##############################################################################
site_name: dellgen10
-site_type: sriov
+site_type: sriov-a13
ipmi_admin:
username: root
password: calvin
end: 192.168.2.86
static:
start: 192.168.2.40
- end: 192.168.2.45
+ end: 192.168.2.49
storage:
vlan: 42
interface: bond0.42
vlan: 44
interface: bond0.44
cidr: 172.29.1.0/24
+ gateway: 172.29.1.1
local_asnumber: 65531
ranges:
+ reserved:
+ start: 172.29.1.1
+ end: 172.29.1.10
static:
- start: 172.29.1.5
+ start: 172.29.1.11
end: 172.29.1.254
additional_cidrs:
- 172.29.1.128/29
- ingress_cidr: 172.29.1.129/32
+ ingress_vip: 172.29.1.129/32
peers:
- ip: 172.29.1.1
scope: global
asnumber: 65001
- vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
+ # keep peers ip address in case of only peer.
+ vrrp_ip: 172.29.1.1
neutron:
vlan: 45
interface: bond0.45
vlan_start: 2001
vlan_end: 3000
whitelists:
- - "address": "0000:87:02.0"
- - "address": "0000:87:02.1"
- - "address": "0000:87:03.2"
- - "address": "0000:87:03.3"
- - "address": "0000:87:03.4"
- - "address": "0000:87:03.5"
- - "address": "0000:87:03.6"
- - "address": "0000:87:03.7"
- - "address": "0000:87:04.0"
- - "address": "0000:87:04.1"
- - "address": "0000:87:04.2"
- - "address": "0000:87:04.3"
- - "address": "0000:87:02.2"
- - "address": "0000:87:04.4"
- - "address": "0000:87:04.5"
- - "address": "0000:87:04.6"
- - "address": "0000:87:04.7"
- - "address": "0000:87:05.0"
- - "address": "0000:87:05.1"
- - "address": "0000:87:05.2"
- - "address": "0000:87:05.3"
- - "address": "0000:87:05.4"
- - "address": "0000:87:05.5"
- - "address": "0000:87:02.3"
- - "address": "0000:87:05.6"
- - "address": "0000:87:05.7"
- - "address": "0000:87:02.4"
- - "address": "0000:87:02.5"
- - "address": "0000:87:02.6"
- - "address": "0000:87:02.7"
- - "address": "0000:87:03.0"
- - "address": "0000:87:03.1"
+ - "address": "0000:87:02.*"
+ - "address": "0000:87:03.*"
+ - "address": "0000:87:04.*"
+ - "address": "0000:87:05.*"
- physical: sriovnet2
interface: enp135s0f1
vlan_start: 2001
vlan_end: 3000
whitelists:
- - "address": "0000:87:0a.0"
- - "address": "0000:87:0a.1"
- - "address": "0000:87:0b.2"
- - "address": "0000:87:0b.3"
- - "address": "0000:87:0b.4"
- - "address": "0000:87:0b.5"
- - "address": "0000:87:0b.6"
- - "address": "0000:87:0b.7"
- - "address": "0000:87:0c.0"
- - "address": "0000:87:0c.1"
- - "address": "0000:87:0c.2"
- - "address": "0000:87:0c.3"
- - "address": "0000:87:0a.2"
- - "address": "0000:87:0c.4"
- - "address": "0000:87:0c.5"
- - "address": "0000:87:0c.6"
- - "address": "0000:87:0c.7"
- - "address": "0000:87:0d.0"
- - "address": "0000:87:0d.1"
- - "address": "0000:87:0d.2"
- - "address": "0000:87:0d.3"
- - "address": "0000:87:0d.4"
- - "address": "0000:87:0d.5"
- - "address": "0000:87:0a.3"
- - "address": "0000:87:0d.6"
- - "address": "0000:87:0d.7"
- - "address": "0000:87:0a.4"
- - "address": "0000:87:0a.5"
- - "address": "0000:87:0a.6"
- - "address": "0000:87:0a.7"
- - "address": "0000:87:0b.0"
- - "address": "0000:87:0b.1"
+ - "address": "0000:87:0a.*"
+ - "address": "0000:87:0b.*"
+ - "address": "0000:87:0c.*"
+ - "address": "0000:87:0d.*"
storage:
osds:
- data: /dev/sda
- journal: /var/lib/ceph/journal/journal-sda
+ journal: /dev/sdh1
- data: /dev/sdb
- journal: /var/lib/ceph/journal/journal-sdb
+ journal: /dev/sdh2
- data: /dev/sdc
- journal: /var/lib/ceph/journal/journal-sdc
+ journal: /dev/sdh3
+ osd_count: 3
+ total_osd_count: 9
+tenant_storage:
+ osds:
- data: /dev/sdd
- journal: /var/lib/ceph/journal/journal-sdd
+ journal: /dev/sdh4
- data: /dev/sde
- journal: /var/lib/ceph/journal/journal-sde
+ journal: /dev/sdh5
- data: /dev/sdf
- journal: /var/lib/ceph/journal/journal-sdf
- osd_count: 6
- total_osd_count: 18
+ journal: /dev/sdh6
+ osd_count: 3
genesis:
name: aknode40
oob: 192.168.41.40
pxe: 172.30.2.41
ksn: 172.29.1.41
neutron: 10.0.102.41
+ oob_user: root
+ oob_password: calvin
- name : aknode42
oob: 192.168.41.42
host: 192.168.2.42
pxe: 172.30.2.42
ksn: 172.29.1.42
neutron: 10.0.102.42
+ oob_user: root
+ oob_password: calvin
#workers:
# - name : aknode43
# oob: 192.168.41.43
generation: '10'
hw_version: '3'
bios_version: '2.8'
- bios_template: dell_r740_g14_uefi_base.xml.template
+ bios_template:
boot_template: dell_r740_g14_uefi_httpboot.xml.template
http_boot_device: NIC.Slot.2-1-1
+ device_aliases:
+ ## network
+ - name: eno3
+ key: pxe_nic01
+ address: '0000:01:00.0'
+ dev_type: 'I350 Gigabit Network Connection'
+ bus_type: 'pci'
+ - name: enp94s0f0
+ key: data_nic01
+ address: '0000:5e:00.0'
+ dev_type: 'Ethernet 10G 2P X520 Adapter'
+ bus_type: 'pci'
+ - name: enp94s0f1
+ key: data_nic02
+ address: '0000:5e:00.1'
+ dev_type: 'Ethernet 10G 2P X520 Adapter'
+ bus_type: 'pci'
+ ## storage - use "dmesg | grep -Pe 'sd \d:\d'" to find address of drives
+ - name: /dev/sdg
+ key: bootdisk
+ address: '0:2.0.0'
+ dev_type: 'PERC H730P'
+ bus_type: 'scsi'
+ - name: /dev/sdh
+ key: cephjournal1
+ address: '0:2.1.0'
+ dev_type: 'PERC H730P'
+ bus_type: 'scsi'
+ - name: /dev/sdi
+ key: cephjournal2
+ address: '0:2.2.0'
+ dev_type: 'PERC H730P'
+ bus_type: 'scsi'
+ - name: /dev/sdj
+ key: ephemeral
+ address: '0:2.3.0'
+ dev_type: 'PERC H730P'
+ bus_type: 'scsi'
+
disks:
- - name : sdg
+# - name : sdg
+ - name : bootdisk
labels:
bootdrive: 'true'
partitions:
- name: root
- size: 20g
+ size: 30g
+ bootable: true
mountpoint: /
- name: boot
size: 1g
mountpoint: /boot
+ - name: var_log
+ size: '100g'
+ mountpoint: /var/log
- name: var
- size: 100g
+ size: '>100g'
mountpoint: /var
- - name : sdh
- partitions:
- - name: ceph
- size: 300g
- mountpoint: /var/lib/ceph/journal
disks_compute:
- - name : sdg
+# - name : sdg
+ - name : bootdisk
labels:
bootdrive: 'true'
partitions:
- name: root
- size: 20g
+ size: 30g
+ bootable: true
mountpoint: /
- name: boot
size: 1g
mountpoint: /boot
+ - name: var_log
+ size: '100g'
+ mountpoint: /var/log
- name: var
- size: '>300g'
+ size: '>100g'
mountpoint: /var
- - name : sdh
+ - name : ephemeral
partitions:
- name: nova
- size: '99%'
+ size: 99%
mountpoint: /var/lib/nova
genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
kubernetes:
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-site_name: hpgen10
-site_type: sriov
-ipmi_admin:
- username: Administrator
- password: Admin123
-networks:
- bonded: yes
- primary: bond0
- slaves:
- - name: ens3f0
- - name: ens3f1
- oob:
- vlan: 40
- interface:
- cidr: 192.168.41.0/24
- routes:
- gateway: 192.168.41.1
- ranges:
- reserved:
- start: 192.168.41.2
- end: 192.168.41.4
- static:
- start: 192.168.41.5
- end: 192.168.41.254
- host:
- vlan: 41
- interface: bond0.41
- cidr: 192.168.2.0/24
- routes:
- gateway: 192.168.2.200
- ranges:
- reserved:
- start: 192.168.2.84
- end: 192.168.2.86
- static:
- start: 192.168.2.1
- end: 192.168.2.83
- storage:
- vlan: 42
- interface: bond0.42
- cidr: 172.31.1.0/24
- ranges:
- static:
- start: 172.31.1.2
- end: 172.31.1.254
- pxe:
- vlan:
- interface: eno1
- cidr: 172.30.1.0/24
- gateway: 172.30.1.1
- routes:
- gateway: 172.30.1.30
- ranges:
- reserved:
- start: 172.30.1.1
- end: 172.30.1.10
- static:
- start: 172.30.1.11
- end: 172.30.1.200
- dhcp:
- start: 172.30.1.201
- end: 172.30.1.254
- ksn:
- vlan: 44
- interface: bond0.44
- cidr: 172.29.1.0/24
- local_asnumber: 65531
- ranges:
- static:
- start: 172.29.1.5
- end: 172.29.1.254
- additional_cidrs:
- - 172.29.1.136/29
- ingress_cidr: 172.29.1.137/32
- peers:
- - ip: 172.29.1.1
- scope: global
- asnumber: 65001
- vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
- neutron:
- vlan: 45
- interface: bond0.45
- cidr: 10.0.101.0/24
- ranges:
- static:
- start: 10.0.101.2
- end: 10.0.101.254
-dns:
- upstream_servers:
- - 192.168.2.85
- - 8.8.8.8
- - 8.8.8.8
- ingress_domain: hpgen10.akraino.org
- domain: lab.akraino.org
-gpu:
- alias:
- - name: "P4"
- product_id: "1bb2"
- vendor_id: "10de"
- - name: "P40"
- product_id: "1b38"
- vendor_id: "10de"
- - name: "P100"
- product_id: "15f8"
- vendor_id: "10de"
- - name: "V100"
- product_id: "1db4"
- vendor_id: "10de"
-sriov:
- alias:
- - name: "numa0"
- product_id: "158b"
- vendor_id: "8086"
- nets:
- - physical: sriovnet1
- interface: ens6f0
- vlan_start: 2001
- vlan_end: 3000
- whitelists:
- - "address": "0000:af:02.0"
- - "address": "0000:af:02.1"
- - "address": "0000:af:02.2"
- - "address": "0000:af:02.3"
- - "address": "0000:af:02.4"
- - "address": "0000:af:02.5"
- - "address": "0000:af:02.6"
- - "address": "0000:af:02.7"
- - "address": "0000:af:03.0"
- - "address": "0000:af:03.1"
- - "address": "0000:af:03.2"
- - "address": "0000:af:03.3"
- - "address": "0000:af:03.4"
- - "address": "0000:af:03.5"
- - "address": "0000:af:03.6"
- - "address": "0000:af:03.7"
- - "address": "0000:af:04.0"
- - "address": "0000:af:04.1"
- - "address": "0000:af:04.2"
- - "address": "0000:af:04.3"
- - "address": "0000:af:04.4"
- - "address": "0000:af:04.5"
- - "address": "0000:af:04.6"
- - "address": "0000:af:04.7"
- - "address": "0000:af:05.0"
- - "address": "0000:af:05.1"
- - "address": "0000:af:05.2"
- - "address": "0000:af:05.3"
- - "address": "0000:af:05.4"
- - "address": "0000:af:05.5"
- - "address": "0000:af:05.6"
- - "address": "0000:af:05.7"
- - physical: sriovnet2
- interface: ens6f1
- vlan_start: 2001
- vlan_end: 3000
- whitelists:
- - "address": "0000:af:0a.0"
- - "address": "0000:af:0a.1"
- - "address": "0000:af:0a.2"
- - "address": "0000:af:0a.3"
- - "address": "0000:af:0a.4"
- - "address": "0000:af:0a.5"
- - "address": "0000:af:0a.6"
- - "address": "0000:af:0a.7"
- - "address": "0000:af:0b.0"
- - "address": "0000:af:0b.1"
- - "address": "0000:af:0b.2"
- - "address": "0000:af:0b.3"
- - "address": "0000:af:0b.4"
- - "address": "0000:af:0b.5"
- - "address": "0000:af:0b.6"
- - "address": "0000:af:0b.7"
- - "address": "0000:af:0c.0"
- - "address": "0000:af:0c.1"
- - "address": "0000:af:0c.2"
- - "address": "0000:af:0c.3"
- - "address": "0000:af:0c.4"
- - "address": "0000:af:0c.5"
- - "address": "0000:af:0c.6"
- - "address": "0000:af:0c.7"
- - "address": "0000:af:0d.0"
- - "address": "0000:af:0d.1"
- - "address": "0000:af:0d.2"
- - "address": "0000:af:0d.3"
- - "address": "0000:af:0d.4"
- - "address": "0000:af:0d.5"
- - "address": "0000:af:0d.6"
- - "address": "0000:af:0d.7"
-storage:
- osds:
- - data: /dev/sdb
- journal: /var/lib/ceph/journal/journal-sdb
- - data: /dev/sdc
- journal: /var/lib/ceph/journal/journal-sdc
- - data: /dev/sdd
- journal: /var/lib/ceph/journal/journal-sdd
- - data: /dev/sde
- journal: /var/lib/ceph/journal/journal-sde
- - data: /dev/sdf
- journal: /var/lib/ceph/journal/journal-sdf
- - data: /dev/sdg
- journal: /var/lib/ceph/journal/journal-sdg
- - data: /dev/sdh
- journal: /var/lib/ceph/journal/journal-sdh
- - data: /dev/sdi
- journal: /var/lib/ceph/journal/journal-sdi
- osd_count: 8
- total_osd_count: 24
-genesis:
- name: aknode30
- oob: 192.168.41.130
- host: 192.168.2.30
- storage: 172.31.1.30
- pxe: 172.30.1.30
- ksn: 172.29.1.30
- neutron: 10.0.101.30
- root_password: akraino,d
- mac_address: 3c:fd:fe:aa:90:b0
-masters:
- - name : aknode31
- oob: 192.168.41.131
- host: 192.168.2.31
- storage: 172.31.1.31
- pxe: 172.30.1.31
- ksn: 172.29.1.31
- neutron: 10.0.101.31
- - name : aknode32
- oob: 192.168.41.132
- host: 192.168.2.32
- storage: 172.31.1.32
- pxe: 172.30.1.32
- ksn: 172.29.1.32
- neutron: 10.0.101.32
-#workers:
-# - name : aknode33
-# oob: 192.168.41.133
-# host: 192.168.2.33
-# storage: 172.31.1.33
-# pxe: 172.30.1.33
-# ksn: 172.29.1.33
-# neutron: 10.0.101.33
-platform:
- vcpu_pin_set: "4-21,26-43,48-65,72-87"
- kernel_params:
- hugepagesz: '1G'
- hugepages: 32
-# default_hugepagesz: '1G'
- transparent_hugepage: 'never'
- iommu: 'pt'
- intel_iommu: 'on'
- amd_iommu: 'on'
-# console: 'ttyS1,115200n8'
-hardware:
- vendor: HP
- generation: '10'
- hw_version: '3'
- bios_version: '2.8'
- bios_template: hpe_dl380_g10_uefi_base.json.template
- boot_template: hpe_dl380_g10_uefi_httpboot.json.template
- http_boot_device: NIC.Slot.3-1-1
-disks:
- - name : sdj
- labels:
- bootdrive: 'true'
- partitions:
- - name: root
- size: 20g
- mountpoint: /
- - name: boot
- size: 1g
- mountpoint: /boot
- - name: var
- size: '>300g'
- mountpoint: /var
- - name : sdk
- partitions:
- - name: ceph
- size: 300g
- mountpoint: /var/lib/ceph/journal
-disks_compute:
- - name : sdj
- labels:
- bootdrive: 'true'
- partitions:
- - name: root
- size: 20g
- mountpoint: /
- - name: boot
- size: 1g
- mountpoint: /boot
- - name: var
- size: '>300g'
- mountpoint: /var
- - name : sdk
- partitions:
- - name: nova
- size: '99%'
- mountpoint: /var/lib/nova
-genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
-kubernetes:
- api_service_ip: 10.96.0.1
- etcd_service_ip: 10.96.0.2
- pod_cidr: 10.99.0.0/16
- service_cidr: 10.96.0.0/14
-regional_server:
- ip: 135.16.101.85
-...
-
--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+# This file defines a boot action for MaaS to deploy the calico-ip-rules script
+# to nodes, register with systemd, and runs the script on all PXE booted nodes.
+# On the genesis node, this is a manual step detailed in deployment documentation.
+
+# NOTE: This is a copy from `aic-clcp-manifests/type/cruiser/v4.0/`, because
+# this is an upstream manifest based on airship-treasuremap, which does not
+# have bgp VIP configuration scripts.
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: calico-ip-rules
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.ip_rule.gateway
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_GATEWAY_IP
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_POD_CIDR
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.bgp.ipv4.public_service_cidr
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_INGRESS_CIDR
+ # Substitution of the configure-ip-rules script into this bootaction
+ - src:
+ schema: pegleg/Script/v1
+ name: configure-ip-rules
+ path: .
+ dest:
+ path: .assets[1].data
+data:
+ signaling: false
+ assets:
+ - path: /etc/systemd/system/configure-ip-rules.service
+ type: unit
+ permissions: '444'
+ data: |-
+ [Unit]
+ Description=IP Rules Initialization Service
+ After=network-online.target local-fs.target
+ [Service]
+ Type=simple
+ ExecStart=/opt/configure-ip-rules.sh -g DH_SUB_GATEWAY_IP -c DH_SUB_POD_CIDR -s DH_SUB_INGRESS_CIDR
+ [Install]
+ WantedBy=multi-user.target
+ data_pipeline:
+ - utf8_decode
+ - path: /opt/configure-ip-rules.sh
+ type: file
+ permissions: '700'
+ data_pipeline:
+ - utf8_decode
+...
--- /dev/null
+---
+# # Drydock BaremetalNode resources for a specific rack are stored in this file.
+# #
+# # NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# # file before working on this file.
+# #
+# # In this file, you should make the number of `drydock/BaremetalNode/v1`
+# # resources equal the number of bare metal nodes you have, either by deleting
+# # excess BaremetalNode definitions (if there are too many), or by copying and
+# # pasting the last BaremetalNode in the file until you have the correct number
+# # of baremetal nodes (if there are too few).
+# #
+# # Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# # the data in these files with the right values for your new site.
+# #
+# # *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# # that the Genesis node does not appear on this bare metal list, because the
+# # procedure to reprovision the Genesis host with MaaS has not yet been
+# # implemented. Therefore there will be only three bare metal nodes in this file
+# # with the 'masters' tag, as the genesis roles are assigned in a difference
+# # place (profiles/genesis.yaml).
+# # NOTE: The host profiles for the control plane are further divided into two
+# # variants: primary and secondary. The only significance this has is that the
+# # "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
+# # standby nodes. For Ceph quorum, this means that the control plane split will
+# # be 3 primary + 1 standby host profile, and the Genesis node counts toward one
+# # of the 3 primary profiles. Other control plane services are not affected by
+# # primary vs secondary designation.
+# #
+# # TODO: Include the hostname naming convention
+# #
+# schema: 'drydock/BaremetalNode/v1'
+# metadata:
+ # schema: 'metadata/Document/v1'
+ # # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+ # # after (excluding) genesis.
+ # name: cab23-r720-12
+ # layeringDefinition:
+ # abstract: false
+ # layer: site
+ # storagePolicy: cleartext
+# data:
+ # # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+ # # node. In the reference Airship deployment, this is all logical Networks defined
+ # # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+ # # (what could possibly go wrong!) The instructions differ for each logical
+ # # network, which are laid out below.
+ # addressing:
+ # # The iDrac/iLo IP of the node. It's important that this match up with the
+ # # node's hostname above, so that the rack number and node position encoded
+ # # in the hostname are accurate and matching the node that IPMI operations
+ # # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+ # # reconfigure identity, etc - very important to get right for these reasons).
+ # # These addresses should already be assigned to nodes racked and stacked in
+ # # the environment; these are not addresses which MaaS assigns.
+ # - network: oob
+ # address: 10.23.104.12
+ # # The IP of the node on the PXE network. Refer to the static IP range
+ # # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
+ # # IPs from this network, starting with the second IP (inclusive) from the
+ # # allocation range of this subnet (Genesis node will have the first IP).
+ # # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
+ # # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
+ # # so on with incrementing IP addresses with each additional node.
+ # - network: pxe
+ # address: 10.23.20.12
+ # # Genesis node gets first IP, all other nodes increment IPs from there
+ # # within the allocation range defined for the network in
+ # # networks/physical/networks.yaml
+ # - network: oam
+ # address: 10.23.21.12
+ # # Genesis node gets first IP, all other nodes increment IPs from there
+ # # within the allocation range defined for the network in
+ # # networks/physical/networks.yaml
+ # - network: storage
+ # address: 10.23.23.12
+ # # Genesis node gets first IP, all other nodes increment IPs from there
+ # # within the allocation range defined for the network in
+ # # networks/physical/networks.yaml
+ # - network: overlay
+ # address: 10.23.24.12
+ # # Genesis node gets first IP, all other nodes increment IPs from there
+ # # within the allocation range defined for the network in
+ # # networks/physical/networks.yaml
+ # - network: calico
+ # address: 10.23.22.12
+ # # NEWSITE-CHANGEME: Set the host profile for the node.
+ # # Note that there are different host profiles depending if this is a control
+ # # plane vs data plane node, and different profiles that map to different types
+ # # hardware. Control plane host profiles are further broken down into "primary"
+ # # and "secondary" profiles (refer to the Notes section at the top of this doc).
+ # # Select the host profile that matches up to your type of
+ # # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+ # # 'cp' refers to a control plane profile, and the "primary" means it will be
+ # # an active member in the ceph quorum. Refer to profiles/host/ for the list
+ # # of available host profiles specific to this site (otherwise, you may find
+ # # a general set of host profiles at the "type" or "global" layers/folders.
+ # # If you have hardware that is not on this list of profiles, you may need to
+ # # create a new host profile for that hardware.
+ # # Regarding control plane vs other data plane profiles, refer to the notes at
+ # # the beginning of this file. There should be one control plane node per rack,
+ # # including Genesis. Note Genesis won't actually be listed in this file as a
+ # # BaremetalNode, but the rest are.
+ # # This is the second "primary" control plane node after Genesis.
+ # host_profile: cp_r720-primary
+ # metadata:
+ # tags:
+ # # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+ # # plane node, and 'workers' tag for data plane hosts.
+ # - 'masters'
+ # # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+ # # documentation for the specific rack name. This should be a rack name that
+ # # is meaningful to data center personnel (i.e. a rack they could locate if
+ # # you gave them this rack designation).
+ # rack: cab23
+# ...
+{% for server in yaml.masters %}
+{% if loop.index > 1 %}
+---
+{% endif %}
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: {{server.name}}
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: {{server.oob}}
+ - network: pxe
+ address: {{server.pxe}}
+ - network: oam
+ address: {{server.host}}
+ - network: storage
+ address: {{server.storage}}
+ - network: overlay
+ address: {{server.neutron}}
+ - network: calico
+ address: {{server.ksn}}
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: cp_r720-primary
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'masters'
+{% if 'platform' in yaml %}
+ platform:
+ kernel_params:
+{% for key, value in yaml.platform.kernel_params.items() %}
+ {{key}}: '{{value}}'
+{% endfor %}
+{% if 'vcpu_pin_set' in yaml.platform %}
+ isolcpus: '{{yaml.platform.vcpu_pin_set}}'
+{% endif %}
+{% endif %}
+...
+{% endfor %}
+{% if 'workers' in yaml %}{% for server in yaml.workers %}
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: cab23-r720-14
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: {{server.oob}}
+ - network: pxe
+ address: {{server.pxe}}
+ - network: oam
+ address: {{server.host}}
+ - network: storage
+ address: {{server.storage}}
+ - network: overlay
+ address: {{server.neutron}}
+ - network: calico
+ address: {{server.ksn}}
+ # NEWSITE-CHANGEME: The next node's host profile
+ # This is the third "primary" control plane profile after genesis
+ host_profile: dp_r720
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: cab23
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+{% if 'platform' in yaml %}
+ platform:
+ kernel_params:
+{% for key, value in yaml.platform.kernel_params.items() %}
+ {{key}}: '{{value}}'
+{% endfor %}
+{% if 'vcpu_pin_set' in yaml.platform %}
+ isolcpus: '{{yaml.platform.vcpu_pin_set}}'
+{% endif %}
+{% endif %}
+...
+{% endfor %}{% endif %}
# bond and VLAN number specified in networks/physical/networks.yaml for the Calico
# network. E.g. VLAN 22 for the calico network as a member of bond0, you
# would set "interface=bond0.22" as shown here.
- ip_autodetection_method: interface=bond0.22
+ ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
etcd:
# etcd service IP address
service_ip: 10.96.232.136
+ ip_rule:
+ gateway: {{yaml.networks.ksn.gateway }}
+ bgp:
+ ipv4:
+ public_service_cidr: {{yaml.networks.ksn.additional_cidrs[0]}}
+ ingress_vip: {{yaml.networks.ksn.ingress_vip}}
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ peers:
+{% for peer in yaml.networks.ksn.peers %}
+ - {{peer.ip}}
+{% endfor %}
+{% endif %}
+ vip:
+ ingress_vip: '{{yaml.networks.host.ranges.static.end}}/32'
+ maas_vip: '{{yaml.networks.host.ranges.static.end}}/32'
dns:
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
upstream_servers:
- - 8.8.8.8
- - 8.8.4.4
- - 208.67.222.222
+{% for server in yaml.dns.upstream_servers %}
+ - {{server}}
+{% endfor %}
# Repeat the same values as above, but formatted as a common separated
# string
- upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222
+ upstream_servers_joined: '{{yaml.dns.upstream_servers|batch(2)|first|join(',')}}'
# NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
# Choose FQDN according to the ingress/public FQDN naming conventions at
# the top of this document.
- ingress_domain: airship-seaworthy.atlantafoundry.com
+ ingress_domain: {{yaml.dns.ingress_domain}}
genesis:
# NEWSITE-CHANGEME: Update with the hostname for the node which will take on
# networks/physical/networks.yaml
# NOTE: Ensure that the genesis node is manually configured with this
# hostname before running `genesis.sh` on the node.
- hostname: cab23-r720-11
+ hostname: {{yaml.genesis.name}}
# NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
# the calico network defined in networks/physical/networks.yaml for this IP.
- ip: 10.23.22.11
+ ip: {{yaml.genesis.ksn}}
bootstrap:
# NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
# defined for the pxe network in networks/physical/networks.yaml
- ip: 10.23.20.11
+ ip: {{yaml.genesis.pxe}}
kubernetes:
# K8s API service IP
- api_service_ip: 10.96.0.1
+ api_service_ip: {{yaml.kubernetes.api_service_ip}}
# etcd service IP
- etcd_service_ip: 10.96.0.2
+ etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
# k8s pod CIDR (network which pod traffic will traverse)
- pod_cidr: 10.97.0.0/16
+ pod_cidr: {{yaml.kubernetes.pod_cidr}}
# k8s service CIDR (network which k8s API traffic will traverse)
- service_cidr: 10.96.0.0/16
+ service_cidr: {{yaml.kubernetes.service_cidr}}
# misc k8s port settings
apiserver_port: 6443
haproxy_port: 6553
# control plane servers. Ensure that this matches the nodes with the 'masters'
# tags applied in baremetal/nodes.yaml
masters:
- - hostname: cab23-r720-12
- - hostname: cab23-r720-13
- - hostname: cab23-r720-14
+{% for master in yaml.masters %}
+ - hostname: {{master.name}}
+{% endfor %}
# NEWSITE-CHANGEME: Environment proxy information.
# NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
drydock_api: 30000
maas_api: 30001
maas_proxy: 31800 # hardcoded in MAAS
- shipyard_api: 30003
- airflow_web: 30004
ntp:
# comma separated NTP server list. Verify that these upstream NTP servers are
ceph:
# NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
# used for the `storage` network in networks/physical/networks.yaml
- public_cidr: '10.23.23.0/24'
- cluster_cidr: '10.23.23.0/24'
+ public_cidr: '{{yaml.networks.storage.cidr}}'
+ cluster_cidr: '{{yaml.networks.storage.cidr}}'
neutron:
# NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
# VLAN number are consistent with what's defined for the bond and the overlay
# network in networks/physical/networks.yaml
- tunnel_device: 'bond0.24'
+ tunnel_device: '{{yaml.networks.neutron.interface}}'
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
- external_iface: 'bond0'
+ external_iface: '{{yaml.networks.primary}}'
openvswitch:
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
- external_iface: 'bond0'
+ external_iface: '{{yaml.networks.primary}}'
...
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
- cidr: 10.23.104.0/24
+ cidr: {{yaml.networks.oob.cidr}}
routes:
# NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
- subnet: '0.0.0.0/0'
- gateway: 10.23.104.1
+ gateway: {{yaml.networks.oob.routes.gateway}}
metric: 100
# NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
# FIXME: Is this IP range actually used/allocated for anything? The HW already
# network either, as they should be routable via the default gw on OAM network
ranges:
- type: static
- start: 10.23.104.11
- end: 10.23.104.21
+ start: {{yaml.networks.oob.ranges.static.start}}
+ end: {{yaml.networks.oob.ranges.static.end}}
...
---
schema: 'drydock/NetworkLink/v1'
data:
# NEWSITE-CHANGEME: Update with the site's PXE network CIDR
# NOTE: The CIDR minimum size = (number of nodes * 2) + 10
- cidr: 10.23.20.0/24
+ cidr: {{yaml.networks.pxe.cidr}}
routes:
- subnet: 0.0.0.0/0
# NEWSITE-CHANGEME: Set the OAM network gateway IP address
- gateway: 10.23.20.1
+ gateway: {{yaml.networks.pxe.routes.gateway}}
metric: 100
# NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
# The remainder of the range is divided between two subnets of equal size:
ranges:
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
- type: reserved
- start: 10.23.20.1
- end: 10.23.20.10
+ start: {{yaml.networks.pxe.ranges.reserved.start}}
+ end: {{yaml.networks.pxe.ranges.reserved.end}}
# NEWSITE-CHANGEME: Update to the first half of the remaining range after
# excluding the 10 reserved IPs.
- type: static
- start: 10.23.20.11
- end: 10.23.20.21
+ start: {{yaml.networks.pxe.ranges.static.start}}
+ end: {{yaml.networks.pxe.ranges.static.end}}
# NEWSITE-CHANGEME: Update to the second half of the remaining range after
# excluding the 10 reserved IPs.
- type: dhcp
- start: 10.23.20.121
- end: 10.23.20.131
+ start: {{yaml.networks.pxe.ranges.dhcp.start}}
+ end: {{yaml.networks.pxe.ranges.dhcp.end}}
dns:
# NEWSITE-CHANGEME: FQDN for bare metal nodes.
# Choose FQDN according to the node FQDN naming conventions at the top of
# this document.
- domain: airship-seaworthy.atlantafoundry.com
+ domain: {% if 'dns' in yaml.networks.pxe and 'domain' in yaml.networks.pxe.dns %}{{yaml.networks.pxe.dns.domain}}
+ {% else %}{{yaml.dns.domain}}
+ {% endif %}
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
# TODO: This should be populated via substitution from common-addresses
- servers: '8.8.8.8,8.8.4.4,208.67.222.222'
+ servers: '{% if 'dns' in yaml.networks.pxe %}{{yaml.networks.pxe.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
...
---
schema: 'drydock/NetworkLink/v1'
storagePolicy: cleartext
data:
bonding:
+{% if yaml.networks.bonded %}
mode: 802.3ad
hash: layer3+4
peer_rate: fast
mon_rate: 100
up_delay: 1000
down_delay: 3000
+{% else %}
+ mode: disabled
+{% endif %}
# NEWSITE-CHANGEME: Ensure the network switches in the environment are
# configured for this MTU or greater. Even if switches are configured for or
# can support a slightly higher MTU, there is no need (and negliable benefit)
# to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
# 9100 for maximum compatibility.
- mtu: 9100
+ mtu: 9000
linkspeed: auto
trunking:
mode: 802.1q
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
- vlan: '21'
- mtu: 9100
+ vlan: '{{yaml.networks.host.vlan}}'
+ mtu: 9000
# NEWSITE-CHANGEME: Set the CIDR for the OAM network
# NOTE: The CIDR minimum size = number of nodes + 10
- cidr: 10.23.21.0/24
+ cidr: {{yaml.networks.host.cidr}}
routes:
- subnet: 0.0.0.0/0
# NEWSITE-CHANGEME: Set the OAM network gateway IP address
- gateway: 10.23.21.1
+ gateway: {{yaml.networks.host.routes.gateway}}
metric: 100
ranges:
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
- type: reserved
- start: 10.23.21.1
- end: 10.23.21.10
+ start: {{yaml.networks.host.ranges.reserved.start}}
+ end: {{yaml.networks.host.ranges.reserved.end}}
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
# 10 reserved IPs.
- type: static
- start: 10.23.21.11
- end: 10.23.21.21
+ start: {{yaml.networks.host.ranges.static.start}}
+ end: {{yaml.networks.host.ranges.static.end}}
dns:
# NEWSITE-CHANGEME: FQDN for bare metal nodes.
# Choose FQDN according to the node FQDN naming conventions at the top of
# this document.
- domain: airship-seaworthy.atlantafoundry.com
+ domain: {% if 'dns' in yaml.networks.host and 'domain' in yaml.networks.host.dns %}{{yaml.networks.host.dns.domain}}
+ {% else %}{{yaml.dns.domain}}
+ {% endif %}
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
# TODO: This should be populated via substitution from common-addresses
- servers: '8.8.8.8,8.8.4.4,208.67.222.222'
+ servers: '{% if 'dns' in yaml.networks.host %}{{yaml.networks.host.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
...
---
schema: 'drydock/Network/v1'
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
- vlan: '23'
- mtu: 9100
+ vlan: '{{yaml.networks.storage.vlan}}'
+ mtu: 9000
# NEWSITE-CHANGEME: Set the CIDR for the storage network
# NOTE: The CIDR minimum size = number of nodes + 10
- cidr: 10.23.23.0/24
+ cidr: {{yaml.networks.storage.cidr}}
ranges:
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
- type: reserved
- start: 10.23.23.1
- end: 10.23.23.10
+ start: {{yaml.networks.storage.ranges.reserved.start}}
+ end: {{yaml.networks.storage.ranges.reserved.end}}
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
# 10 reserved IPs.
- type: static
- start: 10.23.23.11
- end: 10.23.23.21
+ start: {{yaml.networks.storage.ranges.static.start}}
+ end: {{yaml.networks.storage.ranges.static.end}}
...
---
schema: 'drydock/Network/v1'
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on
- vlan: '24'
- mtu: 9100
+ vlan: '{{yaml.networks.neutron.vlan}}'
+ mtu: 9000
# NEWSITE-CHANGEME: Set the CIDR for the overlay network
# NOTE: The CIDR minimum size = number of nodes + 10
- cidr: 10.23.24.0/24
+ cidr: {{yaml.networks.neutron.cidr}}
ranges:
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
- type: reserved
- start: 10.23.24.1
- end: 10.23.24.10
+ start: {{yaml.networks.neutron.ranges.reserved.start}}
+ end: {{yaml.networks.neutron.ranges.reserved.end}}
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
# 10 reserved IPs.
- type: static
- start: 10.23.24.11
- end: 10.23.24.21
+ start: {{yaml.networks.neutron.ranges.static.start}}
+ end: {{yaml.networks.neutron.ranges.static.end}}
...
---
schema: 'drydock/Network/v1'
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on
- vlan: '22'
- mtu: 9100
+ vlan: '{{yaml.networks.ksn.vlan}}'
+ mtu: 9000
# NEWSITE-CHANGEME: Set the CIDR for the calico network
# NOTE: The CIDR minimum size = number of nodes + 10
- cidr: 10.23.22.0/24
+ cidr: {{yaml.networks.ksn.cidr}}
ranges:
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
- type: reserved
- start: 10.23.22.1
- end: 10.23.22.10
+ start: {{yaml.networks.ksn.ranges.reserved.start}}
+ end: {{yaml.networks.ksn.ranges.reserved.end}}
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
# 10 reserved IPs.
- type: static
- start: 10.23.22.11
- end: 10.23.22.21
+ start: {{yaml.networks.ksn.ranges.static.start}}
+ end: {{yaml.networks.ksn.ranges.static.end}}
...
---
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
hosts:
- localhost
- 127.0.0.1
+ # FIXME: Repetition of api_service_ip in common-addresses; use
+ # substitution
- {{yaml.kubernetes.api_service_ip}}
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
+
+ # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+ # the environment (genesis, control plane, data plane, everything).
+ # Add/delete from this list as necessary until all nodes are listed.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ # NOTE: The genesis node needs to be defined twice (the first two entries
+ # on this list) with all of the same paramters except the document_name.
+ # In the first case the document_name is `kubelet-genesis`, and in the
+ # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
- document_name: kubelet-genesis
common_name: system:node:{{yaml.genesis.name}}
hosts:
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
groups:
- system:nodes
- document_name: kubelet-{{yaml.genesis.name}}
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
groups:
- system:nodes
{% for server in yaml.masters %}
- {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
groups:
- system:nodes
{% endfor %}
- {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
groups:
- system:nodes
{% endfor %}{% endif %}
+ # End node list
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
- # NOTE(mark-burnett): hosts not required for client certificates
+ # NOTE(mark-burnett): hosts not required for client certificates
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. kubernetes-etcd.kube-system.svc.cluster.local
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml, except for the kubernetes
+ # service_cidr where it should start with the second IP in the range.
+ # NOTE: The genesis node is defined twice with the same `hosts` data:
+ # Once with its hostname in the common/document name, and once with
+ # `genesis` defined instead of the host. For now, this duplicated
+ # genesis definition is required. FIXME: Remove duplicate definition
+ # after Promenade addresses this issue.
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- document_name: kubernetes-etcd-{{ server.name }}
common_name: kubernetes-etcd-{{ server.name }}
hosts:
- - {{ server.name }}
+ - {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- {{yaml.kubernetes.etcd_service_ip}}
{% endfor %}
+ # End node list
kubernetes-etcd-peer:
certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- {{yaml.kubernetes.etcd_service_ip}}
{% endfor %}
+ # End node list
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
- document_name: calico-etcd-{{yaml.genesis.name}}
common_name: calico-etcd-{{yaml.genesis.name}}
hosts:
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- 10.96.232.136
- {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
- 127.0.0.1
- localhost
- 10.96.232.136
{% endfor %}
- document_name: calico-node
common_name: calcico-node
+ # End node list
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
- document_name: calico-etcd-{{yaml.genesis.name}}-peer
common_name: calico-etcd-{{yaml.genesis.name}}-peer
hosts:
- {{yaml.genesis.name}}
- {{yaml.genesis.host}}
- {{yaml.genesis.ksn}}
- - {{yaml.genesis.pxe}}
- 127.0.0.1
- localhost
- 10.96.232.136
- {{server.name}}
- {{server.host}}
- {{server.ksn}}
- - {{server.pxe}}
- 127.0.0.1
- localhost
- 10.96.232.136
{% endfor %}
- document_name: calico-node-peer
common_name: calcico-node-peer
+ # End node list
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
--- /dev/null
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dell_r720
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # Vendor of the server chassis
+ vendor: {{yaml.hardware.vendor}}
+ # Generation of the chassis model
+ generation: '{{yaml.hardware.generation}}'
+ # Version of the chassis model within its generation - not version of the hardware definition
+ hw_version: '{{yaml.hardware.hw_version}}'
+ # The certified version of the chassis BIOS
+ bios_version: '{{yaml.hardware.bios_version}}'
+ # Mode of the default boot of hardware - bios, uefi
+ boot_mode: bios
+ # Protocol of boot of the hardware - pxe, usb, hdd
+ bootstrap_protocol: pxe
+ # Which interface to use for network booting within the OOB manager, not OS device
+ pxe_interface: 0
+ # Map hardware addresses to aliases/roles to allow a mix of hardware configs
+ # in a site to result in a consistent configuration
+ device_aliases:
+{% if 'hardware' in yaml and 'device_aliases' in yaml.hardware %}
+{% for device in yaml.hardware.device_aliases %}
+ # {{ device.name }}
+ {{ device.key }}:
+ address: '{{ device.address }}'
+ dev_type: '{{ device.dev_type }}'
+ bus_type: '{{ device.bus_type }}'
+{% endfor %}
+{% endif %}
+...
- method: merge
path: .
data:
- # TODO: fixup proper HW profiles
- hardware_profile: DELL_HP_Generic
+ hardware_profile: dell_r720
primary_network: oam
interfaces:
pxe:
device_link: pxe
slaves:
- - eno1
+ - pxe_nic01
networks:
- pxe
bond0:
device_link: data
slaves:
- - enp67s0f0
- - enp67s0f1
- - enp68s0f0
- - enp68s0f1
+ - data_nic01
+ - data_nic02
networks:
- oam
- storage
storage:
physical_devices:
- sda:
+{% for disk in yaml.disks %}
+ {{disk.name}}:
+ {% if 'labels' in disk %}
labels:
- bootdrive: 'true'
+ {% for key, value in disk.labels.items() %}
+ {{key}}: '{{value}}'
+ {% endfor %}
+ {% endif %}
partitions:
- - name: 'root'
- size: '30g'
- bootable: true
+ {% for p in disk.partitions %}
+ - name: '{{p.name}}'
+ size: '{{p.size}}'
+ {% if 'bootable' in p %}
+ bootable: {{p.bootable}}
+ {% endif %}
filesystem:
- mountpoint: '/'
+ mountpoint: '{{p.mountpoint}}'
fstype: 'ext4'
mount_options: 'defaults'
- - name: 'boot'
- size: '1g'
- filesystem:
- mountpoint: '/boot'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var_log'
- size: '100g'
- filesystem:
- mountpoint: '/var/log'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var'
- size: '>100g'
- filesystem:
- mountpoint: '/var'
- fstype: 'ext4'
- mount_options: 'defaults'
- sdb:
- partitions:
- - name: 'cephj'
- size: '100g'
- filesystem:
- mountpoint: '/var/lib/ceph/cp'
- fstype: 'xfs'
- mount_options: 'defaults'
+ {% endfor %}
+{% endfor %}
platform:
kernel: 'hwe-16.04'
kernel_params:
+{% if 'platform' in yaml and 'kernel_params' in yaml.platform %}
+{% for key, value in yaml.platform.kernel_params.items() %}
+ {{key}}: '{{value}}'
+{% endfor %}
+{% else %}
console: 'ttyS1,115200n8'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ transparent_hugepage: 'never'
+{% endif %}
+{% if 'platform' in yaml and 'vcpu_pin_set' in yaml.platform %}
+ isolcpus: '{{yaml.platform.vcpu_pin_set}}'
+{% endif %}
metadata:
owner_data:
- method: merge
path: .
data:
- # TODO: fixup proper HW profiles
- hardware_profile: DELL_HP_Generic
+ hardware_profile: dell_r720
primary_network: oam
interfaces:
pxe:
device_link: pxe
slaves:
- - eno1
+ - pxe_nic01
networks:
- pxe
bond0:
device_link: data
slaves:
- - enp67s0f0
- - enp67s0f1
- - enp68s0f0
- - enp68s0f1
+ - data_nic01
+ - data_nic02
networks:
- oam
- storage
storage:
physical_devices:
- sda:
+{% for disk in yaml.disks %}
+ {{disk.name}}:
+ {% if 'labels' in disk %}
labels:
- bootdrive: 'true'
+ {% for key, value in disk.labels.items() %}
+ {{key}}: '{{value}}'
+ {% endfor %}
+ {% endif %}
partitions:
- - name: 'root'
- size: '30g'
- bootable: true
+ {% for p in disk.partitions %}
+ - name: '{{p.name}}'
+ size: '{{p.size}}'
+ {% if 'bootable' in p %}
+ bootable: {{p.bootable}}
+ {% endif %}
filesystem:
- mountpoint: '/'
+ mountpoint: '{{p.mountpoint}}'
fstype: 'ext4'
mount_options: 'defaults'
- - name: 'boot'
- size: '1g'
- filesystem:
- mountpoint: '/boot'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var_log'
- size: '100g'
- filesystem:
- mountpoint: '/var/log'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var'
- size: '>100g'
- filesystem:
- mountpoint: '/var'
- fstype: 'ext4'
- mount_options: 'defaults'
- sdb:
- partitions:
- - name: 'cephj'
- size: '100g'
- filesystem:
- mountpoint: '/var/lib/ceph/cp'
- fstype: 'xfs'
- mount_options: 'defaults'
+ {% endfor %}
+{% endfor %}
platform:
kernel: 'hwe-16.04'
kernel_params:
+{% if 'platform' in yaml and 'kernel_params' in yaml.platform %}
+{% for key, value in yaml.platform.kernel_params.items() %}
+ {{key}}: '{{value}}'
+{% endfor %}
+{% else %}
console: 'ttyS1,115200n8'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ transparent_hugepage: 'never'
+{% endif %}
+{% if 'platform' in yaml and 'vcpu_pin_set' in yaml.platform %}
+ isolcpus: '{{yaml.platform.vcpu_pin_set}}'
+{% endif %}
metadata:
owner_data:
openstack-neutron: enabled
openvswitch: enabled
ucp-barbican: enabled
- ceph-bootstrap: enabled
# ceph-mon: enabled
ceph-mgr: enabled
ceph-osd: enabled
ceph-rgw: enabled
ucp-maas: enabled
kube-dns: enabled
+ tenant-ceph-control-plane: enabled
+ # tenant-ceph-mon: enabled
+ tenant-ceph-rgw: enabled
+ tenant-ceph-mgr: enabled
kubernetes-apiserver: enabled
kubernetes-controller-manager: enabled
# kubernetes-etcd: enabled
- method: merge
path: .
data:
- # TODO: fixup proper HW profiles
- hardware_profile: DELL_HP_Generic
+ hardware_profile: dell_r720
primary_network: oam
interfaces:
pxe:
device_link: pxe
slaves:
- - eno1
+ - pxe_nic01
networks:
- pxe
bond0:
device_link: data
slaves:
- - enp67s0f0
- - enp67s0f1
- - enp68s0f0
- - enp68s0f1
+ - data_nic01
+ - data_nic02
networks:
- oam
- storage
storage:
physical_devices:
- sda:
+{% for disk in yaml.disks %}
+ {{disk.name}}:
+ {% if 'labels' in disk %}
labels:
- bootdrive: 'true'
+ {% for key, value in disk.labels.items() %}
+ {{key}}: '{{value}}'
+ {% endfor %}
+ {% endif %}
partitions:
- - name: 'root'
- size: '30g'
- bootable: true
+ {% for p in disk.partitions %}
+ - name: '{{p.name}}'
+ size: '{{p.size}}'
+ {% if 'bootable' in p %}
+ bootable: {{p.bootable}}
+ {% endif %}
filesystem:
- mountpoint: '/'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'boot'
- size: '1g'
- filesystem:
- mountpoint: '/boot'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var_log'
- size: '100g'
- filesystem:
- mountpoint: '/var/log'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var'
- size: '>100g'
- filesystem:
- mountpoint: '/var'
- fstype: 'ext4'
- mount_options: 'defaults'
- sdb:
- partitions:
- - name: 'nova'
- size: '99%'
- filesystem:
- mountpoint: '/var/lib/nova'
+ mountpoint: '{{p.mountpoint}}'
fstype: 'ext4'
mount_options: 'defaults'
+ {% endfor %}
+{% endfor %}
+
platform:
kernel: 'hwe-16.04'
kernel_params:
+{% if 'platform' in yaml and 'kernel_params' in yaml.platform %}
+{% for key, value in yaml.platform.kernel_params.items() %}
+ {{key}}: '{{value}}'
+{% endfor %}
+{% else %}
console: 'ttyS1,115200n8'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ transparent_hugepage: 'never'
+{% endif %}
+{% if 'platform' in yaml and 'vcpu_pin_set' in yaml.platform %}
+ isolcpus: '{{yaml.platform.vcpu_pin_set}}'
+{% endif %}
...
schema: 'drydock/Region/v1'
metadata:
schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: Replace with the site name
- name: airship-seaworthy
+ # NEWSITE-CHANGEXX: Replace with the site name
+ name: {{yaml.site_name}}
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+ # NEWSITE-CHANGEXX: Substitutions from deckhand SSH public keys into the
# list of authorized keys which MaaS will register for the build-in "ubuntu"
# account during the PXE process. Create a substitution rule for each SSH
# key that should have access to the "ubuntu" account (useful for trouble-
# shooting problems before UAM or UAM-lite is operational). SSH keys are
- # stored as secrets in site/airship-seaworthy/secrets.
+ # stored as secrets in site/seaworthy/secrets.
- dest:
# Add/replace the first item in the list
path: .authorized_keys[0]
src:
schema: deckhand/PublicKey/v1
# This should match the "name" metadata of the SSH key which will be
- # substituted, located in site/airship-seaworthy/secrets folder.
- name: airship_ssh_public_key
+ # substituted, located in site/seaworthy/secrets folder.
+ name: localadmin_ssh_public_key
path: .
- dest:
path: .repositories.main_archive
---
-# self-signed certifacte generated based on
-# https://libvirt.org/remote.html#Remote_certificates
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
metadata:
layeringDefinition:
abstract: false
layer: site
name: ingress-crt
schema: metadata/Document/v1
+ labels:
+ name: ingress-crt-site
storagePolicy: cleartext
schema: deckhand/Certificate/v1
data: |
layer: site
name: ingress-ca
schema: metadata/Document/v1
+ labels:
+ name: ingress-ca-site
storagePolicy: cleartext
schema: deckhand/CertificateAuthority/v1
data: |
layer: site
name: ingress-key
schema: metadata/Document/v1
+ labels:
+ name: ingress-key-site
storagePolicy: cleartext
schema: deckhand/CertificateKey/v1
data: |
layeringDefinition:
abstract: false
layer: site
+ labels:
+ name: ipmi-admin-password-site
storagePolicy: cleartext
-data: password123
+data: {{yaml.ipmi_admin.password}}
...
layer: site
storagePolicy: cleartext
# Pass: password123
-data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+data: {{yaml.genesis.root_password}}
...
abstract: false
layer: site
# NEWSITE-CHANGEME: Replace with the site name
- name: airship-seaworthy
+ name: {{yaml.site_name}}
storagePolicy: cleartext
data:
- # Deprecated revision system, will be removed later. Do not modify.
- revision: v4.0
# The type layer this site will delpoy with. Type layer is found in the
# type folder.
site_type: foundry
--- /dev/null
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico
+ replacement: true
+ #labels:
+ # name: kubernetes-calico-global
+ # component: kubernetes-calico
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.bgp.ipv4.public_service_cidr
+ dest:
+ path: .values.networking.bgp.ipv4.additional_cidrs[0]
+
+data:
+ values:
+ networking:
+ mtu: 1500
+ settings:
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ mesh: "off"
+ ippool:
+ ipip:
+ enabled: "false"
+{% else %}
+ mesh: "on"
+ ippool:
+ ipip:
+ enabled: "true"
+ mode: "Always"
+ nat_outgoing: "true"
+ disabled: "false"
+{% endif %}
+ bgp:
+ asnumber: {{yaml.networks.ksn.local_asnumber}}
+ ipv4:
+ additional_cidrs:
+{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
+ - {{add_cidr}}
+{% endfor %}
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ peers:
+{% for peer in yaml.networks.ksn.peers %}
+ - apiVersion: projectcalico.org/v3
+ kind: bgpPeer
+ metadata:
+ name: peer-{{loop.index-1}}
+ spec:
+ peerIP: {{peer.ip}}
+ asnumber: {{peer.asnumber}}
+{% endfor %}
+{% endif %}
+...
--- /dev/null
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+{% for server in yaml.masters %}
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[{{loop.index-1}}].hostname
+ dest:
+ path: .values.nodes[{{loop.index}}].name
+{% endfor %}
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis node {{yaml.genesis.name}}
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{yaml.genesis.name}}
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{yaml.genesis.name}}
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{yaml.genesis.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{yaml.genesis.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+{% for server in yaml.masters %}
+
+ # Master node {{server.name}}
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{loop.index}}].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{server.name}}
+ path: .
+ dest:
+ path: .values.nodes[{{loop.index}}].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{loop.index}}].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-{{server.name}}-peer
+ path: .
+ dest:
+ path: .values.nodes[{{loop.index}}].tls.peer.key
+{% endfor %}
+
+data: {}
+...
path: .genesis.hostname
dest:
path: .values.nodes[0].name
+{% for server in yaml.masters %}
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
- path: .masters[0].hostname
+ path: .masters[{{loop.index-1}}].hostname
dest:
- path: .values.nodes[1].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[1].hostname
- dest:
- path: .values.nodes[2].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[2].hostname
- dest:
- path: .values.nodes[3].name
+ path: .values.nodes[{{loop.index}}].name
+{% endfor %}
# Certificate substitutions for the node names assembled on the above list.
# NEWSITE-CHANGEME: Per above, the number of substitutions should not need
# genesis node, but `genesis` is reference here in the certificate names
# because of certain Promenade assumptions that may be addressed in the
# future. Therefore `genesis` is used instead of `cab23-r720-11` here.
+
+ # Genesis node {{yaml.genesis.name}}
- src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-genesis
path: .
dest:
path: .values.nodes[0].tls.peer.key
+{% for server in yaml.masters %}
- # master node 1 hostname - cab23-r720-12
+ # Master node {{loop.index}} hostname - {{server.name}}
- src:
schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-12
+ name: kubernetes-etcd-{{server.name}}
path: .
dest:
- path: .values.nodes[1].tls.client.cert
+ path: .values.nodes[{{loop.index}}].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-12
+ name: kubernetes-etcd-{{server.name}}
path: .
dest:
- path: .values.nodes[1].tls.client.key
+ path: .values.nodes[{{loop.index}}].tls.client.key
- src:
schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-12-peer
+ name: kubernetes-etcd-{{server.name}}-peer
path: .
dest:
- path: .values.nodes[1].tls.peer.cert
+ path: .values.nodes[{{loop.index}}].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-12-peer
+ name: kubernetes-etcd-{{server.name}}-peer
path: .
dest:
- path: .values.nodes[1].tls.peer.key
-
- # master node 2 hostname - cab23-r720-13
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-13
- path: .
- dest:
- path: .values.nodes[2].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-13
- path: .
- dest:
- path: .values.nodes[2].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-13-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-13-peer
- path: $
- dest:
- path: .values.nodes[2].tls.peer.key
-
- # master node 3 hostname - cab23-r720-14
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-14
- path: .
- dest:
- path: .values.nodes[3].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-14
- path: .
- dest:
- path: .values.nodes[3].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-cab23-r720-14-peer
- path: .
- dest:
- path: .values.nodes[3].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-cab23-r720-14-peer
- path: $
- dest:
- path: .values.nodes[3].tls.peer.key
+ path: .values.nodes[{{loop.index}}].tls.peer.key
+{% endfor %}
data: {}
...
- method: merge
path: .
storagePolicy: cleartext
-data: {}
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .vip.ingress_vip
+ dest:
+ path: .values.network.vip.addr
+data:
+ values:
+ network:
+ ingress:
+ disable-ipv6: "true"
+ vip:
+ manage: true
...
# See the License for the specific language governing permissions and #
# limitations under the License. #
##############################################################################
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
schema: armada/Chart/v1
metadata:
- openvswitch
- sriov
interface:
+ tunnel_device: '{{yaml.networks.neutron.interface}}'
sriov:
{% for sriovnet in yaml.sriov.nets %}
- device: {{sriovnet.interface}}
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
sriov_nic:
exclude_devices: null
- physical_device_mappings: '
+ physical_device_mappings: '
{%- for sriovnet in yaml.sriov.nets -%}
{%- if loop.index > 1 -%}
,
{%- endfor %}
...
+
---
##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
##############################################################################
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
schema: armada/Chart/v1
metadata:
--- /dev/null
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: tenant-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ osd: {{yaml.tenant_storage.osd_count}}
+...
--- /dev/null
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: tenant-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ labels:
+ osd:
+ node_selector_key: tenant-ceph-osd
+ node_selector_value: enabled
+ conf:
+ storage:
+ failure_domain: "rack"
+ # NEWSITE-CHANGEME: The OSD count and configuration here should not need
+ # to change if your HW matches the HW used in this environment.
+ # Otherwise you may need to add or subtract disks to this list.
+ # no need to create below jounal partitons as ceph charts will create them
+ # default size of journal partions is 10GB
+ osd:
+{% for osd in yaml.tenant_storage.osds %}
+ - data:
+ type: block-logical
+ location: {{osd.data}}
+ journal:
+ type: block-logical
+ location: {{osd.journal}}
+{% endfor %}
+ overrides:
+ ceph_osd:
+ hosts:
+ - name: {{yaml.genesis.name}}
+ conf:
+ storage:
+ failure_domain_name: "{{yaml.genesis.name}}_rack"
+{% for server in yaml.masters %}
+ - name: {{server.name}}
+ conf:
+ storage:
+ failure_domain_name: "{{server.name}}_rack"
+{% endfor %}
+{% if 'workers' in yaml %}{% for server in yaml.workers %}
+ - name: {{server.name}}
+ conf:
+ storage:
+ failure_domain_name: "{{server.name}}_rack"
+{% endfor %}{% endif %}
+...
target:
# NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
# your HW matches this site's HW. Verify for your environment.
- # 8 OSDs per node x 4 nodes = 32
- osd: 32
+ # 8 OSDs per node x 3 nodes = 24
+ osd: {{yaml.storage.total_osd_count}}
...
target:
# NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
# change if your deployment HW matches this site's HW.
- osd: 8
+ osd: {{yaml.storage.osd_count}}
...
--- /dev/null
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ failure_domain: "rack"
+ # NEWSITE-CHANGEME: The OSD count and configuration here should not need
+ # to change if your HW matches the HW used in this environment.
+ # Otherwise you may need to add or subtract disks to this list.
+ # no need to create below jounal partitons as ceph charts will create them
+ # default size of journal partions is 10GB
+ osd:
+{% for osd in yaml.storage.osds %}
+ - data:
+ type: block-logical
+ location: {{osd.data}}
+ journal:
+ type: block-logical
+ location: {{osd.journal}}
+{% endfor %}
+ overrides:
+ ceph_osd:
+ hosts:
+ - name: {{yaml.genesis.name}}
+ conf:
+ storage:
+ failure_domain_name: "{{yaml.genesis.name}}_rack"
+{% for server in yaml.masters %}
+ - name: {{server.name}}
+ conf:
+ storage:
+ failure_domain_name: "{{server.name}}_rack"
+{% endfor %}
+...
values:
pod:
env:
- promenade_api: []
+ promenade_api:
+ - name: no_proxy
+ value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+ - name: NO_PROXY
+ value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
# NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
# Otherwise comment out these lines.
# - name: http_proxy
- # value: http://proxy.example.com:8080
+ # value: 'http://proxy.example.com:8080'
# NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
# Otherwise comment out these lines.
# - name: https_proxy
- # value: http://proxy.example.com:8080
+ # value: 'http://proxy.example.com:8080'
# NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
# IPs / domain names which the proxy should not be used for (i.e. the
# cluster domain and kubernetes service_cidr defined in common-addresses)
# Otherwise comment out these lines.
# - name: no_proxy
- # value: 10.36.0.1,.cluster.local
+ # value: '10.96.0.1,.cluster.local'
# NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
# Otherwise comment out these lines.
# - name: HTTP_PROXY
- # value: http://proxy.example.com:8080
+ # value: 'http://proxy.example.com:8080'
# NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
# Otherwise comment out these lines.
# - name: HTTPS_PROXY
- # value: http://proxy.example.com:8080
+ # value: 'http://proxy.example.com:8080'
# NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
# IPs / domain names which the proxy should not be used for (i.e. the
# cluster domain and kubernetes service_cidr defined in common-addresses)
# Otherwise comment out these lines.
# - name: NO_PROXY
- # value: 10.36.0.1,.cluster.local
+ # value: '10.96.0.1,.cluster.local'
...
data:
osh:
# NEWSITE-CHANGEME: Replace with the site name
- region_name: airship-seaworthy
+ region_name: RegionOne
...
postgres:
admin:
username: postgres
+ replica:
+ username: standby
+ exporter:
+ username: psql_exporter
oslo_db:
admin:
username: root
username: airflow
database: airflow
oslo_messaging:
- username: rabbitmq
+ admin:
+ username: rabbitmq
+ user:
+ username: airflow
maas:
admin:
username: admin
# NEWSITE-CHANGEME: Replace with the site name
region_name: RegionOne
role: admin
- user_domain_name: default
username: armada
deckhand:
keystone:
postgres:
username: deckhand
database: deckhand
+ prometheus_openstack_exporter:
+ user:
+ region_name: RegionOne
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
ceph:
swift:
keystone:
path: .osh.region_name
dest:
path: .osh.barbican.barbican.region_name
- - src:
- schema: pegleg/CommonSoftwareConfig/v1
- name: common-software-config
- path: .osh.region_name
- dest:
- path: .osh.barbican.barbican.region_name
data:
osh:
keystone:
username: keystone
database: keystone
oslo_messaging:
- admin:
- username: keystone-rabbitmq-admin
keystone:
username: keystone-rabbitmq-user
ldap:
username: cinder
database: cinder
oslo_messaging:
- admin:
- username: cinder-rabbitmq-admin
cinder:
username: cinder-rabbitmq-user
glance:
username: glance
database: glance
oslo_messaging:
- admin:
- username: glance-rabbitmq-admin
glance:
username: glance-rabbitmq-user
ceph_object_store:
username: heat
database: heat
oslo_messaging:
- admin:
- username: heat-rabbitmq-admin
heat:
username: heat-rabbitmq-user
swift:
oslo_db:
admin:
username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-oslodb-exporter
neutron:
neutron:
role: admin
username: neutron
database: neutron
oslo_messaging:
- admin:
- username: neutron-rabbitmq-admin
neutron:
username: neutron-rabbitmq-user
nova:
username: nova
database: "nova_cell0"
oslo_messaging:
- admin:
- username: nova-rabbitmq-admin
nova:
username: nova-rabbitmq-user
horizon:
username: barbican
database: barbican
oslo_messaging:
- admin:
- username: barbican-rabbitmq-admin
barbican:
username: barbican-rabbitmq-user
+ oslo_messaging:
+ admin:
+ username: admin
+ tempest:
+ tempest:
+ role: admin
+ username: tempest
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
...
---
schema: pegleg/AccountCatalogue/v1
path: .osh_infra.prometheus_openstack_exporter.user.region_name
data:
osh_infra:
+ ceph_object_store:
+ admin:
+ username: s3_admin
+ elasticsearch:
+ username: elasticsearch
grafana:
admin:
username: grafana
elasticsearch:
admin:
username: elasticsearch
- kibana:
- admin:
- username: kibana
oslo_db:
admin:
username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-infra-oslodb-exporter
prometheus_openstack_exporter:
user:
role: admin
nagios:
admin:
username: nagios
+ prometheus:
+ admin:
+ username: prometheus
ldap:
admin:
# NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+++ /dev/null
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "{}"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright {yyyy} {name of copyright owner}
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+++ /dev/null
-# Akraino Edge Stack
-..............................................................................
-. Copyright (c) 2019 AT&T Intellectual Property. All rights reserved .
-. .
-. Licensed under the Apache License, Version 2.0 (the "License"); you may .
-. not use this file except in compliance with the License. .
-. .
-. You may obtain a copy of the License at .
-. http://www.apache.org/licenses/LICENSE-2.0 .
-. .
-. Unless required by applicable law or agreed to in writing, software .
-. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT .
-. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. .
-. See the License for the specific language governing permissions and .
-. limitations under the License. .
-..............................................................................
-
-The files in this directory were created with the following commands:
-
-(
-rm -rf airship-treasuremap
-git clone https://git.openstack.org/openstack/airship-treasuremap
-cd ./airship-treasuremap;
-git checkout 059857148ad142730b5a69374e44a988cac92378;
-rm -rf .git/ .gitreview .zuul.yaml
-# SR-IOV UPDATES
-sed -i "s/ceph-common=10.2.10/ceph-common=10.2.11/" ./global/v4.0/software/config/versions.yaml
-sed -i -e 's|docker.io/openstackhelm/neutron:ocata|docker.io/openstackhelm/neutron:ocata\n neutron_sriov_agent: \&neutron_sriov docker.io/openstackhelm/neutron:ocata-sriov-1804\n neutron_sriov_agent_init: \&neutron_sriov_init docker.io/openstackhelm/neutron:ocata-sriov-1804|g' ./global/v4.0/software/config/versions.yaml
-sed -i -e 's|neutron_linuxbridge_agent.*|neutron_linuxbridge_agent: *neutron\n neutron_sriov_agent: *neutron_sriov\n neutron_sriov_agent_init: *neutron_sriov_init|g' ./global/v4.0/software/config/versions.yaml
-)
-
-Akraino Team
+++ /dev/null
----
-schema: deckhand/LayeringPolicy/v1
-metadata:
- schema: metadata/Control/v1
- name: layering-policy
-data:
- layerOrder:
- - global
- - type
- - site
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: pegleg/Script/v1
-data:
- $schema: http://json-schema.org/schema#
- type: string
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: pegleg/SiteDefinition/v1
-data:
- $schema: http://json-schema.org/schema#
- type: object
-
- properties:
- revision:
- type: string
- pattern: '^v.+$'
- site_type:
- type: string
- required:
- - revision
- - site_type
- additionalProperties: false
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: private_docker_key
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-# sample key for potential private docker registry
-# see Docker documentation for info on how to generate the key
-# base64 of password123
-data: cGFzc3dvcmQxMjM=
-...
+++ /dev/null
----
-schema: deckhand/PublicKey/v1
-metadata:
- schema: metadata/Document/v1
- name: airship_ssh_public_key
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
-...
+++ /dev/null
----
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: airship-target
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: global
-data:
- signaling: false
- assets:
- - path: /etc/systemd/system/airship.target
- type: unit
- permissions: '444'
- data: |
- [Unit]
- Description=Airshipt bootaction target
- After=multi-user.target cloud-init.target
-
- [Install]
- WantedBy=graphical.target
-
- data_pipeline:
- - utf8_decode
-...
+++ /dev/null
----
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: promjoin-systemd-unit
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- application: 'drydock'
-data:
- signaling: false
- assets:
- - path: /etc/systemd/system/promjoin.service
- type: unit
- permissions: '444'
- data: |
- [Unit]
- Description=Promenade Initialization Service
- After=network-online.target local-fs.target cloud-init.target
- ConditionPathExists=!/var/lib/prom.done
-
- [Service]
- Type=oneshot
- ExecStart=/opt/promjoin.sh
-
- [Install]
- WantedBy=airship.target
-
- data_pipeline:
- - utf8_decode
-...
+++ /dev/null
----
-# The global deployment strategy assumes nodes are marked with node_tags
-# of masters and workers.
-schema: shipyard/DeploymentStrategy/v1
-metadata:
- schema: metadata/Document/v1
- name: deployment-strategy
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- name: deployment-strategy-global
- storagePolicy: cleartext
-data:
- groups:
- - name: masters
- critical: true
- depends_on: []
- selectors:
- - node_names: []
- node_labels: []
- node_tags:
- - masters
- rack_names: []
- success_criteria:
- percent_successful_nodes: 100
- - name: workers
- critical: true
- depends_on:
- - masters
- selectors:
- - node_names: []
- node_labels: []
- node_tags:
- - workers
- rack_names: []
- success_criteria:
- percent_successful_nodes: 60
-...
+++ /dev/null
----
-schema: promenade/Genesis/v1
-metadata:
- schema: metadata/Document/v1
- name: genesis-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: genesis-global
- storagePolicy: cleartext
- substitutions:
- # Software versions for bootstrapping phase
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.armada.api
- dest:
- path: .images.armada
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.armada.tiller
- dest:
- path: .images.helm.tiller
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.apiserver.apiserver
- dest:
- path: .images.kubernetes.apiserver
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.controller-manager.controller_manager
- dest:
- path: .images.kubernetes.controller-manager
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.etcd.etcd
- dest:
- path: .images.kubernetes.etcd
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.scheduler.scheduler
- dest:
- path: .images.kubernetes.scheduler
-
- # Site-specific configuration
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .hostname
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.ip
- dest:
- path: .ip
-
- # Command prefix
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .apiserver.command_prefix[1]
- pattern: SERVICE_CIDR
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_node_port_range
- dest:
- path: .apiserver.command_prefix[2]
- pattern: SERVICE_NODE_PORT_RANGE
-
-data:
- apiserver:
- command_prefix:
- - /apiserver
- - --service-cluster-ip-range=SERVICE_CIDR
- - --service-node-port-range=SERVICE_NODE_PORT_RANGE
- - --authorization-mode=Node,RBAC
- - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- - --endpoint-reconciler-type=lease
- armada:
- target_manifest: cluster-bootstrap
- labels:
- dynamic:
- - beta.kubernetes.io/fluentd-ds-ready=true
- - calico-etcd=enabled
- - ceph-mds=enabled
- - ceph-mon=enabled
- - ceph-osd=enabled
- - ceph-rgw=enabled
- - ceph-mgr=enabled
- - kube-dns=enabled
- - kube-ingress=enabled
- - kubernetes-apiserver=enabled
- - kubernetes-controller-manager=enabled
- - kubernetes-etcd=enabled
- - kubernetes-scheduler=enabled
- - promenade-genesis=enabled
- - ucp-control-plane=enabled
- - maas-control-plane=enabled
- - node-exporter=enabled
- files:
- - path: /var/lib/anchor/calico-etcd-bootstrap
- content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
- mode: 0644
+++ /dev/null
----
-schema: 'drydock/HardwareProfile/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: DELL_HP_Generic
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- vendor: Dell
- generation: '8'
- hw_version: '3'
- bios_version: '2.2.3'
- boot_mode: bios
- bootstrap_protocol: pxe
- pxe_interface: 0
- device_aliases: {}
-...
+++ /dev/null
----
-schema: drydock/HostProfile/v1
-metadata:
- schema: metadata/Document/v1
- name: cp-global
- storagePolicy: cleartext
- labels:
- hosttype: cp-global
- layeringDefinition:
- abstract: true
- layer: global
- substitutions:
- - dest:
- path: .oob.credential
- src:
- schema: deckhand/Passphrase/v1
- name: ipmi_admin_password
- path: .
-data:
- oob:
- type: 'ipmi'
- network: 'oob'
- account: 'root'
- storage:
- physical_devices:
- sda:
- labels:
- bootdrive: 'true'
- partitions:
- - name: 'root'
- size: '30g'
- bootable: true
- filesystem:
- mountpoint: '/'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'boot'
- size: '1g'
- filesystem:
- mountpoint: '/boot'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var'
- size: '>100g'
- filesystem:
- mountpoint: '/var'
- fstype: 'ext4'
- mount_options: 'defaults'
- platform:
- image: 'xenial'
- kernel: 'hwe-16.04'
- metadata:
- owner_data:
- control-plane: enabled
- ucp-control-plane: enabled
- openstack-control-plane: enabled
- openstack-heat: enabled
- openstack-keystone: enabled
- openstack-rabbitmq: enabled
- openstack-dns-helper: enabled
- openstack-mariadb: enabled
- openstack-nova-control: enabled
- openstack-etcd: enabled
- openstack-mistral: enabled
- openstack-memcached: enabled
- openstack-glance: enabled
- openstack-horizon: enabled
- openstack-cinder-control: enabled
- openstack-cinder-volume: control
- openstack-neutron: enabled
- openvswitch: enabled
- ucp-barbican: enabled
- ceph-bootstrap: enabled
- ceph-mon: enabled
- ceph-mgr: enabled
- ceph-osd: enabled
- ceph-mds: enabled
- ceph-rgw: enabled
- ucp-maas: enabled
- kube-dns: enabled
- kubernetes-apiserver: enabled
- kubernetes-controller-manager: enabled
- kubernetes-etcd: enabled
- kubernetes-scheduler: enabled
- tiller-helm: enabled
- kube-etcd: enabled
- calico-policy: enabled
- calico-node: enabled
- calico-etcd: enabled
- ucp-armada: enabled
- ucp-drydock: enabled
- ucp-deckhand: enabled
- ucp-shipyard: enabled
- IAM: enabled
- ucp-promenade: enabled
- prometheus-server: enabled
- prometheus-client: enabled
- fluentd: enabled
- influxdb: enabled
- kibana: enabled
- elasticsearch-client: enabled
- elasticsearch-master: enabled
- elasticsearch-data: enabled
- postgresql: enabled
- kube-ingress: enabled
- beta.kubernetes.io/fluentd-ds-ready: 'true'
- node-exporter: enabled
-...
+++ /dev/null
----
-schema: drydock/HostProfile/v1
-metadata:
- schema: metadata/Document/v1
- name: dp-global
- labels:
- hosttype: dp-global
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- substitutions:
- - dest:
- path: .oob.credential
- src:
- schema: deckhand/Passphrase/v1
- name: ipmi_admin_password
- path: .
-data:
- oob:
- type: 'ipmi'
- network: 'oob'
- account: 'root'
- storage:
- physical_devices:
- sda:
- labels:
- bootdrive: 'true'
- partitions:
- - name: 'root'
- size: '30g'
- bootable: true
- filesystem:
- mountpoint: '/'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'boot'
- size: '1g'
- filesystem:
- mountpoint: '/boot'
- fstype: 'ext4'
- mount_options: 'defaults'
- - name: 'var'
- size: '>100g'
- filesystem:
- mountpoint: '/var'
- fstype: 'ext4'
- mount_options: 'defaults'
- platform:
- image: 'xenial'
- kernel: 'hwe-16.04'
- metadata:
- owner_data:
- openstack-nova-compute: enabled
- openvswitch: enabled
- contrail-vrouter: kernel
- openstack-libvirt: kernel
- beta.kubernetes.io/fluentd-ds-ready: 'true'
- node-exporter: enabled
-...
+++ /dev/null
----
-schema: promenade/HostSystem/v1
-metadata:
- schema: metadata/Document/v1
- name: host-system
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .files.kubelet
- dest:
- path: .files[0].tar_url
-
- # Initial CoreDNS image (used during node Genesis and node join)
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.coredns.coredns
- dest:
- path: .images.coredns
-
- # Initial CoreDNS image (used during node Genesis and node join)
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.haproxy.haproxy
- dest:
- path: .images.haproxy
-
- # Operational tools
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.armada.helm
- dest:
- path: .images.helm.helm
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.kubectl
- dest:
- path: .images.kubernetes.kubectl
-
- # System packages
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .packages.named.docker
- dest:
- path: .packages.required.docker
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .packages.named.socat
- dest:
- path: .packages.required.socat
-
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .packages.unnamed
- dest:
- path: .packages.additional
-
- # Docker authorization
- - src:
- schema: deckhand/Passphrase/v1
- path: .
- name: private_docker_key
- dest:
- path: .files[2].content
- pattern: DH_SUB_PRIVATE_DOCKER_KEY
-
-data:
- files:
- - path: /opt/kubernetes/bin/kubelet
- tar_path: kubernetes/node/bin/kubelet
- mode: 0555
- - path: /etc/logrotate.d/json-logrotate
- mode: 0444
- content: |-
- /var/lib/docker/containers/*/*-json.log
- {
- compress
- copytruncate
- create 0644 root root
- weekly
- dateext
- dateformat -%Y%m%d-%s
- maxsize 100M
- missingok
- notifempty
- su root root
- rotate 1
- }
- - path: /var/lib/kubelet/.dockercfg
- mode: 0400
- # NOTE: Sample key, this repo does not exist
- content: |-
- {
- "https://private.registry.com": {
- "auth": "DH_SUB_PRIVATE_DOCKER_KEY"
- }
- }
-
- packages:
- repositories:
- - deb http://apt.dockerproject.org/repo ubuntu-xenial main
- keys:
- - |-
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
- ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
- mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
- TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
- dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
- X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
- HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
- NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
- hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
- 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
- zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
- tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
- Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
- AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
- Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
- 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
- uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
- 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
- L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
- YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
- 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
- jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
- HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
- MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
- TvBR8Q==
- =Fm3p
- -----END PGP PUBLIC KEY BLOCK-----
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: armada/Chart/v1
- labels:
- application: armada
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- additionalProperties: true
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: armada/ChartGroup/v1
- labels:
- application: armada
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- additionalProperties: true
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: armada/Manifest/v1
- labels:
- application: armada
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- additionalProperties: true
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/BaremetalNode/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- addressing:
- type: 'array'
- items:
- type: 'object'
- properties:
- address:
- type: 'string'
- network:
- type: 'string'
- oob:
- type: 'object'
- properties:
- type:
- type: 'string'
- network:
- type: 'string'
- account:
- type: 'string'
- credetial:
- type: 'string'
- additionalProperties: true
- storage:
- type: 'object'
- properties:
- physical_devices:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- labels:
- type: 'object'
- additionalProperties:
- type: 'string'
- volume_group:
- type: 'string'
- partitions:
- type: 'array'
- items:
- type: 'object'
- properties:
- name:
- type: 'string'
- size:
- type: 'string'
- part_uuid:
- type: 'string'
- volume_group:
- type: 'string'
- labels:
- type: 'object'
- additionalProperties:
- type: 'string'
- bootable:
- type: 'boolean'
- volume_group:
- type: 'string'
- filesystem:
- type: 'object'
- properties:
- mountpoint:
- type: 'string'
- fstype:
- type: 'string'
- mount_options:
- type: 'string'
- fs_uuid:
- type: 'string'
- fs_label:
- type: 'string'
- additionalProperties: false
- additionalProperties: false
- volume_groups:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- vg_uuid:
- type: 'string'
- logical_volumes:
- type: 'array'
- items:
- type: 'object'
- properties:
- name:
- type: 'string'
- lv_uuid:
- type: 'string'
- size:
- type: 'string'
- filesystem:
- type: 'object'
- properties:
- mountpoint:
- type: 'string'
- fstype:
- type: 'string'
- mount_options:
- type: 'string'
- fs_uuid:
- type: 'string'
- fs_label:
- type: 'string'
- platform:
- type: 'object'
- properties:
- image:
- type: 'string'
- kernel:
- type: 'string'
- kernel_params:
- type: 'object'
- additionalProperties: true
- additionalProperties: false
- metadata:
- type: 'object'
- properties:
- tags:
- type: 'array'
- items:
- type: 'string'
- owner_data:
- type: 'object'
- additionalProperties:
- type: 'string'
- rack:
- type: 'string'
- boot_mac:
- type: 'string'
- additionalProperties: false
- host_profile:
- type: 'string'
- hardware_profile:
- type: 'string'
- primary_network:
- type: 'string'
- interfaces:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- device_link:
- type: 'string'
- slaves:
- type: 'array'
- items:
- type: 'string'
- networks:
- type: 'array'
- items:
- type: 'string'
- additionalProperties: false
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/BootAction/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- additionalProperties: false
- properties:
- signaling:
- type: 'boolean'
- assets:
- type: 'array'
- items:
- type: 'object'
- additionalProperties: false
- properties:
- path:
- type: 'string'
- pattern: '^/.+'
- location:
- type: 'string'
- type:
- type: 'string'
- enum:
- - 'unit'
- - 'file'
- - 'pkg_list'
- data:
- type: 'string'
- location_pipeline:
- type: 'array'
- items:
- type: 'string'
- enum:
- - 'template'
- data_pipeline:
- type: 'array'
- items:
- type: 'string'
- enum:
- - 'base64_encode'
- - 'template'
- - 'base64_decode'
- - 'utf8_encode'
- - 'utf8_decode'
- permissions:
- type: 'string'
- pattern: '\d{3}'
- required:
- - 'type'
- node_filter:
- type: 'object'
- additionalProperties: false
- properties:
- filter_set_type:
- type: 'string'
- enum:
- - 'intersection'
- - 'union'
- filter_set:
- type: 'array'
- items:
- type: 'object'
- additionalProperties: false
- properties:
- filter_type:
- type: 'string'
- enum:
- - 'intersection'
- - 'union'
- node_names:
- type: 'array'
- items:
- type: 'string'
- node_tags:
- type: 'array'
- items:
- type: 'string'
- node_labels:
- type: 'object'
- additionalProperties: true
- rack_names:
- type: 'array'
- items:
- type: 'string'
- rack_labels:
- type: 'object'
- additionalProperties: true
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/HardwareProfile/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- vendor:
- type: 'string'
- generation:
- type: 'string'
- hw_version:
- type: 'string'
- bios_version:
- type: 'string'
- boot_mode:
- type: 'string'
- enum:
- - 'bios'
- - 'uefi'
- bootstrap_protocol:
- type: 'string'
- enum:
- - 'pxe'
- - 'usb'
- - 'hdd'
- pxe_interface:
- type: 'number'
- device_aliases:
- type: 'object'
- additionalProperties: true
- cpu_sets:
- type: 'object'
- additionalProperties:
- type: 'string'
- hugepages:
- type: 'object'
- additionalProperties:
- type: 'object'
- propertes:
- size:
- type: 'string'
- count:
- type: 'number'
- additionalProperties: false
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/HostProfile/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- oob:
- type: 'object'
- properties:
- type:
- type: 'string'
- network:
- type: 'string'
- account:
- type: 'string'
- credetial:
- type: 'string'
- additionalProperties: true
- storage:
- type: 'object'
- properties:
- physical_devices:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- labels:
- type: 'object'
- additionalProperties:
- type: 'string'
- volume_group:
- type: 'string'
- partitions:
- type: 'array'
- items:
- type: 'object'
- properties:
- name:
- type: 'string'
- size:
- type: 'string'
- part_uuid:
- type: 'string'
- volume_group:
- type: 'string'
- labels:
- type: 'object'
- additionalProperties:
- type: 'string'
- bootable:
- type: 'boolean'
- volume_group:
- type: 'string'
- filesystem:
- type: 'object'
- properties:
- mountpoint:
- type: 'string'
- fstype:
- type: 'string'
- mount_options:
- type: 'string'
- fs_uuid:
- type: 'string'
- fs_label:
- type: 'string'
- additionalProperties: false
- additionalProperties: false
- volume_groups:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- vg_uuid:
- type: 'string'
- logical_volumes:
- type: 'array'
- items:
- type: 'object'
- properties:
- name:
- type: 'string'
- lv_uuid:
- type: 'string'
- size:
- type: 'string'
- filesystem:
- type: 'object'
- properties:
- mountpoint:
- type: 'string'
- fstype:
- type: 'string'
- mount_options:
- type: 'string'
- fs_uuid:
- type: 'string'
- fs_label:
- type: 'string'
- platform:
- type: 'object'
- properties:
- image:
- type: 'string'
- kernel:
- type: 'string'
- kernel_params:
- type: 'object'
- additionalProperties: true
- additionalProperties: false
- metadata:
- type: 'object'
- properties:
- tags:
- type: 'array'
- items:
- type: 'string'
- owner_data:
- type: 'object'
- additionalProperties:
- type: 'string'
- rack:
- type: 'string'
- boot_mac:
- type: 'string'
- additionalProperties: false
- host_profile:
- type: 'string'
- hardware_profile:
- type: 'string'
- primary_network:
- type: 'string'
- interfaces:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- device_link:
- type: 'string'
- slaves:
- type: 'array'
- items:
- type: 'string'
- networks:
- type: 'array'
- items:
- type: 'string'
- sriov:
- type: 'object'
- properties:
- vf_count:
- type: 'number'
- trustmode:
- type: 'boolean'
- additionalProperties: false
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/Network/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- cidr:
- type: 'string'
- ranges:
- type: 'array'
- items:
- type: 'object'
- properties:
- type:
- type: 'string'
- start:
- type: 'string'
- format: 'ipv4'
- end:
- type: 'string'
- format: 'ipv4'
- additionalProperties: false
- dns:
- type: 'object'
- properties:
- domain:
- type: 'string'
- servers:
- type: 'string'
- additionalProperties: false
- dhcp_relay:
- type: 'object'
- properties:
- self_ip:
- type: 'string'
- format: 'ipv4'
- upstream_target:
- type: 'string'
- format: 'ipv4'
- additionalProperties: false
- mtu:
- type: 'number'
- vlan:
- type: 'string'
- routedomain:
- type: 'string'
- routes:
- type: 'array'
- items:
- type: 'object'
- properties:
- subnet:
- type: 'string'
- gateway:
- type: 'string'
- format: 'ipv4'
- metric:
- type: 'number'
- routedomain:
- type: 'string'
- additionalProperties: false
- labels:
- type: 'object'
- additionalProperties: true
- additionalProperties: false
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/NetworkLink/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- bonding:
- type: 'object'
- properties:
- mode:
- type: 'string'
- hash:
- type: 'string'
- peer_rate:
- type: 'string'
- mon_rate:
- type: 'number'
- up_delay:
- type: 'number'
- down_delay:
- type: 'number'
- additionalProperties: false
- mtu:
- type: 'number'
- linkspeed:
- type: 'string'
- trunking:
- type: 'object'
- properties:
- mode:
- type: 'string'
- default_network:
- type: 'string'
- additionalProperties: false
- allowed_networks:
- type: 'array'
- items:
- type: 'string'
- labels:
- type: 'object'
- additionalProperties: true
- additionalProperties: false
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/Rack/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- tor_switches:
- type: 'object'
- properties:
- mgmt_ip:
- type: 'string'
- format: 'ipv4'
- sdn_api_uri:
- type: 'string'
- format: 'uri'
- location:
- type: 'object'
- properties:
- clli:
- type: 'string'
- grid:
- type: 'string'
- local_networks:
- type: 'array'
- items:
- type: 'string'
- labels:
- type: 'object'
- additionalProperties: true
- additionalProperties: false
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: drydock/Region/v1
- labels:
- application: drydock
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- tag_definitions:
- type: 'array'
- items:
- type: 'object'
- properties:
- tag:
- type: 'string'
- definition_type:
- type: 'string'
- enum:
- - 'lshw_xpath'
- definition:
- type: 'string'
- additionalProperties: false
- authorized_keys:
- type: 'array'
- items:
- type: 'string'
- repositories:
- # top level is class (e.g. apt, rpm)
- type: 'object'
- properties:
- remove_unlisted:
- type: 'boolean'
- additionalPropties:
- type: 'object'
- properties:
- repo_type:
- type: 'string'
- pattern: 'apt|rpm'
- url:
- type: 'string'
- distributions:
- type: 'array'
- items:
- type: 'string'
- subrepos:
- type: 'array'
- items:
- type: 'string'
- components:
- type: 'array'
- items:
- type: 'string'
- gpgkey:
- type: 'string'
- arches:
- type: 'array'
- items:
- type: 'string'
- options:
- type: 'object'
- additionalProperties:
- type: 'string'
- additionalProperties: false
- required:
- - 'repo_type'
- - 'url'
- - 'arches'
- additionalProperties: false
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: pegleg/AccountCatalogue/v1
-data:
- $schema: 'http://json-schema.org/schema#'
- type: object
- properties:
- ucp:
- type: object
- properties:
- postgres:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- keystone:
- type: object
- properties:
- admin:
- type: object
- properties:
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- promenade:
- type: object
- properties:
- keystone:
- type: object
- properties:
- region_name:
- type: string
- role:
- type: string
- project_name:
- type: string
- project_domain_name:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- drydock:
- type: object
- properties:
- keystone:
- type: object
- properties:
- region_name:
- type: string
- role:
- type: string
- project_name:
- type: string
- project_domain_name:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- postgres:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- shipyard:
- type: object
- properties:
- keystone:
- type: object
- properties:
- region_name:
- type: string
- role:
- type: string
- project_name:
- type: string
- project_domain_name:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- postgres:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- airflow:
- type: object
- properties:
- postgres:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_messaging:
- type: object
- properties:
- username:
- type: string
- maas:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- email:
- type: string
- postgres:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- barbican:
- type: object
- properties:
- keystone:
- type: object
- properties:
- region_name:
- type: string
- role:
- type: string
- project_name:
- type: string
- project_domain_name:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_messaging:
- type: object
- properties:
- username:
- type: string
- armada:
- type: object
- properties:
- keystone:
- type: object
- properties:
- project_domain_name:
- type: string
- project_name:
- type: string
- region_name:
- type: string
- role:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- deckhand:
- type: object
- properties:
- keystone:
- type: object
- properties:
- region_name:
- type: string
- role:
- type: string
- project_name:
- type: string
- project_domain_name:
- type: string
- user_domain_name:
- type: string
- username:
- type: string
- postgres:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- ceph:
- type: object
- properties:
- swift:
- type: object
- properties:
- keystone:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- osh:
- type: object
- properties:
- keystone:
- type: object
- properties:
- admin:
- type: object
- properties:
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- keystone:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- cinder:
- type: object
- properties:
- cinder:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- cinder:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- glance:
- type: object
- properties:
- glance:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- glance:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- ceph_object_store:
- type: object
- properties:
- username:
- type: string
- heat:
- type: object
- properties:
- heat:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- heat_trustee:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- heat_stack_user:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- heat:
- type: object
- properties:
- username:
- type: string
- swift:
- type: object
- properties:
- swift:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_db:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- neutron:
- type: object
- properties:
- neutron:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- neutron:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- nova:
- type: object
- properties:
- nova:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- placement:
- type: object
- properties:
- role:
- type: string
- region_name:
- type: string
- username:
- type: string
- project_name:
- type: string
- user_domain_name:
- type: string
- project_domain_name:
- type: string
- oslo_messaging:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- nova:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_db_api:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_db_cell0:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- horizon:
- type: object
- properties:
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- osh_infra:
- type: object
- properties:
- grafana:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- oslo_db_session:
- type: object
- properties:
- username:
- type: string
- database:
- type: string
- elasticsearch:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- oslo_db:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
- prometheus_openstack_exporter:
- type: object
- properties:
- user:
- type: object
- properties:
- username:
- type: string
- nagios:
- type: object
- properties:
- admin:
- type: object
- properties:
- username:
- type: string
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: pegleg/CommonAddresses/v1
-data:
- $schema: 'http://json-schema.org/schema#'
- type: object
- properties:
- calico:
- type: object
- properties:
- ip_autodetection_method:
- type: string
- etcd:
- type: object
- properties:
- service_ip:
- type: string
- dns:
- type: object
- properties:
- cluster_domain:
- type: string
- service_ip:
- type: string
- upstream_servers:
- type: array
- items:
- type: string
- upstream_servers_joined:
- type: string
- genesis:
- type: object
- properties:
- hostname:
- type: string
- ip:
- type: string
- bootstrap:
- type: object
- properties:
- ip:
- type: string
- kubernetes:
- type: object
- properties:
- api_service_ip:
- type: string
- etcd_service_ip:
- type: string
- pod_cidr:
- type: string
- service_cidr:
- type: string
- apiserver_port:
- type: number
- haproxy_port:
- type: number
- service_node_port_range:
- type: string
- etcd:
- type: object
- properties:
- container_port:
- type: number
- haproxy_port:
- type: number
- masters:
- type: array
- items:
- type: object
- properties:
- hostname:
- type: string
- node_ports:
- type: object
- properties:
- drydock_api:
- type: number
- maas_api:
- type: number
- maas_proxy:
- type: number
- shipyard_api:
- type: number
- airflow_web:
- type: number
- ntp:
- type: object
- properties:
- servers_joined:
- type: string
- storage:
- type: object
- properties:
- ceph:
- type: object
- properties:
- public_cidr:
- type: string
- cluster_cidr:
- type: string
- openvswitch:
- type: object
- properties:
- external_iface:
- type: string
- neutron:
- type: object
- properties:
- tunnel_device:
- type: string
- external_iface:
- type: string
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: pegleg/CommonSoftwareConfig/v1
-data:
- $schema: 'http://json-schema.org/schema#'
- type: object
- properties:
- osh:
- type: object
- properties:
- region_name:
- type: string
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: pegleg/EndpointCatalogue/v1
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- # Namespace the list of endpoints
- additionalProperties:
- type: 'object'
- additionalProperties:
- type: 'object'
- properties:
- namespace:
- oneOf:
- - type: string
- - type: "null"
- name:
- type: string
- auth:
- type: object
- hosts:
- type: object
- properties:
- data:
- type: string
- default:
- type: string
- discovery:
- type: string
- public:
- type: string
- internal:
- type: string
- additionalProperties:
- type: string
- host_fqdn_override:
- oneOf:
- - type: object
- properties:
- default:
- oneOf:
- - type: string
- - type: "null"
- - type: object
- properties:
- host:
- type: string
- tls:
- type: object
- properties:
- crt:
- type: string
- ca:
- type: string
- key:
- type: string
- additionalProperties:
- type: string
- public:
- oneOf:
- - type: string
- - type: "null"
- - type: object
- properties:
- host:
- type: string
- tls:
- type: object
- properties:
- crt:
- type: string
- ca:
- type: string
- key:
- type: string
- additionalProperties:
- type: string
- internal:
- oneOf:
- - type: string
- - type: "null"
- - type: object
- properties:
- host:
- type: string
- tls:
- type: object
- properties:
- crt:
- type: string
- ca:
- type: string
- key:
- type: string
- additionalProperties:
- type: string
- additionalProperties:
- type: string
- - type: "null"
- path:
- oneOf:
- - type: object
- properties:
- default:
- oneOf:
- - type: string
- - type: "null"
- public:
- type: string
- internal:
- type: string
- additionalProperties:
- type: string
- - type: string
- scheme:
- oneOf:
- - type: object
- properties:
- default:
- type: string
- public:
- type: string
- internal:
- type: string
- additionalProperties:
- type: string
- - type: string
- port:
- type: object
- additionalProperties:
- type: object
- properties:
- default:
- type: number
- public:
- type: number
- internal:
- type: number
- additionalProperties:
- type: number
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: pegleg/SoftwareVersions/v1
-data:
- $schema: 'http://json-schema.org/schema#'
- type: object
- properties:
- charts:
- type: object
- properties:
- kubernetes:
- type: object
- properties:
- calico:
- type: object
- properties:
- etcd:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- etcd-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- calico:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- apiserver:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- apiserver-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- controller-manager:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- controller-manager-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- coredns:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- coredns-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- haroxy:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- haroxy-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- etcd:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- etcd-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ingress:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ingress-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- proxy:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- proxy-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- scheduler:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- scheduler-htk:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- osh_infra:
- type: object
- properties:
- elasticsearch:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- fluent_logging:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- kibana:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- prometheus:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- prometheus_node_exporter:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- prometheus_kube_state_metrics:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- prometheus_alertmanager:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- grafana:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- prometheus_openstack_exporter:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- nagios:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- osh:
- type: object
- properties:
- barbican:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- cinder:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- glance:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- heat:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- horizon:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ingress:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- keystone:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- libvirt:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- mariadb:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- memcached:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- neutron:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- nova:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- openvswitch:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- rabbitmq:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ucp:
- type: object
- properties:
- armada:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- barbican:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ceph-mon:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ceph-osd:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ceph-client:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- deckhand:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- drydock:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- ingress:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- postgresql:
- type: object
-
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- promenade:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- keystone:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- maas:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- mariadb:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- memcached:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- rabbitmq:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- rabbitmq-etcd:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- shipyard:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- tiller:
- type: object
- properties:
- type:
- type: string
- location:
- type: string
- subpath:
- type: string
- reference:
- type: string
- files:
- type: object
- properties:
- kubelet:
- type: string
- images:
- type: object
- properties:
- ucp:
- type: object
- properties:
- armada:
- type: object
- properties:
- api:
- type: string
- dep_check:
- type: string
- ks_endpoints:
- type: string
- ks_service:
- type: string
- ks_user:
- type: string
- helm:
- type: string
- tiller:
- type: string
- promenade:
- type: object
- properties:
- dep_check:
- type: string
- promenade:
- type: string
- ks_user:
- type: string
- ks_service:
- type: string
- ks_endpoints:
- type: string
- deckhand:
- type: object
- properties:
- deckhand:
- type: string
- dep_check:
- type: string
- db_init:
- type: string
- db_sync:
- type: string
- ks_endpoints:
- type: string
- ks_service:
- type: string
- ks_user:
- type: string
- barbican:
- type: object
- properties:
- bootstrap:
- type: string
- dep_check:
- type: string
- scripted_test:
- type: string
- db_init:
- type: string
- barbican_db_sync:
- type: string
- db_drop:
- type: string
- ks_endpoints:
- type: string
- ks_service:
- type: string
- ks_user:
- type: string
- barbican_api:
- type: string
- drydock:
- type: object
- properties:
- drydock:
- type: string
- dep_check:
- type: string
- ks_endpoints:
- type: string
- ks_service:
- type: string
- ks_user:
- type: string
- drydock_db_init:
- type: string
- drydock_db_sync:
- type: string
- shipyard:
- type: object
- properties:
- airflow:
- type: string
- shipyard:
- type: string
- dep_check:
- type: string
- shipyard_db_init:
- type: string
- shipyard_db_sync:
- type: string
- airflow_db_init:
- type: string
- airflow_db_sync:
- type: string
- ks_user:
- type: string
- ks_service:
- type: string
- ks_endpoints:
- type: string
- maas:
- type: object
- properties:
- db_init:
- type: string
- db_sync:
- type: string
- maas_rack:
- type: string
- maas_region:
- type: string
- bootstrap:
- type: string
- export_api_key:
- type: string
- maas_cache:
- type: string
- dep_check:
- type: string
- keystone:
- type: object
- properties:
- keystone_bootstrap:
- type: string
- test:
- type: string
- db_init:
- type: string
- keystone_db_sync:
- type: string
- db_drop:
- type: string
- keystone_fernet_setup:
- type: string
- keystone_fernet_rotate:
- type: string
- keystone_credential_setup:
- type: string
- keystone_credential_rotate:
- type: string
- keystone_api:
- type: string
- dep_check:
- type: string
- tiller:
- type: object
- properties:
- tiller:
- type: string
- mariadb:
- type: object
- properties:
- mariadb:
- type: string
- dep_check:
- type: string
- postgresql:
- type: object
- properties:
- postgresql:
- type: string
- dep_check:
- type: string
- memcached:
- type: object
- properties:
- memcached:
- type: string
- dep_check:
- type: string
- rabbitmq:
- type: object
- properties:
- rabbitmq:
- type: string
- dep_check:
- type: string
- ceph:
- type: object
- properties:
- ceph-mon:
- type: object
- properties:
- fluentbit:
- type: string
- ceph_bootstrap:
- type: string
- dep_check:
- type: string
- ceph_mon:
- type: string
- ceph_config_helper:
- type: string
- ceph_mon_check:
- type: string
- image_repo_sync:
- type: string
- ceph-osd:
- type: object
- properties:
- fluentbit:
- type: string
- ceph_bootstrap:
- type: string
- dep_check:
- type: string
- ceph_osd:
- type: string
- image_repo_sync:
- type: string
- ceph-client:
- type: object
- properties:
- ks_endpoints:
- type: string
- ks_service:
- type: string
- ks_user:
- type: string
- ceph_bootstrap:
- type: string
- dep_check:
- type: string
- ceph_mds:
- type: string
- ceph_mgr:
- type: string
- ceph_rgw:
- type: string
- ceph_config_helper:
- type: string
- ceph_rbd_pool:
- type: string
- ceph_rbd_provisioner:
- type: string
- ceph_cephfs_provisioner:
- type: string
- image_repo_sync:
- type: string
- kubernetes:
- type: object
- properties:
- apiserver:
- type: object
- properties:
- anchor:
- type: string
- apiserver:
- type: string
- dep_check:
- type: string
- controller-manager:
- type: object
- properties:
- anchor:
- type: string
- controller_manager:
- type: string
- dep_check:
- type: string
- coredns:
- type: object
- properties:
- coredns:
- type: string
- haproxy:
- type: object
- properties:
- haproxy:
- type: string
- anchor:
- type: string
- etcd:
- type: object
- properties:
- etcd:
- type: string
- etcdctl:
- type: string
- kubectl:
- type: string
- pause:
- type: string
- scheduler:
- type: object
- properties:
- anchor:
- type: string
- scheduler:
- type: string
- proxy:
- type: object
- properties:
- proxy:
- type: string
- calico:
- type: object
- properties:
- etcd:
- type: object
- properties:
- etcd:
- type: string
- etcdctl:
- type: string
- calico:
- type: object
- properties:
- cni:
- type: string
- ctl:
- type: string
- node:
- type: string
- policy_controller:
- type: string
- packages:
- type: object
- properties:
- repositories:
- type: object
- additionalProperties:
- type: object
- properties:
- name:
- type: string
- url:
- type: string
- distributions:
- type: array
- items:
- type: string
- components:
- type: array
- items:
- type: string
- gpgkey:
- type: string
- named:
- type: object
- properties:
- docker:
- type: string
- socat:
- type: string
- unnamed:
- type: array
- items:
- type: string
-...
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/Docker/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- type: object
- properties:
- config:
- type: object
- required:
- - config
- additionalProperties: false
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/Genesis/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- definitions:
- abs_path:
- type: string
- pattern: '^/.+$'
- hostname:
- type: string
- pattern: '^[a-z][a-z0-9-]+$'
- file:
- properties:
- path:
- $ref: '#/definitions/abs_path'
- content:
- type: string
- mode:
- type: integer
- minimum: 0
- tar_url:
- $ref: '#/definitions/url'
- tar_path:
- $ref: '#/definitions/rel_path'
-
- requried:
- - mode
- - path
- oneOf:
- - type: object
- required:
- - content
- - type: object
- allOf:
- - type: object
- required:
- - tar_url
- - tar_path
- additionalProperties: false
- image:
- type: string
- # XXX add regex
- ip_address:
- type: string
- pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
- kubernetes_label:
- type: string
- # XXX add regex
- rel_path:
- type: string
- # XXX add regex
-
- type: object
- properties:
- armada:
- type: object
- properties:
- target_manifest:
- type: string
- additionalProperties: false
-
- apiserver:
- type: object
- properties:
- command_prefix:
- type: array
- items:
- type: string
- additionalProperties: false
-
- files:
- type: array
- items:
- $ref: '#/definitions/file'
-
- hostname:
- $ref: '#/definitions/hostname'
-
- ip:
- $ref: '#/definitions/ip_address'
-
- labels:
- properties:
- static:
- type: array
- items:
- $ref: '#/definitions/kubernetes_label'
- dynamic:
- type: array
- items:
- $ref: '#/definitions/kubernetes_label'
- additionalProperties: false
-
- images:
- type: object
- properties:
- armada:
- $ref: '#/definitions/image'
- helm:
- type: object
- properties:
- tiller:
- $ref: '#/definitions/image'
- required:
- - tiller
- additionalProperties: false
- kubernetes:
- type: object
- properties:
- apiserver:
- $ref: '#/definitions/image'
- controller-manager:
- $ref: '#/definitions/image'
- etcd:
- $ref: '#/definitions/image'
- scheduler:
- $ref: '#/definitions/image'
- required:
- - apiserver
- - controller-manager
- - etcd
- - scheduler
- additionalProperties: false
- required:
- - armada
- - helm
- - kubernetes
- additionalProperties: false
-
- required:
- - hostname
- - ip
- - images
- - labels
- additionalProperties: false
-...
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/HostSystem/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- definitions:
- abs_path:
- type: string
- pattern: '^/.+$'
- apt_source_line:
- type: string
- # XXX add regex
- file:
- properties:
- path:
- $ref: '#/definitions/abs_path'
- content:
- type: string
- mode:
- type: integer
- minimum: 0
- tar_url:
- $ref: '#/definitions/url'
- tar_path:
- $ref: '#/definitions/rel_path'
-
- requried:
- - mode
- - path
- oneOf:
- - type: object
- required:
- - content
- - type: object
- allOf:
- - type: object
- required:
- - tar_url
- - tar_path
- additionalProperties: false
-
- image:
- type: string
- # XXX add regex
- package:
- type: string
- # XXX add regex
- public_key:
- type: string
- # XXX add regex
- rel_path:
- type: string
- # XXX add regex
- url:
- type: string
- # XXX add regex
-
- type: object
-
- properties:
- files:
- type: array
- items:
- type: object
- items:
- $ref: '#/definitions/file'
- images:
- type: object
- properties:
- haproxy:
- $ref: '#/definitions/image'
- coredns:
- $ref: '#/definitions/image'
- helm:
- type: object
- properties:
- helm:
- $ref: '#/definitions/image'
- required:
- - helm
- additionalProperties: false
- kubernetes:
- type: object
- properties:
- kubectl:
- $ref: '#/definitions/image'
- required:
- - kubectl
- additionalProperties: false
- required:
- - haproxy
- - coredns
- - helm
- - kubernetes
- additionalProperties: false
-
- packages:
- type: object
- properties:
- additional:
- type: array
- items:
- $ref: '#/definitions/package'
- keys:
- type: array
- items:
- $ref: '#/definitions/public_key'
-
- required:
- type: object
- properties:
- docker:
- $ref: '#/definitions/package'
- socat:
- $ref: '#/definitions/package'
- required:
- - docker
- - socat
- additionalProperties: false
-
- repositories:
- type: array
- items:
- $ref: '#/definitions/apt_source_line'
-
- required:
- - required
- additionalProperties: false
-
- required:
- - images
- - packages
- additionalProperties: false
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/Kubelet/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- type: object
- definitions:
- image:
- type: string
- # XXX add regex
-
- properties:
- images:
- type: object
- properties:
- pause:
- $ref: '#/definitions/image'
- required:
- - pause
- additionalProperties: false
- arguments:
- type: array
- items:
- type: string
- required:
- - images
- additionalProperties: false
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/KubernetesNetwork/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- definitions:
- cidr:
- type: string
- pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\/([0-9]|[1-2][0-9]|3[0-2])$'
- domain_name:
- type: string
- format: hostname
- domain_suffix:
- type: string
- pattern: '^\.[a-z0-9][a-z0-9-\.]*$'
- hostname:
- type: string
- format: hostname
- hostname_or_ip_address:
- anyOf:
- - $ref: '#/definitions/hostname'
- - $ref: '#/definitions/ip_address'
- - $ref: '#/definitions/domain_suffix'
- ip_address:
- type: string
- format: ipv4
- url:
- type: string
- format: uri
-
- type: object
- properties:
- dns:
- type: object
- properties:
- bootstrap_validation_checks:
- type: array
- items:
- $ref: '#/definitions/domain_name'
- cluster_domain:
- $ref: '#/definitions/domain_name'
- service_ip:
- $ref: '#/definitions/ip_address'
- upstream_servers:
- type: array
- items:
- $ref: '#/definitions/ip_address'
- required:
- - cluster_domain
- - service_ip
- additionalProperties: false
-
- etcd:
- type: object
- properties:
- container_port:
- type: integer
- haproxy_port:
- type: integer
- # NOTE(mark-burnett): No longer used.
- service_ip:
- $ref: '#/definitions/ip_address'
- required:
- - container_port
- - haproxy_port
- additionalProperties: false
-
- kubernetes:
- type: object
- properties:
- pod_cidr:
- $ref: '#/definitions/cidr'
- service_ip:
- $ref: '#/definitions/ip_address'
- service_cidr:
- $ref: '#/definitions/cidr'
- apiserver_port:
- type: integer
- haproxy_port:
- type: integer
- required:
- - pod_cidr
- - service_cidr
- - service_ip
- - apiserver_port
- - haproxy_port
- additionalProperties: false
- hosts_entries:
- type: array
- items:
- type: object
- properties:
- ip:
- $ref: '#/definitions/ip_address'
- names:
- type: array
- items:
- $ref: '#/definitions/hostname'
-
- proxy:
- type: object
- properties:
- additional_no_proxy:
- type: array
- items:
- $ref: '#/definitions/hostname_or_ip_address'
- url:
- $ref: '#/definitions/url'
- required:
- - url
- additionalFields: false
-
- required:
- - dns
- - kubernetes
- additionalProperties: false
-...
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/KubernetesNode/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- definitions:
- hostname:
- type: string
- pattern: '^[a-z][a-z0-9-]+$'
- ip_address:
- type: string
- pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
- kubernetes_label:
- type: string
- # XXX add regex
-
- type: object
- properties:
- hostname:
- $ref: '#/definitions/hostname'
-
- ip:
- $ref: '#/definitions/ip_address'
-
- join_ip:
- $ref: '#/definitions/ip_address'
-
- labels:
- properties:
- static:
- type: array
- items:
- $ref: '#/definitions/kubernetes_label'
- dynamic:
- type: array
- items:
- $ref: '#/definitions/kubernetes_label'
- additionalProperties: false
-
- required:
- - ip
- - join_ip
- additionalProperties: false
+++ /dev/null
----
-schema: deckhand/DataSchema/v1
-metadata:
- schema: metadata/Control/v1
- name: promenade/PKICatalog/v1
- labels:
- application: promenade
-data:
- $schema: http://json-schema.org/schema#
- certificate_authorities:
- type: array
- items:
- type: object
- properties:
- description:
- type: string
- certificates:
- type: array
- items:
- type: object
- properties:
- document_name:
- type: string
- description:
- type: string
- common_name:
- type: string
- hosts:
- type: array
- items: string
- groups:
- type: array
- items: string
- keypairs:
- type: array
- items:
- type: object
- properties:
- name:
- type: string
- description:
- type: string
-...
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: shipyard/DeploymentConfiguration/v1
- labels:
- application: shipyard
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- properties:
- physical_provisioner:
- type: 'object'
- properties:
- deployment_strategy:
- type: 'string'
- deploy_interval:
- type: 'integer'
- deploy_timeout:
- type: 'integer'
- destroy_interval:
- type: 'integer'
- destroy_timeout:
- type: 'integer'
- join_wait:
- type: 'integer'
- prepare_node_interval:
- type: 'integer'
- prepare_node_timeout:
- type: 'integer'
- prepare_site_interval:
- type: 'integer'
- prepare_site_timeout:
- type: 'integer'
- verify_interval:
- type: 'integer'
- verify_timeout:
- type: 'integer'
- additionalProperties: false
- kubernetes:
- type: 'object'
- properties:
- node_status_interval:
- type: 'integer'
- node_status_timeout:
- type: 'integer'
- additionalProperties: false
- kubernetes_provisioner:
- type: 'object'
- properties:
- drain_timeout:
- type: 'integer'
- drain_grace_period:
- type: 'integer'
- clear_labels_timeout:
- type: 'integer'
- remove_etcd_timeout:
- type: 'integer'
- etcd_ready_timeout:
- type: 'integer'
- additionalProperties: false
- armada:
- type: 'object'
- properties:
- get_releases_timeout:
- type: 'integer'
- get_status_timeout:
- type: 'integer'
- manifest:
- type: 'string'
- post_apply_timeout:
- type: 'integer'
- validate_design_timeout:
- type: 'integer'
- additionalProperties: false
- required:
- - manifest
- additionalProperties: false
- required:
- - armada
+++ /dev/null
----
-schema: 'deckhand/DataSchema/v1'
-metadata:
- schema: metadata/Control/v1
- name: shipyard/DeploymentStrategy/v1
- labels:
- application: shipyard
-data:
- $schema: 'http://json-schema.org/schema#'
- type: 'object'
- required:
- - groups
- properties:
- groups:
- type: 'array'
- minItems: 0
- items:
- type: 'object'
- required:
- - name
- - critical
- - depends_on
- - selectors
- properties:
- name:
- type: 'string'
- minLength: 1
- critical:
- type: 'boolean'
- depends_on:
- type: 'array'
- minItems: 0
- items:
- type: 'string'
- selectors:
- type: 'array'
- minItems: 0
- items:
- type: 'object'
- minProperties: 1
- properties:
- node_names:
- type: 'array'
- items:
- type: 'string'
- node_labels:
- type: 'array'
- items:
- type: 'string'
- node_tags:
- type: 'array'
- items:
- type: 'string'
- rack_names:
- type: 'array'
- items:
- type: 'string'
- additionalProperties: false
- success_criteria:
- type: 'object'
- minProperties: 1
- properties:
- percent_successful_nodes:
- type: 'integer'
- minimum: 0
- maximum: 100
- minimum_successful_nodes:
- type: 'integer'
- minimum: 0
- maximum_failed_nodes:
- type: 'integer'
- minimum: 0
- additionalProperties: false
+++ /dev/null
----
-schema: pegleg/Script/v1
-metadata:
- schema: metadata/Document/v1
- name: configure-ip-rules
- storagePolicy: cleartext
- layeringDefinition:
- abstract: false
- layer: global
-data: |-
- #!/bin/bash
- set -ex
-
- function usage() {
- cat <<EOU
- Options are:
-
- -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
- -i INTERFACE (optional) The interface for internal pod traffic, e.g.
- bond0.22. Used to auto-detect the service gateway.
- Exclusive with -g.
- -g SERVICE_GW (optional) The service gateway/VRR IP for routing pod
- traffic. Exclusive with -i.
- -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
- INTERFACE. It is used to provide a work around when
- complete Calico routes cannot be received via BGP.
- e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
- -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
- e.g. 10.23.22.192/29
- EOU
- }
-
- SERVICE_CIDR=
- OVERLAP_CIDR=
-
- while getopts ":c:g:hi:o:s:" o; do
- case "${o}" in
- c)
- POD_CIDR=${OPTARG}
- ;;
- g)
- SERVICE_GW=${OPTARG}
- ;;
- h)
- usage
- exit 0
- ;;
- i)
- INTERFACE=${OPTARG}
- ;;
- o)
- OVERLAP_CIDR=${OPTARG}
- ;;
- s)
- SERVICE_CIDR=${OPTARG}
- ;;
- \?)
- echo "Unknown option: -${OPTARG}" >&2
- exit 1
- ;;
- :)
- echo "Missing argument for option: -${OPTARG}" >&2
- exit 1
- ;;
- *)
- echo "Unimplemented option: -${OPTARG}" >&2
- exit 1
- ;;
- esac
- done
- shift $((OPTIND-1))
-
- if [ "x$POD_CIDR" == "x" ]; then
- echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
- usage
- exit 1
- fi
-
- if [ "x$INTERFACE" != "x" ]; then
- while ! ip route list dev "${INTERFACE}" > /dev/null; do
- echo Waiting for device "${INTERFACE}" to be ready. >&2
- sleep 5
- done
- fi
-
- intra_vrrp_ip=
- if [ "x${SERVICE_GW}" == "x" ]; then
- intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
- else
- intra_vrrp_ip=${SERVICE_GW}
- fi
-
- TABLE="1500"
-
- if [ "x${intra_vrrp_ip}" == "x" ]; then
- echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
- usage
- exit 1
- fi
-
- # Setup a routing table for traffic from service IPs
- ip route flush table "${TABLE}"
- ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
-
- # Setup arp_announce adjustment on interface facing gateway
- arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
- echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
-
-
- if [ "x$OVERLAP_CIDR" != "x" ]; then
- # NOTE: This is a work-around for nodes not receiving complete
- # routes via BGP.
- ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
- fi
-
- if [ "x$SERVICE_CIDR" != "x" ]; then
- # Traffic from the service IPs to pods should use the pod network.
- ip rule add \
- from "${SERVICE_CIDR}" \
- to "${POD_CIDR}" \
- lookup main \
- pref 10000
- # Other traffic from service IPs should only use the VRRP IP
- ip rule add \
- from "${SERVICE_CIDR}" \
- lookup "${TABLE}" \
- pref 10100
- fi
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- name: kubernetes-calico-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.calico.calico
- dest:
- path: .source
- # Image versions
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.calico.calico
- dest:
- path: .values.images.tags
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.etcd.service_ip
- dest:
- path: .values.endpoints.etcd.host_fqdn_override.default
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.networking.podSubnet
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.api_service_ip
- dest:
- path: .values.conf.policy_controller.K8S_API
- pattern: SUB_KUBERNETES_IP
-
- # Other site-specific configuration
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.ip_autodetection_method
- dest:
- path: .values.conf.node.IP_AUTODETECTION_METHOD
-
- # Certificates
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: calico-etcd
- path: .
- dest:
- path: .values.endpoints.etcd.auth.client.tls.ca
- - src:
- schema: deckhand/Certificate/v1
- name: calico-node
- path: .
- dest:
- path: .values.endpoints.etcd.auth.client.tls.crt
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-node
- path: .
- dest:
- path: .values.endpoints.etcd.auth.client.tls.key
-
-data:
- chart_name: calico
- release: kubernetes-calico
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-calico
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-calico
- values:
- conf:
- cni_network_config:
- name: k8s-pod-network
- cniVersion: 0.1.0
- type: calico
- etcd_endpoints: __ETCD_ENDPOINTS__
- etcd_ca_cert_file: /etc/calico/pki/ca
- etcd_cert_file: /etc/calico/pki/crt
- etcd_key_file: /etc/calico/pki/key
- log_level: info
- mtu: 1500
- ipam:
- type: calico-ipam
- policy:
- type: k8s
- k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
- k8s_auth_token: __SERVICEACCOUNT_TOKEN__
-
- policy_controller:
- K8S_API: "https://SUB_KUBERNETES_IP:443"
-
- node:
- CALICO_STARTUP_LOGLEVEL: INFO
- CLUSTER_TYPE:
- - k8s
- - bgp
- WAIT_FOR_STORAGE: "true"
-
- endpoints:
- etcd:
- hosts:
- default: calico-etcd
- scheme:
- default: https
-
- networking:
- mtu: 1500
- settings:
- mesh: "on"
- ippool:
- ipip:
- enabled: "true"
- mode: "always"
- nat_outgoing: "true"
- disabled: "false"
-
- manifests:
- daemonset_calico_etcd: false
- job_image_repo_sync: false
- service_calico_etcd: false
- dependencies:
- - calico-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: calico-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.calico.calico-htk
- dest:
- path: .source
-data:
- chart_name: calico-htk
- release: calico-htk
- namespace: calico-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-container-networking
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Container networking via Calico
- sequenced: true
- chart_group:
- - kubernetes-calico-etcd
- - kubernetes-calico
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico-etcd-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: kubernetes-calico-etcd-global
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.calico.etcd
- dest:
- path: .source
-
- # Image versions
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.calico.etcd
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.etcd.service_ip
- dest:
- path: .values.service.ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.etcd.service_ip
- dest:
- path: .values.anchor.etcdctl_endpoint
-
- # CAs
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: calico-etcd
- path: .
- dest:
- path: .values.secrets.tls.client.ca
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: calico-etcd-peer
- path: .
- dest:
- path: .values.secrets.tls.peer.ca
-
- # Anchor client cert
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.key
-
-data:
- chart_name: etcd
- release: kubernetes-calico-etcd
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-calico-etcd
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-calico-etcd
- values:
- labels:
- anchor:
- node_selector_key: calico-etcd
- node_selector_value: enabled
- etcd:
- host_data_path: /var/lib/etcd/calico
- host_etc_path: /etc/etcd/calico
- bootstrapping:
- enabled: true
- host_directory: /var/lib/anchor
- filename: calico-etcd-bootstrap
- service:
- name: calico-etcd
- network:
- service_client:
- name: service_client
- port: 6666
- target_port: 6666
- service_peer:
- name: service_peer
- port: 6667
- target_port: 6667
- dependencies:
- - kubernetes-calico-etcd-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico-etcd-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.calico.etcd-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-calico-etcd-htk
- release: kubernetes-calico-etcd-htk
- namespace: kubernetes-calico-etcd-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-apiserver
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.apiserver
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.apiserver
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.api_service_ip
- dest:
- path: .values.network.kubernetes_service_ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.network.pod_cidr
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .values.command_prefix[1]
- pattern: SERVICE_CIDR
-
- # Kubernetes Port Range
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_node_port_range
- dest:
- path: .values.command_prefix[2]
- pattern: SERVICE_NODE_PORT_RANGE
-
- # CA
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes
- path: .
- dest:
- path: .values.secrets.tls.ca
-
- # Certificates
- - src:
- schema: deckhand/Certificate/v1
- name: apiserver
- path: .
- dest:
- path: .values.secrets.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: apiserver
- path: .
- dest:
- path: .values.secrets.tls.key
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes-etcd
- path: .
- dest:
- path: .values.secrets.etcd.tls.ca
- - src:
- schema: deckhand/Certificate/v1
- name: apiserver-etcd
- path: .
- dest:
- path: .values.secrets.etcd.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: apiserver-etcd
- path: .
- dest:
- path: .values.secrets.etcd.tls.key
- - src:
- schema: deckhand/PublicKey/v1
- name: service-account
- path: .
- dest:
- path: .values.secrets.service_account.public_key
-
-data:
- chart_name: apiserver
- release: kubernetes-apiserver
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-apiserver
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-apiserver
- values:
- apiserver:
- etcd:
- endpoints: https://127.0.0.1:2378
- command_prefix:
- - /apiserver
- - --service-cluster-ip-range=SERVICE_CIDR
- - --service-node-port-range=SERVICE_NODE_PORT_RANGE
- - --authorization-mode=Node,RBAC
- - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- - --endpoint-reconciler-type=lease
- dependencies:
- - kubernetes-apiserver-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-apiserver-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.apiserver-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-apiserver-htk
- release: kubernetes-apiserver-htk
- namespace: kubernetes-apiserver-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-core
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Kubernetes components
- chart_group:
- - kubernetes-apiserver
- - kubernetes-controller-manager
- - kubernetes-scheduler
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-controller-manager
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.controller-manager
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.controller-manager
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.network.pod_cidr
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .values.network.service_cidr
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.command_prefix[1]
- pattern: SUB_POD_CIDR
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .values.command_prefix[2]
- pattern: SUB_SERVICE_CIDR
-
- # CA
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes
- path: .
- dest:
- path: .values.secrets.tls.ca
-
- # Certificates
- - src:
- schema: deckhand/Certificate/v1
- name: controller-manager
- path: .
- dest:
- path: .values.secrets.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: controller-manager
- path: .
- dest:
- path: .values.secrets.tls.key
-
- # Private key for Kubernetes service account token signing
- - src:
- schema: deckhand/PrivateKey/v1
- name: service-account
- path: .
- dest:
- path: .values.secrets.service_account.private_key
-
-data:
- chart_name: controller-manager
- release: kubernetes-controller-manager
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-controller-manager
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-controller-manager
- values:
- command_prefix:
- - /controller-manager
- - --cluster-cidr=SUB_POD_CIDR
- - --service-cluster-ip-range=SUB_SERVICE_CIDR
- - --node-monitor-period=5s
- - --node-monitor-grace-period=20s
- - --pod-eviction-timeout=60s
- network:
- kubernetes_netloc: 127.0.0.1:6553
- dependencies:
- - kubernetes-controller-manager-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-controller-manager-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.controller-manager-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-controller-manager-htk
- release: kubernetes-controller-manager-htk
- namespace: kubernetes-controller-manager-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-scheduler
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.scheduler
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.scheduler
- dest:
- path: .values.images.tags
-
- # CA
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes
- path: .
- dest:
- path: .values.secrets.tls.ca
-
- # Certificates
- - src:
- schema: deckhand/Certificate/v1
- name: scheduler
- path: .
- dest:
- path: .values.secrets.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: scheduler
- path: .
- dest:
- path: .values.secrets.tls.key
-
-data:
- chart_name: scheduler
- release: kubernetes-scheduler
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-scheduler
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-scheduler
- values:
- network:
- kubernetes_netloc: 127.0.0.1:6553
- dependencies:
- - kubernetes-scheduler-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-scheduler-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.scheduler-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-scheduler-htk
- release: kubernetes-scheduler-htk
- namespace: kubernetes-scheduler-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-dns
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Cluster DNS
- chart_group:
- - coredns
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: coredns
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- name: coredns-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.coredns
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.coredns
- dest:
- path: .values.images.tags
-
- # IP Addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.service_ip
- dest:
- path: .values.service.ip
-
- # Zones
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.cluster_domain
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(CLUSTER_DOMAIN)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(SERVICE_CIDR)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(POD_CIDR)'
-
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.upstream_servers[0]
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(UPSTREAM1)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.upstream_servers[1]
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(UPSTREAM2)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.upstream_servers[2]
- dest:
- path: .values.conf.coredns.corefile
- pattern: '(UPSTREAM3)'
-
-data:
- chart_name: coredns
- release: coredns
- namespace: kube-system
- wait:
- timeout: 600
- labels:
- release_group: airship-coredns
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-coredns
- values:
- conf:
- coredns:
- corefile: |
- .:53 {
- errors
- health
- autopath @kubernetes
- kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
- pods insecure
- fallthrough in-addr.arpa ip6.arpa
- upstream UPSTREAM1
- upstream UPSTREAM2
- upstream UPSTREAM3
- }
- prometheus :9153
- forward . UPSTREAM1 UPSTREAM2 UPSTREAM3
- cache 30
- }
-
- labels:
- coredns:
- node_selector_key: kube-dns
- node_selector_value: enabled
-
- dependencies:
- - coredns-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: coredns-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.coredns-htk
- dest:
- path: .source
-data:
- chart_name: coredns-htk
- release: coredns-htk
- namespace: coredns-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-etcd
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Kubernetes etcd
- chart_group:
- - kubernetes-etcd
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-etcd-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: kubernetes-etcd-global
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.etcd
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.etcd
- dest:
- path: .values.images.tags
-
- # IP addresses
- -
- src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.etcd_service_ip
- dest:
- path: .values.service.ip
- -
- src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.etcd_service_ip
- dest:
- path: .values.anchor.etcdctl_endpoint
-
- # CAs
- -
- src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes-etcd
- path: .
- dest:
- path: .values.secrets.tls.client.ca
- -
- src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes-etcd-peer
- path: .
- dest:
- path: .values.secrets.tls.peer.ca
-
- -
- src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.cert
- -
- src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.key
-
-data:
- chart_name: etcd
- release: kubernetes-etcd
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-etcd
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-etcd
- values:
- labels:
- anchor:
- node_selector_key: kubernetes-etcd
- node_selector_value: enabled
- etcd:
- host_data_path: /var/lib/etcd/kubernetes
- host_etc_path: /etc/etcd/kubernetes
- service:
- name: kubernetes-etcd
- network:
- service_client:
- name: service_client
- port: 2379
- target_port: 2379
- service_peer:
- name: service_peer
- port: 2380
- target_port: 2380
- dependencies:
- - kubernetes-etcd-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-etcd-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.etcd-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-etcd-htk
- release: kubernetes-etcd-htk
- namespace: kubernetes-etcd-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-haproxy
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: HAProxy for Kubernetes
- chart_group:
- - haproxy
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: haproxy
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.haproxy
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.haproxy
- dest:
- path: .values.images.tags
-
- # Kubernetes configuration
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.api_service_ip
- dest:
- path: .values.conf.anchor.kubernetes_url
- pattern: KUBERNETES_IP
-
-data:
- chart_name: haproxy
- release: haproxy
- namespace: kube-system
- protected:
- continue_processing: true
- wait:
- timeout: 600
- labels:
- release_group: airship-haproxy
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-haproxy
- values:
- conf:
- anchor:
- kubernetes_url: https://KUBERNETES_IP:443
- services:
- default:
- kubernetes:
- server_opts: "check port 6443"
- conf_parts:
- frontend:
- - mode tcp
- - option tcpka
- - bind *:6553
- backend:
- - mode tcp
- - option tcpka
- - option tcp-check
- - option redispatch
- kube-system:
- kubernetes-etcd:
- server_opts: "check port 2379"
- conf_parts:
- frontend:
- - mode tcp
- - option tcpka
- - bind *:2378
- backend:
- - mode tcp
- - option tcpka
- - option tcp-check
- - option redispatch
- dependencies:
- - haproxy-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: haproxy-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.haproxy-htk
- dest:
- path: .source
-data:
- chart_name: haproxy-htk
- release: haproxy-htk
- namespace: haproxy-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ingress-kube-system
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ingress for the site
- chart_group:
- - ingress-kube-system
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: global-ingress-kube-system
- labels:
- ingress: kube-system
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.ingress
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.ingress
- dest:
- path: .values.images.tags
-data:
- chart_name: ingress-kube-system
- release: ingress-kube-system
- namespace: kube-system
- wait:
- timeout: 300
- labels:
- release_group: airship-ingress-kube-system
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ingress-kube-system
- values:
- labels:
- server:
- node_selector_key: kube-ingress
- node_selector_value: enabled
- error_server:
- node_selector_key: kube-ingress
- node_selector_value: enabled
- deployment:
- mode: cluster
- type: DaemonSet
- network:
- host_namespace: true
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/proxy-read-timeout: "603"
- pod:
- replicas:
- error_page: 2
- dependencies:
- - ingress-kube-system-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ingress-kube-system-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.ingress-htk
- dest:
- path: .source
-data:
- chart_name: ingress-kube-system-htk
- release: ingress-kube-system-htk
- namespace: ingress-kube-system-htk
- values: {}
- dependencies: []
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-proxy
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Kubernetes proxy
- sequenced: true
- chart_group:
- - kubernetes-proxy
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-proxy
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.proxy
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.proxy
- dest:
- path: .values.images.tags
-
- # IP Addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .values.command_prefix[1]
- pattern: POD_CIDR
-
- # Secrets
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes
- path: .
- dest:
- path: .values.secrets.tls.ca
-data:
- chart_name: proxy
- release: kubernetes-proxy
- namespace: kube-system
- wait:
- timeout: 600
- labels:
- release_group: airship-kubernetes-proxy
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kubernetes-proxy
- values:
- command_prefix:
- - /proxy
- - --cluster-cidr=POD_CIDR
- - --proxy-mode=iptables
- kube_service:
- host: 127.0.0.1
- port: 6553
- dependencies:
- - kubernetes-proxy-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-proxy-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.proxy-htk
- dest:
- path: .source
-data:
- chart_name: kubernetes-proxy-htk
- release: kubernetes-proxy-htk
- namespace: kubernetes-proxy-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-helm-toolkit
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.helm_toolkit
- dest:
- path: .source
-data:
- chart_name: helm-toolkit
- release: osh-infra-helm-toolkit
- namespace: osh-infra-helm-toolkit
- wait:
- timeout: 600
- labels:
- release_group: airship-osh-infra-helm-toolkit
- upgrade:
- no_hooks: true
- values: {}
- dependencies: []
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
-
-data:
- chart_name: osh-infra-ceph-config
- release: osh-infra-ceph-config
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-osh-infra-ceph-config
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-osh-infra-ceph-config
- values:
- labels:
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- deployment:
- ceph: false
- client_secrets: true
- rbd_provisioner: false
- cephfs_provisioner: false
- rgw_keystone_user_and_endpoints: false
- bootstrap:
- enabled: false
- conf:
- rgw_ks:
- enabled: true
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ceph config for OpenStack-Infra namespace(s)
- chart_group:
- - osh-infra-ceph-config
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-dashboards
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OSH Infra Dashboards
- chart_group:
- - kibana
- - grafana
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: grafana
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.grafana
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.grafana
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.oslo_db
- dest:
- path: .values.endpoints.oslo_db_session
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.grafana
- dest:
- path: .values.endpoints.grafana
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.monitoring
- dest:
- path: .values.endpoints.monitoring
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.ldap
- dest:
- path: .values.endpoints.ldap
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.admin
- dest:
- path: .values.endpoints.grafana.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db_session
- dest:
- path: .values.endpoints.oslo_db_session.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db_session.database
- dest:
- path: .values.endpoints.oslo_db_session.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.grafana.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_session.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_oslo_db_session_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_session.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_oslo_db_admin_password
- path: .
-
- # LDAP Configuration Details
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.ldap.admin.bind
- dest:
- path: .values.endpoints.ldap.auth.admin.bind_dn
- - dest:
- path: .values.endpoints.ldap.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_ldap_password
- path: .
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.base_dns.search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.base_dns.search
- pattern: DOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.base_dns.group_search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.base_dns.group_search
- pattern: DOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.common_name
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: COMMON_NAME
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: DOMAIN
-data:
- chart_name: grafana
- release: grafana
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-grafana
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-grafana
- post:
- create: []
- values:
- labels:
- grafana:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conf:
- ldap:
- config:
- base_dns:
- search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
- group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
- filters:
- search: "(sAMAccountName=%s)"
- group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
- template: |
- verbose_logging = true
- [[servers]]
- host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
- port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- use_ssl = false
- start_tls = false
- ssl_skip_verify = false
- bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
- bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
- search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
- search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
- group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
- [servers.attributes]
- username = "sAMAccountName"
- surname = "sn"
- member_of = "memberof"
- email = "mail"
- [[servers.group_mappings]]
- group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
- org_role = "Admin"
- [[servers.group_mappings]]
- group_dn = "*"
- org_role = "Viewer"
- pod:
- replicas:
- grafana: 2
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kibana
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.kibana
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.kibana
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.elasticsearch
- dest:
- path: .values.endpoints.elasticsearch
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.kibana
- dest:
- path: .values.endpoints.kibana
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.ldap
- dest:
- path: .values.endpoints.ldap
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.elasticsearch.admin
- dest:
- path: .values.endpoints.elasticsearch.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.elasticsearch.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_elasticsearch_admin_password
- path: .
-
- # LDAP Details
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.ldap.admin
- dest:
- path: .values.endpoints.ldap.auth.admin
- - dest:
- path: .values.endpoints.ldap.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_ldap_password
- path: .
-data:
- chart_name: kibana
- release: kibana
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-kibana
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-kibana
- create: []
- post:
- create: []
- values:
- conf:
- apache:
- host: |
- <VirtualHost *:80>
- ProxyRequests off
- ProxyPreserveHost On
- <Location />
- ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- </Location>
- <Proxy *>
- AuthName "Kibana"
- AuthType Basic
- AuthBasicProvider file ldap
- AuthUserFile /usr/local/apache2/conf/.htpasswd
- AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
- AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
- AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- Require valid-user
- </Proxy>
- </VirtualHost>
- labels:
- kibana:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-ingress-controller
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OpenStack Namespace Ingress
- chart_group:
- - osh-infra-ingress-controller
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-ingress-controller
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.ingress
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.ingress
- dest:
- path: .values.images.tags
-data:
- chart_name: osh-infra-ingress-controller
- release: osh-infra-ingress-controller
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-osh-infra-ingress-controller
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-osh-infra-ingress-controller
- values:
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- error_server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- ingress: 2
- error_page: 2
- dependencies:
- - osh-helm-toolkit
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-logging
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OSH Infra Logging
- chart_group:
- - elasticsearch
- - fluent-logging
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: elasticsearch-global
- labels:
- hosttype: elasticsearch-global
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.elasticsearch
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.elasticsearch
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.elasticsearch
- dest:
- path: .values.endpoints.elasticsearch
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.prometheus_elasticsearch_exporter
- dest:
- path: .values.endpoints.prometheus_elasticsearch_exporter
-
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.ldap
- dest:
- path: .values.endpoints.ldap
-
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.elasticsearch.admin
- dest:
- path: .values.endpoints.elasticsearch.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.elasticsearch.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_elasticsearch_admin_password
- path: .
-
- # LDAP Details
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.ldap.admin
- dest:
- path: .values.endpoints.ldap.auth.admin
- - dest:
- path: .values.endpoints.ldap.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_ldap_password
- path: .
-data:
- chart_name: elasticsearch
- release: elasticsearch
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-elasticsearch
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-elasticsearch
- create: []
- post:
- create: []
- values:
- labels:
- elasticsearch:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- conf:
- apache:
- host: |
- <VirtualHost *:80>
- <Location />
- ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- </Location>
- <Proxy *>
- AuthName "Elasticsearch"
- AuthType Basic
- AuthBasicProvider file ldap
- AuthUserFile /usr/local/apache2/conf/.htpasswd
- AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
- AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
- AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- Require valid-user
- </Proxy>
- </VirtualHost>
- elasticsearch:
- env:
- java_opts: "-Xms5g -Xmx5g"
- curator:
- #run every 6th hour
- schedule: "0 */6 * * *"
- action_file:
- # Remember, leave a key empty if there is no value. None will be a string,
- # not a Python "NoneType"
- #
- # Also remember that all examples have 'disable_action' set to True. If you
- # want to use this action as a template, be sure to set this to False after
- # copying it.
- actions:
- 1:
- action: delete_indices
- description: >-
- "Delete indices older than 7 days"
- options:
- timeout_override:
- continue_if_exception: False
- ignore_empty_list: True
- disable_action: False
- filters:
- - filtertype: pattern
- kind: prefix
- value: logstash-
- - filtertype: age
- source: name
- direction: older
- timestring: '%Y.%m.%d'
- unit: days
- unit_count: 7
- 2:
- action: delete_indices
- description: >-
- "Delete indices by age if available disk space is
- less than 80% total disk"
- options:
- timeout_override: 600
- continue_if_exception: False
- ignore_empty_list: True
- disable_action: False
- filters:
- - filtertype: pattern
- kind: prefix
- value: logstash-
- - filtertype: space
- source: creation_date
- use_age: True
- disk_space: 1200
- storage:
- elasticsearch:
- requests:
- storage: 500Gi
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: fluent-logging-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- hosttype: fluent-logging-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.fluent_logging
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.fluent_logging
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.elasticsearch
- dest:
- path: .values.endpoints.elasticsearch
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.prometheus_fluentd_exporter
- dest:
- path: .values.endpoints.prometheus_fluentd_exporter
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.elasticsearch.admin
- dest:
- path: .values.endpoints.elasticsearch.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.elasticsearch.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_elasticsearch_admin_password
- path: .
-
-data:
- chart_name: fluent-logging
- release: fluent-logging
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-fluent-logging
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-fluent-logging
- create: []
- post:
- create: []
- values:
- labels:
- fluentd:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- fluentbit:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_fluentd_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- static:
- fluentbit:
- jobs: ""
- services:
- - endpoint: internal
- service: fluentd
- fluentd:
- jobs: ""
- services:
- - endpoint: internal
- service: elasticsearch
- manifests:
- job_elasticsearch_template: false
- conf:
- fluentbit:
- - service:
- header: service
- Flush: 5
- Daemon: Off
- Log_Level: info
- Parsers_File: parsers.conf
- - containers_tail:
- header: input
- Name: tail
- Tag: kube.*
- Path: /var/log/containers/*.log
- Parser: docker
- DB: /var/log/flb_kube.db
- DB.Sync: Normal
- Buffer_Chunk_Size: 1M
- Buffer_Max_Size: 1M
- Mem_Buf_Limit: 5MB
- - kube_filter:
- header: filter
- Name: kubernetes
- Match: kube.*
- Merge_JSON_Log: On
- - fluentd_output:
- header: output
- Name: forward
- Match: "*"
- Host: ${FLUENTD_HOST}
- Port: ${FLUENTD_PORT}
- td_agent:
- - metrics_agent:
- header: source
- type: monitor_agent
- bind: 0.0.0.0
- port: 24220
- - fluentbit_forward:
- header: source
- type: forward
- port: "#{ENV['FLUENTD_PORT']}"
- bind: 0.0.0.0
- - elasticsearch:
- header: match
- type: elasticsearch
- user: "#{ENV['ELASTICSEARCH_USERNAME']}"
- password: "#{ENV['ELASTICSEARCH_PASSWORD']}"
- expression: "**"
- include_tag_key: true
- host: "#{ENV['ELASTICSEARCH_HOST']}"
- port: "#{ENV['ELASTICSEARCH_PORT']}"
- logstash_format: true
- buffer_chunk_limit: 10M
- buffer_queue_limit: 32
- flush_interval: 20s
- max_retry_wait: 300
- disable_retry_limit: ""
- num_threads: 8
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-mariadb
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OpenStack-Infra MariaDB
- chart_group:
- - osh-infra-mariadb
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-mariadb
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.mariadb
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.mariadb
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.oslo_db
- dest:
- path: .values.endpoints.olso_db
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.oslo_db.admin
- dest:
- path: .values.endpoints.oslo_db.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_oslo_db_admin_password
- path: .
-
-data:
- chart_name: osh-infra-mariadb
- release: osh-infra-mariadb
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-osh-infra-mariadb
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-osh-infra-mariadb
- values:
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_mysql_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-monitoring
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OSH Infra Monitoring
- chart_group:
- - prometheus
- - prometheus-alertmanager
- - prometheus-node-exporter
- - prometheus-kube-state-metrics
- - nagios
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: nagios
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.nagios
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.nagios
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.nagios
- dest:
- path: .values.endpoints.nagios
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.monitoring
- dest:
- path: .values.endpoints.monitoring
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.ldap
- dest:
- path: .values.endpoints.ldap
-
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.nagios.admin
- dest:
- path: .values.endpoints.nagios.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.nagios.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_nagios_admin_password
- path: .
-
- # LDAP Details
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.ldap.admin
- dest:
- path: .values.endpoints.ldap.auth.admin
- - dest:
- path: .values.endpoints.ldap.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_ldap_password
- path: .
-
-data:
- chart_name: nagios
- release: nagios
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-nagios
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-nagios
- create: []
- post:
- create: []
- values:
- conf:
- apache:
- host: |
- <VirtualHost *:80>
- <Location />
- ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
- </Location>
- <Proxy *>
- AuthName "Nagios"
- AuthType Basic
- AuthBasicProvider file ldap
- AuthUserFile /usr/local/apache2/conf/.htpasswd
- AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
- AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
- AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- Require valid-user
- </Proxy>
- </VirtualHost>
- labels:
- nagios:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- nagios: 3
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: prometheus-alertmanager
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.prometheus_alertmanager
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.prometheus_alertmanager
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.alerts
- dest:
- path: .values.endpoints.alerts
-
-data:
- chart_name: prometheus-alertmanager
- release: prometheus-alertmanager
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-prometheus-alertmanager
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-prometheus-alertmanager
- create: []
- post:
- create: []
- values:
- manifests:
- ingress: false
- service_ingress: false
- labels:
- alertmanager:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: prometheus-kube-state-metrics
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.prometheus_kube_state_metrics
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.prometheus_kube_state_metrics
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.kube_state_metrics
- dest:
- path: .values.endpoints.kube_state_metrics
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.kube_scheduler
- dest:
- path: .values.endpoints.kube_scheduler
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.kube_controller_manager
- dest:
- path: .values.endpoints.kube_controller_manager
-
-data:
- chart_name: prometheus-kube-state-metrics
- release: prometheus-kube-state-metrics
- namespace: kube-system
- wait:
- timeout: 900
- labels:
- release_group: airship-prometheus-kube-state-metrics
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-prometheus-kube-state-metrics
- create: []
- post:
- create: []
- values:
- labels:
- kube_state_metrics:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: prometheus-node-exporter
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.prometheus_node_exporter
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.prometheus_node_exporter
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.node_metrics
- dest:
- path: .values.endpoints.node_metrics
-
-data:
- chart_name: prometheus-node-exporter
- release: prometheus-node-exporter
- namespace: kube-system
- wait:
- timeout: 900
- labels:
- release_group: airship-prometheus-node-exporter
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-prometheus-node-exporter
- create: []
- post:
- create: []
- values:
- labels:
- node_exporter:
- node_selector_key: node-exporter
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: prometheus
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.prometheus
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.prometheus
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.monitoring
- dest:
- path: .values.endpoints.monitoring
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.alerts
- dest:
- path: .values.endpoints.alerts
-
-data:
- chart_name: prometheus
- release: prometheus
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-prometheus
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-prometheus
- create: []
- post:
- create: []
- values:
- manifests:
- ingress: false
- service_ingress: false
- labels:
- prometheus:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- prometheus: 3
- storage:
- requests:
- storage: 500Gi
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-infra-prometheus-openstack-exporter
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Prometheus OpenStack Exporter
- chart_group:
- - prometheus-openstack-exporter
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: prometheus-openstack-exporter
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.prometheus_openstack_exporter
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.prometheus_openstack_exporter
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.prometheus_openstack_exporter
- dest:
- path: .values.endpoints.prometheus_openstack_exporter
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
-
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.prometheus_openstack_exporter.user
- dest:
- path: .values.endpoints.identity.auth.user
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_openstack_exporter_password
- path: .
-data:
- chart_name: prometheus-openstack-exporter
- release: prometheus-openstack-exporter
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-prometheus-openstack-exporter
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-prometheus-openstack-exporter
- values:
- labels:
- openstack_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-infra-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: osh-helm-toolkit
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.helm_toolkit
- dest:
- path: .source
-data:
- chart_name: helm-toolkit
- release: osh-helm-toolkit
- namespace: osh-helm-toolkit
- wait:
- timeout: 600
- labels:
- release_group: airship-osh-helm-toolkit
- upgrade:
- no_hooks: true
- values: {}
- dependencies: []
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
-
-data:
- chart_name: openstack-ceph-config
- release: openstack-ceph-config
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-openstack-ceph-config
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-openstack-ceph-config
- values:
- labels:
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- deployment:
- ceph: false
- client_secrets: true
- rbd_provisioner: false
- cephfs_provisioner: false
- rgw_keystone_user_and_endpoints: false
- bootstrap:
- enabled: false
- conf:
- rgw_ks:
- enabled: true
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ceph config for OpenStack namespace(s)
- chart_group:
- - openstack-ceph-config
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-cinder
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Cinder
- chart_group:
- - cinder-rabbitmq
- - cinder
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: cinder
- labels:
- component: cinder
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.cinder
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.cinder
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.image
- dest:
- path: .values.endpoints.image
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.image_registry
- dest:
- path: .values.endpoints.image_registry
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.volume
- dest:
- path: .values.endpoints.volume
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.volumev2
- dest:
- path: .values.endpoints.volumev2
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.volumev3
- dest:
- path: .values.endpoints.volumev3
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.cinder_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.cinder
- dest:
- path: .values.endpoints.identity.auth.cinder
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.oslo_messaging.cinder
- dest:
- path: .values.endpoints.oslo_messaging.auth.cinder
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.cinder
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.cinder.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.cinder.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.cinder.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-data:
- chart_name: cinder
- release: cinder
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-cinder
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-cinder
- post:
- create: []
- values:
- pod:
- replicas:
- api: 2
- volume: 2
- scheduler: 2
- backup: 2
- labels:
- api:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- backup:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- scheduler:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- volume:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conf:
- logging:
- loggers:
- keys:
- - root
- - cinder
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_cinder:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: cinder
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.cinder', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: cinder-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.cinder_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.cinder_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.cinder.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_cinder_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: cinder-rabbitmq
- release: cinder-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-cinder-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-cinder-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-compute-kit
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Nova, Neutron, Openvswitch, and Libvirt
- chart_group:
- - libvirt
- - openvswitch
- - neutron-rabbitmq
- - nova-rabbitmq
- - neutron
- - nova
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: libvirt
- labels:
- name: libvirt-global
- component: libvirt
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.libvirt
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.libvirt
- dest:
- path: .values.images.tags
-data:
- chart_name: libvirt
- release: libvirt
- namespace: openstack
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-libvirt
- values:
- labels:
- agent:
- libvirt:
- node_selector_key: openstack-libvirt
- node_selector_value: kernel
- dependencies:
- - osh-helm-toolkit
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: neutron-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.neutron_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.neutron_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: neutron-rabbitmq
- release: neutron-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-neutron-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-neutron-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: neutron
- labels:
- name: neutron-global
- component: neutron
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.neutron
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.neutron
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute
- dest:
- path: .values.endpoints.compute
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute_metadata
- dest:
- path: .values.endpoints.image_registry
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.neutron_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.network
- dest:
- path: .values.endpoints.network
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.neutron
- dest:
- path: .values.endpoints.identity.auth.neutron
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.nova
- dest:
- path: .values.endpoints.identity.auth.nova
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.oslo_messaging.neutron
- dest:
- path: .values.endpoints.oslo_messaging.auth.neutron
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.neutron
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.neutron.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.neutron.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.neutron.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-
- # Interfaces for neutron configuration
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .neutron.tunnel_device
- dest:
- path: .values.network.interface.tunnel
- pattern: 'TUNNEL_DEVICE'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .neutron.external_iface
- dest:
- path: .values.network.interface.external
- pattern: 'EXTERNAL_INTERFACE'
-
-data:
- chart_name: neutron
- release: neutron
- namespace: openstack
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-neutron
- post:
- create: []
- values:
- pod:
- replicas:
- server: 2
- labels:
- agent:
- dhcp:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- l3:
- # To enable the forcing of routers onto controllers that have
- # a public cidr so that tenant floating IPs can route properly
- node_selector_key: openstack-l3-agent
- node_selector_value: enabled
- metadata:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- lb:
- node_selector_key: linuxbridge
- node_selector_value: enabled
- ovs:
- node_selector_key: openvswitch
- node_selector_value: enabled
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- network:
- interface:
- tunnel: 'TUNNEL_DEVICE'
- external: 'EXTERNAL_INTERFACE'
- conf:
- logging:
- loggers:
- keys:
- - root
- - neutron
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_neutron:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: neutron
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.neutron', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- neutron:
- DEFAULT:
- l3_ha: True
- min_l3_agents_per_router: 2
- max_l3_agents_per_router: 5
- l3_ha_network_type: vxlan
- dhcp_agents_per_network: 2
- oslo_messaging_rabbit:
- heartbeat_timeout_threshold: 0
- plugins:
- ml2_conf:
- ml2:
- extension_drivers: port_security
- mechanism_drivers: l2population,openvswitch
- type_drivers: vlan,flat,vxlan
- tenant_network_types: vxlan
- ml2_type_vlan:
- network_vlan_ranges: bond0
- openvswitch_agent:
- agent:
- tunnel_types: vxlan
- ovs:
- bridge_mappings: bond0:br-bond0
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: nova-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.nova_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.nova_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: nova-rabbitmq
- release: nova-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-nova-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-nova-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: nova-global
- labels:
- name: nova-global
- component: nova
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.nova
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.nova
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db_api
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db_cell0
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.nova_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.image
- dest:
- path: .values.endpoints.image
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute
- dest:
- path: .values.endpoints.compute
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute_metadata
- dest:
- path: .values.endpoints.compute_metadata
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute_novnc_proxy
- dest:
- path: .values.endpoints.compute_novnc_proxy
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.compute_spice_proxy
- dest:
- path: .values.endpoints.compute_spice_proxy
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.placement
- dest:
- path: .values.endpoints.placement
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.network
- dest:
- path: .values.endpoints.network
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
-
- # Service Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.nova
- dest:
- path: .values.endpoints.identity.auth.nova
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.neutron.neutron
- dest:
- path: .values.endpoints.identity.auth.neutron
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.placement
- dest:
- path: .values.endpoints.identity.auth.placement
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_messaging.nova
- dest:
- path: .values.endpoints.oslo_messaging.auth.nova
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db.username
- dest:
- path: .values.endpoints.oslo_db.auth.nova.username
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db_api
- dest:
- path: .values.endpoints.oslo_db_api.auth.nova
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db_api.database
- dest:
- path: .values.endpoints.oslo_db_api.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db_cell0
- dest:
- path: .values.endpoints.oslo_db_cell0.auth.nova
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.nova.oslo_db_cell0.database
- dest:
- path: .values.endpoints.oslo_db_cell0.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.neutron.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_neutron_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.placement.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_placement_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_api.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_cell0.auth.nova.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_nova_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_api.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_cell0.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-data:
- chart_name: nova
- release: nova
- namespace: openstack
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-nova
- post:
- create: []
- values:
- labels:
- agent:
- compute:
- node_selector_key: openstack-nova-compute
- node_selector_value: enabled
- api_metadata:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conductor:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- consoleauth:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- novncproxy:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- osapi:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- placement:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- scheduler:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- spiceproxy:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- api_metadata: 2
- placement: 1
- osapi: 2
- conductor: 2
- consoleauth: 1
- scheduler: 1
- novncproxy: 1
- conf:
- logging:
- loggers:
- keys:
- - root
- - nova
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_nova:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: nova
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.nova', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: openvswitch
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- name: openvswitch-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.openvswitch
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.openvswitch
- dest:
- path: .values.images.tags
- # External Interface
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .openvswitch.external_iface
- dest:
- path: .values.network.interface.external
- pattern: 'EXTERNAL_INTERFACE'
-data:
- chart_name: openvswitch
- release: openvswitch
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-openvswitch
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-openvswitch
- values:
- labels:
- ovs:
- node_selector_key: openvswitch
- node_selector_value: enabled
- network:
- external_bridge: br-bond0
- interface:
- external: 'EXTERNAL_INTERFACE'
- dependencies:
- - osh-helm-toolkit
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-glance
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Glance
- chart_group:
- - glance-rabbitmq
- - glance
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: glance
- labels:
- component: glance
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.glance
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.glance
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.image
- dest:
- path: .values.endpoints.image
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.image_registry
- dest:
- path: .values.endpoints.image_registry
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.glance_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.ceph_object_store
- dest:
- path: .values.endpoints.ceph_object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.glance
- dest:
- path: .values.endpoints.identity.auth.glance
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.oslo_messaging.glance
- dest:
- path: .values.endpoints.oslo_messaging.auth.glance
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.glance
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.ceph_object_store
- dest:
- path: .values.endpoints.ceph_object_store.auth.glance
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.glance.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.glance.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.glance.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
- - dest:
- path: .values.endpoints.object_store.auth.glance.tmpurlkey
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.endpoints.ceph_object_store.auth.glance.tmpurlkey
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.endpoints.ceph_object_store.auth.glance.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_password
- path: .
-data:
- chart_name: glance
- release: glance
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-glance
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-glance
- post:
- create: []
- values:
- pod:
- replicas:
- api: 2
- registry: 2
- labels:
- api:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- registry:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- manifests:
- job_bootstrap: false
- conf:
- logging:
- loggers:
- keys:
- - root
- - glance
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_glance:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: glance
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.glance', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: glance-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.glance_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.glance_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.glance.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_glance_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: glance-rabbitmq
- release: glance-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-glance-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-glance-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-heat
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Heat
- chart_group:
- - heat-rabbitmq
- - heat
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: heat
- labels:
- name: heat-global
- component: heat
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.heat
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.heat
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.orchestration
- dest:
- path: .values.endpoints.orchestration
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.cloudformation
- dest:
- path: .values.endpoints.cloudformation
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.cloudwatch
- dest:
- path: .values.endpoints.cloudwatch
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.heat_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.heat
- dest:
- path: .values.endpoints.identity.auth.heat
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.heat_trustee
- dest:
- path: .values.endpoints.identity.auth.heat_trustee
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.heat_stack_user
- dest:
- path: .values.endpoints.identity.auth.heat_stack_user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.oslo_messaging.heat
- dest:
- path: .values.endpoints.oslo_messaging.auth.heat
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.heat
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.heat.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.heat_trustee.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_trustee_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.heat_stack_user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_stack_user_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.heat.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.heat.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-data:
- chart_name: heat
- release: heat
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-heat
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-heat
- post:
- create: []
- values:
- pod:
- replicas:
- api: 1
- cfn: 1
- cloudwatch: 1
- engine: 2
- labels:
- api:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- cfn:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- cloudwatch:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- engine:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conf:
- logging:
- loggers:
- keys:
- - root
- - heat
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_heat:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: heat
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.heat', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: heat-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.heat_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.heat_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.heat.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_heat_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: heat-rabbitmq
- release: heat-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-heat-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-heat-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-horizon
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Horizon
- chart_group:
- - horizon
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: horizon
- labels:
- component: horizon
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.horizon
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.horizon
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.dashboard
- dest:
- path: .values.endpoints.dashboard
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
-
- # Service Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.horizon.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.horizon
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.horizon.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.oslo_db.auth.keystone.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_horizon_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-data:
- chart_name: horizon
- release: horizon
- namespace: openstack
- install:
- no_hooks: false
- wait:
- timeout: 900
- labels:
- release_group: airship-horizon
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-horizon
- post:
- create: []
- values:
- labels:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-ingress-controller
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: OpenStack Namespace Ingress
- chart_group:
- - openstack-ingress-controller
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-ingress-controller
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.ingress
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.ingress
- dest:
- path: .values.images.tags
-data:
- chart_name: openstack-ingress-controller
- release: openstack-ingress-controller
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-openstack-ingress-controller
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-openstack-ingress-controller
- values:
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- error_server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- ingress: 2
- error_page: 2
- dependencies:
- - osh-helm-toolkit
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-keystone
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Keystone
- chart_group:
- - keystone-rabbitmq
- - keystone
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: keystone
- labels:
- name: keystone-global
- component: keystone
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.keystone
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.keystone
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.keystone_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
-
- # Service Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.oslo_messaging.keystone
- dest:
- path: .values.endpoints.oslo_messaging.auth.keystone
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.keystone
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_oslo_messaging_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.keystone.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.keystone.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_cache.auth.memcache_secret_key
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_cache_secret_key
- path: .
-
-data:
- chart_name: keystone
- release: keystone
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-keystone
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-keystone
- post:
- create: []
- values:
- bootstrap:
- script: |
- openstack role create --or-show _member_
- openstack role add \
- --user="${OS_USERNAME}" \
- --user-domain="${OS_USER_DOMAIN_NAME}" \
- --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
- --project="${OS_PROJECT_NAME}" \
- "_member_"
-
- #NOTE(portdirect): required for all users who operate heat stacks
- openstack role create --or-show heat_stack_owner
- openstack role add \
- --user="${OS_USERNAME}" \
- --user-domain="${OS_USER_DOMAIN_NAME}" \
- --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
- --project="${OS_PROJECT_NAME}" \
- "heat_stack_owner"
- conf:
- logging:
- loggers:
- keys:
- - root
- - keystone
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_keystone:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: keystone
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('openstack.keystone', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- keystone:
- identity:
- driver: sql
- default_domain_id: default
- domain_specific_drivers_enabled: True
- domain_configurations_from_database: True
- domain_config_dir: /etc/keystonedomains
- pod:
- replicas:
- api: 2
- labels:
- api:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: keystone-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.keystone_oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.keystone_rabbitmq_exporter
- dest:
- path: .values.endpoints.prometheus_rabbitmq_exporter
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_oslo_messaging_admin_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: keystone-rabbitmq
- release: keystone-rabbitmq
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-keystone-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-keystone-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- monitoring:
- prometheus:
- enabled: true
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-mariadb
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy MariaDB
- chart_group:
- - openstack-mariadb
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-mariadb
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.mariadb
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.mariadb
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_db
- dest:
- path: .values.endpoints.olso_db
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.oslo_db.admin
- dest:
- path: .values.endpoints.oslo_db.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_oslo_db_admin_password
- path: .
-
-data:
- chart_name: openstack-mariadb
- release: openstack-mariadb
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-openstack-mariadb
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-openstack-mariadb
- values:
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- prometheus_mysql_exporter:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-memcached
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Memcached
- chart_group:
- - openstack-memcached
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-memcached
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh.memcached
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh.memcached
- dest:
- path: .values.images.tags
-
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
-data:
- chart_name: openstack-memcached
- release: openstack-memcached
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-openstack-memcached
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-openstack-memcached
- values:
- labels:
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- dependencies:
- - osh-helm-toolkit
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: openstack-radosgw
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deploy Radosgw
- chart_group:
- - radosgw
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: radosgw
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
-
-data:
- chart_name: radosgw
- release: radosgw
- namespace: openstack
- wait:
- timeout: 900
- labels:
- release_group: airship-radosgw
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-radosgw
- values:
- labels:
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- deployment:
- ceph: false
- client_secrets: false
- rbd_provisioner: false
- cephfs_provisioner: false
- rgw_keystone_user_and_endpoints: true
- bootstrap:
- enabled: false
- conf:
- rgw_ks:
- enabled: true
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-armada
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.armada
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.armada
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.armada
- dest:
- path: .values.endpoints.armada
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.armada.keystone
- dest:
- path: .values.endpoints.identity.auth.user
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_armada_keystone_password
- path: .
-data:
- chart_name: armada
- release: ucp-armada
- namespace: ucp
- wait:
- timeout: 100
- labels:
- release_group: airship-ucp-armada
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-armada
- values:
- pod:
- replicas:
- api: 2
- conf:
- armada:
- DEFAULT:
- debug: true
- tiller_namespace: kube-system
- manifests:
- deployment_tiller: false
- service_tiller_deploy: false
- dependencies:
- - armada-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: armada-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.armada-htk
- dest:
- path: .source
-data:
- chart_name: armada-htk
- release: armada-htk
- namespace: armada-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-armada
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Armada
- sequenced: true
- chart_group:
- - ucp-tiller
- - ucp-armada
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-tiller
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.tiller
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.tiller
- dest:
- path: .values.images.tags
-
-data:
- chart_name: tiller
- release: ucp-tiller
- namespace: kube-system
- wait:
- timeout: 100
- labels:
- release_group: airship-ucp-tiller
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-tiller
- values: {}
- dependencies:
- - tiller-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: tiller-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.tiller-htk
- dest:
- path: .source
-data:
- chart_name: tiller-htk
- release: tiller-htk
- namespace: tiller-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ceph.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
-
-data:
- chart_name: ucp-ceph-config
- release: ucp-ceph-config
- namespace: ucp
- wait:
- timeout: 900
- labels:
- release_group: airship-ucp-ceph-config
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-ceph-config
- values:
- labels:
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- deployment:
- ceph: false
- client_secrets: true
- rbd_provisioner: false
- cephfs_provisioner: false
- rgw_keystone_user_and_endpoints: false
- bootstrap:
- enabled: false
- conf:
- rgw_ks:
- enabled: true
-
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-config
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ceph config for UCP namespace(s)
- chart_group:
- # NOTE: This will probably expand into one config per UCP namespace
- # that requires ceph access.
- - ucp-ceph-config
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-client-update-global
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- labels:
- name: ucp-ceph-client-update-global
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.conf.ceph.global.fsid
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_fsid
- path: .
-
-data:
- chart_name: ucp-ceph-client
- release: ucp-ceph-client
- namespace: ceph
- protected:
- continue_processing: true
- wait:
- timeout: 900
- labels:
- release_group: airship-ucp-ceph-client
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-ceph-client
- values:
- labels:
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- endpoints:
- identity:
- namespace: openstack
- object_store:
- namespace: ceph
- ceph_mon:
- namespace: ceph
- deployment:
- ceph: true
- client_secrets: false
- rbd_provisioner: true
- cephfs_provisioner: true
- rgw_keystone_user_and_endpoints: false
- bootstrap:
- enabled: true
- pod:
- replicas:
- mds: 2
- mgr: 2
- rgw: 2
-
- conf:
- rgw_ks:
- enabled: true
- config:
- #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
- rgw_keystone_token_cache_size: '0'
- pool:
-
- # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
- crush:
- tunables: 'hammer'
-
- # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- target:
- osd: 1
- pg_per_osd: 100
-
- default:
- # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- crush_rule: replicated_rule
-
- ceph:
- global:
- # NOTE: This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- osd_pool_default_size: 1
-
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-client-global
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- labels:
- name: ucp-ceph-client-global
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-client
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-client
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_endpoints
- path: .osh.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
-
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_service_accounts
- path: .osh.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.conf.ceph.global.fsid
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_fsid
- path: .
-
-data:
- chart_name: ucp-ceph-client
- release: ucp-ceph-client
- namespace: ceph
- protected:
- continue_processing: true
- wait:
- timeout: 900
- labels:
- release_group: airship-ucp-ceph-client
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-ceph-client
- values:
- labels:
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- provisioner:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- mds:
- node_selector_key: ceph-mds
- node_selector_value: enabled
- rgw:
- node_selector_key: ceph-rgw
- node_selector_value: enabled
- mgr:
- node_selector_key: ceph-mgr
- node_selector_value: enabled
- endpoints:
- identity:
- namespace: openstack
- object_store:
- namespace: ceph
- ceph_mon:
- namespace: ceph
- deployment:
- ceph: true
- client_secrets: false
- rbd_provisioner: true
- cephfs_provisioner: true
- rgw_keystone_user_and_endpoints: false
- bootstrap:
- enabled: true
- pod:
- replicas:
- mds: 1
- mgr: 1
- rgw: 1
-
- conf:
- rgw_ks:
- enabled: true
- config:
- #NOTE (portdirect): See http://tracker.ceph.com/issues/21226
- rgw_keystone_token_cache_size: '0'
- pool:
-
- # NOTE(alanmeadows) spport 4.x 16.04 kernels (non-HWE)
- crush:
- tunables: 'hammer'
-
- # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- target:
- osd: 1
- pg_per_osd: 100
-
- default:
- # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- crush_rule: same_host
-
- ceph:
- global:
- # NOTE: This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- osd_pool_default_size: 1
-
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ceph-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-htk
- dest:
- path: .source
-data:
- chart_name: ceph-htk
- release: ceph-htk
- namespace: ceph-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-ingress
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ingress
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.ingress
- dest:
- path: .values.images.tags
-data:
- chart_name: ucp-ceph-ingress
- release: ucp-ceph-ingress
- namespace: ceph
- wait:
- timeout: 300
- labels:
- release_group: airship-ucp-ceph-ingress
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-ceph-ingress
- values:
- conf:
- ingress:
- proxy-body-size: 20m
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- error_server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- ingress: 2
- error_page: 2
- network:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 20m
- nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
- dependencies:
- - ucp-ingress-htk
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-mon
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- labels:
- name: ucp-ceph-mon
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-mon
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-mon
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ceph.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.conf.ceph.global.fsid
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_fsid
- path: .
-
-data:
- chart_name: ucp-ceph-mon
- release: ucp-ceph-mon
- namespace: ceph
- protected:
- continue_processing: true
- wait:
- timeout: 1800
- labels:
- release_group: airship-ucp-ceph-mon
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-ceph-mon
- values:
- logging:
- fluentd: true
- labels:
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- mon:
- node_selector_key: ceph-mon
- node_selector_value: enabled
- endpoints:
- identity:
- namespace: openstack
- object_store:
- namespace: ceph
- ceph_mon:
- namespace: ceph
- fluentd:
- namespace: osh-infra
- deployment:
- ceph: true
- storage_secrets: true
- bootstrap:
- enabled: true
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-osd-global
- layeringDefinition:
- abstract: true
- layer: global
- storagePolicy: cleartext
- labels:
- name: ucp-ceph-osd-global
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ceph-osd
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ceph.ceph-osd
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.public_cidr
- dest:
- path: .values.network.public
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .storage.ceph.cluster_cidr
- dest:
- path: .values.network.cluster
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.object_store
- dest:
- path: .values.endpoints.object_store
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mon
- dest:
- path: .values.endpoints.ceph_mon
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ceph.ceph_mgr
- dest:
- path: .values.endpoints.ceph_mgr
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ceph.swift.keystone
- dest:
- path: .values.endpoints.identity.auth.swift
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.swift.password
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_swift_keystone_password
- path: .
- - dest:
- path: .values.conf.ceph.global.fsid
- src:
- schema: deckhand/Passphrase/v1
- name: ceph_fsid
- path: .
-
-data:
- chart_name: ucp-ceph-osd
- release: ucp-ceph-osd
- namespace: ceph
- protected:
- continue_processing: true
- wait:
- timeout: 900
- labels:
- release_group: airship-ucp-ceph-osd
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- values:
- logging:
- fluentd: true
- labels:
- osd:
- node_selector_key: ceph-osd
- node_selector_value: enabled
- endpoints:
- identity:
- namespace: openstack
- object_store:
- namespace: ceph
- ceph_mon:
- namespace: ceph
- fluentd:
- namespace: osh-infra
- bootstrap:
- enabled: true
- conf:
- storage:
- osd:
- - data:
- type: directory
- location: /var/lib/openstack-helm/ceph/osd/osd-one
- journal:
- type: directory
- location: /var/lib/openstack-helm/ceph/osd/journal-one
- osd:
- # NOTE(alanmeadows): This is required ATM for bootstrapping a Ceph
- # cluster with only one OSD. Depending on OSD targeting & site
- # configuration this can be changed.
- osd_crush_chooseleaf_type: 0
- dependencies:
- - ceph-htk
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-update
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ceph post-install update
- sequenced: true
- chart_group:
- - ucp-ceph-ingress
- - ucp-ceph-mon
- - ucp-ceph-osd
- - ucp-ceph-client-update
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Ceph Storage
- sequenced: true
- chart_group:
- - ucp-ceph-ingress
- - ucp-ceph-mon
- - ucp-ceph-osd
- - ucp-ceph-client
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-core
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Common UCP Components
- chart_group:
- - ucp-ingress
- - ucp-mariadb
- - ucp-postgresql
- - ucp-rabbitmq
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ingress
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ingress
- dest:
- path: .source
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.ingress
- dest:
- path: .values.images.tags
-data:
- chart_name: ingress
- release: ingress
- namespace: ucp
- wait:
- timeout: 300
- labels:
- release_group: airship-ingress
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ingress
- values:
- conf:
- ingress:
- proxy-body-size: 20m
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- error_server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- ingress: 2
- error_page: 2
- network:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 20m
- nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
- dependencies:
- - ucp-ingress-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ingress-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.ingress-htk
- dest:
- path: .source
-data:
- chart_name: ucp-ingress-htk
- release: ucp-ingress-htk
- namespace: ucp-ingress-htk
- values: {}
- dependencies: []
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-mariadb
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.mariadb
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.mariadb
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_db
- dest:
- path: .values.endpoints.olso_db
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.oslo_db.admin
- dest:
- path: .values.endpoints.oslo_db.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_db_admin_password
- path: .
-
-data:
- chart_name: ucp-mariadb
- release: ucp-mariadb
- namespace: ucp
- wait:
- timeout: 300
- labels:
- release_group: airship-ucp-mariadb
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-mariadb
- values:
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- prometheus_mysql_exporter:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- ingress:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- error_server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- server: 1
- dependencies:
- - mariadb-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: mariadb-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.mariadb-htk
- dest:
- path: .source
-data:
- chart_name: mariadb-htk
- release: mariadb-htk
- namespace: mariadb-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-postgresql
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.postgresql
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.postgresql
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.postgresql
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.postgresql.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
-data:
- chart_name: ucp-postgresql
- release: ucp-postgresql
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-postgresql
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-postgresql
- create: []
- post:
- create: []
- values:
- conf:
- postgresql:
- max_connections: 1000
- shared_buffers: 2GB
- development:
- enabled: false
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- dependencies:
- - postgres-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: postgres-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.postgresql-htk
- dest:
- path: .source
-data:
- chart_name: postgres-htk
- release: postgres-htk
- namespace: postgres-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-rabbitmq
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.rabbitmq
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.rabbitmq
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
-
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.oslo_messaging.admin
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
-
- - src:
- schema: deckhand/Passphrase/v1
- name: ucp_rabbitmq_erlang_cookie
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- - src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-data:
- chart_name: ucp-rabbitmq
- release: ucp-rabbitmq
- namespace: ucp
- wait:
- timeout: 300
- labels:
- release_group: airship-ucp-rabbitmq
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-rabbitmq
- values:
- pod:
- replicas:
- server: 1
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- prometheus_rabbitmq_exporter:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- dependencies:
- - ucp-rabbitmq-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-rabbitmq-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.rabbitmq-htk
- dest:
- path: .source
-data:
- chart_name: ucp-rabbitmq-htk
- release: ucp-rabbitmq-htk
- namespace: ucp-rabbitmq-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-barbican
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.barbican
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.barbican
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.key_manager
- dest:
- path: .values.endpoints.key_manager
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.barbican.keystone
- dest:
- path: .values.endpoints.identity.auth.barbican
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.barbican.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.barbican
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.barbican.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.barbican.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging.auth
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.barbican.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_barbican_keystone_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.barbican.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_barbican_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.barbican.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
-data:
- chart_name: ucp-barbican
- release: ucp-barbican
- namespace: ucp
- wait:
- timeout: 300
- labels:
- release_group: airship-ucp-barbican
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-barbican
- post:
- create: []
- values:
- conf:
- logging:
- loggers:
- keys:
- - root
- - barbican
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_barbican:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: barbican
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('ucp.barbican', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- labels:
- api:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- pod:
- replicas:
- api: 2
- dependencies:
- - ucp-barbican-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-barbican-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.barbican-htk
- dest:
- path: .source
-data:
- chart_name: ucp-barbican-htk
- release: ucp-barbican-htk
- namespace: ucp-barbican-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-deckhand
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Deckhand
- chart_group:
- # NOTE: Find and add the dogtag chart
- # - ucp-dogtag
- - ucp-barbican
- - ucp-deckhand
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-deckhand
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.deckhand
- dest:
- path: .source
-
- # Images
-
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.deckhand
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.postgresql
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.deckhand
- dest:
- path: .values.endpoints.deckhand
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.key_manager
- dest:
- path: .values.endpoints.key_manager
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.deckhand.postgres
- dest:
- path: .values.endpoints.postgresql.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.deckhand.postgres.database
- dest:
- path: .values.endpoints.postgresql.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.deckhand.keystone
- dest:
- path: .values.endpoints.identity.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.postgresql.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_deckhand_keystone_password
- path: .
- - dest:
- path: .values.endpoints.postgresql.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_deckhand_postgres_password
- path: .
-data:
- chart_name: ucp-deckhand
- release: ucp-deckhand
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-deckhand
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-deckhand
- post:
- create: []
- values:
- pod:
- replicas:
- deckhand: 2
- conf:
- deckhand:
- DEFAULT:
- debug: true
- use_stderr: true
- use_syslog: true
- keystone_authtoken:
- memcache_security_strategy: None
- dependencies:
- - deckhand-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: deckhand-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.deckhand-htk
- dest:
- path: .source
-data:
- chart_name: deckhand-htk
- release: deckhand-htk
- namespace: deckhand-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-divingbell
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Divingbell
- chart_group:
- - ucp-divingbell
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-divingbell-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: ucp-divingbell-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.divingbell
- dest:
- path: .source
- # Image Source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.divingbell
- dest:
- path: .values.images
-data:
- chart_name: ucp-divingbell
- release: ucp-divingbell
- namespace: ucp
- wait:
- timeout: 300
- labels:
- release_group: airship-ucp-divingbell
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-divingbell
- values:
- conf:
- sysctl:
- # Larger connection tracking table
- net.nf_conntrack_max: '1048576'
- # Reboot the node 60 seconds after a kernel panic, instead of default
- # value of 0 (i.e. never reboot)
- kernel.panic: '60'
- # Accept gratuitous ARP to support failover scenarios
- # https://bugs.launchpad.net/fuel/+bug/1456272
- net.ipv4.conf.default.arp_accept: '1'
- net.ipv4.conf.all.arp_accept: '1'
- # Increased network backlog to optimize performance on fast networks
- net.core.netdev_max_backlog: '261144'
- # Optimizations for RabbitMQ failover
- # https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
- net.ipv4.tcp_keepalive_intvl: '3'
- net.ipv4.tcp_keepalive_time: '30'
- net.ipv4.tcp_keepalive_probes: '8'
- net.ipv4.tcp_retries2: '5'
- # Larger thresholds
- # "Neighbour table overflow" errors that filled kernel logs
- net.ipv4.neigh.default.gc_thresh1: '4096'
- net.ipv4.neigh.default.gc_thresh2: '8192'
- net.ipv4.neigh.default.gc_thresh3: '16384'
- # It was necessary to set rp_filter to zero to support certain
- # multi-homed storage backends
- net.ipv4.conf.default.rp_filter: '0'
- # Enable byte/packet count for new connections to enable creation of
- # rules for the connbytes netfilter module
- net.netfilter.nf_conntrack_acct: '1'
- # Added in response to error messages seen on genesis host when services
- # were restarted. "Failed to add /run/systemd/ask-password to directory
- # watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
- fs.inotify.max_user_watches: '1048576'
- dependencies:
- - ucp-divingbell-htk
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-divingbell-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.divingbell-htk
- dest:
- path: .source
-data:
- chart_name: ucp-divingbell-htk
- release: ucp-divingbell-htk
- namespace: ucp-divingbell-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-drydock
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Drydock
- chart_group:
- - ucp-maas
- - ucp-drydock
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-drydock
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.drydock
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.drydock
- dest:
- path: .values.images.tags
-
- # Endpoints
-
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.postgresql
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.physicalprovisioner
- dest:
- path: .values.endpoints.physicalprovisioner
-
- # Drydock IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.drydock_api
- dest:
- path: .values.network.drydock.node_port.port
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.drydock_api
- dest:
- path: .values.endpoints.physicalprovisioner.port.api.nodeport
-
- # MaaS IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.ip
- dest:
- path: .values.conf.drydock.maasdriver.maas_api_url
- pattern: 'MAAS_IP'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.maas_api
- dest:
- path: .values.conf.drydock.maasdriver.maas_api_url
- pattern: 'MAAS_PORT'
-
- # Credentials
-
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.drydock.postgres
- dest:
- path: .values.endpoints.postgresql.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.drydock.postgres.database
- dest:
- path: .values.endpoints.postgresql.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.drydock.keystone
- dest:
- path: .values.endpoints.identity.auth.user
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.postgresql.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_drydock_keystone_password
- path: .
- - dest:
- path: .values.endpoints.postgresql.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_drydock_postgres_password
- path: .
-
-data:
- chart_name: drydock
- release: drydock
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-drydock
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-drydock
- values:
- labels:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- network:
- drydock:
- node_port:
- enabled: true
- conf:
- drydock:
- database:
- pool_size: 200
- maasdriver:
- maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS/api/2.0/
- plugins:
- ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester
- dependencies:
- - drydock-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: drydock-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.drydock-htk
- dest:
- path: .source
-data:
- chart_name: drydock-htk
- release: drydock-htk
- namespace: drydock-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-maas-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: ucp-maas-global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.maas
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.maas
- dest:
- path: .values.images.tags
-
- # Drydock IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .bootstrap.ip
- dest:
- path: .values.conf.drydock.bootaction_url
- pattern: '(DRYDOCK_IP)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.drydock_api
- dest:
- path: .values.conf.drydock.bootaction_url
- pattern: '(DRYDOCK_PORT)'
-
- # MaaS IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .bootstrap.ip
- dest:
- path: .values.conf.maas.url.maas_url
- pattern: '(MAAS_IP)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.maas_api
- dest:
- path: .values.conf.maas.url.maas_url
- pattern: '(MAAS_PORT)'
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.maas_api
- dest:
- path: .values.network.gui.node_port.port
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.maas_proxy
- dest:
- path: .values.network.proxy.node_port.port
-
- # MaaS Config
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.upstream_servers_joined
- dest:
- path: .values.conf.maas.dns.dns_servers
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ntp.servers_joined
- dest:
- path: .values.conf.maas.ntp.ntp_servers
- - src:
- schema: deckhand/Passphrase/v1
- name: maas-region-key
- path: .
- dest:
- path: .values.secrets.maas_region.value
-
- # Endpoint substitutions
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.maas_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.maas_region_ui
- dest:
- path: .values.endpoints.maas_region_ui
-
- # Account and credential substitutions
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.maas_db.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.maas.postgres
- dest:
- path: .values.endpoints.maas_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.maas.postgres.database
- dest:
- path: .values.endpoints.maas_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.maas.admin
- dest:
- path: .values.endpoints.maas_region_ui.auth.admin
-
- # Secrets
- - dest:
- path: .values.endpoints.maas_region_ui.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_maas_admin_password
- path: .
- - dest:
- path: .values.endpoints.maas_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.maas_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_maas_postgres_password
- path: .
-data:
- chart_name: maas
- release: maas
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-maas
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-maas
- values:
- labels:
- rack:
- node_selector_key: maas-control-plane
- node_selector_value: enabled
- region:
- node_selector_key: maas-control-plane
- node_selector_value: enabled
- network:
- proxy:
- node_port:
- enabled: true
- conf:
- cache:
- enabled: true
- drydock:
- bootaction_url: http://DRYDOCK_IP:DRYDOCK_PORT/api/v1.0/bootactions/nodes/
- maas:
- credentials:
- secret:
- namespace: ucp
- url:
- maas_url: http://MAAS_IP:MAAS_PORT/MAAS
- proxy:
- proxy_enabled: 'false'
- ntp:
- use_external_only: 'true'
- disable_ntpd_region: true
- disable_ntpd_rack: true
- dns:
- require_dnssec: 'no'
- dependencies:
- - maas-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: maas-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.maas-htk
- dest:
- path: .source
-data:
- chart_name: maas-htk
- release: maas-htk
- namespace: maas-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-keystone
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: UCP Keystone components
- chart_group:
- - ucp-keystone-memcached
- - ucp-keystone
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-keystone
- labels:
- component: keystone
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.keystone
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.keystone
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.fluentd
- dest:
- path: .values.endpoints.fluentd
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging.auth
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.keystone
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.keystone.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_messaging.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.keystone.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_db_admin_password
- path: .
-data:
- chart_name: ucp-keystone
- release: ucp-keystone
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-keystone
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-keystone
- post:
- create: []
- values:
- conf:
- logging:
- loggers:
- keys:
- - root
- - keystone
- handlers:
- keys:
- - stdout
- - stderr
- - "null"
- - fluent
- formatters:
- keys:
- - context
- - default
- - fluent
- logger_root:
- level: WARNING
- handlers: null
- logger_keystone:
- level: INFO
- handlers:
- - stdout
- - stderr
- - fluent
- qualname: keystone
- logger_amqp:
- level: WARNING
- handlers: stderr
- qualname: amqp
- logger_amqplib:
- level: WARNING
- handlers: stderr
- qualname: amqplib
- logger_eventletwsgi:
- level: WARNING
- handlers: stderr
- qualname: eventlet.wsgi.server
- logger_sqlalchemy:
- level: WARNING
- handlers: stderr
- qualname: sqlalchemy
- logger_boto:
- level: WARNING
- handlers: stderr
- qualname: boto
- handler_null:
- class: logging.NullHandler
- formatter: default
- args: ()
- handler_stdout:
- class: StreamHandler
- args: (sys.stdout,)
- formatter: context
- handler_stderr:
- class: StreamHandler
- args: (sys.stderr,)
- formatter: context
- handler_fluent:
- class: fluent.handler.FluentHandler
- args: ('ucp.keystone', 'fluentd-logging.osh-infra', 24224)
- formatter: fluent
- formatter_fluent:
- class: oslo_log.formatters.FluentFormatter
- formatter_context:
- class: oslo_log.formatters.ContextFormatter
- formatter_default:
- format: "%(message)s"
- pod:
- replicas:
- api: 2
- labels:
- api:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
-
-
- dependencies:
- - ucp-keystone-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-keystone-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.keystone-htk
- dest:
- path: .source
-data:
- chart_name: ucp-keystone-htk
- release: ucp-keystone-htk
- namespace: ucp-keystone-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-keystone-memcached
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.memcached
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.memcached
- dest:
- path: .values.images.tags
-
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
-data:
- chart_name: ucp-keystone-memcached
- release: ucp-keystone-memcached
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-keystone-memcached
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-keystone-memcached
- values:
- labels:
- server:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- dependencies:
- - ucp-memcached-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-memcached-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.memcached-htk
- dest:
- path: .source
-data:
- chart_name: ucp-memcached-htk
- release: ucp-memcached-htk
- namespace: ucp-memcached-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-promenade
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Promenade
- chart_group:
- - ucp-promenade
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-promenade-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: ucp-promenade-global
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.promenade
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.promenade
- dest:
- path: .values.images.tags
-
- # Endpoints
-
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.kubernetesprovisioner
- dest:
- path: .values.endpoints.kubernetesprovisioner
-
- # Credentials
-
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.promenade.keystone
- dest:
- path: .values.endpoints.identity.auth.user
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_promenade_keystone_password
- path: .
-
-data:
- chart_name: promenade
- release: ucp-promenade
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-promenade
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-promenade
- values:
- pod:
- replicas:
- api: 2
- env:
- promenade_api:
- # this aligns with drydocks timeouts and allows alow responses to
- # download the external kubernetes client .tgz to still succeed
- - name: UWSGI_TIMEOUT
- value: "900"
- conf:
- paste:
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- admin_tenant_name: service
- admin_user: promenade
- delay_auth_decision: true
- identity_uri: http://keystone-api.ucp.svc.cluster.local/
- service_token_roles_required: true
- dependencies:
- - promenade-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: promenade-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.promenade-htk
- dest:
- path: .source
-data:
- chart_name: promenade-htk
- release: promenade-htk
- namespace: promenade-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: armada/ChartGroup/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-shipyard
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- description: Shipyard
- chart_group:
- - ucp-shipyard
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-shipyard
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.shipyard
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.ucp.shipyard
- dest:
- path: .values.images.tags
-
- # Node ports
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.shipyard_api
- dest:
- path: .values.network.shipyard.node_port
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .node_ports.airflow_web
- dest:
- path: .values.network.airflow.web.node_port
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.identity
- dest:
- path: .values.endpoints.identity
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.postgresql_shipyard_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql
- dest:
- path: .values.endpoints.postgresql_airflow_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.postgresql_airflow_celery
- dest:
- path: .values.endpoints.postgresql_airflow_celery_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.shipyard
- dest:
- path: .values.endpoints.shipyard
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.airflow_web
- dest:
- path: .values.endpoints.airflow_web
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.airflow_flower
- dest:
- path: .values.endpoints.airflow_flower
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_messaging
- dest:
- path: .values.endpoints.olso_messaging
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: ucp_endpoints
- path: .ucp.oslo_cache
- dest:
- path: .values.endpoints.oslo_cache
-
- # Database path
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.shipyard.postgres.database
- dest:
- path: .values.endpoints.postgresql_shipyard_db.path
- pattern: 'DB_NAME'
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.airflow.postgres.database
- dest:
- path: .values.endpoints.postgresql_airflow_db.path
- pattern: 'DB_NAME'
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.airflow.postgres.database
- dest:
- path: .values.endpoints.postgresql_airflow_celery_db.path
- pattern: 'DB_NAME'
- # Credentials
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql_shipyard_db.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql_airflow_db.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.postgres.admin
- dest:
- path: .values.endpoints.postgresql_airflow_celery_db.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.keystone.admin
- dest:
- path: .values.endpoints.identity.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.shipyard.postgres
- dest:
- path: .values.endpoints.postgresql_shipyard_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.airflow.postgres
- dest:
- path: .values.endpoints.postgresql_airflow_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.airflow.postgres
- dest:
- path: .values.endpoints.postgresql_airflow_celery_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: ucp_service_accounts
- path: .ucp.airflow.oslo_messaging
- dest:
- path: .values.endpoints.oslo_messaging.auth.user
-
- # Secrets
- - dest:
- path: .values.endpoints.identity.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_keystone_admin_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_shipyard_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_airflow_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_airflow_celery_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_postgres_admin_password
- path: .
- - dest:
- path: .values.endpoints.identity.auth.shipyard.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_shipyard_keystone_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_shipyard_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_shipyard_postgres_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_airflow_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_airflow_postgres_password
- path: .
- - dest:
- path: .values.endpoints.postgresql_airflow_celery_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: ucp_airflow_postgres_password
- path: .
- - src:
- schema: deckhand/Passphrase/v1
- name: ucp_oslo_messaging_password
- path: .
- dest:
- path: .values.endpoints.oslo_messaging.auth.user.password
-
-data:
- chart_name: shipyard
- release: ucp-shipyard
- namespace: ucp
- wait:
- timeout: 600
- labels:
- release_group: airship-ucp-shipyard
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-ucp-shipyard
- values:
- endpoints:
- postgresql_airflow_db:
- name: postgresql
- hosts:
- default: postgresql
- path: /DB_NAME
- scheme: postgresql+psycopg2
- port:
- postgresql:
- default: 5432
- host_fqdn_override:
- default: null
- postgresql_shipyard_db:
- name: postgresql
- hosts:
- default: postgresql
- path: /DB_NAME
- scheme: postgresql+psycopg2
- port:
- postgresql:
- default: 5432
- host_fqdn_override:
- default: null
- prod_environment: true
- pod:
- replicas:
- shipyard:
- api: 2
- airflow:
- web: 2
- worker: 2
- flower: 2
- scheduler: 2
- labels:
- job:
- node_selector_key: ucp-control-plane
- node_selector_value: enabled
- network:
- shipyard:
- enable_node_port: true
- airflow:
- web:
- enable_node_port: true
- conf:
- shipyard:
- keystone_authtoken:
- memcache_security_strategy: None
- dependencies:
- - shipyard-htk
-...
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: shipyard-htk
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.ucp.shipyard-htk
- dest:
- path: .source
-data:
- chart_name: shipyard-htk
- release: shipyard-htk
- namespace: shipyard-htk
- values: {}
- dependencies: []
-...
+++ /dev/null
----
-schema: promenade/Docker/v1
-metadata:
- schema: metadata/Document/v1
- name: docker-global
- labels:
- promenade: enabled
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- config:
- live-restore: true
- storage-driver: overlay2
-...
+++ /dev/null
----
-schema: promenade/Kubelet/v1
-metadata:
- schema: metadata/Document/v1
- name: kubelet
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.pause
- dest:
- path: .images.pause
-data:
- arguments:
- - --cni-bin-dir=/opt/cni/bin
- - --cni-conf-dir=/etc/cni/net.d
- - --eviction-max-pod-grace-period=-1
- - --network-plugin=cni
- - --node-status-update-frequency=5s
- - --max-pods=200
- - --pods-per-core=10
+++ /dev/null
----
-schema: pegleg/SoftwareVersions/v1
-metadata:
- schema: metadata/Document/v1
- name: software-versions
- layeringDefinition:
- abstract: false
- layer: global
- labels:
- name: software-versions-global
- storagePolicy: cleartext
-data:
- charts:
- kubernetes:
- calico:
- etcd:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/etcd
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- etcd-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- calico:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: calico
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- calico-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- apiserver:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/apiserver
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- apiserver-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- controller-manager:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/controller_manager
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- controller-manager-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- coredns:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/coredns
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- coredns-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- haproxy:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/haproxy
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- haproxy-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- etcd:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/etcd
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- etcd-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- ingress:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: ingress
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- ingress-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- proxy:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/proxy
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- proxy-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- scheduler:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/scheduler
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- scheduler-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- osh_infra:
- helm_toolkit:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- elasticsearch:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: elasticsearch
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- fluent_logging:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: fluent-logging
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- kibana:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: kibana
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- prometheus:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: prometheus
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- prometheus_node_exporter:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: prometheus-node-exporter
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- prometheus_kube_state_metrics:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: prometheus-kube-state-metrics
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- prometheus_alertmanager:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: prometheus-alertmanager
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- grafana:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: grafana
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- prometheus_openstack_exporter:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: prometheus-openstack-exporter
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- nagios:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: nagios
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- osh:
- helm_toolkit:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 5ae782ff52a2604fb1f392d77a018896f29dae49
- barbican:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: barbican
- reference: 332a3da0054e154c003256107a0907774531df79
- cinder:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: cinder
- reference: 332a3da0054e154c003256107a0907774531df79
- glance:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: glance
- reference: 332a3da0054e154c003256107a0907774531df79
- heat:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: heat
- reference: 332a3da0054e154c003256107a0907774531df79
- horizon:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: horizon
- reference: 332a3da0054e154c003256107a0907774531df79
- ingress:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: ingress
- reference: 332a3da0054e154c003256107a0907774531df79
- keystone:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: keystone
- reference: 332a3da0054e154c003256107a0907774531df79
- libvirt:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: libvirt
- reference: 82d99e8f7a7c892555d97adc08b01b8e8cc1ff81
- mariadb:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: mariadb
- reference: 332a3da0054e154c003256107a0907774531df79
- memcached:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: memcached
- reference: 332a3da0054e154c003256107a0907774531df79
- neutron:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: neutron
- reference: 332a3da0054e154c003256107a0907774531df79
- nova:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: nova
- reference: 332a3da0054e154c003256107a0907774531df79
- openvswitch:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: openvswitch
- reference: 20d863ce9d18203f2c6a1d679d0cec2bd4fa550d
- rabbitmq:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: rabbitmq
- reference: 332a3da0054e154c003256107a0907774531df79
- ucp:
- armada:
- type: git
- location: https://git.openstack.org/openstack/airship-armada
- subpath: charts/armada
- reference: 0a5b74440c81ac9d7f84cf7b553f21bed01401e6
- armada-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- barbican:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: barbican
- reference: 8dc986740c83487261efa6540f89d5dbea211f98
- barbican-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- ceph-mon:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: ceph-mon
- reference: e19be77f087995faccf06dd834a203fb2154a5f3
- ceph-osd:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: ceph-osd
- reference: e19be77f087995faccf06dd834a203fb2154a5f3
- ceph-client:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: ceph-client
- reference: e19be77f087995faccf06dd834a203fb2154a5f3
- ceph-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- deckhand:
- type: git
- location: https://git.openstack.org/openstack/airship-deckhand
- subpath: charts/deckhand
- reference: 0ac33c233d59a731bf289db23ec4a882ff359168
- deckhand-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: helm-toolkit
- reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
- divingbell:
- type: git
- location: https://git.openstack.org/openstack/airship-divingbell
- subpath: divingbell
- reference: 4e074ec0c24ec285dc3ac02e2a347a0033dad454
- divingbell-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- drydock:
- type: git
- location: https://git.openstack.org/openstack/airship-drydock
- subpath: charts/drydock
- reference: 7b6af1bdc9bdc8e8084dd825598100f9e1db163b
- drydock-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: helm-toolkit
- reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
- ingress:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: ingress
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- ingress-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- postgresql:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: postgresql
- reference: fbfcb51c31e21331ceb20b6108b739c5e2ad48f5
- postgresql-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- promenade:
- type: git
- location: https://git.openstack.org/openstack/airship-promenade
- subpath: charts/promenade
- reference: 7a06bef72c0bfd799c2353b8213627f6a0826251
- promenade-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- keystone:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: keystone
- reference: 8dc986740c83487261efa6540f89d5dbea211f98
- keystone-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- maas:
- type: git
- location: https://git.openstack.org/openstack/airship-maas
- subpath: charts/maas
- reference: 10d4966810bab5d815245820db7dc5ae160e6c4f
- maas-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: helm-toolkit
- reference: 3aeba707e36f36909e51e1cb0a81565ee28e0afa
- mariadb:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: mariadb
- reference: fbfcb51c31e21331ceb20b6108b739c5e2ad48f5
- mariadb-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: c0c5199fb20335b3e8839163129372059a876ce8
- memcached:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm
- subpath: memcached
- reference: 8dc986740c83487261efa6540f89d5dbea211f98
- memcached-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- rabbitmq:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: rabbitmq
- reference: 61829c0d45afbfe52dcbf15157048a59614aa2d0
- rabbitmq-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: aac1c4e8c02680a159235c6097db0ed66cfbe104
- shipyard:
- type: git
- location: https://git.openstack.org/openstack/airship-shipyard
- subpath: charts/shipyard
- reference: 165c845e3e7459d2a4892ed4ca910b00675e7561
- shipyard-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- tiller:
- type: git
- location: https://git.openstack.org/openstack/airship-armada
- subpath: charts/tiller
- reference: 0a5b74440c81ac9d7f84cf7b553f21bed01401e6
- tiller-htk:
- type: git
- location: https://git.openstack.org/openstack/openstack-helm-infra
- subpath: helm-toolkit
- reference: 59d74756ef2fdd0279f59f199879cc985cfef47d
- files:
- kubelet: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
-
- images_refs:
- images:
- dep_check: &dep_check quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- heat: &heat docker.io/openstackhelm/heat:ocata
- neutron: &neutron docker.io/openstackhelm/neutron:ocata
- neutron_sriov_agent: &neutron_sriov docker.io/openstackhelm/neutron:ocata-sriov-1804
- neutron_sriov_agent_init: &neutron_sriov_init docker.io/openstackhelm/neutron:ocata-sriov-1804
- horizon: &horizon docker.io/openstackhelm/horizon:ocata
- cinder: &cinder docker.io/openstackhelm/cinder:ocata
- keystone: &keystone docker.io/openstackhelm/keystone:ocata
- nova: &nova docker.io/openstackhelm/nova:ocata
- glance: &glance docker.io/openstackhelm/glance:ocata
- rabbitmq: &rabbitmq docker.io/rabbitmq:3.7-management
- rally_test: &rally_test docker.io/kolla/ubuntu-source-rally:4.0.0
- memcached: &memcached docker.io/memcached:1.5.5
- mariadb_db: &mariadb_db docker.io/mariadb:10.2.13
- nova_novncproxy: &nova_novncproxy docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
- nova_spiceproxy: &nova_spiceproxy docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
- ceph_daemon: &ceph_daemon docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
- openvswitch: &openvswitch docker.io/openstackhelm/openvswitch:v2.8.1
- os_barbican: &os_barbican docker.io/openstackhelm/barbican:ocata
- libvirt: &libvirt docker.io/openstackhelm/libvirt:ubuntu-xenial-1.3.1
- ingress_controller: &ingress_controller quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
- ingress_error_pages: &ingress_error_pages gcr.io/google-containers/defaultbackend:1.0
- # should probably be moved to https://quay.io/repository/airshipit/
- storage_init: &storage_init docker.io/port/ceph-config-helper:v1.10.2
- keystone: &ref_keystone
- ks_endpoints: *heat
- ks_service: *heat
- ks_user: *heat
-
- images:
- ucp:
- armada:
- api: quay.io/airshipit/armada:0a5b74440c81ac9d7f84cf7b553f21bed01401e6
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_user: docker.io/openstackhelm/heat:ocata
- image_repo_sync: docker.io/docker:17.07.0
- helm: docker.io/lachlanevenson/k8s-helm:v2.9.1
- tiller: gcr.io/kubernetes-helm/tiller:v2.9.1
- promenade:
- promenade: quay.io/airshipit/promenade:7a06bef72c0bfd799c2353b8213627f6a0826251
- ks_user: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- deckhand:
- deckhand: quay.io/airshipit/deckhand:0ac33c233d59a731bf289db23ec4a882ff359168
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- db_init: docker.io/postgres:9.5
- db_sync: quay.io/airshipit/deckhand:0ac33c233d59a731bf289db23ec4a882ff359168
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_user: docker.io/openstackhelm/heat:ocata
- barbican:
- bootstrap: docker.io/openstackhelm/heat:ocata
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- scripted_test: docker.io/openstackhelm/heat:ocata
- db_init: docker.io/openstackhelm/heat:ocata
- barbican_db_sync: docker.io/openstackhelm/barbican:ocata
- db_drop: docker.io/openstackhelm/heat:ocata
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_user: docker.io/openstackhelm/heat:ocata
- barbican_api: docker.io/openstackhelm/barbican:ocata
- rabbit_init: docker.io/rabbitmq:3.7-management
- divingbell:
- divingbell: docker.io/ubuntu:16.04
- drydock:
- drydock: quay.io/airshipit/drydock:7b6af1bdc9bdc8e8084dd825598100f9e1db163b
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- ks_user: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- drydock_db_init: docker.io/postgres:9.5
- drydock_db_sync: quay.io/airshipit/drydock:7b6af1bdc9bdc8e8084dd825598100f9e1db163b
- ingress:
- entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
- error_pages: gcr.io/google-containers/defaultbackend:1.0
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- shipyard:
- # should probably point to docker.io/puckel/docker-airflow:xxxxxx
- airflow: quay.io/airshipit/airflow:165c845e3e7459d2a4892ed4ca910b00675e7561
- shipyard: quay.io/airshipit/shipyard:165c845e3e7459d2a4892ed4ca910b00675e7561
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- shipyard_db_init: docker.io/postgres:9.5
- shipyard_db_sync: quay.io/airshipit/shipyard:165c845e3e7459d2a4892ed4ca910b00675e7561
- airflow_db_init: docker.io/postgres:9.5
- # should probably point to docker.io/puckel/docker-airflow:xxxxxx
- airflow_db_sync: quay.io/airshipit/airflow:165c845e3e7459d2a4892ed4ca910b00675e7561
- ks_user: docker.io/openstackhelm/heat:ocata
- ks_service: docker.io/openstackhelm/heat:ocata
- ks_endpoints: docker.io/openstackhelm/heat:ocata
- image_repo_sync: docker.io/docker:17.07.0
- maas:
- db_init: docker.io/postgres:9.5
- db_sync: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
- maas_rack: quay.io/airshipit/maas-rack-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
- maas_region: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
- bootstrap: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
- export_api_key: quay.io/airshipit/maas-region-controller:10d4966810bab5d815245820db7dc5ae160e6c4f
- maas_cache: quay.io/airshipit/sstream-cache:10d4966810bab5d815245820db7dc5ae160e6c4f
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- keystone:
- bootstrap: docker.io/openstackhelm/heat:ocata
- test: docker.io/kolla/ubuntu-source-rally:4.0.0
- db_init: docker.io/openstackhelm/heat:ocata
- keystone_db_sync: docker.io/openstackhelm/keystone:ocata
- db_drop: docker.io/openstackhelm/heat:ocata
- ks_user: docker.io/openstackhelm/heat:ocata
- keystone_fernet_setup: docker.io/openstackhelm/keystone:ocata
- keystone_fernet_rotate: docker.io/openstackhelm/keystone:ocata
- keystone_credential_setup: docker.io/openstackhelm/keystone:ocata
- keystone_credential_rotate: docker.io/openstackhelm/keystone:ocata
- keystone_api: docker.io/openstackhelm/keystone:ocata
- keystone_domain_manage: docker.io/openstackhelm/keystone:ocata
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- rabbit_init: docker.io/rabbitmq:3.7-management
- image_repo_sync: docker.io/docker:17.07.0
- tiller:
- tiller: gcr.io/kubernetes-helm/tiller:v2.9.1
- mariadb:
- mariadb: docker.io/mariadb:10.2.13
- ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
- error_pages: gcr.io/google-containers/defaultbackend:1.0
- prometheus_create_mysql_user: docker.io/mariadb:10.2.13
- prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0
- prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:ocata
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- postgresql:
- postgresql: docker.io/postgres:9.5
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- memcached:
- memcached: docker.io/memcached:1.5.5
- prometheus_memcached_exporter: docker.io/prom/memcached-exporter:v0.4.1
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- rabbitmq:
- prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0
- prometheus_rabbitmq_exporter_helm_tests: docker.io/openstackhelm/heat:ocata
- rabbitmq: docker.io/rabbitmq:3.7.4
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- scripted_test: docker.io/rabbitmq:3.7-management
- image_repo_sync: docker.io/docker:17.07.0
- osh:
- memcached:
- dep_check: *dep_check
- memcached: *memcached
- barbican:
- bootstrap: *heat
- dep_check: *dep_check
- scripted_test: *heat
- db_init: *heat
- barbican_db_sync: *os_barbican
- db_drop: *heat
- <<: *ref_keystone
- barbican_api: *os_barbican
- rabbit_init: *rabbitmq
- cinder:
- test: *rally_test
- db_init: *heat
- cinder_db_sync: *cinder
- db_drop: *heat
- <<: *ref_keystone
- cinder_api: *cinder
- bootstrap: *heat
- cinder_scheduler: *cinder
- cinder_volume: *cinder
- cinder_volume_usage_audit: *cinder
- cinder_storage_init: *storage_init
- cinder_backup: *cinder
- cinder_backup_storage_init: *storage_init
- dep_check: *dep_check
- rabbit_init: *rabbitmq
- glance:
- test: *rally_test
- glance_storage_init: *storage_init
- db_init: *heat
- glance_db_sync: *glance
- db_drop: *heat
- <<: *ref_keystone
- glance_api: *glance
- glance_registry: *glance
- # Bootstrap image requires curl
- bootstrap: *heat
- dep_check: *dep_check
- rabbit_init: *rabbitmq
- heat:
- bootstrap: *heat
- db_init: *heat
- heat_db_sync: *heat
- db_drop: *heat
- <<: *ref_keystone
- heat_api: *heat
- heat_cfn: *heat
- heat_cloudwatch: *heat
- heat_engine: *heat
- heat_engine_cleaner: *heat
- dep_check: *dep_check
- rabbit_init: *rabbitmq
- horizon:
- db_init: *heat
- horizon_db_sync: *horizon
- db_drop: *heat
- horizon: *horizon
- dep_check: *dep_check
- ingress:
- entrypoint: *dep_check
- ingress: *ingress_controller
- error_pages: *ingress_error_pages
- dep_check: *dep_check
- keystone:
- bootstrap: *heat
- test: *rally_test
- db_init: *heat
- keystone_db_sync: *keystone
- db_drop: *heat
- <<: *ref_keystone
- keystone_fernet_setup: *keystone
- keystone_fernet_rotate: *keystone
- keystone_credential_setup: *keystone
- keystone_credential_rotate: *keystone
- keystone_api: *keystone
- keystone_domain_manage: *keystone
- dep_check: *dep_check
- rabbit_init: *rabbitmq
- libvirt:
- libvirt: *libvirt
- dep_check: *dep_check
- mariadb:
- mariadb: *mariadb_db
- ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
- error_pages: gcr.io/google-containers/defaultbackend:1.0
- prometheus_create_mysql_user: *mariadb_db
- prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0
- prometheus_mysql_exporter_helm_tests: *heat
- dep_check: *dep_check
- image_repo_sync: docker.io/docker:17.07.0
- neutron:
- bootstrap: *heat
- test: *rally_test
- db_init: *heat
- neutron_db_sync: *neutron
- db_drop: *heat
- <<: *ref_keystone
- neutron_server: *neutron
- neutron_dhcp: *neutron
- neutron_metadata: *neutron
- neutron_l3: *neutron
- neutron_openvswitch_agent: *neutron
- neutron_linuxbridge_agent: *neutron
- neutron_sriov_agent: *neutron_sriov
- neutron_sriov_agent_init: *neutron_sriov_init
- dep_check: *dep_check
- rabbit_init: *rabbitmq
- nova:
- bootstrap: *heat
- db_drop: *heat
- db_init: *heat
- dep_check: *dep_check
- <<: *ref_keystone
- nova_api: *nova
- nova_cell_setup: *nova
- nova_cell_setup_init: *heat
- nova_compute: *nova
- nova_compute_ssh: *nova
- nova_conductor: *nova
- nova_consoleauth: *nova
- nova_db_sync: *nova
- nova_novncproxy: *nova
- nova_novncproxy_assets: *nova_novncproxy
- nova_placement: *nova
- nova_scheduler: *nova
- nova_spiceproxy: *nova
- nova_spiceproxy_assets: *nova_spiceproxy
- test: *rally_test
- rabbit_init: *rabbitmq
- openvswitch:
- openvswitch_db_server: *openvswitch
- openvswitch_vswitchd: *openvswitch
- dep_check: *dep_check
- rabbitmq:
- prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0
- prometheus_rabbitmq_exporter_helm_tests: *heat
- rabbitmq: docker.io/rabbitmq:3.7.4
- dep_check: *dep_check
- osh_infra:
- elasticsearch:
- apache_proxy: docker.io/httpd:2.4
- memory_init: *heat
- curator: docker.io/bobrik/curator:5.2.0
- elasticsearch: docker.io/elasticsearch:5.6.4
- helm_tests: *heat
- prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- snapshot_repository: *heat
- image_repo_sync: docker.io/docker:17.07.0
- fluent_logging:
- fluentbit: docker.io/fluent/fluent-bit:0.12.14
- fluentd: docker.io/kolla/ubuntu-source-fluentd:ocata
- # should be moved to somewhere...
- prometheus_fluentd_exporter: docker.io/srwilkers/fluentd_exporter:v0.1
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- helm_tests: *heat
- elasticsearch_template: *heat
- image_repo_sync: docker.io/docker:17.07.0
- kibana:
- apache_proxy: docker.io/httpd:2.4
- kibana: docker.elastic.co/kibana/kibana:5.6.4
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- prometheus:
- prometheus: docker.io/prom/prometheus:v2.0.0
- helm_tests: *heat
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- prometheus_node_exporter:
- node_exporter: docker.io/prom/node-exporter:v0.15.0
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- prometheus_kube_state_metrics:
- kube_state_metrics: docker.io/bitnami/kube-state-metrics:1.3.1
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- prometheus_alertmanager:
- alertmanager: docker.io/prom/alertmanager:v0.11.0
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- prometheus_openstack_exporter:
- prometheus_openstack_exporter: quay.io/attcomdev/prometheus-openstack-exporter:3231f14419f0c47547ce2551b7d884cd222104e6
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- <<: *ref_keystone
- grafana:
- grafana: docker.io/grafana/grafana:5.0.0
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- db_init: *heat
- grafana_db_session_sync: *heat
- image_repo_sync: docker.io/docker:17.07.0
- nagios:
- apache_proxy: docker.io/httpd:2.4
- # should probably be moved to airshipit
- # 'latest' refers to '4852dfd1455db6fb2330744c599b0c2ada3c78f5', however latest pushed is '11b061a3afe6e4671d98900d7249b5ad5090fd73'
- nagios: quay.io/attcomdev/nagios:4852dfd1455db6fb2330744c599b0c2ada3c78f5
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
- ceph:
- ceph-mon:
- fluentbit: docker.io/fluent/fluent-bit:0.12.14
- ceph_bootstrap: *ceph_daemon
- ceph_config_helper: docker.io/port/ceph-config-helper:v1.10.2
- ceph_mon: *ceph_daemon
- ceph_mon_check: docker.io/port/ceph-config-helper:v1.10.2
- dep_check: *dep_check
- image_repo_sync: docker.io/docker:17.07.0
- ceph-osd:
- fluentbit: docker.io/fluent/fluent-bit:0.12.14
- ceph_osd: *ceph_daemon
- ceph_bootstrap: *ceph_daemon
- dep_check: *dep_check
- image_repo_sync: docker.io/docker:17.07.0
- ceph-client:
- ceph_bootstrap: *ceph_daemon
- ceph_cephfs_provisioner: quay.io/external_storage/cephfs-provisioner:v0.1.1
- ceph_config_helper: docker.io/port/ceph-config-helper:v1.10.2
- ceph_mds: *ceph_daemon
- ceph_mgr: *ceph_daemon
- ceph_rbd_pool: docker.io/port/ceph-config-helper:v1.10.2
- ceph_rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1
- ceph_rgw: *ceph_daemon
- dep_check: *dep_check
- <<: *ref_keystone
- image_repo_sync: docker.io/docker:17.07.0
- kubernetes:
- apiserver:
- anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- apiserver: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- controller-manager:
- anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- controller_manager: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- coredns:
- coredns: docker.io/coredns/coredns:1.1.2
- test: docker.io/coredns/coredns:1.1.2
- haproxy:
- haproxy: docker.io/haproxy:1.8.3
- anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- test: docker.io/python:3.6
- etcd:
- # quay.io/coreos/etcd:v3.2.14
- etcd: quay.io/coreos/etcd:v3.2.14
- etcdctl: quay.io/coreos/etcd:v3.2.14
- ingress:
- entrypoint: *dep_check
- ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
- error_pages: gcr.io/google-containers/defaultbackend:1.0
- dep_check: *dep_check
- image_repo_sync: docker.io/docker:17.07.0
-
- kubectl: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- pause: gcr.io/google-containers/pause-amd64:3.1
-
- scheduler:
- anchor: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- scheduler: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- proxy:
- proxy: gcr.io/google-containers/hyperkube-amd64:v1.10.2
- calico:
- etcd:
- etcd: quay.io/coreos/etcd:v3.2.14
- etcdctl: quay.io/coreos/etcd:v3.2.14
- calico:
- calico_etcd: quay.io/coreos/etcd:v3.2.14
- calico_node: quay.io/calico/node:v2.6.9
- calico_cni: quay.io/calico/cni:v1.11.5
- calico_ctl: quay.io/calico/ctl:v1.6.4
- calico_settings: quay.io/calico/ctl:v1.6.4
- calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
- dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
- image_repo_sync: docker.io/docker:17.07.0
-
- packages:
- repositories:
- main_archive:
- repo_type: apt
- url: 'http://us.archive.ubuntu.com/ubuntu'
- distributions:
- - 'xenial'
- components:
- - 'main'
- - 'universe'
- - 'multiverse'
- subrepos:
- - 'security'
- - 'updates'
- - 'backports'
- docker:
- repo_type: apt
- url: 'http://apt.dockerproject.org/repo'
- distributions:
- - ubuntu-xenial
- components:
- - main
- gpgkey: |-
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
- ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
- mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
- TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
- dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
- X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
- HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
- NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
- hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
- 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
- zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
- tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
- Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
- AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
- Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
- 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
- uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
- 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
- L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
- YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
- 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
- jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
- HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
- MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
- TvBR8Q==
- =Fm3p
- -----END PGP PUBLIC KEY BLOCK-----
- named:
- docker: docker-engine=1.13.1-0~ubuntu-xenial
- socat: socat=1.7.3.1-1
- unnamed:
- - ceph-common=10.2.11-0ubuntu0.16.04.2
-...
+++ /dev/null
----
-schema: armada/Manifest/v1
-metadata:
- schema: metadata/Document/v1
- name: cluster-bootstrap
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
-data:
- release_prefix: airship
- chart_groups:
- - kubernetes-proxy
- - kubernetes-container-networking
- - kubernetes-dns
- - kubernetes-etcd
- - kubernetes-haproxy
- - kubernetes-core
- - ingress-kube-system
- - ucp-ceph
- - ucp-ceph-config
- - ucp-core
- - ucp-keystone
- - ucp-divingbell
- - ucp-armada
- - ucp-deckhand
- - ucp-drydock
- - ucp-promenade
- - ucp-shipyard
+++ /dev/null
----
-schema: armada/Manifest/v1
-metadata:
- schema: metadata/Document/v1
- name: full-site-global
- layeringDefinition:
- abstract: true
- layer: global
- labels:
- name: full-site-global
- storagePolicy: cleartext
-data:
- release_prefix: airship
- chart_groups:
- - kubernetes-proxy
- - kubernetes-container-networking
- - kubernetes-dns
- - kubernetes-etcd
- - kubernetes-haproxy
- - kubernetes-core
- - ingress-kube-system
- - ucp-ceph-update
- - ucp-ceph-config
- - ucp-core
- - ucp-keystone
- - ucp-divingbell
- - ucp-armada
- - ucp-deckhand
- - ucp-drydock
- - ucp-promenade
- - ucp-shipyard
- - osh-infra-ingress-controller
- - osh-infra-ceph-config
- - osh-infra-logging
- - osh-infra-monitoring
- - osh-infra-mariadb
- - osh-infra-dashboards
- - openstack-ingress-controller
- - openstack-ceph-config
- - openstack-mariadb
- - openstack-memcached
- - openstack-compute-services
- - openstack-keystone
- - openstack-radosgw
- - openstack-glance
- - openstack-cinder
- - openstack-compute-kit
- - openstack-heat
- - osh-infra-prometheus-openstack-exporter
- - openstack-horizon
- - openstack-barbican
-...
+++ /dev/null
----
-# This file defines a boot action which is responsible for fetching the node's
-# promjoin script from the promenade API. This is the script responsible for
-# installing kubernetes on the node and joining the kubernetes cluster.
-# #GLOBAL-CANDIDATE#
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: promjoin
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: site
- labels:
- application: 'drydock'
-data:
- signaling: false
- # TODO(alanmeadows) move what is global about this document
- assets:
- - path: /opt/promjoin.sh
- type: file
- permissions: '555'
- # The ip= parameter must match the MaaS network name of the network used
- # to contact kubernetes. With a standard, reference Airship deployment where
- # L2 networks are shared between all racks, the network name (i.e. calico)
- # should be correct.
- location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
- location_pipeline:
- - template
- data_pipeline:
- - utf8_decode
-...
+++ /dev/null
----
-# Drydock BaremetalNode resources for a specific rack are stored in this file.
-#
-# NOTE: For new sites, you should complete the networks/physical/networks.yaml
-# file before working on this file.
-#
-# In this file, you should make the number of `drydock/BaremetalNode/v1`
-# resources equal the number of bare metal nodes you have, either by deleting
-# excess BaremetalNode definitions (if there are too many), or by copying and
-# pasting the last BaremetalNode in the file until you have the correct number
-# of baremetal nodes (if there are too few).
-#
-# Then in each file, address all additional NEWSITE-CHANGEME markers to update
-# the data in these files with the right values for your new site.
-#
-# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
-# that the Genesis node does not appear on this bare metal list, because the
-# procedure to reprovision the Genesis host with MaaS has not yet been
-# implemented. Therefore there will be only three bare metal nodes in this file
-# with the 'masters' tag, as the genesis roles are assigned in a difference
-# place (profiles/genesis.yaml).
-# NOTE: The host profiles for the control plane are further divided into two
-# variants: primary and secondary. The only significance this has is that the
-# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
-# standby nodes. For Ceph quorum, this means that the control plane split will
-# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
-# of the 3 primary profiles. Other control plane services are not affected by
-# primary vs secondary designation.
-#
-# TODO: Include the hostname naming convention
-#
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
- # after (excluding) genesis.
- name: cab23-r720-12
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
- # node. In the reference Airship deployment, this is all logical Networks defined
- # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
- # (what could possibly go wrong!) The instructions differ for each logical
- # network, which are laid out below.
- addressing:
- # The iDrac/iLo IP of the node. It's important that this match up with the
- # node's hostname above, so that the rack number and node position encoded
- # in the hostname are accurate and matching the node that IPMI operations
- # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
- # reconfigure identity, etc - very important to get right for these reasons).
- # These addresses should already be assigned to nodes racked and stacked in
- # the environment; these are not addresses which MaaS assigns.
- - network: oob
- address: 10.23.104.12
- # The IP of the node on the PXE network. Refer to the static IP range
- # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
- # IPs from this network, starting with the second IP (inclusive) from the
- # allocation range of this subnet (Genesis node will have the first IP).
- # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
- # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
- # so on with incrementing IP addresses with each additional node.
- - network: pxe
- address: 10.23.20.12
- # Genesis node gets first IP, all other nodes increment IPs from there
- # within the allocation range defined for the network in
- # networks/physical/networks.yaml
- - network: oam
- address: 10.23.21.12
- # Genesis node gets first IP, all other nodes increment IPs from there
- # within the allocation range defined for the network in
- # networks/physical/networks.yaml
- - network: storage
- address: 10.23.23.12
- # Genesis node gets first IP, all other nodes increment IPs from there
- # within the allocation range defined for the network in
- # networks/physical/networks.yaml
- - network: overlay
- address: 10.23.24.12
- # Genesis node gets first IP, all other nodes increment IPs from there
- # within the allocation range defined for the network in
- # networks/physical/networks.yaml
- - network: calico
- address: 10.23.22.12
- # NEWSITE-CHANGEME: Set the host profile for the node.
- # Note that there are different host profiles depending if this is a control
- # plane vs data plane node, and different profiles that map to different types
- # hardware. Control plane host profiles are further broken down into "primary"
- # and "secondary" profiles (refer to the Notes section at the top of this doc).
- # Select the host profile that matches up to your type of
- # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
- # 'cp' refers to a control plane profile, and the "primary" means it will be
- # an active member in the ceph quorum. Refer to profiles/host/ for the list
- # of available host profiles specific to this site (otherwise, you may find
- # a general set of host profiles at the "type" or "global" layers/folders.
- # If you have hardware that is not on this list of profiles, you may need to
- # create a new host profile for that hardware.
- # Regarding control plane vs other data plane profiles, refer to the notes at
- # the beginning of this file. There should be one control plane node per rack,
- # including Genesis. Note Genesis won't actually be listed in this file as a
- # BaremetalNode, but the rest are.
- # This is the second "primary" control plane node after Genesis.
- host_profile: cp_r720-primary
- metadata:
- tags:
- # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
- # plane node, and 'workers' tag for data plane hosts.
- - 'masters'
- # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
- # documentation for the specific rack name. This should be a rack name that
- # is meaningful to data center personnel (i.e. a rack they could locate if
- # you gave them this rack designation).
- rack: cab23
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: The next node's hostname
- name: cab23-r720-13
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: The next node's IPv4 addressing
- addressing:
- - network: oob
- address: 10.23.104.13
- - network: pxe
- address: 10.23.20.13
- - network: oam
- address: 10.23.21.13
- - network: storage
- address: 10.23.23.13
- - network: overlay
- address: 10.23.24.13
- - network: calico
- address: 10.23.22.13
- # NEWSITE-CHANGEME: The next node's host profile
- host_profile: cp_r720-primary
- metadata:
- # NEWSITE-CHANGEME: The next node's rack designation
- rack: cab23
- # NEWSITE-CHANGEME: The next node's role desigatnion
- tags:
- - 'masters'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: The next node's hostname
- name: cab23-r720-14
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: The next node's IPv4 addressing
- addressing:
- - network: oob
- address: 10.23.104.14
- - network: pxe
- address: 10.23.20.14
- - network: oam
- address: 10.23.21.14
- - network: storage
- address: 10.23.23.14
- - network: overlay
- address: 10.23.24.14
- - network: calico
- address: 10.23.22.14
- # NEWSITE-CHANGEME: The next node's host profile
- # This is the third "primary" control plane profile after genesis
- host_profile: cp_r740-secondary
- metadata:
- # NEWSITE-CHANGEME: The next node's rack designation
- rack: cab23
- # NEWSITE-CHANGEME: The next node's role desigatnion
- tags:
- - 'masters'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: The next node's hostname
- name: cab23-r720-17
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: The next node's IPv4 addressing
- addressing:
- - network: oob
- address: 10.23.104.17
- - network: pxe
- address: 10.23.20.17
- - network: oam
- address: 10.23.21.17
- - network: storage
- address: 10.23.23.17
- - network: overlay
- address: 10.23.24.17
- - network: calico
- address: 10.23.22.17
- # NEWSITE-CHANGEME: The next node's host profile
- # This is the one and only appearance of the "secondary" control plane profile
- host_profile: dp_r720
- metadata:
- # NEWSITE-CHANGEME: The next node's rack designation
- rack: cab23
- # NEWSITE-CHANGEME: The next node's role desigatnion
- tags:
- - 'workers'
-...
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- # NEWSITE-CHANGEME: The next node's hostname
- name: cab23-r720-19
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: The next node's IPv4 addressing
- addressing:
- - network: oob
- address: 10.23.104.19
- - network: pxe
- address: 10.23.20.19
- - network: oam
- address: 10.23.21.19
- - network: storage
- address: 10.23.23.19
- - network: overlay
- address: 10.23.24.19
- - network: calico
- address: 10.23.22.19
- # NEWSITE-CHANGEME: The next node's host profile
- host_profile: dp_r720
- metadata:
- # NEWSITE-CHANGEME: The next node's rack designation
- rack: cab23
- # NEWSITE-CHANGEME: The next node's role desigatnion
- tags:
- - 'workers'
-...
+++ /dev/null
----
-# The purpose of this file is to provide shipyard related deployment config
-# parameters. This should not require modification for a new site. However,
-# shipyard deployment strategies can be very useful in getting around certain
-# failures, like misbehaving nodes that hold up the deployment. See more at
-# https://github.com/openstack/airship-shipyard/blob/master/docs/source/site-definition-documents.rst#using-a-deployment-strategy
-schema: shipyard/DeploymentConfiguration/v1
-metadata:
- schema: metadata/Document/v1
- name: deployment-configuration
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- physical_provisioner:
- deployment_strategy: deployment-strategy
- deploy_interval: 30
- deploy_timeout: 3600
- destroy_interval: 30
- destroy_timeout: 900
- join_wait: 120
- prepare_node_interval: 30
- prepare_node_timeout: 1800
- prepare_site_interval: 10
- prepare_site_timeout: 300
- verify_interval: 10
- verify_timeout: 60
- kubernetes_provisioner:
- drain_timeout: 3600
- drain_grace_period: 1800
- clear_labels_timeout: 1800
- remove_etcd_timeout: 1800
- etcd_ready_timeout: 600
- armada:
- get_releases_timeout: 300
- get_status_timeout: 300
- manifest: 'full-site'
- post_apply_timeout: 2700
- validate_design_timeout: 600
-...
+++ /dev/null
----
-# The purpose of this file is to define the PKI certificates for the environment
-#
-# NOTE: When deploying a new site, this file should not be configured until
-# baremetal/nodes.yaml is complete.
-#
-schema: promenade/PKICatalog/v1
-metadata:
- schema: metadata/Document/v1
- name: cluster-certificates
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- certificate_authorities:
- kubernetes:
- description: CA for Kubernetes components
- certificates:
- - document_name: apiserver
- description: Service certificate for Kubernetes apiserver
- common_name: apiserver
- hosts:
- - localhost
- - 127.0.0.1
- # FIXME: Repetition of api_service_ip in common-addresses; use
- # substitution
- - 10.96.0.1
- kubernetes_service_names:
- - kubernetes.default.svc.cluster.local
-
- # NEWSITE-CHANGEME: The following should be a list of all the nodes in
- # the environment (genesis, control plane, data plane, everything).
- # Add/delete from this list as necessary until all nodes are listed.
- # For each node, the `hosts` list should be comprised of:
- # 1. The node's hostname, as already defined in baremetal/nodes.yaml
- # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
- # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
- # NOTE: This list also needs to include the Genesis node, which is not
- # listed in baremetal/nodes.yaml, but by convention should be allocated
- # the first non-reserved IP in each logical network allocation range
- # defined in networks/physical/networks.yaml
- # NOTE: The genesis node needs to be defined twice (the first two entries
- # on this list) with all of the same paramters except the document_name.
- # In the first case the document_name is `kubelet-genesis`, and in the
- # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
- - document_name: kubelet-genesis
- common_name: system:node:cab23-r720-11
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-11
- common_name: system:node:cab23-r720-11
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-12
- common_name: system:node:cab23-r720-12
- hosts:
- - cab23-r720-12
- - 10.23.21.12
- - 10.23.22.12
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-13
- common_name: system:node:cab23-r720-13
- hosts:
- - cab23-r720-13
- - 10.23.21.13
- - 10.23.22.13
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-14
- common_name: system:node:cab23-r720-14
- hosts:
- - cab23-r720-14
- - 10.23.21.14
- - 10.23.22.14
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-17
- common_name: system:node:cab23-r720-17
- hosts:
- - cab23-r720-17
- - 10.23.21.17
- - 10.23.22.17
- groups:
- - system:nodes
- - document_name: kubelet-cab23-r720-19
- common_name: system:node:cab23-r720-19
- hosts:
- - cab23-r720-19
- - 10.23.21.19
- - 10.23.22.19
- groups:
- - system:nodes
- # End node list
- - document_name: scheduler
- description: Service certificate for Kubernetes scheduler
- common_name: system:kube-scheduler
- - document_name: controller-manager
- description: certificate for controller-manager
- common_name: system:kube-controller-manager
- - document_name: admin
- common_name: admin
- groups:
- - system:masters
- - document_name: armada
- common_name: armada
- groups:
- - system:masters
- kubernetes-etcd:
- description: Certificates for Kubernetes's etcd servers
- certificates:
- - document_name: apiserver-etcd
- description: etcd client certificate for use by Kubernetes apiserver
- common_name: apiserver
- # NOTE(mark-burnett): hosts not required for client certificates
- - document_name: kubernetes-etcd-anchor
- description: anchor
- common_name: anchor
- # NEWSITE-CHANGEME: The following should be a list of the control plane
- # nodes in the environment, including genesis.
- # For each node, the `hosts` list should be comprised of:
- # 1. The node's hostname, as already defined in baremetal/nodes.yaml
- # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
- # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
- # 4. 127.0.0.1
- # 5. localhost
- # 6. kubernetes-etcd.kube-system.svc.cluster.local
- # NOTE: This list also needs to include the Genesis node, which is not
- # listed in baremetal/nodes.yaml, but by convention should be allocated
- # the first non-reserved IP in each logical network allocation range
- # defined in networks/physical/networks.yaml, except for the kubernetes
- # service_cidr where it should start with the second IP in the range.
- # NOTE: The genesis node is defined twice with the same `hosts` data:
- # Once with its hostname in the common/document name, and once with
- # `genesis` defined instead of the host. For now, this duplicated
- # genesis definition is required. FIXME: Remove duplicate definition
- # after Promenade addresses this issue.
- - document_name: kubernetes-etcd-genesis
- common_name: kubernetes-etcd-genesis
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-11
- common_name: kubernetes-etcd-cab23-r720-11
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-12
- common_name: kubernetes-etcd-cab23-r720-12
- hosts:
- - cab23-r720-12
- - 10.23.21.12
- - 10.23.22.12
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-13
- common_name: kubernetes-etcd-cab23-r720-13
- hosts:
- - cab23-r720-13
- - 10.23.21.13
- - 10.23.22.13
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-14
- common_name: kubernetes-etcd-cab23-r720-14
- hosts:
- - cab23-r720-14
- - 10.23.21.14
- - 10.23.22.14
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- # End node list
- kubernetes-etcd-peer:
- certificates:
- # NEWSITE-CHANGEME: This list should be identical to the previous list,
- # except that `-peer` has been appended to the document/common names.
- - document_name: kubernetes-etcd-genesis-peer
- common_name: kubernetes-etcd-genesis-peer
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-11-peer
- common_name: kubernetes-etcd-cab23-r720-11-peer
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-12-peer
- common_name: kubernetes-etcd-cab23-r720-12-peer
- hosts:
- - cab23-r720-12
- - 10.23.21.12
- - 10.23.22.12
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-13-peer
- common_name: kubernetes-etcd-cab23-r720-13-peer
- hosts:
- - cab23-r720-13
- - 10.23.21.13
- - 10.23.22.13
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- - document_name: kubernetes-etcd-cab23-r720-14-peer
- common_name: kubernetes-etcd-cab23-r720-14-peer
- hosts:
- - cab23-r720-14
- - 10.23.21.14
- - 10.23.22.14
- - 127.0.0.1
- - localhost
- - kubernetes-etcd.kube-system.svc.cluster.local
- - 10.96.0.2
- # End node list
- calico-etcd:
- description: Certificates for Calico etcd client traffic
- certificates:
- - document_name: calico-etcd-anchor
- description: anchor
- common_name: anchor
- # NEWSITE-CHANGEME: The following should be a list of the control plane
- # nodes in the environment, including genesis.
- # For each node, the `hosts` list should be comprised of:
- # 1. The node's hostname, as already defined in baremetal/nodes.yaml
- # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
- # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
- # 4. 127.0.0.1
- # 5. localhost
- # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
- # NOTE: This list also needs to include the Genesis node, which is not
- # listed in baremetal/nodes.yaml, but by convention should be allocated
- # the first non-reserved IP in each logical network allocation range
- # defined in networks/physical/networks.yaml
- - document_name: calico-etcd-cab23-r720-11
- common_name: calico-etcd-cab23-r720-11
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-12
- common_name: calico-etcd-cab23-r720-12
- hosts:
- - cab23-r720-12
- - 10.23.21.12
- - 10.23.22.12
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-13
- common_name: calico-etcd-cab23-r720-13
- hosts:
- - cab23-r720-13
- - 10.23.21.13
- - 10.23.22.13
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-14
- common_name: calico-etcd-cab23-r720-14
- hosts:
- - cab23-r720-14
- - 10.23.21.14
- - 10.23.22.14
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-node
- common_name: calcico-node
- # End node list
- calico-etcd-peer:
- description: Certificates for Calico etcd clients
- certificates:
- # NEWSITE-CHANGEME: This list should be identical to the previous list,
- # except that `-peer` has been appended to the document/common names.
- - document_name: calico-etcd-cab23-r720-11-peer
- common_name: calico-etcd-cab23-r720-11-peer
- hosts:
- - cab23-r720-11
- - 10.23.21.11
- - 10.23.22.11
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-12-peer
- common_name: calico-etcd-cab23-r720-12-peer
- hosts:
- - cab23-r720-12
- - 10.23.21.12
- - 10.23.22.12
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-13-peer
- common_name: calico-etcd-cab23-r720-13-peer
- hosts:
- - cab23-r720-13
- - 10.23.21.13
- - 10.23.22.13
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-etcd-cab23-r720-14-peer
- common_name: calico-etcd-cab23-r720-14-peer
- hosts:
- - cab23-r720-14
- - 10.23.21.14
- - 10.23.22.14
- - 127.0.0.1
- - localhost
- - 10.96.232.136
- - document_name: calico-node-peer
- common_name: calcico-node-peer
- # End node list
- keypairs:
- - name: service-account
- description: Service account signing key for use by Kubernetes controller-manager.
-...
+++ /dev/null
----
-# The purpose of this file is to apply proper labels to Genesis node so the
-# proper services are installed and proper configuration applied. This should
-# not need to be changed for a new site.
-# #GLOBAL-CANDIDATE#
-schema: promenade/Genesis/v1
-metadata:
- schema: metadata/Document/v1
- name: genesis-site
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: genesis-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- labels:
- dynamic:
- - beta.kubernetes.io/fluentd-ds-ready=true
- - calico-etcd=enabled
- - ceph-mds=enabled
- - ceph-mon=enabled
- - ceph-osd=enabled
- - ceph-rgw=enabled
- - ceph-mgr=enabled
- - ceph-bootstrap=enabled
- - kube-dns=enabled
- - kube-ingress=enabled
- - kubernetes-apiserver=enabled
- - kubernetes-controller-manager=enabled
- - kubernetes-etcd=enabled
- - kubernetes-scheduler=enabled
- - promenade-genesis=enabled
- - ucp-control-plane=enabled
- - maas-control-plane=enabled
- - ceph-osd-bootstrap=enabled
- - openstack-control-plane=enabled
- - openvswitch=enabled
- - openstack-l3-agent=enabled
- - node-exporter=enabled
-...
+++ /dev/null
----
-# Certs genrated by Promenade, see docs at
-# https://treasuremap.readthedocs.io/en/latest/deployment.html#site-new-site-pki-pki-catalog-yaml
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy
- bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
- DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5
- SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ
- 1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK
- N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ
- uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B
- qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE
- AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY
- /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG
- 9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85
- YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G
- CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB
- yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/
- YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV
- FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK
- S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
- 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN
- mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S
- 8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU
- Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu
- 93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa
- BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO
- BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC
- 0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX
- x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY
- sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI
- d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub
- /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp
- zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR
- t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD
- VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
- ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt
- +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs
- 8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA
- fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC
- 3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs
- 1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C
- AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
- VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz
- EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh
- 3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I
- +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+
- im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL
- hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV
- DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl
- cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
- ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ
- 48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F
- qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW
- /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX
- T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr
- OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/
- BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ
- a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG
- SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt
- YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ
- SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp
- qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un
- XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg
- KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT
- Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
- SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B
- NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt
- FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E
- ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8
- jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC
- JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk
- MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL
- fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X
- 0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr
- EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5
- 9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9
- cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+
- O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O
- nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthority/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF
- eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE
- kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD
- Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6
- ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP
- wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn
- lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy
- 0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3
- zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G
- 9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y
- MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE
- vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94
- 79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL
- ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ
- SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH
- pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1
- 8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO
- AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd
- SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC
- nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj
- XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H
- fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT
- RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43
- RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0
- ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB
- 6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO
- RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe
- jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF
- jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI
- 0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw
- qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy
- bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK
- y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn
- hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv
- Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr
- V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv
- meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm
- Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN
- qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq
- /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa
- wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn
- h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g
- ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd
- +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY
- OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67
- PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF
- o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z
- JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w
- VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b
- A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS
- vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0
- w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3
- q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6
- GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V
- tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL
- kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR
- w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM
- NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT
- cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX
- GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL
- KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp
- FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ
- q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ
- 9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/
- yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm
- cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG
- t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc
- e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9
- EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN
- qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O
- s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl
- t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM
- E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj
- wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq
- IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9
- 6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP
- mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7
- EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm
- fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t
- aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN
- iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO
- QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA
- 2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f
- 8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8
- uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE
- rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV
- CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ
- LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u
- 3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ
- qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc
- ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy
- Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n
- +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ
- +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C
- N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY
- JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf
- SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO
- cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI
- OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp
- 90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+
- aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv
- ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq
- sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB
- PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh
- WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj
- SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6
- v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR
- +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O
- OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV
- FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63
- l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+
- R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh
- oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI
- fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len
- mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H
- 9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/
- j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc
- V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy
- PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A
- gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz
- MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateAuthorityKey/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
- cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E
- 7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo
- BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv
- ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW
- nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3
- tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6
- eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
- BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK
- o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw
- gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
- LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
- YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
- LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b
- aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci
- DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8
- f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4
- xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR
- nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE
- hZ31xtrZ
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: apiserver
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ
- d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m
- xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW
- SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6
- vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC
- 87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P
- 0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM
- 4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw
- bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS
- TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC
- 5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc
- 2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex
- +dVrrs9WHz75bkI2WjM=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-genesis
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH
- 1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39
- l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61
- Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ
- /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX
- cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO
- FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1
- +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE
- sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P
- SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q
- LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1
- xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK
- QijkMKvqKTOlnfNKDfc=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL
- 832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp
- Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N
- Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH
- ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n
- z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf
- zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER
- bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs
- /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp
- z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS
- 79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7
- ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO
- g4yoDBEEyyW9r5Eueog=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i
- lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B
- Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH
- 0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL
- K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1
- S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf
- UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH
- hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM
- R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP
- aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n
- DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf
- m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq
- 1IDSL9AZgtvpDsmvRCs=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ
- Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g
- CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X
- Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF
- lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i
- V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ
- 2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim
- WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5
- AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF
- 242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9
- iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn
- W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd
- nTuWAQKSi1NkrbMGPbM=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok
- +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd
- 7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7
- KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr
- o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs
- aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE
- vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c
- +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ
- nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7
- 5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K
- 3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh
- HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz
- zr1W0czzU7eCi2O0qCU=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-17
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl
- bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk
- kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK
- vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO
- 35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP
- rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK
- mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA
- AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl
- HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC
- DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g
- CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2
- cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9
- kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5
- ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01
- 5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9
- 84nzOVurqWynOCj0k3o=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-19
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
- bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
- AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH
- 64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q
- EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n
- hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp
- MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm
- VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
- JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
- BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY
- /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK
- 5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f
- jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl
- tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY
- nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR
- n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: scheduler
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl
- bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5
- ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5
- PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp
- nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7
- VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V
- xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
- AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
- MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh
- lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo
- QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x
- CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv
- yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3
- OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A
- qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG
- IoGdwQ==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: controller-manager
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
- bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9
- lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F
- u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP
- bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N
- NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb
- xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
- AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
- MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh
- lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz
- ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25
- xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx
- TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ
- Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp
- H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn
- 2BPjNA==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: admin
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL
- BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
- Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
- bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
- DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl
- +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R
- VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J
- s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN
- RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D
- BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE
- AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
- ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr
- 4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2
- 8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj
- VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq
- rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG
- mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3
- ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg
- syTdZ3I=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: armada
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ
- YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA
- bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg
- dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT
- VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N
- Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF
- 64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X
- P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
- KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W
- VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH
- MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X
- 5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x
- yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU
- eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D
- UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c
- i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: apiserver-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG
- YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ
- nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO
- FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r
- G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv
- HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD
- e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW
- PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
- BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9
- kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G
- CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU
- 2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN
- hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M
- yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO
- 1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD
- PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-anchor
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX
- a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
- ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6
- 92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA
- yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO
- xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0
- kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA
- gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD
- AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
- MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ
- 5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh
- bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
- b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
- gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav
- 7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu
- GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2
- o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af
- mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j
- Tib+SzbWdTFqGbMPk9MEfA==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-genesis
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
- a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA
- A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf
- d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ
- Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T
- VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw
- zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS
- X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P
- AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
- Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW
- gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx
- gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
- c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
- AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il
- 655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68
- FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau
- rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH
- PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5
- EQlDREoA0bLsv7s0L7v2Vwp5bFox7g==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
- a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA
- A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE
- YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ
- s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi
- rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv
- oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR
- 4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P
- AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
- Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW
- gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy
- gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
- c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
- AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz
- UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN
- ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w
- F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK
- SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq
- EWp+HehyXnaLegneQ+leO8NmE0fcNw==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
- a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA
- A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC
- hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X
- Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh
- 2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb
- rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb
- 3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P
- AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
- Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW
- gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz
- gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
- c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
- AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa
- 1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2
- MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G
- SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs
- TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu
- fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL
- BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
- dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd
- a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA
- A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/
- KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz
- +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt
- To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD
- 0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy
- YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P
- AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
- Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW
- gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0
- gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1
- c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
- AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR
- l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX
- ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U
- JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV
- ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4
- yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD
- VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD
- LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0
- VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+
- J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi
- Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f
- irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G
- A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
- VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j
- BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy
- MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
- LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN
- AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT
- 7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4
- 5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL
- 4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI
- hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz
- hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-genesis-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
- VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq
- hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d
- uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX
- s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/
- zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5
- gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS
- 89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs
- MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
- AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw
- HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
- MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
- ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ
- KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M
- sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN
- 2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q
- biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO
- URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC
- NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-11-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
- VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq
- hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E
- RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh
- DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj
- UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV
- 6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e
- WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs
- MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
- AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw
- HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
- MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
- ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ
- KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U
- Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk
- tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh
- QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u
- x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK
- 1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-12-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
- VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq
- hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z
- LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi
- ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP
- e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4
- cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud
- s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs
- MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
- AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w
- HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
- MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
- ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ
- KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8
- gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7
- /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1
- ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v
- YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv
- N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-13-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL
- BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
- dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD
- VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq
- hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3
- 15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3
- chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC
- jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW
- bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3
- zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs
- MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
- AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw
- HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi
- MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0
- ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ
- KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t
- mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5
- vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF
- kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB
- MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2
- 2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-14-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo
- b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD
- XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD
- xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB
- 4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP
- CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K
- XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b
- 7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
- AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ
- KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI
- hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU
- KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH
- ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg
- D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W
- VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g
- OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-anchor
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
- Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
- CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl
- UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z
- /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT
- 0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR
- Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx
- c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
- oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
- BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf
- 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo
- b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm
- IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY
- Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy
- sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U
- EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo
- okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ
- gqaXdbwIVm/8DnV2w2Da
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
- Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
- CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF
- CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy
- PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq
- II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y
- ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL
- 2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
- oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
- BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf
- 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo
- b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAS
- W5+GtNrnYWY+o/YFB9hN50wUQJSarBHXxcH++eKrLMgqCWYoPQXLHnDzFmgl4TcK
- J/6AEjofznb9Dnjek06Lvk4NvkaVk/cjQmAhOrZ1DuEzzPl//kV/Fi1a6R8tureM
- SFsPZF7nLOqNNQ2ppvzwnxxMY4JKokcv1Q4XlK3w3cC1xrfizOlgaUJoZjfKXoal
- 1yXLhfFB8RfOtBzNiKpU27tT7/v8rYQtnsCwd+ilAdcQg+WV2xzrvy8ndVfclSnK
- FVL75ztSraPeIFJEPmBEP42MhodHkkr6QIVN8LhsqLJLAzJ08Xmn7WUYqvxHzMox
- GPqg3xx+jfE63J0cOg/M
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmzCCAoOgAwIBAgIUB3Gqls8WVWB8MTJQ7RV8De5J/sswDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
- Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
- CgKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U40OZNRDy
- 6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGHnTGWId3w
- ZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG2FZrv2MB
- v+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqjcmwLakRE
- 2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPkKHS62+rS
- lA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
- oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
- BgNVHQ4EFgQUqkG3vzyHafavr43HYS2IuavXme0wHwYDVR0jBBgwFoAU8vuH+Tuf
- 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo
- b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCS
- /fjOtyHhUKjt/bM7rjJDEHRCZbBa6Crm9gc0xiCMSFdmcNaykmBQbjAiMKNiXBGT
- y7TBmRrgTQPwuistOjmLdcZRDTNt6nq99HXsCtuEgj4yYRoV5CvSCbavnIsTWBw3
- nD8rnhAwJ36fkd5WmDScfGJCEFbRzZt3fU8Jh4QRfxPo8zdw0zRYk+DrudAl+8te
- mUIXSXhLpb+rce3dSySj2pQnbVewpX2njiq4PC+kkWf7/lIacqfsoKPEkvfDvlWC
- Ycamy+Fn4ShIqDVOZI9t4ZbXfY/FhWDUpsJFpQfqygdhxNTGeciqICwwJ20JQxhV
- gB1V+8wQ7jrTcffaY3S3
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDmzCCAoOgAwIBAgIULb78kNXKxBQESfNKmX5f1Dkn7IAwDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp
- Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
- CgKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZhd0AnXF2J
- WW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4YoeeV7SUxt8
- 9ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/CrhjwcccR7G
- KQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ43rEQLHY
- fq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEEtstsAAhS
- H6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF
- oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
- BgNVHQ4EFgQU9T+pH6iYmK3RQ1XZCA6pQQzQoWwwHwYDVR0jBBgwFoAU8vuH+Tuf
- 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo
- b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAF
- 9dw0unYs+fXtnfMnoxDbHQOM9/PvryNQGbNYBj+lUkR4VmG6E5hO2PdnxW6g4SG3
- pT5ZGCzpsJYGEdWuGGy8J5OHUehDYqIE7o60pXU8Nq4BdYRvwJhzV09sF5/3TrI7
- gDpKYbkRHoJLSUFTkbn9MsvHEioYDf1Vg9553ViOFWOcZSZUxqTJKCpTbRWJlUf+
- +HoSfMfFN1vcFnNMHGelAdDJ7S754omqyjb9iMiwX+A7wXEfEeoBGsL5yx8ZggjU
- ZQh0LD7xsJzK7AXA2eek3IstvQUq2x0S7+XhRBv5UyST491iry7cblvRbz/vR+5N
- MHGzukAVu/e2/W+FKXfw
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDTzCCAjegAwIBAgIUMhGorPD2GdueaYnEJTPT+UjVG7AwDQYJKoZIhvcNAQEL
- BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
- HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAXMRUwEwYDVQQDEwxjYWxj
- aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUFwU/K/O0
- X+4T9/R9tyol3mgT0Ovh909wyqP36L0ZHaVzOhTjYL3i4o6nJvJb6+jJdgjh50Fb
- IxXnDWdZGdtZ20OJzvgjAIvpiEy8M9+QSxjAvkX0CkIJgwyZppjJlgHLpbnha1mW
- V7tApu/rNDWtH3Bp13zorgBniMOxhh1gdjTUh1OEcK3BsH0KJvb/FoH/DxHX+gZE
- ywBAojAh1k24Ii8ADPvc/6X10HtHYqP+svbu22bssK9CNMTRJV9kKg/K75XrMKh8
- +/3QcKXN6CO+sRLcAgRRE7FmHBxq2pp68aGHIiqYLp0FOPC39PXVrmIgdvkYuSej
- ne+1F+zvkSmpAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
- BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7wdpGoJq
- uWefd5h5DGld/AeElB8wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXsw
- DQYJKoZIhvcNAQELBQADggEBABLzGwaacGbF1EioZFTemH572oRQCDFVfxcvUsAQ
- hH4wVS4LBWq/DRBEHRy0eahIvXcflDO7JXaVryISi4kBCErA5ckLc6lonrX4gG4N
- 5z8NhwunpA3i6+kUY1GmuQM3Qqamye5c6VjiKN06GAAHjThcqk+18xTzeCP760o5
- 3FSfPJFudUmVNAe5sX8wml1vb5IkYSySUhQNrrzSStGxVkGVGag0ClzQX4AozLfS
- v7NahVJ6cofbWP/UjXsp9LX86doCCLL4r45rTCUDoGJ3PcrCsFLkg1SoJclCZ4hO
- eVITmfRdeHsRYfZwEoIEzi5bgpNLORkBsHA1gF1yHiSboJA=
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-node
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDpTCCAo2gAwIBAgIUbfCuuzB4Pe1LTQ3Pskfs9Y8o8+QwDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
- HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB
- BQADggEPADCCAQoCggEBALq3J5Ng7EC0667Ta3R7DbDAfweUy1Pt+UD8pJy8qpfY
- mTR7LvfBMPKyQOsGKp6tcmUeqRsL3pcX5EXFjK8PaxMmoWEFNrL9jWMYXa0BZV2t
- RWauAyjFXH17wDGT1Yqqz4efdiyEoHpqdeGx29HmRdUQRsY2b5DWnFJpZKZ4WVnN
- GhWp+DgOo38YrNqg4ksqOY4JNmEq0AH0sjYKQKeeDop69JiLbFkeJVcXrugsbWT9
- qElJKs/fSqXV/VVWBK+OIptEpduW39bBmpgnyRJLKeHN07Juzs9Kg3pq5VDVjya4
- +CvKmyfZnl8FfHM/7U47aXbxXu6Fcb/UF4t/zJD5GaMCAwEAAaOBvTCBujAOBgNV
- HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
- EwEB/wQCMAAwHQYDVR0OBBYEFBV4PR9yIeXI73RNuQFPFtkFDwXNMB8GA1UdIwQY
- MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
- MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B
- AQsFAAOCAQEAbulfprS3spW8OdeIjYTMV6+Hgop7xW2ZFHjjXkMoUAK/1mOhcbmS
- vVUasb+v7Juj75kiCLPAZgdo2aIdg3FQRhpHyPp4ki99m6fIqoWPpSAzsKEFtxO6
- zFsgpnoUQRzUsWb8FPBwWznms7gfm/04Mv+8mcpZw0eDR3aJrYqoDlDSlrL1kKg3
- VGgrkobxxufBLT1PCR+ZsmbrzAtJl+3XgRNESiS7/XhIT4jeZezlOHKGxGbxSNxw
- OL9XtWmrg1lpw7TfzODUZm45pjr+UZTKREIN4Ogw6DLNQz0p4M6OYOQFJAd7cc3R
- 1d830c3UQu+7YyYfcfehmE9rpgHix52hcQ==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-11-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDpTCCAo2gAwIBAgIUGpWyiTwfzPI0ek24/GJQPcnaGBowDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
- HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB
- BQADggEPADCCAQoCggEBAMO5C7zxX11lixThzBLqK3gtMiHMIDEB/I36qqQ6jFtW
- phAUAOQzBLZf1W7679/xAT0auJ00nkF2VIjoBfQafvKksQJ9Y/2Xw0H+/nbQ6+g3
- 9FTA5cG3mW7VKGR4ITHHFBWXmQGecL80+4rMxTYsplgXR54S2G104oJwHmXhdCsM
- Yn+VMm24zxXLjNZO5Py+uHzMW7sVfGZoK8klllS0IGp03jS4KLo3sx5IF64O2GH9
- OG8e45KOQe6Z14YTBFisjTswSlNcyenlQX71mXL+dITX9ZQtnuYzaPNaT9ze/hPC
- cufofK0fmCVX8btZuSinyZZegCiA+oOUrMouqfUPSsUCAwEAAaOBvTCBujAOBgNV
- HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
- EwEB/wQCMAAwHQYDVR0OBBYEFPiJ7mhmVtYse4a1RNPKfKzbOTC2MB8GA1UdIwQY
- MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
- MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B
- AQsFAAOCAQEAQPYErYGdJH30Ls4SEL6V3hnxKk09izMzBL1VmKtiWo2gnizPUzSi
- ex+4VsSoHW1xOgU6I7Pshp6uIJSGh2dYpAinYkdmxcEREjDxGe3TOCnhRDltqD13
- LwESCNymvXNLgxJp0+dkrx6r97rTaaeS79fJpjr/ROXOnhp8pFVu5NJ4bCAPmIJh
- RB7ZLqNexNSwwwRaJcnOYKWpq+nZcR6RRQdcFcAs+Jxmy/2fm+wwuen0iIccIuHC
- EslQ8dUcaTdwRMubVcCc5OlEXcdkXP9k0jjITd/B6SCISvcT9SZmHouX3pKtjKBW
- s1kP9qWNQ+EUpRVr3FojxAsPiDj4RxPb0w==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-12-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDpTCCAo2gAwIBAgIUd+FMs/P3piVhkMLoxxDYI7zB+ukwDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
- HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB
- BQADggEPADCCAQoCggEBAJzH9c5wHgQgzcUaYjAPEyTTRhf/jH0feZNdz3MY5xw6
- ylyLBthr7qfjEkIywgUjUUj5LA8gKFpqeqU4ejee7a/KopmqiMrf9DnjlU9sf6t6
- Ci5CgURnDbUdqm2ePbfGRUvvUD5g0CzJe849jeZIXXMjIpjT1XnStr2ufLGWr9Dh
- 8oNlz887DNhuRiDsd6AaIv5zv6Gy3GlARzfJWXhTKZ0sfpEq8IyvQbAZ7KXubKUm
- cns30UQ1gmzXJsavV/YqrIBBRSYxqDDMlmELDmrOg3Q9bQL1f3eYSFkkCE2ubuxO
- cIrmLpGMO1YiwexUFjBQ/30+VA0JK0ypjIdbG1qXuu0CAwEAAaOBvTCBujAOBgNV
- HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
- EwEB/wQCMAAwHQYDVR0OBBYEFCAuHTuZgMXSFEmPOTyCp76Hu6MaMB8GA1UdIwQY
- MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
- MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B
- AQsFAAOCAQEAkxVOj5i21py4hoiCMbFJy+wZr2iMTHjwdeM55e49f/xDN/GSMU1C
- d40kfAj3BG/WQD1S3wKI1z0WvPsxQnTns8KHKrStni+vy9M79yWcvgr62ae6GhfH
- E/DgBxOFm+uGt5iPB3O4GcDncsry6AP1Awbi/XsAOHNkv2c3sl6uOH9B3U5wo8rb
- 6iEg+thkIrKTNxd1ErT0KSFkAr1+oYhw41LPSjEGykI6NmPLpszgyALOZAIG8/MH
- 4m5WlTdGszEvLGHyTR9UGIpXG3o7eu8+nN9Edzt4CugREmaStz8dNhvkmZBC4ROY
- AIxRnNa+cTbN2Qlz+y9ah9/f8VqvuNiMEg==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-13-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDpTCCAo2gAwIBAgIUQyouqBJjNbpLH4WSz+SG2Iel350wDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT
- HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB
- BQADggEPADCCAQoCggEBANKWus3FABiJCZNbXZ/zoxYwoSCqeYZ4K1XSbp4N10JY
- yv4yweyI+sGh0M0fvX3YUjgXqDtFoIJteCe+nLnErhwuhX3yY+Yeci/ZUrn+F0NP
- 5KJ0XlehTl7S8uiIl7nhfwYuvUgW1CFjeMBqI+I6ovj9zI9D5zk6tf/rQf6ZIfB5
- Bb7fmZXmWX4nx86UevofGGTKIGajITRMOugM3aRL038tAd7oHH5FNa8UOMhUB+lF
- 0YYx6OOXNRriHIANYYYPnUtCcPXmsCUvDnLTN0Ka7iqETbga+9WurXxDEdSr83lu
- htRWvgHCHRk1uUmxOWJGY+ASxqtqkWBZBHkNMHOHUskCAwEAAaOBvTCBujAOBgNV
- HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
- EwEB/wQCMAAwHQYDVR0OBBYEFGxndUTeXVH/wHeR2LW0SXIcHCIfMB8GA1UdIwQY
- MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt
- MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B
- AQsFAAOCAQEAkXpwJIbr27QBTsPMcuGNRFFjejJmefxO6TP93PV/UusnXAlFMZVZ
- lOPj6C6fzY4yLVB7i7ctJjYhGp6UUYULzmCeAjZsSRId3HSyOgUDol1BeblCL5OG
- u0Th/SX5LELJK8N7L3DGVIYHuJBwkPVSAg4CNjT9kuhhnu1ld1fkgCb3suLg9m/f
- Pc5u99E2LzfuVgJZB4whJWja7aJ1VgEk/bzsCIK1shxGBBPv21NQFKPdg0RGp4if
- hRZo+BWonZhRLgfr76Mo+tqXUdeYmIjqa4gH2e2wpSJtUc6CnrJLqHVRg+18WGz7
- KqW2r2YUTk2R+4AdJP2m/mUGFMTrduRERQ==
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-14-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN CERTIFICATE-----
- MIIDWTCCAkGgAwIBAgIUT1UJXPl56W5pfCKaC7hPjRXbkPowDQYJKoZIhvcNAQEL
- BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
- cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBwxGjAYBgNVBAMT
- EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
- AQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGytoPe9i3QSImqbF
- rmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4VnuCl4w38XhH
- wkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeagw2wREaRd1wdE
- MweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+26mgdoqGQ1jZ
- TYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8iifEKt100wOQH1
- 5hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
- VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
- BBYEFABa6Hqh29OxXGpp19Od2TiSyGrIMB8GA1UdIwQYMBaAFEt8pjwm7JWWYSbh
- rpUHrlfTHlphMA0GCSqGSIb3DQEBCwUAA4IBAQCD4xsFhmigJ6KkkJ/ANREHFOcC
- k0WusFQylK9c3/HWVhkVMW/UlvUBi1ZyJD8bk6H6qfBvi7ACuUWZHTrAWo89cv0t
- z7VA39mD+yY048Yv5c80cnCogxhQtM4MXiggMAbrTgTzHExxRRDS2Mai4Uz7V2Jb
- calUCe/YEeDDZUJu1Z16qSQ5lqXmVomkhMnqI0yTNoYbYkfI9c/gOqz5HLPOti5O
- Cj3AKM/VqoLWHCSdck2CLqPT4ayDRQEuaYWLznOyRWmcJy72a4WZOHeyFI5O5t9h
- lT8EGbgF7FS5++Te5Qpalti99sPkBfiwZB0FE/NCH+pWg16186czTuRwbZEF
- -----END CERTIFICATE-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-node-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/Certificate/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA73TXkNg4A/nHn0TsmUsWmvpE0jxUZFc+RMCio5h526Vhb4Qu
- kO6TIqVZ49wfPEuv8GVdZtJV+WkaUmgFD2G8wiZGKIWs0CaEbSp9u8ycmW2W1tdJ
- NDbKra4syqyAAWpphWxZz4GpVgPsO68BNeHb1ObV9aywwq0tPbKO3Lyhlv3kNB/c
- 3m0vSTSqpAzonvK6m27t/wUH7aJTuZaeGRE56MPsRFK9a4ftnZqdyisUdSQJa49V
- z/L8tG2SHqV2shecEnGddq+1Gr6xoLe0r4qAdAI8anRN3zPDJCZjfV0nm2xlzjth
- PidS5TU5CI3Q7at7X12KlFIwdr1V8zp4XzkTLQIDAQABAoIBABgI0EI3kZfEkGbK
- Ej1orgIsMJAxgf74SsW32Bs3iLOlK9x3lfzyFU6a7iTSyUfSCPzGD9PsNLjt9bhj
- vG5IzxtloBEdKbVSyGP0qd4ZsXYs68DwpuZYwYshOlm1aru5pJHByFntl8OMbT+o
- VyTDYL9D1CHujWdc3nec3n4FaOqwq2uqy1rXF3EtvJE3GmJ0wu/82WVn/tvu/dc9
- Kv4XBgmhG0LWTyyqKKUDb7/cE7+qomLQeEIHgLn7E/43qxYhiM1kT7C50sX4wXy/
- T1tPm8r0EzPR1rWK4EH/g0A1k0AKxagkCA4BdwLBrMbx1rSITi4xwUIFhhv2dpg4
- +fIdjgECgYEA+5Hx6voY/DsgVkYPcmMs8lPsTih6ZTaj7ei10aBheh8Yc6o5nd+Y
- 7dnYEnwqQs+8S5inAQ6UjghSS5VHIzRYD7QrHQD39W4bPPGViMa5qwDZ25HWl/Ap
- u+tkEKZvWOtWLsQGkn6FQh5ScwSdxU8K0VyRqcXF9e8+0FUq2Hgtm0ECgYEA86xK
- KMerDXM4JMXVyA4xw2ylXOPMFa4gV7gCah3aKhXTcZlWJUS9hdRCAi+7Z7jtTf8B
- vdA+pWkZGN/vNF1sJoYVbGpzWd+3ewITJTECXzI/kS+YZbWw1jq2wWBakG8/ymya
- JDXOPIL8oggJ+mdTRKZolO0bSN71brUKA5EiWO0CgYAxT4Qp2Of42OYXwxfYBhST
- U1voXgrPuAwd4BVzh4pT07CJS36LsX5acO7ngKsP+YQhFUT28hKwXHU1F4egIOx5
- 94jT4JK56uEv6vKyorFWEY6ieU2k7pBfo14z3UvKFCcKd6YKJP6d3S+wF+GNAVdP
- fmOW8YtCD6kyUN9bGwNlgQKBgQDhTy+LIYSCfUUui1cvEiDlaDJG/8MXUNhLA7QH
- 1u6A94l5gqTq9PKhKjCWwPfx4kZaVi6QClvCqrkwDO+rZa64uEZa5tseAQQw0yxM
- uVJOH7IzVuT9NtD6ZXPSvns/Df7X9y9XyACYZy2dzP0c8ilGUvBktBEEglRCN1e5
- EJvHyQKBgAh6ITrOmsOmLYgdGrvEq6IAojdJ0ab6Fv76r8PoW8H2aSy/7u1XD2Iv
- IViMkTwg2czlfMQ8nFIkzn5dZQwCPm0luCzX4C/bFv4MBGg2gW4sCKpXB1YmlSXm
- XtlpL4MQsa7EbrBQvP6KI++j992WuM1Fb/LlyeSHNqqTy89Syfz8
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: apiserver
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAuvQWWgNqV6uCMfn5SfkdGq48NlB35AeKKVnHj+Gz1xeoH0W2
- acwDHvIV7QnB4RkvRp6fsz6it6f/PhcnP8ezXXuyT+bFCCUm6e4CldVnMO0JtHaO
- j+j70qtGPDsbncyeNq9PYuJ/kL9b2xAuoe3xs3/KcRZKRGQuI3+a7L+SZaDrO2x1
- a3kCkOAjQEXvKySwzOUAHtSiaXh+Wx4AhcW/NjtmQfq8RLvCVAnfKG6DOiU22KdR
- ZQ1NP5N3aw4if7Y/JUt/ekjceM6vOvj/4HTJhInKYQLzt1N+0KBOwAWGpiLiMBg+
- GAA1hGXRTduerks0uGCcq1VP3ayxhANHZVdGKQIDAQABAoIBAGtTKu273jW8MP7t
- yW3tBAdIFSr9IQaYSXmZn9X6tVp6qzpgs+qigvwl7+5nVpUZ9yjscTPedl1GpWII
- urCDvXWiSGhUS7J0WZWb3IIVw6qzuYmPMiJtlvuG9cgoCp+ZUw6Dr+hNrPv0zw/A
- h3TQe5wXdalcKYB/nnkkjVTyWWHbdxqITEPkKmXAyAe142CFfk+raKUfoRzRv3Vs
- 1kjpKoRL7wRjovdiipVDSCkPovZKUxwvQCz8ld2IZMPkJzmXcAT4G3GtVa8EZDM1
- L+3cMYVyNO6IMcx6I+HCK/ny20aytEJ483AvW2OSqleinM8wnFzVXhKfbc4S2GzA
- Nf5xzx0CgYEA0MvgGp05jKpTDVH+o+6hGqRse23eGvui3B1K+4mitRzuFzcPsKD8
- 9Pb6tcmL14VUNBIBdyhM5ti7STXkfggsutgvqM7xS/dZaAVdvw9oiSrUWKSNC7JG
- qB/Tz+aMkQbg34EiM9R4uezTOH6nSNmsa5xoHe/zw2mihHrS2LfbLkMCgYEA5TgM
- nHrdTkzCDVxaXaqkrV+YPq87muuiXi7oOwiXsnSnc1ywOC5Fh0zrlCtbhAtU8AiI
- K2JlFHFLTtwbn+xiPOn9KyWR78AlZMUs8mxiLJDaYey1l8BFr8ABk/nnNXMt7l8K
- 5yANgQ5zd7RF6+bcH36G1fo1gE3ZbRoBVZlkkSMCgYEAxr0H9s0odge5PbiKFCeT
- GPTgfSu6eRyDi9gmAv6i7Jk41sgGGy1hGRns0ROiE+ZIm7d3xZ+Kc0BgI/M0JfJK
- AR69XoR7kL9DToutC6ry6Xzm2ejmh/eM4YJJ7l2X9oMBkDwt/f+DWhVdhyymteTb
- BSK+x6AZ+iqWEluGTdnSulkCgYBqe6A4LUeTsUrQhB+itbwsomUKccNB08co86eE
- jRhTmaeUivF+F9jK4uvpeD7aV51MqNoBNYN5fKwcZVob7+cvHxAyNBDYjK2SY5re
- v4TX6S7aIOm3JmX5IDxbbtN+3BPxUYuyFQzQ8FKpwEBfN2743oFq9AJYqVGhQlxu
- VIUIewKBgQDPkVEdOw18HfwSM0BPZJYsSPn61ijoFGJruO2xHtDSTtrYezrvA386
- hAy9ezPVj6NiT9agbHdnNVlKflW4B7GbT6wgYp4Mi81j4WWmQvXuruU07IMExlYc
- QnCkn4BoQUst+rBSR+xX+DJiVJW7CVPEto3YnHeX1EBapsPswyuQtQ==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-genesis
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAu9dXP+k6eAfX/wj7EzOUCCPrmMfW/t1db5MnHtHu8wDbqWVx
- I6i4H3V1S4E3g1P05likijkhskXNyPJu3svDyJqj7f2Xyt/nmVWJafUoPs464grE
- KjhCo1hYrT9vViAPpEvNyhYMqIi3ulBjClfFWD+A/rUGeKDbnEXQJ2emvwgCYtiY
- D9QLYm9GFj4aHfrTQ8sXH3/Fkh0BqyzdH9YUVvPuwtn8SNt7O2Da0anR0O9IL3qk
- 789XEKJi09If+19bLl2wP6d+UX7y4Ld0Yd4ukBc72ZdwRypgcQZSd8ndOKxCLWyi
- lR+tTJSTpr+T2zvPAbMjZqvvrdCk8xNUhAEFOQIDAQABAoIBAGZMxOu9rWYpf20a
- CwNOF9THG0w9qc1r6bMWRTv3wVb+pKMA6DkvbfdUFOlmGkGfu8SnihTtQHjCo2xI
- /DDCcIIUFitK7RxEDPHpL8lRBvYNguwQSP1lXoVvW/wejBgvpdUoo47nq0UuEEGb
- /hRn8MY675nIJRoVIQVe0BplzN5EIteAGElvn2es0vmt1keFIgc9Fzd4hh9ZsaEv
- as6FRM8jPn7EncrwbuiNfWVX8Nt/PRFWQSrAiH0ilnj+vCkN7k8wkv1QXScDMh2f
- wGCgjgXQ13OrSfBEcgoMYgPYh+D5+O8YpRsR1LeFv3LNKmpHGqW4Tug7QzDE/o8v
- VyZfwDECgYEA7N3b6UVNnHPm2E618EK9ON9BFFYTZTzMKsRi22BL1JRaboMsHLEk
- iRNg19PmfdjzeofJQJRgKLRvjcnvjgstzHadDNI0wLkYfixZTaMavAKpdxzAi6BU
- ca70zHPwF0YWg0M5e+u33yUUnk5dEgUChPaLPZctMOvilwAHGdCgKvsCgYEAywOw
- dIolSIVh/nkshzt4hWOZQZ0ZbCAu8xyalR1E977emm2eO79vJol08BB1kAVLh02j
- 48pdr4nv2BUuIYhg5oA3g4LE+hP+aw8SZUlUOfV+xcROzjDRJ1ER+2mYcsPHR46j
- ldZQFIyzPA/aMVZBhD/d341gxLI03bETeJno2lsCgYBtwAaLOV9SpKlLhHzsjB/c
- 4CTpZVCrUdZP4prjhuTb5LlaB1FDIhkJon72wepEWWfHWG85iwZbFe+yROTIbgmU
- eUkfja5/tcPRgn8GaBKVFq6q0BmvGGTIIAaxTO7r+b+opldWQcv6itXY2/pnxQZ7
- 0TiHGysHReTBjnO71FzCTQKBgQCWy96+Mf8Pp0Pq6ccRjDMxoZGtEyxXDHDTVGPe
- bydTfwuKWfI3HzNIxMF/sDojCEvZ7OnXwfFk+miVcOYbMloH3SVfIjt+JmvMyh03
- 7wgJJTlNXUvMDKbPNYDN5tm+JX5YwLLyEYbaPMjFzGCeVRvFSEteSn2enWB3a5iy
- 9F/qEQKBgEEh+k7wtEDVPeEo3syrq8tjavexVOsmz1zgLhUDIkNfSNWu4ZLXTLHC
- slASf16VCVhPhZZHTzro2lIdyR+NIIaoq4aVggSYryIGLZJ9G4JomAn+54xErDUf
- 1CfiuMFlITDCky8uL6MwdhVkU0ecJ5D94eIRaJnESWLz7BqdgPAE
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAzFx6tEfd6wm8IJJhov7U8u2bkEvzfYX1GcCA/qNrYp+WqIoB
- CQZuyvVbGcYB4OrYXFjrK8BzNiYvVQgn5UnS5C04hSkat2/cgnDHk17iFlygPYLb
- U2cVR1sn5PQVD+yyKlOdlUgUcqv/hDRVIOtMnFxZDs0t78njkf4I2BAfh5FvZ+hw
- 1fuiBrTL49oAkRtmf8B1NeZT0r+7lc0usW6cRnLHVUdk46UxqHWZqK9vzsxcboNw
- EWnNKVl8b32HAwaR03rWFWxARwYTT/ktM5VyeNMGfWfP7Qv5gy5tThGwsoyXFAIJ
- JZlpJ/IK1SdkXAJa13KeVOxylyNWnT0P2xkCAwIDAQABAoIBAHNptxKhk77tnIV4
- phN7f6BCeJyhiD3XrXiBs1gbysXEAz3j0nnaXC/bKTwBC4aOmupsfUQUR/zIy+pl
- 1MI1UxjyQP1THXeDgTFZqByedWjTntueT2dmzCmkXX98KXj44BXvawunzYSFhqSP
- OZSBzp5vuQwW7F6D0jXdFfmQAX55reooHC+xpytDLkjjsXv98ST3Mxp37CR9JY8A
- 6s5y4GdBHjR0bO/AbEvJ0S/ZLfd6PvWux0Qq6+mjcs9sGCPOg4Fg1C+DGhlnNaJS
- oFj9W5MV+c42TH/UIKrxOkDv9J5q1VlxNm9PblNKaRmcPJ6Set65UhGVMHEmeUGB
- yeUXzkECgYEA44m4LSKxerHnCWPTtEdOiupIdMaTcaV0Guh5c++pSJzAXYPVjOnA
- oYgVlFHo/SUfqErPsBuRuZhgoi+IJpvhGNWBCO0HyxxbF7vAoRP5FEewb4trr050
- QrsVwTdEF+UvAuQtVybkvXSxnJ094jQ2aPgRPpPry+W60Llj+sd5FCsCgYEA5eyW
- wN2pjmk7slCI7HsNCWE7TOv4EDYjzRTBeIb3qRU6FK1EIO6YbISY0FiAd1yQ6NE+
- TFIgAmGjhnudkMPW0imhrBDohwIZdmiWtNLoK7mMhO7UhIJeRkSAHBi5ePEBCQyQ
- 1Gig7tsrbcaNaw/fBl2C9LgSQsW5IIwKXGGpJYkCgYAeK7rCMWF7NW+/LP97XiEq
- BlrJMTOH1DqK/txr5RF7UV2oiLyeTLiAMr05x4qvVmbWN+VGIsG17GCT4N2a0PyO
- AHF1r4hjBEWH5htqwG08pSzd/Yyv2CVOW+RMlHlw+bC8H2lrrvqRrJGIhMkZ33Z/
- gLU4qQCRLssQtiRtsll5tQKBgQDMqvffIvHmBSLQrgPUjgyixtyksoCU3byst8co
- 5OvcpTqYYUv+DKW+I6JsA/wHRGzx8iEEiy5XMFcCRVOTI+E8Hzb9FegHFgVYc+2D
- dSKamYbOZlLiybHl1uA7In8ne1Eynu7lRWXMeWiFRXNpVC1xWxhRgvEuYxdSM5ad
- eYm6EQKBgGNUKKRlnR3wtbtVyrYhQHsgthXK1kH59B2IoMhbdd8RT0Oqv33Ykfom
- vim0bsHLoxaTJVN0V8vj7OLv2FD7MoUfTb5R58fnRq8spPyAnHcFTvnqwE44UKRu
- 4FYt3jp6TqdORkb6E/IITG7Yp6xyck4gkrWgW9jQK5Ibheg235nP
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEogIBAAKCAQEAxLFuHbk7jwcIfi5S5OTiilwJHeKWuAGGcv2o4GKhA9tK2698
- ZXnHR/ObTpyxrOX7quGXtfsNF31nYKP9t7cytzOgTsEKbOH7V+fV6Qhr+qGDFq+f
- cp42HNYpGli6nE+3bkCYYl7yqVx6NQ7LlVlKvaAK0YfQ/EMMLRR89yCdxAxTYUni
- sRSJltwHpBpP8EZ3L/wOVSArm5iStKp6yJSMCCuuBksr6jjGr8Snv79Edg+u+p9F
- D1B3wCCorcx+Is/t3IbM17d/nJjqw/hij9Fbs614oLVLWNSwvvn7atke4QbA/ME+
- YP2liD5pmdm+cCxgIzPOniLjtP5cAyX3D35qTwIDAQABAoIBAHiMXfatngkMwHHF
- JlzOwuEVgyjjxIfFt4cmW6gaCqD4d6qopM70keRRMzA87NAQq+uRE5Ae62koHIGo
- QEmmZ9jMNUXPHfqZjZfUqM+Hr9YNwu/WdxyiRnvp7YsOMmC2oq9Zu4sesg6GdQer
- p65C6YHKYpcEbFsPJJlEY0p6nPaXm1f1IdWuoIwqPr+X34iU4uO3HB8vi38+EPjo
- 1A+FwgrVvqLglCOIApMijLcTSxKrLKZHXv/rM2a16oVnCuTAru86lft0LAr9afkP
- yAhXQjCTth/UxpG7sP+69+q6K5RcnB8FVitk4eH96n9nbepJUtBKKm6F6m5SJjJ3
- XAk54dECgYEAzw0a8mTjFlJAQPjAjOk94kLIYhqno5cS/tx48JZvBCYNyWceEdvO
- 5r1Jk1rQP3USwfnOg7yQkduGavNS+xlBZHszqLdS0qNNthf9eymD5lKOPvnSa714
- MP8NZmTWm3RN13ejXACOLD8iwsNyRBB6rSeY0jeCQkhV1NnRNLdDkA0CgYEA8zFx
- ySip/4TwJK4jZqi6UWN7cKJChHtQliH83NVFu5Tr9Aqz9amiUXpyaZ+vXA3V4sIM
- cRJwb9r7mHq3aO69VU8PrP3sk2IKR1Sc8CSyoPz+f7nCShFB8TCYkXgOvGNaG+LZ
- gFJER0kvjz85XQTgO1dNQySVIGjX3g30AWab8MsCgYBUq1dJqFf02M3Nw+t5tCfK
- TuUCuUO0ciMidaY/PEVJvQYGRlTVmL2TPfTIfWqLiKSTDkSVOpckDlF5iud0J2/G
- V1tYsx77ZCxzOnw90UxO85OXzTFvPZvY7XPdW38nMvhiFFqJVPDOx0K/wo0HqHWC
- OZ8U1/48fLgcwrX6iLboQQKBgFgt3nc08mb++eAi8B0iIuSt8K1HeFz3JaI6Uqh0
- AGPivKdxVg1GY9+tSVz5FKmJLruY5s/9Ap3cRgvkuyomHqqXDzUHoUdTbiytBnag
- p9Bty43eeg9HMKTWnQtp/9XZJGwmFf1MVwuOAtuq7g7HXNLHdfFZi2UD/vm6D3aO
- kQ5/AoGATAcH1KOpUVPTcDU2NFcDAY4iQp/bb7UqEiL5jQNXRAzX/cBINQ+CE9MX
- /tnj0oR1u+njTZPXe+FYgkjRQOeossC2nY8p6zPvccCyZp8g9HM2tK4UdlF0spbw
- SNcmdx781iNauZdUwWUFPk+ieTiqzvQhDjwbvabImKhDPd4DrrM=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAvU7PJjD5H2MY43qepZ9OxDY/2IlDUTeaKQAFEZKe0Gz6NK00
- P2hD8qZohaswKWX876ISqxcjE7X9vecMWwlsdHq2D+AJExLDLyKgQY+vlC/GVdnd
- oHDYFZj2svPmGTef2yFxhREvss6+v1wLEMJmQ7lbX9cWngCbe1IxWQKXPRPOEz0h
- f8VoksOSGt1oFKw3UN0J8zeKB451tAPnAjGnM2Pq8gWW54HrRH9tmJZnrYgWihKY
- +oG1nAbDp3bUXvdacgQmf2n2sQ3UcXya2oLXqLNynSJXroPbNFxdw3M+ynUHuGnX
- utKtz+Fu6Vxffb4WB4kCccek3INuEINZBdV6dwIDAQABAoIBAQCcRvDvIEKoTJCB
- Sfqp00ec5wPx5+6wn2weKKwGg7mjajNrRQj6x0JAkGt83YNWyaDy2iL7JpCIdxbP
- rGsgxDjKN3sQw+v52OVUhgsx1EIn3QCoYsB48G8R9ULDHGF5s9e9eHBUX4m23MHP
- C1b/MNxnUB9EkTVUnj+8oG+ogWEEw2WRVyQl1sUoYgQ0z5lgBGHVoY/iHLUHIyG8
- NJ1scRAKULxPYWxGp8kqWKDaHirvTZaqYNsNkujjdQx58wf5uQflmi2AtyP/LV/U
- aqHntVhynIDpRQq/fSUNwLFXUdVUN7VlO5zotMYE2qmcN1/t571kZf7iv+aptWlm
- anOtamqBAoGBAMfVSzB5wa6lhZUBCyt9iKfwXTSXBH5BRLw0yAtvJlbzfI0GRYCv
- rhiGdH5m5WePVyzzxefDq0e/qwQ/wA/ZOFZUz7toM9oEcICyRrbWLFx1fr2Q86Az
- lCj2DpOu2CpIi43Nuo8mqbR9LAZ1DuMtveiY2p7lQ2l97nrFUbMVeYuhAoGBAPKE
- LjyOrwDcRx5GvvLv3IINWHK90E6KgXEyvOLif5JT1Jj7kyLjtIS5SJMZqJKnqCxG
- /MPr9jSro9nocLMRZ8EDnWSTUtI7Z4f/GN1CIRY7pwLKzHS9iD88xZ8w/bTswE+2
- zOnT3txp3ONTWu7EzVU1DP2OW7O6vPKh0KVTC48XAoGBALG7mmleEY609y+EwxuG
- RnIfzbZFjyCACpNeWoIY9L+nRiLj7hM7rZtwktIN0IGgMsfvdRjipkdlSMS5sqgl
- 6f6W5j/nuR5yjmFYrp5VtRTzB6uw7Y6R8XfRCTv+6ZIJ/d08mm5R0+SM5AhGOtyB
- xYPH18I1ZRTBhcc6EqU2N2mhAoGBAJBffkMQ0kAZ4sC0byKjBsvpc/lC5MqNDAg+
- o1IScs3C2DKGug4wLpxAzWK9CKzd4HEThZCBXZ33fGDSTp1bxD+UjlN8nPaI5NaC
- V+QIZTgeJQu1fUgWOREkdaWSfccClm4eLhkZx3fCEfzG98BjKrYKEgS0hgUWKzvq
- dxKkwKHbAoGAbYLffwmj6GKoChkyraObCK96GTYccMs6OO5RO6hctkbSD7TYHOl3
- Mvy0/3V9gVkPCo3mTDJzxI2wtm7W5Ib9pnW4FCJ5mfxJuQ4xJ65VVWPDkevngwFs
- iSyvDY5lzMabXa36CoKufRx2kveKd8DPWGb/NCzxR2535A4ibFDb86o=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA2ELPFVG9c6Kbm1mPdvdaO/Ci+iT5MYHRmX2b+V0FzYEZ1/fI
- RbhVuVvrblRi5WwBPJIgtLarIKu4Yyc7nU7duhx7pB3ugef4JrHKYOnv2UUWKiIx
- wkbZvP0vr1GihdFaC7FP87hMQz8znzUSJUM4aEdKJTsocSnXDpDkIQ0QzRWpIr0c
- YhsQJFa5gwKz7GPH5MUq+Bi0pAMbx9a1S97rzFMgQeujxODP3bSS0k3sGhdsTKXz
- bdSHwSJAbTQBvhgaBVUXuapfLH7jgvpKHvxAvzn48qxpjtWWWi1exW3ux99ioJf7
- FkqL7TUC+dgWChfBIbORTWWsg5kD58uUtOk6pQIDAQABAoIBAQDA/m48AmRl67me
- W8CyVHAMieWIArL4QXhB2Fz3ntJs4Uek+pWZ0rV949Ao99oCD+7SlT3myBXT5Ct7
- ISoMarNpQb39alDNUaydK5EGB/9qEEOFelqZnAz4oaKKfPnjHj+Tq7tELzav1JlG
- /V+iLWkLdoNu0mp3AvXPI/LSpAxYV9XFxG23Ij+MZg2WGQC6g1ZCKnrLmPf6KvDR
- h2jyL1Fplu3bH6gkqVABAlVkwUCDNoCBD/uE3AuykrpMiwEhNo4ZY7yyvV1abyUx
- b5kGqnWwFSrjwjGTn8m5rgkXDbXkRQE9hYJKhq1Zy7f40jq6Q3UJXQAReZz1G2I4
- a4xybkjJAoGBAN+jW3EelZea39nTZ2ZHw70sx1Dz92hB4DklXhJeg8wjcdV8wGY4
- bLWjfUcC8fifDlbBYz/OPQrKljafAV/FaK307jGPPL3hOpKCQdu/7ea9VnUXh8DN
- KwBxBMY3wHdMtWdvqBuq7QKer3pjtRl5LqdI6bGpHyNbKxwS+PzMVGZXAoGBAPeO
- KqInC0R9f8JnA5SAfwR85bZFs0bsqwAiZVTOYd/8dsXjtK9g51Ke6hl8ZHsd3Bjv
- DEPqbMGcbdmSpVLFXE2/l6RrW6y6WN0+OWV+TVqwFd+4CLN7MpOg1QiM4KGN1TUW
- 31P7WcpC1H0tZnCeZmdBxOdX5XDRaSetQ2WJaTFjAoGBAJMcm59q9g63k39v4HnY
- xXshBLBM/Df59azB1wMQZ3SW8F/2Y34aqfBGbreSyWe6Aa2yIz6qxV7e6zddG4NL
- kdO05id1yQhDK8uKohYTSETb0g7Ofr+mdx4gOnrF2/beYAp92cDxjF2H03kYM95g
- 5/6lKQ10agZRB6e9F0r8gpybAoGAcrPesS9iGyQDNHJCyGYZdFzimugEv1IdkXxe
- c0MFOqFh7yMorzI5PKEBWzm13Q3i03K/viA6sCLpCyzViVqFAElL3BUabxgQ4MJa
- GdrBwMlh+TzuWys0Lg8RZlrQIkrzhRvJ8sG9wufgSPfmRTw/uoxQzdh+KR3+mTHA
- zqUypn0CgYEAoqClS/TJabzTnc7IsFfjjTBNgnUDOLgXSIo67erocVBtcFczaX8i
- COR/YBImr2KOhb8jQ9ucaLBXucOBJyPrahAjeVh31Q/wM41XsoytgBERG5ppU2QV
- 2l5I64XvRuecEEKPDsmFFSa871xJNebfu1spt5D6TWyXvL7fJYxGfnY=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-17
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAveJOaETPs8E4ZLPvLfs/qdDk8aSRHVqY4ewYf2nWOo13Dwjc
- X9I4u0xC9sShRxgJsDBmjNTPkOyjPDoof1xz/1xT5cq8wkSJNhfVIr3wBWqIfKwT
- Gb309lW15B9zocr3kJ0VkL50jVCJU0SQz3IV/h4roo7fkIeIg+dAyPMobaYEYIf+
- xbHjIHYemCj8IKV1Bwttb8swqVg1QkNOydwJaQ0rBc+t7H1sZCm4k92y31NIO20e
- NqdV6eUJQbJjoXJzvkQb2O5cOdJH7ryas0pjaBYBMIqYUWyl1nZmwmQtqe5TILpV
- TgXs/6u/zJ41Da9yeELYtd0no6+gKKwLse6d3QIDAQABAoIBAD2om+9N0Og86PQC
- Xbtfp6eb9ovk9V5DyfsqsDXHh1ISF8QhC3ZuDA/9zozVAs3UJ2k3/kTi4dfcj5EC
- DZ51xhD4ySGIOM0YdjnDeWlDpgoMMu/Q7I7iWQYYhOzjraevAb7K03Lh9XTh3wXT
- 8PX7xNp0r5SkskH7UMAMOsRF+S3JOEtJ8f2jDGs8Clw6NmXxELbyEw5fE3U/kb+R
- IwgR7Yk1rtsS8VRU7XeFha+RGiiY8HXpOO+Q+2EyEK628gDma+2TqKdiM+U9hFnd
- 8lPIsJeDnwc83LoIwwGjPlQwdkj4rHH03sNXWmtPn6+CoJK0x7WqG0/uhTA12pDW
- i7PtVWECgYEA8LOH2n+rleKklnGWknPx+Sfz6j6+aY0m4Q1sRF0g/un2u0LXU4J7
- zLc0R5pj7vBejuERu1IKUjKsrHgLtWzNTeM6J72i4SErqmTzSFZAHpsqOTh11JEm
- YGFjWG+4+0PC4YZQfmTBA4M83ViXqJFGAphyJymCBbsAfknwsPGAmBkCgYEAyfPs
- dULfVmR84pLCKZRcHiAW/sPwz6vWNJdZ3dEa+BPdsU0hqFysr4+qwnYammxWnpbP
- H8JFI7xymUlosiEOUu4iepup2VeYp28Ty0mNVngolXJi7s5Rr9RYW71ZVJHZbv9K
- A0YD62QJamvRVEe00il8c3/lOtNFZUZsxW+K/GUCgYAwdzXHnSVjjLsvP7fdzVLP
- pGfMps2YWz+U2SsPqODX8ywnEJJi0kczNUBlmoS8u9GOW2tCmIZTfrieEZ3p7fp4
- 0GQJVHnTcuZj7Oe/jP5kK0IZO3EeWAuuJG3ohLZugXpgBrd2e7sRhf9fYlNHMdky
- 9Jcno4f2t2ymASVhu371IQKBgQCTa1vQvWAK0I/ZVQgnEgWseABROPcwoV9cRJ91
- LI9jSB0ssAFBxWTJQzaDfXMuBqe0XKIVrNqLm6SMAOpMHZU3NF424iq6XRcyIgNx
- AeAKnuwBK97MNA+tKnTVgwMSmOUAAZsliJaT3hKBfPLxcuasA1y1c0cCCfc+VopQ
- FXx/gQKBgQCtsAaX+5MEe2KvELiVol+soyi57IdfW24yzQw3vAnhPYgw99q8lVH7
- QpqrwNPnvS62LZisI5ELqkRjKqinpMszuXRzBHPytoM3lWwML+Jtvfz41POIAK+z
- PEI2NsZUVp10ZwZ/KuhcAeaJed43EPvyTyKJmtL8RFWJYtm6HbIkKw==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubelet-cab23-r720-19
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEArdA3hVMLYwQ8kDRRZMNdCkue2f0015NnmPOqTSa5m/5NceHp
- TEojrzN4MxwlugfrjKSUmt5NokUP0fY9fFAwI86MWd+xT1dg1DugEDORS7T/DmFH
- QGZ5ZhNLJ+Xz/hAQd8xoUe1mCC6Z4EYjB37i+Ov0Ek28POk8hAH6sDEWdwP6op8i
- DZwhEqgrdMikPSeEikxnZ5tQdPnPT17mYAyYIqLYYyDb7tFlokGc/BfDHX+ifDL2
- +tpnsDINk4AOdWkyU1UG5Zh8Z9m8rVo9C3O8R5vI5T/8lr1YMG6TfFCtnOQlOeac
- wsA58rMbmP0hZSZW8Z3A184g4nB6CVmwXjVHmQIDAQABAoIBAGqW69VpDeyU5ocQ
- bnG6lM4BfdL0wnkJPli/5MoXW2/cTaXvAmD0flms2KOPOVuSC9NeAnvOpBFFBOSf
- eylHC56Jxew/j762OP0t64TD+vBQeLFa2pUVwpDkeAxpqm09cLvmsHq9ePq/iUHO
- ASFRoONB35Vx8mPwLFpP1GpEUCB/XucIwwata2F5FLsrcC0dpUlkkAj3TlzgrSmq
- qOAp2DEkvdG39Pt2jlwez/k78/tk5ZM63VCM0CQO0GMkcntLvL2tRa7TpRqJ1EMh
- R5ZOJA+02+88BbYl6yZzzurEbKobkkqMWmYlLa+EjbWhxg/hV2kt8APFfWtcoj8b
- ntfLUwECgYEA4UVzfuN/watxmCaG9GD/5dpust+h1HynLHfiOTx8SN8C6IckpqTS
- 7Pp50i7yb9lvfNMKd7WdD/6to58LkNNyT9h4A2awFE3Q5y7Ly/GbnR1bz//NnipM
- E6VxdKCtgs4EvWAE5I2+HtLUlfNsUq4NdJMSzF0FsK5dfvegbb6pG8kCgYEAxYXW
- SEwcFExXuOX4Vk+DD7SBEToGnDZlTJfd/WR3gOqYY5g5q/YH8Bi1Yg6WycKPgqU+
- jvggbqg8n8EIfN60crHViibHxL35GHj0NocF+0dkWIStiakL6rblSfo6pLI1E4CP
- ogzHlPKhOX0ox13i6Vwm5DaQ8AAiicQQie4MFVECgYEA1GirLXMPzKp+kquJRraL
- s8zR4mHRcs0SyHBF5BgvTHrTgDOlkGgL5p2K7m+L84D/iaBo11Vswl8ulQBrZGSr
- /bOr/fD+iDaTitjqGuQ3Cd9b6fVWiRNy5ndyUjkLQjJF79aw5lzsbp33C2kas58g
- WtIuwHnZ2q2exRByueg0BlkCgYBFZG+TlqmGuAtZefF04Ro6Oj/dvXT1DGcqMXBb
- xR/2unQvCRu5vgWr5AJVIKr41tF0JHmF4MYEGjayKS7CL7tVUASlNFqaU+NfJZ8m
- SOlhDgPC1VniMvFs1DRZeP+BPNpIr7HGTJcRTOw3NjFNWT6OnUFMi57/sgxwOeFV
- k7vLAQKBgQCzefkNjxN/NOBNeAVgPO9xbgNHiCsV8F3EpaII2jh3UYDaca2QlcQe
- MDM2/Z+zO+luZWlemlYLk9Z6aSKpuTC9LOdarrzWrVn/WPs+SsUFffQolQMSTet4
- DFsv8tZ7J6u6p0QNVnp0Wio5INnOYLErTpsjo9ELAPh87gKJP7ePMA==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: scheduler
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAwl47DPZVsFP70E55VqXnP8SXzINwYpA5tbemj3l1OLb4x+Mk
- F7llLY29VIcRwtGMSmiLU5z8S9eUcTxe54eEHRekYQ5s2iuTHWhAvV0zFeYrgaFE
- xnk9d9HSk5sHAQw7euQxtkO+5GCzJEcggB9hpTO6vDBytsqFSuYGY4StscnUuK/A
- dumdVmtwQkcZqpCer9LqCrQf/euDj51TB4Q3ZFCg7wN+M8VuNWUq50FMloDqVvmp
- 2jtWEqIl2PbKYmtZMg+epmKTumsKPELMUMavCLRAvbRdC3Pnrvro1ayzKYUE3j/y
- TZXEjMcarNtQdPvRBxzt4oNGuCj8bM/U6TSTPQIDAQABAoIBACtEiMao64hWGb9U
- SMSWJ/VVESmwtMrsKjyehlB4DDU03gq5MKarWa+bVuNDMhv5Q86omSNi1fMYKW5P
- rxzBWRKU2b3VVTv36Ubpl0fQQHgGhfbUbJf2E03iAotjPlroWzFPLRXS3OK/+AEC
- aGS9F6KL8mzEKDUyvhtfO1raBUSHMqjeMwZXH0ZDtCVdeobF00/QpWl4JLpHiTd7
- YgmjIMCk1n6bZsPDCiDzTmpYsSBI3x/dxPwg0w9qG7yBIdJkIzjszJtl69TZYIVQ
- MYltqlhMbnyqkn4Moq3iAkiDGs7M8UWkdWU89c8LVkyKTkQXDib8/NnNGUbK8g23
- AIq/Eq0CgYEAydSkgs2nSa9xF37Pq0ViWiZd7KoyyhCDoOT+NDm25DPGSoW8sxSG
- LQmVmlGnKOV2QYUb5VAT4B3QvC64OW96uFuFNSKWv+9/j86z10Lwe0i4IvOZb4vu
- WNQG5OXLkjL9dBRIS7/u83E1/b8bFW7PMMXdtRoQYd6QTP8PCK8/rScCgYEA9oja
- KZhOP426PRcIvmPFUJkuJYqFiyixrm1nzTU01KQq9vH5HzBpdUmLzr5c7PGiR6oA
- E11b2qyx6ZNG7j1cBorFNFMyr8EScdXLnxh8B5nkqL8DnzU9tLawI4xlYN9fDBWw
- frVWd1Wy9L9GS+7UnwaZ0nwnPtXWXggv+VhogvsCgYEAiTnSDLllB32IqA/phKqt
- P1wcuj/SPn7R8EAh8kJXbnshVCPv89Z9j/uXQxBHVlAFgnDNUbGLgfLjrD8btLlu
- OBDJ1iHJW4CsO4uvzSlPNpNv1xvHdAcxLCYk9daj/ag7mYP8z7wU7GJJ8lfQQ1dO
- +fteTbcF8nUPqbo1b5Mv+TsCgYEA6qHiqDW5OwlDF8MlYjYIY6X14mrMoF2xhWXA
- pfAegMZh0bcHtyRXKfY+JhzMygFKxlPIUKXItv0nMjsmBbXGML+/4gXQtq7VRBwK
- +DbQTFet5OAurUZ5nNVGG/8RuTm99v1phZ5GVbrtX7vvRnNeTp90pHveyhGwPLwk
- FHaMuSMCgYEAwp8JVVI1wLceG8IaAPVOlRe+rImvByqcD4MKkAEO6CGZvOPzikTi
- TZl5G6/VyhXem+KX+W39wk3gNWG8P8wJrRQVupM79SczYR/MDttkK+cfbYVqbVRI
- I4VeyTFBygYABeY5kz8/mV344s8fqzsBid5Jjb6YI7SGwqRaISVlLN8=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: controller-manager
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAzlWVrjnSnTNnBDOalL/BGNWinKEeEu5L9kxIO9mfLQNnp8hV
- Nn2W8GbWNLRTNOTR9Yor6zkx5cSeQaht582kvAmKT4/M/lFpvfpbs10pQbz/LGEf
- jQW7nIEknyzTYt+4eizmUMYS6il3VNAc4oYGOn34iYWTXYn76/M6xU4SZEQRmbCF
- Vo9swa/m5Ke1/kbpeCd/q6v2kip24TOt0z7e0PkGLhDY/fHnqwzSZ9bC24W9dNaa
- To02EhvR2heHF/ZaCX2W+PF2RgIi1QYyRTqix0Pfwrp/qsYsDu31N9dNGXj3tV8B
- QtvHPnC0rVu2J9kQO0QGGsgLVLLJChilI1jHQwIDAQABAoIBAAGJUZwCgjb5cwLs
- /3GsG9v7e0J/UKIDdD1ZRBBuBmlnZRYyv6+wL7eKjH3H+fai3Y1eggU2X9C+Lg9/
- GZJoTZm42HbPM0+Re6AWhShIwU3kAmJqNrnuGP+JVqR4yPorgEwomW5wiyODO4g+
- JHjrVpCI75jWjcpchKu1G/LsKeblN24+px80EpuFesVaofIBTjt+MlMwuCcY+rXy
- i8o6W00aRph4YYCWymSkfh4lQBL/EVidKLzo2MhZ3CwCMnL0TCxvb3UTfbfnbz4d
- 4nB+OVfH3GJthpLLCn4Vybq+aJeHoTar62fSRBOoERF9nHdOhbzEVfVhmtUhTv5+
- CKxIkkECgYEA9VHl7fc8h/Ao+STekAbrUXwzPL02G1LdRRyxeHA2cCmOYgHJe/hY
- Zx5MzYHG/FSaPlctwBXK/mvXQNeHq5gGH6IS8tGa1Pbc2CchSLh9GL7GA+KSK+tE
- 2c910d//o7zcOauRSwQXrC5Y0TFzRQ3EJGtkbRnhq3U6TYkC7yxLvi0CgYEA11Ew
- sa1iuxBupOsdc0Vj3M+p3XuNSHVD2jMP/FM35HIhW2NfgkiX8A9u1VnNj9cblEQ2
- 1PCVQ5x88qcW9iypV2WF+esJn4cyVFt3gXubAJaMdfQjmuzSe5/Ywoohc+LKhCzh
- mxo3kakyyXyZxqcz2UywAQVTYIldI3pAHarbcS8CgYEA1GjSJmZhEe7++yJSVvC2
- xfo9PwUxmRz5m8LJY1f9usYwk2mqtF2G5dpVc8c/rPHwD7RaV6xG9F4Zpfo4bXoX
- K0KhF4AniOgqtjnDVvzuzAM63thJ6h8uoU1BXbSO245GPOTxy7tCaAJFQvSHMy5F
- O6eE7/Zt8JBzJ/lPAhofhw0CgYEAjzfp88UojtT3Q6tAA5R8QDvA+RldeHzHjTO5
- xlR0MPfZSDhpJveyWHNrfW4mVS73oT9eWXVNU5ObaKvLkiNS4FcfLoUv+XSr/YB5
- lR7qkxGQjETACiTMPH6uZ3gJmFOZ8SEJT2m43KJ2rZ67im9dBYUE7SjltKip0xdV
- 3mXvYPECgYEAu9ZP2pvwe8wpE9J8948hD3HuaMoaZkQ2/eNWlo1Lr9faAVomCm7/
- EToupvUI9aAg9ZE9Oe5ZJq9IM0euUyAxcNgKAsjWxdYVxdnGmX6zO9oGlFYkuhEC
- g1vMI1+pZUPg6u/KVxwjq0T2kUxlY5acYbg1pyrFVZ/26R4pElUF1ts=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: admin
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAz3nmXK4+ehS731zGx3qfpIZbed1SpZTn3eGKRV7gXzzSku7F
- pfkVEkfN+iLipaqFvOrqui02JO0Dyv5vgRVzog3KIbyoFD2tUSlN7i9YGZhPJnwP
- 0VZgq79K9ptjqHE8+q0uBo/KiqnH87mVTEJkZ6sYr3KXBSHJt1FZokUoxIYP7PNf
- ybOOQ+tDO6AYiU1NRSLcQc7pQPqXgOuDcCMOdnKeat7O9OVWcQGyNkVD3d5ws9HD
- DUUozmHje2mBdTgEqyV8ZeHiuAM8dEmVTt+4a7xT9tjhelhfAIhwZGW32WhzVoId
- AwQ7c/pTREPP9A7zfXBFupdlSI0vnwoXLMsRGwIDAQABAoIBAQCxt8AcOWDo36PC
- A01+B0qB+liW/X7SuMcYJx5yp39X9NiG5aJFtiNXgkwsa/9qWrOuDCe+DAYqAR/T
- nLhUgNSIxnkTBu+OTvqL3+6SDNnRKsb5tyExdmTeGMCUlqv51+2c6ATZuAeNWTse
- SSRaqzAoIMXHW0eDLNsFfNhjiAwQsR4WVxro3Gt88u07jY9kyHJ9TQ2hfZDweUUS
- JW0dDNaaWfRMsBWMLpMm3I9VOXm8/SROSAj2OdFg7dlCU2bkCToMUb8VGpNAijx/
- 4J5RLCIZgNmxeoPi/dy0eN84i51jcceZqae+WF5BbrtC71oGDqa7ZQarr3bKcDyG
- GinTzuc5AoGBAN5qMQIXccU3Mxj1MVWoTRFaDEu6mS8zo0NT9ieAhrPPqCPxHEQB
- sCxJXvm713y3PYJr40GNyLXbq5PM/Vb1fJ8UPZTGUnG/gqoSlVmNg6UOPujpKbKO
- TUahko7JcmvR/xbgpZsB30CV530FkZPj8KyNqrYsQnYayt0SMLLe35GFAoGBAO7O
- OxpF2UMnYs9IJfTtJB4auhGhrUI3k9F+m5tzA+WMJIlI0mgpvlA2fosIE4jtrQqh
- WRG1+lLNy7Pf0P4dy4oxOfcNJlf4hKva1VznpnT+P7UqXhKXYOOUZ3vN7i9q43nX
- GCUs8gL41Cly1xPGkS7oh/cBz5lQVuj0np6NiEofAoGBANnUcy8zOvAGQfs9mRXl
- gaVu5f/9Py4lis7UGo9Rp5vP00NwT1ijtqGJMoWwXTn+VTW46Jg5fsvt2zskVzKl
- t2ot7qoZGoHhKN3c2X0dxkMPkrmWMop4KGL2t4006uWChC0p08feq4Kbzl5557xK
- UFsPXJSTAHyffPPLbvqgoaHpAoGANEvVhZtmSN6HNP2H0mtcTXts5A+T8bxaEra3
- PQOjBtH57laUPVtm4goNDEVogcQK8RkEeGxxtVB8G5gYHI5J1KmTGBc5Hmq+IyR5
- NS9FtLk5GmN81nVwMmZ9gw9F6fxudHA2SW3eUehMDgeoMhx6Dtu9aspqvBhr7/gi
- BHbaMeECgYEAxC9bPwaZamG79d3zTPG8l51nQY7dW6Jn7WkLkiSMy29VGF29nSgh
- kTTlQqWjjPBeIpUC4YTL2dB7PvkOFofGHwPox2xUTmi7U3SmsSRN1aBJRgQb+by3
- 9raGql1VFeUuHsZ5x2YA5b+an590U3OxDzkGDBOU2RdWy9ZLRC7Iox8=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: armada
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA2RPKuABAbQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4a
- KSftWM6U8+LMDHyT0p48BwCgdlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+
- f/OtmgbLtVXX1bkLfcM85YPTVTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4
- wo+pALsfes6Mm6ygM/n/+z1NUxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZk
- zYqGNAZr/BZS8mgEGapcp4tF64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceH
- lF2xYlK/tg0134IZMJ2CRl4XP439p+yN3H/bNQIDAQABAoIBAEcnj6lkm7mirkGC
- XYx4sioaKx6zJeN9c9+xW1AH7aAvkEip4NVguxIDFRwkWVI2e5XsPCznbbGbVIM7
- zYzOE7aSP84JlT8gtwjNYo2IuA5oogwZ9somK99zHs7fxpHNyBB/MLTi0yD7fXoM
- sxQ8XhcjFOrMg4EJNUsu27+/C5S+5SE5uffKE0H6VmeeyqteHZmPAimidQS2jwq/
- tHqDQ63QTMhZvac2b0szS4dDcr2/tmUSvlph6gaCmqy86QYwpuAPGmF6hADoQXAq
- Y2aTIM+MiELXwrmQBaVRZ7JWyCIj2JEOltVoZMeNSDSWrJ2WYljxFC6iROFV9Vqj
- PADko4ECgYEA7iF3LPLI0s7PeK2auhB5hH2azSJZ8qAtMgA/y6fjRt9+BPE3TcX6
- DxoaI0sbqpmkDDVXQgAIGxZAHIkM517PI4glxwxkZRnC8lBY4ijR5LP3cwYMIRym
- mky2bV0DbnFNvzU+CXHonD1Psaw7zJYfadgFDaRVc9zQWDPXpd6avMUCgYEA6V3i
- 7u5Cf5T6o3cfuhyyQCiHbv8QCPt97CIIUrubzVxgjFqr2G1CwzIOu9hQbSCHWqwL
- rrHDeunC9aCQg34gboneE1KvpLGDjnOBCXBUGLTMnEbFHncw+TlGoBJUb56G0dHq
- /5/PH/dABl2JOlSrvJT5QWrUO7aByogqqK/5a7ECgYAo/We3O/9nkiPSYQe+OXHB
- ZaGM5/nVss60yagxlS+hFn1pul/LqmV1zgdrxdT4U8QSOehQOxMqHnVgtBKdjQtY
- 0Wm3TqHFaV7OORhjraUbmgLhMMxLstPWwZexUY5yp1w7qp2IIKxqoH8kVUJh4AF+
- RanxBDWVYRAX7qyTJ7M5BQKBgF3T/+AtL9N4JOYAiWMdEpY1NW7tYpcZ9uEwNcR9
- 5gDFuZP1CM717zfoMoBYUs3tnD5amj/c/Um4H0j/C9uypHuNNxrxzekb7lciHamb
- 3lQorXPQCIVdSvWJj9ngRM60IGTQT/oDWRXzJWzpwrkPPhWOmEEzIK35jWnPIce9
- KT2hAoGBAOgmzSvdvzdMcXeUGn0+AaT219vR1RBfpyk0/jkYVemWQosLSEQqbxgw
- 1Th1Z0JO6277uIbi/BBqgWLhRjjQUIavKHnpoNzUa6pIRh9lNywX7vEbRnRTXpsV
- t1XJYhUX/5XzT+6ANUCjYcNUeQi1OpUmg6UD724jcF+2naRBDLHF
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: apiserver-etcd
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAtMEFupWKyrzQnR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoF
- z/WY9OI/oMvvsr4am56CN+m1sSPOFrJji0+fkMuO94/QkLZEioBgzJb1icI58QIY
- W8jWvoUYoxJPVNWE2tEm4081Bs4rG7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv0
- 7sVXLyIHelVEAlTu6Q6OH4rV0mzvHY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZc
- MzjylQN2Svgt0TcgvzhTQOenfOkDe7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4
- sJP/T0KZ7MHs0gm7jQBL5+O0AZoWPZgjq03OJwIDAQABAoIBAQCGqsSU5bNZJuGa
- HbplevFToB4hlMZs8rwaStMCU4WhyAPpDudDr+w8jo/vQeGc3wu945OLCsGGb3Gs
- 8U0+zpzIaRBkGy69kj5wngMAinv3HdDDYdc6EuEDYvAfFpYqU0Y/LNJ3SlzsbBAr
- /+nsyXukfMCR9JkWgDoq+68Ja/oCBxtw0rLxrLla5qaYCzNd9W07/je5nknaKkmU
- h3UM6eUQBOUDEzX1bqYIUb2XMgdrmBGeZ2D0R/t6huc7qjfm1KXktQbrkWCUisXj
- 00AtKHhIDOIemdb6rt4DBc6mZFcncTOq94+0IoYBm5T6bomngg+bgbwYxprrvVeF
- 2SL9T6uZAoGBAMV+M2MV9Babhb43TsFSTfLe05xMAl/VkA0ODRJvAOayX0beWhyp
- UQBbij+pDzIkt4ylPr4jTGv3yQLeORhZSKUnUc4pYfho2iaRP9/IoV5ChF99xJ2N
- VUG8GSeYAsWWlBBzMBkpXy/CcX35HyytYhhq0XieyudlZC7XgVY5rKSLAoGBAOpN
- V+JqB38F0EHoUT341SoeVbTV2FtEXGOQS4T3KzgVhNtJwiovHFfhTIwmC+R3ZP+K
- d4bDm22o+dOwRMcEZ4eGSiY7fizWX08tvYrhsh+ZMPIhRB24m7RTBavBvSIKGOIX
- w7xNUS9kNOrIY4ZWv3n/zCokxmGBHlyIG4GfWwRVAoGANEfNSKy2Ggn/pLQ1d/3W
- vrV4JUcF1eLOKHaQxVF3Vprfl/4isrWryMFy3pldeXO411WjP2hOwcIth0HWsXhp
- P7ch88aGteDj5xPKae5NsYtASZscomyYpjcqHY4jJbVP6u7jS7XlCdqaerOpKgWY
- E0irvRekNQ9lLvVDutS3vDMCgYEAksBOw2lVuKGThzRTblVkbjUByXoHQWLX2ySN
- qIKHd2FDDXZtPq6zOffLUhyiZj7B66x2oNnziAPGNmi5K03+6kuaNcgdh0fd+mHT
- ziD+x/vTRFTBrTvrik5VxvZZ1/ArFbF8z3w91UkWO9e3PnUnCOrGnb7a4kdVFO/L
- Cq0c/OECgYA3obLPD4vXhSmAUCUI0TD+CvA5gUUmk2k5Q3ZaDQsSBbfMPvpq7F5k
- yPCPD68j8MPJ2vkr5j09gIvGpgMpRvpaH3QFH36wxcYiL2Q8IZEfy89kTDtrLNP7
- t4EfrgquO5hcsbfmxtu4xVyVrhRnejOUjoaVLB48bO9Fp9bQKFBUgw==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-anchor
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAuPeKvd0k9+0Qt/NUFpmdWz7ztQAHLyQix9YDrcnXbNV8DiSa
- Q/GTOvdnKLZgQXa10RXpA9s84fSxJO6nBN9PP6EjS38nIZMpybjb6wnqW5Dv/aOB
- s1rswMkv7vFLtnQQNMGQu+W4t+9iSea2vrX/49z5QPZkYS0J+6GGmktfBZt8J1XK
- ZYjYDsSD1OIRfEyafVJT1pARzXagnH3YwYuVvpaqcpICsnSIBi0QWr5zDXgfQQ5C
- 89U1NJAPt8DwWV4hCzjgkzqz2DEBwuFSopNjCZDXX5bqgypJUP3aI59nYyEJ3PvG
- 40KlQILIN05UmknnMItxwTuw+IqXHb7tOTbhQwIDAQABAoIBAEZ7ZW3179ldh4pg
- +YDnJlQXx+wHx7UJ8wrtHVfC2wkIzI3jGrmbOzwz/CZCYKlxX9T9oV4r06ZShJIL
- Mq+jnGIlt/pTyIh9uGW6wGpuy9P6hcjD3m+GzUKlJ1PItM4gqfBAdjNzVREZ8f0x
- Ih/H4Gtmz8AWY6e37t7o7Q6se9f5giJIT37TMnct87AxAauIrOljP/WiuJCTFPZK
- YwtXpP0ETNtrAdcJpgGPFsgsvgMpuLybVyjzXFaT1EBNjV0HdYLRSnikiyd3zlKr
- lWyeOBw4IrF53ArZf7oRZtuMH6yjWQfNzdgXRvooPGy6lBhHJehpXgPZJuMp3ZN/
- zoy0ubECgYEAxhYrI+17haRa89tcnoLQk7qbqz3LBd9yS9Ep0E3eQPyx3kvuc2iK
- 5e5CLDgNvaYDSTorUUuE+auDqJt4jyuPh5v/aRBECFVXrIPy2ey7dC4ynaPwH+8f
- kYK3t0dsPBBk07RVfh//EmZ3Bh9LwnvT+xhXY/Mu8mQjp7vKbAMDTZkCgYEA7wtu
- g79Hlgci/tFsFuI2BGw2m+BYkVWLzctInsF/A2sqrijAhC+0tNnLijXdWaCT/XWb
- hvN6q0XMuZGZFvcpDzyocSV2oDwd8g/ULTLpA5xfamDaJNTqVDX2VRSnGKiOk8J/
- 02jZKBUXBKTj9n+7BdbpVFm9SoYqd3jcwKPdVzsCgYAHqLfGTdpm0nIJ18N/BYPX
- EnIObvc4pOkgcVfyi/A6BwtBkyIHKFWmik3Ys9okKRUbcbpXDFp55N3UWR6SOpb0
- IV4Ay/Y1dEdNjlSHhJXC6j5exgX01iQcVjeQSJywvdmILgLYO5h7N6cGf5NIU81g
- ehJ29OIt0R1n0OUExCEOkQKBgFr/Sw60Hhgql1PRfQgpDM8aMp+cA5svqYypufdV
- SXiPryulL8QiNPQzhJwUbTLVQgDWaGIzBZt1cr2hg1mOtP6r5KNN056jw/KFvAuI
- udM6D8h7Hg+vTZTJBgDVX9avM7dj7y0XWLM9dAm8i1smvJc4fJIzpy9ba4cXZ1Ge
- D4BJAoGBALYT9u2Rk7bNEoJbInZhmtqd9kyO+PBPzLA/ZOzzafIMQM59xJwy4Cui
- vqA7EHvYJSAXP0CiUxP+X0MITbGTyCzR48fiFi8sY1C+MQaOO06IFapxtQda9r7Z
- 2NfJxVxgMFh9Y0a8nCGT92BlNs/Mn5Zo378Y80Rra0av/69w6HNF
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-genesis
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAn6CZw9xwsNzdud2OVb8Ixgwe5OiS0mgBKU3bo3bn/v16X3dy
- vBs93Ar7IPegW64SOaeDzDG+yR79dObL8HAc8jRCGgnJgyfVqsABanZSyzZXmQmo
- vn8lLPWW1yAF9/mWTduEs4YnFsSDIoD3Ptc9W3OYL1BetSlUTYXIHI7Y8wS/01cC
- GPFTZZ/xKY2N9sdoFohsKTZuyWWtbMb4ysAIx7ogtEnBCZRz5LoL6JutN2swsM2H
- BqKFxPom9YxWnnFiXNG5623abzvrWT9oppswqkEeE7NYD+BiNOYRb2OQYlezEl/d
- 0RUJGTpJLFN1oNWu953+tonATz0GiuL9G2TwfQIDAQABAoIBADH5EEpd57Wm349B
- ij7T2IZP4xgcq2JNhxeMNVeecRDGABqFBZlYGeyaT3ZJr50kCLad98fkRusl1YlU
- e8IhBx7YN115dOmnfd+/znGq606NC61wdbB1k4jYtclRUC0KqQBk2c1uESyyhq81
- mrHEpoPL03f0fEHQ14CRgk1WdxrVAiwjfCiX90WI2GEdpIOsjvR9r6ZAzm0HSFY+
- qBSaF593Uo0wmthS1YO/gnRdHQv3XtCxbj0HuQ0/8Mjd9aeNvTBGfkZtL38J84qk
- IAiKWcoqIEPMePFaYiZQDSG7EmbrWTwj48qqSSNav50xo5mrglmWb+j/BAsKfwAn
- 87E1F00CgYEA0DkaqkU3/aOsL56KCWQ2f623gfisZ7EMSdinbA7cGtpPqbwmZxpi
- 66n8TiugpQoetNHSDvkake5oUOT8DzCPfJZ3cCLLOnIHuWS3Ni74LK8/fYZvT6gs
- eRHicj8YWfCps8VcZvsAme3LQPfQS+uE9M4M3GPElDmdUGF4Jt9/Y/cCgYEAxEED
- gSn0QVaYPCWiVecjKSeDdykiZNpQnN5W2ITQDM1ZeF9zEcDOacooIkh75N1gHRdq
- LqrMJAn25ARTjqTnMPOJm7yWuPDyCExNeEU5Gk8H1egHsfBAg0yvtJPmF/yYJbZ7
- 4o9IIX1P7Rei6HwXpIATZ64bKpYijLdMkYTEiisCgYAsmE5RsUlwlSFHgZjmsgPK
- DJaEy5GBE7YiCriwt+4EAkWVgKpo4onVFy7mPwnEzwoMh/OJKWi7YGgPCzvAtRHG
- CSPDbHBCMDHfTua+QAj+6PmcFLK6SLZdp6rr9P9uI9D0o4xKse9LCFbDr095MxPi
- qk6u1N9BL6W1lWp6SNuruQKBgQC/dCU1FnagXxf4ZUZuwyP7+/42ezyAYrINtqHG
- bBqCwrmrwoIBKbS0Y3CvsUKcTJJ9DuCZUioAZnAilU3mdFzN1mfCNEJdfUDAc5+H
- 2xAP6FVeihMntZdZ/6/RXA82C0dqUxGcPedCNHuKcmqMnrJ52jAUDzeVXg2qdQ8P
- TxRlLQKBgQCJ33OZGG0TgPcSW3gbYD9prbsJND/jiaaV12cXYLpeUT2uNMPEBFse
- /ywgQZ5MObDclpYMih9sMRYU3PXtt/uWgSbWHFyzIZe4wzRDvr+pTNztI3+W5CWF
- alT7i5sKrAnaD5xG6bNlX4soA5gHXlBVLbkpnVGTCWk3wqbK9HQN1A==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAv+w6qElJ+K4JAOcfd86igVl8AONU8BIeZGMWq47AK3sLxGJx
- 87jMkjeGg3xEGJ4BvQ1/OqOjmvxvfpPMcRQFZqDEE3Mzr+lZ/po5+5kPqNlz0LN5
- AU7yx0f1gf/mLVOwSh3te2/cEKVVeau0fDKtt8AdTe+FLAfsklINPQD9ycwsoq66
- qJQEhdFOuJGRlgNOTiHkqF+4xw7+gChPUTs+WfRTUknC3nQHYt8dPLRHY/Eqb6Cr
- lw7+1iD252qGIKMlIHl8/FmFDtNM/BBmmg5xeQsAqvu9bGS5M4rOB3Yqo7FhUeDw
- rJJcYcSbB6Z1U7mffT0F125Wpmi2bssfxdmMMQIDAQABAoIBAQC6GdoDJxX4cuG+
- I19rME55uQi6X7YUGK2p0D/CWWjUgLs3UfKHT5Hm0rq3sv7hFA5BgN33QYg6mD+Q
- 8MZUfAKEsq2O4q2jDVa7wFcrNg9uPnXEUNOsRh66yHcy+K39E+Kk7AJFKIGvDnMk
- yS/5Irc6r6p60SBEQubON4wotFZjns3iVPOQaXbtPXHbDH0PVGi1/Rx2Zo/8VHap
- 6FvhekXwy26J8xwdAN7AD+5VpwKTbS6Ef+QJpr6gCp+l7FEFLkAiGidUkGx87fba
- 0hOSnuqSH3jE6b613OCztFbFGhfU/UL3wn9d1PQueHu2CPkWhq2ex+6MuScnWMnm
- Qx4wPW4lAoGBAPEL9RSp5JqpOZykxI/40Mhtik2iXcQzGvH0M5vz4CrCp93CyQnA
- EHEajAw9F9F7YX4cz9osDCUAdZNlY6F5IYUboEFkb+UAHidt+LCSl2CR/+Fx88TG
- W9+6Wndyx5Z+ihM9ZWTxiBWv0gYkTQGJYFzt7gw8xdkDhXD2RvjiiDmTAoGBAMvU
- I3yV6i+zdhMFxL9nehdUJaxiSjLs/KdXDAOGtegsOw4kaui96ckkJI2T+rUzYaYn
- PjX00bIG6E+umN6+H+lHHEBXCVIDmoIB5Z7Y1aTL6oZR2yQQZ+KMCJBj8Wr/tIxq
- Sha7m1q9GHGUygFE+D5mkTNLyqXgu1hT01oq+u2rAoGABqGolW/zHRoovpl92uQi
- glEZK/eakspBJITuYoz8DtEaIyy3sS/6g9ISJkgL/rRhQ0HxqfPqRZ5UncB9VDTr
- 6iiPaR0lQuyU58rLu7fcuEhr/LzQ0woN/wK2eHDM8uP6Unsu7e8DKm2S3p5jC/bG
- kufs06NcYhMJucjcvP4md0cCgYA763crLt8TesxhNzbplb/cj84raRGq+uQjRYGw
- n69mO2p489fB5+KMUOW2ASSYlCxGrg6pyfjDPyiYFBm4kWfMKi1x9KQ2yfxn76rT
- EadstM2TAwlLBs+jV8tEtzzHWbh39t8k46399Mz0xurDiMT5gyl4TPWb4f7xLmNZ
- hH0T1QKBgQCrH2f+Ezv13tOCKuVJcbAql9aKZiXy9dgyrNDZIjwEgbFAhND4gqg8
- EnA+/jC33ti87GI6QmXylvGCbANuE9Q/jA2unWutHcYewzoatC9PLWKfw2r1IhB+
- 9aEaz+5+vlfdV4eVo1wO8yR/WRQH96ZIhclirVUGn/OUTid0vq3YvA==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAwNtoLXFPSdhYnDbtaXokXiXyMKMiTQyndp0IUD5/VqyrQobA
- WMgoHMbMDk0jJBISPVvo9cQ3WvdjxdE+UdkfcK1H99B76j2LO7etLd0OYjhNVy44
- ePAoO7mMBBs0ia62jneNubXtOZMVd4wDNK+WYGKbVDarlwKifc5OMAQFhq5HYdiB
- ULi2I4suzMkVgQt+M/73vUQoruZj3uePwVEf1JnRXhq96q/LAIaqCrZgJfwpG65B
- x8nQDRyhjt6LgVXQcHozz9P+Y8B6XiO7MzbIsErepEBYTiNL5Q4/xYI0iYICG96g
- 1vE0ng4qBeo/APUAcvja9zWzu6OzsPR2VbiT+wIDAQABAoIBAGEjoluRQTCeyjMU
- 74w7O2o4jr60zKgmgYsbGX7hm94aZsDBgsy1NI8aCtoBPHwEpi9FxhdUV9V32kdf
- V5Z+WHm2rhNCbcfUa/cOUypQt9f9J+eLnmI8BOfgU4gV8+aNm+Iyka5C1lQzo5Jt
- cYfuET5HLJnEV7VeXF4ltfg1blshONFdol2jgxXDFoOuImIMfjKwfU6OYcWe0oD0
- 30DZMnHOj1Pn2Z8LGHEZwWtad16FZo1PDFZMoBMucpdgBM+TyiQS5LT61wkFlb2z
- VLyUzu+kyfnJbR84lH7e5O6nEbCE1yTn3hNlPlXSfOEYX/n/VVcwXw39/MWxuHoj
- 1gfAjfECgYEA79bw8yhVDhGuE98Z7brRjMBMgUByBRpUcLq306/LaT+0PDrO2Z45
- D96RhJIUDVjaZ9SU+5gKg+dYAgJa+3ZSnunOeI/iRYzrEROplsXFkRcfRntekttQ
- o8Vk0RiCSuWSwzGRJdrqiBBA/vCpCMMfLyreNHcBMGYxqAqS7V1Y3WUCgYEAzdoN
- A99KGu4oREX67GYd5fsFPf2LZK19pUfVlhXkjLIUZlrQkmWF63I5ACT8sn49Xuui
- /oSNCmptxDeK/aCjG8AdD20NWJUYdQHBfKrKJHB9Duc7FsPKLLoOv4UPa6L7+4JA
- Liq7usjECu7fRUSuQWcUqVYeAF2xd2bw2aydxd8CgYBjU0ukF87pra6+8gUl69l+
- heDpIkxWCqpvqRQaKdJ+uvAkhWJGw3z0MoNnOKvvPx3sJCCy9StdpwBOjLUrMLxU
- rZVhXo0hqpNrFg6Er1D7nmzIXq0y+nqx6DyxT4oeBGc8SRnIaJn6UWjpa7dFNrGC
- cill5ubqKVhlNEPW43K69QKBgFSzQeOz/rPyBpOBD+wxYF/+13tYVgDI+ggF9LZa
- r73MkGRFPcjfCSmFyDps/aUcGHh0EI8VT0tX225/RCtz62lBtTNhtbobLwMGA+0e
- ASrZNjvpnQCS8x9QNz1KrLunRnOIdowIfVIvxaqR+0BvMBwtI+1BR/ryklEFBFks
- k4aVAoGBAJXtXsza1imjQrwn4bmBs9eadcdnFr1fuukzoRJi0PK6TQiek6Zf0SGN
- XMZO+HMUuSnWAHapxOX73t+/qHrfisQta54zjsTQfjNJ22RLucBZ5VyUiWsullGf
- vZIcMtRevKUaFccBzwjry+FzJPzPHPtDiH07qBqjkHdOgqW4YxEv
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEApD2DU1DArQK4PKOQHzfr+/81s+qoss/0+GFLD1nvCDSZvyjQ
- 2YcAq1UASatCqaTBbnInmmshwJES2WYh690ApMS2CQS3q0vQcaH0XqD4v1km8/lA
- XFTwr/EO8ocGz54lh8e6aUyk+TznYgq1E9xWxzo/WCjs4GIf31leeUicG02sbU6N
- ADw3W6z56Y4Th2Wcvjw9fqvJ5tCeBD3cPbvv4gW14E/82DOPFrj7gxeF8BznQ9IK
- qxLxncM0CtnKsqgkJZYaqdQ2z6E10D0ytCxLenLgg/GINrXyDdAFpLUX6TZQMmI7
- k+rOj7IOFCgaPDaS9rG7RPonTyS2/bMIHt3k+wIDAQABAoIBAH0n1uxla/4rRWQI
- LCpt/elRKIZK+nUQnZes5Hr1SH6TPtn563ToOK1XH9oDpNALmc9lNCKrItRQePGr
- r4vCJNxqfmFO8/uX0WbWSJbXydZexJ1EQjRaEfOxGXfdR2ZtGCJpI/dcDZdUPupq
- SGSzEnnNPDodLa0reShFPQXlO/hdNtUDNqDyml5FL21AHbJB6FQav2T/g2FCDT/2
- h4ocpTxmZb7mB3DoxVJ5Nt6GtXFjpSExaCHUNkh/yxO6d2aeW2zcqr1RJEaGswsU
- FncCr566P9FOsLuw+UyLRpl1n0ToCmbw0f+bhb+YuXhrjjvDG8t9P+peG1QakOgF
- oODHV1ECgYEAzheOH+BLbbDguNJur2B4TwOSQtuYB0k0lMoIKXUfuQhAaLIDwaKv
- 2SnuRru+tkkbrtrIvVg9W2lE6yj04s7oBPxtD2HXGUN9Ne0thykl8L3n8T+/GPrq
- 01Pj6hGK8M3dkq5mYkaXesdVTH6ZhxlfTiylVblR6MqVGRxkd0MODWMCgYEAzANo
- FfXqgblGr7VN+M45BHpU6OMGbji4trP67PdT/IgIWXYayJ8lWWIWpEYu0ubauJfV
- m/tI5tl624fmAduXTtJYWBr6PeZNhdOdohsCdzWmwttI4ZqgeKpOLwTySQx+sSWB
- Ivyfmd7aXqKmEweFvb2NBxRdGl96zg6L8heyyYkCgYAEHcpT7qnzBe5nIqTdUeL1
- SQ/5z+MIejjXo/VnxpQcoQKQVMXobzRt9P1yYjub7nfkFTCfP4zyL3cV71p80T8n
- IleXUA/4zDVLB3K6WWMNnO1uDyTk/dYE5I8P1MvepW4AiQU4f0p1RFf60CiG30Xd
- DN08ihgNu0YhG0UScL9uGwKBgQCKl3HZIVMqxxue99K9SBLx2Mzf3IIc1ImfDEtV
- OXujnSHW7GWrjnmH7Bung0oB2fQR3IuvSBixQmK0yfBVqMB0Om7rg4AmFtLpK+X1
- HtYg96CO1PsAz9NdxYwRYxHY0BUs8GZ2xxkBJaRBD8s0ODMBv8gTXCEXbm91leo6
- DyFUyQKBgQDAW8r4Mp7x/i/nlgAGhBNIgvkvOA9NdVPIY86ZTrXGs9xif+puPFGH
- mhFuolJyZI/Yvl54t4apy/Y319CV46L8oOedRD9H85rYtojXJXzUbu04MQeEDTfF
- Sdxqg0YKbhU7SYHMQu9yRfynUkBJ6XC7mn6ZJ0yDwLUguDJhLPPuMQ==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TDLyjizuRy
- zyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0VWHfa9fv
- ag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+J4OuLLCh
- Et7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDiXiw2tk61
- yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8firAtDlkP
- 3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABAoIBAAR9fDRgiLXGH98I
- R6ext5pRYFHA/iqgqXpJoYDXvmA2txfc16POF4MHIJfvdi/Lj5Uzhde3OhSKUykB
- LILTJx73b8h95T7droIFdnpgmsUx46chmgfvVpAyOzmcmW0EUzUcmpEIoNRJd22U
- pE0NY2rGzMk0tI0ZLj9AvUzf3VWXy3OWl9v0y0XrGUEcdMwWP2MuUWI0yTh+GbVX
- G+dtrPdN4spR3+NgrSb5pcrgM5UsD/u2fDOfqd5u/piL5d6adb55csTnTXUj98LJ
- rEUyH8X/lu+yEIQKdUgdyftvS42VQmMhhqCLT0bFjW91LDECjRgh8IjuMn8zjQJQ
- U990mlkCgYEAwymfVcriPr0X7od0Rg8bhgvj4Qqo//S2nimf0A8UPbHeYePQHq6z
- zSw70m1qh6HS80gLrf1IxYyo3kmlaTIh+CxMwAx23VaCRNSwIb4Eq7gjXd9aXB9B
- +G5Ig4QaL1jzI5RW5/nYA5D79nfYelR2/Nw9RzGtSZlY1eCigOU3HwsCgYEA4mVo
- KWpsQ4DWdhOmv97GzOSIX2kO/omG0ubuX0ASsWxp/82Lm5GmsrOGcbLdoiZBXePo
- De7mtCQGq+kSbghvAJpSvxbuVrR7cwDOHt/lVkV/YfGe118xGzfg0OQo/nn8tCJ8
- aVcyCBRexPmUhMbbJ/4f8StIT9dCUmBvvFpVQd0CgYEAifXKZONeu+sAF+Y5E61q
- T3/oPxVCEm3zCityhamjLVmnUpuwa4AkKk2ynDYssGR8su2jFAOQhdXBKiH1hD+k
- M8NdHgWxoRWeUPno6HFi6+DnX1yci7Ks9+k96Xpg6EeA2Q3rwWCkiyDafIiLxy4e
- TvGBf+pmDTkRy19YgLWIGbECgYBw6NxLE32NKPtMhj56oLOLSkrNMss8nQA1vOCT
- dpQcEpLG9g8zdi+qHijmGau5i9S768c287fxjaoaILKFWAVsSosMLHaPnZGX6IXk
- Fgv9u8ls4qEyjpIiHfssky3yxIoImM5thwQ3zVj6afLtSXPRfUcW81wsHZJBHUF8
- sZylrQKBgQCm/64/562C4cHumLeGA2QsXr18E9jWbRrTVtzrNNBU7RpSbZpBLdDr
- bGl4S4c2VKCDj1HK7doFQ3Ko+jeJEiCwbW3Sj9CP8zDSPJb4BZV6cgw+1nzyXtjT
- el0b75sbT4J2n5DZHR14Tos6vX4QDHCsrCRclh/9vdqouW8XyJ3I+g==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-genesis-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5duX2fa5VM2nVn9xxt
- +0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXXs0xhmkT9Cw41ca7k
- aK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/zHLUMeH2CS7jwxcD
- AQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5gLmtYKAn6KTrDb4t
- RVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS89/lCZM16e2A7e+u
- sJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABAoIBAQCxt4/xF5lnUxgm
- z0S4NkwsDfvlpZkNXxGNcPTQKhwzRkIhRGvfy+VxLhMl+jaRYVvg10WBAt0XT+ly
- FyC5JIHUDD4bxfSgtapEHJhFc/rhDzLYxerAktjTsrywyN6jp3aKA1nH060eufkh
- rscgLD48Lat6FoelkfkQtcnnQZBjulNelaHZ/poAcb4bONNpoISUeo3H6UUEhfO1
- ezl1TrCew4JkRupHA3b30MFA16Jrt04TfHjCCP5kPJOp9nPOzn9kbjqFo/Omol1j
- ZgNpXxfX51GWsFPqj3szJWp3Y7u/7/dN75LeRKRSO7W6/lDjWHcJoiWOqReRdgOf
- qONF8k41AoGBAOyugjyUMF+FXiFnPEze6/mzTGqoi1+czHdsFEgDw//R5AV8SVqj
- smJSIEUpd+NsGZqaoQJo7vO7Whm3AykWArRVUnn2F+eTH+UJKBNh6HYM674KbADX
- kKXrzS35HEWH+2qol8/+G47IXajBupYrdPLZ/BGztNxq6bsbSmyc9my/AoGBAP9J
- stNS5AtwjkfzFAjp0T+S1xLfTS9ajeXwQvW1INNg5ZPDXlrrkw1B+MSbMXwblicN
- b7QLDYye3wCquKlxfjv9jFsVHRz9ZPRmsIW+eBYUcJrkm8dklaGbLH67RTK3BBEF
- eOa+iCwFvtq/bGXFywoOG2TekbsHg1T3BhI6DjXjAoGBALCCGFhrP4QNJz0MC3lc
- imlm4OduGLrOaeHp9VobjNE8y6uXm/D/wan3i19o5KLzXEjjZo4wiXu1TiV9Sdsb
- Mhsgwmh4Mi2emBur73o8+ysGycypYxBhsts6doMBk6b7GXHal5Ui8ZRTMx4GlEsn
- z4jJLmZZOdlj1jmWybMkf9ZrAoGBAM5Y1sfDj3rDru3vSDlwLWeynE+v2Sa2jk3W
- 53jNwEu7XbYTS7g4BDPKKHdabiQ/9B162dhwurH4VI6ob/zeNMfuyL1ykoa1Nx3p
- xzND4rMOMHqy4EvKPLxUviFt45/7mLjdcH0qcs0Kk9sisU6OEvD8uB3PXYIMr5ZE
- 2U5wSL47AoGAS70CpQdWI+Er76oDZY0UWEaSbbECf9WRsI2WxsWjL1cuqbSCUFNO
- mw4iQ5swS2e6YyTCI6FdxNh3d/3g99v/txN1upaLP96I/GhsaMhycgqu6LDNI3ci
- OJZb3lkvlQmxDYCoZa/5uMV+TWq01oy6syRRk7IEek77KeXjaidTu8o=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-11-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEogIBAAKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5ERkxbMkn99HLAuBFc
- y9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMhDCMkjWPbr2Qt8R9S
- gZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRjUT3EipdpFj8SzC5L
- e7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV6d+s6TEyASordstT
- 4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42eWA8ubiiFcTv6DD24
- JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABAoIBADMT6pcAa/DUYR2/
- DDFv2XvzOMjDBHaBe620ZCfwBq2uyXPtMCoyLynmtMNih5k5wjvdp9gj0tbKDVc6
- VWzExFBqmv90AL0H0ZA1a2jA1laUkZwpdpY6+v84zrXsHcLFDUAJtRufRKBeHAV/
- JQ/he1BZ4yhAbBkUAI2UFFegIppLuzI2IluRahVbg2GC37o4PoNiqDZJ97+XHD06
- 8UQSogwjHr17f5euAtUYSkfJGQzQvk7Vzyn4ypMNk7MjWrQfq0CdFdU2f83/PnsJ
- 0TsxBEYtEqU7FpfX7JmEN6C60cnqATMH9UWMMPqQ3jlD4pgJ5wPxDB9v2B+MEvgf
- +gukVZECgYEA0TDxYYaAYJ27rOEhk8KNikUfonrEuNm5fm6pf3m3/5h7489EZmrE
- SoNieVt/rA91oJv4KpKBf68G9684cYeUGLMBuK5rdX+buX7HhWH/z0VDwfQ0WS4W
- QR7w2iQPN/qRPECO3pO+M1J0q8L8JwsbyH41ac6pfMZtA4Frr93ycYMCgYEA87IP
- rM11Y6oS7f04JB+em7gXkccT3LNvom1QtvPd1swx8AmuNl85VTTLfPTNrye9sXOZ
- x0SxHt6yGhWwa17L9QC4R/xJ+CY1IKYQFY2k0253Pk2TRoMl+TUV58iNy/mjx63B
- bLjsTazm9459jfdiJLIYT1SHbbp90g+snbjzktUCgYBn/M5gzn2OiZo7jAYm73Vw
- oH/jQuf7g6+j29rCFX2TvvcG/Ydg6f39lGYlMYi7vUuZtS6d6woYsKbkBOQn+19x
- D7rxVTLxy6dbhFwmP9rr6+CMz5oeIrzJTlon9fjiuNnte6IJnqPT209H+rthpTIA
- bkya9jJmZjTWo0UmvUvBhQKBgFYJjaMyvrk7OIexmPqX90V/D0M2h/qpl0Y/Vfnh
- y3akjRT0Nf+YSwOcKiOpwlyOqVhXOfmydN4zPaob8jdWNqf/YxB3MB5eTu+B8bfK
- VGEZZRwoA1EnyGZdqag1lGppbrt2yw15lGQwITNRqV5P8uSFxDNt4oqJBxb81bKx
- s70pAoGAWp9hgP3+dawp7WedJmu+j7WRQ2QsS/vm09Vq1Q46BaEBlFbDYCb1Av0R
- CtKbPdTCeG0+uK8EvAVFEoxdrv0pYSJz1/o2zeFW8UVj6b1B1IbKLxzp4+gdQ9lJ
- 65VAekhHfknCYBSqL44yFNSjGWVxG2FFUMUzgZgxL5xv4SNjxQ4=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-12-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1zLIjpz0UmJcNKXFjO
- /2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZiceF7GcEIcT16vbHv
- 6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oPe8RoKniMrQz7Z2OY
- 0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4cGTdS4rKCgdqxPZs
- VwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6uds3V0o4bdE9SMSQoG
- BRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABAoIBAE123zenw3emRmeQ
- 73cvder28hz+Mxx8dFve2zX9LP3wbpwQlgknwVqhWhY7P0T6SPoP1A+9It6tNEsH
- /LgGih53U3Sd8geLVgxXB9Y9XAaAn2beDYKc/QMN+QADJ8/CJ10cgBjgkIlSuEPT
- +NTotjp+55q/Qbo1R2elUJ0NztJuFwzQX6OSqz2PBmRRIdZGJwojHvfKNimgfl04
- dEwt5afFpLBa0SuNqjSSEhO1Z4u7OYMwfq4SqeDsp0/DC4d0kIFe7q3NTNT9Advo
- mJLycCtkgGMGqAC6FUXBnpukLCXNsc2+SHNk36zCI84ammxPSZnK3oI+f+Fr9N8T
- mygtZeUCgYEAyv3ZLf29z6tQD8URXYOtRI2c72iR4PeRTP1URG5/KDt3UBhGP+NZ
- dtR0z9OqdLfUu6JzNOmM3vshlmxsk2R4NrSBMyxM4sOaxVGsT9DjhEfe5XqjQ7UZ
- s7VtX4RiuYSVAblsk0+mepmCSGYvrFVpd7SGFcCjgtzH6EljKW3Cnm8CgYEA10LW
- 9L3h4dK2f7ZqyUPu54WxJd+QtNZbeBlgxddTMpQ95cW0qBrg9S/mQI/MwAEn44XA
- gjE+kD255xj9opxT4nRqaZ6llW+zAPhMIGiZLHXuGlNNwopRwcgOvcH2g8CaPL/U
- wWOEjd+uvtvV3XxV8a6o3ft8wVRY3wswbqL6wsMCgYEAthv0ukD5B5Tud6dZg+a9
- DFJrp5DNxuDzdvmSnu3un/5xdObCJ1DkkynZPhXrx1igvlDoQGECo4zzPgs5gSXS
- f2mCu5ETzSCk+j7icpy5cJQ10PQsAnM3grTSUa3oD/103J4oXSRI+5Y6fo9GV7os
- q1rGLD+tsZo2shscni89OXsCgYBbvqUXEobfVItryzegKE/+ZUCnP63RJTs+6LIS
- ID/ZYs0uzSC+NRaD6bJc+ezuOI/jrPHri0l6+JPvJvuS/sXR0oQ4F+HC2yST2T+4
- 4FvIU0rz9WVC8Oj/imCeB7klVkVmduwasGuifB9iQRfZmlCW/TYDxlfZnjVyerZd
- sSDnOQKBgF2z6Loc+I01D5TjD2MH2BwR/e0P4cuse1o67CZhLXcRSR5cHb5LdpBr
- 6VFODs9DAi6jjUoQqWAih3+kaTJwjpqHO6DdZJeNEzq1wxOSvM3TK9rg3a7ViUZP
- sjLpQkKYtviHru/142X6p4SHsho1/S5DU/nj1pYyjgReez/fevCc
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-13-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o315a63jSqpl/ZtpMQ
- VamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3chY3KtJVnhLwZeT9
- IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DCjTymd2kaupM7HT2c
- dBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBWbsNE3Ffxf4xlGNDH
- te2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3zMET2NbBOgMpGR1c
- oNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABAoIBAF27bz4Wf3NHF3Cd
- IVEqd4IpvBuPZS3CVAL3NYTKVbp4dtsMz7Dzl2xavXNfkA3UZHNemVMvBWiZtrk9
- 1G02f9dEMUkgJXljoBljtgfVKjFXjBcmfmE99LZqkwPImquF2Y8Ohw1LLrp8WotM
- B0RN9zLJ5G+0QGEIf6v4jT2EPAam42AgWbGXZNX0hU8LA2C5m0kG2i6pbxWIYCG3
- JQDrqoc4wV/f7wsjXxEPVxi1GCK2nTUTThStDm27/N6IluR7E/S88wqZfuvUmAYk
- j7sTNVA5PXPO0t8quOEh/wcrQZXh4GNlcqAubo53qXBoM4teKehDBEhpoCIXui+s
- w5MeuYUCgYEAwsieNo/dQmZzNGt8Oje/Kqqay105791CPqpxkTsL349JkxzRnv5M
- oOMqmOduvHjXLBDWcignRc6b+biIHtGZO89loWvkhJVG3mZhpy4vmSIWBfUWSyxp
- Gdeiyq+QrCbvMATZxsGa1NAw9w7xvVVw1BT0vP2dpz/uiH+w76tYWtsCgYEA0Sy3
- Q3Epu3lVQLdziZQhMPfRtbFBlPnyPZ4kyW/pz4OEPVAbTy0UyHqHI/5vJc/siGtW
- ikUoyWYs9Se8MK7nll0LpYOJlTMfOWx7zaExEKW0XtZ1YfM8dEVJsE+aFhoGpW0u
- qMjAMU1kAfA7IrufljsiS9m1xEZmKd+DfJnmFwMCgYAeeR5vcNBvy/FoGQzFWuVY
- enpfKIWg5h+wCCBeVTuFTTh4gIC2/Bfm78NBSqvDZrBbH4M9NtT2Ed3LEriRAb+U
- YN0IhQWqTGRa9O+AJTSjI3cIlZBYUGlc9qRsS0058ZloDMo5Ux6y/qM6c6cUNOLC
- +0hSrObWPKVHy5pV1JutEwKBgQCcUsC7RE0d8HWIIhHUlcGgaPRuxwPuJEWnSxLP
- ADZKgU1IzR87ssM/eGKawcGrDpME+ML6Hul2akfbB1EbSPuGYg8cKQufV09UiQCV
- EowqlswPvFKJW1CozEdf3n2XWufwpYIjXbRUpDPDRxfKw1Fm4takvRWck8gyLvqD
- GjjcpQKBgQCVYXNaCfBbRTi+MoUoYHW7qWfSNnkdjghYXBvPRWc2dmusaK470FQC
- qZ47j7WBcpbN5gsMJrYt4+/nS1Vae9HQg8YxB488hDmi3zae/g7jNI8vyIyt5BoB
- lewcKaGmZ5saAYxSyBP1s/t8W7L/7f369ZL7Qr6XFGMocfc6eP36pw==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: kubernetes-etcd-cab23-r720-14-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA0pU7YYKa3dcHpGZGg1yKzYHt8METRU23ovOU3By4Nx5Zgi+C
- b4s2S+y5lBBszoDYnmrxLCt0hV7/8Atqg8cZCDt1KVGEAKkMTi87YjVs3bFNjevi
- Nt2IToCsnpXAe5cVl7O1TzKz+XGtuiuDwePh5TJXWv+n8cXuvbPOmcU3ay+KZ2Xa
- 9OAUxv+/idEmXsipOTFCySC2mOGxz8C8TwlKrmmjQkm9bDdjsgCzqP+7opGXemeP
- TZGNvAW9vpWcWebUVi5hcrJtta4iTpFNyl6M3H6V2qeK92T7rjX1snDi1i1+VP5K
- oLghqpX7a5XdJcSf8PrHNTcFXk2HdHStG+5I0wIDAQABAoIBAGkSRPq2bAdcj1ec
- IHrS5f78YXjLHY5q5MHNv+zD97ao0gh/JBn74C+qAj66o0+2Ql9pBMUBObaCXDmt
- uIvf/8F3yVHAdpjNwHISZxLtjVBgc03o8IpnpudklLzcA5qnHAMBi+nkZqCD9Cb8
- J1XLGp99qtCg129vT1wgJ2naWXiE6+p435tSzPETJePYILCJJRAlmHiulrTZhU41
- 2QbAwL2rHOnHzc8jsEQS6drY4K8F93KnCBq16wy0/S4wHwYKNWono95cL2ShQwnl
- /f+b3FN6w1HLhxI1Ph0fC9lGXE4dBoFT1i++RR5gI7qzmVT5MJu6DW4w0fiH5TkR
- CzSN3iECgYEA2lqhYaxvb3xpBeTUtANU5+DQ+I5SScbrinGorWtVmMZrhjMdBE76
- rAPVrpXjQTXg/SOwzKXs+4iZJ+p/5gMeaNULgDcLRd4JpjkE57XXKVnuwnP1vixc
- y/FjwGNsT69UqD6jBLqRSwcvQfMxhPpiW36V4X+TyEa78Mg5j+vcSwcCgYEA9uOd
- CCv0suoTReGAj3mYGXSZ96JfUwVhA9PAQcWIG8Ni9XhbKpuk4DQr2aiGY6DG+Ufp
- 8FRsUMttQmlqcO2WEdjHVIzqN/aTm8gRLNLoz2UyC/ujO1JHaK5YMozpCVyyyKKB
- Cu+q+x19ESFHaLsJiiWWxeQ/f8hLvg87LK0aRNUCgYBrLftzPzn/xlii3P0PU2dU
- 3oSUzP9VWX/6l+nNHheJAzR6ThKbL81ZrBQyOz6unqzOdLtu6K9XlGhhMHkRRUyi
- 9phLmjk9VUz1O53NwvNXR96rslHYxFvUe6uUHvlmb9ClOQG5634wDtnCjIYtGN44
- vP0DECVRNG9CNHYU0Bh09wKBgQCG300325tv6gPhVxF+T7TRoytBZsigd/3Js3IB
- /EEguZpj8v4KxsBJYvbZjwDriDdqkuivy87oTFlBwIjPbFthIIW0IM8LB38XyTHo
- xMc+FVBDz5IapBYyj5vK8cOUw7k/ddb8/HTxfeiG5SE3i4XonCRDsy8lRWxrRbLT
- 8zS4iQKBgAvYsplJ+g1Cn80rztTYPh1D1mxYIp4TNIIERDiP1b604UjJ2CrYTwYp
- YWYpOe2MU+fzGpRUd83TALd/Yd2IerEFaW17HBM3J3hJoEqbRZnFE+46fTv9wFrh
- PggsHOwQpGVkk4FSiadyIFeuzZVaTf756fFX702xyY2K7Ywhi1UA
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-anchor
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9
- CrALCublUMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub1
- 2q3Xic5z/Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDio
- wSiJ1FQT0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5i
- jb5xZpdRWjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrf
- VdlGJ2Qxc3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABAoIBAFVOvB+eCfQ3Y3VI
- dxihrpaAyTioj1lLAqz/EDYDOwO4Nr/45HSf0Y5dy0xxKxXA9AkFR9b7mArTELXI
- h8LE9H8414TLpN67ksos7n1zYcg15QSK03ozg3aKodx9tjISwngNxUvupEnyU2p4
- 6zhpXFyNwMDiL0IRmeEh7qttV8hqcjaEBP/wtT6doGZJ8y86GMXI0siqd+b1EpAD
- 8huErkwq4CPUy5JbEJQS1oefdC9yxJq26DIlsKy4XWCIIyY1Na5vONGXg3mdU12f
- whsVm47HlFP05YLNh4New3G7oFITbHL7mXHXC6AW4cM0EYOS177hJIaDG5xuoQNn
- I/898tECgYEA7Bk5F6IudxOkfnqdEG2fUMj+MIxoVoTALLudT6ndGlSy+9HdrXhy
- kajrVAFdw6TA+X4rCP/uAQWnANWWqYPM4wbo7DOxVClh2K8eXkhj/mlQ1ZOWFBbf
- yLiqHRHbAj0fa74hdr4FDfyufNcmw+dDHK2dB5sibFZYHhzpUTGBfE0CgYEA8L1f
- ZnaVafTsECgTxg6S+YBXbp6TWRCSswhHeoha9qWq1+lhU0J3kObdzmGTqx8DiDOL
- UrYgCJNafcpGv44p3zCs4ztZFKJFkA62j5prIUuT4OIU6lgRs835qbnTQEEIPTsu
- 7S3CDB1OKYskL0AXbpRCNJP80jgtWLpxFEJH1y0CgYB3yKxAo1XzsBGK4eaCCTwF
- HpRoSTQ+gQeHKoC7hDDbRRGx1V4kvrFR2WPbsP3DXvlRG4P2AvLbreR29eaEhowS
- utS90dQsIPq1ltNPfmbNEt2iHkjMVHahPZ+BNCfrUNt6LHKJ7gpeeE6GpBnU1qYk
- DKlYzIqAcKYwUPbG7NkHGQKBgQCXDSur3eIYTp5D8PGfRwu/U2EIvqUTsEtr3FkF
- MENrGT3eJch0dnMRT1qDIUSHjXko37aemjn1R4fy/5VuoePx79e66EUXpk3heunf
- pvNrO8G4zAJ1m/bXi/kIHtnHKkbiLJ1gImLsOQMPHAgDQcKyFoKH/QcYXDlPwAQt
- wvzSrQKBgQDJpkuCxh+aeOlYLidbxWxmmBGeyYj3INTomLi9DX9Upy7pnVOiQp7s
- DpQypBVsyGPI22qkHAKG7goOVlWm4IlJg3sgaie5ZBhac1k51oJnkm+nIXzhunIw
- u2dRGdGRpIf6VtQn3ZCLa+SZMt9cRcmbx1hh6BiH6Ed80BdiPF+kMQ==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-11
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum
- /ne7a8qFCThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWp
- ukgTHgGyPnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctP
- W4HvviwqII/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58
- vZLxNm3YZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9
- J1vIeFvL2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABAoIBAAhBgQc/YPHX/W4B
- dP4mi9A1X5V5LHoflbcBedQGA7SHHGB23zFuUvG0mkzt7rsfYMXRiVe/A+p7HrZt
- KpKi8fBUVFM6aOePss84t59N84GB/RaXGRn2cHSiEu9E+K9KE7q74R0JMIoJgnqV
- /gGYeHcrdCauUyEOSP4BVBUv0itzg64CDsfQrwNNRr2wQ+eHC3kflqxRqiT9rf41
- xgIsWmNhpMfDKNGlKnWC5N5N4Rbr6HEE0gzTNK+A/PTP86HmlUDFjoT5SQCdYFId
- 0Dlxah1cW2A6Nel3DNPqlLTaISHjRv1Sv/4BoSLpRFq7l1pWG3tBEis8NEeV0VF+
- Lu7o+JUCgYEA1r/O5M/T1mvRmgJVPdgamYSJaorifdu/LYzpjl339hifUVlNfm3x
- nCl6/RKI1mRvvtYNjra7qnn0J7i1Yk5PvumUoyCDDHI/Hdf56rlHkkqUZHbpxEY9
- kXIceEvfB+nw7VSwodXpYO0SBNb/rhbVwFKLO3N+0fyzQ7DeJmBwQbsCgYEAxifo
- YKVcjeEn/SCWd75GOrD7Hh6/NB8PP5S/7qXDWxf/ytV2Eok8GGMzYaQDrTN59sOA
- UJnQeO/HmCWifVRI/g/3vc4KO1gwrOKtEuv/BHPURh8T1zcqFvF5tawtBylviA04
- z/P2whq1+fm9mvCEA4FBSj+pNHOgPqfMrnm7XL8CgYAh+uO/7Oq2KQVXezsFuCYt
- WH1t8F/6TkUn7f4e2tubgzXiZ2ENulPaw+2EEeS5F9deuPwYMu3rAbUSe/WngoC3
- 0roEPea+l21JSZ1v+LVMfqSQaQiAWCTx2L6MgmTeGbRXuWjhkrmE7r5FKcf3QgG8
- ltMVKydMDtJGybu9EtFwdQKBgQCZuj4qND+Ahou6cbyp+wCK6eB3do0Jh4sR3Xml
- UA4lrpGwLzhhmvv3Q4aKGm8LwKK/EN6MKTg1ingDDjdoGapjB8pAAwenEHz6swRo
- aJO4RZAKMnP3BAHwOLgefAuWwcuX9gH8Op1V6tkArIIvIKaZ/X3Ed2zylz1bPlyp
- gyEbCwKBgHdMPmQdJIdxrv1yqWRlHrXCS5nr+z98UEdlGqK4ALYsDxA1cGQMZrnR
- bD3/3P8N9Wg3KUUNDhHRm5hpXvIpttnQ44zT3hk9JDylqKHJ3hn5evzum12SE3Z/
- jQhAm/W4+ikyKFU18Tq4dEZanAk9+3AabsKd67beTvZ0IpYHwFjj
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-12
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U
- 40OZNRDy6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGH
- nTGWId3wZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG
- 2FZrv2MBv+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqj
- cmwLakRE2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPk
- KHS62+rSlA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABAoIBAQCb/+ekW0WiBHFA
- bZt8D6MYyLfpgGfcyK03tcmXm7a3fXP/W90WU3gQBJ0S5vcZTTCkzd2+O1yJQ4sR
- n6CkPRa7IuKzMsIPzoM6foZH1jmp0/HCcHCZIfFE/8GDYOMfFK1YDdEO4khhU1h9
- bfH5dH3icO7orYiSfKnFBJDLa2LGyClbC146r+GNA3cdh3A3YRyKLo4hbg2PqaZu
- nAt0Za/VOti3fVyeC0pIJD0s7hes1MoT1bPj9Szw/JXBL+6MwxBm575Hi/NtN0Ad
- akgZ/w9sWoLpF5xQu1wjE9UE9suo7jKDKmyHK5JyQrFKcdzrC+H/2+CeeSbVdegK
- BtGCw7pJAoGBAPB1XhYbLTUSBpXvElBjhYUBlKOQi50pX4CyVTCxUo21uAbrefNj
- Vqg3HqRvIkpvaBU2c2jonTJxi9UkUW/u1v8h07GEB/duq1dVxSrnEJCeOa/PsOkX
- EDKJSO34MrVlxRJTNT/WOkSSzjpGfeET8Ko80XqNK/EbUbZzUqiVuSO9AoGBAP4X
- jEJVFHBoSF7UZmGacaGBOa85vGDFLc8VmNa2ZiJNpYlWLK0eC9MU+mMDSSa7RWau
- UB0kyXIab0ixu5CFrxYlSi7oD1Ji7wrI5Qjim2HeFo7cWGIfpRmg8yGTFMheg88S
- bcBDGJ8XeRip6NypwMUrP5vYt5WjDmQ+XeRN9fBXAoGBAIuz5OH7EBzRSDo8F+vU
- pnJMJMuS40qACxh+g7gyjb//X9fFX6jkgihhPdBTMR0F9Pa+F/dPjmUMSy2eWCIs
- JYU9ZfywtOAw0COBlXgDn0AmbWWTyTjjSWnTESgRF4UEh6bJ6RoZoOjOUjrRUbk/
- GIgPpbUJ6AnA0YyrG88Oje4RAoGBALEH/QwWNQhgT9PqTm7AaV0qKOOh6VLO7qyy
- kms+aAiMasI2DSiMn5Zwrkcf+e6HWcJBvsWfZM8gBdrzIgh+a8+VKYtm2Y4AKiYs
- dA7tu27Dipn8gYPUInapwdvpmvhDibhTUa470UK+2vtJHlnn18xH5qiRpM8X7SYA
- ofA4NRs/AoGAErCHYYRwxUr/F2PebRe7NyRfMBThpsI5AVrFUIkjEVl6KnKozCyi
- q9csEDDtfpL4SmAeLk/GWUzrjsmlCR9AyHmI5pj1WPZXvl/NLu7DysU2c7RtT5a5
- ylKFPtH5XMLMoZ91o8HB1z2BHgmBHNVED1y/sW2hnOs809yXwiujMxY=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-13
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZh
- d0AnXF2JWW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4Yoe
- eV7SUxt89ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/Crh
- jwcccR7GKQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ
- 43rEQLHYfq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEE
- tstsAAhSH6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABAoIBAHHZpmCsBhGEbDOS
- LDBC2odhVK8X8nPsrHvgSfutbFVhDMYuEhCUjSf4ErBZbjeUI2pWKvnp02u41tt8
- PvgnhGNMP9M/QM1dk0wO+68BIWeFV6Eq3M1feSa1vBZiIJ12kKjWIRTBU6yQCKFs
- xO1MalGXsZIg4CULcWTnNrQQPz1oCrjdKGGW/IbsLDQaWeiz9xWxsSVjrpIiGdgr
- 0VE4k8b7BoGUcK5AWgeKQky1+CwwlYqh9r+YYwo77bjdWEqoBjn57kgfYjFUDzZi
- maqIs6mbjUxmAEUBqU0u0jV0nPSYv0tGrcrIc+lSf3J4YGPdSmMzjGeXthj0RgHN
- rKe5wuUCgYEA7cBDtYtUbzr02MtSBe+8k9AzF8kxfy4mYDNZSXY9SKKYW2j1UyOl
- bYfQzf7oeuwCQmnBhwcbiV/lMVs1FF/eG1OAnywyRfDbKgwC/P3VbvGsr8uaZVxx
- 8AGiJwQmIS+RjP4yvIa7v0ORgBgA0ANvhl9zqcTmOyy8ERlfVmxkxw8CgYEA959c
- Y0+91SETUAwxft/Xnt+62J6XCGUtIYQXKtzziJKMAqJJbZHUiOreyWgHP6Z0vs28
- SCvHVlDLU+HMS0e+aRN36uQ/pjdPlvYler+0J/IOPaVCUXzyhId6opruIstadvDj
- nYJxERwzltZY6x4UXUGKQFyhMUEb+X/ZHO3hoFcCgYEAuu0qjycvyJBbB8S8Baza
- 4ICWW0I1Z2AajhJxRf/v6RbloSEhmS9ylm5tLjkYAeVjVWIe5ZIiBV1fLvIeBpnl
- YCjD/OHb2P+o4SM2ikDsuWDMPB9hkgYgEurF2dU6QWdMEcWekHmCTbvLPyIgKWw6
- GDUeFEGaHrZqWytOuP1aMuMCgYAiNZPv7G5PaXhfkK+t1YLWYhZQIui+siuf+72v
- oELM1WIeYwk95+2y1K/ep06JDpgGXCns1o99b0AH4KP2qny1y4i/nLTmY7HNK0hW
- QvHCqwAoqBIXa+mdQZJBsKHBkNJ4qCLp+cFhGcJOzmIOaWNq1skgxytFwLb6qxz1
- kC+hlQKBgD9Q7W63LHvI5U/v+8rSQ+uCYvjV4AvmGEJ0ofjCvD97iUQKgKNlAiII
- 1ZIQgWGXgJ2t0tA1Jm+dBmY19jiX6dYCr/7tgP8GJitReiWnoFGI6pyAQKpvoT+H
- iQD58VsBZApM69KqjvuD670tjArBMeo5wnyA4miE5e3LuxO+b2C3
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-14
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA1BcFPyvztF/uE/f0fbcqJd5oE9Dr4fdPcMqj9+i9GR2lczoU
- 42C94uKOpybyW+voyXYI4edBWyMV5w1nWRnbWdtDic74IwCL6YhMvDPfkEsYwL5F
- 9ApCCYMMmaaYyZYBy6W54WtZlle7QKbv6zQ1rR9wadd86K4AZ4jDsYYdYHY01IdT
- hHCtwbB9Cib2/xaB/w8R1/oGRMsAQKIwIdZNuCIvAAz73P+l9dB7R2Kj/rL27ttm
- 7LCvQjTE0SVfZCoPyu+V6zCofPv90HClzegjvrES3AIEUROxZhwcatqaevGhhyIq
- mC6dBTjwt/T11a5iIHb5GLkno53vtRfs75EpqQIDAQABAoIBAQDIURHgj5e3dp+7
- 9obSskw5xi2RAdO48kfy5UInJYhtD2Y0Rdhyxe2zPH61+4APN+r/VN+g1jYRaTsH
- ps5FBrn5zbGlmHkfPiXnpZesbmYqt/MiINSbYZDrwP4GpaZLR8ZcXSQKd8T+zdAL
- iWCzSvWjlT0sip3semPhZfhHVL+sWV/RWr5KwGXwaGs65uzFbVcIue7my5V0Gn/i
- XxixBh/fLnORYZrdpI7ph0ESv+vzNQIgJblUNvjlBJ2zWOid2vPor2B3CHn4KSqm
- Bu/HZzfXlqoTzMXKs1/GLeiIDcLsjIoyFvYWDodoi55psOu6ypj6/IHB+9udOehM
- pUPLI7UtAoGBANjYXkwKUfAxsQ0hCs8MlJOBfsvT3wrdQp3x5/HuoSjLw6JmCrfm
- 6PNlv1WLEdK1NnPfYEv88SLn6wvOA8MgxCOG+gf3EIB07zlIrxIuC2tvMfsdzQus
- 1FhkGQ4V98CGplSOWLn9WuTNdQOGBbx19I0x+swGILJM1noMVsRsQEYrAoGBAPpi
- 10EMjWtJSoxhQOIOM0A1eR1e7dSw1ubSf1IFs9Xv53G5Uv2T5kxmj0kv+gV4vvju
- 8xT5FecVTzuTEfG63JMx5JnzJUsBSH9NBH11n6NEvtjWBXP0tDsYfsuWtKi4hac+
- qxdCevW9wYHdzaLDRtNCIQVHxlzonMwGMQ7WH9l7AoGAWLDemLFb5Cce6GTMW/Uk
- S9SaPNnyjyoCVkGcAar9hYcaBDFCTweF3g+Om3lfF9SAahJB+7KAGivLSi/AAC5F
- qtZJK7rUqAWr1r0wxfnJN+7p/XCp7g2JaIHAca9wfvFT1J/IEIJci9qw8nj9naCN
- HrcDgjE7bFHbI14qmvo/q7MCgYBnXkbfY/8+O5O7QKs4qAQgjfLiXT5ygE84G87U
- XeZQfCpgmNHaPiTlhbHB1Tyy5ZZxzrQsBGk2bWW4go717N8DJaXqqKbMwErdwz4H
- TXgKP2dKvZCivnNpskMmaaFLxmHnGcgoYhnBOgWZR6iNeXDT5okbVPZfhOi2khfO
- uDeN4QKBgB7g5yg8dJF0hx+npEZ3zEXtb5fWabUvM6o72udnmLtTD9Kl3LvyjGTH
- grCF+HHIwhtA5HCCGScfBTFs7RvqQeeOvjlTJ5z2ZPTEJkxDDneraDSLFS2mgAKB
- RezSPkJX/jx1uaP2u1Rm9OP0Ir43zr1pCxV0k4z4I8cAQiySPQKY
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-node
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAurcnk2DsQLTrrtNrdHsNsMB/B5TLU+35QPyknLyql9iZNHsu
- 98Ew8rJA6wYqnq1yZR6pGwvelxfkRcWMrw9rEyahYQU2sv2NYxhdrQFlXa1FZq4D
- KMVcfXvAMZPViqrPh592LISgemp14bHb0eZF1RBGxjZvkNacUmlkpnhZWc0aFan4
- OA6jfxis2qDiSyo5jgk2YSrQAfSyNgpAp54Oinr0mItsWR4lVxeu6CxtZP2oSUkq
- z99KpdX9VVYEr44im0Sl25bf1sGamCfJEksp4c3Tsm7Oz0qDemrlUNWPJrj4K8qb
- J9meXwV8cz/tTjtpdvFe7oVxv9QXi3/MkPkZowIDAQABAoIBAEGuWD+h4rnIavfu
- 62foOaKptIXoM7ZsijfwJ7/zJleQHCS4CIei8CMPzYJfgvKatRkZNgeLn1urTeO1
- YI3ccKAmALLucJV6WBg55AoN6aiQYU+Dex0GgEisFanbBU1oVOSylZGHfiRR+vHP
- 7THjPUF8HklvsMNUm1zqMjvVLilGQUpujwFMm3DJcW/uphMh54TauCnptGWna1ln
- S3cBoTy6Ytk5K6m2pQH2WtePnqdChkl6kQRB5A6XVlVN73UBr1Atn+RQG2VXyj18
- VRDh1SrOxT/XlZAsCKrtI8s5bCaE5vbKQmzg/DhoJuZHXUdo9SMKU4yhEjHvFoWW
- Lfcw0WECgYEA3DPde5B0ZAN9bE6fXj9axPGbvGIM4BZvjSVctRrONGM4aCVXY5q2
- Hp52n/aLTPElSNn49qrGs6jmfGWTisBzykv2Wc9XQ+c5MkJ+ePTQ7Epi2hZX9KtT
- t/NQPfuaPnzDVMtzuj2Az7aw5TEnEQthNqwwf9L1qaK2OPccCT/gKAsCgYEA2RGp
- Bp3sgDpenqym3BV+XT0xqDpkvDP3jZH9/2jdtSv+nekQlEV59oCJdrnnD0aBDZh6
- kouI6wU/k/wJwgNYNwU6tUuy5do4tH8TBTa9tczaTodytslyHFta5T8v6CDJZ3Xp
- pH663mkIC4nOYJJ3zsOQURJ+XGPnYun5brsRm8kCgYA3Rz3eexD82nNt8P7I5haf
- QhfaXrLkvj0arbpsLGJ/fDj4zAb4FiqJ3TXiSj4F/rNhana5VX20ND5IFCfJuS5Y
- JmGdghNiFHWjTFX7f1nDN5lBLkK+RRQrJYWLSdIaxa8zZi+THUVs32vg3Un1WWn6
- E5fJPug0wYgFHOOI3uQiqQKBgQCTDnrTR8QEbwbROqhka49LPXzZuo2qTw6D84b/
- NJ0W8zIw6sdXm+XvkM8QBwu5dotRmZ5Yj313svuKlvJJZRirVbibQCh3vaoy5fAN
- 1TMa6ihvkSWvHbRX77AZpQAgo62ukNxzm4Ofz8oqfva4yCGwix7HPd8rWmdUxKw+
- Ty+zuQKBgQDN1iFVSRcsXg9ygFBDOk/BaDq81WOUpIIfgW2i+Ho61Dy/AmzBcDEr
- 5e9g4E3cJG/W68MT0ScgLdSEK2MjqbCHVg7k3zjDahcEyqjCCL9XMynzaqK93jRD
- Z9mJGgHZHmijs3bh9Xrdx92A5zR3axTqVomWO9jwsPW0trd15+ZviA==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-11-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAw7kLvPFfXWWLFOHMEuoreC0yIcwgMQH8jfqqpDqMW1amEBQA
- 5DMEtl/Vbvrv3/EBPRq4nTSeQXZUiOgF9Bp+8qSxAn1j/ZfDQf7+dtDr6Df0VMDl
- wbeZbtUoZHghMccUFZeZAZ5wvzT7iszFNiymWBdHnhLYbXTignAeZeF0Kwxif5Uy
- bbjPFcuM1k7k/L64fMxbuxV8ZmgrySWWVLQganTeNLgoujezHkgXrg7YYf04bx7j
- ko5B7pnXhhMEWKyNOzBKU1zJ6eVBfvWZcv50hNf1lC2e5jNo81pP3N7+E8Jy5+h8
- rR+YJVfxu1m5KKfJll6AKID6g5Ssyi6p9Q9KxQIDAQABAoIBABHo4+8VM0HLoe92
- PgNZFEM594VqNWPmp6KiVm0Swnc1NZrxCafYF01M9a3jHoIifpeF03DnOLgKyO+C
- M9FDf2xar6vnp3e0JHTsjYJ32a51OFFtGVkhoNOog7q112vDqM3VAnZIdk643W+1
- DzLG4S3ca3xGgzF46aU/9zghakzp+yN7H1zAuY09CuwtwaMBcYQTRPCiOh/1c4fv
- y7ZVU+reVAU/2saDhIucASEvT8DOrgapTu74QnpDv8SxJP3fQvcpPUhe4cH6fIBS
- B+kZv+uUGCk+XLhLrF4FrU76ZqgKmhLff46ZjMvjUaH1LSoGnHyb+W2D1Ws7DRNI
- rq0Zs6ECgYEA0HP3xWeM/CbYT1VUYyJ7BUWnIIAyaItdug3vSuIPHG40xzOSk2mI
- RWVcfB5Uxa6cyScjgOW9jaNpfk/1Mm9PZpdk90LIspHZX+AE2h22pEaXkD7/QW65
- c3zX6p4ULgeJegItbPqp5wvazvEV7mh4IzLtPzgVSAbpQrRNZFm1v00CgYEA8F28
- S8aFB2YGOsMonkASanPxPJmls9ek0212mQyTatrmiP/fGrMRkNlh6EOCieFrKBAh
- vJBrYvNetM0QpJOB6YkFJdUFjOmlEXCO+2O5PA8flHIk2ORxLfPBDCCfzHxaWW/5
- BqSfztWcJdoRSXCq/xWwFr4UkuUmV8INEk4cbVkCgYEAykUNUs71PiPPV8Pb+8oU
- h3wb/OyIfWtmikhFP2t18Ed8DSOdAk+v/G6rvICOD7gsyP+icsv7D/pWPkwGCGd8
- K3eScF+scaIWxPKSorecZ3FcVorakzqG12p39WBpAnUr0GlWfN4KiXi2XIIRnuJe
- WQFstyCLffW+2IwuYMawFi0CgYA1zAT0wL3NZhxG0p8orBZzFPgNJCZeFgmh+IHu
- x03HQK8QQpRgmWt5C+5J2bJBwd4F3XZvibM/NlEgDjWHYCxXZH9udDsFytVTDeoy
- gaNXudrLkrCEirx6GHBAkpyxW7OtCM6nmfjahhyorCHqWfkrlmMO9AQOzJLEWX4r
- dqgOIQKBgGFFVxxbVK7QVnZoZ6j/W7Ede+qVM9tAkTvmQP8boeX6yD6GGZ4Y8Xtw
- 532QYK2dkjrRcShyDbvp+1tZyhjxIRRkjMWqUUCExLiZCWteEUd7vEDfCuExf8fg
- pwR0ZPHNQkio+mXqUyrESzXhqbla2t5QyTYyHGN2b6NEvxKQ/ok2
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-12-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEogIBAAKCAQEAnMf1znAeBCDNxRpiMA8TJNNGF/+MfR95k13PcxjnHDrKXIsG
- 2Gvup+MSQjLCBSNRSPksDyAoWmp6pTh6N57tr8qimaqIyt/0OeOVT2x/q3oKLkKB
- RGcNtR2qbZ49t8ZFS+9QPmDQLMl7zj2N5khdcyMimNPVedK2va58sZav0OHyg2XP
- zzsM2G5GIOx3oBoi/nO/obLcaUBHN8lZeFMpnSx+kSrwjK9BsBnspe5spSZyezfR
- RDWCbNcmxq9X9iqsgEFFJjGoMMyWYQsOas6DdD1tAvV/d5hIWSQITa5u7E5wiuYu
- kYw7ViLB7FQWMFD/fT5UDQkrTKmMh1sbWpe67QIDAQABAoIBAGQHmKdsFVqg62i0
- mqz7EUXPnss0+xfh+xmxIujWnK4APJirA2UWCCEJ2d5usCfDDtu2Twwfgl+dzD6a
- ODBAsHoWmYPdsIVwOkytDdis6xAnP1OgjwVrku1ZziE+czZLxG7cc6A4+Nl6fAls
- cJra1PTfF/XWQkAF1x5Ss7BC6k4ku3rag6eXReTggdSkZ3iKkdsrJNVydgVANeIb
- aekK2lh4iu7lG0k5go0G52/kHcRCze5XH1msRJPML0TWOnpehcB5x1ibT5ZNfUAT
- 0rcBTpLkVdVUlh6Xau07ahhHCnW3x4YjLDlso93xLH2mUYlmGmHssy1mZp6qHaal
- l5+v6sECgYEAxID4T6fs/TJgyRcF0xmUnzQ3md76jzphzFXz6pcR4YtUzx+DInEE
- 1Lbo1plotxRGSIOmy+RCcOXrg/eAB1QLJLhE5DfFKygqIf8tV3UAMhJufRIQWksj
- +55eViiEXLwp+kpDrMtHtg3rv/Eku+Cg7Q7zk0Fo1mqQvyOy3RB4/YkCgYEAzEAU
- cReHL5HVkALMLmH+zvMW4wkeeXx2WzpIEWOIskWrPZ7jHgoaGUcPJBa2btm3Q/Sf
- Dilgjx7cPOPxUwFOrxrlycro/coFVVUWmUYhjDd16fFxi9zd1vsEo0UOCdUgR2R7
- pvuDu2yynYhpESnEpPmqtUXFEMisIO4jHgRT/UUCgYBuH7kJKxrtauZCy9w/yf44
- mpLucMAKtLVKRoFD3xXuSJ9m1EoxaxVCAJ/MZH0C3SHmUaGQcoOpsbCjbHkbokX8
- dihlnbupzACQvOk0MiXB6gJxpUX01Fd+E+rabip/rhP4aNY0aFfv9y0/jG0BvYly
- UQbAZ8/RGje0ZtU+fpTPwQKBgCNatC8fM3c4dw8GbPFaZRDNYxjJa0z8DkCcRf08
- jVzOUmXIKuf4N6xIcIZ+p/VoGiDZJu78moorfVPM4OjNQSFuNnhHdyz22xV6NP8y
- 9Hug3fgwosbi5ENiD9tzCIsLKRsyeXTd9F9s4T4DbqxZ3n/v92yJNyNAmQraLZn0
- hdVBAoGAUGklBpYg5ina4Br+ciWGEWrm2+yGsr0/m2T67oLkM6c/zcvMW3sUrggc
- /G4IqCj2VtCKaH0ZuTqLTIPA4xcpj0ouMnNi0Nvgkug+eLCOY+lWa//aWFH9U66a
- xXpYX8uKwQYx4y3CJCmtRyo4MhGol+1rR8OBh/LMzmli++6MJS8=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-13-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA0pa6zcUAGIkJk1tdn/OjFjChIKp5hngrVdJung3XQljK/jLB
- 7Ij6waHQzR+9fdhSOBeoO0Wggm14J76cucSuHC6FffJj5h5yL9lSuf4XQ0/konRe
- V6FOXtLy6IiXueF/Bi69SBbUIWN4wGoj4jqi+P3Mj0PnOTq1/+tB/pkh8HkFvt+Z
- leZZfifHzpR6+h8YZMogZqMhNEw66AzdpEvTfy0B3ugcfkU1rxQ4yFQH6UXRhjHo
- 45c1GuIcgA1hhg+dS0Jw9eawJS8OctM3QpruKoRNuBr71a6tfEMR1KvzeW6G1Fa+
- AcIdGTW5SbE5YkZj4BLGq2qRYFkEeQ0wc4dSyQIDAQABAoIBAQDNMmg1ptbwEV/O
- QUHaYPmx3pKylMozmBaJ2rFEuzHcCU9LIERL6jGEydr+dQYcgNOkqpCXqMG9NVPW
- TmrCrP4GoeIbljt3eIVFUJrGdutOAKRFE+T1uEz4Is7kfGxziGFQsexoOS5clmOM
- AiCTCRXSTuOrWbwNzMKY6zD0F1y1xkIEb+mjseUYioWlka8RMlssp0U8AAeG2qSC
- aQbvnylHs/mjirB5O9hN/x/SxGjhUMjv95koAhG+su2ms1JwhMh6eY9Vt0KJ6NIx
- 1rE2HkAHHELu9y4pDJQr5iQy2DziBOJ4zFWCrKOCCVCExScL+5Rjd/Q1lOayODTt
- WES9R6v9AoGBAPUvVGLW/9S3rzNCJEBrSUYe1cCEsST0obASfH9uEsImnddGHbRI
- Sg/0qsRcqhxctvZ5inP3z5xS9bsvG8HNh8SLd2fE4rZOz5kGkjNt6vszPf8hrJ9Q
- 7NONKeKpg4Qpi5pu9PY+nKi1WUHlP0u07H4L7g8Ha+BkxqPbMYpFkfFnAoGBANvg
- vCY8Il0DkTCSbBjbLob+0Oq4KgXPaw+eWiaz8pCYRkvmb7gehSQoR7/Nlihxvooq
- Cm0gGyZdpYK3GuLhpPNoKfUxviUi2As/DgnYRfqiJFT7FZr4pD7FLUCH6JZVP0Xd
- zM6PrSMIOmADNEDW/xSICM0W974v85pfqQJdSwxPAoGBAN97fJd7EUV7CB7YsuJk
- 6C0Z/gu05yKgOKCcuQ4N7ts5B7YpGvowyhExGlZRgFzJxZtzvVdnEb2TgJhVoB9O
- j+n+lZ/oPh2eSGtbKffmwMCnPGNI9mdhA/zwNrV7fX0BwVXKvU2WVIUSh4EgzEjd
- aJKbnSnlwdaPBOBl8wntz9ERAoGBAJnsxuphWJES6TY+msv/zJ+WjTxz9n8gyEsj
- yOqlOJ7+6t9Bj14uh3hbdncQfhkMH55rdecU/cyq7C4I7xp7alU3y3+p9fnbXbDp
- 0HMV409k6NhQ+bwGajzDHj25pxpuzR+k+TZ1oHgQz4TdWVw25lVCMh8ZABA1U2zz
- oMZV9y7DAoGAaPzOfLlPeseRARCz0mso4Y5elTgVlTv5bOHjtk7ozS66tyjVlyMN
- zq1fKj07TG4zIX8aWAID8Nt3dw+03ucGyHV0euvav71H+6CXzdmDb7Oh81f+aSbA
- X7SEof3XfLWlt9iigJD6AZEuRlB9/D9tn5phhrDfzTmX3Z8abiVUgxE=
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-etcd-cab23-r720-14-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGyto
- Pe9i3QSImqbFrmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4
- VnuCl4w38XhHwkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeag
- w2wREaRd1wdEMweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+
- 26mgdoqGQ1jZTYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8ii
- fEKt100wOQH15hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABAoIBAB3jpG+D45sUCDPz
- 4oWPEyApNSGO11KHSg2g/BeFYZsUW35+BsqgVqZpHuOPhuQqHQm7HL6lE4O+TUhf
- g6uhPC+exy4AM5NN0lynqDJaUEc1n4hsRJSCyW3LjaFIgzVOS3oxrQQ6v1w6ZaCG
- oEZcrzQBi6Qc1+PQzQkLUBJoIo2jhHhRJ5ygNLUnhZPQuYtjmTz6OLmc70uCQGpr
- q85cyJIvGLPFJJG84AfZfYGE+5rGAmH0DJNJUa6NPLEw8RR7a5fZyIBDhb+yji22
- rj1+udMy60ZV8ROJW7wywqR+726ELAaDHFEU/OeSwUtszWBIZpIfLobYHFpZdpDF
- Mc8moNkCgYEA0N8Y30SKLhzbq3Ig7VPS4msEGNUjJvMlct8YniFuHcN4zaWIFtEf
- aDRoWnqa8CtVWl8FiuL+umpQ0eVkzH0R/vTVUq1wu06Y7XwYyLRNMnssw1PSyBED
- 2QZF/j4Hk8JRAvva2RKXLwne+Lljeb9PmZuzxpdXjYNGmD9OiTdME98CgYEA69Cr
- z+JPTwUSdBoPnkFeO1IZC+rflBFJzj3R50xjSiAp/Q+KvNogEvYzb5mbZW5RcyyV
- uAYY+9OTdzQyZwxr8SDGK7ilwsQwnl/+uuLLn6HWOjqPAeLpbmB04mljl5Ft2ADN
- 6Eks0NYJ5F1x25lmj7QXRtGYo+2WU7w2pp662kUCgYBnwIowTXF+GmObtCNbACpe
- wd3VH/pIHLtbZipqUhzKuBBHxpPlEZfSQUYcu44/AqdxLoYoST1TCACBYrtBQFcy
- GBfm67R1tkMMpHoDKFy4WKsRk4++RYVtxkn6UoGdCgcHvmclMLDccsDJN/2LulYl
- 7UvNt9uLtcvZUIkIa+lkbQKBgQCj+iK/F9uWUyyV11ls7n+cOGZ6RwTZbXwpEgvY
- DuIsNVl9Q0VyNSuAg/sYa3QHgELbF/G0WWkeE+3DQmSaC6Uzs1qaJHf/i3VTa+Uy
- B2sYwey56OZwpV01B5W/qxE54ELFpSmJkPi871lJl0EJNw5+dviIok7GDvwtlf9a
- tZ2xEQKBgFWMUupdVMl9DZJTN2RNP/4q6/FUTFfGRRoKUoVgN8e2X+nHikUvDTHd
- 08mJqSHTFmQn/7bv4MH5mVbBAhgitcVXCvYooR6BNIL0SXbjgr2VNz/ZqVIsWGvW
- fW8SM6qMR4CyZkEcW161Zvz4XzGnaIQ3MbkFtfJy/i+wfspdUFZr
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: calico-node-peer
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/CertificateKey/v1
----
-data: |
- -----BEGIN PUBLIC KEY-----
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Ndu2d3Wp0Th24IOVyt
- wmhCWSTyCsY/+PZ6CO1JwhvxA/LLR+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEK
- O0erydvCT/MKkk/+oKoLTum7TEoWredGPHlri6xMqktFjlW4O2487JvBx5q1wObV
- nb1vpv9pnW8isSBRWiQAlsol3Bai3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQ
- KPSl1qnQ7h3rNzj7J7Aw5soo7cJKWl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ
- 2FzisZs3Jz4izLgi8r6hB/NbIOOc5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcM
- PQIDAQAB
- -----END PUBLIC KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: service-account
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/PublicKey/v1
----
-data: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAz8Ndu2d3Wp0Th24IOVytwmhCWSTyCsY/+PZ6CO1JwhvxA/LL
- R+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEKO0erydvCT/MKkk/+oKoLTum7TEoW
- redGPHlri6xMqktFjlW4O2487JvBx5q1wObVnb1vpv9pnW8isSBRWiQAlsol3Bai
- 3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQKPSl1qnQ7h3rNzj7J7Aw5soo7cJK
- Wl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ2FzisZs3Jz4izLgi8r6hB/NbIOOc
- 5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcMPQIDAQABAoIBABhHwa2EEvvA/aZH
- IqjpftkIbDCU08CUmKdUzsA6UvNfZpRKjJ0z/Afoo9EPYlu0xKuGZTcVrCWJ9uI3
- sP5/960j3By0FQpY4fRlauGF3dp0EFKDGhFqxNeObRYepbsFHvTaabRwVqhkL4pP
- N0x67Z4IpILEuKgQc+J1X2yEZpk4gq5j7AWvpVIjt1TdznLgpsmcUWT/MAh2uTiu
- Fcre+xC3C9a8M2/Df3I5CRff1g4rIRIdOWG+5cqBu8tPEDBllyKZe+9KouhoxJIx
- cd+ooLHhKKtR4nV8X7w6UiRLd6MYfcAEQKpkc8InP4oE93moSdyPGGUZf09kimfC
- d5v+U/UCgYEA8IX/Y0DYaIy7XXtyDxAusDhYUewFIW7LVqmphSUVolgcSbILWki1
- OtfLMZJ/Ft+p7f+PSVFFi7Cm9E0nc8t/As4MhPNMMQxgzs0qaFfXVfEY1gY4KBwr
- 8RpZn3/dHZSlZVjD5hp2ZagHEOmN3b7ZdqTYr2k1uAJe++YVHHcQKzcCgYEA3SG6
- P0RKGNpeJajIiUh7ehdA17FRw9vB8ui6tzh+2PxTtkv988GOBHH/NTaitvTvyi5D
- u7ayyYcuQANQaKlWRB8zLq3Rwl7uXRF0fqKgK3yDGoZVdljBd0zjzIcuyzHJq4/W
- KCVGDSFmmeAo+8r/zJkzsFX3kpLFEWRZlxIHhisCgYEAnEy3dWxCNU6ew1Tg/eDq
- NiGnYzUY8GzrPlnqi1daA7F2UH2e2wC8pIxuwrwMUnTuHHciSebCZtBY7hDlPl5T
- HyN/BzaDoKwGjNzOXhgXGwYduZc5DvefpoIVE40nx309LerNAs7XeaADV34ubpcD
- AhKFrReVjQodZ1xRA7pri2kCgYAfWyH6yKctIQHKm0VcWh/QLy3tp+ItQKMe26tm
- QaeTAyyno9ztzJtju/pxRD8MbGz4IVlPa9esRfPj9dRYEvL9k+MBEnq08hsgrVH0
- hwDpSa2ZfETwFCPS099VaDHVdEjhf/LhHG/zerH+zc9h7OYaz/qJXZdOfGtfTPh7
- OH5CowKBgQCeoKwc5o+WXZl+ebFpwX3eLE3mlGDGwLnJ3N8bue7IIHZOes3Zihbq
- G1Bx31npUYt8Ylr7z7wbcLMuEGxWzdLJr6C+J6XwmI+l2j1q1knn0N7scptv54HH
- BM1Yk/elAaeuAdKDrdud9daBhGuoBVgyAbpQiq0iXgomcPjvU2jvrg==
- -----END RSA PRIVATE KEY-----
-metadata:
- layeringDefinition:
- abstract: false
- layer: site
- name: service-account
- schema: metadata/Document/v1
- storagePolicy: cleartext
-schema: deckhand/PrivateKey/v1
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ceph_fsid
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-# uuidgen
-data: 7b7576f4-3358-4668-9112-100440079807
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ceph_swift_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: maas-region-key
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-# openssl rand -hex 10
-data: 9026f6048d6a017dc913
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_barbican_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_barbican_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_barbican_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_barbican_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_barbican_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_cinder_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_cinder_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_cinder_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_cinder_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_cinder_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_glance_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_glance_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_glance_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_glance_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_glance_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_stack_user_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_heat_trustee_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_horizon_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_elasticsearch_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_grafana_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_grafana_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_grafana_oslo_db_session_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_kibana_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_nagios_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_openstack_exporter_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_oslo_db_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_ldap_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_keystone_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_neutron_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_neutron_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_neutron_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_neutron_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_neutron_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_nova_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_nova_oslo_messaging_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_nova_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_nova_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_nova_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_oslo_cache_secret_key
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_oslo_db_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_placement_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_airflow_postgres_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_armada_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_barbican_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_barbican_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_deckhand_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_deckhand_postgres_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_drydock_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_drydock_postgres_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_keystone_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_keystone_oslo_db_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_maas_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_maas_postgres_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_oslo_db_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_oslo_messaging_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_postgres_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_promenade_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_rabbitmq_erlang_cookie
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_shipyard_keystone_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_shipyard_postgres_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: password123
-...
+++ /dev/null
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico-etcd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-calico-etcd-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
- # Generate a list of control plane nodes (i.e. genesis node + master node
- # list) on which calico etcd will run and will need certs. It is assumed
- # that Airship sites will have 4 control plane nodes, so this should not need to
- # change for a new site.
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .values.nodes[0].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[0].hostname
- dest:
- path: .values.nodes[1].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[1].hostname
- dest:
- path: .values.nodes[2].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[2].hostname
- dest:
- path: .values.nodes[3].name
-
- # Certificate substitutions for the node names assembled on the above list.
- # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
- # to change with a standard Airship deployment. However, the names of each
- # deckhand certficiate should be updated with the correct hostnames for your
- # environment. The ordering is important (Genesis is index 0, then master
- # nodes in the order they are specified in common-addresses).
-
- # Genesis hostname - cab23-r720-11
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-11
- path: .
- dest:
- path: .values.nodes[0].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-11
- path: .
- dest:
- path: .values.nodes[0].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-11-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-11-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.key
-
- # master node 1 hostname - cab23-r720-12
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-12
- path: .
- dest:
- path: .values.nodes[1].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-12
- path: .
- dest:
- path: .values.nodes[1].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-12-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-12-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.key
-
- # master node 2 hostname - cab23-r720-13
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-13
- path: .
- dest:
- path: .values.nodes[2].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-13
- path: .
- dest:
- path: .values.nodes[2].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-13-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-13-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.key
-
- # master node 3 hostname - cab23-r720-14
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-14
- path: .
- dest:
- path: .values.nodes[3].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-14
- path: .
- dest:
- path: .values.nodes[3].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-cab23-r720-14-peer
- path: .
- dest:
- path: .values.nodes[3].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-cab23-r720-14-peer
- path: $
- dest:
- path: .values.nodes[3].tls.peer.key
-
-data: {}
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: elasticsearch
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- hosttype: elasticsearch-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data: {}
-...
+++ /dev/null
----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: fluent-logging
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- hosttype: fluent-logging-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data: {}
-...
+++ /dev/null
----
-# This file defines hardware-specific settings for neutron. If you use the same
-# hardware profile as this environment, you should not need to change this file.
-# Otherwise, you should review the settings here and adjust for your hardware.
-# In particular:
-# 1. logical network interface names
-# 2. physical device mappigns
-# TODO: Should move to global layer and become tied to the hardware profile
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: neutron-fixme
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: neutron-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data: {}
-...
+++ /dev/null
----
-# This file defines hardware-specific settings for nova. If you use the same
-# hardware profile as this environment, you should not need to change this file.
-# Otherwise, you should review the settings here and adjust for your hardware.
-# In particular:
-# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
-# changes.
-# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
-# slotting changes.
-# TODO: Should move to global layer and become tied to the hardware profile
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: nova
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: nova-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data: {}
-...
+++ /dev/null
----
-# The purpose of this file is to define environment-specific parameters for
-# ceph-osd
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-osd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-ceph-osd-global
- actions:
- - method: replace
- path: .values.conf.storage.osd
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- conf:
- storage:
- # NEWSITE-CHANGEME: The OSD count and configuration here should not need
- # to change if your HW matches the HW used in this environment.
- # Otherwise you may need to add or subtract disks to this list.
- osd:
- - data:
- type: block-logical
- location: /dev/sdc
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdc
- - data:
- type: block-logical
- location: /dev/sdd
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdd
- - data:
- type: block-logical
- location: /dev/sde
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sde
- - data:
- type: block-logical
- location: /dev/sdf
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdf
- - data:
- type: block-logical
- location: /dev/sdg
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdg
- - data:
- type: block-logical
- location: /dev/sdh
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdh
- - data:
- type: block-logical
- location: /dev/sdi
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdi
- - data:
- type: block-logical
- location: /dev/sdj
- journal:
- type: directory
- location: /var/lib/ceph/cp/journal-sdj
-...
+++ /dev/null
----
-# The purpose of this file is to define site-specific parameters to the
-# UAM-lite portion of the divingbell chart:
-# 1. User accounts to create on bare metal
-# 2. SSH public key for operationg system access to the bare metal
-# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
-# based auth is disabled.
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-divingbell
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-divingbell-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
- - dest:
- path: .values.conf.uamlite.users[0].user_sshkeys[0]
- src:
- schema: deckhand/PublicKey/v1
- name: airship_ssh_public_key
- path: .
- - dest:
- path: .values.conf.uamlite.users[0].user_crypt_passwd
- src:
- schema: deckhand/Passphrase/v1
- name: ubuntu_crypt_password
- path: .
- - dest:
- path: .values.conf.uamlite.users[1].user_sshkeys[0]
- src:
- schema: deckhand/PublicKey/v1
- name: airship_ssh_public_key
- path: .
-data:
- values:
- conf:
- uamlite:
- users:
- - user_name: ubuntu
- user_sudo: true
- user_sshkeys: []
- - user_name: airship
- user_sudo: true
- user_sshkeys: []
-...
+++ /dev/null
----
-# This file defines site-specific deviations for MaaS.
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-maas
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-maas-global
- actions:
- - method: replace
- path: .values.conf.maas.proxy
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- conf:
- maas:
- images:
- default_os: 'ubuntu'
- default_image: 'xenial'
- default_kernel: 'hwe-16.04'
- proxy:
- # Whether deploying nodes should use MaaS region as an APT proxy.
- proxy_enabled: false
- # NEWSITE-CHANGEME: Whether MaaS region should utilize an external proxy
- # for accessing repos. Set to 'true' if your environment needs a proxy
- # to get to the upstream package mirrors, and false otherwise.
- peer_proxy_enabled: false
- # NEWSITE-CHANGEME: If your site requires a proxy to reach upstream
- # package mirrors, enter the proxy information here. Otherwise, comment
- # out this line.
- # proxy_server: http://proxy.example.com:8080
-...
+++ /dev/null
----
-# The purpose of this file is to define the site's endpoint catalog. This should
-# not need to be modified for a new site.
-# #GLOBAL-CANDIDATE#
-schema: pegleg/EndpointCatalogue/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp_endpoints
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
- # substitutions:
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .ucp.identity.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .ucp.shipyard.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .ceph.object_store.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .ceph.ceph_object_store.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .ceph.object_store.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .ceph.object_store.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .ceph.object_store.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .ucp.identity.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .ucp.identity.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .ucp.identity.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .ucp.shipyard.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .ucp.shipyard.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .ucp.shipyard.host_fqdn_override.public.tls.key
-data:
- ucp:
- identity:
- namespace: ucp
- name: keystone
- hosts:
- default: keystone-api
- public: keystone
- host_fqdn_override:
- default: null
- # public:
- # host: iam.DOMAIN
- path:
- default: /v3
- scheme:
- default: http
- # public: https
- port:
- admin:
- default: 35357
- api:
- default: 80
- public: 80
- armada:
- name: armada
- hosts:
- default: armada-api
- public: armada
- port:
- api:
- default: 8000
- path:
- default: /api/v1.0
- scheme:
- default: http
- host_fqdn_override:
- default: null
- deckhand:
- name: deckhand
- hosts:
- default: deckhand-int
- public: deckhand-api
- port:
- api:
- default: 9000
- path:
- default: /api/v1.0
- scheme:
- default: http
- host_fqdn_override:
- default: null
- postgresql:
- name: postgresql
- hosts:
- default: postgresql
- path: /DB_NAME
- scheme: postgresql+psycopg2
- port:
- postgresql:
- default: 5432
- host_fqdn_override:
- default: null
- postgresql_airflow_celery:
- name: postgresql_airflow_celery_db
- hosts:
- default: postgresql
- path: /DB_NAME
- scheme: db+postgresql
- port:
- postgresql:
- default: 5432
- host_fqdn_override:
- default: null
- oslo_db:
- hosts:
- default: mariadb
- discovery: mariadb-discovery
- host_fqdn_override:
- default: null
- path: /DB_NAME
- scheme: mysql+pymysql
- port:
- mysql:
- default: 3306
- wsrep:
- default: 4567
- key_manager:
- name: barbican
- hosts:
- default: barbican-api
- public: barbican
- host_fqdn_override:
- default: null
- path:
- default: /v1
- scheme:
- default: http
- port:
- api:
- default: 9311
- public: 80
- oslo_messaging:
- namespace: null
- hosts:
- default: rabbitmq
- host_fqdn_override:
- default: null
- path: /openstack
- scheme: rabbit
- port:
- amqp:
- default: 5672
- oslo_cache:
- hosts:
- default: memcached
- host_fqdn_override:
- default: null
- port:
- memcache:
- default: 11211
- physicalprovisioner:
- name: drydock
- hosts:
- default: drydock-api
- port:
- api:
- default: 9000
- nodeport: 31900
- path:
- default: /api/v1.0
- scheme:
- default: http
- host_fqdn_override:
- default: null
- maas_region_ui:
- name: maas-region-ui
- hosts:
- default: maas-region-ui
- public: maas
- path:
- default: /MAAS
- scheme:
- default: "http"
- port:
- region_ui:
- default: 80
- public: 80
- host_fqdn_override:
- default: null
- kubernetesprovisioner:
- name: promenade
- hosts:
- default: promenade-api
- port:
- api:
- default: 80
- path:
- default: /api/v1.0
- scheme:
- default: http
- host_fqdn_override:
- default: null
- shipyard:
- name: shipyard
- hosts:
- default: shipyard-int
- public: shipyard-api
- port:
- api:
- default: 9000
- public: 80
- path:
- default: /api/v1.0
- scheme:
- default: http
- # public: https
- host_fqdn_override:
- default: null
- # public:
- # host: shipyard.DOMAIN
- airflow_web:
- name: airflow-web
- hosts:
- default: airflow-web-int
- public: airflow-web
- port:
- airflow_web:
- default: 8080
- path:
- default: /
- scheme:
- default: http
- host_fqdn_override:
- default: null
- airflow_flower:
- name: airflow-flower
- hosts:
- default: airflow-flower
- port:
- airflow_flower:
- default: 5555
- path:
- default: /
- scheme:
- default: http
- host_fqdn_override:
- default: null
- ceph:
- object_store:
- name: swift
- namespace: ceph
- hosts:
- default: ceph-rgw
- public: radosgw
- host_fqdn_override:
- default: null
- # public:
- # host: object-store.DOMAIN
- path:
- default: /swift/v1
- scheme:
- default: http
- # public: "https"
- port:
- api:
- default: 8088
- # public: 443
- ceph_object_store:
- name: radosgw
- namespace: ceph
- hosts:
- default: ceph-rgw
- public: radosgw
- host_fqdn_override:
- default: null
- # public:
- # host: object-store.DOMAIN
- path:
- default: /auth/v1.0
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8088
- # public: 443
- ceph_mon:
- namespace: ceph
- hosts:
- default: ceph-mon
- discovery: ceph-mon-discovery
- host_fqdn_override:
- default: null
- port:
- mon:
- default: 6789
- ceph_mgr:
- namespace: ceph
- hosts:
- default: ceph-mgr
- host_fqdn_override:
- default: null
- port:
- mgr:
- default: 7000
- scheme:
- default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_endpoints
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
- # substitutions:
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.object_store.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.ceph_object_store.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.object_store.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.object_store.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.object_store.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.image.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.cloudformation.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.orchestration.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.compute.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.placement.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.network.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.identity.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.dashboard.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.volume.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.volumev2.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh.volumev3.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.identity.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.identity.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.identity.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.orchestration.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.orchestration.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.orchestration.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.cloudformation.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.cloudformation.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.cloudformation.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.dashboard.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.dashboard.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.dashboard.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.image.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.image.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.image.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.volume.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.volume.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.volume.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.volumev2.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.volumev2.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.volumev2.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.volumev3.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.volumev3.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.volumev3.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.compute.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.compute.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.compute.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.placement.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.placement.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.placement.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh.network.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh.network.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh.network.host_fqdn_override.public.tls.key
-data:
- osh:
- object_store:
- name: swift
- namespace: ceph
- hosts:
- default: ceph-rgw
- public: radosgw
- host_fqdn_override:
- default: null
- # public:
- # host: object-store.DOMAIN
- path:
- default: /swift/v1/KEY_$(tenant_id)s
- scheme:
- default: http
- # public: "https"
- port:
- api:
- default: 8088
- # public: 443
- ceph_object_store:
- name: radosgw
- namespace: ceph
- hosts:
- default: ceph-rgw
- public: radosgw
- host_fqdn_override:
- default: null
- # public:
- # host: object-store.DOMAIN
- path:
- default: /auth/v1.0
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8088
- # public: 443
- oslo_db:
- hosts:
- default: mariadb
- discovery: mariadb-discovery
- host_fqdn_override:
- default: null
- path: /DB_NAME
- scheme: mysql+pymysql
- port:
- mysql:
- default: 3306
- wsrep:
- default: 4567
- keystone_oslo_messaging:
- namespace: openstack
- hosts:
- default: keystone-rabbitmq
- host_fqdn_override:
- default: null
- path: /keystone
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- keystone_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: keystone-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- oslo_cache:
- namespace: openstack
- hosts:
- default: memcached
- host_fqdn_override:
- default: null
- port:
- memcache:
- default: 11211
- identity:
- namespace: openstack
- name: keystone
- hosts:
- default: keystone-api
- public: keystone
- host_fqdn_override:
- default: null
- # public:
- # host: identity.DOMAIN
- path:
- default: /v3
- scheme:
- default: "http"
- # public: "https"
- port:
- admin:
- default: 35357
- api:
- default: 80
- # public: 443
- glance_oslo_messaging:
- namespace: openstack
- hosts:
- default: glance-rabbitmq
- host_fqdn_override:
- default: null
- path: /glance
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- glance_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: glance-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- image:
- name: glance
- hosts:
- default: glance-api
- public: glance
- host_fqdn_override:
- default: null
- # public:
- # host: image.DOMAIN
- path:
- default: null
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 9292
- # public: 443
- image_registry:
- name: glance-registry
- hosts:
- default: glance-registry
- public: glance-reg
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- api:
- default: 9191
- public: 80
- cinder_oslo_messaging:
- namespace: openstack
- hosts:
- default: cinder-rabbitmq
- host_fqdn_override:
- default: null
- path: /cinder
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- cinder_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: cinder-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- volume:
- name: cinder
- hosts:
- default: cinder-api
- public: cinder
- host_fqdn_override:
- default: null
- # public:
- # host: volume.DOMAIN
- path:
- default: "/v1/%(tenant_id)s"
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8776
- # public: 443
- volumev2:
- name: cinderv2
- hosts:
- default: cinder-api
- public: cinder
- host_fqdn_override:
- default: null
- # public:
- # host: volume.DOMAIN
- path:
- default: "/v2/%(tenant_id)s"
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8776
- # public: 443
- volumev3:
- name: cinderv3
- hosts:
- default: cinder-api
- public: cinder
- host_fqdn_override:
- default: null
- # public:
- # host: volume.DOMAIN
- path:
- default: "/v3/%(tenant_id)s"
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8776
- # public: 443
- heat_oslo_messaging:
- namespace: openstack
- hosts:
- default: heat-rabbitmq
- host_fqdn_override:
- default: null
- path: /heat
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- heat_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: heat-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- orchestration:
- name: heat
- hosts:
- default: heat-api
- public: heat
- host_fqdn_override:
- default: null
- # public:
- # host: orchestration.DOMAIN
- path:
- default: "/v1/%(project_id)s"
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8004
- # public: 443
- cloudformation:
- name: heat-cfn
- hosts:
- default: heat-cfn
- public: cloudformation
- host_fqdn_override:
- default: null
- # public:
- # host: cloudformation.DOMAIN
- path:
- default: /v1
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8000
- # public: 443
- cloudwatch:
- name: heat-cloudwatch
- hosts:
- default: heat-cloudwatch
- public: cloudwatch
- host_fqdn_override:
- default: null
- path:
- default: null
- type: null
- scheme:
- default: "http"
- port:
- api:
- default: 8003
- public: 80
- neutron_oslo_messaging:
- namespace: openstack
- hosts:
- default: neutron-rabbitmq
- host_fqdn_override:
- default: null
- path: /neutron
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- neutron_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: neutron-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- network:
- name: neutron
- hosts:
- default: neutron-server
- public: neutron
- host_fqdn_override:
- default: null
- # public:
- # host: network.DOMAIN
- path:
- default: null
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 9696
- # public: 443
- nova_oslo_messaging:
- namespace: openstack
- hosts:
- default: nova-rabbitmq
- host_fqdn_override:
- default: null
- path: /nova
- scheme: rabbit
- port:
- amqp:
- default: 5672
- http:
- default: 15672
- nova_rabbitmq_exporter:
- namespace: openstack
- hosts:
- default: nova-rabbitmq-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9095
- compute:
- name: nova
- hosts:
- default: nova-api
- public: nova
- host_fqdn_override:
- default: null
- # public:
- # host: compute.DOMAIN
- path:
- default: "/v2/%(tenant_id)s"
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8774
- # public: 443
- novncproxy:
- default: 443
- compute_metadata:
- name: nova
- hosts:
- default: nova-metadata
- public: metadata
- host_fqdn_override:
- default: null
- path:
- default: /
- scheme:
- default: "http"
- port:
- metadata:
- default: 8775
- public: 80
- compute_novnc_proxy:
- name: nova
- hosts:
- default: nova-novncproxy
- public: novncproxy
- host_fqdn_override:
- default: null
- # public:
- # host: nova-novncproxy.DOMAIN
- path:
- default: /vnc_auto.html
- scheme:
- default: "http"
- # public: "https"
- port:
- novnc_proxy:
- default: 6080
- # public: 443
- compute_spice_proxy:
- name: nova
- hosts:
- default: nova-spiceproxy
- host_fqdn_override:
- default: null
- path:
- default: /spice_auto.html
- scheme:
- default: "http"
- port:
- spice_proxy:
- default: 6082
- placement:
- name: placement
- hosts:
- default: placement-api
- public: placement
- host_fqdn_override:
- default: null
- # public:
- # host: placement.DOMAIN
- path:
- default: /
- scheme:
- default: "http"
- # public: "https"
- port:
- api:
- default: 8778
- # public: 443
- dashboard:
- name: horizon
- hosts:
- default: horizon-int
- public: horizon
- host_fqdn_override:
- default: null
- # public:
- # host: dashboard.DOMAIN
- path:
- default: null
- scheme:
- default: "http"
- # public: "https"
- port:
- web:
- default: 80
- # public: 443
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
- schema: metadata/Document/v1
- name: osh_infra_endpoints
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
- # substitutions:
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh_infra.kibana.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh_infra.grafana.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .dns.ingress_domain
- # dest:
- # path: .osh_infra.nagios.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh_infra.kibana.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh_infra.grafana.host_fqdn_override.public.tls.key
- # - src:
- # schema: deckhand/Certificate/v1
- # name: ingress-crt
- # path: .
- # dest:
- # path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
- # - src:
- # schema: deckhand/CertificateAuthority/v1
- # name: ingress-ca
- # path: .
- # dest:
- # path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
- # - src:
- # schema: deckhand/CertificateKey/v1
- # name: ingress-key
- # path: .
- # dest:
- # path: .osh_infra.nagios.host_fqdn_override.public.tls.key
- # path: .osh_infra.nagios.host_fqdn_override.public.tls.key
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .ldap.base_url
- # dest:
- # path: .osh_infra.ldap.host_fqdn_override.public.host
- # pattern: DOMAIN
- # - src:
- # schema: pegleg/CommonAddresses/v1
- # name: common-addresses
- # path: .ldap.auth_path
- # dest:
- # path: .osh_infra.ldap.path.default
- # pattern: AUTH_PATH
-data:
- osh_infra:
- elasticsearch:
- name: elasticsearch
- namespace: osh-infra
- hosts:
- data: elasticsearch-data
- default: elasticsearch-logging
- discovery: elasticsearch-discovery
- public: elasticsearch
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- http:
- default: 80
- prometheus_elasticsearch_exporter:
- namespace: null
- hosts:
- default: elasticsearch-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9108
- fluentd:
- namespace: osh-infra
- name: fluentd
- hosts:
- default: fluentd-logging
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- service:
- default: 24224
- metrics:
- default: 24220
- prometheus_fluentd_exporter:
- namespace: osh-infra
- hosts:
- default: fluentd-exporter
- host_fqdn_override:
- default: null
- path:
- default: /metrics
- scheme:
- default: "http"
- port:
- metrics:
- default: 9309
- oslo_db:
- namespace: osh-infra
- hosts:
- default: mariadb
- host_fqdn_override:
- default: null
- path: /DB_NAME
- scheme: mysql+pymysql
- port:
- mysql:
- default: 3306
- grafana:
- name: grafana
- namespace: osh-infra
- hosts:
- default: grafana-dashboard
- public: grafana
- host_fqdn_override:
- default: null
- # public:
- # host: grafana.DOMAIN
- path:
- default: null
- scheme:
- default: "http"
- # public: "https"
- port:
- grafana:
- default: 3000
- # public: 443
- monitoring:
- name: prometheus
- namespace: osh-infra
- hosts:
- default: prom-metrics
- public: prometheus
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- api:
- default: 9090
- public: 80
- kibana:
- name: kibana
- namespace: osh-infra
- hosts:
- default: kibana-dash
- public: kibana
- host_fqdn_override:
- default: null
- # public:
- # host: kibana.DOMAIN
- path:
- default: null
- scheme:
- default: "http"
- # public: "https"
- port:
- kibana:
- default: 5601
- # public: 443
- alerts:
- name: alertmanager
- namespace: osh-infra
- hosts:
- default: alerts-engine
- public: alertmanager
- discovery: alertmanager-discovery
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- api:
- default: 9093
- public: 80
- mesh:
- default: 6783
- kube_state_metrics:
- namespace: kube-system
- hosts:
- default: kube-state-metrics
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- http:
- default: 8080
- kube_scheduler:
- scheme:
- default: "http"
- path:
- default: /metrics
- kube_controller_manager:
- scheme:
- default: "http"
- path:
- default: /metrics
- node_metrics:
- namespace: kube-system
- hosts:
- default: node-exporter
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- metrics:
- default: 9100
- prometheus_port:
- default: 9100
- prometheus_openstack_exporter:
- namespace: openstack
- hosts:
- default: openstack-metrics
- host_fqdn_override:
- default: null
- path:
- default: null
- scheme:
- default: "http"
- port:
- exporter:
- default: 9103
- nagios:
- name: nagios
- namespace: osh-infra
- hosts:
- default: nagios-metrics
- public: nagios
- host_fqdn_override:
- default: null
- # public:
- # host: nagios.DOMAIN
- path:
- default: null
- scheme:
- default: http
- # public: https
- port:
- http:
- default: 80
- # public: 443
- ldap:
- hosts:
- default: ldap
- host_fqdn_override:
- default: null
- public:
- host: DOMAIN
- path:
- default: /AUTH_PATH
- scheme:
- default: "ldap"
- port:
- ldap:
- default: 389
-...
+++ /dev/null
----
-# This file defines the "full-site" armada manifest and should not need to
-# change for new sites.
-# #GLOBAL-CANDIDATE#
-schema: armada/Manifest/v1
-metadata:
- schema: metadata/Document/v1
- name: full-site
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: full-site-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- release_prefix: airship
- chart_groups:
- - kubernetes-proxy
- - kubernetes-container-networking
- - kubernetes-dns
- - kubernetes-etcd
- - kubernetes-haproxy
- - kubernetes-core
- - ingress-kube-system
- - ucp-ceph-update
- - ucp-ceph-config
- - ucp-core
- - ucp-keystone
- - ucp-divingbell
- - ucp-armada
- - ucp-deckhand
- - ucp-drydock
- - ucp-promenade
- - ucp-shipyard
- - osh-infra-ingress-controller
- - osh-infra-ceph-config
- - osh-infra-logging
- - osh-infra-monitoring
- - osh-infra-mariadb
- - osh-infra-dashboards
- - openstack-ingress-controller
- - openstack-ceph-config
- - openstack-mariadb
- - openstack-memcached
- - openstack-keystone
- - openstack-radosgw
- - openstack-glance
- - openstack-cinder
- - openstack-compute-kit
- - openstack-heat
- - osh-infra-prometheus-openstack-exporter
- - openstack-horizon
-...
+++ /dev/null
----
-schema: promenade/KubernetesNetwork/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-network
- layeringDefinition:
- abstract: false
- layer: type
- storagePolicy: cleartext
- substitutions:
- # DNS
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.cluster_domain
- dest:
- path: .dns.cluster_domain
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.service_ip
- dest:
- path: .dns.service_ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .dns.upstream_servers
- dest:
- path: .dns.upstream_servers
-
- # Kubernetes IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.api_service_ip
- dest:
- path: .kubernetes.service_ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .kubernetes.pod_cidr
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.service_cidr
- dest:
- path: .kubernetes.service_cidr
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.apiserver_port
- dest:
- path: .kubernetes.apiserver_port
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.haproxy_port
- dest:
- path: .kubernetes.haproxy_port
-
- # etcd IPs
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .etcd.container_port
- dest:
- path: .etcd.container_port
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .etcd.haproxy_port
- dest:
- path: .etcd.haproxy_port
-
- # proxy
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .proxy.http
- dest:
- path: .proxy.url
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .proxy.no_proxy
- dest:
- path: .proxy.additional_no_proxy
-
-data:
- dns:
- bootstrap_validation_checks:
- - calico-etcd.kube-system.svc.cluster.local
- - kubernetes-etcd.kube-system.svc.cluster.local
- - kubernetes.default.svc.cluster.local
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: i40evf_blacklist
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: site
- labels:
- application: 'drydock'
-data:
- signaling: false
- node_filter:
- filter_set_type: 'union'
- filter_set:
- - filter_type: 'union'
- assets:
- - path: /etc/modprobe.d/sriov_blacklist.conf
- type: file
- permissions: '644'
- data_pipeline:
- - utf8_decode
- data: |
- blacklist i40evf
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: calico-ip-rules
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: site
- labels:
- application: 'drydock'
- substitutions:
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.pod_cidr
- dest:
- path: .assets[0].data
- pattern: DH_SUB_POD_CIDR
-data:
- signaling: false
- assets:
- - path: /etc/systemd/system/configure-ip-rules.service
- type: unit
- permissions: '444'
- data: |-
- [Unit]
- Description=IP Rules Initialization Service
- After=network-online.target local-fs.target
-
- [Service]
- Type=simple
- ExecStart=/opt/configure-ip-rules.sh -g {{yaml.networks.ksn.vrrp_ip}} -c {{yaml.kubernetes.pod_cidr}} -s {{yaml.networks.ksn.additional_cidrs | first}}
-
- [Install]
- WantedBy=multi-user.target
- data_pipeline:
- - utf8_decode
- - path: /opt/configure-ip-rules.sh
- type: file
- permissions: '700'
- data_pipeline:
- - utf8_decode
- data: |-
- #!/bin/bash
- set -ex
-
- function usage() {
- cat <<EOU
- Options are:
-
- -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. {{yaml.kubernetes.pod_cidr}}
- -i INTERFACE The interface for internal pod traffic, e.g. bond1.2006
- -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
- INTERFACE. It is used to provide a work around when
- complete Calico routes cannot be received via BGP.
- e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
- -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
- e.g. 135.21.99.192/29
- EOU
- }
-
- SERVICE_CIDR=
- OVERLAP_CIDR=
-
- while getopts ":c:hi:o:s:" o; do
- case "${o}" in
- c)
- POD_CIDR=${OPTARG}
- ;;
- h)
- usage
- exit 0
- ;;
- i)
- INTERFACE=${OPTARG}
- ;;
- o)
- OVERLAP_CIDR=${OPTARG}
- ;;
- s)
- SERVICE_CIDR=${OPTARG}
- ;;
- \?)
- echo "Unknown option: -${OPTARG}" >&2
- exit 1
- ;;
- :)
- echo "Missing argument for option: -${OPTARG}" >&2
- exit 1
- ;;
- *)
- echo "Unimplemented option: -${OPTARG}" >&2
- exit 1
- ;;
- esac
- done
- shift $((OPTIND-1))
-
- if [ "x$POD_CIDR" == "x" ]; then
- echo "Missing pod CIDR, e.g -c {{yaml.kubernetes.pod_cidr}}" >&2
- usage
- exit 1
- fi
-
- if [ "x$INTERFACE" == "x" ]; then
- echo "Missing interface, e.g. -i bond1.2006" >&2
- usage
- exit 1
- fi
-
- while ! ip route list dev "${INTERFACE}" > /dev/null; do
- echo Waiting for device "${INTERFACE}" to be ready. >&2
- sleep 5
- done
-
- intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
-
- TABLE="1500"
-
- # Setup a routing table for traffic from service IPs
- ip route flush table "${TABLE}"
- ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
-
- if [ "x$OVERLAP_CIDR" != "x" ]; then
- # NOTE(mb874d): This is a work-around for nodes not receiving complete
- # routes via BGP. It may also be required for brownfield large sites.
- ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
- fi
-
- if [ "x$SERVICE_CIDR" != "x" ]; then
- # Traffic from the service IPs to pods should use the pod network.
- ip rule add \
- from "${SERVICE_CIDR}" \
- to "${POD_CIDR}" \
- lookup main \
- pref 10000
- # Other traffic from service IPs should only use the VRRP IP
- ip rule add \
- from "${SERVICE_CIDR}" \
- lookup "${TABLE}" \
- pref 10100
- fi
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/BootAction/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: promjoin
- storagePolicy: 'cleartext'
- layeringDefinition:
- abstract: false
- layer: site
- labels:
- application: 'drydock'
-data:
- signaling: false
- node_filter:
- filter_set_type: 'union'
- filter_set:
- - filter_type: 'union'
- node_names:
-{% for server in yaml.masters %}
- - '{{server.name}}'
-{% endfor %}
-{% if 'workers' in yaml %}{% for server in yaml.workers %}
- - '{{server.name}}'
-{% endfor %}{% endif %}
-{% raw %} # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
- assets:
- - path: /opt/promjoin.sh
- type: file
- permissions: '555'
- # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
- # you should use to contact kubernetes in the case below, this is cab24_mgmt
- location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
- location_pipeline:
- - template
- data_pipeline:
- - utf8_decode
- - path: /lib/systemd/system/promjoin.service
- type: unit
- permissions: '600'
- data: |-
- W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
- PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
- cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
- cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
- data_pipeline:
- - base64_decode
- - utf8_decode
-{% endraw %}
-...
+++ /dev/null
-{% for server in yaml.masters %}
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: {{server.name}}
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- host_profile: ControlPlane
- # the hostname for a server, could be used in multiple DNS domains to
- # represent different interfaces
- addressing:
- # Which network the address applies to. If a network appears in addressing
- # that isn't assigned to an interface, design validation will fail
- - network: oob
- address: {{server.oob}}
- - network: pxe
- # The address assigned. Either a explicit IPv4 or IPv6 address
- # or dhcp or slaac
- address: {{server.pxe}}
- - network: oam
- address: {{server.host}}
- - network: storage
- address: {{server.storage}}
- - network: overlay
- address: {{server.neutron}}
- - network: calico
- address: {{server.ksn}}
- metadata:
- rack: RACK01
- tags:
- - 'masters'
-{% if 'platform' in yaml %}
- platform:
- kernel_params:
-{% for key, value in yaml.platform.kernel_params.items() %}
- {{key}}: '{{value}}'
-{% endfor %}
-{% if 'vcpu_pin_set' in yaml.platform %}
- isolcpus: '{{yaml.platform.vcpu_pin_set}}'
-{% endif %}
-{% endif %}
-{% endfor %}
-{% if 'workers' in yaml %}{% for server in yaml.workers %}
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: {{server.name}}
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- host_profile: ComputePlane
- # the hostname for a server, could be used in multiple DNS domains to
- # represent different interfaces
- addressing:
- # Which network the address applies to. If a network appears in addressing
- # that isn't assigned to an interface, design validation will fail
- - network: oob
- address: {{server.oob}}
- - network: pxe
- # The address assigned. Either a explicit IPv4 or IPv6 address
- # or dhcp or slaac
- address: {{server.pxe}}
- - network: oam
- address: {{server.host}}
- - network: storage
- address: {{server.storage}}
- - network: overlay
- address: {{server.neutron}}
- - network: calico
- address: {{server.ksn}}
- metadata:
- rack: RACK01
- tags:
- - 'workers'
-{% if 'platform' in yaml %}
- platform:
- kernel_params:
-{% for key, value in yaml.platform.kernel_params.items() %}
- {{key}}: '{{value}}'
-{% endfor %}
-{% if 'vcpu_pin_set' in yaml.platform %}
- isolcpus: '{{yaml.platform.vcpu_pin_set}}'
-{% endif %}
-{% endif %}
-{% endfor %}{% endif %}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: pegleg/CommonAddresses/v1
-metadata:
- schema: metadata/Document/v1
- name: common-addresses
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- calico:
- ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
- etcd:
- service_ip: 10.96.232.136
-
- dns:
- cluster_domain: cluster.local
- service_ip: 10.96.0.10
- upstream_servers:
-{% for server in yaml.dns.upstream_servers %}
- - {{server}}
-{% endfor %}
- upstream_servers_joined: '{{yaml.dns.upstream_servers|batch(2)|first|join(',')}}'
- ingress_domain: {{yaml.dns.ingress_domain}}
- genesis:
- hostname: {{yaml.genesis.name}}
- ip: {{yaml.genesis.ksn}}
-
- bootstrap:
- ip: {{yaml.genesis.pxe}}
-
- kubernetes:
- api_service_ip: {{yaml.kubernetes.api_service_ip}}
- etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
- pod_cidr: {{yaml.kubernetes.pod_cidr}}
- service_cidr: {{yaml.kubernetes.service_cidr}}
- apiserver_port: 6443
- haproxy_port: 6553
- service_node_port_range: 30000-32767
-
- etcd:
- container_port: 2379
- haproxy_port: 2378
-
- masters:
-{% for master in yaml.masters %}
- - hostname: {{master.name}}
-{% endfor %}
-
- proxy:
- http: ""
- https: ""
- no_proxy: []
-
- node_ports:
- drydock_api: 30000
- maas_api: 30001
- maas_proxy: 31800 # hardcoded in MAAS
- shipyard_api: 30003
- airflow_web: 30004
-
- ntp:
- servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
-
- # Used for FQDN setup/definition
- domain:
- url: {{yaml.site_name}}.lab.akraino.org
-
- ldap:
- base_url: 'its-a-ldap.example.com'
- url: 'ldap://its-a-ldap.example.com'
- auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
- common_name: AP-NC_Test_Users
- subdomain: testitservices
- domain: example
-
- storage:
- ceph:
- public_cidr: '{{yaml.networks.storage.cidr}}'
- cluster_cidr: '{{yaml.networks.storage.cidr}}'
-
- neutron:
- tunnel_device: '{{yaml.networks.neutron.interface}}'
- external_iface: '{{yaml.networks.primary}}'
-
- openvswitch:
- external_iface: '{{yaml.networks.primary}}'
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: oob
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- labels:
- noconfig: enabled
- bonding:
- mode: disabled
- mtu: 9000
- linkspeed: auto
- trunking:
- mode: disabled
- default_network: oob
- allowed_networks:
- - oob
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: oob
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- cidr: {{yaml.networks.oob.cidr}}
- routes:
- - subnet: '0.0.0.0/0'
- gateway: {{yaml.networks.oob.routes.gateway}}
- ranges:
- - type: static
- start: {{yaml.networks.oob.ranges.static.start}}
- end: {{yaml.networks.oob.ranges.static.end}}
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: pxe
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- bonding:
- mode: disabled
- mtu: 9000
- linkspeed: auto
- trunking:
- mode: disabled
- default_network: pxe
- allowed_networks:
- - pxe
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: pxe
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- cidr: {{yaml.networks.pxe.cidr}}
- routes:
- - subnet: '0.0.0.0/0'
- gateway: {{yaml.networks.pxe.routes.gateway}}
- ranges:
- - type: reserved
- start: {{yaml.networks.pxe.ranges.reserved.start}}
- end: {{yaml.networks.pxe.ranges.reserved.end}}
- - type: static
- start: {{yaml.networks.pxe.ranges.static.start}}
- end: {{yaml.networks.pxe.ranges.static.end}}
- - type: dhcp
- start: {{yaml.networks.pxe.ranges.dhcp.start}}
- end: {{yaml.networks.pxe.ranges.dhcp.end}}
- dns:
- domain: {% if 'dns' in yaml.networks.pxe and 'domain' in yaml.networks.pxe.dns %}{{yaml.networks.pxe.dns.domain}}
- {% else %}{{yaml.dns.domain}}
- {% endif %}
- servers: '{% if 'dns' in yaml.networks.pxe %}{{yaml.networks.pxe.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: bond0
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- bonding:
-{% if yaml.networks.bonded %}
- mode: 802.3ad
- hash: layer3+4
- peer_rate: fast
- mon_rate: 100
- up_delay: 1000
- down_delay: 3000
-{% else %}
- mode: disabled
-{% endif %}
- mtu: 9000
- linkspeed: auto
- trunking:
- mode: 802.1q
- allowed_networks:
- - oam
- - storage
- - overlay
- - calico
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: oam
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- vlan: '{{yaml.networks.host.vlan}}'
- mtu: 9000
- cidr: {{yaml.networks.host.cidr}}
- routes:
- - subnet: '0.0.0.0/0'
- gateway: {{yaml.networks.host.routes.gateway}}
- ranges:
- - type: reserved
- start: {{yaml.networks.host.ranges.reserved.start}}
- end: {{yaml.networks.host.ranges.reserved.end}}
- - type: static
- start: {{yaml.networks.host.ranges.static.start}}
- end: {{yaml.networks.host.ranges.static.end}}
- dns:
- domain: {% if 'dns' in yaml.networks.host and 'domain' in yaml.networks.host.dns %}{{yaml.networks.host.dns.domain}}
- {% else %}{{yaml.dns.domain}}
- {% endif %}
- servers: '{% if 'dns' in yaml.networks.host %}{{yaml.networks.host.dns.servers}}{% else %}{{yaml.dns.upstream_servers|join(' ')}}{% endif %}'
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: storage
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- vlan: '{{yaml.networks.storage.vlan}}'
- mtu: 9000
- cidr: {{yaml.networks.storage.cidr}}
- ranges:
- - type: static
- start: {{yaml.networks.storage.ranges.static.start}}
- end: {{yaml.networks.storage.ranges.static.end}}
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: overlay
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- vlan: '{{yaml.networks.neutron.vlan}}'
- mtu: 9000
- cidr: {{yaml.networks.neutron.cidr}}
- ranges:
- - type: static
- start: {{yaml.networks.neutron.ranges.static.start}}
- end: {{yaml.networks.neutron.ranges.static.end}}
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: calico
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- vlan: '{{yaml.networks.ksn.vlan}}'
- mtu: 9000
- cidr: {{yaml.networks.ksn.cidr}}
- ranges:
- - type: static
- start: {{yaml.networks.ksn.ranges.static.start}}
- end: {{yaml.networks.ksn.ranges.static.end}}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/HardwareProfile/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: DELL_HP_Generic
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- vendor: {{yaml.hardware.vendor}}
- generation: '{{yaml.hardware.generation}}'
- hw_version: '{{yaml.hardware.hw_version}}'
- bios_version: '{{yaml.hardware.bios_version}}'
- boot_mode: bios
- bootstrap_protocol: pxe
- pxe_interface: 0
- device_aliases: {}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: drydock/HostProfile/v1
-metadata:
- schema: metadata/Document/v1
- name: ComputePlane
- storagePolicy: cleartext
- labels:
- hosttype: ComputePlane
- layeringDefinition:
- abstract: false
- layer: site
- substitutions:
- - dest:
- path: .oob.credential
- src:
- schema: deckhand/Passphrase/v1
- name: ipmi_admin_password
- path: .
-data:
- hardware_profile: DELL_HP_Generic
- oob:
- type: 'ipmi'
- network: 'oob'
- account: '{{yaml.ipmi_admin.username}}'
- primary_network: 'oam'
- hardware_profile: DELL_HP_Generic
- interfaces:
- pxe:
- device_link: pxe
- slaves:
- - '{{yaml.networks.pxe.interface}}'
- networks:
- - 'pxe'
- bond0:
- device_link: bond0
- slaves:
-{% for slave in yaml.networks.slaves %}
- - '{{ slave.name }}'
-{% endfor %}
- networks:
- - 'oam'
- - 'storage'
- - 'overlay'
- - 'calico'
- p1p1:
- slaves:
- - 'sriov_nic01'
- sriov:
- vf_count: 32 # Currently ignored
- trustedmode: false
- p3p2:
- slaves:
- - 'sriov_nic02'
- sriov:
- vf_count: 32 # Currently ignored
- trustedmode: false
- storage:
- physical_devices:
-{% for disk in yaml.disks_compute %}
- {{disk.name}}:
- {% if 'labels' in disk %}
- labels:
- {% for key, value in disk.labels.items() %}
- {{key}}: '{{value}}'
- {% endfor %}
- {% endif %}
- partitions:
- {% for p in disk.partitions %}
- - name: '{{p.name}}'
- size: '{{p.size}}'
- filesystem:
- mountpoint: '{{p.mountpoint}}'
- fstype: 'ext4'
- mount_options: 'defaults'
- {% endfor %}
-{% endfor %}
- platform:
- image: 'xenial'
- kernel: 'hwe-16.04'
- kernel_params:
-{% if 'platform' in yaml and 'kernel_params' in yaml.platform %}
-{% for key, value in yaml.platform.kernel_params.items() %}
- {{key}}: '{{value}}'
-{% endfor %}
-{% else %}
- console: 'ttyS1,115200n8'
- intel_iommu: 'on'
- iommu: 'pt'
- amd_iommu: 'on'
- transparent_hugepage: 'never'
-{% endif %}
-{% if 'platform' in yaml and 'vcpu_pin_set' in yaml.platform %}
- isolcpus: '{{yaml.platform.vcpu_pin_set}}'
-{% endif %}
- metadata:
- owner_data:
- openstack-nova-compute: enabled
- openvswitch: enabled
- openstack-libvirt: kernel
- sriov: enabled
- beta.kubernetes.io/fluentd-ds-ready: 'true'
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: drydock/HostProfile/v1
-metadata:
- schema: metadata/Document/v1
- name: ControlPlane
- storagePolicy: cleartext
- labels:
- hosttype: ControlPlane
- layeringDefinition:
- abstract: false
- layer: site
- substitutions:
- - dest:
- path: .oob.credential
- src:
- schema: deckhand/Passphrase/v1
- name: ipmi_admin_password
- path: .
-data:
- oob:
- type: 'ipmi'
- network: 'oob'
- account: '{{yaml.ipmi_admin.username}}'
- primary_network: 'oam'
- hardware_profile: DELL_HP_Generic
- interfaces:
- pxe:
- device_link: pxe
- slaves:
- - '{{yaml.networks.pxe.interface}}'
- networks:
- - 'pxe'
- bond0:
- device_link: bond0
- slaves:
-{% for slave in yaml.networks.slaves %}
- - '{{ slave.name }}'
-{% endfor %}
- networks:
- - 'oam'
- - 'storage'
- - 'overlay'
- - 'calico'
- p1p1:
- slaves:
- - 'sriov_nic01'
- sriov:
- vf_count: 32 # Currently ignored
- trustedmode: false
- p3p2:
- slaves:
- - 'sriov_nic02'
- sriov:
- vf_count: 32 # Currently ignored
- trustedmode: false
- storage:
- physical_devices:
-{% for disk in yaml.disks %}
- {{disk.name}}:
- {% if 'labels' in disk %}
- labels:
- {% for key, value in disk.labels.items() %}
- {{key}}: '{{value}}'
- {% endfor %}
- {% endif %}
- partitions:
- {% for p in disk.partitions %}
- - name: '{{p.name}}'
- size: '{{p.size}}'
- filesystem:
- mountpoint: '{{p.mountpoint}}'
- fstype: 'ext4'
- mount_options: 'defaults'
- {% endfor %}
-{% endfor %}
- platform:
- image: 'xenial'
- kernel: 'hwe-16.04'
- kernel_params:
-{% if 'platform' in yaml and 'kernel_params' in yaml.platform %}
-{% for key, value in yaml.platform.kernel_params.items() %}
- {{key}}: '{{value}}'
-{% endfor %}
-{% else %}
- console: 'ttyS1,115200n8'
- intel_iommu: 'on'
- iommu: 'pt'
- amd_iommu: 'on'
- transparent_hugepage: 'never'
-{% endif %}
-{% if 'platform' in yaml and 'vcpu_pin_set' in yaml.platform %}
- isolcpus: '{{yaml.platform.vcpu_pin_set}}'
-{% endif %}
- metadata:
- owner_data:
- control-plane: enabled
- ucp-control-plane: enabled
- openstack-control-plane: enabled
- openstack-heat: enabled
- openstack-keystone: enabled
- openstack-rabbitmq: enabled
- openstack-dns-helper: enabled
- openstack-mariadb: enabled
- openstack-nova-control: enabled
- openstack-etcd: enabled
- openstack-mistral: enabled
- openstack-memcached: enabled
- openstack-glance: enabled
- openstack-horizon: enabled
- openstack-cinder-control: enabled
- openstack-cinder-volume: control
- openstack-neutron: enabled
- openstack-libvirt: kernel
- openvswitch: enabled
- openstack-nova-compute: enabled
- ucp-barbican: enabled
- ceph-bootstrap: enabled
- ceph-mon: enabled
- ceph-mgr: enabled
- ceph-osd: enabled
- ceph-mds: enabled
- ceph-rgw: enabled
- ucp-maas: enabled
- kube-dns: enabled
- kubernetes-apiserver: enabled
- kubernetes-controller-manager: enabled
- kubernetes-etcd: enabled
- kubernetes-scheduler: enabled
- tiller-helm: enabled
- kube-etcd: enabled
- calico-policy: enabled
- calico-node: enabled
- calico-etcd: enabled
- ucp-armada: enabled
- ucp-drydock: enabled
- ucp-deckhand: enabled
- ucp-shipyard: enabled
- IAM: enabled
- ucp-promenade: enabled
- prometheus-server: enabled
- prometheus-client: enabled
- fluentd: enabled
- influxdb: enabled
- kibana: enabled
- elasticsearch-client: enabled
- elasticsearch-master: enabled
- elasticsearch-data: enabled
- postgresql: enabled
- kube-ingress: enabled
- sriov: enabled
- beta.kubernetes.io/fluentd-ds-ready: 'true'
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: 'drydock/Region/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: {{yaml.site_name}}
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
- substitutions:
- - dest:
- path: .authorized_keys[0]
- src:
- schema: deckhand/PublicKey/v1
- name: localadmin_ssh_public_key
- path: .
-data:
- tag_definitions: []
- authorized_keys: []
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: deckhand/Passphrase/v1
-metadata:
- schema: metadata/Document/v1
- name: ipmi_admin_password
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data: '{{yaml.ipmi_admin.password}}'
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: pegleg/SiteDefinition/v1
-metadata:
- schema: metadata/Document/v1
- layeringDefinition:
- abstract: false
- layer: site
- name: {{yaml.site_name}}
- storagePolicy: cleartext
-data:
- revision: v4.0
- site_type: foundry
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- replacement: true
- name: kubernetes-calico
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-calico-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- networking:
- settings:
-{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
- mesh: "off"
-{% else %}
- mesh: "on"
-{% endif %}
- ippool:
- ipip:
- enabled: "false"
- mode: "cross-subnet"
- bgp:
- asnumber: {{yaml.networks.ksn.local_asnumber}}
- ipv4:
- additional_cidrs:
-{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
- - {{add_cidr}}
-{% endfor %}
-{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
- peers:
-{% for peer in yaml.networks.ksn.peers %}
- - apiVersion: v1
- kind: bgpPeer
- metadata:
- peerIP: {{peer.ip}}
- scope: {{peer.scope}}
- spec:
- asnumber: {{peer.asnumber}}
-{% endfor %}
-{% endif %}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico-etcd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-calico-etcd-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.calico.etcd
- dest:
- path: .source
-
- # Image versions
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.calico.etcd
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.etcd.service_ip
- dest:
- path: .values.service.ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .calico.etcd.service_ip
- dest:
- path: .values.anchor.etcdctl_endpoint
-
- # CAs
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: calico-etcd
- path: .
- dest:
- path: .values.secrets.tls.client.ca
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: calico-etcd-peer
- path: .
- dest:
- path: .values.secrets.tls.peer.ca
-
- # Anchor client cert
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.key
-
- # Node names
-{% set count = [0] %}
-{% for server in yaml.masters %}
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[{{count[0]}}].hostname
- dest:
- path: .values.nodes[{{count[0]}}].name
- {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .values.nodes[{{count[0]}}].name
-
- # Server certs
-{% set count = [0] %}
-{% for server in yaml.masters %}
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-{{server.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-{{server.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-{{server.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-{{server.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.key
- {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
-
- # NOTE(mb874d): Be sure we generate these certs for genesis.
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-{{yaml.genesis.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-{{yaml.genesis.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-{{yaml.genesis.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-{{yaml.genesis.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.key
-
-data:
- values:
- manifests:
- test_etcd_health: false
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-etcd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-etcd-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
-
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.kubernetes.etcd
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.kubernetes.etcd
- dest:
- path: .values.images.tags
-
- # IP addresses
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.etcd_service_ip
- dest:
- path: .values.service.ip
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .kubernetes.etcd_service_ip
- dest:
- path: .values.anchor.etcdctl_endpoint
-
- # CAs
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes-etcd
- path: .
- dest:
- path: .values.secrets.tls.client.ca
- - src:
- schema: deckhand/CertificateAuthority/v1
- name: kubernetes-etcd-peer
- path: .
- dest:
- path: .values.secrets.tls.peer.ca
-
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-anchor
- path: .
- dest:
- path: .values.secrets.anchor.tls.key
-
- # Node names
-{% set count = [0] %}
-{% for server in yaml.masters %}
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[{{count[0]}}].hostname
- dest:
- path: .values.nodes[{{count[0]}}].name
- {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .values.nodes[{{count[0]}}].name
-
- # Server certs
-{% set count = [0] %}
-{% for server in yaml.masters %}
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-{{server.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-{{server.name}}
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-{{server.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-{{server.name}}-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.key
- {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
-
- # Genesis node
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-genesis
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-genesis
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-genesis-peer
- path: .
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-genesis-peer
- path: $
- dest:
- path: .values.nodes[{{count[0]}}].tls.peer.key
-
-data: {}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ingress-kube-system
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- ingress: kube-system
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data: {}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-client-update
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-ceph-client-update-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- conf:
- pool:
- target:
- osd: {{yaml.storage.total_osd_count}}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-client
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-ceph-client-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- conf:
- pool:
- target:
- osd: {{yaml.storage.osd_count}}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-ceph-osd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-ceph-osd-global
- actions:
- - method: replace
- path: .values.conf.storage.osd
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- conf:
- storage:
- osd:
-{% for osd in yaml.storage.osds %}
- - data:
- type: block-logical
- location: {{osd.data}}
- journal:
- type: directory
- location: {{osd.journal}}
-{% endfor %}
-...
+++ /dev/null
----
-##############################################################################
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may #
-# not use this file except in compliance with the License. #
-# #
-# You may obtain a copy of the License at #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: ucp-promenade
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: ucp-promenade-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
-data:
- values:
- pod:
- env:
- promenade_api:
- - name: no_proxy
- value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
- - name: NO_PROXY
- value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
-...
tar cvf ./tars/promenade-bundle-$SITE.tar -C ./tars/$SITE .
}
-create_directories
-get_site_config
-gen_certs
-gen_bundle
-create_scripts
-prepare_tar
+#create_directories
+#get_site_config
+#gen_certs
+#gen_bundle
+#create_scripts
+#prepare_tar
+
+(
+echo "# Collecting config files in $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+rm -rf $AIRSHIP_TREASUREMAP/${SITE}_collected
+mkdir -p $AIRSHIP_TREASUREMAP/${SITE}_collected
+$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target collect $SITE -s ${SITE}_collected || true
+)
+
+(
+echo "# Rendering config files in $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target render $SITE > ${SITE}_render.yaml || true
+)
+
+(
+echo "# Generating certs for $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+rm -rf $AIRSHIP_TREASUREMAP/${SITE}_certs
+mkdir -p $AIRSHIP_TREASUREMAP/${SITE}_certs
+$AIRSHIP_TREASUREMAP/tools/airship promenade generate-certs -o /target/${SITE}_certs /target/${SITE}_collected/*.yaml
+)
+
+(
+echo "# Copying certs to $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+mkdir -p $AIRSHIP_TREASUREMAP/site/${SITE}/secrets/certificates
+cp $AIRSHIP_TREASUREMAP/${SITE}_certs/certificates.yaml $AIRSHIP_TREASUREMAP/site/${SITE}/secrets/certificates
+)
+
+(
+echo "# Collecting config files with certs in $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+rm -rf $AIRSHIP_TREASUREMAP/${SITE}_collected
+mkdir -p $AIRSHIP_TREASUREMAP/${SITE}_collected
+$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target collect $SITE -s ${SITE}_collected
+)
+
+(
+echo "# Generating Promenade bundle with $AIRSHIP_TREASUREMAP/${SITE}_collected"
+cd $AIRSHIP_TREASUREMAP
+rm -rf $AIRSHIP_TREASUREMAP/${SITE}_bundle
+mkdir -p $AIRSHIP_TREASUREMAP/${SITE}_bundle
+$AIRSHIP_TREASUREMAP/tools/airship promenade build-all --validators -o /target/${SITE}_bundle /target/${SITE}_collected/*.yaml
+)
+
+(
+echo "# Copying scripts to $AIRSHIP_TREASUREMAP/${SITE}_bundle"
+ #KEYSTONE_IMAGE=$(grep "keystone_db_sync: docker.io" $AIRSHIP_TREASUREMAP/global/software/config/versions.yaml | uniq | awk '{print $2}')
+ SHIPYARD_IMAGE=$(grep "shipyard_db_sync" $AIRSHIP_TREASUREMAP/global/software/config/versions.yaml | uniq | awk '{print $2}')
+
+ DRYDOCK_PASSWORD=$(grep "^data:" $AIRSHIP_TREASUREMAP/site/$SITE/secrets/passphrases/ucp_drydock_keystone_password.yaml | awk '{print $2}')
+ SHIPYARD_PASSWORD=$(grep "^data:" $AIRSHIP_TREASUREMAP/site/$SITE/secrets/passphrases/ucp_shipyard_keystone_password.yaml | awk '{print $2}')
+ REGION_NAME=$SITE
+
+ DEPLOY_SCRIPT=$AIRSHIP_TREASUREMAP/${SITE}_bundle/deploy_site.sh
+ IPTABLES_SCRIPT=$AIRSHIP_TREASUREMAP/${SITE}_bundle/update_iptables.sh
+
+ cp $YAML_BUILDS/tools/deploy_site.sh $AIRSHIP_TREASUREMAP/${SITE}_bundle
+ sed -i -e "s,KEYSTONE_IMAGE=,KEYSTONE_IMAGE=$KEYSTONE_IMAGE,g" $DEPLOY_SCRIPT
+ sed -i -e "s,SHIPYARD_IMAGE=,SHIPYARD_IMAGE=$SHIPYARD_IMAGE,g" $DEPLOY_SCRIPT
+ sed -i -e "s/DRYDOCK_PASSWORD=/DRYDOCK_PASSWORD=$DRYDOCK_PASSWORD/g" $DEPLOY_SCRIPT
+ sed -i -e "s/SHIPYARD_PASSWORD=/SHIPYARD_PASSWORD=$SHIPYARD_PASSWORD/g" $DEPLOY_SCRIPT
+ sed -i -e "s/REGION_NAME=/REGION_NAME=$REGION_NAME/g" $DEPLOY_SCRIPT
+ sed -i -e "s/{{yaml.genesis.host}}/$GENESIS_HOST/g" $DEPLOY_SCRIPT
+
+ cp $YAML_BUILDS/tools/update_iptables.sh $AIRSHIP_TREASUREMAP/${SITE}_bundle
+ sed -i -e "s,HOST_INTERFACE=,HOST_INTERFACE=$HOST_INTERFACE,g" $IPTABLES_SCRIPT
+ sed -i -e "s,PXE_INTERFACE=,PXE_INTERFACE=$PXE_INTERFACE,g" $IPTABLES_SCRIPT
+
+ cp $YAML_BUILDS/tools/cleanup.sh $AIRSHIP_TREASUREMAP/${SITE}_bundle
+)
+
+(
+ echo "# Generating Promenade tar bundle $YAML_BUILDS/tars/promenade-bundle-$SITE.tar"
+ mkdir -p $YAML_BUILDS/tars
+ rm -f $YAML_BUILDS/tars/promenade-bundle-$SITE.tar
+ tar cvf $YAML_BUILDS/tars/promenade-bundle-$SITE.tar -C $AIRSHIP_TREASUREMAP/${SITE}_bundle .
+)
exec 2>&-
exec 1>&-
tar -xmf promenade-bundle-$SITE.tar
EOF
# Update BIOS Setting
-python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
+#python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
exec 2>&-
exec 1>&-
ssh $GENESIS_HOST << EOF
cd /root/akraino
- bash configs/promenade-bundle/genesis.sh
+ bash genesis.sh
# Shipyard takes time to really come up and start responding.
date
sleep 900
# Following is a workaround, tested on dell servers.
# TODO to be removed when not required.
bash update_iptables.sh
- bash deploy_site.sh
+ #bash deploy_site.sh
EOF
exec 2>&-
python ./scripts/jcopy.py $SITE.yaml ./tools/j2/set_site_env.sh ./tools/env_$SITE.sh
source ./tools/env_$SITE.sh
+if [ ! -d "$AIRSHIP_TREASUREMAP" ] && [ -f "${AIRSHIP_TREASUREMAP}.tgz" ]; then
+ echo "Expanding [${AIRSHIP_TREASUREMAP}.tgz] to directory [$AIRSHIP_TREASUREMAP]."
+ mkdir -p "$AIRSHIP_TREASUREMAP"
+ tar xzvf "${AIRSHIP_TREASUREMAP}.tgz" --strip-components=1 -C "$AIRSHIP_TREASUREMAP"
+fi
+
if [ ! -d "$AIRSHIP_TREASUREMAP" ]; then
echo "ERROR: Missing AIRSHIP_TREASUREMAP directory [$AIRSHIP_TREASUREMAP]."
exit -1
exit -1
fi
+echo "# Generating templates to $YAML_BUILDS/site/$SITE"
+rm -rf $YAML_BUILDS/site/$SITE
+mkdir -p $YAML_BUILDS/site/$SITE
python ./scripts/jcopy.py $SITE.yaml $AIRSHIP_TEMPLATES $YAML_BUILDS/site/$SITE
-cp -r site/common/* site/$SITE/
+
+echo "# Merging config files to $AIRSHIP_TREASUREMAP/site/$SITE"
+rm -rf $AIRSHIP_TREASUREMAP/site/$SITE
+mkdir -p $AIRSHIP_TREASUREMAP/site/$SITE
+
+cp -r $AIRSHIP_TREASUREMAP/site/seaworthy/* $AIRSHIP_TREASUREMAP/site/$SITE
+cp -r $YAML_BUILDS/site/$SITE/* $AIRSHIP_TREASUREMAP/site/$SITE
+
+CONFIG_COUNT=`find $AIRSHIP_TREASUREMAP/site/$SITE -type f | wc -l`
+echo "#######################################"
+echo "# Created site $AIRSHIP_TREASUREMAP/site/$SITE with $CONFIG_COUNT config files"
+echo "#######################################"
+
+(
+echo "# Linting config files in $AIRSHIP_TREASUREMAP/site/$SITE"
+cd $AIRSHIP_TREASUREMAP
+$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target lint $SITE -x P001 -x P005 || true
+)
+
+echo "#######################################"
{% endif %}
# the boot device is the device name on which the OS will be loaded
-SRV_BOOT_DEVICE={{yaml.disks[0].name}}
-SRV_CEPH_DEVICE={{yaml.disks[1].name}}
+SRV_BOOT_DEVICE={{yaml.hardware.device_aliases|selectattr('key', 'equalto', 'bootdisk') | map(attribute='name')|first|replace("/dev/","")}}
+SRV_CEPH_DEVICE={{yaml.hardware.device_aliases|selectattr('key', 'equalto', 'cephjournal1') | map(attribute='name')|first|replace("/dev/","")}}
# ipxe script to use - based on the os version and kernel to install
# valid options are script-hwe-16.04.6-amd64.ipxe or script-16.04.6-amd64.ipxe
SRV_BLD_SCRIPT=script-hwe-16.04.6-amd64.ipxe
# template xml file to set bios and raid configuration settings
-SRV_BIOS_TEMPLATE={% if 'bios_template' in yaml.genesis %}{{yaml.genesis.bios_template}}
- {% else %}{{yaml.hardware.bios_template}}
+SRV_BIOS_TEMPLATE={% if 'bios_template' in yaml.genesis %}{{yaml.genesis.bios_template|default("",true)}}
+ {% else %}{{yaml.hardware.bios_template|default("",true)}}
{% endif %}
SRV_BOOT_TEMPLATE={% if 'boot_template' in yaml.genesis %}{{yaml.genesis.boot_template}}
{% else %}{{yaml.hardware.boot_template}}
{% if 'site_type' in yaml %}
export SITE_TYPE={{yaml.site_type}}
echo SITE_TYPE=$SITE_TYPE
-export AIRSHIP_TREASUREMAP=/opt/akraino/yaml_builds/site_type/{{yaml.site_type}}/airship-treasuremap
+export AIRSHIP_TREASUREMAP=/opt/akraino/yaml_builds/site_type/{{yaml.site_type}}/treasuremap
echo AIRSHIP_TREASUREMAP=$AIRSHIP_TREASUREMAP
export AIRSHIP_TEMPLATES=/opt/akraino/yaml_builds/site_type/{{yaml.site_type}}/templates/
echo AIRSHIP_TEMPLATES=$AIRSHIP_TEMPLATES
-{% else %}
-# ASSUME SRIOV FOR BACKWARD COMPATIBILITY
-export SITE_TYPE=sriov
-echo SITE_TYPE=$SITE_TYPE
-export AIRSHIP_TREASUREMAP=/opt/akraino/yaml_builds/site_type/sriov/airship-treasuremap
-echo AIRSHIP_TREASUREMAP=$AIRSHIP_TREASUREMAP
-export AIRSHIP_TEMPLATES=/opt/akraino/yaml_builds/site_type/sriov/templates/
-echo AIRSHIP_TEMPLATES=$AIRSHIP_TEMPLATES
{% endif %}
export GENESIS_HOST={{yaml.genesis.host}}
echo GENESIS_HOST=$GENESIS_HOST
Code Review / yaml_builds.git / commitdiff