNFxdw3M+ynUHuGnX
+ utKtz+Fu6Vxffb4WB4kCccek3INuEINZBdV6dwIDAQABAoIBAQCcRvDvIEKoTJCB
+ Sfqp00ec5wPx5+6wn2weKKwGg7mjajNrRQj6x0JAkGt83YNWyaDy2iL7JpCIdxbP
+ rGsgxDjKN3sQw+v52OVUhgsx1EIn3QCoYsB48G8R9ULDHGF5s9e9eHBUX4m23MHP
+ C1b/MNxnUB9EkTVUnj+8oG+ogWEEw2WRVyQl1sUoYgQ0z5lgBGHVoY/iHLUHIyG8
+ NJ1scRAKULxPYWxGp8kqWKDaHirvTZaqYNsNkujjdQx58wf5uQflmi2AtyP/LV/U
+ aqHntVhynIDpRQq/fSUNwLFXUdVUN7VlO5zotMYE2qmcN1/t571kZf7iv+aptWlm
+ anOtamqBAoGBAMfVSzB5wa6lhZUBCyt9iKfwXTSXBH5BRLw0yAtvJlbzfI0GRYCv
+ rhiGdH5m5WePVyzzxefDq0e/qwQ/wA/ZOFZUz7toM9oEcICyRrbWLFx1fr2Q86Az
+ lCj2DpOu2CpIi43Nuo8mqbR9LAZ1DuMtveiY2p7lQ2l97nrFUbMVeYuhAoGBAPKE
+ LjyOrwDcRx5GvvLv3IINWHK90E6KgXEyvOLif5JT1Jj7kyLjtIS5SJMZqJKnqCxG
+ /MPr9jSro9nocLMRZ8EDnWSTUtI7Z4f/GN1CIRY7pwLKzHS9iD88xZ8w/bTswE+2
+ zOnT3txp3ONTWu7EzVU1DP2OW7O6vPKh0KVTC48XAoGBALG7mmleEY609y+EwxuG
+ RnIfzbZFjyCACpNeWoIY9L+nRiLj7hM7rZtwktIN0IGgMsfvdRjipkdlSMS5sqgl
+ 6f6W5j/nuR5yjmFYrp5VtRTzB6uw7Y6R8XfRCTv+6ZIJ/d08mm5R0+SM5AhGOtyB
+ xYPH18I1ZRTBhcc6EqU2N2mhAoGBAJBffkMQ0kAZ4sC0byKjBsvpc/lC5MqNDAg+
+ o1IScs3C2DKGug4wLpxAzWK9CKzd4HEThZCBXZ33fGDSTp1bxD+UjlN8nPaI5NaC
+ V+QIZTgeJQu1fUgWOREkdaWSfccClm4eLhkZx3fCEfzG98BjKrYKEgS0hgUWKzvq
+ dxKkwKHbAoGAbYLffwmj6GKoChkyraObCK96GTYccMs6OO5RO6hctkbSD7TYHOl3
+ Mvy0/3V9gVkPCo3mTDJzxI2wtm7W5Ib9pnW4FCJ5mfxJuQ4xJ65VVWPDkevngwFs
+ iSyvDY5lzMabXa36CoKufRx2kveKd8DPWGb/NCzxR2535A4ibFDb86o=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA2ELPFVG9c6Kbm1mPdvdaO/Ci+iT5MYHRmX2b+V0FzYEZ1/fI
+ RbhVuVvrblRi5WwBPJIgtLarIKu4Yyc7nU7duhx7pB3ugef4JrHKYOnv2UUWKiIx
+ wkbZvP0vr1GihdFaC7FP87hMQz8znzUSJUM4aEdKJTsocSnXDpDkIQ0QzRWpIr0c
+ YhsQJFa5gwKz7GPH5MUq+Bi0pAMbx9a1S97rzFMgQeujxODP3bSS0k3sGhdsTKXz
+ bdSHwSJAbTQBvhgaBVUXuapfLH7jgvpKHvxAvzn48qxpjtWWWi1exW3ux99ioJf7
+ FkqL7TUC+dgWChfBIbORTWWsg5kD58uUtOk6pQIDAQABAoIBAQDA/m48AmRl67me
+ W8CyVHAMieWIArL4QXhB2Fz3ntJs4Uek+pWZ0rV949Ao99oCD+7SlT3myBXT5Ct7
+ ISoMarNpQb39alDNUaydK5EGB/9qEEOFelqZnAz4oaKKfPnjHj+Tq7tELzav1JlG
+ /V+iLWkLdoNu0mp3AvXPI/LSpAxYV9XFxG23Ij+MZg2WGQC6g1ZCKnrLmPf6KvDR
+ h2jyL1Fplu3bH6gkqVABAlVkwUCDNoCBD/uE3AuykrpMiwEhNo4ZY7yyvV1abyUx
+ b5kGqnWwFSrjwjGTn8m5rgkXDbXkRQE9hYJKhq1Zy7f40jq6Q3UJXQAReZz1G2I4
+ a4xybkjJAoGBAN+jW3EelZea39nTZ2ZHw70sx1Dz92hB4DklXhJeg8wjcdV8wGY4
+ bLWjfUcC8fifDlbBYz/OPQrKljafAV/FaK307jGPPL3hOpKCQdu/7ea9VnUXh8DN
+ KwBxBMY3wHdMtWdvqBuq7QKer3pjtRl5LqdI6bGpHyNbKxwS+PzMVGZXAoGBAPeO
+ KqInC0R9f8JnA5SAfwR85bZFs0bsqwAiZVTOYd/8dsXjtK9g51Ke6hl8ZHsd3Bjv
+ DEPqbMGcbdmSpVLFXE2/l6RrW6y6WN0+OWV+TVqwFd+4CLN7MpOg1QiM4KGN1TUW
+ 31P7WcpC1H0tZnCeZmdBxOdX5XDRaSetQ2WJaTFjAoGBAJMcm59q9g63k39v4HnY
+ xXshBLBM/Df59azB1wMQZ3SW8F/2Y34aqfBGbreSyWe6Aa2yIz6qxV7e6zddG4NL
+ kdO05id1yQhDK8uKohYTSETb0g7Ofr+mdx4gOnrF2/beYAp92cDxjF2H03kYM95g
+ 5/6lKQ10agZRB6e9F0r8gpybAoGAcrPesS9iGyQDNHJCyGYZdFzimugEv1IdkXxe
+ c0MFOqFh7yMorzI5PKEBWzm13Q3i03K/viA6sCLpCyzViVqFAElL3BUabxgQ4MJa
+ GdrBwMlh+TzuWys0Lg8RZlrQIkrzhRvJ8sG9wufgSPfmRTw/uoxQzdh+KR3+mTHA
+ zqUypn0CgYEAoqClS/TJabzTnc7IsFfjjTBNgnUDOLgXSIo67erocVBtcFczaX8i
+ COR/YBImr2KOhb8jQ9ucaLBXucOBJyPrahAjeVh31Q/wM41XsoytgBERG5ppU2QV
+ 2l5I64XvRuecEEKPDsmFFSa871xJNebfu1spt5D6TWyXvL7fJYxGfnY=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-17
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAveJOaETPs8E4ZLPvLfs/qdDk8aSRHVqY4ewYf2nWOo13Dwjc
+ X9I4u0xC9sShRxgJsDBmjNTPkOyjPDoof1xz/1xT5cq8wkSJNhfVIr3wBWqIfKwT
+ Gb309lW15B9zocr3kJ0VkL50jVCJU0SQz3IV/h4roo7fkIeIg+dAyPMobaYEYIf+
+ xbHjIHYemCj8IKV1Bwttb8swqVg1QkNOydwJaQ0rBc+t7H1sZCm4k92y31NIO20e
+ NqdV6eUJQbJjoXJzvkQb2O5cOdJH7ryas0pjaBYBMIqYUWyl1nZmwmQtqe5TILpV
+ TgXs/6u/zJ41Da9yeELYtd0no6+gKKwLse6d3QIDAQABAoIBAD2om+9N0Og86PQC
+ Xbtfp6eb9ovk9V5DyfsqsDXHh1ISF8QhC3ZuDA/9zozVAs3UJ2k3/kTi4dfcj5EC
+ DZ51xhD4ySGIOM0YdjnDeWlDpgoMMu/Q7I7iWQYYhOzjraevAb7K03Lh9XTh3wXT
+ 8PX7xNp0r5SkskH7UMAMOsRF+S3JOEtJ8f2jDGs8Clw6NmXxELbyEw5fE3U/kb+R
+ IwgR7Yk1rtsS8VRU7XeFha+RGiiY8HXpOO+Q+2EyEK628gDma+2TqKdiM+U9hFnd
+ 8lPIsJeDnwc83LoIwwGjPlQwdkj4rHH03sNXWmtPn6+CoJK0x7WqG0/uhTA12pDW
+ i7PtVWECgYEA8LOH2n+rleKklnGWknPx+Sfz6j6+aY0m4Q1sRF0g/un2u0LXU4J7
+ zLc0R5pj7vBejuERu1IKUjKsrHgLtWzNTeM6J72i4SErqmTzSFZAHpsqOTh11JEm
+ YGFjWG+4+0PC4YZQfmTBA4M83ViXqJFGAphyJymCBbsAfknwsPGAmBkCgYEAyfPs
+ dULfVmR84pLCKZRcHiAW/sPwz6vWNJdZ3dEa+BPdsU0hqFysr4+qwnYammxWnpbP
+ H8JFI7xymUlosiEOUu4iepup2VeYp28Ty0mNVngolXJi7s5Rr9RYW71ZVJHZbv9K
+ A0YD62QJamvRVEe00il8c3/lOtNFZUZsxW+K/GUCgYAwdzXHnSVjjLsvP7fdzVLP
+ pGfMps2YWz+U2SsPqODX8ywnEJJi0kczNUBlmoS8u9GOW2tCmIZTfrieEZ3p7fp4
+ 0GQJVHnTcuZj7Oe/jP5kK0IZO3EeWAuuJG3ohLZugXpgBrd2e7sRhf9fYlNHMdky
+ 9Jcno4f2t2ymASVhu371IQKBgQCTa1vQvWAK0I/ZVQgnEgWseABROPcwoV9cRJ91
+ LI9jSB0ssAFBxWTJQzaDfXMuBqe0XKIVrNqLm6SMAOpMHZU3NF424iq6XRcyIgNx
+ AeAKnuwBK97MNA+tKnTVgwMSmOUAAZsliJaT3hKBfPLxcuasA1y1c0cCCfc+VopQ
+ FXx/gQKBgQCtsAaX+5MEe2KvELiVol+soyi57IdfW24yzQw3vAnhPYgw99q8lVH7
+ QpqrwNPnvS62LZisI5ELqkRjKqinpMszuXRzBHPytoM3lWwML+Jtvfz41POIAK+z
+ PEI2NsZUVp10ZwZ/KuhcAeaJed43EPvyTyKJmtL8RFWJYtm6HbIkKw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-cab23-r720-19
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEArdA3hVMLYwQ8kDRRZMNdCkue2f0015NnmPOqTSa5m/5NceHp
+ TEojrzN4MxwlugfrjKSUmt5NokUP0fY9fFAwI86MWd+xT1dg1DugEDORS7T/DmFH
+ QGZ5ZhNLJ+Xz/hAQd8xoUe1mCC6Z4EYjB37i+Ov0Ek28POk8hAH6sDEWdwP6op8i
+ DZwhEqgrdMikPSeEikxnZ5tQdPnPT17mYAyYIqLYYyDb7tFlokGc/BfDHX+ifDL2
+ +tpnsDINk4AOdWkyU1UG5Zh8Z9m8rVo9C3O8R5vI5T/8lr1YMG6TfFCtnOQlOeac
+ wsA58rMbmP0hZSZW8Z3A184g4nB6CVmwXjVHmQIDAQABAoIBAGqW69VpDeyU5ocQ
+ bnG6lM4BfdL0wnkJPli/5MoXW2/cTaXvAmD0flms2KOPOVuSC9NeAnvOpBFFBOSf
+ eylHC56Jxew/j762OP0t64TD+vBQeLFa2pUVwpDkeAxpqm09cLvmsHq9ePq/iUHO
+ ASFRoONB35Vx8mPwLFpP1GpEUCB/XucIwwata2F5FLsrcC0dpUlkkAj3TlzgrSmq
+ qOAp2DEkvdG39Pt2jlwez/k78/tk5ZM63VCM0CQO0GMkcntLvL2tRa7TpRqJ1EMh
+ R5ZOJA+02+88BbYl6yZzzurEbKobkkqMWmYlLa+EjbWhxg/hV2kt8APFfWtcoj8b
+ ntfLUwECgYEA4UVzfuN/watxmCaG9GD/5dpust+h1HynLHfiOTx8SN8C6IckpqTS
+ 7Pp50i7yb9lvfNMKd7WdD/6to58LkNNyT9h4A2awFE3Q5y7Ly/GbnR1bz//NnipM
+ E6VxdKCtgs4EvWAE5I2+HtLUlfNsUq4NdJMSzF0FsK5dfvegbb6pG8kCgYEAxYXW
+ SEwcFExXuOX4Vk+DD7SBEToGnDZlTJfd/WR3gOqYY5g5q/YH8Bi1Yg6WycKPgqU+
+ jvggbqg8n8EIfN60crHViibHxL35GHj0NocF+0dkWIStiakL6rblSfo6pLI1E4CP
+ ogzHlPKhOX0ox13i6Vwm5DaQ8AAiicQQie4MFVECgYEA1GirLXMPzKp+kquJRraL
+ s8zR4mHRcs0SyHBF5BgvTHrTgDOlkGgL5p2K7m+L84D/iaBo11Vswl8ulQBrZGSr
+ /bOr/fD+iDaTitjqGuQ3Cd9b6fVWiRNy5ndyUjkLQjJF79aw5lzsbp33C2kas58g
+ WtIuwHnZ2q2exRByueg0BlkCgYBFZG+TlqmGuAtZefF04Ro6Oj/dvXT1DGcqMXBb
+ xR/2unQvCRu5vgWr5AJVIKr41tF0JHmF4MYEGjayKS7CL7tVUASlNFqaU+NfJZ8m
+ SOlhDgPC1VniMvFs1DRZeP+BPNpIr7HGTJcRTOw3NjFNWT6OnUFMi57/sgxwOeFV
+ k7vLAQKBgQCzefkNjxN/NOBNeAVgPO9xbgNHiCsV8F3EpaII2jh3UYDaca2QlcQe
+ MDM2/Z+zO+luZWlemlYLk9Z6aSKpuTC9LOdarrzWrVn/WPs+SsUFffQolQMSTet4
+ DFsv8tZ7J6u6p0QNVnp0Wio5INnOYLErTpsjo9ELAPh87gKJP7ePMA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAwl47DPZVsFP70E55VqXnP8SXzINwYpA5tbemj3l1OLb4x+Mk
+ F7llLY29VIcRwtGMSmiLU5z8S9eUcTxe54eEHRekYQ5s2iuTHWhAvV0zFeYrgaFE
+ xnk9d9HSk5sHAQw7euQxtkO+5GCzJEcggB9hpTO6vDBytsqFSuYGY4StscnUuK/A
+ dumdVmtwQkcZqpCer9LqCrQf/euDj51TB4Q3ZFCg7wN+M8VuNWUq50FMloDqVvmp
+ 2jtWEqIl2PbKYmtZMg+epmKTumsKPELMUMavCLRAvbRdC3Pnrvro1ayzKYUE3j/y
+ TZXEjMcarNtQdPvRBxzt4oNGuCj8bM/U6TSTPQIDAQABAoIBACtEiMao64hWGb9U
+ SMSWJ/VVESmwtMrsKjyehlB4DDU03gq5MKarWa+bVuNDMhv5Q86omSNi1fMYKW5P
+ rxzBWRKU2b3VVTv36Ubpl0fQQHgGhfbUbJf2E03iAotjPlroWzFPLRXS3OK/+AEC
+ aGS9F6KL8mzEKDUyvhtfO1raBUSHMqjeMwZXH0ZDtCVdeobF00/QpWl4JLpHiTd7
+ YgmjIMCk1n6bZsPDCiDzTmpYsSBI3x/dxPwg0w9qG7yBIdJkIzjszJtl69TZYIVQ
+ MYltqlhMbnyqkn4Moq3iAkiDGs7M8UWkdWU89c8LVkyKTkQXDib8/NnNGUbK8g23
+ AIq/Eq0CgYEAydSkgs2nSa9xF37Pq0ViWiZd7KoyyhCDoOT+NDm25DPGSoW8sxSG
+ LQmVmlGnKOV2QYUb5VAT4B3QvC64OW96uFuFNSKWv+9/j86z10Lwe0i4IvOZb4vu
+ WNQG5OXLkjL9dBRIS7/u83E1/b8bFW7PMMXdtRoQYd6QTP8PCK8/rScCgYEA9oja
+ KZhOP426PRcIvmPFUJkuJYqFiyixrm1nzTU01KQq9vH5HzBpdUmLzr5c7PGiR6oA
+ E11b2qyx6ZNG7j1cBorFNFMyr8EScdXLnxh8B5nkqL8DnzU9tLawI4xlYN9fDBWw
+ frVWd1Wy9L9GS+7UnwaZ0nwnPtXWXggv+VhogvsCgYEAiTnSDLllB32IqA/phKqt
+ P1wcuj/SPn7R8EAh8kJXbnshVCPv89Z9j/uXQxBHVlAFgnDNUbGLgfLjrD8btLlu
+ OBDJ1iHJW4CsO4uvzSlPNpNv1xvHdAcxLCYk9daj/ag7mYP8z7wU7GJJ8lfQQ1dO
+ +fteTbcF8nUPqbo1b5Mv+TsCgYEA6qHiqDW5OwlDF8MlYjYIY6X14mrMoF2xhWXA
+ pfAegMZh0bcHtyRXKfY+JhzMygFKxlPIUKXItv0nMjsmBbXGML+/4gXQtq7VRBwK
+ +DbQTFet5OAurUZ5nNVGG/8RuTm99v1phZ5GVbrtX7vvRnNeTp90pHveyhGwPLwk
+ FHaMuSMCgYEAwp8JVVI1wLceG8IaAPVOlRe+rImvByqcD4MKkAEO6CGZvOPzikTi
+ TZl5G6/VyhXem+KX+W39wk3gNWG8P8wJrRQVupM79SczYR/MDttkK+cfbYVqbVRI
+ I4VeyTFBygYABeY5kz8/mV344s8fqzsBid5Jjb6YI7SGwqRaISVlLN8=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAzlWVrjnSnTNnBDOalL/BGNWinKEeEu5L9kxIO9mfLQNnp8hV
+ Nn2W8GbWNLRTNOTR9Yor6zkx5cSeQaht582kvAmKT4/M/lFpvfpbs10pQbz/LGEf
+ jQW7nIEknyzTYt+4eizmUMYS6il3VNAc4oYGOn34iYWTXYn76/M6xU4SZEQRmbCF
+ Vo9swa/m5Ke1/kbpeCd/q6v2kip24TOt0z7e0PkGLhDY/fHnqwzSZ9bC24W9dNaa
+ To02EhvR2heHF/ZaCX2W+PF2RgIi1QYyRTqix0Pfwrp/qsYsDu31N9dNGXj3tV8B
+ QtvHPnC0rVu2J9kQO0QGGsgLVLLJChilI1jHQwIDAQABAoIBAAGJUZwCgjb5cwLs
+ /3GsG9v7e0J/UKIDdD1ZRBBuBmlnZRYyv6+wL7eKjH3H+fai3Y1eggU2X9C+Lg9/
+ GZJoTZm42HbPM0+Re6AWhShIwU3kAmJqNrnuGP+JVqR4yPorgEwomW5wiyODO4g+
+ JHjrVpCI75jWjcpchKu1G/LsKeblN24+px80EpuFesVaofIBTjt+MlMwuCcY+rXy
+ i8o6W00aRph4YYCWymSkfh4lQBL/EVidKLzo2MhZ3CwCMnL0TCxvb3UTfbfnbz4d
+ 4nB+OVfH3GJthpLLCn4Vybq+aJeHoTar62fSRBOoERF9nHdOhbzEVfVhmtUhTv5+
+ CKxIkkECgYEA9VHl7fc8h/Ao+STekAbrUXwzPL02G1LdRRyxeHA2cCmOYgHJe/hY
+ Zx5MzYHG/FSaPlctwBXK/mvXQNeHq5gGH6IS8tGa1Pbc2CchSLh9GL7GA+KSK+tE
+ 2c910d//o7zcOauRSwQXrC5Y0TFzRQ3EJGtkbRnhq3U6TYkC7yxLvi0CgYEA11Ew
+ sa1iuxBupOsdc0Vj3M+p3XuNSHVD2jMP/FM35HIhW2NfgkiX8A9u1VnNj9cblEQ2
+ 1PCVQ5x88qcW9iypV2WF+esJn4cyVFt3gXubAJaMdfQjmuzSe5/Ywoohc+LKhCzh
+ mxo3kakyyXyZxqcz2UywAQVTYIldI3pAHarbcS8CgYEA1GjSJmZhEe7++yJSVvC2
+ xfo9PwUxmRz5m8LJY1f9usYwk2mqtF2G5dpVc8c/rPHwD7RaV6xG9F4Zpfo4bXoX
+ K0KhF4AniOgqtjnDVvzuzAM63thJ6h8uoU1BXbSO245GPOTxy7tCaAJFQvSHMy5F
+ O6eE7/Zt8JBzJ/lPAhofhw0CgYEAjzfp88UojtT3Q6tAA5R8QDvA+RldeHzHjTO5
+ xlR0MPfZSDhpJveyWHNrfW4mVS73oT9eWXVNU5ObaKvLkiNS4FcfLoUv+XSr/YB5
+ lR7qkxGQjETACiTMPH6uZ3gJmFOZ8SEJT2m43KJ2rZ67im9dBYUE7SjltKip0xdV
+ 3mXvYPECgYEAu9ZP2pvwe8wpE9J8948hD3HuaMoaZkQ2/eNWlo1Lr9faAVomCm7/
+ EToupvUI9aAg9ZE9Oe5ZJq9IM0euUyAxcNgKAsjWxdYVxdnGmX6zO9oGlFYkuhEC
+ g1vMI1+pZUPg6u/KVxwjq0T2kUxlY5acYbg1pyrFVZ/26R4pElUF1ts=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAz3nmXK4+ehS731zGx3qfpIZbed1SpZTn3eGKRV7gXzzSku7F
+ pfkVEkfN+iLipaqFvOrqui02JO0Dyv5vgRVzog3KIbyoFD2tUSlN7i9YGZhPJnwP
+ 0VZgq79K9ptjqHE8+q0uBo/KiqnH87mVTEJkZ6sYr3KXBSHJt1FZokUoxIYP7PNf
+ ybOOQ+tDO6AYiU1NRSLcQc7pQPqXgOuDcCMOdnKeat7O9OVWcQGyNkVD3d5ws9HD
+ DUUozmHje2mBdTgEqyV8ZeHiuAM8dEmVTt+4a7xT9tjhelhfAIhwZGW32WhzVoId
+ AwQ7c/pTREPP9A7zfXBFupdlSI0vnwoXLMsRGwIDAQABAoIBAQCxt8AcOWDo36PC
+ A01+B0qB+liW/X7SuMcYJx5yp39X9NiG5aJFtiNXgkwsa/9qWrOuDCe+DAYqAR/T
+ nLhUgNSIxnkTBu+OTvqL3+6SDNnRKsb5tyExdmTeGMCUlqv51+2c6ATZuAeNWTse
+ SSRaqzAoIMXHW0eDLNsFfNhjiAwQsR4WVxro3Gt88u07jY9kyHJ9TQ2hfZDweUUS
+ JW0dDNaaWfRMsBWMLpMm3I9VOXm8/SROSAj2OdFg7dlCU2bkCToMUb8VGpNAijx/
+ 4J5RLCIZgNmxeoPi/dy0eN84i51jcceZqae+WF5BbrtC71oGDqa7ZQarr3bKcDyG
+ GinTzuc5AoGBAN5qMQIXccU3Mxj1MVWoTRFaDEu6mS8zo0NT9ieAhrPPqCPxHEQB
+ sCxJXvm713y3PYJr40GNyLXbq5PM/Vb1fJ8UPZTGUnG/gqoSlVmNg6UOPujpKbKO
+ TUahko7JcmvR/xbgpZsB30CV530FkZPj8KyNqrYsQnYayt0SMLLe35GFAoGBAO7O
+ OxpF2UMnYs9IJfTtJB4auhGhrUI3k9F+m5tzA+WMJIlI0mgpvlA2fosIE4jtrQqh
+ WRG1+lLNy7Pf0P4dy4oxOfcNJlf4hKva1VznpnT+P7UqXhKXYOOUZ3vN7i9q43nX
+ GCUs8gL41Cly1xPGkS7oh/cBz5lQVuj0np6NiEofAoGBANnUcy8zOvAGQfs9mRXl
+ gaVu5f/9Py4lis7UGo9Rp5vP00NwT1ijtqGJMoWwXTn+VTW46Jg5fsvt2zskVzKl
+ t2ot7qoZGoHhKN3c2X0dxkMPkrmWMop4KGL2t4006uWChC0p08feq4Kbzl5557xK
+ UFsPXJSTAHyffPPLbvqgoaHpAoGANEvVhZtmSN6HNP2H0mtcTXts5A+T8bxaEra3
+ PQOjBtH57laUPVtm4goNDEVogcQK8RkEeGxxtVB8G5gYHI5J1KmTGBc5Hmq+IyR5
+ NS9FtLk5GmN81nVwMmZ9gw9F6fxudHA2SW3eUehMDgeoMhx6Dtu9aspqvBhr7/gi
+ BHbaMeECgYEAxC9bPwaZamG79d3zTPG8l51nQY7dW6Jn7WkLkiSMy29VGF29nSgh
+ kTTlQqWjjPBeIpUC4YTL2dB7PvkOFofGHwPox2xUTmi7U3SmsSRN1aBJRgQb+by3
+ 9raGql1VFeUuHsZ5x2YA5b+an590U3OxDzkGDBOU2RdWy9ZLRC7Iox8=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA2RPKuABAbQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4a
+ KSftWM6U8+LMDHyT0p48BwCgdlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+
+ f/OtmgbLtVXX1bkLfcM85YPTVTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4
+ wo+pALsfes6Mm6ygM/n/+z1NUxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZk
+ zYqGNAZr/BZS8mgEGapcp4tF64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceH
+ lF2xYlK/tg0134IZMJ2CRl4XP439p+yN3H/bNQIDAQABAoIBAEcnj6lkm7mirkGC
+ XYx4sioaKx6zJeN9c9+xW1AH7aAvkEip4NVguxIDFRwkWVI2e5XsPCznbbGbVIM7
+ zYzOE7aSP84JlT8gtwjNYo2IuA5oogwZ9somK99zHs7fxpHNyBB/MLTi0yD7fXoM
+ sxQ8XhcjFOrMg4EJNUsu27+/C5S+5SE5uffKE0H6VmeeyqteHZmPAimidQS2jwq/
+ tHqDQ63QTMhZvac2b0szS4dDcr2/tmUSvlph6gaCmqy86QYwpuAPGmF6hADoQXAq
+ Y2aTIM+MiELXwrmQBaVRZ7JWyCIj2JEOltVoZMeNSDSWrJ2WYljxFC6iROFV9Vqj
+ PADko4ECgYEA7iF3LPLI0s7PeK2auhB5hH2azSJZ8qAtMgA/y6fjRt9+BPE3TcX6
+ DxoaI0sbqpmkDDVXQgAIGxZAHIkM517PI4glxwxkZRnC8lBY4ijR5LP3cwYMIRym
+ mky2bV0DbnFNvzU+CXHonD1Psaw7zJYfadgFDaRVc9zQWDPXpd6avMUCgYEA6V3i
+ 7u5Cf5T6o3cfuhyyQCiHbv8QCPt97CIIUrubzVxgjFqr2G1CwzIOu9hQbSCHWqwL
+ rrHDeunC9aCQg34gboneE1KvpLGDjnOBCXBUGLTMnEbFHncw+TlGoBJUb56G0dHq
+ /5/PH/dABl2JOlSrvJT5QWrUO7aByogqqK/5a7ECgYAo/We3O/9nkiPSYQe+OXHB
+ ZaGM5/nVss60yagxlS+hFn1pul/LqmV1zgdrxdT4U8QSOehQOxMqHnVgtBKdjQtY
+ 0Wm3TqHFaV7OORhjraUbmgLhMMxLstPWwZexUY5yp1w7qp2IIKxqoH8kVUJh4AF+
+ RanxBDWVYRAX7qyTJ7M5BQKBgF3T/+AtL9N4JOYAiWMdEpY1NW7tYpcZ9uEwNcR9
+ 5gDFuZP1CM717zfoMoBYUs3tnD5amj/c/Um4H0j/C9uypHuNNxrxzekb7lciHamb
+ 3lQorXPQCIVdSvWJj9ngRM60IGTQT/oDWRXzJWzpwrkPPhWOmEEzIK35jWnPIce9
+ KT2hAoGBAOgmzSvdvzdMcXeUGn0+AaT219vR1RBfpyk0/jkYVemWQosLSEQqbxgw
+ 1Th1Z0JO6277uIbi/BBqgWLhRjjQUIavKHnpoNzUa6pIRh9lNywX7vEbRnRTXpsV
+ t1XJYhUX/5XzT+6ANUCjYcNUeQi1OpUmg6UD724jcF+2naRBDLHF
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAtMEFupWKyrzQnR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoF
+ z/WY9OI/oMvvsr4am56CN+m1sSPOFrJji0+fkMuO94/QkLZEioBgzJb1icI58QIY
+ W8jWvoUYoxJPVNWE2tEm4081Bs4rG7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv0
+ 7sVXLyIHelVEAlTu6Q6OH4rV0mzvHY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZc
+ MzjylQN2Svgt0TcgvzhTQOenfOkDe7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4
+ sJP/T0KZ7MHs0gm7jQBL5+O0AZoWPZgjq03OJwIDAQABAoIBAQCGqsSU5bNZJuGa
+ HbplevFToB4hlMZs8rwaStMCU4WhyAPpDudDr+w8jo/vQeGc3wu945OLCsGGb3Gs
+ 8U0+zpzIaRBkGy69kj5wngMAinv3HdDDYdc6EuEDYvAfFpYqU0Y/LNJ3SlzsbBAr
+ /+nsyXukfMCR9JkWgDoq+68Ja/oCBxtw0rLxrLla5qaYCzNd9W07/je5nknaKkmU
+ h3UM6eUQBOUDEzX1bqYIUb2XMgdrmBGeZ2D0R/t6huc7qjfm1KXktQbrkWCUisXj
+ 00AtKHhIDOIemdb6rt4DBc6mZFcncTOq94+0IoYBm5T6bomngg+bgbwYxprrvVeF
+ 2SL9T6uZAoGBAMV+M2MV9Babhb43TsFSTfLe05xMAl/VkA0ODRJvAOayX0beWhyp
+ UQBbij+pDzIkt4ylPr4jTGv3yQLeORhZSKUnUc4pYfho2iaRP9/IoV5ChF99xJ2N
+ VUG8GSeYAsWWlBBzMBkpXy/CcX35HyytYhhq0XieyudlZC7XgVY5rKSLAoGBAOpN
+ V+JqB38F0EHoUT341SoeVbTV2FtEXGOQS4T3KzgVhNtJwiovHFfhTIwmC+R3ZP+K
+ d4bDm22o+dOwRMcEZ4eGSiY7fizWX08tvYrhsh+ZMPIhRB24m7RTBavBvSIKGOIX
+ w7xNUS9kNOrIY4ZWv3n/zCokxmGBHlyIG4GfWwRVAoGANEfNSKy2Ggn/pLQ1d/3W
+ vrV4JUcF1eLOKHaQxVF3Vprfl/4isrWryMFy3pldeXO411WjP2hOwcIth0HWsXhp
+ P7ch88aGteDj5xPKae5NsYtASZscomyYpjcqHY4jJbVP6u7jS7XlCdqaerOpKgWY
+ E0irvRekNQ9lLvVDutS3vDMCgYEAksBOw2lVuKGThzRTblVkbjUByXoHQWLX2ySN
+ qIKHd2FDDXZtPq6zOffLUhyiZj7B66x2oNnziAPGNmi5K03+6kuaNcgdh0fd+mHT
+ ziD+x/vTRFTBrTvrik5VxvZZ1/ArFbF8z3w91UkWO9e3PnUnCOrGnb7a4kdVFO/L
+ Cq0c/OECgYA3obLPD4vXhSmAUCUI0TD+CvA5gUUmk2k5Q3ZaDQsSBbfMPvpq7F5k
+ yPCPD68j8MPJ2vkr5j09gIvGpgMpRvpaH3QFH36wxcYiL2Q8IZEfy89kTDtrLNP7
+ t4EfrgquO5hcsbfmxtu4xVyVrhRnejOUjoaVLB48bO9Fp9bQKFBUgw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAuPeKvd0k9+0Qt/NUFpmdWz7ztQAHLyQix9YDrcnXbNV8DiSa
+ Q/GTOvdnKLZgQXa10RXpA9s84fSxJO6nBN9PP6EjS38nIZMpybjb6wnqW5Dv/aOB
+ s1rswMkv7vFLtnQQNMGQu+W4t+9iSea2vrX/49z5QPZkYS0J+6GGmktfBZt8J1XK
+ ZYjYDsSD1OIRfEyafVJT1pARzXagnH3YwYuVvpaqcpICsnSIBi0QWr5zDXgfQQ5C
+ 89U1NJAPt8DwWV4hCzjgkzqz2DEBwuFSopNjCZDXX5bqgypJUP3aI59nYyEJ3PvG
+ 40KlQILIN05UmknnMItxwTuw+IqXHb7tOTbhQwIDAQABAoIBAEZ7ZW3179ldh4pg
+ +YDnJlQXx+wHx7UJ8wrtHVfC2wkIzI3jGrmbOzwz/CZCYKlxX9T9oV4r06ZShJIL
+ Mq+jnGIlt/pTyIh9uGW6wGpuy9P6hcjD3m+GzUKlJ1PItM4gqfBAdjNzVREZ8f0x
+ Ih/H4Gtmz8AWY6e37t7o7Q6se9f5giJIT37TMnct87AxAauIrOljP/WiuJCTFPZK
+ YwtXpP0ETNtrAdcJpgGPFsgsvgMpuLybVyjzXFaT1EBNjV0HdYLRSnikiyd3zlKr
+ lWyeOBw4IrF53ArZf7oRZtuMH6yjWQfNzdgXRvooPGy6lBhHJehpXgPZJuMp3ZN/
+ zoy0ubECgYEAxhYrI+17haRa89tcnoLQk7qbqz3LBd9yS9Ep0E3eQPyx3kvuc2iK
+ 5e5CLDgNvaYDSTorUUuE+auDqJt4jyuPh5v/aRBECFVXrIPy2ey7dC4ynaPwH+8f
+ kYK3t0dsPBBk07RVfh//EmZ3Bh9LwnvT+xhXY/Mu8mQjp7vKbAMDTZkCgYEA7wtu
+ g79Hlgci/tFsFuI2BGw2m+BYkVWLzctInsF/A2sqrijAhC+0tNnLijXdWaCT/XWb
+ hvN6q0XMuZGZFvcpDzyocSV2oDwd8g/ULTLpA5xfamDaJNTqVDX2VRSnGKiOk8J/
+ 02jZKBUXBKTj9n+7BdbpVFm9SoYqd3jcwKPdVzsCgYAHqLfGTdpm0nIJ18N/BYPX
+ EnIObvc4pOkgcVfyi/A6BwtBkyIHKFWmik3Ys9okKRUbcbpXDFp55N3UWR6SOpb0
+ IV4Ay/Y1dEdNjlSHhJXC6j5exgX01iQcVjeQSJywvdmILgLYO5h7N6cGf5NIU81g
+ ehJ29OIt0R1n0OUExCEOkQKBgFr/Sw60Hhgql1PRfQgpDM8aMp+cA5svqYypufdV
+ SXiPryulL8QiNPQzhJwUbTLVQgDWaGIzBZt1cr2hg1mOtP6r5KNN056jw/KFvAuI
+ udM6D8h7Hg+vTZTJBgDVX9avM7dj7y0XWLM9dAm8i1smvJc4fJIzpy9ba4cXZ1Ge
+ D4BJAoGBALYT9u2Rk7bNEoJbInZhmtqd9kyO+PBPzLA/ZOzzafIMQM59xJwy4Cui
+ vqA7EHvYJSAXP0CiUxP+X0MITbGTyCzR48fiFi8sY1C+MQaOO06IFapxtQda9r7Z
+ 2NfJxVxgMFh9Y0a8nCGT92BlNs/Mn5Zo378Y80Rra0av/69w6HNF
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAn6CZw9xwsNzdud2OVb8Ixgwe5OiS0mgBKU3bo3bn/v16X3dy
+ vBs93Ar7IPegW64SOaeDzDG+yR79dObL8HAc8jRCGgnJgyfVqsABanZSyzZXmQmo
+ vn8lLPWW1yAF9/mWTduEs4YnFsSDIoD3Ptc9W3OYL1BetSlUTYXIHI7Y8wS/01cC
+ GPFTZZ/xKY2N9sdoFohsKTZuyWWtbMb4ysAIx7ogtEnBCZRz5LoL6JutN2swsM2H
+ BqKFxPom9YxWnnFiXNG5623abzvrWT9oppswqkEeE7NYD+BiNOYRb2OQYlezEl/d
+ 0RUJGTpJLFN1oNWu953+tonATz0GiuL9G2TwfQIDAQABAoIBADH5EEpd57Wm349B
+ ij7T2IZP4xgcq2JNhxeMNVeecRDGABqFBZlYGeyaT3ZJr50kCLad98fkRusl1YlU
+ e8IhBx7YN115dOmnfd+/znGq606NC61wdbB1k4jYtclRUC0KqQBk2c1uESyyhq81
+ mrHEpoPL03f0fEHQ14CRgk1WdxrVAiwjfCiX90WI2GEdpIOsjvR9r6ZAzm0HSFY+
+ qBSaF593Uo0wmthS1YO/gnRdHQv3XtCxbj0HuQ0/8Mjd9aeNvTBGfkZtL38J84qk
+ IAiKWcoqIEPMePFaYiZQDSG7EmbrWTwj48qqSSNav50xo5mrglmWb+j/BAsKfwAn
+ 87E1F00CgYEA0DkaqkU3/aOsL56KCWQ2f623gfisZ7EMSdinbA7cGtpPqbwmZxpi
+ 66n8TiugpQoetNHSDvkake5oUOT8DzCPfJZ3cCLLOnIHuWS3Ni74LK8/fYZvT6gs
+ eRHicj8YWfCps8VcZvsAme3LQPfQS+uE9M4M3GPElDmdUGF4Jt9/Y/cCgYEAxEED
+ gSn0QVaYPCWiVecjKSeDdykiZNpQnN5W2ITQDM1ZeF9zEcDOacooIkh75N1gHRdq
+ LqrMJAn25ARTjqTnMPOJm7yWuPDyCExNeEU5Gk8H1egHsfBAg0yvtJPmF/yYJbZ7
+ 4o9IIX1P7Rei6HwXpIATZ64bKpYijLdMkYTEiisCgYAsmE5RsUlwlSFHgZjmsgPK
+ DJaEy5GBE7YiCriwt+4EAkWVgKpo4onVFy7mPwnEzwoMh/OJKWi7YGgPCzvAtRHG
+ CSPDbHBCMDHfTua+QAj+6PmcFLK6SLZdp6rr9P9uI9D0o4xKse9LCFbDr095MxPi
+ qk6u1N9BL6W1lWp6SNuruQKBgQC/dCU1FnagXxf4ZUZuwyP7+/42ezyAYrINtqHG
+ bBqCwrmrwoIBKbS0Y3CvsUKcTJJ9DuCZUioAZnAilU3mdFzN1mfCNEJdfUDAc5+H
+ 2xAP6FVeihMntZdZ/6/RXA82C0dqUxGcPedCNHuKcmqMnrJ52jAUDzeVXg2qdQ8P
+ TxRlLQKBgQCJ33OZGG0TgPcSW3gbYD9prbsJND/jiaaV12cXYLpeUT2uNMPEBFse
+ /ywgQZ5MObDclpYMih9sMRYU3PXtt/uWgSbWHFyzIZe4wzRDvr+pTNztI3+W5CWF
+ alT7i5sKrAnaD5xG6bNlX4soA5gHXlBVLbkpnVGTCWk3wqbK9HQN1A==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAv+w6qElJ+K4JAOcfd86igVl8AONU8BIeZGMWq47AK3sLxGJx
+ 87jMkjeGg3xEGJ4BvQ1/OqOjmvxvfpPMcRQFZqDEE3Mzr+lZ/po5+5kPqNlz0LN5
+ AU7yx0f1gf/mLVOwSh3te2/cEKVVeau0fDKtt8AdTe+FLAfsklINPQD9ycwsoq66
+ qJQEhdFOuJGRlgNOTiHkqF+4xw7+gChPUTs+WfRTUknC3nQHYt8dPLRHY/Eqb6Cr
+ lw7+1iD252qGIKMlIHl8/FmFDtNM/BBmmg5xeQsAqvu9bGS5M4rOB3Yqo7FhUeDw
+ rJJcYcSbB6Z1U7mffT0F125Wpmi2bssfxdmMMQIDAQABAoIBAQC6GdoDJxX4cuG+
+ I19rME55uQi6X7YUGK2p0D/CWWjUgLs3UfKHT5Hm0rq3sv7hFA5BgN33QYg6mD+Q
+ 8MZUfAKEsq2O4q2jDVa7wFcrNg9uPnXEUNOsRh66yHcy+K39E+Kk7AJFKIGvDnMk
+ yS/5Irc6r6p60SBEQubON4wotFZjns3iVPOQaXbtPXHbDH0PVGi1/Rx2Zo/8VHap
+ 6FvhekXwy26J8xwdAN7AD+5VpwKTbS6Ef+QJpr6gCp+l7FEFLkAiGidUkGx87fba
+ 0hOSnuqSH3jE6b613OCztFbFGhfU/UL3wn9d1PQueHu2CPkWhq2ex+6MuScnWMnm
+ Qx4wPW4lAoGBAPEL9RSp5JqpOZykxI/40Mhtik2iXcQzGvH0M5vz4CrCp93CyQnA
+ EHEajAw9F9F7YX4cz9osDCUAdZNlY6F5IYUboEFkb+UAHidt+LCSl2CR/+Fx88TG
+ W9+6Wndyx5Z+ihM9ZWTxiBWv0gYkTQGJYFzt7gw8xdkDhXD2RvjiiDmTAoGBAMvU
+ I3yV6i+zdhMFxL9nehdUJaxiSjLs/KdXDAOGtegsOw4kaui96ckkJI2T+rUzYaYn
+ PjX00bIG6E+umN6+H+lHHEBXCVIDmoIB5Z7Y1aTL6oZR2yQQZ+KMCJBj8Wr/tIxq
+ Sha7m1q9GHGUygFE+D5mkTNLyqXgu1hT01oq+u2rAoGABqGolW/zHRoovpl92uQi
+ glEZK/eakspBJITuYoz8DtEaIyy3sS/6g9ISJkgL/rRhQ0HxqfPqRZ5UncB9VDTr
+ 6iiPaR0lQuyU58rLu7fcuEhr/LzQ0woN/wK2eHDM8uP6Unsu7e8DKm2S3p5jC/bG
+ kufs06NcYhMJucjcvP4md0cCgYA763crLt8TesxhNzbplb/cj84raRGq+uQjRYGw
+ n69mO2p489fB5+KMUOW2ASSYlCxGrg6pyfjDPyiYFBm4kWfMKi1x9KQ2yfxn76rT
+ EadstM2TAwlLBs+jV8tEtzzHWbh39t8k46399Mz0xurDiMT5gyl4TPWb4f7xLmNZ
+ hH0T1QKBgQCrH2f+Ezv13tOCKuVJcbAql9aKZiXy9dgyrNDZIjwEgbFAhND4gqg8
+ EnA+/jC33ti87GI6QmXylvGCbANuE9Q/jA2unWutHcYewzoatC9PLWKfw2r1IhB+
+ 9aEaz+5+vlfdV4eVo1wO8yR/WRQH96ZIhclirVUGn/OUTid0vq3YvA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAwNtoLXFPSdhYnDbtaXokXiXyMKMiTQyndp0IUD5/VqyrQobA
+ WMgoHMbMDk0jJBISPVvo9cQ3WvdjxdE+UdkfcK1H99B76j2LO7etLd0OYjhNVy44
+ ePAoO7mMBBs0ia62jneNubXtOZMVd4wDNK+WYGKbVDarlwKifc5OMAQFhq5HYdiB
+ ULi2I4suzMkVgQt+M/73vUQoruZj3uePwVEf1JnRXhq96q/LAIaqCrZgJfwpG65B
+ x8nQDRyhjt6LgVXQcHozz9P+Y8B6XiO7MzbIsErepEBYTiNL5Q4/xYI0iYICG96g
+ 1vE0ng4qBeo/APUAcvja9zWzu6OzsPR2VbiT+wIDAQABAoIBAGEjoluRQTCeyjMU
+ 74w7O2o4jr60zKgmgYsbGX7hm94aZsDBgsy1NI8aCtoBPHwEpi9FxhdUV9V32kdf
+ V5Z+WHm2rhNCbcfUa/cOUypQt9f9J+eLnmI8BOfgU4gV8+aNm+Iyka5C1lQzo5Jt
+ cYfuET5HLJnEV7VeXF4ltfg1blshONFdol2jgxXDFoOuImIMfjKwfU6OYcWe0oD0
+ 30DZMnHOj1Pn2Z8LGHEZwWtad16FZo1PDFZMoBMucpdgBM+TyiQS5LT61wkFlb2z
+ VLyUzu+kyfnJbR84lH7e5O6nEbCE1yTn3hNlPlXSfOEYX/n/VVcwXw39/MWxuHoj
+ 1gfAjfECgYEA79bw8yhVDhGuE98Z7brRjMBMgUByBRpUcLq306/LaT+0PDrO2Z45
+ D96RhJIUDVjaZ9SU+5gKg+dYAgJa+3ZSnunOeI/iRYzrEROplsXFkRcfRntekttQ
+ o8Vk0RiCSuWSwzGRJdrqiBBA/vCpCMMfLyreNHcBMGYxqAqS7V1Y3WUCgYEAzdoN
+ A99KGu4oREX67GYd5fsFPf2LZK19pUfVlhXkjLIUZlrQkmWF63I5ACT8sn49Xuui
+ /oSNCmptxDeK/aCjG8AdD20NWJUYdQHBfKrKJHB9Duc7FsPKLLoOv4UPa6L7+4JA
+ Liq7usjECu7fRUSuQWcUqVYeAF2xd2bw2aydxd8CgYBjU0ukF87pra6+8gUl69l+
+ heDpIkxWCqpvqRQaKdJ+uvAkhWJGw3z0MoNnOKvvPx3sJCCy9StdpwBOjLUrMLxU
+ rZVhXo0hqpNrFg6Er1D7nmzIXq0y+nqx6DyxT4oeBGc8SRnIaJn6UWjpa7dFNrGC
+ cill5ubqKVhlNEPW43K69QKBgFSzQeOz/rPyBpOBD+wxYF/+13tYVgDI+ggF9LZa
+ r73MkGRFPcjfCSmFyDps/aUcGHh0EI8VT0tX225/RCtz62lBtTNhtbobLwMGA+0e
+ ASrZNjvpnQCS8x9QNz1KrLunRnOIdowIfVIvxaqR+0BvMBwtI+1BR/ryklEFBFks
+ k4aVAoGBAJXtXsza1imjQrwn4bmBs9eadcdnFr1fuukzoRJi0PK6TQiek6Zf0SGN
+ XMZO+HMUuSnWAHapxOX73t+/qHrfisQta54zjsTQfjNJ22RLucBZ5VyUiWsullGf
+ vZIcMtRevKUaFccBzwjry+FzJPzPHPtDiH07qBqjkHdOgqW4YxEv
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEApD2DU1DArQK4PKOQHzfr+/81s+qoss/0+GFLD1nvCDSZvyjQ
+ 2YcAq1UASatCqaTBbnInmmshwJES2WYh690ApMS2CQS3q0vQcaH0XqD4v1km8/lA
+ XFTwr/EO8ocGz54lh8e6aUyk+TznYgq1E9xWxzo/WCjs4GIf31leeUicG02sbU6N
+ ADw3W6z56Y4Th2Wcvjw9fqvJ5tCeBD3cPbvv4gW14E/82DOPFrj7gxeF8BznQ9IK
+ qxLxncM0CtnKsqgkJZYaqdQ2z6E10D0ytCxLenLgg/GINrXyDdAFpLUX6TZQMmI7
+ k+rOj7IOFCgaPDaS9rG7RPonTyS2/bMIHt3k+wIDAQABAoIBAH0n1uxla/4rRWQI
+ LCpt/elRKIZK+nUQnZes5Hr1SH6TPtn563ToOK1XH9oDpNALmc9lNCKrItRQePGr
+ r4vCJNxqfmFO8/uX0WbWSJbXydZexJ1EQjRaEfOxGXfdR2ZtGCJpI/dcDZdUPupq
+ SGSzEnnNPDodLa0reShFPQXlO/hdNtUDNqDyml5FL21AHbJB6FQav2T/g2FCDT/2
+ h4ocpTxmZb7mB3DoxVJ5Nt6GtXFjpSExaCHUNkh/yxO6d2aeW2zcqr1RJEaGswsU
+ FncCr566P9FOsLuw+UyLRpl1n0ToCmbw0f+bhb+YuXhrjjvDG8t9P+peG1QakOgF
+ oODHV1ECgYEAzheOH+BLbbDguNJur2B4TwOSQtuYB0k0lMoIKXUfuQhAaLIDwaKv
+ 2SnuRru+tkkbrtrIvVg9W2lE6yj04s7oBPxtD2HXGUN9Ne0thykl8L3n8T+/GPrq
+ 01Pj6hGK8M3dkq5mYkaXesdVTH6ZhxlfTiylVblR6MqVGRxkd0MODWMCgYEAzANo
+ FfXqgblGr7VN+M45BHpU6OMGbji4trP67PdT/IgIWXYayJ8lWWIWpEYu0ubauJfV
+ m/tI5tl624fmAduXTtJYWBr6PeZNhdOdohsCdzWmwttI4ZqgeKpOLwTySQx+sSWB
+ Ivyfmd7aXqKmEweFvb2NBxRdGl96zg6L8heyyYkCgYAEHcpT7qnzBe5nIqTdUeL1
+ SQ/5z+MIejjXo/VnxpQcoQKQVMXobzRt9P1yYjub7nfkFTCfP4zyL3cV71p80T8n
+ IleXUA/4zDVLB3K6WWMNnO1uDyTk/dYE5I8P1MvepW4AiQU4f0p1RFf60CiG30Xd
+ DN08ihgNu0YhG0UScL9uGwKBgQCKl3HZIVMqxxue99K9SBLx2Mzf3IIc1ImfDEtV
+ OXujnSHW7GWrjnmH7Bung0oB2fQR3IuvSBixQmK0yfBVqMB0Om7rg4AmFtLpK+X1
+ HtYg96CO1PsAz9NdxYwRYxHY0BUs8GZ2xxkBJaRBD8s0ODMBv8gTXCEXbm91leo6
+ DyFUyQKBgQDAW8r4Mp7x/i/nlgAGhBNIgvkvOA9NdVPIY86ZTrXGs9xif+puPFGH
+ mhFuolJyZI/Yvl54t4apy/Y319CV46L8oOedRD9H85rYtojXJXzUbu04MQeEDTfF
+ Sdxqg0YKbhU7SYHMQu9yRfynUkBJ6XC7mn6ZJ0yDwLUguDJhLPPuMQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TDLyjizuRy
+ zyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0VWHfa9fv
+ ag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+J4OuLLCh
+ Et7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDiXiw2tk61
+ yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8firAtDlkP
+ 3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABAoIBAAR9fDRgiLXGH98I
+ R6ext5pRYFHA/iqgqXpJoYDXvmA2txfc16POF4MHIJfvdi/Lj5Uzhde3OhSKUykB
+ LILTJx73b8h95T7droIFdnpgmsUx46chmgfvVpAyOzmcmW0EUzUcmpEIoNRJd22U
+ pE0NY2rGzMk0tI0ZLj9AvUzf3VWXy3OWl9v0y0XrGUEcdMwWP2MuUWI0yTh+GbVX
+ G+dtrPdN4spR3+NgrSb5pcrgM5UsD/u2fDOfqd5u/piL5d6adb55csTnTXUj98LJ
+ rEUyH8X/lu+yEIQKdUgdyftvS42VQmMhhqCLT0bFjW91LDECjRgh8IjuMn8zjQJQ
+ U990mlkCgYEAwymfVcriPr0X7od0Rg8bhgvj4Qqo//S2nimf0A8UPbHeYePQHq6z
+ zSw70m1qh6HS80gLrf1IxYyo3kmlaTIh+CxMwAx23VaCRNSwIb4Eq7gjXd9aXB9B
+ +G5Ig4QaL1jzI5RW5/nYA5D79nfYelR2/Nw9RzGtSZlY1eCigOU3HwsCgYEA4mVo
+ KWpsQ4DWdhOmv97GzOSIX2kO/omG0ubuX0ASsWxp/82Lm5GmsrOGcbLdoiZBXePo
+ De7mtCQGq+kSbghvAJpSvxbuVrR7cwDOHt/lVkV/YfGe118xGzfg0OQo/nn8tCJ8
+ aVcyCBRexPmUhMbbJ/4f8StIT9dCUmBvvFpVQd0CgYEAifXKZONeu+sAF+Y5E61q
+ T3/oPxVCEm3zCityhamjLVmnUpuwa4AkKk2ynDYssGR8su2jFAOQhdXBKiH1hD+k
+ M8NdHgWxoRWeUPno6HFi6+DnX1yci7Ks9+k96Xpg6EeA2Q3rwWCkiyDafIiLxy4e
+ TvGBf+pmDTkRy19YgLWIGbECgYBw6NxLE32NKPtMhj56oLOLSkrNMss8nQA1vOCT
+ dpQcEpLG9g8zdi+qHijmGau5i9S768c287fxjaoaILKFWAVsSosMLHaPnZGX6IXk
+ Fgv9u8ls4qEyjpIiHfssky3yxIoImM5thwQ3zVj6afLtSXPRfUcW81wsHZJBHUF8
+ sZylrQKBgQCm/64/562C4cHumLeGA2QsXr18E9jWbRrTVtzrNNBU7RpSbZpBLdDr
+ bGl4S4c2VKCDj1HK7doFQ3Ko+jeJEiCwbW3Sj9CP8zDSPJb4BZV6cgw+1nzyXtjT
+ el0b75sbT4J2n5DZHR14Tos6vX4QDHCsrCRclh/9vdqouW8XyJ3I+g==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5duX2fa5VM2nVn9xxt
+ +0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXXs0xhmkT9Cw41ca7k
+ aK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/zHLUMeH2CS7jwxcD
+ AQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5gLmtYKAn6KTrDb4t
+ RVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS89/lCZM16e2A7e+u
+ sJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABAoIBAQCxt4/xF5lnUxgm
+ z0S4NkwsDfvlpZkNXxGNcPTQKhwzRkIhRGvfy+VxLhMl+jaRYVvg10WBAt0XT+ly
+ FyC5JIHUDD4bxfSgtapEHJhFc/rhDzLYxerAktjTsrywyN6jp3aKA1nH060eufkh
+ rscgLD48Lat6FoelkfkQtcnnQZBjulNelaHZ/poAcb4bONNpoISUeo3H6UUEhfO1
+ ezl1TrCew4JkRupHA3b30MFA16Jrt04TfHjCCP5kPJOp9nPOzn9kbjqFo/Omol1j
+ ZgNpXxfX51GWsFPqj3szJWp3Y7u/7/dN75LeRKRSO7W6/lDjWHcJoiWOqReRdgOf
+ qONF8k41AoGBAOyugjyUMF+FXiFnPEze6/mzTGqoi1+czHdsFEgDw//R5AV8SVqj
+ smJSIEUpd+NsGZqaoQJo7vO7Whm3AykWArRVUnn2F+eTH+UJKBNh6HYM674KbADX
+ kKXrzS35HEWH+2qol8/+G47IXajBupYrdPLZ/BGztNxq6bsbSmyc9my/AoGBAP9J
+ stNS5AtwjkfzFAjp0T+S1xLfTS9ajeXwQvW1INNg5ZPDXlrrkw1B+MSbMXwblicN
+ b7QLDYye3wCquKlxfjv9jFsVHRz9ZPRmsIW+eBYUcJrkm8dklaGbLH67RTK3BBEF
+ eOa+iCwFvtq/bGXFywoOG2TekbsHg1T3BhI6DjXjAoGBALCCGFhrP4QNJz0MC3lc
+ imlm4OduGLrOaeHp9VobjNE8y6uXm/D/wan3i19o5KLzXEjjZo4wiXu1TiV9Sdsb
+ Mhsgwmh4Mi2emBur73o8+ysGycypYxBhsts6doMBk6b7GXHal5Ui8ZRTMx4GlEsn
+ z4jJLmZZOdlj1jmWybMkf9ZrAoGBAM5Y1sfDj3rDru3vSDlwLWeynE+v2Sa2jk3W
+ 53jNwEu7XbYTS7g4BDPKKHdabiQ/9B162dhwurH4VI6ob/zeNMfuyL1ykoa1Nx3p
+ xzND4rMOMHqy4EvKPLxUviFt45/7mLjdcH0qcs0Kk9sisU6OEvD8uB3PXYIMr5ZE
+ 2U5wSL47AoGAS70CpQdWI+Er76oDZY0UWEaSbbECf9WRsI2WxsWjL1cuqbSCUFNO
+ mw4iQ5swS2e6YyTCI6FdxNh3d/3g99v/txN1upaLP96I/GhsaMhycgqu6LDNI3ci
+ OJZb3lkvlQmxDYCoZa/5uMV+TWq01oy6syRRk7IEek77KeXjaidTu8o=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-11-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5ERkxbMkn99HLAuBFc
+ y9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMhDCMkjWPbr2Qt8R9S
+ gZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRjUT3EipdpFj8SzC5L
+ e7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV6d+s6TEyASordstT
+ 4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42eWA8ubiiFcTv6DD24
+ JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABAoIBADMT6pcAa/DUYR2/
+ DDFv2XvzOMjDBHaBe620ZCfwBq2uyXPtMCoyLynmtMNih5k5wjvdp9gj0tbKDVc6
+ VWzExFBqmv90AL0H0ZA1a2jA1laUkZwpdpY6+v84zrXsHcLFDUAJtRufRKBeHAV/
+ JQ/he1BZ4yhAbBkUAI2UFFegIppLuzI2IluRahVbg2GC37o4PoNiqDZJ97+XHD06
+ 8UQSogwjHr17f5euAtUYSkfJGQzQvk7Vzyn4ypMNk7MjWrQfq0CdFdU2f83/PnsJ
+ 0TsxBEYtEqU7FpfX7JmEN6C60cnqATMH9UWMMPqQ3jlD4pgJ5wPxDB9v2B+MEvgf
+ +gukVZECgYEA0TDxYYaAYJ27rOEhk8KNikUfonrEuNm5fm6pf3m3/5h7489EZmrE
+ SoNieVt/rA91oJv4KpKBf68G9684cYeUGLMBuK5rdX+buX7HhWH/z0VDwfQ0WS4W
+ QR7w2iQPN/qRPECO3pO+M1J0q8L8JwsbyH41ac6pfMZtA4Frr93ycYMCgYEA87IP
+ rM11Y6oS7f04JB+em7gXkccT3LNvom1QtvPd1swx8AmuNl85VTTLfPTNrye9sXOZ
+ x0SxHt6yGhWwa17L9QC4R/xJ+CY1IKYQFY2k0253Pk2TRoMl+TUV58iNy/mjx63B
+ bLjsTazm9459jfdiJLIYT1SHbbp90g+snbjzktUCgYBn/M5gzn2OiZo7jAYm73Vw
+ oH/jQuf7g6+j29rCFX2TvvcG/Ydg6f39lGYlMYi7vUuZtS6d6woYsKbkBOQn+19x
+ D7rxVTLxy6dbhFwmP9rr6+CMz5oeIrzJTlon9fjiuNnte6IJnqPT209H+rthpTIA
+ bkya9jJmZjTWo0UmvUvBhQKBgFYJjaMyvrk7OIexmPqX90V/D0M2h/qpl0Y/Vfnh
+ y3akjRT0Nf+YSwOcKiOpwlyOqVhXOfmydN4zPaob8jdWNqf/YxB3MB5eTu+B8bfK
+ VGEZZRwoA1EnyGZdqag1lGppbrt2yw15lGQwITNRqV5P8uSFxDNt4oqJBxb81bKx
+ s70pAoGAWp9hgP3+dawp7WedJmu+j7WRQ2QsS/vm09Vq1Q46BaEBlFbDYCb1Av0R
+ CtKbPdTCeG0+uK8EvAVFEoxdrv0pYSJz1/o2zeFW8UVj6b1B1IbKLxzp4+gdQ9lJ
+ 65VAekhHfknCYBSqL44yFNSjGWVxG2FFUMUzgZgxL5xv4SNjxQ4=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-12-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1zLIjpz0UmJcNKXFjO
+ /2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZiceF7GcEIcT16vbHv
+ 6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oPe8RoKniMrQz7Z2OY
+ 0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4cGTdS4rKCgdqxPZs
+ VwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6uds3V0o4bdE9SMSQoG
+ BRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABAoIBAE123zenw3emRmeQ
+ 73cvder28hz+Mxx8dFve2zX9LP3wbpwQlgknwVqhWhY7P0T6SPoP1A+9It6tNEsH
+ /LgGih53U3Sd8geLVgxXB9Y9XAaAn2beDYKc/QMN+QADJ8/CJ10cgBjgkIlSuEPT
+ +NTotjp+55q/Qbo1R2elUJ0NztJuFwzQX6OSqz2PBmRRIdZGJwojHvfKNimgfl04
+ dEwt5afFpLBa0SuNqjSSEhO1Z4u7OYMwfq4SqeDsp0/DC4d0kIFe7q3NTNT9Advo
+ mJLycCtkgGMGqAC6FUXBnpukLCXNsc2+SHNk36zCI84ammxPSZnK3oI+f+Fr9N8T
+ mygtZeUCgYEAyv3ZLf29z6tQD8URXYOtRI2c72iR4PeRTP1URG5/KDt3UBhGP+NZ
+ dtR0z9OqdLfUu6JzNOmM3vshlmxsk2R4NrSBMyxM4sOaxVGsT9DjhEfe5XqjQ7UZ
+ s7VtX4RiuYSVAblsk0+mepmCSGYvrFVpd7SGFcCjgtzH6EljKW3Cnm8CgYEA10LW
+ 9L3h4dK2f7ZqyUPu54WxJd+QtNZbeBlgxddTMpQ95cW0qBrg9S/mQI/MwAEn44XA
+ gjE+kD255xj9opxT4nRqaZ6llW+zAPhMIGiZLHXuGlNNwopRwcgOvcH2g8CaPL/U
+ wWOEjd+uvtvV3XxV8a6o3ft8wVRY3wswbqL6wsMCgYEAthv0ukD5B5Tud6dZg+a9
+ DFJrp5DNxuDzdvmSnu3un/5xdObCJ1DkkynZPhXrx1igvlDoQGECo4zzPgs5gSXS
+ f2mCu5ETzSCk+j7icpy5cJQ10PQsAnM3grTSUa3oD/103J4oXSRI+5Y6fo9GV7os
+ q1rGLD+tsZo2shscni89OXsCgYBbvqUXEobfVItryzegKE/+ZUCnP63RJTs+6LIS
+ ID/ZYs0uzSC+NRaD6bJc+ezuOI/jrPHri0l6+JPvJvuS/sXR0oQ4F+HC2yST2T+4
+ 4FvIU0rz9WVC8Oj/imCeB7klVkVmduwasGuifB9iQRfZmlCW/TYDxlfZnjVyerZd
+ sSDnOQKBgF2z6Loc+I01D5TjD2MH2BwR/e0P4cuse1o67CZhLXcRSR5cHb5LdpBr
+ 6VFODs9DAi6jjUoQqWAih3+kaTJwjpqHO6DdZJeNEzq1wxOSvM3TK9rg3a7ViUZP
+ sjLpQkKYtviHru/142X6p4SHsho1/S5DU/nj1pYyjgReez/fevCc
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-13-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o315a63jSqpl/ZtpMQ
+ VamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3chY3KtJVnhLwZeT9
+ IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DCjTymd2kaupM7HT2c
+ dBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBWbsNE3Ffxf4xlGNDH
+ te2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3zMET2NbBOgMpGR1c
+ oNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABAoIBAF27bz4Wf3NHF3Cd
+ IVEqd4IpvBuPZS3CVAL3NYTKVbp4dtsMz7Dzl2xavXNfkA3UZHNemVMvBWiZtrk9
+ 1G02f9dEMUkgJXljoBljtgfVKjFXjBcmfmE99LZqkwPImquF2Y8Ohw1LLrp8WotM
+ B0RN9zLJ5G+0QGEIf6v4jT2EPAam42AgWbGXZNX0hU8LA2C5m0kG2i6pbxWIYCG3
+ JQDrqoc4wV/f7wsjXxEPVxi1GCK2nTUTThStDm27/N6IluR7E/S88wqZfuvUmAYk
+ j7sTNVA5PXPO0t8quOEh/wcrQZXh4GNlcqAubo53qXBoM4teKehDBEhpoCIXui+s
+ w5MeuYUCgYEAwsieNo/dQmZzNGt8Oje/Kqqay105791CPqpxkTsL349JkxzRnv5M
+ oOMqmOduvHjXLBDWcignRc6b+biIHtGZO89loWvkhJVG3mZhpy4vmSIWBfUWSyxp
+ Gdeiyq+QrCbvMATZxsGa1NAw9w7xvVVw1BT0vP2dpz/uiH+w76tYWtsCgYEA0Sy3
+ Q3Epu3lVQLdziZQhMPfRtbFBlPnyPZ4kyW/pz4OEPVAbTy0UyHqHI/5vJc/siGtW
+ ikUoyWYs9Se8MK7nll0LpYOJlTMfOWx7zaExEKW0XtZ1YfM8dEVJsE+aFhoGpW0u
+ qMjAMU1kAfA7IrufljsiS9m1xEZmKd+DfJnmFwMCgYAeeR5vcNBvy/FoGQzFWuVY
+ enpfKIWg5h+wCCBeVTuFTTh4gIC2/Bfm78NBSqvDZrBbH4M9NtT2Ed3LEriRAb+U
+ YN0IhQWqTGRa9O+AJTSjI3cIlZBYUGlc9qRsS0058ZloDMo5Ux6y/qM6c6cUNOLC
+ +0hSrObWPKVHy5pV1JutEwKBgQCcUsC7RE0d8HWIIhHUlcGgaPRuxwPuJEWnSxLP
+ ADZKgU1IzR87ssM/eGKawcGrDpME+ML6Hul2akfbB1EbSPuGYg8cKQufV09UiQCV
+ EowqlswPvFKJW1CozEdf3n2XWufwpYIjXbRUpDPDRxfKw1Fm4takvRWck8gyLvqD
+ GjjcpQKBgQCVYXNaCfBbRTi+MoUoYHW7qWfSNnkdjghYXBvPRWc2dmusaK470FQC
+ qZ47j7WBcpbN5gsMJrYt4+/nS1Vae9HQg8YxB488hDmi3zae/g7jNI8vyIyt5BoB
+ lewcKaGmZ5saAYxSyBP1s/t8W7L/7f369ZL7Qr6XFGMocfc6eP36pw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-cab23-r720-14-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA0pU7YYKa3dcHpGZGg1yKzYHt8METRU23ovOU3By4Nx5Zgi+C
+ b4s2S+y5lBBszoDYnmrxLCt0hV7/8Atqg8cZCDt1KVGEAKkMTi87YjVs3bFNjevi
+ Nt2IToCsnpXAe5cVl7O1TzKz+XGtuiuDwePh5TJXWv+n8cXuvbPOmcU3ay+KZ2Xa
+ 9OAUxv+/idEmXsipOTFCySC2mOGxz8C8TwlKrmmjQkm9bDdjsgCzqP+7opGXemeP
+ TZGNvAW9vpWcWebUVi5hcrJtta4iTpFNyl6M3H6V2qeK92T7rjX1snDi1i1+VP5K
+ oLghqpX7a5XdJcSf8PrHNTcFXk2HdHStG+5I0wIDAQABAoIBAGkSRPq2bAdcj1ec
+ IHrS5f78YXjLHY5q5MHNv+zD97ao0gh/JBn74C+qAj66o0+2Ql9pBMUBObaCXDmt
+ uIvf/8F3yVHAdpjNwHISZxLtjVBgc03o8IpnpudklLzcA5qnHAMBi+nkZqCD9Cb8
+ J1XLGp99qtCg129vT1wgJ2naWXiE6+p435tSzPETJePYILCJJRAlmHiulrTZhU41
+ 2QbAwL2rHOnHzc8jsEQS6drY4K8F93KnCBq16wy0/S4wHwYKNWono95cL2ShQwnl
+ /f+b3FN6w1HLhxI1Ph0fC9lGXE4dBoFT1i++RR5gI7qzmVT5MJu6DW4w0fiH5TkR
+ CzSN3iECgYEA2lqhYaxvb3xpBeTUtANU5+DQ+I5SScbrinGorWtVmMZrhjMdBE76
+ rAPVrpXjQTXg/SOwzKXs+4iZJ+p/5gMeaNULgDcLRd4JpjkE57XXKVnuwnP1vixc
+ y/FjwGNsT69UqD6jBLqRSwcvQfMxhPpiW36V4X+TyEa78Mg5j+vcSwcCgYEA9uOd
+ CCv0suoTReGAj3mYGXSZ96JfUwVhA9PAQcWIG8Ni9XhbKpuk4DQr2aiGY6DG+Ufp
+ 8FRsUMttQmlqcO2WEdjHVIzqN/aTm8gRLNLoz2UyC/ujO1JHaK5YMozpCVyyyKKB
+ Cu+q+x19ESFHaLsJiiWWxeQ/f8hLvg87LK0aRNUCgYBrLftzPzn/xlii3P0PU2dU
+ 3oSUzP9VWX/6l+nNHheJAzR6ThKbL81ZrBQyOz6unqzOdLtu6K9XlGhhMHkRRUyi
+ 9phLmjk9VUz1O53NwvNXR96rslHYxFvUe6uUHvlmb9ClOQG5634wDtnCjIYtGN44
+ vP0DECVRNG9CNHYU0Bh09wKBgQCG300325tv6gPhVxF+T7TRoytBZsigd/3Js3IB
+ /EEguZpj8v4KxsBJYvbZjwDriDdqkuivy87oTFlBwIjPbFthIIW0IM8LB38XyTHo
+ xMc+FVBDz5IapBYyj5vK8cOUw7k/ddb8/HTxfeiG5SE3i4XonCRDsy8lRWxrRbLT
+ 8zS4iQKBgAvYsplJ+g1Cn80rztTYPh1D1mxYIp4TNIIERDiP1b604UjJ2CrYTwYp
+ YWYpOe2MU+fzGpRUd83TALd/Yd2IerEFaW17HBM3J3hJoEqbRZnFE+46fTv9wFrh
+ PggsHOwQpGVkk4FSiadyIFeuzZVaTf756fFX702xyY2K7Ywhi1UA
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9
+ CrALCublUMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub1
+ 2q3Xic5z/Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDio
+ wSiJ1FQT0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5i
+ jb5xZpdRWjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrf
+ VdlGJ2Qxc3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABAoIBAFVOvB+eCfQ3Y3VI
+ dxihrpaAyTioj1lLAqz/EDYDOwO4Nr/45HSf0Y5dy0xxKxXA9AkFR9b7mArTELXI
+ h8LE9H8414TLpN67ksos7n1zYcg15QSK03ozg3aKodx9tjISwngNxUvupEnyU2p4
+ 6zhpXFyNwMDiL0IRmeEh7qttV8hqcjaEBP/wtT6doGZJ8y86GMXI0siqd+b1EpAD
+ 8huErkwq4CPUy5JbEJQS1oefdC9yxJq26DIlsKy4XWCIIyY1Na5vONGXg3mdU12f
+ whsVm47HlFP05YLNh4New3G7oFITbHL7mXHXC6AW4cM0EYOS177hJIaDG5xuoQNn
+ I/898tECgYEA7Bk5F6IudxOkfnqdEG2fUMj+MIxoVoTALLudT6ndGlSy+9HdrXhy
+ kajrVAFdw6TA+X4rCP/uAQWnANWWqYPM4wbo7DOxVClh2K8eXkhj/mlQ1ZOWFBbf
+ yLiqHRHbAj0fa74hdr4FDfyufNcmw+dDHK2dB5sibFZYHhzpUTGBfE0CgYEA8L1f
+ ZnaVafTsECgTxg6S+YBXbp6TWRCSswhHeoha9qWq1+lhU0J3kObdzmGTqx8DiDOL
+ UrYgCJNafcpGv44p3zCs4ztZFKJFkA62j5prIUuT4OIU6lgRs835qbnTQEEIPTsu
+ 7S3CDB1OKYskL0AXbpRCNJP80jgtWLpxFEJH1y0CgYB3yKxAo1XzsBGK4eaCCTwF
+ HpRoSTQ+gQeHKoC7hDDbRRGx1V4kvrFR2WPbsP3DXvlRG4P2AvLbreR29eaEhowS
+ utS90dQsIPq1ltNPfmbNEt2iHkjMVHahPZ+BNCfrUNt6LHKJ7gpeeE6GpBnU1qYk
+ DKlYzIqAcKYwUPbG7NkHGQKBgQCXDSur3eIYTp5D8PGfRwu/U2EIvqUTsEtr3FkF
+ MENrGT3eJch0dnMRT1qDIUSHjXko37aemjn1R4fy/5VuoePx79e66EUXpk3heunf
+ pvNrO8G4zAJ1m/bXi/kIHtnHKkbiLJ1gImLsOQMPHAgDQcKyFoKH/QcYXDlPwAQt
+ wvzSrQKBgQDJpkuCxh+aeOlYLidbxWxmmBGeyYj3INTomLi9DX9Upy7pnVOiQp7s
+ DpQypBVsyGPI22qkHAKG7goOVlWm4IlJg3sgaie5ZBhac1k51oJnkm+nIXzhunIw
+ u2dRGdGRpIf6VtQn3ZCLa+SZMt9cRcmbx1hh6BiH6Ed80BdiPF+kMQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-11
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum
+ /ne7a8qFCThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWp
+ ukgTHgGyPnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctP
+ W4HvviwqII/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58
+ vZLxNm3YZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9
+ J1vIeFvL2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABAoIBAAhBgQc/YPHX/W4B
+ dP4mi9A1X5V5LHoflbcBedQGA7SHHGB23zFuUvG0mkzt7rsfYMXRiVe/A+p7HrZt
+ KpKi8fBUVFM6aOePss84t59N84GB/RaXGRn2cHSiEu9E+K9KE7q74R0JMIoJgnqV
+ /gGYeHcrdCauUyEOSP4BVBUv0itzg64CDsfQrwNNRr2wQ+eHC3kflqxRqiT9rf41
+ xgIsWmNhpMfDKNGlKnWC5N5N4Rbr6HEE0gzTNK+A/PTP86HmlUDFjoT5SQCdYFId
+ 0Dlxah1cW2A6Nel3DNPqlLTaISHjRv1Sv/4BoSLpRFq7l1pWG3tBEis8NEeV0VF+
+ Lu7o+JUCgYEA1r/O5M/T1mvRmgJVPdgamYSJaorifdu/LYzpjl339hifUVlNfm3x
+ nCl6/RKI1mRvvtYNjra7qnn0J7i1Yk5PvumUoyCDDHI/Hdf56rlHkkqUZHbpxEY9
+ kXIceEvfB+nw7VSwodXpYO0SBNb/rhbVwFKLO3N+0fyzQ7DeJmBwQbsCgYEAxifo
+ YKVcjeEn/SCWd75GOrD7Hh6/NB8PP5S/7qXDWxf/ytV2Eok8GGMzYaQDrTN59sOA
+ UJnQeO/HmCWifVRI/g/3vc4KO1gwrOKtEuv/BHPURh8T1zcqFvF5tawtBylviA04
+ z/P2whq1+fm9mvCEA4FBSj+pNHOgPqfMrnm7XL8CgYAh+uO/7Oq2KQVXezsFuCYt
+ WH1t8F/6TkUn7f4e2tubgzXiZ2ENulPaw+2EEeS5F9deuPwYMu3rAbUSe/WngoC3
+ 0roEPea+l21JSZ1v+LVMfqSQaQiAWCTx2L6MgmTeGbRXuWjhkrmE7r5FKcf3QgG8
+ ltMVKydMDtJGybu9EtFwdQKBgQCZuj4qND+Ahou6cbyp+wCK6eB3do0Jh4sR3Xml
+ UA4lrpGwLzhhmvv3Q4aKGm8LwKK/EN6MKTg1ingDDjdoGapjB8pAAwenEHz6swRo
+ aJO4RZAKMnP3BAHwOLgefAuWwcuX9gH8Op1V6tkArIIvIKaZ/X3Ed2zylz1bPlyp
+ gyEbCwKBgHdMPmQdJIdxrv1yqWRlHrXCS5nr+z98UEdlGqK4ALYsDxA1cGQMZrnR
+ bD3/3P8N9Wg3KUUNDhHRm5hpXvIpttnQ44zT3hk9JDylqKHJ3hn5evzum12SE3Z/
+ jQhAm/W4+ikyKFU18Tq4dEZanAk9+3AabsKd67beTvZ0IpYHwFjj
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-12
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U
+ 40OZNRDy6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGH
+ nTGWId3wZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG
+ 2FZrv2MBv+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqj
+ cmwLakRE2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPk
+ KHS62+rSlA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABAoIBAQCb/+ekW0WiBHFA
+ bZt8D6MYyLfpgGfcyK03tcmXm7a3fXP/W90WU3gQBJ0S5vcZTTCkzd2+O1yJQ4sR
+ n6CkPRa7IuKzMsIPzoM6foZH1jmp0/HCcHCZIfFE/8GDYOMfFK1YDdEO4khhU1h9
+ bfH5dH3icO7orYiSfKnFBJDLa2LGyClbC146r+GNA3cdh3A3YRyKLo4hbg2PqaZu
+ nAt0Za/VOti3fVyeC0pIJD0s7hes1MoT1bPj9Szw/JXBL+6MwxBm575Hi/NtN0Ad
+ akgZ/w9sWoLpF5xQu1wjE9UE9suo7jKDKmyHK5JyQrFKcdzrC+H/2+CeeSbVdegK
+ BtGCw7pJAoGBAPB1XhYbLTUSBpXvElBjhYUBlKOQi50pX4CyVTCxUo21uAbrefNj
+ Vqg3HqRvIkpvaBU2c2jonTJxi9UkUW/u1v8h07GEB/duq1dVxSrnEJCeOa/PsOkX
+ EDKJSO34MrVlxRJTNT/WOkSSzjpGfeET8Ko80XqNK/EbUbZzUqiVuSO9AoGBAP4X
+ jEJVFHBoSF7UZmGacaGBOa85vGDFLc8VmNa2ZiJNpYlWLK0eC9MU+mMDSSa7RWau
+ UB0kyXIab0ixu5CFrxYlSi7oD1Ji7wrI5Qjim2HeFo7cWGIfpRmg8yGTFMheg88S
+ bcBDGJ8XeRip6NypwMUrP5vYt5WjDmQ+XeRN9fBXAoGBAIuz5OH7EBzRSDo8F+vU
+ pnJMJMuS40qACxh+g7gyjb//X9fFX6jkgihhPdBTMR0F9Pa+F/dPjmUMSy2eWCIs
+ JYU9ZfywtOAw0COBlXgDn0AmbWWTyTjjSWnTESgRF4UEh6bJ6RoZoOjOUjrRUbk/
+ GIgPpbUJ6AnA0YyrG88Oje4RAoGBALEH/QwWNQhgT9PqTm7AaV0qKOOh6VLO7qyy
+ kms+aAiMasI2DSiMn5Zwrkcf+e6HWcJBvsWfZM8gBdrzIgh+a8+VKYtm2Y4AKiYs
+ dA7tu27Dipn8gYPUInapwdvpmvhDibhTUa470UK+2vtJHlnn18xH5qiRpM8X7SYA
+ ofA4NRs/AoGAErCHYYRwxUr/F2PebRe7NyRfMBThpsI5AVrFUIkjEVl6KnKozCyi
+ q9csEDDtfpL4SmAeLk/GWUzrjsmlCR9AyHmI5pj1WPZXvl/NLu7DysU2c7RtT5a5
+ ylKFPtH5XMLMoZ91o8HB1z2BHgmBHNVED1y/sW2hnOs809yXwiujMxY=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-13
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZh
+ d0AnXF2JWW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4Yoe
+ eV7SUxt89ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/Crh
+ jwcccR7GKQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ
+ 43rEQLHYfq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEE
+ tstsAAhSH6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABAoIBAHHZpmCsBhGEbDOS
+ LDBC2odhVK8X8nPsrHvgSfutbFVhDMYuEhCUjSf4ErBZbjeUI2pWKvnp02u41tt8
+ PvgnhGNMP9M/QM1dk0wO+68BIWeFV6Eq3M1feSa1vBZiIJ12kKjWIRTBU6yQCKFs
+ xO1MalGXsZIg4CULcWTnNrQQPz1oCrjdKGGW/IbsLDQaWeiz9xWxsSVjrpIiGdgr
+ 0VE4k8b7BoGUcK5AWgeKQky1+CwwlYqh9r+YYwo77bjdWEqoBjn57kgfYjFUDzZi
+ maqIs6mbjUxmAEUBqU0u0jV0nPSYv0tGrcrIc+lSf3J4YGPdSmMzjGeXthj0RgHN
+ rKe5wuUCgYEA7cBDtYtUbzr02MtSBe+8k9AzF8kxfy4mYDNZSXY9SKKYW2j1UyOl
+ bYfQzf7oeuwCQmnBhwcbiV/lMVs1FF/eG1OAnywyRfDbKgwC/P3VbvGsr8uaZVxx
+ 8AGiJwQmIS+RjP4yvIa7v0ORgBgA0ANvhl9zqcTmOyy8ERlfVmxkxw8CgYEA959c
+ Y0+91SETUAwxft/Xnt+62J6XCGUtIYQXKtzziJKMAqJJbZHUiOreyWgHP6Z0vs28
+ SCvHVlDLU+HMS0e+aRN36uQ/pjdPlvYler+0J/IOPaVCUXzyhId6opruIstadvDj
+ nYJxERwzltZY6x4UXUGKQFyhMUEb+X/ZHO3hoFcCgYEAuu0qjycvyJBbB8S8Baza
+ 4ICWW0I1Z2AajhJxRf/v6RbloSEhmS9ylm5tLjkYAeVjVWIe5ZIiBV1fLvIeBpnl
+ YCjD/OHb2P+o4SM2ikDsuWDMPB9hkgYgEurF2dU6QWdMEcWekHmCTbvLPyIgKWw6
+ GDUeFEGaHrZqWytOuP1aMuMCgYAiNZPv7G5PaXhfkK+t1YLWYhZQIui+siuf+72v
+ oELM1WIeYwk95+2y1K/ep06JDpgGXCns1o99b0AH4KP2qny1y4i/nLTmY7HNK0hW
+ QvHCqwAoqBIXa+mdQZJBsKHBkNJ4qCLp+cFhGcJOzmIOaWNq1skgxytFwLb6qxz1
+ kC+hlQKBgD9Q7W63LHvI5U/v+8rSQ+uCYvjV4AvmGEJ0ofjCvD97iUQKgKNlAiII
+ 1ZIQgWGXgJ2t0tA1Jm+dBmY19jiX6dYCr/7tgP8GJitReiWnoFGI6pyAQKpvoT+H
+ iQD58VsBZApM69KqjvuD670tjArBMeo5wnyA4miE5e3LuxO+b2C3
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-14
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA1BcFPyvztF/uE/f0fbcqJd5oE9Dr4fdPcMqj9+i9GR2lczoU
+ 42C94uKOpybyW+voyXYI4edBWyMV5w1nWRnbWdtDic74IwCL6YhMvDPfkEsYwL5F
+ 9ApCCYMMmaaYyZYBy6W54WtZlle7QKbv6zQ1rR9wadd86K4AZ4jDsYYdYHY01IdT
+ hHCtwbB9Cib2/xaB/w8R1/oGRMsAQKIwIdZNuCIvAAz73P+l9dB7R2Kj/rL27ttm
+ 7LCvQjTE0SVfZCoPyu+V6zCofPv90HClzegjvrES3AIEUROxZhwcatqaevGhhyIq
+ mC6dBTjwt/T11a5iIHb5GLkno53vtRfs75EpqQIDAQABAoIBAQDIURHgj5e3dp+7
+ 9obSskw5xi2RAdO48kfy5UInJYhtD2Y0Rdhyxe2zPH61+4APN+r/VN+g1jYRaTsH
+ ps5FBrn5zbGlmHkfPiXnpZesbmYqt/MiINSbYZDrwP4GpaZLR8ZcXSQKd8T+zdAL
+ iWCzSvWjlT0sip3semPhZfhHVL+sWV/RWr5KwGXwaGs65uzFbVcIue7my5V0Gn/i
+ XxixBh/fLnORYZrdpI7ph0ESv+vzNQIgJblUNvjlBJ2zWOid2vPor2B3CHn4KSqm
+ Bu/HZzfXlqoTzMXKs1/GLeiIDcLsjIoyFvYWDodoi55psOu6ypj6/IHB+9udOehM
+ pUPLI7UtAoGBANjYXkwKUfAxsQ0hCs8MlJOBfsvT3wrdQp3x5/HuoSjLw6JmCrfm
+ 6PNlv1WLEdK1NnPfYEv88SLn6wvOA8MgxCOG+gf3EIB07zlIrxIuC2tvMfsdzQus
+ 1FhkGQ4V98CGplSOWLn9WuTNdQOGBbx19I0x+swGILJM1noMVsRsQEYrAoGBAPpi
+ 10EMjWtJSoxhQOIOM0A1eR1e7dSw1ubSf1IFs9Xv53G5Uv2T5kxmj0kv+gV4vvju
+ 8xT5FecVTzuTEfG63JMx5JnzJUsBSH9NBH11n6NEvtjWBXP0tDsYfsuWtKi4hac+
+ qxdCevW9wYHdzaLDRtNCIQVHxlzonMwGMQ7WH9l7AoGAWLDemLFb5Cce6GTMW/Uk
+ S9SaPNnyjyoCVkGcAar9hYcaBDFCTweF3g+Om3lfF9SAahJB+7KAGivLSi/AAC5F
+ qtZJK7rUqAWr1r0wxfnJN+7p/XCp7g2JaIHAca9wfvFT1J/IEIJci9qw8nj9naCN
+ HrcDgjE7bFHbI14qmvo/q7MCgYBnXkbfY/8+O5O7QKs4qAQgjfLiXT5ygE84G87U
+ XeZQfCpgmNHaPiTlhbHB1Tyy5ZZxzrQsBGk2bWW4go717N8DJaXqqKbMwErdwz4H
+ TXgKP2dKvZCivnNpskMmaaFLxmHnGcgoYhnBOgWZR6iNeXDT5okbVPZfhOi2khfO
+ uDeN4QKBgB7g5yg8dJF0hx+npEZ3zEXtb5fWabUvM6o72udnmLtTD9Kl3LvyjGTH
+ grCF+HHIwhtA5HCCGScfBTFs7RvqQeeOvjlTJ5z2ZPTEJkxDDneraDSLFS2mgAKB
+ RezSPkJX/jx1uaP2u1Rm9OP0Ir43zr1pCxV0k4z4I8cAQiySPQKY
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAurcnk2DsQLTrrtNrdHsNsMB/B5TLU+35QPyknLyql9iZNHsu
+ 98Ew8rJA6wYqnq1yZR6pGwvelxfkRcWMrw9rEyahYQU2sv2NYxhdrQFlXa1FZq4D
+ KMVcfXvAMZPViqrPh592LISgemp14bHb0eZF1RBGxjZvkNacUmlkpnhZWc0aFan4
+ OA6jfxis2qDiSyo5jgk2YSrQAfSyNgpAp54Oinr0mItsWR4lVxeu6CxtZP2oSUkq
+ z99KpdX9VVYEr44im0Sl25bf1sGamCfJEksp4c3Tsm7Oz0qDemrlUNWPJrj4K8qb
+ J9meXwV8cz/tTjtpdvFe7oVxv9QXi3/MkPkZowIDAQABAoIBAEGuWD+h4rnIavfu
+ 62foOaKptIXoM7ZsijfwJ7/zJleQHCS4CIei8CMPzYJfgvKatRkZNgeLn1urTeO1
+ YI3ccKAmALLucJV6WBg55AoN6aiQYU+Dex0GgEisFanbBU1oVOSylZGHfiRR+vHP
+ 7THjPUF8HklvsMNUm1zqMjvVLilGQUpujwFMm3DJcW/uphMh54TauCnptGWna1ln
+ S3cBoTy6Ytk5K6m2pQH2WtePnqdChkl6kQRB5A6XVlVN73UBr1Atn+RQG2VXyj18
+ VRDh1SrOxT/XlZAsCKrtI8s5bCaE5vbKQmzg/DhoJuZHXUdo9SMKU4yhEjHvFoWW
+ Lfcw0WECgYEA3DPde5B0ZAN9bE6fXj9axPGbvGIM4BZvjSVctRrONGM4aCVXY5q2
+ Hp52n/aLTPElSNn49qrGs6jmfGWTisBzykv2Wc9XQ+c5MkJ+ePTQ7Epi2hZX9KtT
+ t/NQPfuaPnzDVMtzuj2Az7aw5TEnEQthNqwwf9L1qaK2OPccCT/gKAsCgYEA2RGp
+ Bp3sgDpenqym3BV+XT0xqDpkvDP3jZH9/2jdtSv+nekQlEV59oCJdrnnD0aBDZh6
+ kouI6wU/k/wJwgNYNwU6tUuy5do4tH8TBTa9tczaTodytslyHFta5T8v6CDJZ3Xp
+ pH663mkIC4nOYJJ3zsOQURJ+XGPnYun5brsRm8kCgYA3Rz3eexD82nNt8P7I5haf
+ QhfaXrLkvj0arbpsLGJ/fDj4zAb4FiqJ3TXiSj4F/rNhana5VX20ND5IFCfJuS5Y
+ JmGdghNiFHWjTFX7f1nDN5lBLkK+RRQrJYWLSdIaxa8zZi+THUVs32vg3Un1WWn6
+ E5fJPug0wYgFHOOI3uQiqQKBgQCTDnrTR8QEbwbROqhka49LPXzZuo2qTw6D84b/
+ NJ0W8zIw6sdXm+XvkM8QBwu5dotRmZ5Yj313svuKlvJJZRirVbibQCh3vaoy5fAN
+ 1TMa6ihvkSWvHbRX77AZpQAgo62ukNxzm4Ofz8oqfva4yCGwix7HPd8rWmdUxKw+
+ Ty+zuQKBgQDN1iFVSRcsXg9ygFBDOk/BaDq81WOUpIIfgW2i+Ho61Dy/AmzBcDEr
+ 5e9g4E3cJG/W68MT0ScgLdSEK2MjqbCHVg7k3zjDahcEyqjCCL9XMynzaqK93jRD
+ Z9mJGgHZHmijs3bh9Xrdx92A5zR3axTqVomWO9jwsPW0trd15+ZviA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-11-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAw7kLvPFfXWWLFOHMEuoreC0yIcwgMQH8jfqqpDqMW1amEBQA
+ 5DMEtl/Vbvrv3/EBPRq4nTSeQXZUiOgF9Bp+8qSxAn1j/ZfDQf7+dtDr6Df0VMDl
+ wbeZbtUoZHghMccUFZeZAZ5wvzT7iszFNiymWBdHnhLYbXTignAeZeF0Kwxif5Uy
+ bbjPFcuM1k7k/L64fMxbuxV8ZmgrySWWVLQganTeNLgoujezHkgXrg7YYf04bx7j
+ ko5B7pnXhhMEWKyNOzBKU1zJ6eVBfvWZcv50hNf1lC2e5jNo81pP3N7+E8Jy5+h8
+ rR+YJVfxu1m5KKfJll6AKID6g5Ssyi6p9Q9KxQIDAQABAoIBABHo4+8VM0HLoe92
+ PgNZFEM594VqNWPmp6KiVm0Swnc1NZrxCafYF01M9a3jHoIifpeF03DnOLgKyO+C
+ M9FDf2xar6vnp3e0JHTsjYJ32a51OFFtGVkhoNOog7q112vDqM3VAnZIdk643W+1
+ DzLG4S3ca3xGgzF46aU/9zghakzp+yN7H1zAuY09CuwtwaMBcYQTRPCiOh/1c4fv
+ y7ZVU+reVAU/2saDhIucASEvT8DOrgapTu74QnpDv8SxJP3fQvcpPUhe4cH6fIBS
+ B+kZv+uUGCk+XLhLrF4FrU76ZqgKmhLff46ZjMvjUaH1LSoGnHyb+W2D1Ws7DRNI
+ rq0Zs6ECgYEA0HP3xWeM/CbYT1VUYyJ7BUWnIIAyaItdug3vSuIPHG40xzOSk2mI
+ RWVcfB5Uxa6cyScjgOW9jaNpfk/1Mm9PZpdk90LIspHZX+AE2h22pEaXkD7/QW65
+ c3zX6p4ULgeJegItbPqp5wvazvEV7mh4IzLtPzgVSAbpQrRNZFm1v00CgYEA8F28
+ S8aFB2YGOsMonkASanPxPJmls9ek0212mQyTatrmiP/fGrMRkNlh6EOCieFrKBAh
+ vJBrYvNetM0QpJOB6YkFJdUFjOmlEXCO+2O5PA8flHIk2ORxLfPBDCCfzHxaWW/5
+ BqSfztWcJdoRSXCq/xWwFr4UkuUmV8INEk4cbVkCgYEAykUNUs71PiPPV8Pb+8oU
+ h3wb/OyIfWtmikhFP2t18Ed8DSOdAk+v/G6rvICOD7gsyP+icsv7D/pWPkwGCGd8
+ K3eScF+scaIWxPKSorecZ3FcVorakzqG12p39WBpAnUr0GlWfN4KiXi2XIIRnuJe
+ WQFstyCLffW+2IwuYMawFi0CgYA1zAT0wL3NZhxG0p8orBZzFPgNJCZeFgmh+IHu
+ x03HQK8QQpRgmWt5C+5J2bJBwd4F3XZvibM/NlEgDjWHYCxXZH9udDsFytVTDeoy
+ gaNXudrLkrCEirx6GHBAkpyxW7OtCM6nmfjahhyorCHqWfkrlmMO9AQOzJLEWX4r
+ dqgOIQKBgGFFVxxbVK7QVnZoZ6j/W7Ede+qVM9tAkTvmQP8boeX6yD6GGZ4Y8Xtw
+ 532QYK2dkjrRcShyDbvp+1tZyhjxIRRkjMWqUUCExLiZCWteEUd7vEDfCuExf8fg
+ pwR0ZPHNQkio+mXqUyrESzXhqbla2t5QyTYyHGN2b6NEvxKQ/ok2
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-12-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAnMf1znAeBCDNxRpiMA8TJNNGF/+MfR95k13PcxjnHDrKXIsG
+ 2Gvup+MSQjLCBSNRSPksDyAoWmp6pTh6N57tr8qimaqIyt/0OeOVT2x/q3oKLkKB
+ RGcNtR2qbZ49t8ZFS+9QPmDQLMl7zj2N5khdcyMimNPVedK2va58sZav0OHyg2XP
+ zzsM2G5GIOx3oBoi/nO/obLcaUBHN8lZeFMpnSx+kSrwjK9BsBnspe5spSZyezfR
+ RDWCbNcmxq9X9iqsgEFFJjGoMMyWYQsOas6DdD1tAvV/d5hIWSQITa5u7E5wiuYu
+ kYw7ViLB7FQWMFD/fT5UDQkrTKmMh1sbWpe67QIDAQABAoIBAGQHmKdsFVqg62i0
+ mqz7EUXPnss0+xfh+xmxIujWnK4APJirA2UWCCEJ2d5usCfDDtu2Twwfgl+dzD6a
+ ODBAsHoWmYPdsIVwOkytDdis6xAnP1OgjwVrku1ZziE+czZLxG7cc6A4+Nl6fAls
+ cJra1PTfF/XWQkAF1x5Ss7BC6k4ku3rag6eXReTggdSkZ3iKkdsrJNVydgVANeIb
+ aekK2lh4iu7lG0k5go0G52/kHcRCze5XH1msRJPML0TWOnpehcB5x1ibT5ZNfUAT
+ 0rcBTpLkVdVUlh6Xau07ahhHCnW3x4YjLDlso93xLH2mUYlmGmHssy1mZp6qHaal
+ l5+v6sECgYEAxID4T6fs/TJgyRcF0xmUnzQ3md76jzphzFXz6pcR4YtUzx+DInEE
+ 1Lbo1plotxRGSIOmy+RCcOXrg/eAB1QLJLhE5DfFKygqIf8tV3UAMhJufRIQWksj
+ +55eViiEXLwp+kpDrMtHtg3rv/Eku+Cg7Q7zk0Fo1mqQvyOy3RB4/YkCgYEAzEAU
+ cReHL5HVkALMLmH+zvMW4wkeeXx2WzpIEWOIskWrPZ7jHgoaGUcPJBa2btm3Q/Sf
+ Dilgjx7cPOPxUwFOrxrlycro/coFVVUWmUYhjDd16fFxi9zd1vsEo0UOCdUgR2R7
+ pvuDu2yynYhpESnEpPmqtUXFEMisIO4jHgRT/UUCgYBuH7kJKxrtauZCy9w/yf44
+ mpLucMAKtLVKRoFD3xXuSJ9m1EoxaxVCAJ/MZH0C3SHmUaGQcoOpsbCjbHkbokX8
+ dihlnbupzACQvOk0MiXB6gJxpUX01Fd+E+rabip/rhP4aNY0aFfv9y0/jG0BvYly
+ UQbAZ8/RGje0ZtU+fpTPwQKBgCNatC8fM3c4dw8GbPFaZRDNYxjJa0z8DkCcRf08
+ jVzOUmXIKuf4N6xIcIZ+p/VoGiDZJu78moorfVPM4OjNQSFuNnhHdyz22xV6NP8y
+ 9Hug3fgwosbi5ENiD9tzCIsLKRsyeXTd9F9s4T4DbqxZ3n/v92yJNyNAmQraLZn0
+ hdVBAoGAUGklBpYg5ina4Br+ciWGEWrm2+yGsr0/m2T67oLkM6c/zcvMW3sUrggc
+ /G4IqCj2VtCKaH0ZuTqLTIPA4xcpj0ouMnNi0Nvgkug+eLCOY+lWa//aWFH9U66a
+ xXpYX8uKwQYx4y3CJCmtRyo4MhGol+1rR8OBh/LMzmli++6MJS8=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-13-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA0pa6zcUAGIkJk1tdn/OjFjChIKp5hngrVdJung3XQljK/jLB
+ 7Ij6waHQzR+9fdhSOBeoO0Wggm14J76cucSuHC6FffJj5h5yL9lSuf4XQ0/konRe
+ V6FOXtLy6IiXueF/Bi69SBbUIWN4wGoj4jqi+P3Mj0PnOTq1/+tB/pkh8HkFvt+Z
+ leZZfifHzpR6+h8YZMogZqMhNEw66AzdpEvTfy0B3ugcfkU1rxQ4yFQH6UXRhjHo
+ 45c1GuIcgA1hhg+dS0Jw9eawJS8OctM3QpruKoRNuBr71a6tfEMR1KvzeW6G1Fa+
+ AcIdGTW5SbE5YkZj4BLGq2qRYFkEeQ0wc4dSyQIDAQABAoIBAQDNMmg1ptbwEV/O
+ QUHaYPmx3pKylMozmBaJ2rFEuzHcCU9LIERL6jGEydr+dQYcgNOkqpCXqMG9NVPW
+ TmrCrP4GoeIbljt3eIVFUJrGdutOAKRFE+T1uEz4Is7kfGxziGFQsexoOS5clmOM
+ AiCTCRXSTuOrWbwNzMKY6zD0F1y1xkIEb+mjseUYioWlka8RMlssp0U8AAeG2qSC
+ aQbvnylHs/mjirB5O9hN/x/SxGjhUMjv95koAhG+su2ms1JwhMh6eY9Vt0KJ6NIx
+ 1rE2HkAHHELu9y4pDJQr5iQy2DziBOJ4zFWCrKOCCVCExScL+5Rjd/Q1lOayODTt
+ WES9R6v9AoGBAPUvVGLW/9S3rzNCJEBrSUYe1cCEsST0obASfH9uEsImnddGHbRI
+ Sg/0qsRcqhxctvZ5inP3z5xS9bsvG8HNh8SLd2fE4rZOz5kGkjNt6vszPf8hrJ9Q
+ 7NONKeKpg4Qpi5pu9PY+nKi1WUHlP0u07H4L7g8Ha+BkxqPbMYpFkfFnAoGBANvg
+ vCY8Il0DkTCSbBjbLob+0Oq4KgXPaw+eWiaz8pCYRkvmb7gehSQoR7/Nlihxvooq
+ Cm0gGyZdpYK3GuLhpPNoKfUxviUi2As/DgnYRfqiJFT7FZr4pD7FLUCH6JZVP0Xd
+ zM6PrSMIOmADNEDW/xSICM0W974v85pfqQJdSwxPAoGBAN97fJd7EUV7CB7YsuJk
+ 6C0Z/gu05yKgOKCcuQ4N7ts5B7YpGvowyhExGlZRgFzJxZtzvVdnEb2TgJhVoB9O
+ j+n+lZ/oPh2eSGtbKffmwMCnPGNI9mdhA/zwNrV7fX0BwVXKvU2WVIUSh4EgzEjd
+ aJKbnSnlwdaPBOBl8wntz9ERAoGBAJnsxuphWJES6TY+msv/zJ+WjTxz9n8gyEsj
+ yOqlOJ7+6t9Bj14uh3hbdncQfhkMH55rdecU/cyq7C4I7xp7alU3y3+p9fnbXbDp
+ 0HMV409k6NhQ+bwGajzDHj25pxpuzR+k+TZ1oHgQz4TdWVw25lVCMh8ZABA1U2zz
+ oMZV9y7DAoGAaPzOfLlPeseRARCz0mso4Y5elTgVlTv5bOHjtk7ozS66tyjVlyMN
+ zq1fKj07TG4zIX8aWAID8Nt3dw+03ucGyHV0euvav71H+6CXzdmDb7Oh81f+aSbA
+ X7SEof3XfLWlt9iigJD6AZEuRlB9/D9tn5phhrDfzTmX3Z8abiVUgxE=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-cab23-r720-14-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGyto
+ Pe9i3QSImqbFrmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4
+ VnuCl4w38XhHwkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeag
+ w2wREaRd1wdEMweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+
+ 26mgdoqGQ1jZTYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8ii
+ fEKt100wOQH15hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABAoIBAB3jpG+D45sUCDPz
+ 4oWPEyApNSGO11KHSg2g/BeFYZsUW35+BsqgVqZpHuOPhuQqHQm7HL6lE4O+TUhf
+ g6uhPC+exy4AM5NN0lynqDJaUEc1n4hsRJSCyW3LjaFIgzVOS3oxrQQ6v1w6ZaCG
+ oEZcrzQBi6Qc1+PQzQkLUBJoIo2jhHhRJ5ygNLUnhZPQuYtjmTz6OLmc70uCQGpr
+ q85cyJIvGLPFJJG84AfZfYGE+5rGAmH0DJNJUa6NPLEw8RR7a5fZyIBDhb+yji22
+ rj1+udMy60ZV8ROJW7wywqR+726ELAaDHFEU/OeSwUtszWBIZpIfLobYHFpZdpDF
+ Mc8moNkCgYEA0N8Y30SKLhzbq3Ig7VPS4msEGNUjJvMlct8YniFuHcN4zaWIFtEf
+ aDRoWnqa8CtVWl8FiuL+umpQ0eVkzH0R/vTVUq1wu06Y7XwYyLRNMnssw1PSyBED
+ 2QZF/j4Hk8JRAvva2RKXLwne+Lljeb9PmZuzxpdXjYNGmD9OiTdME98CgYEA69Cr
+ z+JPTwUSdBoPnkFeO1IZC+rflBFJzj3R50xjSiAp/Q+KvNogEvYzb5mbZW5RcyyV
+ uAYY+9OTdzQyZwxr8SDGK7ilwsQwnl/+uuLLn6HWOjqPAeLpbmB04mljl5Ft2ADN
+ 6Eks0NYJ5F1x25lmj7QXRtGYo+2WU7w2pp662kUCgYBnwIowTXF+GmObtCNbACpe
+ wd3VH/pIHLtbZipqUhzKuBBHxpPlEZfSQUYcu44/AqdxLoYoST1TCACBYrtBQFcy
+ GBfm67R1tkMMpHoDKFy4WKsRk4++RYVtxkn6UoGdCgcHvmclMLDccsDJN/2LulYl
+ 7UvNt9uLtcvZUIkIa+lkbQKBgQCj+iK/F9uWUyyV11ls7n+cOGZ6RwTZbXwpEgvY
+ DuIsNVl9Q0VyNSuAg/sYa3QHgELbF/G0WWkeE+3DQmSaC6Uzs1qaJHf/i3VTa+Uy
+ B2sYwey56OZwpV01B5W/qxE54ELFpSmJkPi871lJl0EJNw5+dviIok7GDvwtlf9a
+ tZ2xEQKBgFWMUupdVMl9DZJTN2RNP/4q6/FUTFfGRRoKUoVgN8e2X+nHikUvDTHd
+ 08mJqSHTFmQn/7bv4MH5mVbBAhgitcVXCvYooR6BNIL0SXbjgr2VNz/ZqVIsWGvW
+ fW8SM6qMR4CyZkEcW161Zvz4XzGnaIQ3MbkFtfJy/i+wfspdUFZr
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN PUBLIC KEY-----
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Ndu2d3Wp0Th24IOVyt
+ wmhCWSTyCsY/+PZ6CO1JwhvxA/LLR+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEK
+ O0erydvCT/MKkk/+oKoLTum7TEoWredGPHlri6xMqktFjlW4O2487JvBx5q1wObV
+ nb1vpv9pnW8isSBRWiQAlsol3Bai3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQ
+ KPSl1qnQ7h3rNzj7J7Aw5soo7cJKWl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ
+ 2FzisZs3Jz4izLgi8r6hB/NbIOOc5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcM
+ PQIDAQAB
+ -----END PUBLIC KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAz8Ndu2d3Wp0Th24IOVytwmhCWSTyCsY/+PZ6CO1JwhvxA/LL
+ R+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEKO0erydvCT/MKkk/+oKoLTum7TEoW
+ redGPHlri6xMqktFjlW4O2487JvBx5q1wObVnb1vpv9pnW8isSBRWiQAlsol3Bai
+ 3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQKPSl1qnQ7h3rNzj7J7Aw5soo7cJK
+ Wl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ2FzisZs3Jz4izLgi8r6hB/NbIOOc
+ 5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcMPQIDAQABAoIBABhHwa2EEvvA/aZH
+ IqjpftkIbDCU08CUmKdUzsA6UvNfZpRKjJ0z/Afoo9EPYlu0xKuGZTcVrCWJ9uI3
+ sP5/960j3By0FQpY4fRlauGF3dp0EFKDGhFqxNeObRYepbsFHvTaabRwVqhkL4pP
+ N0x67Z4IpILEuKgQc+J1X2yEZpk4gq5j7AWvpVIjt1TdznLgpsmcUWT/MAh2uTiu
+ Fcre+xC3C9a8M2/Df3I5CRff1g4rIRIdOWG+5cqBu8tPEDBllyKZe+9KouhoxJIx
+ cd+ooLHhKKtR4nV8X7w6UiRLd6MYfcAEQKpkc8InP4oE93moSdyPGGUZf09kimfC
+ d5v+U/UCgYEA8IX/Y0DYaIy7XXtyDxAusDhYUewFIW7LVqmphSUVolgcSbILWki1
+ OtfLMZJ/Ft+p7f+PSVFFi7Cm9E0nc8t/As4MhPNMMQxgzs0qaFfXVfEY1gY4KBwr
+ 8RpZn3/dHZSlZVjD5hp2ZagHEOmN3b7ZdqTYr2k1uAJe++YVHHcQKzcCgYEA3SG6
+ P0RKGNpeJajIiUh7ehdA17FRw9vB8ui6tzh+2PxTtkv988GOBHH/NTaitvTvyi5D
+ u7ayyYcuQANQaKlWRB8zLq3Rwl7uXRF0fqKgK3yDGoZVdljBd0zjzIcuyzHJq4/W
+ KCVGDSFmmeAo+8r/zJkzsFX3kpLFEWRZlxIHhisCgYEAnEy3dWxCNU6ew1Tg/eDq
+ NiGnYzUY8GzrPlnqi1daA7F2UH2e2wC8pIxuwrwMUnTuHHciSebCZtBY7hDlPl5T
+ HyN/BzaDoKwGjNzOXhgXGwYduZc5DvefpoIVE40nx309LerNAs7XeaADV34ubpcD
+ AhKFrReVjQodZ1xRA7pri2kCgYAfWyH6yKctIQHKm0VcWh/QLy3tp+ItQKMe26tm
+ QaeTAyyno9ztzJtju/pxRD8MbGz4IVlPa9esRfPj9dRYEvL9k+MBEnq08hsgrVH0
+ hwDpSa2ZfETwFCPS099VaDHVdEjhf/LhHG/zerH+zc9h7OYaz/qJXZdOfGtfTPh7
+ OH5CowKBgQCeoKwc5o+WXZl+ebFpwX3eLE3mlGDGwLnJ3N8bue7IIHZOes3Zihbq
+ G1Bx31npUYt8Ylr7z7wbcLMuEGxWzdLJr6C+J6XwmI+l2j1q1knn0N7scptv54HH
+ BM1Yk/elAaeuAdKDrdud9daBhGuoBVgyAbpQiq0iXgomcPjvU2jvrg==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1
--- /dev/null
+---
+# self-signed certifacte generated based on
+# https://libvirt.org/remote.html#Remote_certificates
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-crt
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+ MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+ ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+ r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+ F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+ bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+ eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+ k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+ YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+ EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+ gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+ MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+ bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+ gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+ aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+ BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+ HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+ BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+ WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+ X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+ vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+ JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+ ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+ DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+ w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+ VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-ca
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+ MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+ AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+ OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+ o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+ YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+ fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+ GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+ T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+ d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+ mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+ BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+ AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+ 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+ EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+ zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+ XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+ d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+ TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+ XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+ +g==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-key
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+ OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+ 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+ 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+ U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+ Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+ MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+ g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+ DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+ qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+ qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+ 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+ ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+ Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+ uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+ g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+ PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+ +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+ HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+ X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+ wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+ GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+ mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+ mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+ ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+ E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+ 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+ 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+ 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+ TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+ QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+ pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+ /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+ pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+ dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+ 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+ gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+ -----END RSA PRIVATE KEY-----
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_fsid
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_swift_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ipmi_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: maas-region-key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_stack_user_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_trustee_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_horizon_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_elasticsearch_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_session_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_kibana_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_nagios_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_openstack_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_ldap_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_cache_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_placement_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ubuntu_crypt_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_airflow_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_armada_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_promenade_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
--- /dev/null
+---
+# High-level pegleg site definition file
+schema: pegleg/SiteDefinition/v1
+metadata:
+ schema: metadata/Document/v1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ # NEWSITE-CHANGEME: Replace with the site name
+ name: airship-seaworthy
+ storagePolicy: cleartext
+data:
+ # Deprecated revision system, will be removed later. Do not modify.
+ revision: v4.0
+ # The type layer this site will delpoy with. Type layer is found in the
+ # type folder.
+ site_type: foundry
+...
--- /dev/null
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[2].hostname
+ dest:
+ path: .values.nodes[3].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis hostname - cab23-r720-11
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-11
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-11
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-11-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-11-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - cab23-r720-12
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - cab23-r720-13
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-13-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-13-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+ # master node 3 hostname - cab23-r720-14
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-14-peer
+ path: .
+ dest:
+ path: .values.nodes[3].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-14-peer
+ path: $
+ dest:
+ path: .values.nodes[3].tls.peer.key
+
+data: {}
+...
--- /dev/null
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which k8s etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[2].hostname
+ dest:
+ path: .values.nodes[3].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis Exception*
+ # *NOTE: This is an exception in that `genesis` is not the hostname of the
+ # genesis node, but `genesis` is reference here in the certificate names
+ # because of certain Promenade assumptions that may be addressed in the
+ # future. Therefore `genesis` is used instead of `cab23-r720-11` here.
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - cab23-r720-12
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - cab23-r720-13
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-13-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-13-peer
+ path: $
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+ # master node 3 hostname - cab23-r720-14
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-cab23-r720-14-peer
+ path: .
+ dest:
+ path: .values.nodes[3].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-cab23-r720-14-peer
+ path: $
+ dest:
+ path: .values.nodes[3].tls.peer.key
+
+data: {}
+...
--- /dev/null
+---
+# The purpose of this file is to define the environment-specific public-facing
+# VIP for the ingress controller
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ingress-kube-system
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ ingress: kube-system
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: elasticsearch-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluent-logging
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluent-logging-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: neutron-fixme
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 4 nodes = 32
+ osd: 32
+...
--- /dev/null
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 8
+...
--- /dev/null
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ # NEWSITE-CHANGEME: The OSD count and configuration here should not need
+ # to change if your HW matches the HW used in this environment.
+ # Otherwise you may need to add or subtract disks to this list.
+ osd:
+ - data:
+ type: block-logical
+ location: /dev/sdc
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdc
+ - data:
+ type: block-logical
+ location: /dev/sdd
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdd
+ - data:
+ type: block-logical
+ location: /dev/sde
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sde
+ - data:
+ type: block-logical
+ location: /dev/sdf
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdf
+ - data:
+ type: block-logical
+ location: /dev/sdg
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdg
+ - data:
+ type: block-logical
+ location: /dev/sdh
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdh
+ - data:
+ type: block-logical
+ location: /dev/sdi
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdi
+ - data:
+ type: block-logical
+ location: /dev/sdj
+ journal:
+ type: directory
+ location: /var/lib/ceph/cp/journal-sdj
+...
--- /dev/null
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+# based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-divingbell-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .values.conf.uamlite.users[0].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[0].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ubuntu_crypt_password
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[1].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+data:
+ values:
+ conf:
+ uamlite:
+ users:
+ - user_name: ubuntu
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: airship
+ user_sudo: true
+ user_sshkeys: []
+...
--- /dev/null
+---
+# This file defines site-specific deviations for MaaS.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-maas
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-maas-global
+ actions:
+ - method: replace
+ path: .values.conf.maas.proxy
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ maas:
+ images:
+ default_os: 'ubuntu'
+ default_image: 'xenial'
+ default_kernel: 'hwe-16.04'
+ proxy:
+ # Whether deploying nodes should use MaaS region as an APT proxy.
+ proxy_enabled: false
+ # NEWSITE-CHANGEME: Whether MaaS region should utilize an external proxy
+ # for accessing repos. Set to 'true' if your environment needs a proxy
+ # to get to the upstream package mirrors, and false otherwise.
+ peer_proxy_enabled: false
+ # NEWSITE-CHANGEME: If your site requires a proxy to reach upstream
+ # package mirrors, enter the proxy information here. Otherwise, comment
+ # out this line.
+ # proxy_server: http://proxy.example.com:8080
+...
--- /dev/null
+---
+# The purpose of this file is to provide site-specific parameters for the ucp-
+# promenade chart.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-promenade
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-promenade-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ env:
+ promenade_api: []
+ # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: http_proxy
+ # value: http://proxy.example.com:8080
+ # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: https_proxy
+ # value: http://proxy.example.com:8080
+ # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
+ # IPs / domain names which the proxy should not be used for (i.e. the
+ # cluster domain and kubernetes service_cidr defined in common-addresses)
+ # Otherwise comment out these lines.
+ # - name: no_proxy
+ # value: 10.36.0.1,.cluster.local
+ # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: HTTP_PROXY
+ # value: http://proxy.example.com:8080
+ # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: HTTPS_PROXY
+ # value: http://proxy.example.com:8080
+ # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
+ # IPs / domain names which the proxy should not be used for (i.e. the
+ # cluster domain and kubernetes service_cidr defined in common-addresses)
+ # Otherwise comment out these lines.
+ # - name: NO_PROXY
+ # value: 10.36.0.1,.cluster.local
+...
--- /dev/null
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-software-config
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ osh:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: airship-seaworthy
+...
--- /dev/null
+---
+# The purpose of this file is to define the site's endpoint catalog. This should
+# not need to be modified for a new site.
+# #GLOBAL-CANDIDATE#
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ # substitutions:
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .ucp.identity.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .ucp.shipyard.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .ceph.object_store.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .ceph.ceph_object_store.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .ceph.object_store.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .ceph.object_store.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .ceph.object_store.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .ucp.identity.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .ucp.identity.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .ucp.identity.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .ucp.shipyard.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .ucp.shipyard.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .ucp.shipyard.host_fqdn_override.public.tls.key
+data:
+ ucp:
+ identity:
+ namespace: ucp
+ name: keystone
+ hosts:
+ default: keystone-api
+ public: keystone
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: iam.DOMAIN
+ path:
+ default: /v3
+ scheme:
+ default: http
+ # public: https
+ port:
+ admin:
+ default: 35357
+ api:
+ default: 80
+ public: 80
+ armada:
+ name: armada
+ hosts:
+ default: armada-api
+ public: armada
+ port:
+ api:
+ default: 8000
+ path:
+ default: /api/v1.0
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ deckhand:
+ name: deckhand
+ hosts:
+ default: deckhand-int
+ public: deckhand-api
+ port:
+ api:
+ default: 9000
+ path:
+ default: /api/v1.0
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ postgresql:
+ name: postgresql
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: postgresql+psycopg2
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ postgresql_airflow_celery:
+ name: postgresql_airflow_celery_db
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: db+postgresql
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ oslo_db:
+ hosts:
+ default: mariadb
+ discovery: mariadb-discovery
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ wsrep:
+ default: 4567
+ key_manager:
+ name: barbican
+ hosts:
+ default: barbican-api
+ public: barbican
+ host_fqdn_override:
+ default: null
+ path:
+ default: /v1
+ scheme:
+ default: http
+ port:
+ api:
+ default: 9311
+ public: 80
+ oslo_messaging:
+ namespace: null
+ hosts:
+ default: rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /openstack
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ oslo_cache:
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ physicalprovisioner:
+ name: drydock
+ hosts:
+ default: drydock-api
+ port:
+ api:
+ default: 9000
+ nodeport: 31900
+ path:
+ default: /api/v1.0
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ maas_region_ui:
+ name: maas-region-ui
+ hosts:
+ default: maas-region-ui
+ public: maas
+ path:
+ default: /MAAS
+ scheme:
+ default: "http"
+ port:
+ region_ui:
+ default: 80
+ public: 80
+ host_fqdn_override:
+ default: null
+ kubernetesprovisioner:
+ name: promenade
+ hosts:
+ default: promenade-api
+ port:
+ api:
+ default: 80
+ path:
+ default: /api/v1.0
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ shipyard:
+ name: shipyard
+ hosts:
+ default: shipyard-int
+ public: shipyard-api
+ port:
+ api:
+ default: 9000
+ public: 80
+ path:
+ default: /api/v1.0
+ scheme:
+ default: http
+ # public: https
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: shipyard.DOMAIN
+ airflow_web:
+ name: airflow-web
+ hosts:
+ default: airflow-web-int
+ public: airflow-web
+ port:
+ airflow_web:
+ default: 8080
+ path:
+ default: /
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ airflow_flower:
+ name: airflow-flower
+ hosts:
+ default: airflow-flower
+ port:
+ airflow_flower:
+ default: 5555
+ path:
+ default: /
+ scheme:
+ default: http
+ host_fqdn_override:
+ default: null
+ ceph:
+ object_store:
+ name: swift
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: object-store.DOMAIN
+ path:
+ default: /swift/v1
+ scheme:
+ default: http
+ # public: "https"
+ port:
+ api:
+ default: 8088
+ # public: 443
+ ceph_object_store:
+ name: radosgw
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: object-store.DOMAIN
+ path:
+ default: /auth/v1.0
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8088
+ # public: 443
+ ceph_mon:
+ namespace: ceph
+ hosts:
+ default: ceph-mon
+ discovery: ceph-mon-discovery
+ host_fqdn_override:
+ default: null
+ port:
+ mon:
+ default: 6789
+ ceph_mgr:
+ namespace: ceph
+ hosts:
+ default: ceph-mgr
+ host_fqdn_override:
+ default: null
+ port:
+ mgr:
+ default: 7000
+ scheme:
+ default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ # substitutions:
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.object_store.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.ceph_object_store.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.object_store.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.object_store.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.object_store.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.image.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.cloudformation.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.orchestration.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.compute.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.placement.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.network.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.identity.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.dashboard.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.volume.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.volumev2.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh.volumev3.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.identity.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.identity.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.identity.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.orchestration.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.orchestration.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.orchestration.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.cloudformation.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.cloudformation.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.cloudformation.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.dashboard.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.dashboard.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.dashboard.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.image.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.image.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.image.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.volume.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.volume.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.volume.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.volumev2.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.volumev2.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.volumev2.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.volumev3.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.volumev3.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.volumev3.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.compute.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.compute.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.compute.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.placement.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.placement.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.placement.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh.network.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh.network.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh.network.host_fqdn_override.public.tls.key
+data:
+ osh:
+ object_store:
+ name: swift
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: object-store.DOMAIN
+ path:
+ default: /swift/v1/KEY_$(tenant_id)s
+ scheme:
+ default: http
+ # public: "https"
+ port:
+ api:
+ default: 8088
+ # public: 443
+ ceph_object_store:
+ name: radosgw
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: object-store.DOMAIN
+ path:
+ default: /auth/v1.0
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8088
+ # public: 443
+ oslo_db:
+ hosts:
+ default: mariadb
+ discovery: mariadb-discovery
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ wsrep:
+ default: 4567
+ keystone_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: keystone-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /keystone
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ keystone_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: keystone-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ oslo_cache:
+ namespace: openstack
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ identity:
+ namespace: openstack
+ name: keystone
+ hosts:
+ default: keystone-api
+ public: keystone
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: identity.DOMAIN
+ path:
+ default: /v3
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ admin:
+ default: 35357
+ api:
+ default: 80
+ # public: 443
+ glance_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: glance-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /glance
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ glance_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: glance-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ image:
+ name: glance
+ hosts:
+ default: glance-api
+ public: glance
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: image.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 9292
+ # public: 443
+ image_registry:
+ name: glance-registry
+ hosts:
+ default: glance-registry
+ public: glance-reg
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9191
+ public: 80
+ cinder_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: cinder-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /cinder
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ cinder_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: cinder-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ volume:
+ name: cinder
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: volume.DOMAIN
+ path:
+ default: "/v1/%(tenant_id)s"
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8776
+ # public: 443
+ volumev2:
+ name: cinderv2
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: volume.DOMAIN
+ path:
+ default: "/v2/%(tenant_id)s"
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8776
+ # public: 443
+ volumev3:
+ name: cinderv3
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: volume.DOMAIN
+ path:
+ default: "/v3/%(tenant_id)s"
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8776
+ # public: 443
+ heat_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: heat-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /heat
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ heat_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: heat-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ orchestration:
+ name: heat
+ hosts:
+ default: heat-api
+ public: heat
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: orchestration.DOMAIN
+ path:
+ default: "/v1/%(project_id)s"
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8004
+ # public: 443
+ cloudformation:
+ name: heat-cfn
+ hosts:
+ default: heat-cfn
+ public: cloudformation
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: cloudformation.DOMAIN
+ path:
+ default: /v1
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8000
+ # public: 443
+ cloudwatch:
+ name: heat-cloudwatch
+ hosts:
+ default: heat-cloudwatch
+ public: cloudwatch
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ type: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 8003
+ public: 80
+ neutron_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: neutron-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /neutron
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ neutron_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: neutron-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ network:
+ name: neutron
+ hosts:
+ default: neutron-server
+ public: neutron
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: network.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 9696
+ # public: 443
+ nova_oslo_messaging:
+ namespace: openstack
+ hosts:
+ default: nova-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /nova
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ nova_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: nova-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ compute:
+ name: nova
+ hosts:
+ default: nova-api
+ public: nova
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: compute.DOMAIN
+ path:
+ default: "/v2/%(tenant_id)s"
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8774
+ # public: 443
+ novncproxy:
+ default: 443
+ compute_metadata:
+ name: nova
+ hosts:
+ default: nova-metadata
+ public: metadata
+ host_fqdn_override:
+ default: null
+ path:
+ default: /
+ scheme:
+ default: "http"
+ port:
+ metadata:
+ default: 8775
+ public: 80
+ compute_novnc_proxy:
+ name: nova
+ hosts:
+ default: nova-novncproxy
+ public: novncproxy
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: nova-novncproxy.DOMAIN
+ path:
+ default: /vnc_auto.html
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ novnc_proxy:
+ default: 6080
+ # public: 443
+ compute_spice_proxy:
+ name: nova
+ hosts:
+ default: nova-spiceproxy
+ host_fqdn_override:
+ default: null
+ path:
+ default: /spice_auto.html
+ scheme:
+ default: "http"
+ port:
+ spice_proxy:
+ default: 6082
+ placement:
+ name: placement
+ hosts:
+ default: placement-api
+ public: placement
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: placement.DOMAIN
+ path:
+ default: /
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ api:
+ default: 8778
+ # public: 443
+ dashboard:
+ name: horizon
+ hosts:
+ default: horizon-int
+ public: horizon
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: dashboard.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ web:
+ default: 80
+ # public: 443
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ # substitutions:
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh_infra.kibana.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh_infra.grafana.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .dns.ingress_domain
+ # dest:
+ # path: .osh_infra.nagios.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh_infra.kibana.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh_infra.grafana.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: deckhand/Certificate/v1
+ # name: ingress-crt
+ # path: .
+ # dest:
+ # path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
+ # - src:
+ # schema: deckhand/CertificateAuthority/v1
+ # name: ingress-ca
+ # path: .
+ # dest:
+ # path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
+ # - src:
+ # schema: deckhand/CertificateKey/v1
+ # name: ingress-key
+ # path: .
+ # dest:
+ # path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+ # path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .ldap.base_url
+ # dest:
+ # path: .osh_infra.ldap.host_fqdn_override.public.host
+ # pattern: DOMAIN
+ # - src:
+ # schema: pegleg/CommonAddresses/v1
+ # name: common-addresses
+ # path: .ldap.auth_path
+ # dest:
+ # path: .osh_infra.ldap.path.default
+ # pattern: AUTH_PATH
+data:
+ osh_infra:
+ elasticsearch:
+ name: elasticsearch
+ namespace: osh-infra
+ hosts:
+ data: elasticsearch-data
+ default: elasticsearch-logging
+ discovery: elasticsearch-discovery
+ public: elasticsearch
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ http:
+ default: 80
+ prometheus_elasticsearch_exporter:
+ namespace: null
+ hosts:
+ default: elasticsearch-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9108
+ fluentd:
+ namespace: osh-infra
+ name: fluentd
+ hosts:
+ default: fluentd-logging
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ service:
+ default: 24224
+ metrics:
+ default: 24220
+ prometheus_fluentd_exporter:
+ namespace: osh-infra
+ hosts:
+ default: fluentd-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9309
+ oslo_db:
+ namespace: osh-infra
+ hosts:
+ default: mariadb
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ grafana:
+ name: grafana
+ namespace: osh-infra
+ hosts:
+ default: grafana-dashboard
+ public: grafana
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: grafana.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ grafana:
+ default: 3000
+ # public: 443
+ monitoring:
+ name: prometheus
+ namespace: osh-infra
+ hosts:
+ default: prom-metrics
+ public: prometheus
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9090
+ public: 80
+ kibana:
+ name: kibana
+ namespace: osh-infra
+ hosts:
+ default: kibana-dash
+ public: kibana
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: kibana.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ # public: "https"
+ port:
+ kibana:
+ default: 5601
+ # public: 443
+ alerts:
+ name: alertmanager
+ namespace: osh-infra
+ hosts:
+ default: alerts-engine
+ public: alertmanager
+ discovery: alertmanager-discovery
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9093
+ public: 80
+ mesh:
+ default: 6783
+ kube_state_metrics:
+ namespace: kube-system
+ hosts:
+ default: kube-state-metrics
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ http:
+ default: 8080
+ kube_scheduler:
+ scheme:
+ default: "http"
+ path:
+ default: /metrics
+ kube_controller_manager:
+ scheme:
+ default: "http"
+ path:
+ default: /metrics
+ node_metrics:
+ namespace: kube-system
+ hosts:
+ default: node-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9100
+ prometheus_port:
+ default: 9100
+ prometheus_openstack_exporter:
+ namespace: openstack
+ hosts:
+ default: openstack-metrics
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ exporter:
+ default: 9103
+ nagios:
+ name: nagios
+ namespace: osh-infra
+ hosts:
+ default: nagios-metrics
+ public: nagios
+ host_fqdn_override:
+ default: null
+ # public:
+ # host: nagios.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: http
+ # public: https
+ port:
+ http:
+ default: 80
+ # public: 443
+ ldap:
+ hosts:
+ default: ldap
+ host_fqdn_override:
+ default: null
+ public:
+ host: DOMAIN
+ path:
+ default: /AUTH_PATH
+ scheme:
+ default: "ldap"
+ port:
+ ldap:
+ default: 389
+...
--- /dev/null
+---
+# The purpose of this file is to define the account catalog for the site. This
+# mostly contains service usernames, but also contain some information which
+# should be changed like the region (site) name.
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ ucp:
+ postgres:
+ admin:
+ username: postgres
+ oslo_db:
+ admin:
+ username: root
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ oslo_db:
+ username: keystone
+ database: keystone
+ promenade:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: promenade
+ drydock:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: drydock
+ postgres:
+ username: drydock
+ database: drydock
+ shipyard:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: shipyard
+ postgres:
+ username: shipyard
+ database: shipyard
+ airflow:
+ postgres:
+ username: airflow
+ database: airflow
+ oslo_messaging:
+ username: rabbitmq
+ maas:
+ admin:
+ username: admin
+ email: none@none
+ postgres:
+ username: maas
+ database: maasdb
+ barbican:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: barbican
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ armada:
+ keystone:
+ project_domain_name: default
+ user_domain_name: default
+ project_name: service
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ user_domain_name: default
+ username: armada
+ deckhand:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: deckhand
+ postgres:
+ username: deckhand
+ database: deckhand
+ ceph:
+ swift:
+ keystone:
+ role: admin
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.keystone.admin.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.cinder.cinder.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.glance.glance.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_trustee.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_stack_user.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.swift.keystone.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.neutron.neutron.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.nova.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.placement.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.barbican.barbican.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.barbican.barbican.region_name
+data:
+ osh:
+ keystone:
+ admin:
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: keystone
+ database: keystone
+ oslo_messaging:
+ admin:
+ username: keystone-rabbitmq-admin
+ keystone:
+ username: keystone-rabbitmq-user
+ ldap:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ username: "test@ldap.example.com"
+ cinder:
+ cinder:
+ role: admin
+ username: cinder
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: cinder
+ database: cinder
+ oslo_messaging:
+ admin:
+ username: cinder-rabbitmq-admin
+ cinder:
+ username: cinder-rabbitmq-user
+ glance:
+ glance:
+ role: admin
+ username: glance
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: glance
+ database: glance
+ oslo_messaging:
+ admin:
+ username: glance-rabbitmq-admin
+ glance:
+ username: glance-rabbitmq-user
+ ceph_object_store:
+ username: glance
+ heat:
+ heat:
+ role: admin
+ username: heat
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_trustee:
+ role: admin
+ username: heat-trust
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_stack_user:
+ role: admin
+ username: heat-domain
+ domain_name: heat
+ oslo_db:
+ username: heat
+ database: heat
+ oslo_messaging:
+ admin:
+ username: heat-rabbitmq-admin
+ heat:
+ username: heat-rabbitmq-user
+ swift:
+ keystone:
+ role: admin
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ admin:
+ username: root
+ neutron:
+ neutron:
+ role: admin
+ username: neutron
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: neutron
+ database: neutron
+ oslo_messaging:
+ admin:
+ username: neutron-rabbitmq-admin
+ neutron:
+ username: neutron-rabbitmq-user
+ nova:
+ nova:
+ role: admin
+ username: nova
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ placement:
+ role: admin
+ username: placement
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: nova
+ database: nova
+ oslo_db_api:
+ username: nova
+ database: nova_api
+ oslo_db_cell0:
+ username: nova
+ database: "nova_cell0"
+ oslo_messaging:
+ admin:
+ username: nova-rabbitmq-admin
+ nova:
+ username: nova-rabbitmq-user
+ horizon:
+ oslo_db:
+ username: horizon
+ database: horizon
+ barbican:
+ barbican:
+ role: admin
+ username: barbican
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ admin:
+ username: barbican-rabbitmq-admin
+ barbican:
+ username: barbican-rabbitmq-user
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh_infra.prometheus_openstack_exporter.user.region_name
+data:
+ osh_infra:
+ grafana:
+ admin:
+ username: grafana
+ oslo_db:
+ username: grafana
+ database: grafana
+ oslo_db_session:
+ username: grafana_session
+ database: grafana_session
+ elasticsearch:
+ admin:
+ username: elasticsearch
+ kibana:
+ admin:
+ username: kibana
+ oslo_db:
+ admin:
+ username: root
+ prometheus_openstack_exporter:
+ user:
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ nagios:
+ admin:
+ username: nagios
+ ldap:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ bind: "test@ldap.example.com"
+...
--- /dev/null
+---
+# This file defines the "full-site" armada manifest and should not need to
+# change for new sites.
+# #GLOBAL-CANDIDATE#
+schema: armada/Manifest/v1
+metadata:
+ schema: metadata/Document/v1
+ name: full-site
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: full-site-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ release_prefix: airship
+ chart_groups:
+ - kubernetes-proxy
+ - kubernetes-container-networking
+ - kubernetes-dns
+ - kubernetes-etcd
+ - kubernetes-haproxy
+ - kubernetes-core
+ - ingress-kube-system
+ - ucp-ceph-update
+ - ucp-ceph-config
+ - ucp-core
+ - ucp-keystone
+ - ucp-divingbell
+ - ucp-armada
+ - ucp-deckhand
+ - ucp-drydock
+ - ucp-promenade
+ - ucp-shipyard
+ - osh-infra-ingress-controller
+ - osh-infra-ceph-config
+ - osh-infra-logging
+ - osh-infra-monitoring
+ - osh-infra-mariadb
+ - osh-infra-dashboards
+ - openstack-ingress-controller
+ - openstack-ceph-config
+ - openstack-mariadb
+ - openstack-memcached
+ - openstack-keystone
+ - openstack-radosgw
+ - openstack-glance
+ - openstack-cinder
+ - openstack-compute-kit
+ - openstack-heat
+ - osh-infra-prometheus-openstack-exporter
+ - openstack-horizon
+...
--- /dev/null
+---
+schema: promenade/KubernetesNetwork/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-network
+ layeringDefinition:
+ abstract: false
+ layer: type
+ storagePolicy: cleartext
+ substitutions:
+ # DNS
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.cluster_domain
+ dest:
+ path: .dns.cluster_domain
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.service_ip
+ dest:
+ path: .dns.service_ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers
+ dest:
+ path: .dns.upstream_servers
+
+ # Kubernetes IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.api_service_ip
+ dest:
+ path: .kubernetes.service_ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .kubernetes.pod_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .kubernetes.service_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.apiserver_port
+ dest:
+ path: .kubernetes.apiserver_port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.haproxy_port
+ dest:
+ path: .kubernetes.haproxy_port
+
+ # etcd IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .etcd.container_port
+ dest:
+ path: .etcd.container_port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .etcd.haproxy_port
+ dest:
+ path: .etcd.haproxy_port
+
+ # proxy
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .proxy.http
+ dest:
+ path: .proxy.url
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .proxy.no_proxy
+ dest:
+ path: .proxy.additional_no_proxy
+
+data:
+ dns:
+ bootstrap_validation_checks:
+ - calico-etcd.kube-system.svc.cluster.local
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - kubernetes.default.svc.cluster.local
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: i40evf_blacklist
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+data:
+ signaling: false
+ node_filter:
+ filter_set_type: 'union'
+ filter_set:
+ - filter_type: 'union'
+ assets:
+ - path: /etc/modprobe.d/sriov_blacklist.conf
+ type: file
+ permissions: '644'
+ data_pipeline:
+ - utf8_decode
+ data: |
+ blacklist i40evf
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: calico-ip-rules
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_POD_CIDR
+data:
+ signaling: false
+ assets:
+ - path: /etc/systemd/system/configure-ip-rules.service
+ type: unit
+ permissions: '444'
+ data: |-
+ [Unit]
+ Description=IP Rules Initialization Service
+ After=network-online.target local-fs.target
+
+ [Service]
+ Type=simple
+ ExecStart=/opt/configure-ip-rules.sh -g {{yaml.networks.ksn.vrrp_ip}} -c {{yaml.kubernetes.pod_cidr}} -s {{yaml.networks.ksn.additional_cidrs | first}}
+
+ [Install]
+ WantedBy=multi-user.target
+ data_pipeline:
+ - utf8_decode
+ - path: /opt/configure-ip-rules.sh
+ type: file
+ permissions: '700'
+ data_pipeline:
+ - utf8_decode
+ data: |-
+ #!/bin/bash
+ set -ex
+
+ function usage() {
+ cat <<EOU
+ Options are:
+
+ -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. {{yaml.kubernetes.pod_cidr}}
+ -i INTERFACE The interface for internal pod traffic, e.g. bond1.2006
+ -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+ INTERFACE. It is used to provide a work around when
+ complete Calico routes cannot be received via BGP.
+ e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
+ -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+ e.g. 135.21.99.192/29
+ EOU
+ }
+
+ SERVICE_CIDR=
+ OVERLAP_CIDR=
+
+ while getopts ":c:hi:o:s:" o; do
+ case "${o}" in
+ c)
+ POD_CIDR=${OPTARG}
+ ;;
+ h)
+ usage
+ exit 0
+ ;;
+ i)
+ INTERFACE=${OPTARG}
+ ;;
+ o)
+ OVERLAP_CIDR=${OPTARG}
+ ;;
+ s)
+ SERVICE_CIDR=${OPTARG}
+ ;;
+ \?)
+ echo "Unknown option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ :)
+ echo "Missing argument for option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ *)
+ echo "Unimplemented option: -${OPTARG}" >&2
+ exit 1
+ ;;
+ esac
+ done
+ shift $((OPTIND-1))
+
+ if [ "x$POD_CIDR" == "x" ]; then
+ echo "Missing pod CIDR, e.g -c {{yaml.kubernetes.pod_cidr}}" >&2
+ usage
+ exit 1
+ fi
+
+ if [ "x$INTERFACE" == "x" ]; then
+ echo "Missing interface, e.g. -i bond1.2006" >&2
+ usage
+ exit 1
+ fi
+
+ while ! ip route list dev "${INTERFACE}" > /dev/null; do
+ echo Waiting for device "${INTERFACE}" to be ready. >&2
+ sleep 5
+ done
+
+ intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+
+ TABLE="1500"
+
+ # Setup a routing table for traffic from service IPs
+ ip route flush table "${TABLE}"
+ ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+ if [ "x$OVERLAP_CIDR" != "x" ]; then
+ # NOTE(mb874d): This is a work-around for nodes not receiving complete
+ # routes via BGP. It may also be required for brownfield large sites.
+ ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+ fi
+
+ if [ "x$SERVICE_CIDR" != "x" ]; then
+ # Traffic from the service IPs to pods should use the pod network.
+ ip rule add \
+ from "${SERVICE_CIDR}" \
+ to "${POD_CIDR}" \
+ lookup main \
+ pref 10000
+ # Other traffic from service IPs should only use the VRRP IP
+ ip rule add \
+ from "${SERVICE_CIDR}" \
+ lookup "${TABLE}" \
+ pref 10100
+ fi
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: promjoin
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+data:
+ signaling: false
+ node_filter:
+ filter_set_type: 'union'
+ filter_set:
+ - filter_type: 'union'
+ node_names:
+{% for server in yaml.masters %}
+ - '{{server.name}}'
+{% endfor %}
+{% if 'workers' in yaml %}{% for server in yaml.workers %}
+ - '{{server.name}}'
+{% endfor %}{% endif %}
+{% raw %} # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
+ assets:
+ - path: /opt/promjoin.sh
+ type: file
+ permissions: '555'
+ # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
+ # you should use to contact kubernetes in the case below, this is cab24_mgmt
+ location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+ location_pipeline:
+ - template
+ data_pipeline:
+ - utf8_decode
+ - path: /lib/systemd/system/promjoin.service
+ type: unit
+ permissions: '600'
+ data: |-
+ W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
+ PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
+ cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
+ cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
+ data_pipeline:
+ - base64_decode
+ - utf8_decode
+{% endraw %}
+...
--- /dev/null
+{% for server in yaml.masters %}
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: {{server.name}}
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ host_profile: ControlPlane
+ # the hostname for a server, could be used in multiple DNS domains to
+ # represent different interfaces
+ addressing:
+ # Which network the address applies to. If a network appears in addressing
+ # that isn't assigned to an interface, design validation will fail
+ - network: oob
+ address: {{server.oob}}
+ - network: pxe
+ # The address assigned. Either a explicit IPv4 or IPv6 address
+ # or dhcp or slaac
+ address: {{server.pxe}}
+ - network: oam
+ address: {{server.host}}
+ - network: storage
+ address: {{server.storage}}
+ - network: overlay
+ address: {{server.neutron}}
+ - network: calico
+ address: {{server.ksn}}
+ metadata:
+ rack: RACK01
+ tags:
+ - 'masters'
+{% endfor %}
+{% if 'workers' in yaml %}{% for server in yaml.workers %}
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: {{server.name}}
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ host_profile: ComputePlane
+ # the hostname for a server, could be used in multiple DNS domains to
+ # represent different interfaces
+ addressing:
+ # Which network the address applies to. If a network appears in addressing
+ # that isn't assigned to an interface, design validation will fail
+ - network: oob
+ address: {{server.oob}}
+ - network: pxe
+ # The address assigned. Either a explicit IPv4 or IPv6 address
+ # or dhcp or slaac
+ address: {{server.pxe}}
+ - network: oam
+ address: {{server.host}}
+ - network: storage
+ address: {{server.storage}}
+ - network: overlay
+ address: {{server.neutron}}
+ - network: calico
+ address: {{server.ksn}}
+ metadata:
+ rack: RACK01
+ tags:
+ - 'workers'
+{% endfor %}{% endif %}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
+ etcd:
+ service_ip: 10.96.232.136
+
+ dns:
+ cluster_domain: cluster.local
+ service_ip: 10.96.0.10
+ upstream_servers:
+{% for server in yaml.dns.upstream_servers %}
+ - {{server}}
+{% endfor %}
+ upstream_servers_joined: '{{yaml.dns.upstream_servers|batch(2)|first|join(',')}}'
+ ingress_domain: {{yaml.dns.ingress_domain}}
+ genesis:
+ hostname: {{yaml.genesis.name}}
+ ip: {{yaml.genesis.ksn}}
+
+ bootstrap:
+ ip: {{yaml.genesis.pxe}}
+
+ kubernetes:
+ api_service_ip: {{yaml.kubernetes.api_service_ip}}
+ etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
+ pod_cidr: {{yaml.kubernetes.pod_cidr}}
+ service_cidr: {{yaml.kubernetes.service_cidr}}
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ masters:
+{% for master in yaml.masters %}
+ - hostname: {{master.name}}
+{% endfor %}
+
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+ maas_proxy: 31800 # hardcoded in MAAS
+ shipyard_api: 30003
+ airflow_web: 30004
+
+ ntp:
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
+
+ # Used for FQDN setup/definition
+ domain:
+ url: {{yaml.site_name}}.lab.akraino.org
+
+ ldap:
+ base_url: 'its-a-ldap.example.com'
+ url: 'ldap://its-a-ldap.example.com'
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ common_name: AP-NC_Test_Users
+ subdomain: testitservices
+ domain: example
+
+ storage:
+ ceph:
+ public_cidr: '{{yaml.networks.storage.cidr}}'
+ cluster_cidr: '{{yaml.networks.storage.cidr}}'
+
+ neutron:
+ tunnel_device: '{{yaml.networks.neutron.interface}}'
+ external_iface: '{{yaml.networks.primary}}'
+
+ openvswitch:
+ external_iface: '{{yaml.networks.primary}}'
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ labels:
+ noconfig: enabled
+ bonding:
+ mode: disabled
+ mtu: 9000
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: oob
+ allowed_networks:
+ - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ cidr: {{yaml.networks.oob.cidr}}
+ routes:
+ - subnet: '0.0.0.0/0'
+ gateway: {{yaml.networks.oob.routes.gateway}}
+ ranges:
+ - type: static
+ start: {{yaml.networks.oob.ranges.static.start}}
+ end: {{yaml.networks.oob.ranges.static.end}}
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: pxe
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 9000
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: pxe
+ allowed_networks:
+ - pxe
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: pxe
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ cidr: {{yaml.networks.pxe.cidr}}
+ routes:
+ - subnet: '0.0.0.0/0'
+ gateway: {{yaml.networks.pxe.routes.gateway}}
+ ranges:
+ - type: reserved
+ start: {{yaml.networks.pxe.ranges.reserved.start}}
+ end: {{yaml.networks.pxe.ranges.reserved.end}}
+ - type: static
+ start: {{yaml.networks.pxe.ranges.static.start}}
+ end: {{yaml.networks.pxe.ranges.static.end}}
+ - type: dhcp
+ start: {{yaml.networks.pxe.ranges.dhcp.start}}
+ end: {{yaml.networks.pxe.ranges.dhcp.end}}
+ dns:
+ domain: {% if 'dns' in yaml.networks.pxe and 'domain' in yaml.networks.pxe.dns %}{{yaml.networks.pxe.dns.domain}}
+ {% else %}{{yaml.dns.domain}}
+ {% endif %}
+ servers: '{% if 'dns' in yaml.networks.pxe %}{{yaml.networks.pxe.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: bond0
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+{% if yaml.networks.bonded %}
+ mode: 802.3ad
+ hash: layer3+4
+ peer_rate: fast
+ mon_rate: 100
+ up_delay: 1000
+ down_delay: 3000
+{% else %}
+ mode: disabled
+{% endif %}
+ mtu: 9000
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ allowed_networks:
+ - oam
+ - storage
+ - overlay
+ - calico
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oam
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vlan: '{{yaml.networks.host.vlan}}'
+ mtu: 9000
+ cidr: {{yaml.networks.host.cidr}}
+ routes:
+ - subnet: '0.0.0.0/0'
+ gateway: {{yaml.networks.host.routes.gateway}}
+ ranges:
+ - type: reserved
+ start: {{yaml.networks.host.ranges.reserved.start}}
+ end: {{yaml.networks.host.ranges.reserved.end}}
+ - type: static
+ start: {{yaml.networks.host.ranges.static.start}}
+ end: {{yaml.networks.host.ranges.static.end}}
+ dns:
+ domain: {% if 'dns' in yaml.networks.host and 'domain' in yaml.networks.host.dns %}{{yaml.networks.host.dns.domain}}
+ {% else %}{{yaml.dns.domain}}
+ {% endif %}
+ servers: '{% if 'dns' in yaml.networks.host %}{{yaml.networks.host.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: storage
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vlan: '{{yaml.networks.storage.vlan}}'
+ mtu: 9000
+ cidr: {{yaml.networks.storage.cidr}}
+ ranges:
+ - type: static
+ start: {{yaml.networks.storage.ranges.static.start}}
+ end: {{yaml.networks.storage.ranges.static.end}}
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: overlay
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vlan: '{{yaml.networks.neutron.vlan}}'
+ mtu: 9000
+ cidr: {{yaml.networks.neutron.cidr}}
+ ranges:
+ - type: static
+ start: {{yaml.networks.neutron.ranges.static.start}}
+ end: {{yaml.networks.neutron.ranges.static.end}}
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: calico
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vlan: '{{yaml.networks.ksn.vlan}}'
+ mtu: 9000
+ cidr: {{yaml.networks.ksn.cidr}}
+ ranges:
+ - type: static
+ start: {{yaml.networks.ksn.ranges.static.start}}
+ end: {{yaml.networks.ksn.ranges.static.end}}
+...
+
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ - {{yaml.kubernetes.api_service_ip}}
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+ - document_name: kubelet-genesis
+ common_name: system:node:{{yaml.genesis.name}}
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ groups:
+ - system:nodes
+ - document_name: kubelet-{{yaml.genesis.name}}
+ common_name: system:node:{{yaml.genesis.name}}
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ groups:
+ - system:nodes
+{% for server in yaml.masters %}
+ - document_name: kubelet-{{ server.name }}
+ common_name: system:node:{{ server.name }}
+ hosts:
+ - {{server.name}}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ groups:
+ - system:nodes
+{% endfor %}
+{% if 'workers' in yaml %}{% for server in yaml.workers %}
+ - document_name: kubelet-{{ server.name }}
+ common_name: system:node:{{ server.name }}
+ hosts:
+ - {{server.name}}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ groups:
+ - system:nodes
+{% endfor %}{% endif %}
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+ - document_name: kubernetes-etcd-{{yaml.genesis.name}}
+ common_name: kubernetes-etcd-{{yaml.genesis.name}}
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+{% for server in yaml.masters %}
+ - document_name: kubernetes-etcd-{{ server.name }}
+ common_name: kubernetes-etcd-{{ server.name }}
+ hosts:
+ - {{ server.name }}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+{% endfor %}
+ kubernetes-etcd-peer:
+ certificates:
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+ - document_name: kubernetes-etcd-{{yaml.genesis.name}}-peer
+ common_name: kubernetes-etcd-{{yaml.genesis.name}}-peer
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+{% for server in yaml.masters %}
+ - document_name: kubernetes-etcd-{{server.name}}-peer
+ common_name: kubernetes-etcd-{{server.name}}-peer
+ hosts:
+ - {{server.name}}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - {{yaml.kubernetes.etcd_service_ip}}
+{% endfor %}
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: calico-etcd-{{yaml.genesis.name}}
+ common_name: calico-etcd-{{yaml.genesis.name}}
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+{% for server in yaml.masters %}
+ - document_name: calico-etcd-{{server.name}}
+ common_name: calico-etcd-{{server.name}}
+ hosts:
+ - {{server.name}}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+{% endfor %}
+ - document_name: calico-node
+ common_name: calcico-node
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ - document_name: calico-etcd-{{yaml.genesis.name}}-peer
+ common_name: calico-etcd-{{yaml.genesis.name}}-peer
+ hosts:
+ - {{yaml.genesis.name}}
+ - {{yaml.genesis.host}}
+ - {{yaml.genesis.ksn}}
+ - {{yaml.genesis.pxe}}
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+{% for server in yaml.masters %}
+ - document_name: calico-etcd-{{server.name}}-peer
+ common_name: calico-etcd-{{server.name}}-peer
+ hosts:
+ - {{server.name}}
+ - {{server.host}}
+ - {{server.ksn}}
+ - {{server.pxe}}
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+{% endfor %}
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: DELL_HP_Generic
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vendor: {{yaml.hardware.vendor}}
+ generation: '{{yaml.hardware.generation}}'
+ hw_version: '{{yaml.hardware.hw_version}}'
+ bios_version: '{{yaml.hardware.bios_version}}'
+ boot_mode: bios
+ bootstrap_protocol: pxe
+ pxe_interface: 0
+ device_aliases: {}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ComputePlane
+ storagePolicy: cleartext
+ labels:
+ hosttype: ComputePlane
+ layeringDefinition:
+ abstract: false
+ layer: site
+ substitutions:
+ - dest:
+ path: .oob.credential
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ipmi_admin_password
+ path: .
+data:
+ hardware_profile: DELL_HP_Generic
+ oob:
+ type: 'ipmi'
+ network: 'oob'
+ account: '{{yaml.ipmi_admin.username}}'
+ primary_network: 'oam'
+ hardware_profile: DELL_HP_Generic
+ interfaces:
+ pxe:
+ device_link: pxe
+ slaves:
+ - '{{yaml.networks.pxe.interface}}'
+ networks:
+ - 'pxe'
+ bond0:
+ device_link: bond0
+ slaves:
+{% for slave in yaml.networks.slaves %}
+ - '{{ slave.name }}'
+{% endfor %}
+ networks:
+ - 'oam'
+ - 'storage'
+ - 'overlay'
+ - 'calico'
+ p1p1:
+ slaves:
+ - 'sriov_nic01'
+ sriov:
+ vf_count: 32 # Currently ignored
+ trustedmode: false
+ p3p2:
+ slaves:
+ - 'sriov_nic02'
+ sriov:
+ vf_count: 32 # Currently ignored
+ trustedmode: false
+ storage:
+ physical_devices:
+{% for disk in yaml.disks_compute %}
+ {{disk.name}}:
+ {% if 'labels' in disk %}
+ labels:
+ {% for key, value in disk.labels.items() %}
+ {{key}}: '{{value}}'
+ {% endfor %}
+ {% endif %}
+ partitions:
+ {% for p in disk.partitions %}
+ - name: '{{p.name}}'
+ size: '{{p.size}}'
+ filesystem:
+ mountpoint: '{{p.mountpoint}}'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ {% endfor %}
+{% endfor %}
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ console: 'ttyS1,115200n8'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ transparent_hugepage: 'never'
+ hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ hugepages: 'hardwareprofile:hugepages.dpdk.count'
+ default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ isolcpus: 'hardwareprofile:cpuset.kvm'
+ metadata:
+ owner_data:
+ openstack-nova-compute: enabled
+ openvswitch: enabled
+ openstack-libvirt: kernel
+ sriov: enabled
+ beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ControlPlane
+ storagePolicy: cleartext
+ labels:
+ hosttype: ControlPlane
+ layeringDefinition:
+ abstract: false
+ layer: site
+ substitutions:
+ - dest:
+ path: .oob.credential
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ipmi_admin_password
+ path: .
+data:
+ oob:
+ type: 'ipmi'
+ network: 'oob'
+ account: '{{yaml.ipmi_admin.username}}'
+ primary_network: 'oam'
+ hardware_profile: DELL_HP_Generic
+ interfaces:
+ pxe:
+ device_link: pxe
+ slaves:
+ - '{{yaml.networks.pxe.interface}}'
+ networks:
+ - 'pxe'
+ bond0:
+ device_link: bond0
+ slaves:
+{% for slave in yaml.networks.slaves %}
+ - '{{ slave.name }}'
+{% endfor %}
+ networks:
+ - 'oam'
+ - 'storage'
+ - 'overlay'
+ - 'calico'
+ p1p1:
+ slaves:
+ - 'sriov_nic01'
+ sriov:
+ vf_count: 32 # Currently ignored
+ trustedmode: false
+ p3p2:
+ slaves:
+ - 'sriov_nic02'
+ sriov:
+ vf_count: 32 # Currently ignored
+ trustedmode: false
+ storage:
+ physical_devices:
+{% for disk in yaml.disks %}
+ {{disk.name}}:
+ {% if 'labels' in disk %}
+ labels:
+ {% for key, value in disk.labels.items() %}
+ {{key}}: '{{value}}'
+ {% endfor %}
+ {% endif %}
+ partitions:
+ {% for p in disk.partitions %}
+ - name: '{{p.name}}'
+ size: '{{p.size}}'
+ filesystem:
+ mountpoint: '{{p.mountpoint}}'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ {% endfor %}
+{% endfor %}
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ console: 'ttyS1,115200n8'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ transparent_hugepage: 'never'
+ hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ hugepages: 'hardwareprofile:hugepages.dpdk.count'
+ default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ isolcpus: 'hardwareprofile:cpuset.kvm'
+ metadata:
+ owner_data:
+ control-plane: enabled
+ ucp-control-plane: enabled
+ openstack-control-plane: enabled
+ openstack-heat: enabled
+ openstack-keystone: enabled
+ openstack-rabbitmq: enabled
+ openstack-dns-helper: enabled
+ openstack-mariadb: enabled
+ openstack-nova-control: enabled
+ openstack-etcd: enabled
+ openstack-mistral: enabled
+ openstack-memcached: enabled
+ openstack-glance: enabled
+ openstack-horizon: enabled
+ openstack-cinder-control: enabled
+ openstack-cinder-volume: control
+ openstack-neutron: enabled
+ openstack-libvirt: kernel
+ openvswitch: enabled
+ openstack-nova-compute: enabled
+ ucp-barbican: enabled
+ ceph-bootstrap: enabled
+ ceph-mon: enabled
+ ceph-mgr: enabled
+ ceph-osd: enabled
+ ceph-mds: enabled
+ ceph-rgw: enabled
+ ucp-maas: enabled
+ kube-dns: enabled
+ kubernetes-apiserver: enabled
+ kubernetes-controller-manager: enabled
+ kubernetes-etcd: enabled
+ kubernetes-scheduler: enabled
+ tiller-helm: enabled
+ kube-etcd: enabled
+ calico-policy: enabled
+ calico-node: enabled
+ calico-etcd: enabled
+ ucp-armada: enabled
+ ucp-drydock: enabled
+ ucp-deckhand: enabled
+ ucp-shipyard: enabled
+ IAM: enabled
+ ucp-promenade: enabled
+ prometheus-server: enabled
+ prometheus-client: enabled
+ fluentd: enabled
+ influxdb: enabled
+ kibana: enabled
+ elasticsearch-client: enabled
+ elasticsearch-master: enabled
+ elasticsearch-data: enabled
+ postgresql: enabled
+ kube-ingress: enabled
+ sriov: enabled
+ beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: 'drydock/Region/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: {{yaml.site_name}}
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .authorized_keys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: localadmin_ssh_public_key
+ path: .
+data:
+ tag_definitions: []
+ authorized_keys: []
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ipmi_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: '{{yaml.ipmi_admin.password}}'
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: localadmin_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: {{yaml.genesis_ssh_public_key}}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: pegleg/SiteDefinition/v1
+metadata:
+ schema: metadata/Document/v1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: {{yaml.site_name}}
+ storagePolicy: cleartext
+data:
+ revision: v4.0
+ site_type: foundry
+...
--- /dev/null
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: kubernetes-calico
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ networking:
+ settings:
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ mesh: "off"
+{% else %}
+ mesh: "on"
+{% endif %}
+ ippool:
+ ipip:
+ enabled: "false"
+ mode: "cross-subnet"
+ bgp:
+ asnumber: {{yaml.networks.ksn.local_asnumber}}
+ ipv4:
+ additional_cidrs:
+{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
+ - {{add_cidr}}
+{% endfor %}
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ peers:
+{% for peer in yaml.networks.ksn.peers %}
+ - apiVersion: v1
+ kind: bgpPeer
+ metadata:
+ peerIP: {{peer.ip}}
+ scope: {{peer.scope}}
+ spec:
+ asnumber: {{peer.asnumber}}
+{% endfor %}
+{% endif %}
+...
+
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.calico.etcd
+ dest:
+ path: .source
+
+ # Image versions
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.calico.etcd
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.etcd.service_ip
+ dest:
+ path: .values.service.ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.etcd.service_ip
+ dest:
+ path: .values.anchor.etcdctl_endpoint
+
+ # CAs
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: calico-etcd
+ path: .
+ dest:
+ path: .values.secrets.tls.client.ca
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: calico-etcd-peer
+ path: .
+ dest:
+ path: .values.secrets.tls.peer.ca
+
+ # Anchor client cert
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.key
+
+ # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[{{count[0]}}].hostname
+ dest:
+ path: .values.nodes[{{count[0]}}].name
+ {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[{{count[0]}}].name
+
+ # Server certs
+{% set count = [0] %}
+{% for server in yaml.masters %}
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.key
+ {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+
+ # NOTE(mb874d): Be sure we generate these certs for genesis.
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{yaml.genesis.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{yaml.genesis.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{yaml.genesis.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{yaml.genesis.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.key
+
+data:
+ values:
+ manifests:
+ test_etcd_health: false
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+
+ # Chart source
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .charts.kubernetes.etcd
+ dest:
+ path: .source
+
+ # Images
+ - src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .images.kubernetes.etcd
+ dest:
+ path: .values.images.tags
+
+ # IP addresses
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.etcd_service_ip
+ dest:
+ path: .values.service.ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.etcd_service_ip
+ dest:
+ path: .values.anchor.etcdctl_endpoint
+
+ # CAs
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes-etcd
+ path: .
+ dest:
+ path: .values.secrets.tls.client.ca
+ - src:
+ schema: deckhand/CertificateAuthority/v1
+ name: kubernetes-etcd-peer
+ path: .
+ dest:
+ path: .values.secrets.tls.peer.ca
+
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-anchor
+ path: .
+ dest:
+ path: .values.secrets.anchor.tls.key
+
+ # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[{{count[0]}}].hostname
+ dest:
+ path: .values.nodes[{{count[0]}}].name
+ {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[{{count[0]}}].name
+
+ # Server certs
+{% set count = [0] %}
+{% for server in yaml.masters %}
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.key
+ {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+
+ # Genesis node
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis-peer
+ path: $
+ dest:
+ path: .values.nodes[{{count[0]}}].tls.peer.key
+
+data: {}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ingress-kube-system
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ ingress: kube-system
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: neutron
+ replacement: true
+ labels:
+ component: neutron
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ labels:
+ agent:
+ sriov:
+ node_selector_key: sriov
+ node_selector_value: enabled
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ interface:
+ sriov:
+{% for sriovnet in yaml.sriovnets %}
+ - device: {{sriovnet.interface}}
+ num_vfs: 32
+ promisc: false
+{% endfor %}
+ conf:
+ plugins:
+ openvswitch_agent:
+ ovs:
+ bridge_mappings: bond0:br-bond0
+ sriov_agent:
+ securitygroup:
+ firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ sriov_nic:
+ exclude_devices: null
+ physical_device_mappings: '
+{%- for sriovnet in yaml.sriovnets -%}
+{%- if loop.index > 1 -%}
+,
+{%- endif -%}
+{{sriovnet.physical}}:{{sriovnet.interface}}
+{%- endfor %}'
+ ml2_conf:
+ ml2:
+ mechanism_drivers: l2population,openvswitch,sriovnicswitch
+ ml2_type_vlan:
+ network_vlan_ranges: bond0:46:300
+{%- for sriovnet in yaml.sriovnets -%}
+,{{sriovnet.physical}}:{{sriovnet.vlan_start}}:{{sriovnet.vlan_end}}
+{%- endfor %}
+
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ labels:
+ component: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ nova:
+ filter_scheduler:
+ enabled_filters: "RetryFilter, AvailabilityZoneFilter, RamFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter, NUMATopologyFilter, DifferentHostFilter, SameHostFilter"
+ libvirt:
+ virt_type: kvm
+ DEFAULT:
+ vcpu_pin_set: "4-21,26-43,48-65,72-87"
+ vif_plugging_is_fatal: False
+ vif_plugging_timeout: 30
+ pci:
+# alias: '{ "vendor_id":"10de", "product_id":"1db4", "name":"V100", "device_type":"type-PCI" }'
+# passthrough_whitelist: '{"vendor_id": "10de", "product_id": "1db4"}'
+ alias: '{"name": "numa0", "capability_type": "pci", "product_id": "158b", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}`'
+{% for sriovnet in yaml.sriovnets %}
+ passthrough_whitelist: |
+ [{% for vf in sriovnet.whitelists -%}{"address":"{{vf["address"]}}","physical_network":"{{sriovnet.physical}}"}{% if loop.index < sriovnet.whitelists|length %},{% endif %}{% endfor %}]
+{% endfor %}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ osd: {{yaml.storage.total_osd_count}}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ osd: {{yaml.storage.osd_count}}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+{% for osd in yaml.storage.osds %}
+ - data:
+ type: block-logical
+ location: {{osd.data}}
+ journal:
+ type: directory
+ location: {{osd.journal}}
+{% endfor %}
+...
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-promenade
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-promenade-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ env:
+ promenade_api:
+ - name: no_proxy
+ value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+ - name: NO_PROXY
+ value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+...