diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..cf4304334
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+*
+!/tls/
+!tinkerbell-server
+!entrypoint.sh
+!deploy/migrate
+!deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..bdf58f7f1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+tinkerbell-server
+**/tinkerbell-cli
+**/tinkerbell-worker
+bin/
+certs/
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..c14c439ce
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM alpine:3.7
+
+ENTRYPOINT [ "/tinkerbell" ]
+EXPOSE 42113
+EXPOSE 42114
+
+RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client
+RUN apk add --no-cache --update --upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl
+COPY deploy/migrate /migrate
+COPY deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql /init.sql
+COPY tinkerbell-server /tinkerbell
diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000..0ab8209e2
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,29 @@
+server := tinkerbell-server
+cli := tinkerbell-cli
+worker := tinkerbell-worker
+binaries := ${server} ${cli} ${worker}
+all: ${binaries}
+
+.PHONY: server ${binaries} cli worker test
+server: ${server}
+cli: ${cli}
+worker : ${worker}
+
+${bindir}:
+	mkdir -p $@/
+
+${server}:
+	CGO_ENABLED=0 go build -o $@ .
+
+${cli}:
+	CGO_ENABLED=0 go build -o ./cmd/tinkerbell/$@ ./cmd/tinkerbell
+
+${worker}:
+	CGO_ENABLED=0 go build -o ./worker/$@ ./worker/
+
+run: ${binaries}
+	docker-compose up -d --build db
+	docker-compose up --build tinkerbell boots
+test:
+	go clean -testcache
+	go test ./test -v
diff --git a/README.md b/README.md
index e945fcc83..d79744e38 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,38 @@
-# tinkerbell
+# Tinkerbell [https://tinkerbell.org](https://tinkerbell.org)
 
-https://tinkerbell.org
+At the highest level `tinkerbell` is the service responsible for handling the workflows. It comprises of a server and a CLI, which communicate over gRPC. The CLI is used to create a workflow along with its building blocks, i.e., template and target.
+
+# Packet Workflow 
+
+A Packet Workflow is an open-source microservice that’s responsible for handling flexible, bare metal
+provisioning workflows, that is...
+ - standalone and does not need the Packet API to function
+ - contains `Boots`, `Tinkerbell`, `Osie`, and workers
+ - can bootstrap any remote worker using `Boots + Osie`
+ - can run any set of actions as Docker container runtimes
+ - receive, manipulate, and save runtime data
+
+## Content
+ 
+ - [Setup](docs/setup.md)
+ - [Components](docs/components.md)
+   - [Boots](docs/components.md#boots)
+   - [Osie](docs/components.md#osie)
+   - [Tinkerbell](docs/components.md#tinkerbell)
+   - [Hegel](docs/components.md#hegel)
+   - [Database](docs/components.md#database)
+   - [Image Registry](docs/components.md#registry)
+   - [Elasticsearch](docs/components.md#elastic)
+   - [Fluent Bit](docs/components.md#cacher)
+   - [Kibana](docs/components.md#kibana)
+ - [Architecture](docs/architecture.md)
+ - [Example: First Good Workflow](docs/first-good-workflow.md)
+ - [Concepts](docs/concepts.md)
+   - [Template](docs/concepts.md#template)
+   - [Target](docs/concepts.md#target)
+   - [Provisioner](docs/concepts.md#provisioner)
+   - [Worker](docs/concepts.md#worker)
+   - [Ephemeral Data](docs/concepts.md#ephemeral-data)
+ - [Writing a Workflow](docs/writing-workflow.md)
+ - [Tinkerbell CLI Reference](docs/cli/README.md)
+ - [Troubleshooting](docs/troubleshoot.md)
diff --git a/client/main.go b/client/main.go
new file mode 100644
index 000000000..eba193480
--- /dev/null
+++ b/client/main.go
@@ -0,0 +1,80 @@
+package client
+
+import (
+	"crypto/x509"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/packethost/tinkerbell/protos/template"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+// gRPC clients
+var (
+	TemplateClient template.TemplateClient
+	TargetClient   target.TargetClient
+	WorkflowClient workflow.WorkflowSvcClient
+	HardwareClient hardware.HardwareServiceClient
+)
+
+// GetConnection returns a gRPC client connection
+func GetConnection() (*grpc.ClientConn, error) {
+	certURL := os.Getenv("TINKERBELL_CERT_URL")
+	if certURL == "" {
+		return nil, errors.New("undefined TINKERBELL_CERT_URL")
+	}
+	resp, err := http.Get(certURL)
+	if err != nil {
+		return nil, errors.Wrap(err, "fetch cert")
+	}
+	defer resp.Body.Close()
+
+	certs, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.Wrap(err, "read cert")
+	}
+
+	cp := x509.NewCertPool()
+	ok := cp.AppendCertsFromPEM(certs)
+	if !ok {
+		return nil, errors.Wrap(err, "parse cert")
+	}
+
+	grpcAuthority := os.Getenv("TINKERBELL_GRPC_AUTHORITY")
+	if grpcAuthority == "" {
+		return nil, errors.New("undefined TINKERBELL_GRPC_AUTHORITY")
+	}
+	creds := credentials.NewClientTLSFromCert(cp, "")
+	conn, err := grpc.Dial(grpcAuthority, grpc.WithTransportCredentials(creds))
+	if err != nil {
+		return nil, errors.Wrap(err, "connect to tinkerbell server")
+	}
+	return conn, nil
+}
+
+// Setup : create a connection to server
+func Setup() {
+	conn, err := GetConnection()
+	if err != nil {
+		log.Fatal(err)
+	}
+	TemplateClient = template.NewTemplateClient(conn)
+	TargetClient = target.NewTargetClient(conn)
+	WorkflowClient = workflow.NewWorkflowSvcClient(conn)
+	HardwareClient = hardware.NewHardwareServiceClient(conn)
+}
+
+func NewTinkerbellClient() (hardware.HardwareServiceClient, error) {
+	conn, err := GetConnection()
+        if err != nil {
+                log.Fatal(err)
+        }
+	return hardware.NewHardwareServiceClient(conn), nil
+}
diff --git a/cmd/rover/.gitkeep b/cmd/rover/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/cmd/tinkerbell/Dockerfile b/cmd/tinkerbell/Dockerfile
new file mode 100644
index 000000000..85a07d76d
--- /dev/null
+++ b/cmd/tinkerbell/Dockerfile
@@ -0,0 +1,7 @@
+FROM alpine:3.7
+
+CMD sleep 60d
+
+RUN apk add --no-cache --update --upgrade ca-certificates
+COPY tinkerbell-cli /bin/tinkerbell
+COPY sample.tmpl /tmp
diff --git a/cmd/tinkerbell/cmd/hardware.go b/cmd/tinkerbell/cmd/hardware.go
new file mode 100644
index 000000000..624c341b7
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware.go
@@ -0,0 +1,25 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/packethost/tinkerbell/cmd/tinkerbell/cmd/hardware"
+	"github.com/spf13/cobra"
+)
+
+var hardwareCmd = &cobra.Command{
+	Use:     "hardware",
+	Short:   "tinkerbell hardware client",
+	Example: "tinkerbell hardware [command]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires arguments", c.UseLine())
+		}
+		return nil
+	},
+}
+
+func init() {
+	hardwareCmd.AddCommand(hardware.SubCommands...)
+	rootCmd.AddCommand(hardwareCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/all.go b/cmd/tinkerbell/cmd/hardware/all.go
new file mode 100644
index 000000000..80a7e837e
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/all.go
@@ -0,0 +1,37 @@
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// allCmd represents the all command
+var allCmd = &cobra.Command{
+	Use:   "all",
+	Short: "Get all known hardware for facility",
+	Run: func(cmd *cobra.Command, args []string) {
+		alls, err := client.HardwareClient.All(context.Background(), &hardware.Empty{})
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		var hw *hardware.Hardware
+		err = nil
+		for hw, err = alls.Recv(); err == nil && hw != nil; hw, err = alls.Recv() {
+			fmt.Println(hw.JSON)
+		}
+		if err != nil && err != io.EOF {
+			log.Fatal(err)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, allCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/commands.go b/cmd/tinkerbell/cmd/hardware/commands.go
new file mode 100644
index 000000000..40fbf9d11
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/commands.go
@@ -0,0 +1,25 @@
+package hardware
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// SubCommands holds the sub commands for template command
+// Example: tinkerbell template [subcommand]
+var SubCommands []*cobra.Command
+
+func verifyUUIDs(args []string) error {
+	if len(args) < 1 {
+		return errors.New("requires at least one id")
+	}
+	for _, arg := range args {
+		if _, err := uuid.FromString(arg); err != nil {
+			return fmt.Errorf("invalid uuid: %s", arg)
+		}
+	}
+	return nil
+}
diff --git a/cmd/tinkerbell/cmd/hardware/id.go b/cmd/tinkerbell/cmd/hardware/id.go
new file mode 100644
index 000000000..fb9de27ee
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/id.go
@@ -0,0 +1,36 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// idCmd represents the id command
+var idCmd = &cobra.Command{
+	Use:     "id",
+	Short:   "Get hardware by id",
+	Example: "tinkerbell hardware id 224ee6ab-ad62-4070-a900-ed816444cec0 cb76ae54-93e9-401c-a5b2-d455bb3800b1",
+	Args: func(_ *cobra.Command, args []string) error {
+		return verifyUUIDs(args)
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, id := range args {
+			hw, err := client.HardwareClient.ByID(context.Background(), &hardware.GetRequest{ID: id})
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(hw.JSON)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, idCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/ingest.go b/cmd/tinkerbell/cmd/hardware/ingest.go
new file mode 100644
index 000000000..1e159286d
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/ingest.go
@@ -0,0 +1,32 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// ingestCmd represents the ingest command
+var ingestCmd = &cobra.Command{
+	Use:   "ingest",
+	Short: "Trigger tinkerbell to ingest",
+	Long:  "This command only signals tinkerbell to ingest if it has not already done so.",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("ingest called")
+		_, err := client.HardwareClient.Ingest(context.Background(), &hardware.Empty{})
+		if err != nil {
+			log.Fatal(err)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, ingestCmd)
+
+}
diff --git a/cmd/tinkerbell/cmd/hardware/ip.go b/cmd/tinkerbell/cmd/hardware/ip.go
new file mode 100644
index 000000000..50e3953b2
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/ip.go
@@ -0,0 +1,42 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// ipCmd represents the ip command
+var ipCmd = &cobra.Command{
+	Use:     "ip",
+	Short:   "Get hardware by any associated ip",
+	Example: "tinkerbell hardware ip 10.0.0.2 10.0.0.3",
+	Args: func(_ *cobra.Command, args []string) error {
+		for _, arg := range args {
+			if net.ParseIP(arg) == nil {
+				return fmt.Errorf("invalid ip: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, ip := range args {
+			hw, err := client.HardwareClient.ByIP(context.Background(), &hardware.GetRequest{IP: ip})
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(hw.JSON)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, ipCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/mac.go b/cmd/tinkerbell/cmd/hardware/mac.go
new file mode 100644
index 000000000..e4544b445
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/mac.go
@@ -0,0 +1,42 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// macCmd represents the mac command
+var macCmd = &cobra.Command{
+	Use:     "mac",
+	Short:   "Get hardware by any associated mac",
+	Example: "tinkerbell hardware mac 00:00:00:00:00:01 00:00:00:00:00:02",
+	Args: func(_ *cobra.Command, args []string) error {
+		for _, arg := range args {
+			if _, err := net.ParseMAC(arg); err != nil {
+				return fmt.Errorf("invalid mac: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, mac := range args {
+			hw, err := client.HardwareClient.ByMAC(context.Background(), &hardware.GetRequest{MAC: mac})
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(hw.JSON)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, macCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/push.go b/cmd/tinkerbell/cmd/hardware/push.go
new file mode 100644
index 000000000..8a644c446
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/push.go
@@ -0,0 +1,46 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// pushCmd represents the push command
+var pushCmd = &cobra.Command{
+	Use:     "push",
+	Short:   "Push new hardware to tinkerbell",
+	Example: `tinkerbell hardware push '{"id":"2a1519e5-781c-4251-a979-3a6bedb8ba59", ...}' '{"id:"315169a4-a863-43ef-8817-2b6a57bd1eef", ...}'`,
+	Args: func(_ *cobra.Command, args []string) error {
+		s := struct {
+			ID string
+		}{}
+		for _, arg := range args {
+			if json.NewDecoder(strings.NewReader(arg)).Decode(&s) != nil {
+				return fmt.Errorf("invalid json: %s", arg)
+			} else if s.ID == "" {
+				return fmt.Errorf("invalid json, ID is required: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, j := range args {
+			if _, err := client.HardwareClient.Push(context.Background(), &hardware.PushRequest{Data: j}); err != nil {
+				log.Fatal(err)
+			}
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, pushCmd)
+}
diff --git a/cmd/tinkerbell/cmd/hardware/watch.go b/cmd/tinkerbell/cmd/hardware/watch.go
new file mode 100644
index 000000000..0abbbda00
--- /dev/null
+++ b/cmd/tinkerbell/cmd/hardware/watch.go
@@ -0,0 +1,53 @@
+// Copyright © 2018 packet.net
+
+package hardware
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"sync"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/spf13/cobra"
+)
+
+// watchCmd represents the watch command
+var watchCmd = &cobra.Command{
+	Use:     "watch",
+	Short:   "Register to watch an id for any changes",
+	Example: "tinkerbell hardware watch 224ee6ab-ad62-4070-a900-ed816444cec0 cb76ae54-93e9-401c-a5b2-d455bb3800b1",
+	Args: func(_ *cobra.Command, args []string) error {
+		return verifyUUIDs(args)
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		stdoutLock := sync.Mutex{}
+		for _, id := range args {
+			go func(id string) {
+				stream, err := client.HardwareClient.Watch(context.Background(), &hardware.GetRequest{ID: id})
+				if err != nil {
+					log.Fatal(err)
+				}
+
+				var hw *hardware.Hardware
+				err = nil
+				for hw, err = stream.Recv(); err == nil && hw != nil; hw, err = stream.Recv() {
+					stdoutLock.Lock()
+					fmt.Println(hw.JSON)
+					stdoutLock.Unlock()
+				}
+				if err != nil && err != io.EOF {
+					log.Fatal(err)
+				}
+			}(id)
+		}
+		select {}
+	},
+}
+
+func init() {
+	watchCmd.Flags().String("id", "", "id of the hardware")
+	SubCommands = append(SubCommands, watchCmd)
+}
diff --git a/cmd/tinkerbell/cmd/root.go b/cmd/tinkerbell/cmd/root.go
new file mode 100644
index 000000000..ebd33f5cf
--- /dev/null
+++ b/cmd/tinkerbell/cmd/root.go
@@ -0,0 +1,43 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var cfgFile string
+
+// rootCmd represents the base command when called without any subcommands
+var rootCmd = &cobra.Command{
+	Use:   "tinkerbell",
+	Short: "tinkerbell client",
+}
+
+// Execute adds all child commands to the root command and sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the rootCmd.
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+func init() {
+	cobra.OnInitialize(initConfig)
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "facility", "f", "", "used to build grcp and http urls")
+	client.Setup()
+}
+
+// initConfig reads in config file and ENV variables if set.
+func initConfig() {
+	viper.AutomaticEnv() // read in environment variables that match
+
+	// If a config file is found, read it in.
+	if err := viper.ReadInConfig(); err == nil {
+		fmt.Println("Using config file:", viper.ConfigFileUsed())
+	}
+}
diff --git a/cmd/tinkerbell/cmd/target.go b/cmd/tinkerbell/cmd/target.go
new file mode 100644
index 000000000..a0c5d4c4b
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target.go
@@ -0,0 +1,26 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/packethost/tinkerbell/cmd/tinkerbell/cmd/target"
+	"github.com/spf13/cobra"
+)
+
+// templateCmd represents the template sub-command
+var targetCmd = &cobra.Command{
+	Use:     "target",
+	Short:   "tinkerbell target client",
+	Example: "tinkerbell target [command]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires arguments", c.UseLine())
+		}
+		return nil
+	},
+}
+
+func init() {
+	targetCmd.AddCommand(target.SubCommands...)
+	rootCmd.AddCommand(targetCmd)
+}
diff --git a/cmd/tinkerbell/cmd/target/commands.go b/cmd/tinkerbell/cmd/target/commands.go
new file mode 100644
index 000000000..4dad988cf
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/commands.go
@@ -0,0 +1,59 @@
+package target
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// SubCommands holds the sub commands for targets command
+// Example: tinkerbell targets [subcommand]
+var SubCommands []*cobra.Command
+
+func verifyUUIDs(args []string) error {
+	if len(args) < 1 {
+		return errors.New("requires at least one id")
+	}
+	for _, arg := range args {
+		if _, err := uuid.FromString(arg); err != nil {
+			return fmt.Errorf("invalid uuid: %s", arg)
+		}
+	}
+	return nil
+}
+
+type machine map[string]string
+
+type tmap struct {
+	Targets map[string]machine `json:"targets"`
+}
+
+func isValidData(arg []byte) error {
+	var tr tmap
+	if json.Unmarshal([]byte(arg), &tr) != nil {
+		return fmt.Errorf("invalid json: %s", arg)
+	}
+	for _, v := range tr.Targets {
+		for key, val := range v {
+			switch key {
+			case string("mac_addr"):
+				_, err := net.ParseMAC(val)
+				if err != nil {
+					return err
+				}
+			case string("ipv4_addr"):
+				ip := net.ParseIP(val)
+				if ip == nil || ip.To4() == nil {
+					return fmt.Errorf("invalid ip_addr: %s", val)
+				}
+			default:
+				return fmt.Errorf("invalid key \"%s\" in data. it should be \"mac_addr\" or \"ip_addr\" only", key)
+			}
+		}
+	}
+	return nil
+}
diff --git a/cmd/tinkerbell/cmd/target/create.go b/cmd/tinkerbell/cmd/target/create.go
new file mode 100644
index 000000000..01a26cd4b
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/create.go
@@ -0,0 +1,35 @@
+package target
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/spf13/cobra"
+)
+
+// pushCmd represents the push command
+var createTargets = &cobra.Command{
+	Use:     "create",
+	Short:   "create a target",
+	Example: `tinkerbell target create '{"targets": {"machine1": {"mac_addr": "02:42:db:98:4b:1e"},"machine2": {"ipv4_addr": "192.168.1.5"}}}'`,
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, j := range args {
+			err := isValidData([]byte(j))
+			if err != nil {
+				log.Fatal(err)
+			}
+			uuid, err := client.TargetClient.CreateTargets(context.Background(), &target.PushRequest{Data: j})
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println("Created Target:", uuid.Uuid)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, createTargets)
+}
diff --git a/cmd/tinkerbell/cmd/target/delete.go b/cmd/tinkerbell/cmd/target/delete.go
new file mode 100644
index 000000000..eccd519c2
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/delete.go
@@ -0,0 +1,32 @@
+package target
+
+import (
+	"context"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/spf13/cobra"
+)
+
+// idCmd represents the id command
+var deleteCmd = &cobra.Command{
+	Use:     "delete",
+	Short:   "delete a target",
+	Example: "tinkerbell target delete 224ee6ab-ad62-4070-a900-ed816444cec0 cb76ae54-93e9-401c-a5b2-d455bb3800b1",
+	Args: func(_ *cobra.Command, args []string) error {
+		return verifyUUIDs(args)
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, id := range args {
+			_, err := client.TargetClient.DeleteTargetByID(context.Background(), &target.GetRequest{ID: id})
+			if err != nil {
+				log.Fatal(err)
+			}
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, deleteCmd)
+}
diff --git a/cmd/tinkerbell/cmd/target/get.go b/cmd/tinkerbell/cmd/target/get.go
new file mode 100644
index 000000000..93af857f4
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/get.go
@@ -0,0 +1,34 @@
+package target
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/spf13/cobra"
+)
+
+// idCmd represents the id command
+var getCmd = &cobra.Command{
+	Use:     "get",
+	Short:   "get a target",
+	Example: "tinkerbell target get 224ee6ab-ad62-4070-a900-ed816444cec0 cb76ae54-93e9-401c-a5b2-d455bb3800b1",
+	Args: func(_ *cobra.Command, args []string) error {
+		return verifyUUIDs(args)
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, id := range args {
+			tr, err := client.TargetClient.TargetByID(context.Background(), &target.GetRequest{ID: id})
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(tr.JSON)
+		}
+	},
+}
+
+func init() {
+	SubCommands = append(SubCommands, getCmd)
+}
diff --git a/cmd/tinkerbell/cmd/target/list.go b/cmd/tinkerbell/cmd/target/list.go
new file mode 100644
index 000000000..28f458855
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/list.go
@@ -0,0 +1,58 @@
+package target
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"os"
+
+	"github.com/jedib0t/go-pretty/table"
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/spf13/cobra"
+)
+
+// listCmd represents the list subcommand for target command
+var listCmd = &cobra.Command{
+	Use:     "list",
+	Short:   "list all targets",
+	Example: "tinkerbell target list",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) != 0 {
+			return fmt.Errorf("%v takes no arguments", c.UseLine())
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{"Target Id", "Target Data"})
+		listTargets(cmd, t)
+		t.Render()
+	},
+}
+
+func listTargets(cmd *cobra.Command, t table.Writer) {
+	list, err := client.TargetClient.ListTargets(context.Background(), &target.Empty{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var tmp *target.TargetList
+	err = nil
+	for tmp, err = list.Recv(); err == nil && tmp.Data != ""; tmp, err = list.Recv() {
+		t.AppendRows([]table.Row{
+			{tmp.ID, tmp.Data},
+		})
+	}
+
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+}
+
+func init() {
+	listCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, listCmd)
+}
diff --git a/cmd/tinkerbell/cmd/target/update.go b/cmd/tinkerbell/cmd/target/update.go
new file mode 100644
index 000000000..fc29c842d
--- /dev/null
+++ b/cmd/tinkerbell/cmd/target/update.go
@@ -0,0 +1,59 @@
+package target
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/spf13/cobra"
+)
+
+var (
+	id       = "uuid"
+	data     = "jsonData"
+	uid      string
+	jsonData string
+)
+
+// createCmd represents the create sub command for template command
+var updateCmd = &cobra.Command{
+	Use:     "update",
+	Short:   "update a target",
+	Example: "tinkerbell target update [flags]",
+	Run: func(c *cobra.Command, args []string) {
+		err := validateData(c, args)
+		if err != nil {
+			log.Fatal(err)
+		}
+		updateTargets(c, args)
+	},
+}
+
+func addFlags() {
+	flags := updateCmd.PersistentFlags()
+	flags.StringVarP(&uid, "uuid", "u", "", "id for targets to be updated")
+	flags.StringVarP(&jsonData, "jsondata", "j", "", "JSON data which needs to be pushed")
+	updateCmd.MarkPersistentFlagRequired(id)
+	updateCmd.MarkPersistentFlagRequired(data)
+}
+
+func validateData(c *cobra.Command, args []string) error {
+	err := isValidData([]byte(jsonData))
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	return nil
+}
+func updateTargets(c *cobra.Command, args []string) {
+	if _, err := client.TargetClient.UpdateTargetByID(context.Background(), &target.UpdateRequest{ID: uid, Data: jsonData}); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func init() {
+	addFlags()
+	SubCommands = append(SubCommands, updateCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template.go b/cmd/tinkerbell/cmd/template.go
new file mode 100644
index 000000000..e3303f16d
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template.go
@@ -0,0 +1,26 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/packethost/tinkerbell/cmd/tinkerbell/cmd/template"
+	"github.com/spf13/cobra"
+)
+
+// templateCmd represents the template sub-command
+var templateCmd = &cobra.Command{
+	Use:     "template",
+	Short:   "tinkerbell template client",
+	Example: "tinkerbell template [command]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires arguments", c.UseLine())
+		}
+		return nil
+	},
+}
+
+func init() {
+	templateCmd.AddCommand(template.SubCommands...)
+	rootCmd.AddCommand(templateCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template/commands.go b/cmd/tinkerbell/cmd/template/commands.go
new file mode 100644
index 000000000..3cddeac5a
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/commands.go
@@ -0,0 +1,7 @@
+package template
+
+import "github.com/spf13/cobra"
+
+// SubCommands holds the sub commands for template command
+// Example: tinkerbell template [subcommand]
+var SubCommands []*cobra.Command
diff --git a/cmd/tinkerbell/cmd/template/create.go b/cmd/tinkerbell/cmd/template/create.go
new file mode 100644
index 000000000..7bff065b5
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/create.go
@@ -0,0 +1,76 @@
+package template
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	tt "text/template"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+	"github.com/spf13/cobra"
+)
+
+var (
+	fPath        = "path"
+	fName        = "name"
+	filePath     string
+	templateName string
+)
+
+// createCmd represents the create subcommand for template command
+var createCmd = &cobra.Command{
+	Use:     "create",
+	Short:   "create a workflow template ",
+	Example: "tinkerbell template create [flags]",
+	Run: func(c *cobra.Command, args []string) {
+		validateTemplate()
+		createTemplate(c, args)
+	},
+}
+
+func addFlags() {
+	flags := createCmd.PersistentFlags()
+	flags.StringVarP(&filePath, "path", "p", "", "path to the template file")
+	flags.StringVarP(&templateName, "name", "n", "", "unique name for the template (alphanumeric)")
+
+	createCmd.MarkPersistentFlagRequired(fPath)
+	createCmd.MarkPersistentFlagRequired(fName)
+}
+
+func validateTemplate() {
+	_, err := tt.ParseFiles(filePath)
+	if err != nil {
+		log.Fatalln(err)
+	}
+}
+
+func readTemplateData() []byte {
+	f, err := os.Open(filePath)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer f.Close()
+
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return data
+}
+
+func createTemplate(c *cobra.Command, args []string) {
+	req := template.WorkflowTemplate{Name: templateName, Data: readTemplateData()}
+	res, err := client.TemplateClient.CreateTemplate(context.Background(), &req)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Created Template: ", res.Id)
+}
+
+func init() {
+	addFlags()
+	SubCommands = append(SubCommands, createCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template/delete.go b/cmd/tinkerbell/cmd/template/delete.go
new file mode 100644
index 000000000..f00dab797
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/delete.go
@@ -0,0 +1,43 @@
+package template
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// deleteCmd represents the delete subcommand for template command
+var deleteCmd = &cobra.Command{
+	Use:     "delete [id]",
+	Short:   "delete a template",
+	Example: "tinkerbell template delete [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		for _, arg := range args {
+			if _, err := uuid.FromString(arg); err != nil {
+				return fmt.Errorf("invalid uuid: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := template.GetRequest{Id: arg}
+			if _, err := client.TemplateClient.DeleteTemplate(context.Background(), &req); err != nil {
+				log.Fatal(err)
+			}
+		}
+	},
+}
+
+func init() {
+	deleteCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, deleteCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template/get.go b/cmd/tinkerbell/cmd/template/get.go
new file mode 100644
index 000000000..f3c277752
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/get.go
@@ -0,0 +1,45 @@
+package template
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// getCmd represents the get subcommand for template command
+var getCmd = &cobra.Command{
+	Use:     "get [id]",
+	Short:   "get a template",
+	Example: "tinkerbell template get [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		for _, arg := range args {
+			if _, err := uuid.FromString(arg); err != nil {
+				return fmt.Errorf("invalid uuid: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := template.GetRequest{Id: arg}
+			t, err := client.TemplateClient.GetTemplate(context.Background(), &req)
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(string(t.Data))
+		}
+	},
+}
+
+func init() {
+	getCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, getCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template/list.go b/cmd/tinkerbell/cmd/template/list.go
new file mode 100644
index 000000000..06afbd54c
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/list.go
@@ -0,0 +1,69 @@
+package template
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"time"
+
+	"github.com/jedib0t/go-pretty/table"
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+	"github.com/spf13/cobra"
+)
+
+// table headers
+var (
+	id        = "Template ID"
+	name      = "Template Name"
+	createdAt = "Created At"
+	updatedAt = "Updated At"
+)
+
+// listCmd represents the list subcommand for template command
+var listCmd = &cobra.Command{
+	Use:     "list",
+	Short:   "list all saved templates",
+	Example: "tinkerbell template list",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) != 0 {
+			return fmt.Errorf("%v takes no arguments", c.UseLine())
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{id, name, createdAt, updatedAt})
+		listTemplates(cmd, t)
+		t.Render()
+	},
+}
+
+func listTemplates(cmd *cobra.Command, t table.Writer) {
+	list, err := client.TemplateClient.ListTemplates(context.Background(), &template.Empty{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var tmp *template.WorkflowTemplate
+	err = nil
+	for tmp, err = list.Recv(); err == nil && tmp.Name != ""; tmp, err = list.Recv() {
+		cr := *tmp.CreatedAt
+		up := *tmp.UpdatedAt
+		t.AppendRows([]table.Row{
+			{tmp.Id, tmp.Name, time.Unix(cr.Seconds, 0), time.Unix(up.Seconds, 0)},
+		})
+	}
+
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+}
+
+func init() {
+	listCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, listCmd)
+}
diff --git a/cmd/tinkerbell/cmd/template/update.go b/cmd/tinkerbell/cmd/template/update.go
new file mode 100644
index 000000000..fc761432b
--- /dev/null
+++ b/cmd/tinkerbell/cmd/template/update.go
@@ -0,0 +1,70 @@
+package template
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// updateCmd represents the get subcommand for template command
+var updateCmd = &cobra.Command{
+	Use:     "update [id] [flags]",
+	Short:   "update a template",
+	Example: "tinkerbell template update [id] [flags]",
+	PreRunE: func(c *cobra.Command, args []string) error {
+		name, _ := c.Flags().GetString(fName)
+		path, _ := c.Flags().GetString(fPath)
+		if name == "" && path == "" {
+			return fmt.Errorf("%v requires at least one flag", c.UseLine())
+		}
+		return nil
+	},
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires argument", c.UseLine())
+		}
+		for _, arg := range args {
+			if _, err := uuid.FromString(arg); err != nil {
+				return fmt.Errorf("invalid uuid: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			updateTemplate(arg)
+		}
+	},
+}
+
+func updateTemplate(id string) {
+	req := template.WorkflowTemplate{Id: id}
+	if filePath == "" && templateName != "" {
+		req.Name = templateName
+	} else if filePath != "" && templateName == "" {
+		validateTemplate()
+		req.Data = readTemplateData()
+	} else {
+		req.Name = templateName
+		req.Data = readTemplateData()
+	}
+
+	_, err := client.TemplateClient.UpdateTemplate(context.Background(), &req)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Updated Template: ", id)
+}
+
+func init() {
+	flags := updateCmd.PersistentFlags()
+	flags.StringVarP(&filePath, "path", "p", "", "path to the template file")
+	flags.StringVarP(&templateName, "name", "n", "", "unique name for the template (alphanumeric)")
+
+	SubCommands = append(SubCommands, updateCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow.go b/cmd/tinkerbell/cmd/workflow.go
new file mode 100644
index 000000000..c88454d3c
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow.go
@@ -0,0 +1,26 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/packethost/tinkerbell/cmd/tinkerbell/cmd/workflow"
+	"github.com/spf13/cobra"
+)
+
+// workflowCmd represents the workflow sub-command
+var workflowCmd = &cobra.Command{
+	Use:     "workflow",
+	Short:   "tinkerbell workflow client",
+	Example: "tinkerbell workflow [command]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires arguments", c.UseLine())
+		}
+		return nil
+	},
+}
+
+func init() {
+	workflowCmd.AddCommand(workflow.SubCommands...)
+	rootCmd.AddCommand(workflowCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/commands.go b/cmd/tinkerbell/cmd/workflow/commands.go
new file mode 100644
index 000000000..028236492
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/commands.go
@@ -0,0 +1,18 @@
+package workflow
+
+import (
+	"fmt"
+
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// SubCommands hold all the subcommands for tinkerbell cli
+var SubCommands []*cobra.Command
+
+func validateID(id string) error {
+	if _, err := uuid.FromString(id); err != nil {
+		return fmt.Errorf("invalid uuid: %s", id)
+	}
+	return nil
+}
diff --git a/cmd/tinkerbell/cmd/workflow/create.go b/cmd/tinkerbell/cmd/workflow/create.go
new file mode 100644
index 000000000..420b68c97
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/create.go
@@ -0,0 +1,61 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/spf13/cobra"
+)
+
+var (
+	fTemplate = "template"
+	fTarget   = "target"
+	template  string
+	target    string
+)
+
+// createCmd represents the create subcommand for worflow command
+var createCmd = &cobra.Command{
+	Use:     "create",
+	Short:   "create a workflow",
+	Example: "tinkerbell workflow create [flags]",
+	PreRunE: func(c *cobra.Command, args []string) error {
+		tmp, _ := c.Flags().GetString(fTemplate)
+		err := validateID(tmp)
+		if err != nil {
+			return err
+		}
+		tar, _ := c.Flags().GetString(fTarget)
+		err = validateID(tar)
+		return err
+	},
+	Run: func(c *cobra.Command, args []string) {
+		createWorkflow(c, args)
+	},
+}
+
+func addFlags() {
+	flags := createCmd.PersistentFlags()
+	flags.StringVarP(&template, "template", "t", "", "workflow template")
+	flags.StringVarP(&target, "target", "r", "", "workflow target")
+
+	createCmd.MarkPersistentFlagRequired(fTarget)
+	createCmd.MarkPersistentFlagRequired(fTemplate)
+}
+
+func createWorkflow(c *cobra.Command, args []string) {
+	req := workflow.CreateRequest{Template: template, Target: target}
+	res, err := client.WorkflowClient.CreateWorkflow(context.Background(), &req)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Created Workflow: ", res.Id)
+}
+
+func init() {
+	addFlags()
+	SubCommands = append(SubCommands, createCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/data.go b/cmd/tinkerbell/cmd/workflow/data.go
new file mode 100644
index 000000000..48f1e1c92
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/data.go
@@ -0,0 +1,69 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+var (
+	version       int32
+	needsMetadata bool
+	versionOnly   bool
+)
+
+// dataCmd represents the data subcommand for workflow command
+var dataCmd = &cobra.Command{
+	Use:     "data [id]",
+	Short:   "get workflow data",
+	Example: "tinkerbell workflow data [id] [flags]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		for _, arg := range args {
+			if _, err := uuid.FromString(arg); err != nil {
+				return fmt.Errorf("invalid uuid: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := &workflow.GetWorkflowDataRequest{WorkflowID: arg, Version: version}
+			var res *workflow.GetWorkflowDataResponse
+			var err error
+			if needsMetadata {
+				res, err = client.WorkflowClient.GetWorkflowMetadata(context.Background(), req)
+			} else if versionOnly {
+				res, err = client.WorkflowClient.GetWorkflowDataVersion(context.Background(), req)
+			} else {
+				res, err = client.WorkflowClient.GetWorkflowData(context.Background(), req)
+			}
+
+			if err != nil {
+				log.Fatal(err)
+			}
+
+			if versionOnly {
+				fmt.Printf("Latest workflow data version: %v\n", res.Version)
+			} else {
+				fmt.Println(string(res.Data))
+			}
+		}
+	},
+}
+
+func init() {
+	flags := dataCmd.PersistentFlags()
+	flags.Int32VarP(&version, "version", "v", 0, "data version")
+	flags.BoolVarP(&needsMetadata, "metadata", "m", false, "metadata only")
+	flags.BoolVarP(&versionOnly, "latest version", "l", false, "latest version")
+
+	SubCommands = append(SubCommands, dataCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/delete.go b/cmd/tinkerbell/cmd/workflow/delete.go
new file mode 100644
index 000000000..c6fce6e19
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/delete.go
@@ -0,0 +1,43 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	uuid "github.com/satori/go.uuid"
+	"github.com/spf13/cobra"
+)
+
+// deleteCmd represents the delete subcommand for workflow command
+var deleteCmd = &cobra.Command{
+	Use:     "delete [id]",
+	Short:   "delete a workflow",
+	Example: "tinkerbell workflow delete [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		for _, arg := range args {
+			if _, err := uuid.FromString(arg); err != nil {
+				return fmt.Errorf("invalid uuid: %s", arg)
+			}
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := workflow.GetRequest{Id: arg}
+			if _, err := client.WorkflowClient.DeleteWorkflow(context.Background(), &req); err != nil {
+				log.Fatal(err)
+			}
+		}
+	},
+}
+
+func init() {
+	deleteCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, deleteCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/events.go b/cmd/tinkerbell/cmd/workflow/events.go
new file mode 100644
index 000000000..225a066be
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/events.go
@@ -0,0 +1,69 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"os"
+
+	"github.com/jedib0t/go-pretty/table"
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/spf13/cobra"
+)
+
+var (
+	hWorkerID      = "Worker ID"
+	hTaskName      = "Task Name"
+	hActionName    = "Action Name"
+	hExecutionTime = "Execution Time"
+	hMessage       = "Message"
+	hStatus        = "Action Status"
+)
+
+// showCmd represents the events subcommand for workflow command
+var showCmd = &cobra.Command{
+	Use:     "events [id]",
+	Short:   "show all events for a workflow",
+	Example: "tinkerbell workflow events [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v takes an arguments", c.UseLine())
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{hWorkerID, hTaskName, hActionName, hExecutionTime, hMessage, hStatus})
+		listEvents(c, t, args)
+		t.Render()
+
+	},
+}
+
+func listEvents(c *cobra.Command, t table.Writer, args []string) {
+	for _, arg := range args {
+		req := workflow.GetRequest{Id: arg}
+		events, err := client.WorkflowClient.ShowWorkflowEvents(context.Background(), &req)
+		if err != nil {
+			log.Fatal(err)
+		}
+		//var wf *workflow.Workflow
+		err = nil
+		for event, err := events.Recv(); err == nil && event != nil; event, err = events.Recv() {
+			t.AppendRows([]table.Row{
+				{event.WorkerId, event.TaskName, event.ActionName, event.Seconds, event.Message, event.ActionStatus},
+			})
+		}
+		if err != nil && err != io.EOF {
+			log.Fatal(err)
+		}
+	}
+}
+
+func init() {
+	showCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, showCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/get.go b/cmd/tinkerbell/cmd/workflow/get.go
new file mode 100644
index 000000000..30f59972c
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/get.go
@@ -0,0 +1,46 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/spf13/cobra"
+)
+
+var (
+	hID       = "Workflow ID"
+	hTemplate = "Template ID"
+	hTarget   = "Target ID"
+	hState    = "State"
+)
+
+// getCmd represents the get subcommand for workflow command
+var getCmd = &cobra.Command{
+	Use:     "get [id]",
+	Short:   "get a workflow",
+	Example: "tinkerbell workflow get [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		return validateID(args[0])
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := workflow.GetRequest{Id: arg}
+			w, err := client.WorkflowClient.GetWorkflow(context.Background(), &req)
+			if err != nil {
+				log.Fatal(err)
+			}
+			fmt.Println(w.Data)
+		}
+	},
+}
+
+func init() {
+	getCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, getCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/list.go b/cmd/tinkerbell/cmd/workflow/list.go
new file mode 100644
index 000000000..d78a8c412
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/list.go
@@ -0,0 +1,67 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"time"
+
+	"github.com/jedib0t/go-pretty/table"
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/spf13/cobra"
+)
+
+var (
+	hCreatedAt = "Created At"
+	hUpdatedAt = "Updated At"
+)
+
+// listCmd represents the list subcommand for workflow command
+var listCmd = &cobra.Command{
+	Use:     "list",
+	Short:   "list all workflows",
+	Example: "tinkerbell workflow list",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) != 0 {
+			return fmt.Errorf("%v takes no arguments", c.UseLine())
+		}
+		return nil
+	},
+	Run: func(c *cobra.Command, args []string) {
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{hID, hTemplate, hTarget, hCreatedAt, hUpdatedAt})
+		listWorkflows(c, t)
+		t.Render()
+
+	},
+}
+
+func listWorkflows(c *cobra.Command, t table.Writer) {
+	list, err := client.WorkflowClient.ListWorkflows(context.Background(), &workflow.Empty{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var wf *workflow.Workflow
+	err = nil
+	for wf, err = list.Recv(); err == nil && wf.Id != ""; wf, err = list.Recv() {
+		cr := *wf.CreatedAt
+		up := *wf.UpdatedAt
+		t.AppendRows([]table.Row{
+			{wf.Id, wf.Template, wf.Target, time.Unix(cr.Seconds, 0), time.Unix(up.Seconds, 0)},
+		})
+	}
+
+	if err != nil && err != io.EOF {
+		log.Fatal(err)
+	}
+}
+
+func init() {
+	listCmd.DisableFlagsInUseLine = true
+	SubCommands = append(SubCommands, listCmd)
+}
diff --git a/cmd/tinkerbell/cmd/workflow/state.go b/cmd/tinkerbell/cmd/workflow/state.go
new file mode 100644
index 000000000..c654c2da8
--- /dev/null
+++ b/cmd/tinkerbell/cmd/workflow/state.go
@@ -0,0 +1,69 @@
+package workflow
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"strconv"
+
+	"github.com/jedib0t/go-pretty/table"
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/spf13/cobra"
+)
+
+// getCmd represents the get subcommand for workflow command
+var stateCmd = &cobra.Command{
+	Use:     "state [id]",
+	Short:   "get the current workflow state",
+	Example: "tinkerbell workflow state [id]",
+	Args: func(c *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("%v requires an argument", c.UseLine())
+		}
+		return validateID(args[0])
+	},
+	Run: func(c *cobra.Command, args []string) {
+		for _, arg := range args {
+			req := workflow.GetRequest{Id: arg}
+			t := table.NewWriter()
+			t.SetOutputMirror(os.Stdout)
+			t.AppendHeader(table.Row{"Field Name", "Values"})
+			wf, err := client.WorkflowClient.GetWorkflowContext(context.Background(), &req)
+			if err != nil {
+				log.Fatal(err)
+			}
+			wfProgress := calWorkflowProgress(wf.CurrentActionIndex, wf.TotalNumberOfActions, wf.CurrentActionState)
+			t.AppendRow(table.Row{"Workflow ID", wf.WorkflowId})
+			t.AppendRow(table.Row{"Workflow Progress", wfProgress})
+			t.AppendRow(table.Row{"Current Task", wf.CurrentTask})
+			t.AppendRow(table.Row{"Current Action", wf.CurrentAction})
+			t.AppendRow(table.Row{"Current Worker", wf.CurrentWorker})
+			t.AppendRow(table.Row{"Current Action State", wf.CurrentActionState})
+
+			t.Render()
+
+		}
+	},
+}
+
+func calWorkflowProgress(cur int64, total int64, state workflow.ActionState) string {
+	if total == 0 || (cur == 0 && state != workflow.ActionState_ACTION_SUCCESS) {
+		return "0%"
+	}
+	var taskCompleted int64
+	if state == workflow.ActionState_ACTION_SUCCESS {
+		taskCompleted = cur + 1
+	} else {
+		taskCompleted = cur
+	}
+	progress := (taskCompleted * 100) / total
+	perc := strconv.Itoa(int(progress)) + "%"
+
+	return fmt.Sprintf("%s", perc)
+}
+
+func init() {
+	SubCommands = append(SubCommands, stateCmd)
+}
diff --git a/cmd/tinkerbell/main.go b/cmd/tinkerbell/main.go
new file mode 100644
index 000000000..efbe93aa1
--- /dev/null
+++ b/cmd/tinkerbell/main.go
@@ -0,0 +1,7 @@
+package main
+
+import "github.com/packethost/tinkerbell/cmd/tinkerbell/cmd"
+
+func main() {
+	cmd.Execute()
+}
diff --git a/cmd/tinkerbell/sample.tmpl b/cmd/tinkerbell/sample.tmpl
new file mode 100644
index 000000000..01c7c6bba
--- /dev/null
+++ b/cmd/tinkerbell/sample.tmpl
@@ -0,0 +1,29 @@
+version: '0.1'
+name: packet_osie_provision
+global_timeout: 600
+tasks:
+- name: "OS Installation"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  actions:
+  - name: "server_partitioning"
+    image: hello-world
+    timeout: 60
+    on-timeout: do_partion recover -timeout
+    on-failure: do_partion recover -failure
+    volumes:
+      - ./host-path:/container-path
+    environment:
+      key: value
+  - name: os_install
+    image: hello-world  
+    timeout: 60
+    on-timeout: "os_install -timeout"
+    on-failure: "os_install -failure"
+- name: "Updated DB Entries"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  actions:
+  - name: "update_db"
+    image: hello-world
+    timeout: 50
+    on-timeout: "tinkerbell_client update-timeout"
+    on-failure: "tinkerbell_client update-failed"
diff --git a/db/db.go b/db/db.go
new file mode 100644
index 000000000..8505d7bd0
--- /dev/null
+++ b/db/db.go
@@ -0,0 +1,74 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/lib/pq"
+	"github.com/packethost/pkg/log"
+	"github.com/pkg/errors"
+)
+
+var logger log.Logger
+
+// ConnectDB returns a connection to postgres database
+func ConnectDB(lg log.Logger) *sql.DB {
+	logger = lg
+	db, err := sql.Open("postgres", "")
+	if err != nil {
+		logger.Error(err)
+		panic(err)
+	}
+	if err := truncate(db); err != nil {
+		if pqErr := Error(err); pqErr != nil {
+			logger.With("detail", pqErr.Detail, "where", pqErr.Where).Error(err)
+		}
+		panic(err)
+	}
+	return db
+}
+
+// Error returns the underlying cause for error
+func Error(err error) *pq.Error {
+	if pqErr, ok := errors.Cause(err).(*pq.Error); ok {
+		return pqErr
+	}
+	return nil
+}
+
+func truncate(db *sql.DB) error {
+	tx, err := db.BeginTx(context.Background(), &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec("TRUNCATE hardware")
+	if err != nil {
+		return errors.Wrap(err, "TRUNCATE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "TRUNCATE")
+	}
+	return err
+}
+
+func get(ctx context.Context, db *sql.DB, query string, args ...interface{}) (string, error) {
+	row := db.QueryRowContext(ctx, query, args...)
+
+	buf := []byte{}
+	err := row.Scan(&buf)
+	if err == nil {
+		return string(buf), nil
+	}
+
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+
+	return "", err
+}
diff --git a/db/hardware.go b/db/hardware.go
new file mode 100644
index 000000000..05ee294cb
--- /dev/null
+++ b/db/hardware.go
@@ -0,0 +1,178 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+// DeleteFromDB : delete data from hardware table
+func DeleteFromDB(ctx context.Context, db *sql.DB, id string) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	UPDATE hardware
+	SET
+		deleted_at = NOW()
+	WHERE
+		id = $1;
+	`, id)
+
+	if err != nil {
+		return errors.Wrap(err, "DELETE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// InsertIntoDB : insert data into hardware table
+func InsertIntoDB(ctx context.Context, db *sql.DB, data string) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	INSERT INTO
+		hardware (inserted_at, id, data)
+	VALUES
+		($1, ($2::jsonb ->> 'id')::uuid, $2)
+	ON CONFLICT (id)
+	DO
+	UPDATE SET
+		(inserted_at, deleted_at, data) = ($1, NULL, $2);
+	`, time.Now(), data)
+	if err != nil {
+		return errors.Wrap(err, "INSERT")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// GetByMAC : get data by machine mac
+func GetByMAC(ctx context.Context, db *sql.DB, mac string) (string, error) {
+	arg := `
+	{
+	  "network_ports": [
+	    {
+	      "data": {
+		"mac": "` + mac + `"
+	      }
+	    }
+	  ]
+	}
+	`
+	query := `
+	SELECT data
+	FROM hardware
+	WHERE
+		deleted_at IS NULL
+	AND
+		data @> $1
+	`
+
+	return get(ctx, db, query, arg)
+}
+
+// GetByIP : get data by machine ip
+func GetByIP(ctx context.Context, db *sql.DB, ip string) (string, error) {
+	instance := `
+	{
+	  "instance": {
+	    "ip_addresses": [
+	      {
+		"address": "` + ip + `"
+	      }
+	    ]
+	  }
+	}
+	`
+	hardwareOrManagement := `
+	{
+		"ip_addresses": [
+			{
+				"address": "` + ip + `"
+			}
+		]
+	}
+	`
+
+	query := `
+	SELECT data
+	FROM hardware
+	WHERE
+		deleted_at IS NULL
+	AND (
+		data @> $1
+		OR
+		data @> $2
+	)
+	`
+
+	return get(ctx, db, query, instance, hardwareOrManagement)
+}
+
+// GetByID : get data by machine id
+func GetByID(ctx context.Context, db *sql.DB, id string) (string, error) {
+	arg := id
+
+	query := `
+	SELECT data
+	FROM hardware
+	WHERE
+		deleted_at IS NULL
+	AND
+		id = $1
+	`
+	return get(ctx, db, query, arg)
+}
+
+// GetAll : get data for all machine
+func GetAll(db *sql.DB, fn func(string) error) error {
+	rows, err := db.Query(`
+	SELECT data
+	FROM hardware
+	WHERE
+		deleted_at IS NULL
+	`)
+
+	if err != nil {
+		return err
+	}
+
+	defer rows.Close()
+	buf := []byte{}
+	for rows.Next() {
+		err = rows.Scan(&buf)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT")
+			logger.Error(err)
+			return err
+		}
+
+		err = fn(string(buf))
+		if err != nil {
+			return err
+		}
+
+	}
+
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	return err
+}
diff --git a/db/target.go b/db/target.go
new file mode 100644
index 000000000..a73f4aa19
--- /dev/null
+++ b/db/target.go
@@ -0,0 +1,117 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+// InsertIntoTargetDB : Push targets data in target table
+func InsertIntoTargetDB(ctx context.Context, db *sql.DB, data string, uuid string) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+        INSERT INTO
+                targets (inserted_at, id, data)
+        VALUES
+                ($1, $2, $3)
+        ON CONFLICT (id)
+        DO
+        UPDATE SET
+                (inserted_at, deleted_at, data) = ($1, NULL, $3);
+        `, time.Now(), uuid, data)
+	if err != nil {
+		return errors.Wrap(err, "INSERT")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// TargetsByID : Get the targets data which belongs to the input id
+func TargetsByID(ctx context.Context, db *sql.DB, id string) (string, error) {
+	arg := id
+
+	query := `
+	SELECT data
+	FROM targets
+	WHERE
+		deleted_at IS NULL
+	AND
+		id = $1
+	`
+	return get(ctx, db, query, arg)
+}
+
+// DeleteFromTargetDB : Delete the targets which belong to the input id
+func DeleteFromTargetDB(ctx context.Context, db *sql.DB, id string) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	UPDATE targets
+	SET
+		deleted_at = NOW()
+	WHERE
+		id = $1;
+	`, id)
+
+	if err != nil {
+		return errors.Wrap(err, "DELETE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// ListTargets returns all saved targets which are not deleted
+func ListTargets(db *sql.DB, fn func(id, n string) error) error {
+	rows, err := db.Query(`
+        SELECT id, data
+        FROM targets
+        WHERE
+                deleted_at IS NULL;
+        `)
+
+	if err != nil {
+		return err
+	}
+
+	defer rows.Close()
+	var (
+		id   string
+		data string
+	)
+
+	for rows.Next() {
+		err = rows.Scan(&id, &data)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT")
+			logger.Error(err)
+			return err
+		}
+		err = fn(id, data)
+		if err != nil {
+			return err
+		}
+	}
+
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	return err
+}
diff --git a/db/template.go b/db/template.go
new file mode 100644
index 000000000..f288629ef
--- /dev/null
+++ b/db/template.go
@@ -0,0 +1,178 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
+	"github.com/pkg/errors"
+	uuid "github.com/satori/go.uuid"
+)
+
+// CreateTemplate creates a new workflow template
+func CreateTemplate(ctx context.Context, db *sql.DB, name string, data []byte, id uuid.UUID) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	INSERT INTO
+		template (created_at, updated_at, name, data, id)
+	VALUES
+		($1, $1, $2, $3, $4)
+	ON CONFLICT (id)
+	DO
+	UPDATE SET
+		(updated_at, deleted_at, name, data) = ($1, NULL, $2, $3);
+	`, time.Now(), name, data, id)
+	if err != nil {
+		return errors.Wrap(err, "INSERT")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// GetTemplate returns a workflow template
+func GetTemplate(ctx context.Context, db *sql.DB, id string) ([]byte, error) {
+	query := `
+	SELECT data
+	FROM template
+	WHERE
+		id = $1
+	AND
+		deleted_at IS NULL
+	`
+	row := db.QueryRowContext(ctx, query, id)
+	buf := []byte{}
+	err := row.Scan(&buf)
+	if err == nil {
+		return buf, nil
+	}
+
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+
+	return []byte{}, nil
+}
+
+// DeleteTemplate deletes a workflow template
+func DeleteTemplate(ctx context.Context, db *sql.DB, name string) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	UPDATE template
+	SET
+		deleted_at = NOW()
+	WHERE
+		id = $1;
+	`, name)
+	if err != nil {
+		return errors.Wrap(err, "UPDATE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// ListTemplates returns all saved templates
+func ListTemplates(db *sql.DB, fn func(id, n string, in, del *timestamp.Timestamp) error) error {
+	rows, err := db.Query(`
+	SELECT id, name, created_at, updated_at
+	FROM template
+	WHERE
+		deleted_at IS NULL;
+	`)
+
+	if err != nil {
+		return err
+	}
+
+	defer rows.Close()
+	var (
+		id        string
+		name      string
+		createdAt time.Time
+		updatedAt time.Time
+	)
+
+	for rows.Next() {
+		err = rows.Scan(&id, &name, &createdAt, &updatedAt)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT")
+			logger.Error(err)
+			return err
+		}
+
+		tCr, _ := ptypes.TimestampProto(createdAt)
+		tUp, _ := ptypes.TimestampProto(updatedAt)
+		err = fn(id, name, tCr, tUp)
+		if err != nil {
+			return err
+		}
+	}
+
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	return err
+}
+
+// UpdateTemplate update a given template
+func UpdateTemplate(ctx context.Context, db *sql.DB, name string, data []byte, id uuid.UUID) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	if data == nil && name != "" {
+		_, err = tx.Exec(`
+		UPDATE template 
+		SET 
+			updated_at = NOW(), name = $2
+		WHERE 
+			id = $1;`, id, name)
+	} else if data != nil && name == "" {
+		_, err = tx.Exec(`
+		UPDATE template 
+		SET 
+			updated_at = NOW(), data = $2
+		WHERE 
+			id = $1;`, id, data)
+	} else {
+		_, err = tx.Exec(`
+		UPDATE template 
+		SET 
+			updated_at = NOW(), name = $2, data = $3
+		WHERE 
+			id = $1;
+		`, id, name, data)
+	}
+
+	if err != nil {
+		return errors.Wrap(err, "UPDATE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
diff --git a/db/workflow.go b/db/workflow.go
new file mode 100644
index 000000000..67fb41b9d
--- /dev/null
+++ b/db/workflow.go
@@ -0,0 +1,852 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/distribution/reference"
+	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	uuid "github.com/satori/go.uuid"
+	"gopkg.in/yaml.v2"
+)
+
+type (
+	// Workflow holds details about the workflow to be executed
+	wfYamlstruct struct {
+		Version       string `yaml:"version"`
+		Name          string `yaml:"name"`
+		ID            string `yaml:"id"`
+		GlobalTimeout int    `yaml:"global_timeout"`
+		Tasks         []task `yaml:"tasks"`
+	}
+
+	// Task represents a task to be performed in a worflow
+	task struct {
+		Name        string            `yaml:"name"`
+		WorkerAddr  string            `yaml:"worker"`
+		Actions     []action          `yaml:"actions"`
+		Volumes     []string          `yaml:"volumes"`
+		Environment map[string]string `yaml:"environment"`
+	}
+
+	// Action is the basic executional unit for a workflow
+	action struct {
+		Name        string            `yaml:"name"`
+		Image       string            `yaml:"image"`
+		Timeout     int64             `yaml:"timeout"`
+		Command     []string          `yaml:"command"`
+		OnTimeout   []string          `yaml:"on-timeout"`
+		OnFailure   []string          `yaml:"on-failure"`
+		Volumes     []string          `yaml:"volumes,omitempty"`
+		Environment map[string]string `yaml:"environment,omitempty"`
+	}
+)
+
+// Workflow represents a workflow instance in database
+type Workflow struct {
+	State                int32
+	ID, Target, Template string
+	CreatedAt, UpdatedAt *timestamp.Timestamp
+}
+
+var (
+	defaultMaxVersions = 3
+	maxVersions        = defaultMaxVersions // maximum number of workflow data versions to be kept in database
+)
+
+// CreateWorkflow creates a new workflow
+func CreateWorkflow(ctx context.Context, db *sql.DB, wf Workflow, data string, id uuid.UUID) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	err = insertActionList(ctx, db, data, id, tx)
+	if err != nil {
+		return errors.Wrap(err, "Failed to insert in workflow_state")
+
+	}
+	err = insertInWorkflow(ctx, db, wf, tx)
+	if err != nil {
+		return errors.Wrap(err, "Failed to workflow")
+
+	}
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+func insertInWorkflow(ctx context.Context, db *sql.DB, wf Workflow, tx *sql.Tx) error {
+	_, err := tx.Exec(`
+	INSERT INTO
+		workflow (created_at, updated_at, template, target, id)
+	VALUES
+		($1, $1, $2, $3, $4)
+	ON CONFLICT (id)
+	DO
+	UPDATE SET
+		(updated_at, deleted_at, template, target) = ($1, NULL, $2, $3);
+	`, time.Now(), wf.Template, wf.Target, wf.ID)
+	if err != nil {
+		return errors.Wrap(err, "INSERT in to workflow")
+	}
+	return nil
+}
+
+func insertIntoWfWorkerTable(ctx context.Context, db *sql.DB, wfID uuid.UUID, workerID uuid.UUID, tx *sql.Tx) error {
+	// TODO This command is not 100% reliable for concurrent write operations
+	_, err := tx.Exec(`
+	INSERT INTO
+		workflow_worker_map (workflow_id, worker_id)
+	SELECT $1, $2
+	WHERE 
+		NOT EXISTS (
+			SELECT workflow_id FROM workflow_worker_map WHERE workflow_id = $1 AND worker_id = $2
+		);
+	`, wfID, workerID)
+	if err != nil {
+		return errors.Wrap(err, "INSERT in to workflow_worker_map")
+	}
+	return nil
+}
+
+// Insert actions in the workflow_state table
+func insertActionList(ctx context.Context, db *sql.DB, yamlData string, id uuid.UUID, tx *sql.Tx) error {
+	wfymldata, err := parseYaml([]byte(yamlData))
+	if err != nil {
+		return err
+	}
+	err = validateTemplateValues(wfymldata.Tasks)
+	if err != nil {
+		return errors.Wrap(err, "Invalid Template")
+	}
+	var actionList []pb.WorkflowAction
+	var uniqueWorkerID uuid.UUID
+	for _, task := range wfymldata.Tasks {
+		taskEnvs := map[string]string{}
+		taskVolumes := map[string]string{}
+		for _, vol := range task.Volumes {
+			v := strings.Split(vol, ":")
+			taskVolumes[v[0]] = strings.Join(v[1:], ":")
+		}
+		for key, val := range task.Environment {
+			taskEnvs[key] = val
+		}
+
+		workerID, err := getWorkerID(ctx, db, task.WorkerAddr)
+		if err != nil {
+			return err
+		} else if workerID == "" {
+			return fmt.Errorf("Target mentioned with refernece %s not found", task.WorkerAddr)
+		}
+		workerUID, err := uuid.FromString(workerID)
+		if err != nil {
+			return err
+		}
+		if uniqueWorkerID != workerUID {
+			err = insertIntoWfWorkerTable(ctx, db, id, workerUID, tx)
+			if err != nil {
+				return err
+			}
+			uniqueWorkerID = workerUID
+		}
+		for _, ac := range task.Actions {
+			acenvs := map[string]string{}
+			for key, val := range taskEnvs {
+				acenvs[key] = val
+			}
+			for key, val := range ac.Environment {
+				acenvs[key] = val
+			}
+
+			envs := []string{}
+			for key, val := range acenvs {
+				envs = append(envs, key+"="+val)
+			}
+
+			volumes := map[string]string{}
+			for k, v := range taskVolumes {
+				volumes[k] = v
+			}
+
+			for _, vol := range ac.Volumes {
+				v := strings.Split(vol, ":")
+				volumes[v[0]] = strings.Join(v[1:], ":")
+			}
+
+			ac.Volumes = []string{}
+			for k, v := range volumes {
+				ac.Volumes = append(ac.Volumes, k+":"+v)
+			}
+
+			action := pb.WorkflowAction{
+				TaskName:    task.Name,
+				WorkerId:    workerUID.String(),
+				Name:        ac.Name,
+				Image:       ac.Image,
+				Timeout:     ac.Timeout,
+				Command:     ac.Command,
+				OnTimeout:   ac.OnTimeout,
+				OnFailure:   ac.OnFailure,
+				Environment: envs,
+				Volumes:     ac.Volumes,
+			}
+			actionList = append(actionList, action)
+		}
+	}
+	totalActions := int64(len(actionList))
+	actionData, err := json.Marshal(actionList)
+	if err != nil {
+		return err
+	}
+
+	_, err = tx.Exec(`
+	INSERT INTO
+		workflow_state (workflow_id, current_worker, current_task_name, current_action_name, current_action_state, action_list, current_action_index, total_number_of_actions)
+	VALUES
+		($1, $2, $3, $4, $5, $6, $7, $8)
+	ON CONFLICT (workflow_id)
+	DO
+	UPDATE SET
+		(workflow_id, current_worker, current_task_name, current_action_name, current_action_state, action_list, current_action_index, total_number_of_actions) = ($1, $2, $3, $4, $5, $6, $7, $8);
+	`, id, "", "", "", 0, actionData, 0, totalActions)
+	if err != nil {
+		return errors.Wrap(err, "INSERT in to workflow_state")
+	}
+	return nil
+}
+
+// InsertIntoWfDataTable : Insert ephemeral data in workflow_data table
+func InsertIntoWfDataTable(ctx context.Context, db *sql.DB, req *pb.UpdateWorkflowDataRequest) error {
+	version, err := getLatestVersionWfData(ctx, db, req.GetWorkflowID())
+	if err != nil {
+		return err
+	}
+
+	//increment version
+	version = version + 1
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	INSERT INTO
+		workflow_data (workflow_id, version, metadata, data)
+	VALUES
+		($1, $2, $3, $4);
+	`, req.GetWorkflowID(), version, string(req.GetMetadata()), string(req.GetData()))
+	if err != nil {
+		return errors.Wrap(err, "INSERT Into workflow_data")
+	}
+
+	if version > int32(maxVersions) {
+		cleanVersion := version - int32(maxVersions)
+		_, err = tx.Exec(`
+		UPDATE workflow_data
+		SET
+			data = NULL
+		WHERE
+			workflow_id = $1 AND version = $2;
+		`, req.GetWorkflowID(), cleanVersion)
+		if err != nil {
+			return errors.Wrap(err, "UPDATE")
+		}
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// GetfromWfDataTable : Give you the ephemeral data from workflow_data table
+func GetfromWfDataTable(ctx context.Context, db *sql.DB, req *pb.GetWorkflowDataRequest) ([]byte, error) {
+	version := req.GetVersion()
+	if req.Version == 0 {
+		v, err := getLatestVersionWfData(ctx, db, req.GetWorkflowID())
+		if err != nil {
+			return []byte(""), err
+		}
+		version = v
+	}
+	query := `
+	SELECT data
+	FROM workflow_data
+	WHERE
+		workflow_id = $1 AND version = $2
+	`
+	row := db.QueryRowContext(ctx, query, req.GetWorkflowID(), version)
+	buf := []byte{}
+	err := row.Scan(&buf)
+	if err == nil {
+		return []byte(buf), nil
+	}
+
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+
+	return []byte{}, nil
+}
+
+// GetWorkflowMetadata returns metadata wrt to the ephemeral data of a workflow
+func GetWorkflowMetadata(ctx context.Context, db *sql.DB, req *pb.GetWorkflowDataRequest) ([]byte, error) {
+	version := req.GetVersion()
+	if req.Version == 0 {
+		v, err := getLatestVersionWfData(ctx, db, req.GetWorkflowID())
+		if err != nil {
+			return []byte(""), err
+		}
+		version = v
+	}
+	query := `
+	SELECT metadata
+	FROM workflow_data
+	WHERE
+		workflow_id = $1 AND version = $2
+	`
+	row := db.QueryRowContext(ctx, query, req.GetWorkflowID(), version)
+	buf := []byte{}
+	err := row.Scan(&buf)
+	if err == nil {
+		return []byte(buf), nil
+	}
+
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+
+	return []byte{}, nil
+}
+
+// GetWorkflowDataVersion returns the latest version of data for a workflow
+func GetWorkflowDataVersion(ctx context.Context, db *sql.DB, workflowID string) (int32, error) {
+	return getLatestVersionWfData(ctx, db, workflowID)
+}
+
+// GetfromWfWorkflowTable : gives you the current workflow
+func GetfromWfWorkflowTable(ctx context.Context, db *sql.DB, id string) ([]string, error) {
+	rows, err := db.Query(`
+	SELECT workflow_id
+	FROM workflow_worker_map
+	WHERE
+		worker_id = $1;
+	`, id)
+	if err != nil {
+		return nil, err
+	}
+	var wfID []string
+	defer rows.Close()
+	var workerID string
+
+	for rows.Next() {
+		err = rows.Scan(&workerID)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT from worflow_worker_map")
+			logger.Error(err)
+			return nil, err
+		}
+		wfID = append(wfID, workerID)
+	}
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	return wfID, err
+}
+
+// GetWorkflow returns a workflow
+func GetWorkflow(ctx context.Context, db *sql.DB, id string) (Workflow, error) {
+	query := `
+	SELECT template, target
+	FROM workflow
+	WHERE
+		id = $1
+	AND
+		deleted_at IS NULL;
+	`
+	row := db.QueryRowContext(ctx, query, id)
+	var tmp, tar string
+	err := row.Scan(&tmp, &tar)
+	if err == nil {
+		return Workflow{ID: id, Template: tmp, Target: tar}, nil
+	}
+
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+
+	return Workflow{}, nil
+}
+
+// DeleteWorkflow deletes a workflow
+func DeleteWorkflow(ctx context.Context, db *sql.DB, id string, state int32) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	DELETE FROM workflow_worker_map
+	WHERE
+		workflow_id = $1;
+	`, id)
+	if err != nil {
+		return errors.Wrap(err, "Delete Workflow Error")
+	}
+
+	_, err = tx.Exec(`
+	DELETE FROM workflow_state
+	WHERE
+		workflow_id = $1;
+	`, id)
+	if err != nil {
+		return errors.Wrap(err, "Delete Workflow Error")
+	}
+
+	_, err = tx.Exec(`
+	UPDATE workflow
+	SET
+		deleted_at = NOW()
+	WHERE
+		id = $1;
+	`, id)
+	if err != nil {
+		return errors.Wrap(err, "UPDATE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// ListWorkflows returns all workflows
+func ListWorkflows(db *sql.DB, fn func(wf Workflow) error) error {
+	rows, err := db.Query(`
+	SELECT id, template, target, created_at, updated_at
+	FROM workflow
+	WHERE
+		deleted_at IS NULL;
+	`)
+
+	if err != nil {
+		return err
+	}
+
+	defer rows.Close()
+	var (
+		id, tmp, tar string
+		crAt, upAt   time.Time
+	)
+
+	for rows.Next() {
+		err = rows.Scan(&id, &tmp, &tar, &crAt, &upAt)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT")
+			logger.Error(err)
+			return err
+		}
+
+		wf := Workflow{
+			ID:       id,
+			Template: tmp,
+			Target:   tar,
+		}
+		wf.CreatedAt, _ = ptypes.TimestampProto(crAt)
+		wf.UpdatedAt, _ = ptypes.TimestampProto(upAt)
+		err = fn(wf)
+		if err != nil {
+			return err
+		}
+	}
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	return err
+}
+
+// UpdateWorkflow updates a given workflow
+func UpdateWorkflow(ctx context.Context, db *sql.DB, wf Workflow, state int32) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	if wf.Target == "" && wf.Template != "" {
+		_, err = tx.Exec(`
+		UPDATE workflow
+		SET
+			updated_at = NOW(), template = $2
+		WHERE
+			id = $1;
+		`, wf.ID, wf.Template)
+	} else if wf.Target != "" && wf.Template == "" {
+		_, err = tx.Exec(`
+		UPDATE workflow
+		SET
+			updated_at = NOW(), target = $2
+		WHERE
+			id = $1;
+		`, wf.ID, wf.Target)
+	} else {
+		_, err = tx.Exec(`
+		UPDATE workflow
+		SET
+			updated_at = NOW(), template = $2, target = $3
+		WHERE
+			id = $1;
+		`, wf.ID, wf.Template, wf.Target)
+	}
+
+	if err != nil {
+		return errors.Wrap(err, "UPDATE")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// UpdateWorkflowState : update the current workflow state
+func UpdateWorkflowState(ctx context.Context, db *sql.DB, wfContext *pb.WorkflowContext) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	_, err = tx.Exec(`
+	UPDATE workflow_state
+	SET current_task_name = $2,
+		current_action_name = $3,
+		current_action_state = $4, 
+		current_worker = $5, 
+		current_action_index = $6
+	WHERE
+		workflow_id = $1;
+	`, wfContext.WorkflowId, wfContext.CurrentTask, wfContext.CurrentAction, wfContext.CurrentActionState, wfContext.CurrentWorker, wfContext.CurrentActionIndex)
+	if err != nil {
+		return errors.Wrap(err, "INSERT in to workflow_state")
+	}
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// GetWorkflowContexts : gives you the current workflow context
+func GetWorkflowContexts(ctx context.Context, db *sql.DB, wfID string) (*pb.WorkflowContext, error) {
+	query := `
+	SELECT current_worker, current_task_name, current_action_name, current_action_index, current_action_state, total_number_of_actions
+	FROM workflow_state
+	WHERE
+		workflow_id = $1;
+	`
+	row := db.QueryRowContext(ctx, query, wfID)
+	var cw, ct, ca string
+	var cai, tact int64
+	var cas pb.ActionState
+	err := row.Scan(&cw, &ct, &ca, &cai, &cas, &tact)
+	if err == nil {
+		return &pb.WorkflowContext{
+			WorkflowId:           wfID,
+			CurrentWorker:        cw,
+			CurrentTask:          ct,
+			CurrentAction:        ca,
+			CurrentActionIndex:   cai,
+			CurrentActionState:   cas,
+			TotalNumberOfActions: tact}, nil
+	}
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT from worflow_state")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+	return &pb.WorkflowContext{}, nil
+}
+
+// GetWorkflowActions : gives you the action list of workflow
+func GetWorkflowActions(ctx context.Context, db *sql.DB, wfID string) (*pb.WorkflowActionList, error) {
+	query := `
+	SELECT action_list
+	FROM workflow_state
+	WHERE
+		workflow_id = $1;
+	`
+	row := db.QueryRowContext(ctx, query, wfID)
+	var actionList string
+	err := row.Scan(&actionList)
+	if err == nil {
+		actions := []*pb.WorkflowAction{}
+		err = json.Unmarshal([]byte(actionList), &actions)
+		return &pb.WorkflowActionList{
+			ActionList: actions}, nil
+	}
+	if err != sql.ErrNoRows {
+		err = errors.Wrap(err, "SELECT from worflow_state")
+		logger.Error(err)
+	} else {
+		err = nil
+	}
+	return &pb.WorkflowActionList{}, nil
+}
+
+// InsertIntoWorkflowEventTable : insert workflow event table
+func InsertIntoWorkflowEventTable(ctx context.Context, db *sql.DB, wfEvent *pb.WorkflowActionStatus, time time.Time) error {
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{Isolation: sql.LevelSerializable})
+	if err != nil {
+		return errors.Wrap(err, "BEGIN transaction")
+	}
+
+	// TODO "created_at" field should be set in worker and come in the request
+	_, err = tx.Exec(`
+	INSERT INTO
+		workflow_event (workflow_id, worker_id, task_name, action_name, execution_time, message, status, created_at)
+	VALUES
+		($1, $2, $3, $4, $5, $6, $7, $8);
+	`, wfEvent.WorkflowId, wfEvent.WorkerId, wfEvent.TaskName, wfEvent.ActionName, wfEvent.Seconds, wfEvent.Message, wfEvent.ActionStatus, time)
+	if err != nil {
+		return errors.Wrap(err, "INSERT in to workflow_event")
+	}
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrap(err, "COMMIT")
+	}
+	return nil
+}
+
+// ShowWorkflowEvents returns all workflows
+func ShowWorkflowEvents(db *sql.DB, wfID string, fn func(wfs pb.WorkflowActionStatus) error) error {
+	rows, err := db.Query(`
+       SELECT worker_id, task_name, action_name, execution_time, message, status, created_at
+	   FROM workflow_event
+	   WHERE 
+			   workflow_id = $1
+		ORDER BY 
+				created_at ASC;
+	   `, wfID)
+
+	if err != nil {
+		return err
+	}
+
+	defer rows.Close()
+	var (
+		status                int32
+		secs                  int64
+		id, tName, aName, msg string
+		evTime                time.Time
+	)
+
+	for rows.Next() {
+		err = rows.Scan(&id, &tName, &aName, &secs, &msg, &status, &evTime)
+		if err != nil {
+			err = errors.Wrap(err, "SELECT")
+			logger.Error(err)
+			return err
+		}
+		createdAt, _ := ptypes.TimestampProto(evTime)
+		wfs := pb.WorkflowActionStatus{
+			WorkerId:     id,
+			TaskName:     tName,
+			ActionName:   aName,
+			Seconds:      secs,
+			Message:      msg,
+			ActionStatus: pb.ActionState(status),
+			CreatedAt:    createdAt,
+		}
+		err = fn(wfs)
+		if err != nil {
+			return err
+		}
+	}
+	err = rows.Err()
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	return err
+}
+
+func getLatestVersionWfData(ctx context.Context, db *sql.DB, wfID string) (int32, error) {
+	query := `
+	SELECT COUNT(*)
+	FROM workflow_data
+	WHERE
+		workflow_id = $1;
+	`
+	row := db.QueryRowContext(ctx, query, wfID)
+	var version int32
+	err := row.Scan(&version)
+	if err != nil {
+		return -1, err
+	}
+	return version, nil
+}
+
+func parseYaml(ymlContent []byte) (*wfYamlstruct, error) {
+	var workflow = wfYamlstruct{}
+	err := yaml.UnmarshalStrict(ymlContent, &workflow)
+	if err != nil {
+		return &wfYamlstruct{}, err
+	}
+	return &workflow, nil
+}
+
+func getWorkerIDbyMac(ctx context.Context, db *sql.DB, mac string) (string, error) {
+	arg := `
+	{
+	  "network_ports": [
+	    {
+	      "data": {
+		"mac": "` + mac + `"
+	      }
+	    }
+	  ]
+	}
+	`
+	query := `
+	SELECT id
+	FROM hardware
+	WHERE
+		deleted_at IS NULL
+	AND
+		data @> $1
+	`
+
+	return get(ctx, db, query, arg)
+}
+
+func getWorkerIDbyIP(ctx context.Context, db *sql.DB, ip string) (string, error) {
+	instance := `
+        {
+          "instance": {
+            "ip_addresses": [
+              {
+                "address": "` + ip + `"
+              }
+            ]
+          }
+        }
+        `
+	hardwareOrManagement := `
+        {
+                "ip_addresses": [
+                        {
+                                "address": "` + ip + `"
+                        }
+                ]
+        }
+		`
+
+	query := `
+        SELECT id
+        FROM hardware
+        WHERE
+                deleted_at IS NULL
+        AND (
+                data @> $1
+                OR
+                data @> $2
+        )
+        `
+
+	return get(ctx, db, query, instance, hardwareOrManagement)
+}
+
+func getWorkerID(ctx context.Context, db *sql.DB, addr string) (string, error) {
+	_, err := net.ParseMAC(addr)
+	if err != nil {
+		ip := net.ParseIP(addr)
+		if ip == nil || ip.To4() == nil {
+			return "", fmt.Errorf("invalid worker address: %s", addr)
+		}
+		return getWorkerIDbyIP(ctx, db, addr)
+
+	}
+	return getWorkerIDbyMac(ctx, db, addr)
+}
+
+func isValidLength(name string) error {
+	if len(name) > 200 {
+		return fmt.Errorf("Task/Action Name %s in the Temlate as more than 200 characters", name)
+	}
+	return nil
+}
+
+func isValidImageName(name string) error {
+	_, err := reference.ParseNormalizedNamed(name)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	return nil
+}
+
+func validateTemplateValues(tasks []task) error {
+	taskNameMap := make(map[string]struct{})
+	for _, task := range tasks {
+		err := isValidLength(task.Name)
+		if err != nil {
+			return err
+		}
+		_, ok := taskNameMap[task.Name]
+		if ok {
+			return fmt.Errorf("Provided template has duplicate task name \"%s\"", task.Name)
+		}
+		taskNameMap[task.Name] = struct{}{}
+		actionNameMap := make(map[string]struct{})
+		for _, action := range task.Actions {
+			err := isValidLength(action.Name)
+			if err != nil {
+				return err
+			}
+			err = isValidImageName(action.Image)
+			if err != nil {
+				return fmt.Errorf("Invalid Image name %s", action.Image)
+			}
+
+			_, ok := actionNameMap[action.Name]
+			if ok {
+				return fmt.Errorf("Provided template has duplicate action name \"%s\" in task \"%s\"", action.Name, task.Name)
+			}
+			actionNameMap[action.Name] = struct{}{}
+		}
+	}
+	return nil
+}
+
+func init() {
+	val := os.Getenv("MAX_WORKFLOW_DATA_VERSIONS")
+	if v, err := strconv.Atoi(val); err == nil {
+		maxVersions = v
+	}
+}
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
new file mode 100644
index 000000000..49a389e26
--- /dev/null
+++ b/deploy/Dockerfile
@@ -0,0 +1,3 @@
+FROM postgres:10-alpine
+
+ADD docker-entrypoint-initdb.d/ /docker-entrypoint-initdb.d/
diff --git a/deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql b/deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql
new file mode 100644
index 000000000..dcb01f7fd
--- /dev/null
+++ b/deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql
@@ -0,0 +1,87 @@
+SET ROLE tinkerbell;
+
+CREATE TABLE IF NOT EXISTS hardware (
+	id UUID UNIQUE
+	, inserted_at TIMESTAMPTZ
+	, deleted_at TIMESTAMPTZ
+	, data JSONB
+);
+
+CREATE INDEX IF NOT EXISTS idx_id ON hardware (id);
+CREATE INDEX IF NOT EXISTS idx_deleted_at ON hardware (deleted_at NULLS FIRST);
+CREATE INDEX IF NOT EXISTS idxgin_type ON hardware USING GIN (data JSONB_PATH_OPS);
+
+CREATE TABLE IF NOT EXISTS template (
+        id UUID UNIQUE NOT NULL
+        , name VARCHAR(200) NOT NULL
+        , created_at TIMESTAMPTZ
+        , updated_at TIMESTAMPTZ
+        , deleted_at TIMESTAMPTZ
+        , data BYTEA
+
+        CONSTRAINT CK_name CHECK (name ~ '^[a-zA-Z0-9_-]*$')
+);
+
+CREATE INDEX IF NOT EXISTS idx_tid ON template (id);
+CREATE INDEX IF NOT EXISTS idx_tdeleted_at ON template (deleted_at NULLS FIRST);
+
+CREATE TABLE IF NOT EXISTS targets (
+        id UUID UNIQUE
+        , inserted_at TIMESTAMPTZ
+        , deleted_at TIMESTAMPTZ
+        , data JSONB
+);
+
+CREATE INDEX IF NOT EXISTS idx_rid ON targets (id);
+CREATE INDEX IF NOT EXISTS idx_rdeleted_at ON targets (deleted_at NULLS FIRST);
+CREATE INDEX IF NOT EXISTS idxgin_rtype ON targets USING GIN (data JSONB_PATH_OPS);
+
+CREATE TABLE IF NOT EXISTS workflow (
+	id UUID UNIQUE NOT NULL
+	, template UUID NOT NULL
+	, target UUID NOT NULL
+	, created_at TIMESTAMPTZ
+	, updated_at TIMESTAMPTZ
+	, deleted_at TIMESTAMPTZ
+);
+
+CREATE INDEX IF NOT EXISTS idx_wid ON workflow (id);
+CREATE INDEX IF NOT EXISTS idx_wdeleted_at ON workflow (deleted_at NULLS FIRST);
+
+CREATE TABLE IF NOT EXISTS workflow_state (
+        workflow_id UUID UNIQUE NOT NULL
+        , current_task_name VARCHAR(200)
+        , current_action_name VARCHAR(200)
+        , current_action_state SMALLINT
+        , current_worker VARCHAR(200)
+        , action_list JSONB
+        , current_action_index int
+        , total_number_of_actions INT
+);
+
+CREATE INDEX IF NOT EXISTS idx_wfid ON workflow_state (workflow_id);
+
+CREATE TABLE IF NOT EXISTS workflow_event (
+        workflow_id UUID NOT NULL
+        , worker_id UUID  NOT NULL
+        , task_name VARCHAR(200)
+        , action_name VARCHAR(200)
+        , execution_time int
+	, message VARCHAR(200)
+	, status SMALLINT
+        , created_at TIMESTAMPTZ
+);
+
+CREATE INDEX IF NOT EXISTS idx_event ON workflow_event (created_at);
+
+CREATE TABLE IF NOT EXISTS workflow_worker_map (
+        workflow_id UUID NOT NULL
+        , worker_id UUID NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS workflow_data (
+        workflow_id UUID NOT NULL
+        , version INT
+        , metadata JSONB
+        , data JSONB
+);
\ No newline at end of file
diff --git a/deploy/migrate b/deploy/migrate
new file mode 100755
index 000000000..493b44903
--- /dev/null
+++ b/deploy/migrate
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# Import initial schema
+psql -f /init.sql
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 000000000..496d4b465
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,162 @@
+version: '2.1'
+services:
+  certs:
+    build: tls
+    volumes:
+      - ./certs:/certs
+
+  tinkerbell:
+    build: .
+    environment: 
+      FACILITY: ${FACILITY:-lab1}
+      PACKET_ENV: ${PACKET_ENV:-testing}
+      PACKET_VERSION: ${PACKET_VERSION:-5efab5ef3a42cb88f2d54f4ed3201c2dd6797b7d}
+      ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-9b78d0ad01d1467aa92c49c3a349b79d}
+      ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-0}
+      MAX_WORKFLOW_DATA_VERSIONS: 5
+      PGDATABASE: tinkerbell
+      PGHOST: db
+      PGPASSWORD: tinkerbell
+      PGPORT: 5432
+      PGSSLMODE: disable
+      PGUSER: tinkerbell
+    depends_on:
+      - "certs"
+      - "db"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- 127.0.0.1:42114/cert"]
+      interval: 5s
+      timeout: 2s
+      retries: 30
+    volumes: 
+      - ./certs:/certs/${FACILITY}
+    logging:
+      driver: fluentd
+      options:
+        tag: tinkerbell-server
+    ports:
+      - 42113:42113/tcp
+      - 42114:42114/tcp
+
+  db:
+    build:
+      context: deploy
+    environment:
+      POSTGRES_DB: tinkerbell
+      POSTGRES_PASSWORD: tinkerbell
+      POSTGRES_USER: tinkerbell
+    ports:
+      - 5432:5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U tinkerbell"]
+      interval: 1s
+      timeout: 1s
+      retries: 30
+    logging:
+      driver: fluentd
+      options:
+        tag: db
+    depends_on:
+      - fluentbit
+
+  cli:
+    build:
+      context: cmd/tinkerbell
+    environment:
+      TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113
+      TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert
+    logging:
+      driver: fluentd
+      options:
+        tag: tinkerbell-cli
+    network_mode: host
+  
+  registry:
+    build:
+      context: registry
+      args: 
+        REGISTRY_USERNAME: username
+        REGISTRY_PASSWORD: password
+    environment: 
+      REGISTRY_HTTP_ADDR: 0.0.0.0:443
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+    volumes: 
+      - ./certs:/certs
+    logging:
+      driver: fluentd
+      options:
+        tag: registry
+    network_mode: host
+
+  boots:
+    build:
+      context: ../boots
+    network_mode: host
+    command: -dhcp-addr 0.0.0.0:67 -tftp-addr 127.0.0.1:69 -http-addr 127.0.0.1:80 -log-level DEBUG
+    environment:
+      API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-PcyR6MvHb7wMmyYf9p8dJ2Dvnb9HxX8E}
+      API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-djR2TAvbnkY92i8Ea2KFMZW6MusW1fk7qzeCUHgtnQRSsXnqxoCr6V2vhSxpqASf}
+      FACILITY_CODE: ${FACILITY:-lab1}
+      PACKET_ENV: ${PACKET_ENV:-testing}
+      PACKET_VERSION: ${PACKET_VERSION:-5efab5ef3a42cb88f2d54f4ed3201c2dd6797b7d}
+      ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-9b78d0ad01d1467aa92c49c3a349b79d}
+      ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-0}
+      MIRROR_HOST: ${MIRROR_HOST:-127.0.0.1}
+      CACHER_GRPC_AUTHORITY: 127.0.0.1:42111
+      CACHER_CERT_URL: http://127.0.0.1:42112/cert
+      DNS_SERVERS: 8.8.8.8
+      PUBLIC_IP: 127.0.0.1
+      BOOTP_BIND: 127.0.0.1:67
+      HTTP_BIND: 127.0.0.1:80
+      SYSLOG_BIND: 127.0.0.1:514
+      TFTP_BIND: 127.0.0.1:69
+      DOCKER_REGISTRY: 127.0.0.1
+      REGISTRY_USERNAME: username
+      REGISTRY_PASSWORD: password
+      TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113
+      TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert
+      ELASTIC_SEARCH_URL: 127.0.0.1:9200
+    depends_on:
+      - tinkerbell
+    logging:
+      driver: fluentd
+      options:
+        tag: tinkerbell
+    ports:
+      - 127.0.0.1:80:80/tcp
+      - 67:67/udp
+      - 69:69/udp
+ 
+  elasticsearch:
+    image: elasticsearch:7.3.0
+    ports:
+      - 9200:9200
+      - 9300:9300
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - discovery.type=single-node
+
+  kibana:
+    image: kibana:7.3.0
+    depends_on:
+      - elasticsearch
+    restart: always
+    environment:
+      ELASTICSEARCH_URL: http://elasticsearch:9200
+    ports:
+      - 5601:5601
+
+  fluentbit:
+    image: fluent/fluent-bit:1.3
+    ports:
+      - 24224:24224
+      - 24224:24224/udp
+    depends_on:
+      - elasticsearch
+    volumes:
+      - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
+
diff --git a/docs/architecture.md b/docs/architecture.md
new file mode 100644
index 000000000..3732da083
--- /dev/null
+++ b/docs/architecture.md
@@ -0,0 +1,4 @@
+# Architecture
+
+
+![](img/workflow-architecture.png)
\ No newline at end of file
diff --git a/docs/cli/README.md b/docs/cli/README.md
new file mode 100644
index 000000000..9b74d4aa0
--- /dev/null
+++ b/docs/cli/README.md
@@ -0,0 +1,34 @@
+# Tinkerbell CLI Reference
+
+## tinkerbell
+
+Command line interface for Packet Workflow.
+
+### Synopsis
+
+Command line interface for Packet Workflow. The CLI allows you to update the hardware details with respect to a worker machine. It also enables you to create a template and a target which is eventually used to create a workflow.
+
+### Operations
+
+```shell
+  hardware    tinkerbell hardware client
+  help        Help about any command
+  target      tinkerbell target client
+  template    tinkerbell template client
+  workflow    tinkerbell workflow client
+```
+
+### Options
+
+```
+  -h, --help   help for tinkerbell
+```
+
+### See Also
+
+ - [tinkerbell hardware](hardware.md) - Hardware (worker) data operations 
+ - [tinkerbell target](target.md) - Target operations
+ - [tinkerbell template](template.md) - Template operations
+ - [tinkerbell workflow](workflow.md) - Workflow operations
+
+
diff --git a/docs/cli/hardware.md b/docs/cli/hardware.md
new file mode 100644
index 000000000..97c9adc31
--- /dev/null
+++ b/docs/cli/hardware.md
@@ -0,0 +1,29 @@
+## tinkerbell hardware
+
+Hardware (worker) data operations.
+
+### Synopsis
+
+Hardware operations:
+```shell
+  all         Get all known hardware for facility
+  id          Get hardware by id
+  ingest      Trigger tinkerbell to ingest
+  ip          Get hardware by any associated ip
+  mac         Get hardware by any associated mac
+  push        Push new hardware to tinkerbell
+  watch       Register to watch an id for any changes
+```
+
+### Options
+
+```
+  -h, --help   help for hardware
+```
+
+### See Also
+
+ - [tinkerbell target](target.md) - Target operations
+ - [tinkerbell template](template.md) - Template operations
+ - [tinkerbell workflow](workflow.md) - Workflow operations
+
diff --git a/docs/cli/target.md b/docs/cli/target.md
new file mode 100644
index 000000000..76b1ad79a
--- /dev/null
+++ b/docs/cli/target.md
@@ -0,0 +1,34 @@
+## tinkerbell target
+
+Target operations.
+
+### Synopsis
+
+Target operations:
+```shell
+  create      create a target
+  delete      delete a target
+  get         get a target
+  list        list all targets
+  update      update a target
+```
+
+### Options
+
+```
+  -h, --help   help for target
+```
+
+### Examples
+
+ - The command below creates a workflow target and returns its UUID.
+ ```shell
+  $ tinkerbell target create '{"targets": {"machine1": {"mac_addr": "98:03:9b:4b:c5:34"}}}' 
+ ```
+
+### See Also
+
+ - [tinkerbell hardware](hardware.md) - Hardware (worker) data operations 
+ - [tinkerbell template](template.md) - Template operations
+ - [tinkerbell workflow](workflow.md) - Workflow operations
+
diff --git a/docs/cli/template.md b/docs/cli/template.md
new file mode 100644
index 000000000..4c2210850
--- /dev/null
+++ b/docs/cli/template.md
@@ -0,0 +1,52 @@
+## tinkerbell template
+
+Template operations.
+
+### Synopsis
+
+Template operations:
+```shell
+  create      create a workflow template 
+  delete      delete a template
+  get         get a template
+  list        list all saved templates
+  update      update a template
+```
+
+### Options
+
+```
+  -h, --help   help for target
+```
+
+### Examples
+
+ - The following command creates a workflow template using the `sample.tmpl` file and save it as `sample`. It returns a UUID for the newly created template.
+ ```shell
+  $ tinkerbell template create -n <template-name> -p <path-to-template>
+  $ tinkerbell template create -n sample -p /tmp/sample.tmpl
+ ``` 
+
+ - List all the templates 
+ ```shell
+  $ tinkerbell template list
+ ```
+
+ - Update the name of an existing template
+ ```shell
+  $ tinkerbell template update <template-uuid> -n <new-name>
+  $ tinkerbell template update edb80a56-b1f2-4502-abf9-17326324192b -n new-sample-template
+ ```
+
+ - Update an existing template and keep the same name
+ ```shell
+  $ tinkerbell template update <template-uuid> -p <path-to-new-template-file>
+  $ tinkerbell template update edb80a56-b1f2-4502-abf9-17326324192b -p /tmp/new-sample-template.tmpl
+ ```
+
+### See Also
+
+ - [tinkerbell hardware](hardware.md) - Hardware (worker) data operations 
+ - [tinkerbell target](target.md) - Target operations
+ - [tinkerbell workflow](workflow.md) - Workflow operations
+
diff --git a/docs/cli/workflow.md b/docs/cli/workflow.md
new file mode 100644
index 000000000..6d8cc2dc2
--- /dev/null
+++ b/docs/cli/workflow.md
@@ -0,0 +1,37 @@
+## tinkerbell workflow
+
+Workflow operations.
+
+### Synopsis
+
+Workflow operations:
+```shell
+  create      create a workflow
+  data        get workflow data
+  delete      delete a workflow
+  events      show all events for a workflow
+  get         get a workflow
+  list        list all workflows
+  state       get the current workflow context
+```
+
+### Options
+
+```
+  -h, --help   help for target
+```
+
+### Examples
+
+ - Create a workflow using a template and a target
+ ```shell
+  $ tinkerbell workflow create -t <template-uuid> -r <target-uuid>
+  $ tinkerbell workflow create -t edb80a56-b1f2-4502-abf9-17326324192b -r 9356ae1d-6165-4890-908d-7860ed04b421
+ ```
+
+### See Also
+
+ - [tinkerbell hardware](hardware.md) - Hardware (worker) data operations 
+ - [tinkerbell target](target.md) - Target operations
+ - [tinkerbell template](template.md) - Template operations
+ 
diff --git a/docs/components.md b/docs/components.md
new file mode 100644
index 000000000..8f1f235a1
--- /dev/null
+++ b/docs/components.md
@@ -0,0 +1,39 @@
+# Components
+
+### Boots
+
+Handles DHCP requests, hands out IPs, and serves up iPXE. It also uses the Tinkerbell client to pull and push hardware data. 
+
+### Osie
+
+Installs operating systems and handles deprovisioning.
+
+### Tinkerbell
+
+Service responsible for processing workflows. It is comprised of a server and a CLI, which communicate over gRPC. The CLI is used to create a workflow along with its building blocks, i.e., a template and a target.
+
+### Hegel
+
+Metadata service used by Tinkerbell and Osie during provisioning. It collects data from Tinkerbell and transforms it into a JSON format to be consumed as metadata. 
+
+### Database
+
+We use [PostgreSQL](https://www.postgresql.org/), also known as Postgres, as our data store. Postgres is a free and open-source relational database management system that emphasizes extensibility and technical standards compliance. It is designed to handle a range of workloads, from single machines to data warehouses or Web services with many concurrent users.
+
+### Image Repository
+
+Depending on your use case, you can choose to use [Quay](https://quay.io/) or [DockerHub](https://hub.docker.com/) as the registry to store component images. You can use the same registry to store all of the action images used for a workflow. 
+
+On the other hand, if you want to keep things local, you can also setup a secure private Docker registry to hold all your images locally. 
+
+### Fluent Bit
+
+[Fluent Bit](https://fluentbit.io/) is an open source and multi-platform Log Processor and Forwarder which allows you to collect data/logs from different sources, unify and send them to multiple destinations. The components write their logs to `stdout` and these logs are then collected by Fluent Bit and pushed to Elasticsearch. 
+
+### Elasticsearch
+
+[Elasticsearch](https://www.elastic.co/) is a distributed, open source search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured. Fluent Bit collects the logs from each component and pushes them into Elasticsearch for storage and analysis purposes. 
+
+### Kibana
+
+[Kibana](https://www.elastic.co/kibana) lets you visualize your Elasticsearch data and navigate the Elastic Stack so you can do anything from tracking query load to understanding the way requests flow through your apps.
\ No newline at end of file
diff --git a/docs/concepts.md b/docs/concepts.md
new file mode 100644
index 000000000..f4ed32cfa
--- /dev/null
+++ b/docs/concepts.md
@@ -0,0 +1,107 @@
+# Concepts
+
+### Template
+
+A template is a Go template based definition that defines the overall flow of a workflow. A user must write a template based on a valid template format. Template can consist of custom variable which can be substituted before execution. For example, a target is defined separately and is substituted in a template at the time of creating a workflow.
+
+A template is stored as a blob in the database and is parsed later during the creation of a worflow. A user can CRUD a template using the CLI (`tinkerbell template`). Here is a sample workflow template: 
+
+```yaml
+version: '0.1'
+name: ubuntu_provisioning
+global_timeout: 6000
+tasks:
+- name: "os-installation"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  volumes:
+    - /dev:/dev
+    - /dev/console:/dev/console
+    - /lib/firmware:/lib/firmware:ro
+  environment:
+    MIRROR_HOST: 192.168.1.2
+  actions:
+  - name: "disk-wipe"
+    image: disk-wipe
+    timeout: 90
+  - name: "disk-partition"
+    image: disk-partition
+    timeout: 600
+    environment:
+       MIRROR_HOST: 192.168.1.3
+    volumes:
+      - /statedir:/statedir
+  - name: "install-root-fs"
+    image: install-root-fs
+    timeout: 600
+  - name: "install-grub"
+    image: install-grub
+    timeout: 600
+    volumes:
+      - /statedir:/statedir
+```
+
+A template comprises Tasks, which are executed in a sequential manner. A task can consits multiple Actions. As can be in the above example, a task supports volumes and environment variables. The volumes and environment variables defined for a particular task level are inherited by each action in that particular task. 
+
+It is important to note that an action can also have its own volumes and environment variables. Therefore, any entry at an action will overwrite the value defined at the task level. For example, in the above template the `MIRROR_HOST` environment variable defined at action `disk-partition` will overwrite the value defined at task level. However, the other actions will receive the original value defined at the task level.
+
+
+### Targets
+
+Targets are mapping between the virtual worker name and the actual host. Currently we are refer targets with MAC or IP address. Here is a sample target definition:
+
+```json
+{
+    "machine1":  {
+        "ip_addr": "192.168.1.2"
+    },
+    "machine2" :  {
+        "mac_addr": "ca:00:64:b8:2d:00"
+    }
+}
+```
+
+A target can be accessed in template like (refer above template):
+
+```
+{{ index .Targets "machine1" "ip_addr"}}
+{{ index .Targets "machine2" "mac_addr"}}
+```
+
+### Provisioner
+
+The provisioner machine is the main driver for executing a workflow. A provisioner houses the following components:
+ - Database (Postgres)
+ - Tinkerbell (CLI and server)
+ - Boots 
+ - Hegel
+ - Image Registry (optional)
+ - Elasticsearch
+ - Fluent Bit
+ - Kibana
+ - NGINX
+
+It is upto you if you would like to divide these components into multiple servers.
+
+### Worker
+
+Any node that has its data being pushed into Tinkerbell can become a part of a workflow. A worker can be a part of multiple workflows. 
+
+When the node boots, a worker container starts and connects with provisioner to check if there is any task (may be from different workflows) that it can execute. After the completion of an action, the worker sends action status to provisioner. When all workflows which are related to a worker are complete, a worker can terminate. 
+
+
+### Ephemeral Data
+
+The workers that are part of a workflow might require to share some data. This can take the form of a light JSON like below, or some binary files that other workers might require to complete their action. For instance, a worker may add the following data:
+
+```json
+ {"operating_system": "ubuntu_18_04", "mac_addr": "F5:C9:E2:99:BD:9B", "instance_id": "123e4567-e89b-12d3-a456-426655440000"}
+```
+
+The other worker may retrieve and use this data and eventually add some more:
+
+```json
+{"operating_system": "ubuntu_18_04", "mac_addr": "F5:C9:E2:99:BD:9B", "instance_id": "123e4567-e89b-12d3-a456-426655440000", "ip_addresses": [{"address_family": 4, "address": "172.27.0.23", "cidr": 31, "private": true}]}
+```
+![](img/ephemeral-data.png)
+
+
diff --git a/docs/first-good-workflow.md b/docs/first-good-workflow.md
new file mode 100644
index 000000000..00512cc22
--- /dev/null
+++ b/docs/first-good-workflow.md
@@ -0,0 +1,49 @@
+# First Good Workflow (Example)
+
+Here is an example workflow that provisions a worker machine with Ubuntu 18.04.
+
+### Prerequisite
+
+You have a setup ready with a Provisioner and a Worker node. If not, please follow the [steps](setup.md) here to complete the setup.
+
+
+### Steps
+ - Login to the `provisioner` machine
+ - Copy the following folders/files from `test-provisioner` machine to the current machine at the `/packet/nginx/misc/osie/current/` location:
+ ```shell 
+  /var/www/html/misc/osie/current/grub/
+  /var/www/html/misc/osie/current/ubuntu_18_04 
+  /var/www/html/misc/osie/current/modloop-x86_64
+ ```
+ - Change directory to `tinkerbell`:
+ ```shell
+ $ cd ~/go/src/github.com/packethost/tinkerbell/
+ ```
+ - switch to `first-good-workflow` branch
+ ```shell
+ $ git checkout first-good-workflow
+ ```
+ - Replace the MAC addresses in `push.sh` file with the MAC address of `tf-worker` machine which you have got in the terraform output
+ - Push the hardware data
+ ```shell
+  $ ./push.sh
+ ```
+ - Create action images and push them in to the private registry:
+ ```shell
+  $ cd ~/go/src/github.com/packethost/tinkerbell/workflow-samples/ubuntu/v3/
+  $ ./create_image.sh
+ ```
+ - Create a target:
+ ```shell
+  $ tinkerbell target create '{"targets": {"machine1": {"mac_addr": "<mac address of tf-worker>"}}}'
+ ```
+ - Create a template:
+ ```shell
+  $ tinkerbell template create -n ubuntu-sample -p /root/go/src/github.com/packethost/tinkerbell/workflow-samples/ubuntu/ubuntu.tmpl
+ ```
+ - Create a workflow:
+ ```shell
+  $ tinkerbell workflow create -t <template Id> -r <target_id>
+ ```
+ - Reboot the worker machine
+
diff --git a/docs/img/ephemeral-data.png b/docs/img/ephemeral-data.png
new file mode 100644
index 000000000..a9f264de8
Binary files /dev/null and b/docs/img/ephemeral-data.png differ
diff --git a/docs/img/workflow-architecture.png b/docs/img/workflow-architecture.png
new file mode 100644
index 000000000..f5e6a5ee2
Binary files /dev/null and b/docs/img/workflow-architecture.png differ
diff --git a/docs/setup.md b/docs/setup.md
new file mode 100644
index 000000000..ea917adce
--- /dev/null
+++ b/docs/setup.md
@@ -0,0 +1,22 @@
+# Setup the Packet Workflow Environment with Terraform
+
+ - Clone the `tinkerbell` repository for latest code:
+```shell
+$ git clone https://github.com/packethost/tinkerbell.git
+$ cd tinkerbell/terraform
+```
+
+ - Update the `input.tf` file with actual username and password of GitHub and quay.io 
+ - Add your Packet `auth_token` in `input.tf`
+ - Run the following commands
+```shell
+$ terraform init
+$ terraform apply
+``` 
+
+The above commands will create a complete setup with `tf-provisioner` and `tf-worker` machines on which you can run any workflow. As an output it returns the IP address of the provisioner and MAC address of the worker machine.
+
+
+**_Note_**: The default names of machines created by Terraform are `tf-provisioner` and `tf-worker`. If you prefer other names, you need to replace `tf-provisioner` and `tf-worker` with the new ones at all places in `main.tf`.
+
+
diff --git a/docs/troubleshoot.md b/docs/troubleshoot.md
new file mode 100644
index 000000000..18b3fb7ed
--- /dev/null
+++ b/docs/troubleshoot.md
@@ -0,0 +1,48 @@
+# Troubleshooting
+
+
+### Not setting the worker to always PXE
+
+```shell
+PowerEdge R6415 - BIOS 1.8.7
+A system restart is required. The system detected an exception during the UEFI
+pre-boot environment.
+```
+
+Enable UEFI boot from the BIOS settings. To enable PXE boot, execute the following commands:
+```shell
+$ apk add ipmitool 
+$ ipmitool chassis bootdev pxe
+```
+
+### No job identified for worker
+
+```shell
+Start PXE over IPv4.
+  PXE-E18: Server response timeout.
+Boot Failed: PXE Device 1: NIC in Slot 2 Port 1
+
+No boot device available or Operating System detected.
+Please ensure a compatible bootable media is available.
+```
+
+Ensure that you have pushed the hardware data to Tinkerbell having the correct MAC address. You can push the data with `tinkerbell push <data-json>`.
+
+### Can't login to private registry 
+
+```shell
+Login did not succeed, error: Error response from daemon: Get https://192.168.1.1/v2/: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Autogenerated CA")
+```
+
+ - verify that `hosts` list in `tinkerbell/tls/server-csr.in.json` has the registry IP or domain
+ - rebuild the `certs` container and copy the `ca.pem` to `/etc/docker/certs.d/<registry-ip/domain>/ca.crt`
+
+### Worker fails to pull images from private registry
+
+```shell
+Waiting for docker to respond...
+Error response from daemon: Get https://192.168.1.1/v2/: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Autogenerated CA")
+```
+
+Make sure that the `ca.pem`  file, used for hosting the private registry, is present at `<nginx-path>/misc/tinkerbell/workflow` path.
+
diff --git a/docs/writing-workflow.md b/docs/writing-workflow.md
new file mode 100644
index 000000000..e21d5c487
--- /dev/null
+++ b/docs/writing-workflow.md
@@ -0,0 +1,121 @@
+# Writing a [Workflow](concepts.md#workflow)
+
+Any workflow comprises two building blocks: target and template. 
+
+### Creating a [target](concepts.md#target)
+
+A target is referred with MAC or IP address. Here is a sample target definition using the MAC address:
+
+```json
+{
+    "machine1" :  {
+        "mac_addr": "98:03:9b:4b:c5:34"
+    }
+}
+```
+
+The command below creates a workflow target and returns its UUID:
+```shell
+ $ tinkerbell target create '{"targets": {"machine1": {"mac_addr": "98:03:9b:4b:c5:34"}}}' 
+```
+
+
+### Creating a [template](concepts.md#template)
+
+Consider a sample template like the following saved as `/tmp/sample.tmpl`.
+
+```yaml
+version: '0.1'
+name: ubuntu_provisioning
+global_timeout: 2500
+tasks:
+- name: "os-installation"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  volumes:
+    - /dev:/dev
+    - /lib/firmware:/lib/firmware:ro
+  environment:
+    MIRROR_HOST: 192.168.1.2
+  actions:
+  - name: "disk-partition"
+    image: disk-partition
+    timeout: 600
+    environment:
+       MIRROR_HOST: 192.168.1.3
+    volumes:
+      - /statedir:/statedir
+  - name: "install-root-fs"
+    image: install-root-fs
+    timeout: 600
+  - name: "install-grub"
+    image: install-grub
+    timeout: 600
+    volumes:
+      - /statedir:/statedir
+```
+
+Key points:
+ - `global_timeout` is in seconds.
+ - Any worflow that exceeds the global timeout will be terminated and marked as failed.
+ - Each action has its own timeout. If an action reaches its timeout, it is marked as failed and so is the workflow.
+ - An action cannot have space (` `) in its name.
+ - Environment variables and volumes at action level overwrites the values for duplicate keys defined at task level.
+ 
+A target can be accessed in a template like:
+
+```
+{{ index .Targets "machine1" "ip_addr"}}
+{{ index .Targets "machine2" "mac_addr"}}
+```
+
+The following command creates a workflow template and returns a UUID:
+```shell
+ $ tinkerbell template create -n sample -p /tmp/sample.tmpl
+``` 
+
+
+### Creating a [workflow](concepts.md#workflow)
+
+We can create a workflow using the above created (or existing) template and target. 
+```shell
+ $ tinkerbell workflow create -t <template-uuid> -r <target-uuid>
+ $ tinkerbell workflow create -t edb80a56-b1f2-4502-abf9-17326324192b -r 9356ae1d-6165-4890-908d-7860ed04b421
+```
+
+The above command returns a UUID for the workflow thus created. The workflow ID can be used for getting further details about a workflow. Please refer the [Tinkerbell CLI reference](cli.md) for the same.
+
+It's a good practice to verify that the targets have been well substituted in the template. In order to do so, use the following command:
+```yaml
+ $ tinkerbell workflow get edb80a56-b1f2-4502-abf9-17326324192b
+
+version: '0.1'
+name: ubuntu_provisioning
+global_timeout: 2500
+tasks:
+- name: "os-installation"
+  worker: ""
+  volumes:
+    - /dev:/dev
+    - /lib/firmware:/lib/firmware:ro
+  environment:
+    MIRROR_HOST: 192.168.1.2
+  actions:
+  - name: "disk-partition"
+    image: disk-partition
+    timeout: 600
+    environment:
+       MIRROR_HOST: 192.168.1.3
+    volumes:
+      - /statedir:/statedir
+  - name: "install-root-fs"
+    image: install-root-fs
+    timeout: 600
+  - name: "install-grub"
+    image: install-grub
+    timeout: 600
+    volumes:
+      - /statedir:/statedir
+```
+
+Notice how `worker` is set to the MAC address we had defined in the target.
+
diff --git a/executor/executor.go b/executor/executor.go
new file mode 100644
index 000000000..518e5ef0d
--- /dev/null
+++ b/executor/executor.go
@@ -0,0 +1,162 @@
+package executor
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"time"
+
+	"github.com/packethost/tinkerbell/db"
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+var (
+	workflowData = make(map[string]int)
+)
+
+// GetWorkflowContexts implements tinkerbell.GetWorkflowContexts
+func GetWorkflowContexts(context context.Context, req *pb.WorkflowContextRequest, sdb *sql.DB) (*pb.WorkflowContextList, error) {
+	if len(req.WorkerId) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "worker_id is invalid")
+	}
+	wfs, _ := db.GetfromWfWorkflowTable(context, sdb, req.WorkerId)
+	if wfs == nil {
+		return nil, status.Errorf(codes.InvalidArgument, "Worker not found for any workflows")
+	}
+
+	wfContexts := []*pb.WorkflowContext{}
+
+	for _, wf := range wfs {
+		wfContext, err := db.GetWorkflowContexts(context, sdb, wf)
+		if err != nil {
+			return nil, status.Errorf(codes.Aborted, "Invalid workflow %s found for worker %s", wf, req.WorkerId)
+		}
+		wfContexts = append(wfContexts, wfContext)
+	}
+
+	return &pb.WorkflowContextList{
+		WorkflowContexts: wfContexts,
+	}, nil
+}
+
+// GetWorkflowActions implements tinkerbell.GetWorkflowActions
+func GetWorkflowActions(context context.Context, req *pb.WorkflowActionsRequest, sdb *sql.DB) (*pb.WorkflowActionList, error) {
+	wfID := req.GetWorkflowId()
+	if len(wfID) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "workflow_id is invalid")
+	}
+	actions, err := db.GetWorkflowActions(context, sdb, wfID)
+	if err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "workflow_id is invalid")
+	}
+	return actions, nil
+}
+
+// ReportActionStatus implements tinkerbell.ReportActionStatus
+func ReportActionStatus(context context.Context, req *pb.WorkflowActionStatus, sdb *sql.DB) (*pb.Empty, error) {
+	wfID := req.GetWorkflowId()
+	if len(wfID) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "workflow_id is invalid")
+	}
+	if len(req.GetTaskName()) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "task_name is invalid")
+	}
+	if len(req.GetActionName()) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "action_name is invalid")
+	}
+	fmt.Printf("Received action status: %s\n", req)
+	wfContext, err := db.GetWorkflowContexts(context, sdb, wfID)
+	if err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "Workflow context not found for workflow %s", wfID)
+	}
+	wfActions, err := db.GetWorkflowActions(context, sdb, wfID)
+	if err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "Workflow actions not found for workflow %s", wfID)
+	}
+
+	// We need bunch of checks here considering
+	// Considering concurrency and network latencies & accuracy for proceeding of WF
+	actionIndex := wfContext.GetCurrentActionIndex()
+	if req.GetActionStatus() == pb.ActionState_ACTION_IN_PROGRESS {
+		if wfContext.GetCurrentAction() != "" {
+			actionIndex = actionIndex + 1
+		}
+	}
+	action := wfActions.ActionList[actionIndex]
+	if action.GetTaskName() != req.GetTaskName() {
+		return nil, status.Errorf(codes.FailedPrecondition, "Reported task name not matching in actions info")
+	}
+	if action.GetName() != req.GetActionName() {
+		return nil, status.Errorf(codes.FailedPrecondition, "Reported action name not matching in actions info")
+	}
+	wfContext.CurrentWorker = action.GetWorkerId()
+	wfContext.CurrentTask = req.GetTaskName()
+	wfContext.CurrentAction = req.GetActionName()
+	wfContext.CurrentActionState = req.GetActionStatus()
+	wfContext.CurrentActionIndex = actionIndex
+	err = db.UpdateWorkflowState(context, sdb, wfContext)
+	if err != nil {
+		return &pb.Empty{}, fmt.Errorf("Failed to update the workflow_state table. Error : %s", err)
+	}
+	// TODO the below "time" would be a part of the request which is coming form worker.
+	time := time.Now()
+	err = db.InsertIntoWorkflowEventTable(context, sdb, req, time)
+	if err != nil {
+		return &pb.Empty{}, fmt.Errorf("Failed to update the workflow_event table. Error : %s", err)
+	}
+	fmt.Printf("Current context %s\n", wfContext)
+	return &pb.Empty{}, nil
+}
+
+// UpdateWorkflowData updates workflow ephemeral data
+func UpdateWorkflowData(context context.Context, req *pb.UpdateWorkflowDataRequest, sdb *sql.DB) (*pb.Empty, error) {
+	wfID := req.GetWorkflowID()
+	if len(wfID) == 0 {
+		return &pb.Empty{}, status.Errorf(codes.InvalidArgument, "workflow_id is invalid")
+	}
+	index, ok := workflowData[wfID]
+	if ok {
+		index = index + 1
+	} else {
+		index = 1
+		workflowData[wfID] = index
+	}
+	err := db.InsertIntoWfDataTable(context, sdb, req)
+	if err != nil {
+		return &pb.Empty{}, status.Errorf(codes.Unknown, err.Error())
+	}
+	return &pb.Empty{}, nil
+}
+
+// GetWorkflowData returns ephemeral data for a particular workflow
+func GetWorkflowData(context context.Context, req *pb.GetWorkflowDataRequest, sdb *sql.DB) (*pb.GetWorkflowDataResponse, error) {
+	wfID := req.GetWorkflowID()
+	if len(wfID) == 0 {
+		return &pb.GetWorkflowDataResponse{Data: []byte("")}, status.Errorf(codes.InvalidArgument, "workflow_id is invalid")
+	}
+	data, err := db.GetfromWfDataTable(context, sdb, req)
+	if err != nil {
+		return &pb.GetWorkflowDataResponse{Data: []byte("")}, status.Errorf(codes.Unknown, err.Error())
+	}
+	return &pb.GetWorkflowDataResponse{Data: data}, nil
+}
+
+// GetWorkflowMetadata returns metadata wrt to the ephemeral data of a workflow
+func GetWorkflowMetadata(context context.Context, req *pb.GetWorkflowDataRequest, sdb *sql.DB) (*pb.GetWorkflowDataResponse, error) {
+	data, err := db.GetWorkflowMetadata(context, sdb, req)
+	if err != nil {
+		return &pb.GetWorkflowDataResponse{Data: []byte("")}, status.Errorf(codes.Unknown, err.Error())
+	}
+	return &pb.GetWorkflowDataResponse{Data: data}, nil
+}
+
+// GetWorkflowDataVersion returns the latest version of data for a workflow
+func GetWorkflowDataVersion(context context.Context, workflowID string, sdb *sql.DB) (*pb.GetWorkflowDataResponse, error) {
+	version, err := db.GetWorkflowDataVersion(context, sdb, workflowID)
+	if err != nil {
+		return &pb.GetWorkflowDataResponse{Version: version}, status.Errorf(codes.Unknown, err.Error())
+	}
+	return &pb.GetWorkflowDataResponse{Version: version}, nil
+}
diff --git a/executor/types.go b/executor/types.go
new file mode 100644
index 000000000..5e8dcc620
--- /dev/null
+++ b/executor/types.go
@@ -0,0 +1,26 @@
+package executor
+
+// Workflow represents a workflow to be executed
+type Workflow struct {
+	Version       string `yaml:"version"`
+	Name          string `yaml:"name"`
+	GlobalTimeout int    `yaml:"global_timeout"`
+	Tasks         []Task `yaml:"tasks"`
+}
+
+// Task represents a task to be executed as part of a workflow
+type Task struct {
+	Name    string   `yaml:"name"`
+	Worker  string   `yaml:"worker"`
+	Actions []Action `yaml:"actions"`
+}
+
+// Action represents an action to be executed as part of a task
+type Action struct {
+	Name      string `yaml:"name"`
+	Image     string `yaml:"image"`
+	Timeout   int    `yaml:"timeout"`
+	Command   string `yaml:"command"`
+	OnTimeout string `yaml:"on-timeout"`
+	OnFailure string `yaml:"on-failure"`
+}
diff --git a/fluent-bit.conf b/fluent-bit.conf
new file mode 100644
index 000000000..428d29827
--- /dev/null
+++ b/fluent-bit.conf
@@ -0,0 +1,47 @@
+[SERVICE]
+    log_level debug
+
+[INPUT]
+    Name forward
+    Listen 0.0.0.0
+    Port 24224
+
+[OUTPUT]
+    Name es
+    Match db
+    Host 0.0.0.0
+    Port 9200
+    Index db
+    Type  db
+
+[OUTPUT]
+    Name es
+    Match registry
+    Host 0.0.0.0
+    Port 9200
+    Index registry
+    Type  registry
+
+[OUTPUT]
+    Name es
+    Match tinkerbell
+    Host 0.0.0.0
+    Port 9200
+    Index tinkerbell
+    Type  tinkerbell
+
+[OUTPUT]
+    Name es
+    Match tinkerbell-cli
+    Host 0.0.0.0
+    Port 9200
+    Index tinkerbell-cli
+    Type  tinkerbell-cli
+
+[OUTPUT]
+    Name es
+    Match tinkerbell-server
+    Host 0.0.0.0
+    Port 9200
+    Index tinkerbell-server
+    Type  tinkerbell-server
diff --git a/go.mod b/go.mod
new file mode 100644
index 000000000..8df154dbd
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,51 @@
+module github.com/packethost/tinkerbell
+
+go 1.13
+
+require (
+	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
+	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/containerd/containerd v1.3.2 // indirect
+	github.com/docker/distribution v2.7.1+incompatible
+	github.com/docker/docker v1.4.2-0.20191212201129-5f9f41018e9d
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/go-openapi/strfmt v0.19.3 // indirect
+	github.com/golang/protobuf v1.3.2-0.20190318194812-d3c38a4eb497
+	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20160910222444-6b7015e65d36
+	github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jedib0t/go-pretty v4.3.0+incompatible
+	github.com/kr/pretty v0.2.0 // indirect
+	github.com/lib/pq v1.2.1-0.20191011153232-f91d3411e481
+	github.com/magiconair/properties v1.8.0 // indirect
+	github.com/mattn/go-runewidth v0.0.5 // indirect
+	github.com/mitchellh/go-homedir v1.0.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/olivere/elastic/v7 v7.0.9 // indirect
+	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
+	github.com/opencontainers/image-spec v1.0.1 // indirect
+	github.com/packethost/pkg v0.0.0-20190410153520-e8e15f4ce770
+	github.com/pelletier/go-toml v1.2.0 // indirect
+	github.com/pkg/errors v0.8.1
+	github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829
+	github.com/rollbar/rollbar-go v1.0.2 // indirect
+	github.com/satori/go.uuid v1.2.0
+	github.com/sirupsen/logrus v1.4.1
+	github.com/spf13/afero v1.1.1 // indirect
+	github.com/spf13/cast v1.2.0 // indirect
+	github.com/spf13/cobra v0.0.3
+	github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec // indirect
+	github.com/spf13/pflag v1.0.1 // indirect
+	github.com/spf13/viper v1.0.2
+	github.com/stretchr/testify v1.3.0
+	go.mongodb.org/mongo-driver v1.1.2 // indirect
+	go.uber.org/atomic v1.2.0 // indirect
+	go.uber.org/multierr v1.1.0 // indirect
+	go.uber.org/zap v1.7.1 // indirect
+	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
+	google.golang.org/grpc v1.20.1
+	gopkg.in/yaml.v2 v2.2.2
+	gotest.tools v2.2.0+incompatible // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 000000000..24ea24ce4
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,279 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
+github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
+github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/aws/aws-sdk-go v1.25.25/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
+github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
+github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v1.4.2-0.20190319215453-e7b5f7dbe98c h1:lsQ7OTWpUMGuTGbtxhUNmq1JxuCYdwri4SajhvsRqW4=
+github.com/docker/docker v1.4.2-0.20190319215453-e7b5f7dbe98c/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v1.4.2-0.20191212201129-5f9f41018e9d h1:OVXiYAdNJc5sLW3mmCUG0lIBv6cXEwnMqdQ84cegCOY=
+github.com/docker/docker v1.4.2-0.20191212201129-5f9f41018e9d/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v1.13.1 h1:IkZjBSIc8hBjLpqeAbeE5mca5mNgeatLHBy3GO78BWo=
+github.com/docker/docker v1.13.1/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
+github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
+github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
+github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
+github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-openapi/errors v0.19.2 h1:a2kIyV3w+OS3S97zxUndRVD46+FhGOUBDFY7nmu4CsY=
+github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
+github.com/go-openapi/strfmt v0.19.3 h1:eRfyY5SkaNJCAwmmMcADjY31ow9+N7MCLW7oRkbsINA=
+github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
+github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2-0.20190318194812-d3c38a4eb497 h1:5mkx1LI1iV+rjlOjWq4uRg00nMQztq85do3Pl6UfShA=
+github.com/golang/protobuf v1.3.2-0.20190318194812-d3c38a4eb497/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 h1:Iju5GlWwrvL6UBg4zJJt3btmonfrMlCDdsejg4CZE7c=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20160910222444-6b7015e65d36 h1:cwTrrTEhz13khQS3/UZMLFWwiqlcsdp/2sxFmSjAWeQ=
+github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20160910222444-6b7015e65d36/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce h1:xdsDDbiBDQTKASoGEZ+pEmF1OnWuu8AQ9I8iNbHNeno=
+github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jedib0t/go-pretty v4.3.0+incompatible h1:CGs8AVhEKg/n9YbUenWmNStRW2PHJzaeDodcfvRAbIo=
+github.com/jedib0t/go-pretty v4.3.0+incompatible/go.mod h1:XemHduiw8R651AF9Pt4FwCTKeG3oo7hrHJAoznj9nag=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lib/pq v1.2.1-0.20191011153232-f91d3411e481 h1:r9fnMM01mkhtfe6QfLrr/90mBVLnJHge2jGeBvApOjk=
+github.com/lib/pq v1.2.1-0.20191011153232-f91d3411e481/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e h1:hB2xlXdHp/pmPZq0y3QnmWAArdw9PqbmotexnWx/FU8=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mattn/go-runewidth v0.0.5 h1:jrGtp51JOKTWgvLFzfG6OtZOJcK2sEnzc/U+zw7TtbA=
+github.com/mattn/go-runewidth v0.0.5/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v0.0.0-20180511142126-bb74f1db0675/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/olivere/elastic v6.2.26+incompatible h1:3PjUHKyt8xKwbFQpRC5cgtEY7Qz6ejopBkukhI7UWvE=
+github.com/olivere/elastic/v7 v7.0.9 h1:+bTR1xJbfLYD8WnTBt9672mFlKxjfWRJpEQ1y8BMS3g=
+github.com/olivere/elastic/v7 v7.0.9/go.mod h1:2TeRd0vhLRTK9zqm5xP0uLiVeZ5yUoL7kZ+8SZA9r9Y=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
+github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
+github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
+github.com/packethost/pkg v0.0.0-20190410153520-e8e15f4ce770 h1:M/ErkHz96yXYNdcu0G7kX5Qa1HUliL5QczNdA9/0k40=
+github.com/packethost/pkg v0.0.0-20190410153520-e8e15f4ce770/go.mod h1:cbOkI4WbX7B68Nj552pbadMrjVy2oMIVazIEo7z+qWQ=
+github.com/packethost/tinkerbell v0.0.0-20200317144505-786c34a48f92 h1:QKdq4bjSOOmE02tNbmcj4LdLr0xNtHKyWSpEVfoZFHc=
+github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.0-pre1.0.20180602003245-a62824bd1b05 h1:30k/AC7+JalJtkRd9y3CKBfdoF9tDSRIrkevri0Ka04=
+github.com/prometheus/client_golang v0.9.0-pre1.0.20180602003245-a62824bd1b05/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829 h1:D+CiwcpGTW6pL6bv6KI3KbyEyCKyS+1JWS2h8PNDnGA=
+github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
+github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5 h1:cLL6NowurKLMfCeQy4tIeph12XNQWgANCNvdyrOYKV4=
+github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f h1:BVwpUVJDADN2ufcGik7W992pyps0wZ888b/y9GXcLTU=
+github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/common v0.0.0-20180518154759-7600349dcfe1 h1:osmNoEW2SCW3L7EX0km2LYM8HKpNWRiouxjE3XHkyGc=
+github.com/prometheus/common v0.0.0-20180518154759-7600349dcfe1/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.2.0 h1:kUZDBDTdBVBYBj5Tmh2NZLlF60mfjA27rM34b+cVwNU=
+github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20180601124529-94663424ae5a h1:Qs9Yu4moby3L1ECWFy8vhMlj32/+/kwps8zah0+aLqg=
+github.com/prometheus/procfs v0.0.0-20180601124529-94663424ae5a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1 h1:/K3IL0Z1quvmJ7X0A1AwNEK7CRkVK3YwfOU/QAL4WGg=
+github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/rollbar/rollbar-go v1.0.2 h1:uA3+z0jq6ka9WUUt9VX/xuiQZXZyWRoeKvkhVvLO9Jc=
+github.com/rollbar/rollbar-go v1.0.2/go.mod h1:AcFs5f0I+c71bpHlXNNDbOWJiKwjFDtISeXco0L5PKQ=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
+github.com/spf13/afero v1.1.1 h1:Lt3ihYMlE+lreX1GS4Qw4ZsNpYQLxIXKBTEOXm3nt6I=
+github.com/spf13/afero v1.1.1/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/cast v1.2.0 h1:HHl1DSRbEQN2i8tJmtS6ViPyHx35+p51amrdsiTCrkg=
+github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
+github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec h1:2ZXvIUGghLpdTVHR1UfvfrzoVlZaE/yOWC5LueIHZig=
+github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4=
+github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/viper v1.0.2 h1:Ncr3ZIuJn322w2k1qmzXDnkLAdQMlJqBa9kfAH+irso=
+github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mongodb.org/mongo-driver v1.1.2 h1:jxcFYjlkl8xaERsgLo+RNquI0epW6zuy/ZRQs6jnrFA=
+go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+go.opencensus.io v0.22.1/go.mod h1:Ap50jQcDJrx6rB6VgeeFPtuPIf3wMRvRfrfYDO6+BmA=
+go.uber.org/atomic v1.2.0 h1:yVVGhClJ8Xi1y4TxhJZE6QFPrz76BrzhWA01n47mSFk=
+go.uber.org/atomic v1.2.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.7.1 h1:wKPciimwkIgV4Aag/wpSDzvtO5JrfwdHKHO7blTHx7Q=
+go.uber.org/zap v1.7.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022 h1:MVYFTUmVD3/+ERcvRRI+P/C2+WOUimXh+Pd8LVsklZ4=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180625162522-a200a19cb90b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd h1:r7DufRZuZbWB7j439YfAzP8RPDa9unLkpwQKUYbIMPI=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180531194445-4065a77fc542 h1:xFLyqDzeFAHe/keCnNR40Udo4nXHnSOtQJVEJATtqe4=
+google.golang.org/genproto v0.0.0-20180531194445-4065a77fc542/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb h1:i1Ppqkc3WQXikh8bXiwHqAN5Rv3/qDCcRk0/Otx73BY=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/grpc v1.12.0 h1:Mm8atZtkT+P6R43n/dqNDWkPPu5BwRVu/1rJnJCeZH8=
+google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/grpc-server/grpc-server.go b/grpc-server/grpc-server.go
new file mode 100644
index 000000000..7e8ba8d3b
--- /dev/null
+++ b/grpc-server/grpc-server.go
@@ -0,0 +1,147 @@
+package grpcserver
+
+import (
+	"context"
+	"crypto/tls"
+	"database/sql"
+	"io/ioutil"
+	"net"
+	"os"
+	"strings"
+	"sync"
+	"time"
+
+	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
+	"github.com/packethost/pkg/log"
+	"github.com/packethost/tinkerbell/db"
+	"github.com/packethost/tinkerbell/metrics"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/packethost/tinkerbell/protos/template"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+var (
+	logger         log.Logger
+	grpcListenAddr = ":42113"
+)
+
+// Server is the gRPC server for tinkerbell
+type server struct {
+	cert []byte
+	modT time.Time
+
+	db   *sql.DB
+	quit <-chan struct{}
+
+	dbLock  sync.RWMutex
+	dbReady bool
+
+	watchLock sync.RWMutex
+	watch     map[string]chan string
+}
+
+// SetupGRPC setup and return a gRPC server
+func SetupGRPC(ctx context.Context, log log.Logger, facility string, errCh chan<- error) ([]byte, time.Time) {
+	params := []grpc.ServerOption{
+		grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
+		grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
+	}
+	logger = log
+	metrics.SetupMetrics(facility, logger)
+	db := db.ConnectDB(logger)
+	server := &server{
+		db:      db,
+		dbReady: true,
+	}
+	if cert := os.Getenv("TINKERBELL_TLS_CERT"); cert != "" {
+		server.cert = []byte(cert)
+		server.modT = time.Now()
+	} else {
+		tlsCert, certPEM, modT := getCerts(facility, logger)
+		params = append(params, grpc.Creds(credentials.NewServerTLSFromCert(&tlsCert)))
+		server.cert = certPEM
+		server.modT = modT
+	}
+
+	// register servers
+	s := grpc.NewServer(params...)
+	template.RegisterTemplateServer(s, server)
+	target.RegisterTargetServer(s, server)
+	workflow.RegisterWorkflowSvcServer(s, server)
+	hardware.RegisterHardwareServiceServer(s, server)
+
+	grpc_prometheus.Register(s)
+
+	go func() {
+		logger.Info("serving grpc")
+		lis, err := net.Listen("tcp", grpcListenAddr)
+		if err != nil {
+			err = errors.Wrap(err, "failed to listen")
+			logger.Error(err)
+			panic(err)
+		}
+
+		errCh <- s.Serve(lis)
+	}()
+
+	go func() {
+		<-ctx.Done()
+		s.GracefulStop()
+	}()
+	return server.cert, server.modT
+}
+
+func getCerts(facility string, logger log.Logger) (tls.Certificate, []byte, time.Time) {
+	var (
+		certPEM []byte
+		modT    time.Time
+	)
+
+	certsDir := os.Getenv("TINKERBELL_CERTS_DIR")
+	if certsDir == "" {
+		certsDir = "/certs/" + facility
+	}
+	if !strings.HasSuffix(certsDir, "/") {
+		certsDir += "/"
+	}
+
+	certFile, err := os.Open(certsDir + "bundle.pem")
+	if err != nil {
+		err = errors.Wrap(err, "failed to open TLS cert")
+		logger.Error(err)
+		panic(err)
+	}
+
+	if stat, err := certFile.Stat(); err != nil {
+		err = errors.Wrap(err, "failed to stat TLS cert")
+		logger.Error(err)
+		panic(err)
+	} else {
+		modT = stat.ModTime()
+	}
+
+	certPEM, err = ioutil.ReadAll(certFile)
+	if err != nil {
+		err = errors.Wrap(err, "failed to read TLS cert")
+		logger.Error(err)
+		panic(err)
+	}
+	keyPEM, err := ioutil.ReadFile(certsDir + "server-key.pem")
+	if err != nil {
+		err = errors.Wrap(err, "failed to read TLS key")
+		logger.Error(err)
+		panic(err)
+	}
+
+	cert, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		err = errors.Wrap(err, "failed to ingest TLS files")
+		logger.Error(err)
+		panic(err)
+	}
+	return cert, certPEM, modT
+}
diff --git a/grpc-server/hardware.go b/grpc-server/hardware.go
new file mode 100644
index 000000000..081dd6268
--- /dev/null
+++ b/grpc-server/hardware.go
@@ -0,0 +1,246 @@
+package grpcserver
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/packethost/tinkerbell/db"
+	"github.com/packethost/tinkerbell/metrics"
+	"github.com/packethost/tinkerbell/protos/hardware"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func (s *server) Push(ctx context.Context, in *hardware.PushRequest) (*hardware.Empty, error) {
+	logger.Info("push")
+	labels := prometheus.Labels{"method": "Push", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	// must be a copy so deferred cacheInFlight.Dec matches the Inc
+	labels = prometheus.Labels{"method": "Push", "op": ""}
+
+	var h struct {
+		ID    string
+		State string
+	}
+	err := json.Unmarshal([]byte(in.Data), &h)
+	if err != nil {
+		metrics.CacheTotals.With(labels).Inc()
+		metrics.CacheErrors.With(labels).Inc()
+		err = errors.Wrap(err, "unmarshal json")
+		logger.Error(err)
+		return &hardware.Empty{}, err
+	}
+
+	if h.ID == "" {
+		metrics.CacheTotals.With(labels).Inc()
+		metrics.CacheErrors.With(labels).Inc()
+		err = errors.New("id must be set to a UUID")
+		logger.Error(err)
+		return &hardware.Empty{}, err
+	}
+
+	logger.With("id", h.ID).Info("data pushed")
+
+	var fn func() error
+	msg := ""
+	if h.State != "deleted" {
+		labels["op"] = "insert"
+		msg = "inserting into DB"
+		fn = func() error { return db.InsertIntoDB(ctx, s.db, in.Data) }
+	} else {
+		msg = "deleting from DB"
+		labels["op"] = "delete"
+		fn = func() error { return db.DeleteFromDB(ctx, s.db, h.ID) }
+	}
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err = fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+
+	s.watchLock.RLock()
+	if ch := s.watch[h.ID]; ch != nil {
+		select {
+		case ch <- in.Data:
+		default:
+			metrics.WatchMissTotal.Inc()
+			logger.With("id", h.ID).Info("skipping blocked watcher")
+		}
+	}
+	s.watchLock.RUnlock()
+
+	return &hardware.Empty{}, err
+}
+
+func (s *server) Ingest(ctx context.Context, in *hardware.Empty) (*hardware.Empty, error) {
+	logger.Info("ingest")
+	labels := prometheus.Labels{"method": "Ingest", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	logger.Info("Ingest called but is deprecated")
+
+	return &hardware.Empty{}, nil
+}
+
+func (s *server) by(method string, fn func() (string, error)) (*hardware.Hardware, error) {
+	labels := prometheus.Labels{"method": method, "op": "get"}
+
+	metrics.CacheTotals.With(labels).Inc()
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+	j, err := fn()
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		return &hardware.Hardware{}, err
+	}
+
+	if j == "" {
+		s.dbLock.RLock()
+		ready := s.dbReady
+		s.dbLock.RUnlock()
+		if !ready {
+			metrics.CacheStalls.With(labels).Inc()
+			return &hardware.Hardware{}, errors.New("DB is not ready")
+		}
+	}
+
+	metrics.CacheHits.With(labels).Inc()
+	return &hardware.Hardware{JSON: j}, nil
+}
+
+func (s *server) ByMAC(ctx context.Context, in *hardware.GetRequest) (*hardware.Hardware, error) {
+	return s.by("ByMAC", func() (string, error) {
+		return db.GetByMAC(ctx, s.db, in.MAC)
+	})
+}
+
+func (s *server) ByIP(ctx context.Context, in *hardware.GetRequest) (*hardware.Hardware, error) {
+	return s.by("ByIP", func() (string, error) {
+		return db.GetByIP(ctx, s.db, in.IP)
+	})
+}
+
+// ByID implements cacher.CacherServer
+func (s *server) ByID(ctx context.Context, in *hardware.GetRequest) (*hardware.Hardware, error) {
+	return s.by("ByID", func() (string, error) {
+		return db.GetByID(ctx, s.db, in.ID)
+	})
+}
+
+// ALL implements cacher.CacherServer
+func (s *server) All(_ *hardware.Empty, stream hardware.HardwareService_AllServer) error {
+	labels := prometheus.Labels{"method": "All", "op": "get"}
+
+	metrics.CacheTotals.With(labels).Inc()
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	s.dbLock.RLock()
+	ready := s.dbReady
+	s.dbLock.RUnlock()
+	if !ready {
+		metrics.CacheStalls.With(labels).Inc()
+		return errors.New("DB is not ready")
+	}
+
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+	err := db.GetAll(s.db, func(j string) error {
+		return stream.Send(&hardware.Hardware{JSON: j})
+	})
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		return err
+	}
+
+	metrics.CacheHits.With(labels).Inc()
+	return nil
+}
+
+func (s *server) Watch(in *hardware.GetRequest, stream hardware.HardwareService_WatchServer) error {
+	l := logger.With("id", in.ID)
+
+	ch := make(chan string, 1)
+	s.watchLock.Lock()
+	old, ok := s.watch[in.ID]
+	if ok {
+		l.Info("evicting old watch")
+		close(old)
+	}
+	s.watch[in.ID] = ch
+	s.watchLock.Unlock()
+
+	labels := prometheus.Labels{"method": "Watch", "op": "push"}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	disconnect := true
+	defer func() {
+		if !disconnect {
+			return
+		}
+		s.watchLock.Lock()
+		delete(s.watch, in.ID)
+		s.watchLock.Unlock()
+		close(ch)
+	}()
+
+	hw := &hardware.Hardware{}
+	for {
+		select {
+		case <-s.quit:
+			l.Info("server is shutting down")
+			return status.Error(codes.OK, "server is shutting down")
+		case <-stream.Context().Done():
+			l.Info("client disconnected")
+			return status.Error(codes.OK, "client disconnected")
+		case j, ok := <-ch:
+			if !ok {
+				disconnect = false
+				l.Info("we are being evicted, goodbye")
+				// ch was replaced and already closed
+				return status.Error(codes.Unknown, "evicted")
+			}
+
+			hw.Reset()
+			hw.JSON = j
+			err := stream.Send(hw)
+			if err != nil {
+				metrics.CacheErrors.With(labels).Inc()
+				err = errors.Wrap(err, "stream send")
+				l.Error(err)
+				return err
+			}
+		}
+	}
+}
+
+// Cert returns the public cert that can be served to clients
+func (s *server) Cert() []byte {
+	return s.cert
+}
+
+// ModTime returns the modified-time of the grpc cert
+func (s *server) ModTime() time.Time {
+	return s.modT
+}
diff --git a/grpc-server/target.go b/grpc-server/target.go
new file mode 100644
index 000000000..61b601eb1
--- /dev/null
+++ b/grpc-server/target.go
@@ -0,0 +1,147 @@
+package grpcserver
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/packethost/tinkerbell/db"
+	"github.com/packethost/tinkerbell/protos/target"
+	"github.com/pkg/errors"
+	uuid "github.com/satori/go.uuid"
+)
+
+// TARGETS GRPC ENDPOINTS START
+func (s *server) CreateTargets(ctx context.Context, in *target.PushRequest) (*target.UUID, error) {
+	logger.Info("create Targets")
+
+	type machine map[string]string
+
+	var h struct {
+		ID      string
+		Targets map[string]machine
+	}
+
+	uuid := uuid.NewV4().String()
+	err := json.Unmarshal([]byte(in.Data), &h)
+	if err != nil {
+		err = errors.Wrap(err, "unmarshal json")
+		logger.Error(err)
+		return &target.UUID{}, err
+	}
+	h.ID = uuid
+	if h.ID == "" {
+		err = errors.New("id must be set to a UUID")
+		logger.Error(err)
+		return &target.UUID{}, err
+	}
+
+	var fn func() error
+	msg := "inserting into targets DB"
+	fn = func() error { return db.InsertIntoTargetDB(ctx, s.db, in.Data, uuid) }
+	logger.Info(msg)
+
+	err = fn()
+
+	logger.Info("done " + msg)
+	logger.With("id", h.ID).Info("data pushed")
+	if err != nil {
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &target.UUID{Uuid: uuid}, err
+}
+
+// This will give you the targets which belongs to the input id
+func (s *server) TargetByID(ctx context.Context, in *target.GetRequest) (*target.Targets, error) {
+	j, err := db.TargetsByID(ctx, s.db, in.ID)
+	if err != nil {
+		return &target.Targets{}, err
+	}
+	return &target.Targets{JSON: j}, nil
+}
+
+// This will update the targets values which belongs to the input id and data
+func (s *server) UpdateTargetByID(ctx context.Context, in *target.UpdateRequest) (*target.Empty, error) {
+	logger.Info("Update Targets")
+
+	type machine map[string]string
+	var t struct {
+		Targets map[string]machine
+	}
+
+	err := json.Unmarshal([]byte(in.Data), &t)
+	if err != nil {
+		err = errors.Wrap(err, "unmarshal json")
+		logger.Error(err)
+		return &target.Empty{}, err
+	}
+	if in.ID == "" {
+		err = errors.New("id must be set to an existing UUID")
+		logger.Error(err)
+		return &target.Empty{}, err
+	}
+
+	var fn func() error
+	msg := "Updating into targets DB for ID : "
+	fn = func() error { return db.InsertIntoTargetDB(ctx, s.db, in.Data, in.ID) }
+	logger.Info(msg + in.ID)
+
+	err = fn()
+
+	logger.Info("done " + msg + in.ID)
+	logger.With("id", in.ID).Info("data pushed")
+	if err != nil {
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &target.Empty{}, err
+}
+
+// This will delete (soft delete) the targets which belongs to the input id
+func (s *server) DeleteTargetByID(ctx context.Context, in *target.GetRequest) (*target.Empty, error) {
+	logger.Info("Delete Targets")
+
+	if in.ID == "" {
+		err := errors.New("id must be provided")
+		logger.Error(err)
+		return &target.Empty{}, err
+	}
+
+	var fn func() error
+	msg := "Deleting into targets Table for ID : "
+	fn = func() error { return db.DeleteFromTargetDB(ctx, s.db, in.ID) }
+	logger.Info(msg + in.ID)
+
+	err := fn()
+
+	logger.Info("done " + msg + in.ID)
+	logger.With("id", in.ID).Info("data deleted")
+	if err != nil {
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &target.Empty{}, err
+}
+
+// ListTargets implements target.ListTargets
+func (s *server) ListTargets(_ *target.Empty, stream target.Target_ListTargetsServer) error {
+
+	logger.Info("list targets")
+	err := db.ListTargets(s.db, func(id, json string) error {
+		return stream.Send(&target.TargetList{ID: id, Data: json})
+	})
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/grpc-server/template.go b/grpc-server/template.go
new file mode 100644
index 000000000..5fa7cf11e
--- /dev/null
+++ b/grpc-server/template.go
@@ -0,0 +1,166 @@
+package grpcserver
+
+import (
+	"context"
+
+	"github.com/golang/protobuf/ptypes/timestamp"
+	"github.com/packethost/tinkerbell/db"
+	"github.com/packethost/tinkerbell/metrics"
+	"github.com/packethost/tinkerbell/protos/template"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	uuid "github.com/satori/go.uuid"
+)
+
+// CreateTemplate implements template.CreateTemplate
+func (s *server) CreateTemplate(ctx context.Context, in *template.WorkflowTemplate) (*template.CreateResponse, error) {
+	logger.Info("createtemplate")
+	labels := prometheus.Labels{"method": "CreateTemplate", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "createtemplate"
+	msg = "creating a new Teamplate"
+	id := uuid.NewV4()
+	fn := func() error { return db.CreateTemplate(ctx, s.db, in.Name, in.Data, id) }
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+		return &template.CreateResponse{}, err
+	}
+	return &template.CreateResponse{Id: id.String()}, err
+}
+
+// GetTemplate implements template.GetTemplate
+func (s *server) GetTemplate(ctx context.Context, in *template.GetRequest) (*template.WorkflowTemplate, error) {
+	logger.Info("gettemplate")
+	labels := prometheus.Labels{"method": "GetTemplate", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "get"
+	msg = "getting a template"
+
+	fn := func() ([]byte, error) { return db.GetTemplate(ctx, s.db, in.Id) }
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	d, err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &template.WorkflowTemplate{Id: in.Id, Data: d}, err
+}
+
+// DeleteTemplate implements template.DeleteTemplate
+func (s *server) DeleteTemplate(ctx context.Context, in *template.GetRequest) (*template.Empty, error) {
+	logger.Info("deletetemplate")
+	labels := prometheus.Labels{"method": "DeleteTemplate", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "delete"
+	msg = "deleting a template"
+	fn := func() error { return db.DeleteTemplate(ctx, s.db, in.Id) }
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &template.Empty{}, err
+}
+
+// ListTemplates implements template.ListTemplates
+func (s *server) ListTemplates(_ *template.Empty, stream template.Template_ListTemplatesServer) error {
+	logger.Info("listtemplates")
+	labels := prometheus.Labels{"method": "ListTemplates", "op": "list"}
+	metrics.CacheTotals.With(labels).Inc()
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	s.dbLock.RLock()
+	ready := s.dbReady
+	s.dbLock.RUnlock()
+	if !ready {
+		metrics.CacheStalls.With(labels).Inc()
+		return errors.New("DB is not ready")
+	}
+
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+	err := db.ListTemplates(s.db, func(id, n string, crTime, upTime *timestamp.Timestamp) error {
+		return stream.Send(&template.WorkflowTemplate{Id: id, Name: n, CreatedAt: crTime, UpdatedAt: upTime})
+	})
+
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		return err
+	}
+
+	metrics.CacheHits.With(labels).Inc()
+	return nil
+}
+
+// UpdateTemplate implements template.UpdateTemplate
+func (s *server) UpdateTemplate(ctx context.Context, in *template.WorkflowTemplate) (*template.Empty, error) {
+	logger.Info("updatetemplate")
+	labels := prometheus.Labels{"method": "UpdateTemplate", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "updatetemplate"
+	msg = "updating a template"
+	fn := func() error { return db.UpdateTemplate(ctx, s.db, in.Name, in.Data, uuid.FromStringOrNil(in.Id)) }
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &template.Empty{}, err
+}
diff --git a/grpc-server/tinkerbell.go b/grpc-server/tinkerbell.go
new file mode 100644
index 000000000..f71b6ac7d
--- /dev/null
+++ b/grpc-server/tinkerbell.go
@@ -0,0 +1,43 @@
+package grpcserver
+
+import (
+	"context"
+
+	exec "github.com/packethost/tinkerbell/executor"
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+)
+
+// GetWorkflowContexts implements tinkerbell.GetWorkflowContexts
+func (s *server) GetWorkflowContexts(context context.Context, req *pb.WorkflowContextRequest) (*pb.WorkflowContextList, error) {
+	return exec.GetWorkflowContexts(context, req, s.db)
+}
+
+// GetWorkflowActions implements tinkerbell.GetWorkflowActions
+func (s *server) GetWorkflowActions(context context.Context, req *pb.WorkflowActionsRequest) (*pb.WorkflowActionList, error) {
+	return exec.GetWorkflowActions(context, req, s.db)
+}
+
+// ReportActionStatus implements tinkerbell.ReportActionStatus
+func (s *server) ReportActionStatus(context context.Context, req *pb.WorkflowActionStatus) (*pb.Empty, error) {
+	return exec.ReportActionStatus(context, req, s.db)
+}
+
+// Update Workflow Ephemeral Data
+func (s *server) UpdateWorkflowData(context context.Context, req *pb.UpdateWorkflowDataRequest) (*pb.Empty, error) {
+	return exec.UpdateWorkflowData(context, req, s.db)
+}
+
+// Get Workflow Ephemeral Data
+func (s *server) GetWorkflowData(context context.Context, req *pb.GetWorkflowDataRequest) (*pb.GetWorkflowDataResponse, error) {
+	return exec.GetWorkflowData(context, req, s.db)
+}
+
+// GetWorkflowMetadata returns metadata wrt to the ephemeral data of a workflow
+func (s *server) GetWorkflowMetadata(context context.Context, req *pb.GetWorkflowDataRequest) (*pb.GetWorkflowDataResponse, error) {
+	return exec.GetWorkflowMetadata(context, req, s.db)
+}
+
+// GetWorkflowDataVersion returns the latest version of data for a workflow
+func (s *server) GetWorkflowDataVersion(context context.Context, req *pb.GetWorkflowDataRequest) (*pb.GetWorkflowDataResponse, error) {
+	return exec.GetWorkflowDataVersion(context, req.WorkflowID, s.db)
+}
diff --git a/grpc-server/workflow.go b/grpc-server/workflow.go
new file mode 100644
index 000000000..8fe377ce8
--- /dev/null
+++ b/grpc-server/workflow.go
@@ -0,0 +1,301 @@
+package grpcserver
+
+import (
+	"bytes"
+	"context"
+	"database/sql"
+	"encoding/json"
+	"text/template"
+
+	"github.com/packethost/tinkerbell/db"
+	"github.com/packethost/tinkerbell/metrics"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	workflowpb "github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	uuid "github.com/satori/go.uuid"
+)
+
+var state = map[int32]workflow.State{
+	0: workflow.State_PENDING,
+	1: workflow.State_RUNNING,
+	2: workflow.State_FAILED,
+	3: workflow.State_TIMEOUT,
+	4: workflow.State_SUCCESS,
+}
+
+// CreateWorkflow implements workflow.CreateWorkflow
+func (s *server) CreateWorkflow(ctx context.Context, in *workflow.CreateRequest) (*workflow.CreateResponse, error) {
+	logger.Info("createworkflow")
+	labels := prometheus.Labels{"method": "CreateWorkflow", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+	msg := ""
+	labels["op"] = "createworkflow"
+	msg = "creating a new workflow"
+	id := uuid.NewV4()
+	//var data string
+	fn := func() error {
+		wf := db.Workflow{
+			ID:       id.String(),
+			Template: in.Template,
+			Target:   in.Target,
+			State:    workflow.State_value[workflow.State_PENDING.String()],
+		}
+		data, err := createYaml(ctx, s.db, in.Template, in.Target)
+		if err != nil {
+			return errors.Wrap(err, "Failed to create Yaml")
+		}
+		err = db.CreateWorkflow(ctx, s.db, wf, data, id)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+		return &workflow.CreateResponse{}, err
+	}
+	return &workflow.CreateResponse{Id: id.String()}, err
+}
+
+// GetWorkflow implements workflow.GetWorkflow
+func (s *server) GetWorkflow(ctx context.Context, in *workflow.GetRequest) (*workflow.Workflow, error) {
+	logger.Info("getworkflow")
+	labels := prometheus.Labels{"method": "GetWorkflow", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "get"
+	msg = "getting a workflow"
+
+	fn := func() (db.Workflow, error) { return db.GetWorkflow(ctx, s.db, in.Id) }
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	w, err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	yamlData, err := createYaml(ctx, s.db, w.Template, w.Target)
+	if err != nil {
+		return &workflow.Workflow{}, err
+	}
+	wf := &workflow.Workflow{
+		Id:       w.ID,
+		Template: w.Template,
+		Target:   w.Target,
+		State:    state[w.State],
+		Data:     yamlData,
+	}
+	return wf, err
+}
+
+// DeleteWorkflow implements workflow.DeleteWorkflow
+func (s *server) DeleteWorkflow(ctx context.Context, in *workflow.GetRequest) (*workflow.Empty, error) {
+	logger.Info("deleteworkflow")
+	labels := prometheus.Labels{"method": "DeleteWorkflow", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "delete"
+	msg = "deleting a workflow"
+	fn := func() error {
+		// update only if not in running state
+		return db.DeleteWorkflow(ctx, s.db, in.Id, workflow.State_value[workflow.State_RUNNING.String()])
+	}
+
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	return &workflow.Empty{}, err
+}
+
+// ListWorkflows implements workflow.ListWorkflows
+func (s *server) ListWorkflows(_ *workflow.Empty, stream workflow.WorkflowSvc_ListWorkflowsServer) error {
+	logger.Info("listworkflows")
+	labels := prometheus.Labels{"method": "ListWorkflows", "op": "list"}
+	metrics.CacheTotals.With(labels).Inc()
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	s.dbLock.RLock()
+	ready := s.dbReady
+	s.dbLock.RUnlock()
+	if !ready {
+		metrics.CacheStalls.With(labels).Inc()
+		return errors.New("DB is not ready")
+	}
+
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+	err := db.ListWorkflows(s.db, func(w db.Workflow) error {
+		wf := &workflowpb.Workflow{
+			Id:        w.ID,
+			Template:  w.Template,
+			Target:    w.Target,
+			CreatedAt: w.CreatedAt,
+			UpdatedAt: w.UpdatedAt,
+		}
+		return stream.Send(wf)
+	})
+
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		return err
+	}
+
+	metrics.CacheHits.With(labels).Inc()
+	return nil
+}
+
+func (s *server) GetWorkflowContext(ctx context.Context, in *workflow.GetRequest) (*workflow.WorkflowContext, error) {
+	logger.Info("GetworkflowContext")
+	labels := prometheus.Labels{"method": "GetWorkflowContext", "op": ""}
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	msg := ""
+	labels["op"] = "get"
+	msg = "getting a workflow"
+
+	fn := func() (*workflowpb.WorkflowContext, error) { return db.GetWorkflowContexts(ctx, s.db, in.Id) }
+	metrics.CacheTotals.With(labels).Inc()
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+
+	logger.Info(msg)
+	w, err := fn()
+	logger.Info("done " + msg)
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		l := logger
+		if pqErr := db.Error(err); pqErr != nil {
+			l = l.With("detail", pqErr.Detail, "where", pqErr.Where)
+		}
+		l.Error(err)
+	}
+	wf := &workflow.WorkflowContext{
+		WorkflowId:           w.WorkflowId,
+		CurrentWorker:        w.CurrentWorker,
+		CurrentTask:          w.CurrentTask,
+		CurrentAction:        w.CurrentAction,
+		CurrentActionIndex:   w.CurrentActionIndex,
+		CurrentActionState:   workflow.ActionState(w.CurrentActionState),
+		TotalNumberOfActions: w.TotalNumberOfActions,
+	}
+	return wf, err
+}
+
+// ShowWorflowevents  implements workflow.ShowWorflowEvents
+func (s *server) ShowWorkflowEvents(req *workflow.GetRequest, stream workflow.WorkflowSvc_ShowWorkflowEventsServer) error {
+	logger.Info("List workflows Events")
+	labels := prometheus.Labels{"method": "ShowWorkflowEvents", "op": "list"}
+	metrics.CacheTotals.With(labels).Inc()
+	metrics.CacheInFlight.With(labels).Inc()
+	defer metrics.CacheInFlight.With(labels).Dec()
+
+	s.dbLock.RLock()
+	ready := s.dbReady
+	s.dbLock.RUnlock()
+	if !ready {
+		metrics.CacheStalls.With(labels).Inc()
+		return errors.New("DB is not ready")
+	}
+
+	timer := prometheus.NewTimer(metrics.CacheDuration.With(labels))
+	defer timer.ObserveDuration()
+	err := db.ShowWorkflowEvents(s.db, req.Id, func(w workflowpb.WorkflowActionStatus) error {
+		wfs := &workflow.WorkflowActionStatus{
+			WorkerId:     w.WorkerId,
+			TaskName:     w.TaskName,
+			ActionName:   w.ActionName,
+			ActionStatus: workflow.ActionState(w.ActionStatus),
+			Seconds:      w.Seconds,
+			Message:      w.Message,
+			CreatedAt:    w.CreatedAt,
+		}
+		return stream.Send(wfs)
+	})
+
+	if err != nil {
+		metrics.CacheErrors.With(labels).Inc()
+		return err
+	}
+	logger.Info("Done Listing workflows Events")
+	metrics.CacheHits.With(labels).Inc()
+	return nil
+}
+
+func createYaml(ctx context.Context, sqlDB *sql.DB, temp string, tar string) (string, error) {
+	tempData, err := db.GetTemplate(ctx, sqlDB, temp)
+	if err != nil {
+		return "", err
+	}
+	tarData, err := db.TargetsByID(ctx, sqlDB, tar)
+	if err != nil {
+		return "", err
+	}
+	return renderTemplate(string(tempData), []byte(tarData))
+}
+
+func renderTemplate(tempData string, tarData []byte) (string, error) {
+	type machine map[string]string
+	type Environment struct {
+		Targets map[string]machine `json:"targets"`
+	}
+
+	var env Environment
+	t := template.New("workflow-template")
+	_, err := t.Parse(tempData)
+	if err != nil {
+		logger.Error(err)
+		return "", nil
+	}
+	err = json.Unmarshal(tarData, &env)
+	if err != nil {
+		logger.Error(err)
+		return "", nil
+	}
+	buf := new(bytes.Buffer)
+	err = t.Execute(buf, env)
+	if err != nil {
+		return "", nil
+	}
+	return buf.String(), nil
+}
diff --git a/hack/update-gofmt.sh b/hack/update-gofmt.sh
new file mode 100755
index 000000000..86239ddb0
--- /dev/null
+++ b/hack/update-gofmt.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+find_files() {
+  find . -not \( \
+      \( \
+        -wholename '*/vendor/*' \
+      \) -prune \
+    \) -name '*.go'
+}
+
+find_files | xargs gofmt -w -s
diff --git a/hack/verify-gofmt.sh b/hack/verify-gofmt.sh
new file mode 100755
index 000000000..e415dc712
--- /dev/null
+++ b/hack/verify-gofmt.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+find_files() {
+  find . -not \( \
+      \( \
+        -wholename '*/vendor/*' \
+      \) -prune \
+    \) -name '*.go'
+}
+
+bad_files=$(find_files | xargs gofmt -d -s 2>&1)
+if [[ -n "${bad_files}" ]]; then
+  echo "${bad_files}" >&2
+  echo >&2
+  echo "Run ./hack/update-gofmt.sh" >&2
+  exit 1
+fi
diff --git a/hack/verify-golint.sh b/hack/verify-golint.sh
new file mode 100755
index 000000000..db2de0901
--- /dev/null
+++ b/hack/verify-golint.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+find_files() {
+  find . -not \( \
+      \( \
+        -wholename '*/vendor/*' \
+      \) -prune \
+    \) -name '*.go'
+}
+
+bad_files=$(find_files | xargs -I@ bash -c "golint @")
+if [[ -n "${bad_files}" ]]; then
+  echo "${bad_files}"
+  exit 1
+fi
diff --git a/hack/verify-govet.sh b/hack/verify-govet.sh
new file mode 100755
index 000000000..19146be89
--- /dev/null
+++ b/hack/verify-govet.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -x
+
+go vet ./pkg/...
+go vet ./cmd/...
+go vet -tags=test  ./test/...
\ No newline at end of file
diff --git a/http-server/http-server.go b/http-server/http-server.go
new file mode 100644
index 000000000..f5cb6a92a
--- /dev/null
+++ b/http-server/http-server.go
@@ -0,0 +1,92 @@
+package httpserver
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"net/http"
+	"runtime"
+	"time"
+
+	"github.com/packethost/pkg/log"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+)
+
+var (
+	gitRev         = "unknown"
+	gitRevJSON     []byte
+	httpListenAddr = ":42114"
+	startTime      = time.Now()
+	logger         log.Logger
+)
+
+// SetupHTTP setup and return an HTTP server
+func SetupHTTP(ctx context.Context, lg log.Logger, certPEM []byte, modTime time.Time, errCh chan<- error) {
+	logger = lg
+	http.HandleFunc("/cert", func(w http.ResponseWriter, r *http.Request) {
+		http.ServeContent(w, r, "server.pem", modTime, bytes.NewReader(certPEM))
+	})
+	http.Handle("/metrics", promhttp.Handler())
+	setupGitRevJSON()
+	http.HandleFunc("/version", versionHandler)
+	http.HandleFunc("/_packet/healthcheck", healthCheckHandler)
+
+	srv := &http.Server{
+		Addr: httpListenAddr,
+	}
+	go func() {
+		logger.Info("serving http")
+		err := srv.ListenAndServe()
+		if err == http.ErrServerClosed {
+			err = nil
+		}
+		errCh <- err
+	}()
+	go func() {
+		<-ctx.Done()
+		srv.Shutdown(context.Background())
+	}()
+}
+
+func versionHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+	w.Write(gitRevJSON)
+}
+
+func healthCheckHandler(w http.ResponseWriter, r *http.Request) {
+	res := struct {
+		GitRev     string  `json:"git_rev"`
+		Uptime     float64 `json:"uptime"`
+		Goroutines int     `json:"goroutines"`
+	}{
+		GitRev:     gitRev,
+		Uptime:     time.Since(startTime).Seconds(),
+		Goroutines: runtime.NumGoroutine(),
+	}
+
+	b, err := json.Marshal(&res)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.Write(b)
+}
+
+func setupGitRevJSON() {
+	res := struct {
+		GitRev  string `json:"git_rev"`
+		Service string `json:"service_name"`
+	}{
+		GitRev:  gitRev,
+		Service: "tinkerbell",
+	}
+	b, err := json.Marshal(&res)
+	if err != nil {
+		err = errors.Wrap(err, "could not marshal version json")
+		logger.Error(err)
+		panic(err)
+	}
+	gitRevJSON = b
+}
diff --git a/main.go b/main.go
new file mode 100644
index 000000000..4c7620bd0
--- /dev/null
+++ b/main.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/packethost/pkg/log"
+	rpcServer "github.com/packethost/tinkerbell/grpc-server"
+	httpServer "github.com/packethost/tinkerbell/http-server"
+)
+
+var logger log.Logger
+
+func main() {
+	log, cleanup, err := log.Init("github.com/packethost/tinkerbell")
+	if err != nil {
+		panic(err)
+	}
+	logger = log
+	defer cleanup()
+
+	ctx, closer := context.WithCancel(context.Background())
+	errCh := make(chan error, 2)
+	facility := os.Getenv("FACILITY")
+
+	cert, modT := rpcServer.SetupGRPC(ctx, logger, facility, errCh)
+	httpServer.SetupHTTP(ctx, logger, cert, modT, errCh)
+
+	sigs := make(chan os.Signal, 1)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGTERM)
+	select {
+	case err = <-errCh:
+		logger.Error(err)
+		panic(err)
+	case sig := <-sigs:
+		logger.With("signal", sig.String()).Info("signal received, stopping servers")
+	}
+	closer()
+
+	// wait for grpc server to shutdown
+	err = <-errCh
+	if err != nil {
+		logger.Error(err)
+		panic(err)
+	}
+	err = <-errCh
+	if err != nil {
+		logger.Error(err)
+		panic(err)
+	}
+}
diff --git a/metrics/metrics.go b/metrics/metrics.go
new file mode 100644
index 000000000..6f6948f61
--- /dev/null
+++ b/metrics/metrics.go
@@ -0,0 +1,135 @@
+package metrics
+
+import (
+	"github.com/packethost/pkg/log"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
+)
+
+// Prometheus Metrics
+var (
+	CacheDuration prometheus.ObserverVec
+	CacheErrors   *prometheus.CounterVec
+	CacheHits     *prometheus.CounterVec
+	CacheInFlight *prometheus.GaugeVec
+	CacheStalls   *prometheus.CounterVec
+	CacheTotals   *prometheus.CounterVec
+
+	ingestCount    *prometheus.CounterVec
+	ingestErrors   *prometheus.CounterVec
+	ingestDuration *prometheus.GaugeVec
+
+	WatchMissTotal prometheus.Counter
+)
+
+// SetupMetrics sets the defaults for metrics
+func SetupMetrics(facility string, logger log.Logger) {
+	curryLabels := prometheus.Labels{
+		"service":  "tinkerbell",
+		"facility": facility,
+	}
+
+	CacheDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{
+		Name:    "cache_ops_duration_seconds",
+		Help:    "Duration of cache operations",
+		Buckets: prometheus.LinearBuckets(.01, .05, 10),
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	CacheErrors = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "cache_ops_errors_total",
+		Help: "Number of cache errors.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	CacheHits = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "cache_hit_total",
+		Help: "Number of cache hits.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	CacheInFlight = promauto.NewGaugeVec(prometheus.GaugeOpts{
+		Name: "cache_ops_current_total",
+		Help: "Number of in flight cache requests.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	CacheStalls = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "cache_stall_total",
+		Help: "Number of cache stalled due to DB.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	CacheTotals = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "cache_ops_total",
+		Help: "Number of cache ops.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+
+	logger.Info("initializing label values")
+	var labels []prometheus.Labels
+
+	labels = []prometheus.Labels{
+		{"method": "Push", "op": ""},
+		{"method": "Ingest", "op": ""},
+	}
+	initCounterLabels(CacheErrors, labels)
+	initGaugeLabels(CacheInFlight, labels)
+	initCounterLabels(CacheStalls, labels)
+	initCounterLabels(CacheTotals, labels)
+	labels = []prometheus.Labels{
+		{"method": "Push", "op": "insert"},
+		{"method": "Push", "op": "delete"},
+	}
+	initObserverLabels(CacheDuration, labels)
+	initCounterLabels(CacheHits, labels)
+
+	labels = []prometheus.Labels{
+		{"method": "ByMAC", "op": "get"},
+		{"method": "ByIP", "op": "get"},
+		{"method": "ByID", "op": "get"},
+		{"method": "All", "op": "get"},
+		{"method": "Ingest", "op": ""},
+		{"method": "Watch", "op": "get"},
+		{"method": "Watch", "op": "push"},
+	}
+	initCounterLabels(CacheErrors, labels)
+	initGaugeLabels(CacheInFlight, labels)
+	initCounterLabels(CacheStalls, labels)
+	initCounterLabels(CacheTotals, labels)
+	initObserverLabels(CacheDuration, labels)
+	initCounterLabels(CacheHits, labels)
+
+	ingestCount = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "ingest_op_count_total",
+		Help: "Number of attempts made to ingest facility data.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	ingestDuration = promauto.NewGaugeVec(prometheus.GaugeOpts{
+		Name: "ingest_op_duration_seconds",
+		Help: "Duration of successful ingestion actions while attempting to ingest facility data.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	ingestErrors = promauto.NewCounterVec(prometheus.CounterOpts{
+		Name: "ingest_error_count_total",
+		Help: "Number of errors occurred attempting to ingest facility data.",
+	}, []string{"service", "facility", "method", "op"}).MustCurryWith(curryLabels)
+	labels = []prometheus.Labels{
+		{"method": "Ingest", "op": ""},
+		{"method": "Ingest", "op": "fetch"},
+		{"method": "Ingest", "op": "copy"},
+	}
+	initCounterLabels(ingestCount, labels)
+	initGaugeLabels(ingestDuration, labels)
+	initCounterLabels(ingestErrors, labels)
+
+	WatchMissTotal = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "watch_miss_count_total",
+		Help: "Number of missed updates due to a blocked channel.",
+	})
+}
+
+func initObserverLabels(m prometheus.ObserverVec, l []prometheus.Labels) {
+	for _, labels := range l {
+		m.With(labels)
+	}
+}
+
+func initGaugeLabels(m *prometheus.GaugeVec, l []prometheus.Labels) {
+	for _, labels := range l {
+		m.With(labels)
+	}
+}
+
+func initCounterLabels(m *prometheus.CounterVec, l []prometheus.Labels) {
+	for _, labels := range l {
+		m.With(labels)
+	}
+}
diff --git a/protos/.gitkeep b/protos/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/protos/hardware/hardware.pb.go b/protos/hardware/hardware.pb.go
new file mode 100644
index 000000000..887123e1b
--- /dev/null
+++ b/protos/hardware/hardware.pb.go
@@ -0,0 +1,573 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: protos/hardware/hardware.proto
+
+package hardware
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type PushRequest struct {
+	Data                 string   `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PushRequest) Reset()         { *m = PushRequest{} }
+func (m *PushRequest) String() string { return proto.CompactTextString(m) }
+func (*PushRequest) ProtoMessage()    {}
+func (*PushRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ad4df2c422b77a34, []int{0}
+}
+
+func (m *PushRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PushRequest.Unmarshal(m, b)
+}
+func (m *PushRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PushRequest.Marshal(b, m, deterministic)
+}
+func (m *PushRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PushRequest.Merge(m, src)
+}
+func (m *PushRequest) XXX_Size() int {
+	return xxx_messageInfo_PushRequest.Size(m)
+}
+func (m *PushRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PushRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PushRequest proto.InternalMessageInfo
+
+func (m *PushRequest) GetData() string {
+	if m != nil {
+		return m.Data
+	}
+	return ""
+}
+
+type Empty struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Empty) Reset()         { *m = Empty{} }
+func (m *Empty) String() string { return proto.CompactTextString(m) }
+func (*Empty) ProtoMessage()    {}
+func (*Empty) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ad4df2c422b77a34, []int{1}
+}
+
+func (m *Empty) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Empty.Unmarshal(m, b)
+}
+func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
+}
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
+}
+func (m *Empty) XXX_Size() int {
+	return xxx_messageInfo_Empty.Size(m)
+}
+func (m *Empty) XXX_DiscardUnknown() {
+	xxx_messageInfo_Empty.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Empty proto.InternalMessageInfo
+
+type GetRequest struct {
+	MAC                  string   `protobuf:"bytes,1,opt,name=MAC,proto3" json:"MAC,omitempty"`
+	IP                   string   `protobuf:"bytes,2,opt,name=IP,proto3" json:"IP,omitempty"`
+	ID                   string   `protobuf:"bytes,3,opt,name=ID,proto3" json:"ID,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetRequest) Reset()         { *m = GetRequest{} }
+func (m *GetRequest) String() string { return proto.CompactTextString(m) }
+func (*GetRequest) ProtoMessage()    {}
+func (*GetRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ad4df2c422b77a34, []int{2}
+}
+
+func (m *GetRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetRequest.Unmarshal(m, b)
+}
+func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
+}
+func (m *GetRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRequest.Merge(m, src)
+}
+func (m *GetRequest) XXX_Size() int {
+	return xxx_messageInfo_GetRequest.Size(m)
+}
+func (m *GetRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRequest proto.InternalMessageInfo
+
+func (m *GetRequest) GetMAC() string {
+	if m != nil {
+		return m.MAC
+	}
+	return ""
+}
+
+func (m *GetRequest) GetIP() string {
+	if m != nil {
+		return m.IP
+	}
+	return ""
+}
+
+func (m *GetRequest) GetID() string {
+	if m != nil {
+		return m.ID
+	}
+	return ""
+}
+
+type Hardware struct {
+	JSON                 string   `protobuf:"bytes,1,opt,name=JSON,proto3" json:"JSON,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Hardware) Reset()         { *m = Hardware{} }
+func (m *Hardware) String() string { return proto.CompactTextString(m) }
+func (*Hardware) ProtoMessage()    {}
+func (*Hardware) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ad4df2c422b77a34, []int{3}
+}
+
+func (m *Hardware) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Hardware.Unmarshal(m, b)
+}
+func (m *Hardware) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Hardware.Marshal(b, m, deterministic)
+}
+func (m *Hardware) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Hardware.Merge(m, src)
+}
+func (m *Hardware) XXX_Size() int {
+	return xxx_messageInfo_Hardware.Size(m)
+}
+func (m *Hardware) XXX_DiscardUnknown() {
+	xxx_messageInfo_Hardware.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Hardware proto.InternalMessageInfo
+
+func (m *Hardware) GetJSON() string {
+	if m != nil {
+		return m.JSON
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*PushRequest)(nil), "github.com.packethost.tinkerbell.protos.hardware.PushRequest")
+	proto.RegisterType((*Empty)(nil), "github.com.packethost.tinkerbell.protos.hardware.Empty")
+	proto.RegisterType((*GetRequest)(nil), "github.com.packethost.tinkerbell.protos.hardware.GetRequest")
+	proto.RegisterType((*Hardware)(nil), "github.com.packethost.tinkerbell.protos.hardware.Hardware")
+}
+
+func init() { proto.RegisterFile("protos/hardware/hardware.proto", fileDescriptor_ad4df2c422b77a34) }
+
+var fileDescriptor_ad4df2c422b77a34 = []byte{
+	// 309 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x54, 0x4d, 0x4b, 0xc3, 0x40,
+	0x10, 0x25, 0x9f, 0xea, 0x08, 0x2a, 0x7b, 0x0a, 0x3d, 0x14, 0xcd, 0x49, 0x10, 0x37, 0xa5, 0x22,
+	0x7a, 0x12, 0x1a, 0x23, 0x1a, 0x41, 0x0d, 0xed, 0x41, 0xf0, 0xb6, 0x4d, 0x97, 0xa6, 0xd8, 0x9a,
+	0xb8, 0xbb, 0x49, 0xc9, 0xcf, 0xf4, 0x1f, 0xc9, 0xae, 0x49, 0x5b, 0xbc, 0x25, 0x87, 0xf6, 0xf6,
+	0x66, 0xf2, 0x1e, 0x2f, 0x6f, 0x76, 0x18, 0xe8, 0x66, 0x2c, 0x15, 0x29, 0xf7, 0x12, 0xc2, 0x26,
+	0x4b, 0xc2, 0xe8, 0x0a, 0x60, 0xf5, 0x01, 0x5d, 0x4c, 0x67, 0x22, 0xc9, 0xc7, 0x38, 0x4e, 0x17,
+	0x38, 0x23, 0xf1, 0x27, 0x15, 0x49, 0xca, 0x05, 0x66, 0x69, 0x41, 0xd9, 0x1f, 0x85, 0xe3, 0x5a,
+	0xe2, 0x9e, 0xc1, 0x61, 0x94, 0xf3, 0x64, 0x48, 0xbf, 0x73, 0xca, 0x05, 0x42, 0x60, 0x4e, 0x88,
+	0x20, 0x8e, 0x76, 0xaa, 0x9d, 0x1f, 0x0c, 0x15, 0x76, 0xf7, 0xc0, 0x7a, 0x58, 0x64, 0xa2, 0x74,
+	0xef, 0x00, 0x1e, 0xa9, 0xa8, 0xa9, 0x27, 0x60, 0xbc, 0x0c, 0xee, 0x2b, 0xa6, 0x84, 0xe8, 0x08,
+	0xf4, 0x30, 0x72, 0x74, 0xd5, 0xd0, 0xc3, 0x48, 0xd5, 0x81, 0x63, 0x54, 0x75, 0xe0, 0x76, 0x61,
+	0xff, 0xa9, 0xf2, 0x95, 0x46, 0xcf, 0xa3, 0xb7, 0xd7, 0xda, 0x48, 0xe2, 0xfe, 0x8f, 0x0d, 0xc7,
+	0x35, 0x61, 0x44, 0x59, 0x31, 0x8b, 0x29, 0x12, 0x60, 0xca, 0xff, 0x43, 0xb7, 0xb8, 0x41, 0x2a,
+	0xbc, 0x11, 0xa9, 0xd3, 0x6f, 0xa4, 0x54, 0x49, 0xd1, 0x12, 0x2c, 0xbf, 0x94, 0x91, 0x6e, 0x1a,
+	0x89, 0xd7, 0xd3, 0xe9, 0x5c, 0x37, 0x12, 0xae, 0xc6, 0x52, 0x80, 0xe9, 0x97, 0x61, 0xb4, 0x23,
+	0xdf, 0x60, 0xeb, 0xbe, 0x0c, 0x8c, 0xc1, 0x7c, 0x8e, 0x5a, 0xbc, 0x51, 0x4b, 0xc7, 0x9e, 0x86,
+	0x32, 0xb0, 0xc3, 0xaf, 0xa9, 0x5c, 0xe1, 0x36, 0xb6, 0x6d, 0xd6, 0xa9, 0x04, 0xeb, 0x9d, 0x88,
+	0x38, 0xd9, 0xf6, 0x78, 0x7b, 0x9a, 0x7f, 0xf9, 0xb1, 0x71, 0x0e, 0xbc, 0xb5, 0xd2, 0x53, 0x4a,
+	0xef, 0xdf, 0x29, 0x19, 0xdb, 0xaa, 0x71, 0xf5, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xdf, 0x1a, 0x71,
+	0x76, 0x64, 0x04, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// HardwareServiceClient is the client API for HardwareService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type HardwareServiceClient interface {
+	Push(ctx context.Context, in *PushRequest, opts ...grpc.CallOption) (*Empty, error)
+	ByMAC(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error)
+	ByIP(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error)
+	ByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error)
+	All(ctx context.Context, in *Empty, opts ...grpc.CallOption) (HardwareService_AllClient, error)
+	Ingest(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error)
+	Watch(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (HardwareService_WatchClient, error)
+}
+
+type hardwareServiceClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewHardwareServiceClient(cc *grpc.ClientConn) HardwareServiceClient {
+	return &hardwareServiceClient{cc}
+}
+
+func (c *hardwareServiceClient) Push(ctx context.Context, in *PushRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/Push", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hardwareServiceClient) ByMAC(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error) {
+	out := new(Hardware)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByMAC", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hardwareServiceClient) ByIP(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error) {
+	out := new(Hardware)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByIP", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hardwareServiceClient) ByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Hardware, error) {
+	out := new(Hardware)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByID", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hardwareServiceClient) All(ctx context.Context, in *Empty, opts ...grpc.CallOption) (HardwareService_AllClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_HardwareService_serviceDesc.Streams[0], "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/All", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &hardwareServiceAllClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type HardwareService_AllClient interface {
+	Recv() (*Hardware, error)
+	grpc.ClientStream
+}
+
+type hardwareServiceAllClient struct {
+	grpc.ClientStream
+}
+
+func (x *hardwareServiceAllClient) Recv() (*Hardware, error) {
+	m := new(Hardware)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *hardwareServiceClient) Ingest(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/Ingest", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hardwareServiceClient) Watch(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (HardwareService_WatchClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_HardwareService_serviceDesc.Streams[1], "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/Watch", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &hardwareServiceWatchClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type HardwareService_WatchClient interface {
+	Recv() (*Hardware, error)
+	grpc.ClientStream
+}
+
+type hardwareServiceWatchClient struct {
+	grpc.ClientStream
+}
+
+func (x *hardwareServiceWatchClient) Recv() (*Hardware, error) {
+	m := new(Hardware)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// HardwareServiceServer is the server API for HardwareService service.
+type HardwareServiceServer interface {
+	Push(context.Context, *PushRequest) (*Empty, error)
+	ByMAC(context.Context, *GetRequest) (*Hardware, error)
+	ByIP(context.Context, *GetRequest) (*Hardware, error)
+	ByID(context.Context, *GetRequest) (*Hardware, error)
+	All(*Empty, HardwareService_AllServer) error
+	Ingest(context.Context, *Empty) (*Empty, error)
+	Watch(*GetRequest, HardwareService_WatchServer) error
+}
+
+// UnimplementedHardwareServiceServer can be embedded to have forward compatible implementations.
+type UnimplementedHardwareServiceServer struct {
+}
+
+func (*UnimplementedHardwareServiceServer) Push(ctx context.Context, req *PushRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Push not implemented")
+}
+func (*UnimplementedHardwareServiceServer) ByMAC(ctx context.Context, req *GetRequest) (*Hardware, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ByMAC not implemented")
+}
+func (*UnimplementedHardwareServiceServer) ByIP(ctx context.Context, req *GetRequest) (*Hardware, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ByIP not implemented")
+}
+func (*UnimplementedHardwareServiceServer) ByID(ctx context.Context, req *GetRequest) (*Hardware, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ByID not implemented")
+}
+func (*UnimplementedHardwareServiceServer) All(req *Empty, srv HardwareService_AllServer) error {
+	return status.Errorf(codes.Unimplemented, "method All not implemented")
+}
+func (*UnimplementedHardwareServiceServer) Ingest(ctx context.Context, req *Empty) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Ingest not implemented")
+}
+func (*UnimplementedHardwareServiceServer) Watch(req *GetRequest, srv HardwareService_WatchServer) error {
+	return status.Errorf(codes.Unimplemented, "method Watch not implemented")
+}
+
+func RegisterHardwareServiceServer(s *grpc.Server, srv HardwareServiceServer) {
+	s.RegisterService(&_HardwareService_serviceDesc, srv)
+}
+
+func _HardwareService_Push_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(PushRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HardwareServiceServer).Push(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/Push",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HardwareServiceServer).Push(ctx, req.(*PushRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HardwareService_ByMAC_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HardwareServiceServer).ByMAC(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByMAC",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HardwareServiceServer).ByMAC(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HardwareService_ByIP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HardwareServiceServer).ByIP(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByIP",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HardwareServiceServer).ByIP(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HardwareService_ByID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HardwareServiceServer).ByID(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/ByID",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HardwareServiceServer).ByID(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HardwareService_All_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(Empty)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(HardwareServiceServer).All(m, &hardwareServiceAllServer{stream})
+}
+
+type HardwareService_AllServer interface {
+	Send(*Hardware) error
+	grpc.ServerStream
+}
+
+type hardwareServiceAllServer struct {
+	grpc.ServerStream
+}
+
+func (x *hardwareServiceAllServer) Send(m *Hardware) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _HardwareService_Ingest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Empty)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HardwareServiceServer).Ingest(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.hardware.HardwareService/Ingest",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HardwareServiceServer).Ingest(ctx, req.(*Empty))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HardwareService_Watch_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(GetRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(HardwareServiceServer).Watch(m, &hardwareServiceWatchServer{stream})
+}
+
+type HardwareService_WatchServer interface {
+	Send(*Hardware) error
+	grpc.ServerStream
+}
+
+type hardwareServiceWatchServer struct {
+	grpc.ServerStream
+}
+
+func (x *hardwareServiceWatchServer) Send(m *Hardware) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+var _HardwareService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "github.com.packethost.tinkerbell.protos.hardware.HardwareService",
+	HandlerType: (*HardwareServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Push",
+			Handler:    _HardwareService_Push_Handler,
+		},
+		{
+			MethodName: "ByMAC",
+			Handler:    _HardwareService_ByMAC_Handler,
+		},
+		{
+			MethodName: "ByIP",
+			Handler:    _HardwareService_ByIP_Handler,
+		},
+		{
+			MethodName: "ByID",
+			Handler:    _HardwareService_ByID_Handler,
+		},
+		{
+			MethodName: "Ingest",
+			Handler:    _HardwareService_Ingest_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "All",
+			Handler:       _HardwareService_All_Handler,
+			ServerStreams: true,
+		},
+		{
+			StreamName:    "Watch",
+			Handler:       _HardwareService_Watch_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "protos/hardware/hardware.proto",
+}
diff --git a/protos/hardware/hardware.proto b/protos/hardware/hardware.proto
new file mode 100644
index 000000000..a36d774cb
--- /dev/null
+++ b/protos/hardware/hardware.proto
@@ -0,0 +1,32 @@
+syntax = "proto3";
+
+option go_package = "github.com/packethost/tinkerbell/protos/hardware";
+
+package github.com.packethost.tinkerbell.protos.hardware;
+
+service HardwareService {
+	rpc Push (PushRequest) returns (Empty);
+	rpc ByMAC(GetRequest) returns (Hardware);
+	rpc ByIP(GetRequest) returns (Hardware);
+	rpc ByID(GetRequest) returns (Hardware);
+	rpc All(Empty) returns (stream Hardware);
+	rpc Ingest(Empty) returns (Empty);
+	rpc Watch(GetRequest) returns (stream Hardware);
+}
+
+message PushRequest {
+	string data = 1;
+}
+
+message Empty {
+}
+
+message GetRequest {
+	string MAC = 1;
+	string IP = 2;
+	string ID = 3;
+}
+
+message Hardware {
+	string JSON = 1;
+}
diff --git a/protos/target/target.pb.go b/protos/target/target.pb.go
new file mode 100644
index 000000000..22261406e
--- /dev/null
+++ b/protos/target/target.pb.go
@@ -0,0 +1,595 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: protos/target/target.proto
+
+package target
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type PushRequest struct {
+	Data                 string   `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PushRequest) Reset()         { *m = PushRequest{} }
+func (m *PushRequest) String() string { return proto.CompactTextString(m) }
+func (*PushRequest) ProtoMessage()    {}
+func (*PushRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{0}
+}
+
+func (m *PushRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PushRequest.Unmarshal(m, b)
+}
+func (m *PushRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PushRequest.Marshal(b, m, deterministic)
+}
+func (m *PushRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PushRequest.Merge(m, src)
+}
+func (m *PushRequest) XXX_Size() int {
+	return xxx_messageInfo_PushRequest.Size(m)
+}
+func (m *PushRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PushRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PushRequest proto.InternalMessageInfo
+
+func (m *PushRequest) GetData() string {
+	if m != nil {
+		return m.Data
+	}
+	return ""
+}
+
+type GetRequest struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetRequest) Reset()         { *m = GetRequest{} }
+func (m *GetRequest) String() string { return proto.CompactTextString(m) }
+func (*GetRequest) ProtoMessage()    {}
+func (*GetRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{1}
+}
+
+func (m *GetRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetRequest.Unmarshal(m, b)
+}
+func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
+}
+func (m *GetRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRequest.Merge(m, src)
+}
+func (m *GetRequest) XXX_Size() int {
+	return xxx_messageInfo_GetRequest.Size(m)
+}
+func (m *GetRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRequest proto.InternalMessageInfo
+
+func (m *GetRequest) GetID() string {
+	if m != nil {
+		return m.ID
+	}
+	return ""
+}
+
+type UpdateRequest struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Data                 string   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UpdateRequest) Reset()         { *m = UpdateRequest{} }
+func (m *UpdateRequest) String() string { return proto.CompactTextString(m) }
+func (*UpdateRequest) ProtoMessage()    {}
+func (*UpdateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{2}
+}
+
+func (m *UpdateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UpdateRequest.Unmarshal(m, b)
+}
+func (m *UpdateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UpdateRequest.Marshal(b, m, deterministic)
+}
+func (m *UpdateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateRequest.Merge(m, src)
+}
+func (m *UpdateRequest) XXX_Size() int {
+	return xxx_messageInfo_UpdateRequest.Size(m)
+}
+func (m *UpdateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateRequest proto.InternalMessageInfo
+
+func (m *UpdateRequest) GetID() string {
+	if m != nil {
+		return m.ID
+	}
+	return ""
+}
+
+func (m *UpdateRequest) GetData() string {
+	if m != nil {
+		return m.Data
+	}
+	return ""
+}
+
+type UUID struct {
+	Uuid                 string   `protobuf:"bytes,1,opt,name=uuid,proto3" json:"uuid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UUID) Reset()         { *m = UUID{} }
+func (m *UUID) String() string { return proto.CompactTextString(m) }
+func (*UUID) ProtoMessage()    {}
+func (*UUID) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{3}
+}
+
+func (m *UUID) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UUID.Unmarshal(m, b)
+}
+func (m *UUID) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UUID.Marshal(b, m, deterministic)
+}
+func (m *UUID) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UUID.Merge(m, src)
+}
+func (m *UUID) XXX_Size() int {
+	return xxx_messageInfo_UUID.Size(m)
+}
+func (m *UUID) XXX_DiscardUnknown() {
+	xxx_messageInfo_UUID.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UUID proto.InternalMessageInfo
+
+func (m *UUID) GetUuid() string {
+	if m != nil {
+		return m.Uuid
+	}
+	return ""
+}
+
+type Empty struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Empty) Reset()         { *m = Empty{} }
+func (m *Empty) String() string { return proto.CompactTextString(m) }
+func (*Empty) ProtoMessage()    {}
+func (*Empty) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{4}
+}
+
+func (m *Empty) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Empty.Unmarshal(m, b)
+}
+func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
+}
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
+}
+func (m *Empty) XXX_Size() int {
+	return xxx_messageInfo_Empty.Size(m)
+}
+func (m *Empty) XXX_DiscardUnknown() {
+	xxx_messageInfo_Empty.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Empty proto.InternalMessageInfo
+
+type Targets struct {
+	JSON                 string   `protobuf:"bytes,1,opt,name=JSON,proto3" json:"JSON,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Targets) Reset()         { *m = Targets{} }
+func (m *Targets) String() string { return proto.CompactTextString(m) }
+func (*Targets) ProtoMessage()    {}
+func (*Targets) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{5}
+}
+
+func (m *Targets) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Targets.Unmarshal(m, b)
+}
+func (m *Targets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Targets.Marshal(b, m, deterministic)
+}
+func (m *Targets) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Targets.Merge(m, src)
+}
+func (m *Targets) XXX_Size() int {
+	return xxx_messageInfo_Targets.Size(m)
+}
+func (m *Targets) XXX_DiscardUnknown() {
+	xxx_messageInfo_Targets.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Targets proto.InternalMessageInfo
+
+func (m *Targets) GetJSON() string {
+	if m != nil {
+		return m.JSON
+	}
+	return ""
+}
+
+type TargetList struct {
+	ID                   string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Data                 string   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *TargetList) Reset()         { *m = TargetList{} }
+func (m *TargetList) String() string { return proto.CompactTextString(m) }
+func (*TargetList) ProtoMessage()    {}
+func (*TargetList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_1c9a68d06d9471ac, []int{6}
+}
+
+func (m *TargetList) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_TargetList.Unmarshal(m, b)
+}
+func (m *TargetList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_TargetList.Marshal(b, m, deterministic)
+}
+func (m *TargetList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TargetList.Merge(m, src)
+}
+func (m *TargetList) XXX_Size() int {
+	return xxx_messageInfo_TargetList.Size(m)
+}
+func (m *TargetList) XXX_DiscardUnknown() {
+	xxx_messageInfo_TargetList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TargetList proto.InternalMessageInfo
+
+func (m *TargetList) GetID() string {
+	if m != nil {
+		return m.ID
+	}
+	return ""
+}
+
+func (m *TargetList) GetData() string {
+	if m != nil {
+		return m.Data
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*PushRequest)(nil), "github.com.packethost.tinkerbell.protos.target.PushRequest")
+	proto.RegisterType((*GetRequest)(nil), "github.com.packethost.tinkerbell.protos.target.GetRequest")
+	proto.RegisterType((*UpdateRequest)(nil), "github.com.packethost.tinkerbell.protos.target.UpdateRequest")
+	proto.RegisterType((*UUID)(nil), "github.com.packethost.tinkerbell.protos.target.UUID")
+	proto.RegisterType((*Empty)(nil), "github.com.packethost.tinkerbell.protos.target.Empty")
+	proto.RegisterType((*Targets)(nil), "github.com.packethost.tinkerbell.protos.target.Targets")
+	proto.RegisterType((*TargetList)(nil), "github.com.packethost.tinkerbell.protos.target.TargetList")
+}
+
+func init() { proto.RegisterFile("protos/target/target.proto", fileDescriptor_1c9a68d06d9471ac) }
+
+var fileDescriptor_1c9a68d06d9471ac = []byte{
+	// 325 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x53, 0xc1, 0x4a, 0xc3, 0x40,
+	0x10, 0xa5, 0xa5, 0xb6, 0x38, 0xa5, 0x52, 0xf6, 0x24, 0x8b, 0x82, 0xee, 0x49, 0x11, 0x36, 0xa5,
+	0xa5, 0xe2, 0xb9, 0x46, 0x24, 0x22, 0x2a, 0xd5, 0x5c, 0xbc, 0x6d, 0x9b, 0xa5, 0x09, 0x5a, 0x12,
+	0xb3, 0x13, 0x6d, 0x11, 0xfc, 0x68, 0xbf, 0x40, 0xb2, 0xdb, 0xb5, 0xe9, 0x41, 0xe8, 0x7a, 0xca,
+	0x24, 0xf3, 0xde, 0xbc, 0x99, 0x79, 0x19, 0xa0, 0x59, 0x9e, 0x62, 0xaa, 0x3c, 0x14, 0xf9, 0x4c,
+	0xe2, 0xea, 0xc1, 0xf5, 0x47, 0x72, 0x3a, 0x4b, 0x30, 0x2e, 0x26, 0x7c, 0x9a, 0xce, 0x79, 0x26,
+	0xa6, 0x2f, 0x12, 0xe3, 0x54, 0x21, 0xcf, 0xd3, 0x77, 0x99, 0x1b, 0x88, 0xe2, 0x86, 0xc0, 0x8e,
+	0xa1, 0xfd, 0x50, 0xa8, 0x78, 0x2c, 0xdf, 0x0a, 0xa9, 0x90, 0x10, 0x68, 0x44, 0x02, 0xc5, 0x7e,
+	0xed, 0xa8, 0x76, 0xb2, 0x3b, 0xd6, 0x31, 0x3b, 0x00, 0xb8, 0x96, 0x68, 0x11, 0x7b, 0x50, 0x0f,
+	0xfc, 0x55, 0xbe, 0x1e, 0xf8, 0x6c, 0x00, 0x9d, 0x30, 0x8b, 0x04, 0xca, 0x3f, 0x00, 0xbf, 0x25,
+	0xeb, 0x95, 0x92, 0x14, 0x1a, 0x61, 0x68, 0x72, 0x45, 0x91, 0x44, 0x56, 0xae, 0x8c, 0x59, 0x0b,
+	0x76, 0xae, 0xe6, 0x19, 0x2e, 0xd9, 0x21, 0xb4, 0x9e, 0x74, 0x93, 0xaa, 0xc4, 0xdd, 0x3c, 0xde,
+	0xdf, 0x59, 0x5c, 0x19, 0xb3, 0x1e, 0x80, 0x49, 0xdf, 0x26, 0xdb, 0xa9, 0xf6, 0xbf, 0x1b, 0xd0,
+	0x34, 0x14, 0xb2, 0x80, 0xce, 0x65, 0x2e, 0x05, 0x4a, 0xab, 0x70, 0xce, 0xb7, 0xde, 0x19, 0xaf,
+	0x2c, 0x8c, 0x7a, 0x0e, 0x3c, 0x3d, 0xf2, 0x87, 0x6d, 0x7b, 0xb4, 0x0c, 0x7c, 0x32, 0x74, 0xa0,
+	0xaf, 0x4d, 0xa0, 0x7d, 0x07, 0x9a, 0x9d, 0xf0, 0x0b, 0xba, 0xc6, 0xa8, 0x8a, 0xfc, 0x85, 0x4b,
+	0xf7, 0x55, 0x97, 0x69, 0xcf, 0x81, 0xa9, 0xed, 0x24, 0x9f, 0xd0, 0xf5, 0xe5, 0xab, 0xdc, 0xd0,
+	0xff, 0xe7, 0xf8, 0xee, 0xe2, 0x0b, 0x68, 0x97, 0xbf, 0x89, 0xdd, 0x85, 0x73, 0x01, 0x3a, 0x74,
+	0xde, 0x78, 0xa9, 0xd7, 0xab, 0x8d, 0xce, 0x9e, 0x2b, 0xd7, 0xe8, 0xad, 0x99, 0x9e, 0x66, 0x7a,
+	0x1b, 0x57, 0x3c, 0x69, 0xea, 0xd7, 0xc1, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x03, 0x72, 0x01,
+	0x7d, 0xdd, 0x03, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// TargetClient is the client API for Target service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type TargetClient interface {
+	CreateTargets(ctx context.Context, in *PushRequest, opts ...grpc.CallOption) (*UUID, error)
+	TargetByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Targets, error)
+	UpdateTargetByID(ctx context.Context, in *UpdateRequest, opts ...grpc.CallOption) (*Empty, error)
+	DeleteTargetByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error)
+	ListTargets(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Target_ListTargetsClient, error)
+}
+
+type targetClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewTargetClient(cc *grpc.ClientConn) TargetClient {
+	return &targetClient{cc}
+}
+
+func (c *targetClient) CreateTargets(ctx context.Context, in *PushRequest, opts ...grpc.CallOption) (*UUID, error) {
+	out := new(UUID)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.target.Target/CreateTargets", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *targetClient) TargetByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Targets, error) {
+	out := new(Targets)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.target.Target/TargetByID", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *targetClient) UpdateTargetByID(ctx context.Context, in *UpdateRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.target.Target/UpdateTargetByID", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *targetClient) DeleteTargetByID(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.target.Target/DeleteTargetByID", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *targetClient) ListTargets(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Target_ListTargetsClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_Target_serviceDesc.Streams[0], "/github.com.packethost.tinkerbell.protos.target.Target/ListTargets", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &targetListTargetsClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type Target_ListTargetsClient interface {
+	Recv() (*TargetList, error)
+	grpc.ClientStream
+}
+
+type targetListTargetsClient struct {
+	grpc.ClientStream
+}
+
+func (x *targetListTargetsClient) Recv() (*TargetList, error) {
+	m := new(TargetList)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// TargetServer is the server API for Target service.
+type TargetServer interface {
+	CreateTargets(context.Context, *PushRequest) (*UUID, error)
+	TargetByID(context.Context, *GetRequest) (*Targets, error)
+	UpdateTargetByID(context.Context, *UpdateRequest) (*Empty, error)
+	DeleteTargetByID(context.Context, *GetRequest) (*Empty, error)
+	ListTargets(*Empty, Target_ListTargetsServer) error
+}
+
+// UnimplementedTargetServer can be embedded to have forward compatible implementations.
+type UnimplementedTargetServer struct {
+}
+
+func (*UnimplementedTargetServer) CreateTargets(ctx context.Context, req *PushRequest) (*UUID, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateTargets not implemented")
+}
+func (*UnimplementedTargetServer) TargetByID(ctx context.Context, req *GetRequest) (*Targets, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method TargetByID not implemented")
+}
+func (*UnimplementedTargetServer) UpdateTargetByID(ctx context.Context, req *UpdateRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateTargetByID not implemented")
+}
+func (*UnimplementedTargetServer) DeleteTargetByID(ctx context.Context, req *GetRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteTargetByID not implemented")
+}
+func (*UnimplementedTargetServer) ListTargets(req *Empty, srv Target_ListTargetsServer) error {
+	return status.Errorf(codes.Unimplemented, "method ListTargets not implemented")
+}
+
+func RegisterTargetServer(s *grpc.Server, srv TargetServer) {
+	s.RegisterService(&_Target_serviceDesc, srv)
+}
+
+func _Target_CreateTargets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(PushRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TargetServer).CreateTargets(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.target.Target/CreateTargets",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TargetServer).CreateTargets(ctx, req.(*PushRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Target_TargetByID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TargetServer).TargetByID(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.target.Target/TargetByID",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TargetServer).TargetByID(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Target_UpdateTargetByID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TargetServer).UpdateTargetByID(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.target.Target/UpdateTargetByID",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TargetServer).UpdateTargetByID(ctx, req.(*UpdateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Target_DeleteTargetByID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TargetServer).DeleteTargetByID(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.target.Target/DeleteTargetByID",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TargetServer).DeleteTargetByID(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Target_ListTargets_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(Empty)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(TargetServer).ListTargets(m, &targetListTargetsServer{stream})
+}
+
+type Target_ListTargetsServer interface {
+	Send(*TargetList) error
+	grpc.ServerStream
+}
+
+type targetListTargetsServer struct {
+	grpc.ServerStream
+}
+
+func (x *targetListTargetsServer) Send(m *TargetList) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+var _Target_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "github.com.packethost.tinkerbell.protos.target.Target",
+	HandlerType: (*TargetServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateTargets",
+			Handler:    _Target_CreateTargets_Handler,
+		},
+		{
+			MethodName: "TargetByID",
+			Handler:    _Target_TargetByID_Handler,
+		},
+		{
+			MethodName: "UpdateTargetByID",
+			Handler:    _Target_UpdateTargetByID_Handler,
+		},
+		{
+			MethodName: "DeleteTargetByID",
+			Handler:    _Target_DeleteTargetByID_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "ListTargets",
+			Handler:       _Target_ListTargets_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "protos/target/target.proto",
+}
diff --git a/protos/target/target.proto b/protos/target/target.proto
new file mode 100644
index 000000000..6b150562a
--- /dev/null
+++ b/protos/target/target.proto
@@ -0,0 +1,42 @@
+syntax = "proto3";
+
+option go_package = "github.com/packethost/tinkerbell/protos/target";
+
+package github.com.packethost.tinkerbell.protos.target;
+
+service Target {
+	rpc CreateTargets(PushRequest) returns (UUID);
+	rpc TargetByID(GetRequest) returns (Targets);
+    rpc UpdateTargetByID(UpdateRequest) returns (Empty);
+	rpc DeleteTargetByID(GetRequest) returns (Empty);
+	rpc ListTargets(Empty) returns (stream TargetList);
+}
+
+message PushRequest {
+	string data = 1;
+}
+
+message GetRequest {
+	string ID = 1;
+}
+
+message UpdateRequest {
+	string ID = 1;
+	string data = 2;
+}
+
+message UUID {
+	string uuid = 1;
+}
+
+message Empty {
+}
+
+message Targets {
+	string JSON = 1;
+}
+
+message TargetList {
+	string ID = 1;
+	string data = 2;
+}
diff --git a/protos/template/template.pb.go b/protos/template/template.pb.go
new file mode 100644
index 000000000..effa15725
--- /dev/null
+++ b/protos/template/template.pb.go
@@ -0,0 +1,503 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: protos/template/template.proto
+
+package template
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type Empty struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Empty) Reset()         { *m = Empty{} }
+func (m *Empty) String() string { return proto.CompactTextString(m) }
+func (*Empty) ProtoMessage()    {}
+func (*Empty) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4fad5d825b213b31, []int{0}
+}
+
+func (m *Empty) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Empty.Unmarshal(m, b)
+}
+func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
+}
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
+}
+func (m *Empty) XXX_Size() int {
+	return xxx_messageInfo_Empty.Size(m)
+}
+func (m *Empty) XXX_DiscardUnknown() {
+	xxx_messageInfo_Empty.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Empty proto.InternalMessageInfo
+
+type WorkflowTemplate struct {
+	Id                   string               `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name                 string               `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Data                 []byte               `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
+	CreatedAt            *timestamp.Timestamp `protobuf:"bytes,4,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
+	UpdatedAt            *timestamp.Timestamp `protobuf:"bytes,5,opt,name=updatedAt,proto3" json:"updatedAt,omitempty"`
+	DeletedAt            *timestamp.Timestamp `protobuf:"bytes,6,opt,name=deletedAt,proto3" json:"deletedAt,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *WorkflowTemplate) Reset()         { *m = WorkflowTemplate{} }
+func (m *WorkflowTemplate) String() string { return proto.CompactTextString(m) }
+func (*WorkflowTemplate) ProtoMessage()    {}
+func (*WorkflowTemplate) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4fad5d825b213b31, []int{1}
+}
+
+func (m *WorkflowTemplate) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowTemplate.Unmarshal(m, b)
+}
+func (m *WorkflowTemplate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowTemplate.Marshal(b, m, deterministic)
+}
+func (m *WorkflowTemplate) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowTemplate.Merge(m, src)
+}
+func (m *WorkflowTemplate) XXX_Size() int {
+	return xxx_messageInfo_WorkflowTemplate.Size(m)
+}
+func (m *WorkflowTemplate) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowTemplate.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowTemplate proto.InternalMessageInfo
+
+func (m *WorkflowTemplate) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *WorkflowTemplate) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *WorkflowTemplate) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func (m *WorkflowTemplate) GetCreatedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreatedAt
+	}
+	return nil
+}
+
+func (m *WorkflowTemplate) GetUpdatedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.UpdatedAt
+	}
+	return nil
+}
+
+func (m *WorkflowTemplate) GetDeletedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.DeletedAt
+	}
+	return nil
+}
+
+type CreateResponse struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
+func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
+func (*CreateResponse) ProtoMessage()    {}
+func (*CreateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4fad5d825b213b31, []int{2}
+}
+
+func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
+}
+func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
+}
+func (m *CreateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResponse.Merge(m, src)
+}
+func (m *CreateResponse) XXX_Size() int {
+	return xxx_messageInfo_CreateResponse.Size(m)
+}
+func (m *CreateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
+
+func (m *CreateResponse) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+type GetRequest struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetRequest) Reset()         { *m = GetRequest{} }
+func (m *GetRequest) String() string { return proto.CompactTextString(m) }
+func (*GetRequest) ProtoMessage()    {}
+func (*GetRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_4fad5d825b213b31, []int{3}
+}
+
+func (m *GetRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetRequest.Unmarshal(m, b)
+}
+func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
+}
+func (m *GetRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRequest.Merge(m, src)
+}
+func (m *GetRequest) XXX_Size() int {
+	return xxx_messageInfo_GetRequest.Size(m)
+}
+func (m *GetRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRequest proto.InternalMessageInfo
+
+func (m *GetRequest) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*Empty)(nil), "github.com.packethost.tinkerbell.protos.template.Empty")
+	proto.RegisterType((*WorkflowTemplate)(nil), "github.com.packethost.tinkerbell.protos.template.WorkflowTemplate")
+	proto.RegisterType((*CreateResponse)(nil), "github.com.packethost.tinkerbell.protos.template.CreateResponse")
+	proto.RegisterType((*GetRequest)(nil), "github.com.packethost.tinkerbell.protos.template.GetRequest")
+}
+
+func init() { proto.RegisterFile("protos/template/template.proto", fileDescriptor_4fad5d825b213b31) }
+
+var fileDescriptor_4fad5d825b213b31 = []byte{
+	// 377 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0x4f, 0x4b, 0xeb, 0x40,
+	0x14, 0xc5, 0x99, 0xbe, 0xb6, 0xef, 0x75, 0xfa, 0x5e, 0x78, 0xcc, 0x2a, 0x04, 0xd1, 0x90, 0x55,
+	0x41, 0x9c, 0x48, 0x5d, 0x28, 0x88, 0x0b, 0xff, 0xd1, 0x8d, 0xab, 0x50, 0x11, 0xdc, 0xa5, 0xcd,
+	0x6d, 0x1b, 0x9a, 0x74, 0x62, 0xe6, 0x46, 0x71, 0xe1, 0x4a, 0xdd, 0xf9, 0x55, 0xfc, 0x7e, 0x2e,
+	0xa5, 0x93, 0x66, 0x2a, 0x71, 0x51, 0xd2, 0xba, 0x1b, 0xee, 0x9c, 0xdf, 0xe5, 0x9c, 0x3b, 0x97,
+	0xa1, 0xdb, 0x49, 0x2a, 0x50, 0x48, 0x17, 0x21, 0x4e, 0x22, 0x1f, 0x41, 0x1f, 0xb8, 0xba, 0x60,
+	0xbb, 0xe3, 0x10, 0x27, 0xd9, 0x80, 0x0f, 0x45, 0xcc, 0x13, 0x7f, 0x38, 0x05, 0x9c, 0x08, 0x89,
+	0x3c, 0x15, 0xf7, 0x90, 0xe6, 0x12, 0xc9, 0x0b, 0xc4, 0xda, 0x19, 0x0b, 0x31, 0x8e, 0xc0, 0x55,
+	0xf5, 0x41, 0x36, 0x72, 0x31, 0x8c, 0x41, 0xa2, 0x1f, 0x27, 0xb9, 0xd4, 0xf9, 0x4d, 0x1b, 0x97,
+	0x71, 0x82, 0x8f, 0xce, 0x07, 0xa1, 0xff, 0x6f, 0x44, 0x3a, 0x1d, 0x45, 0xe2, 0xa1, 0xbf, 0xc0,
+	0x99, 0x41, 0x6b, 0x61, 0x60, 0x12, 0x9b, 0x74, 0x5a, 0x5e, 0x2d, 0x0c, 0x18, 0xa3, 0xf5, 0x99,
+	0x1f, 0x83, 0x59, 0x53, 0x15, 0x75, 0x9e, 0xd7, 0x02, 0x1f, 0x7d, 0xf3, 0x97, 0x4d, 0x3a, 0x7f,
+	0x3d, 0x75, 0x66, 0x47, 0xb4, 0x35, 0x4c, 0xc1, 0x47, 0x08, 0x4e, 0xd1, 0xac, 0xdb, 0xa4, 0xd3,
+	0xee, 0x5a, 0x3c, 0xb7, 0xc2, 0x0b, 0x2b, 0xbc, 0x5f, 0x58, 0xf1, 0x96, 0xe2, 0x39, 0x99, 0x25,
+	0xc1, 0x82, 0x6c, 0xac, 0x26, 0xb5, 0x78, 0x4e, 0x06, 0x10, 0x41, 0x4e, 0x36, 0x57, 0x93, 0x5a,
+	0xec, 0xd8, 0xd4, 0x38, 0x57, 0x06, 0x3c, 0x90, 0x89, 0x98, 0xc9, 0x6f, 0xb9, 0x9d, 0x2d, 0x4a,
+	0x7b, 0x80, 0x1e, 0xdc, 0x65, 0x20, 0xb1, 0x7c, 0xdb, 0x7d, 0x6f, 0xd0, 0x3f, 0x7a, 0x64, 0x6f,
+	0xa4, 0xe8, 0xa6, 0x4b, 0x27, 0xbc, 0xc2, 0x93, 0xf1, 0xf2, 0x23, 0x58, 0xc7, 0x95, 0xf0, 0x52,
+	0x92, 0x57, 0x42, 0xdb, 0x3d, 0x40, 0xed, 0xe5, 0xb0, 0x52, 0xb3, 0x65, 0x68, 0x6b, 0xb3, 0x10,
+	0xec, 0x89, 0x1a, 0x17, 0x6a, 0xe0, 0x9b, 0x3b, 0xe9, 0x56, 0x02, 0xd5, 0x76, 0xb3, 0x17, 0x42,
+	0xff, 0x5d, 0x85, 0x52, 0xcf, 0x41, 0xb2, 0x35, 0xba, 0x6c, 0x38, 0x83, 0x7d, 0xc2, 0x9e, 0x09,
+	0x35, 0xae, 0xd5, 0xc6, 0xfe, 0xd4, 0x72, 0xac, 0x11, 0xe3, 0x6c, 0xef, 0xf6, 0xcb, 0x1f, 0xe2,
+	0x2e, 0x21, 0x57, 0x41, 0x6e, 0xe9, 0xff, 0x19, 0x34, 0x55, 0xe1, 0xe0, 0x33, 0x00, 0x00, 0xff,
+	0xff, 0xbe, 0xa6, 0x11, 0xe0, 0x99, 0x04, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// TemplateClient is the client API for Template service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type TemplateClient interface {
+	CreateTemplate(ctx context.Context, in *WorkflowTemplate, opts ...grpc.CallOption) (*CreateResponse, error)
+	GetTemplate(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*WorkflowTemplate, error)
+	DeleteTemplate(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error)
+	ListTemplates(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Template_ListTemplatesClient, error)
+	UpdateTemplate(ctx context.Context, in *WorkflowTemplate, opts ...grpc.CallOption) (*Empty, error)
+}
+
+type templateClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewTemplateClient(cc *grpc.ClientConn) TemplateClient {
+	return &templateClient{cc}
+}
+
+func (c *templateClient) CreateTemplate(ctx context.Context, in *WorkflowTemplate, opts ...grpc.CallOption) (*CreateResponse, error) {
+	out := new(CreateResponse)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.template.Template/CreateTemplate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *templateClient) GetTemplate(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*WorkflowTemplate, error) {
+	out := new(WorkflowTemplate)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.template.Template/GetTemplate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *templateClient) DeleteTemplate(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.template.Template/DeleteTemplate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *templateClient) ListTemplates(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Template_ListTemplatesClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_Template_serviceDesc.Streams[0], "/github.com.packethost.tinkerbell.protos.template.Template/ListTemplates", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &templateListTemplatesClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type Template_ListTemplatesClient interface {
+	Recv() (*WorkflowTemplate, error)
+	grpc.ClientStream
+}
+
+type templateListTemplatesClient struct {
+	grpc.ClientStream
+}
+
+func (x *templateListTemplatesClient) Recv() (*WorkflowTemplate, error) {
+	m := new(WorkflowTemplate)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *templateClient) UpdateTemplate(ctx context.Context, in *WorkflowTemplate, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.template.Template/UpdateTemplate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// TemplateServer is the server API for Template service.
+type TemplateServer interface {
+	CreateTemplate(context.Context, *WorkflowTemplate) (*CreateResponse, error)
+	GetTemplate(context.Context, *GetRequest) (*WorkflowTemplate, error)
+	DeleteTemplate(context.Context, *GetRequest) (*Empty, error)
+	ListTemplates(*Empty, Template_ListTemplatesServer) error
+	UpdateTemplate(context.Context, *WorkflowTemplate) (*Empty, error)
+}
+
+// UnimplementedTemplateServer can be embedded to have forward compatible implementations.
+type UnimplementedTemplateServer struct {
+}
+
+func (*UnimplementedTemplateServer) CreateTemplate(ctx context.Context, req *WorkflowTemplate) (*CreateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateTemplate not implemented")
+}
+func (*UnimplementedTemplateServer) GetTemplate(ctx context.Context, req *GetRequest) (*WorkflowTemplate, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetTemplate not implemented")
+}
+func (*UnimplementedTemplateServer) DeleteTemplate(ctx context.Context, req *GetRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteTemplate not implemented")
+}
+func (*UnimplementedTemplateServer) ListTemplates(req *Empty, srv Template_ListTemplatesServer) error {
+	return status.Errorf(codes.Unimplemented, "method ListTemplates not implemented")
+}
+func (*UnimplementedTemplateServer) UpdateTemplate(ctx context.Context, req *WorkflowTemplate) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateTemplate not implemented")
+}
+
+func RegisterTemplateServer(s *grpc.Server, srv TemplateServer) {
+	s.RegisterService(&_Template_serviceDesc, srv)
+}
+
+func _Template_CreateTemplate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(WorkflowTemplate)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TemplateServer).CreateTemplate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.template.Template/CreateTemplate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TemplateServer).CreateTemplate(ctx, req.(*WorkflowTemplate))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Template_GetTemplate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TemplateServer).GetTemplate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.template.Template/GetTemplate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TemplateServer).GetTemplate(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Template_DeleteTemplate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TemplateServer).DeleteTemplate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.template.Template/DeleteTemplate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TemplateServer).DeleteTemplate(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Template_ListTemplates_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(Empty)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(TemplateServer).ListTemplates(m, &templateListTemplatesServer{stream})
+}
+
+type Template_ListTemplatesServer interface {
+	Send(*WorkflowTemplate) error
+	grpc.ServerStream
+}
+
+type templateListTemplatesServer struct {
+	grpc.ServerStream
+}
+
+func (x *templateListTemplatesServer) Send(m *WorkflowTemplate) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _Template_UpdateTemplate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(WorkflowTemplate)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TemplateServer).UpdateTemplate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.template.Template/UpdateTemplate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TemplateServer).UpdateTemplate(ctx, req.(*WorkflowTemplate))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Template_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "github.com.packethost.tinkerbell.protos.template.Template",
+	HandlerType: (*TemplateServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateTemplate",
+			Handler:    _Template_CreateTemplate_Handler,
+		},
+		{
+			MethodName: "GetTemplate",
+			Handler:    _Template_GetTemplate_Handler,
+		},
+		{
+			MethodName: "DeleteTemplate",
+			Handler:    _Template_DeleteTemplate_Handler,
+		},
+		{
+			MethodName: "UpdateTemplate",
+			Handler:    _Template_UpdateTemplate_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "ListTemplates",
+			Handler:       _Template_ListTemplates_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "protos/template/template.proto",
+}
diff --git a/protos/template/template.proto b/protos/template/template.proto
new file mode 100644
index 000000000..97eba3a45
--- /dev/null
+++ b/protos/template/template.proto
@@ -0,0 +1,35 @@
+syntax = "proto3";
+
+option go_package = "github.com/packethost/tinkerbell/protos/template";
+
+package github.com.packethost.tinkerbell.protos.template;
+
+import "google/protobuf/timestamp.proto";
+
+service Template {
+	rpc CreateTemplate(WorkflowTemplate) returns (CreateResponse);
+	rpc GetTemplate(GetRequest) returns (WorkflowTemplate);
+	rpc DeleteTemplate(GetRequest) returns (Empty);
+	rpc ListTemplates(Empty) returns (stream WorkflowTemplate);
+	rpc UpdateTemplate(WorkflowTemplate) returns (Empty);
+}
+
+message Empty {
+}
+
+message WorkflowTemplate {
+	string id = 1;
+	string name = 2;
+	bytes data = 3;
+	google.protobuf.Timestamp createdAt = 4;
+	google.protobuf.Timestamp updatedAt = 5;
+	google.protobuf.Timestamp deletedAt = 6;
+}
+
+message CreateResponse {
+	string id = 1;
+}
+
+message GetRequest {
+	string id = 1;
+}
diff --git a/protos/workflow/workflow.pb.go b/protos/workflow/workflow.pb.go
new file mode 100644
index 000000000..392b0edb0
--- /dev/null
+++ b/protos/workflow/workflow.pb.go
@@ -0,0 +1,1610 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: workflow.proto
+
+package workflow
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type State int32
+
+const (
+	State_PENDING State = 0
+	State_RUNNING State = 1
+	State_FAILED  State = 2
+	State_TIMEOUT State = 3
+	State_SUCCESS State = 4
+)
+
+var State_name = map[int32]string{
+	0: "PENDING",
+	1: "RUNNING",
+	2: "FAILED",
+	3: "TIMEOUT",
+	4: "SUCCESS",
+}
+
+var State_value = map[string]int32{
+	"PENDING": 0,
+	"RUNNING": 1,
+	"FAILED":  2,
+	"TIMEOUT": 3,
+	"SUCCESS": 4,
+}
+
+func (x State) String() string {
+	return proto.EnumName(State_name, int32(x))
+}
+
+func (State) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{0}
+}
+
+type ActionState int32
+
+const (
+	ActionState_ACTION_PENDING     ActionState = 0
+	ActionState_ACTION_IN_PROGRESS ActionState = 1
+	ActionState_ACTION_SUCCESS     ActionState = 2
+	ActionState_ACTION_FAILED      ActionState = 3
+	ActionState_ACTION_TIMEOUT     ActionState = 4
+)
+
+var ActionState_name = map[int32]string{
+	0: "ACTION_PENDING",
+	1: "ACTION_IN_PROGRESS",
+	2: "ACTION_SUCCESS",
+	3: "ACTION_FAILED",
+	4: "ACTION_TIMEOUT",
+}
+
+var ActionState_value = map[string]int32{
+	"ACTION_PENDING":     0,
+	"ACTION_IN_PROGRESS": 1,
+	"ACTION_SUCCESS":     2,
+	"ACTION_FAILED":      3,
+	"ACTION_TIMEOUT":     4,
+}
+
+func (x ActionState) String() string {
+	return proto.EnumName(ActionState_name, int32(x))
+}
+
+func (ActionState) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{1}
+}
+
+type Empty struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Empty) Reset()         { *m = Empty{} }
+func (m *Empty) String() string { return proto.CompactTextString(m) }
+func (*Empty) ProtoMessage()    {}
+func (*Empty) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{0}
+}
+
+func (m *Empty) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Empty.Unmarshal(m, b)
+}
+func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Empty.Marshal(b, m, deterministic)
+}
+func (m *Empty) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Empty.Merge(m, src)
+}
+func (m *Empty) XXX_Size() int {
+	return xxx_messageInfo_Empty.Size(m)
+}
+func (m *Empty) XXX_DiscardUnknown() {
+	xxx_messageInfo_Empty.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Empty proto.InternalMessageInfo
+
+type Workflow struct {
+	Id                   string               `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Template             string               `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"`
+	Target               string               `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
+	State                State                `protobuf:"varint,4,opt,name=state,proto3,enum=github.com.packethost.tinkerbell.protos.workflow.State" json:"state,omitempty"`
+	CreatedAt            *timestamp.Timestamp `protobuf:"bytes,5,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
+	UpdatedAt            *timestamp.Timestamp `protobuf:"bytes,6,opt,name=updatedAt,proto3" json:"updatedAt,omitempty"`
+	DeletedAt            *timestamp.Timestamp `protobuf:"bytes,7,opt,name=deletedAt,proto3" json:"deletedAt,omitempty"`
+	Data                 string               `protobuf:"bytes,8,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *Workflow) Reset()         { *m = Workflow{} }
+func (m *Workflow) String() string { return proto.CompactTextString(m) }
+func (*Workflow) ProtoMessage()    {}
+func (*Workflow) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{1}
+}
+
+func (m *Workflow) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Workflow.Unmarshal(m, b)
+}
+func (m *Workflow) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Workflow.Marshal(b, m, deterministic)
+}
+func (m *Workflow) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Workflow.Merge(m, src)
+}
+func (m *Workflow) XXX_Size() int {
+	return xxx_messageInfo_Workflow.Size(m)
+}
+func (m *Workflow) XXX_DiscardUnknown() {
+	xxx_messageInfo_Workflow.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Workflow proto.InternalMessageInfo
+
+func (m *Workflow) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *Workflow) GetTemplate() string {
+	if m != nil {
+		return m.Template
+	}
+	return ""
+}
+
+func (m *Workflow) GetTarget() string {
+	if m != nil {
+		return m.Target
+	}
+	return ""
+}
+
+func (m *Workflow) GetState() State {
+	if m != nil {
+		return m.State
+	}
+	return State_PENDING
+}
+
+func (m *Workflow) GetCreatedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreatedAt
+	}
+	return nil
+}
+
+func (m *Workflow) GetUpdatedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.UpdatedAt
+	}
+	return nil
+}
+
+func (m *Workflow) GetDeletedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.DeletedAt
+	}
+	return nil
+}
+
+func (m *Workflow) GetData() string {
+	if m != nil {
+		return m.Data
+	}
+	return ""
+}
+
+type CreateRequest struct {
+	Template             string   `protobuf:"bytes,1,opt,name=template,proto3" json:"template,omitempty"`
+	Target               string   `protobuf:"bytes,2,opt,name=target,proto3" json:"target,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
+func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
+func (*CreateRequest) ProtoMessage()    {}
+func (*CreateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{2}
+}
+
+func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateRequest.Unmarshal(m, b)
+}
+func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
+}
+func (m *CreateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateRequest.Merge(m, src)
+}
+func (m *CreateRequest) XXX_Size() int {
+	return xxx_messageInfo_CreateRequest.Size(m)
+}
+func (m *CreateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
+
+func (m *CreateRequest) GetTemplate() string {
+	if m != nil {
+		return m.Template
+	}
+	return ""
+}
+
+func (m *CreateRequest) GetTarget() string {
+	if m != nil {
+		return m.Target
+	}
+	return ""
+}
+
+type CreateResponse struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
+func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
+func (*CreateResponse) ProtoMessage()    {}
+func (*CreateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{3}
+}
+
+func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
+}
+func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
+}
+func (m *CreateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResponse.Merge(m, src)
+}
+func (m *CreateResponse) XXX_Size() int {
+	return xxx_messageInfo_CreateResponse.Size(m)
+}
+func (m *CreateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
+
+func (m *CreateResponse) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+type GetRequest struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetRequest) Reset()         { *m = GetRequest{} }
+func (m *GetRequest) String() string { return proto.CompactTextString(m) }
+func (*GetRequest) ProtoMessage()    {}
+func (*GetRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{4}
+}
+
+func (m *GetRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetRequest.Unmarshal(m, b)
+}
+func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
+}
+func (m *GetRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetRequest.Merge(m, src)
+}
+func (m *GetRequest) XXX_Size() int {
+	return xxx_messageInfo_GetRequest.Size(m)
+}
+func (m *GetRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetRequest proto.InternalMessageInfo
+
+func (m *GetRequest) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+type WorkflowContext struct {
+	WorkflowId           string      `protobuf:"bytes,1,opt,name=workflow_id,json=workflowId,proto3" json:"workflow_id,omitempty"`
+	CurrentWorker        string      `protobuf:"bytes,2,opt,name=current_worker,json=currentWorker,proto3" json:"current_worker,omitempty"`
+	CurrentTask          string      `protobuf:"bytes,3,opt,name=current_task,json=currentTask,proto3" json:"current_task,omitempty"`
+	CurrentAction        string      `protobuf:"bytes,4,opt,name=current_action,json=currentAction,proto3" json:"current_action,omitempty"`
+	CurrentActionIndex   int64       `protobuf:"varint,5,opt,name=current_action_index,json=currentActionIndex,proto3" json:"current_action_index,omitempty"`
+	CurrentActionState   ActionState `protobuf:"varint,6,opt,name=current_action_state,json=currentActionState,proto3,enum=github.com.packethost.tinkerbell.protos.workflow.ActionState" json:"current_action_state,omitempty"`
+	TotalNumberOfActions int64       `protobuf:"varint,7,opt,name=total_number_of_actions,json=totalNumberOfActions,proto3" json:"total_number_of_actions,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
+	XXX_unrecognized     []byte      `json:"-"`
+	XXX_sizecache        int32       `json:"-"`
+}
+
+func (m *WorkflowContext) Reset()         { *m = WorkflowContext{} }
+func (m *WorkflowContext) String() string { return proto.CompactTextString(m) }
+func (*WorkflowContext) ProtoMessage()    {}
+func (*WorkflowContext) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{5}
+}
+
+func (m *WorkflowContext) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowContext.Unmarshal(m, b)
+}
+func (m *WorkflowContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowContext.Marshal(b, m, deterministic)
+}
+func (m *WorkflowContext) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowContext.Merge(m, src)
+}
+func (m *WorkflowContext) XXX_Size() int {
+	return xxx_messageInfo_WorkflowContext.Size(m)
+}
+func (m *WorkflowContext) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowContext.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowContext proto.InternalMessageInfo
+
+func (m *WorkflowContext) GetWorkflowId() string {
+	if m != nil {
+		return m.WorkflowId
+	}
+	return ""
+}
+
+func (m *WorkflowContext) GetCurrentWorker() string {
+	if m != nil {
+		return m.CurrentWorker
+	}
+	return ""
+}
+
+func (m *WorkflowContext) GetCurrentTask() string {
+	if m != nil {
+		return m.CurrentTask
+	}
+	return ""
+}
+
+func (m *WorkflowContext) GetCurrentAction() string {
+	if m != nil {
+		return m.CurrentAction
+	}
+	return ""
+}
+
+func (m *WorkflowContext) GetCurrentActionIndex() int64 {
+	if m != nil {
+		return m.CurrentActionIndex
+	}
+	return 0
+}
+
+func (m *WorkflowContext) GetCurrentActionState() ActionState {
+	if m != nil {
+		return m.CurrentActionState
+	}
+	return ActionState_ACTION_PENDING
+}
+
+func (m *WorkflowContext) GetTotalNumberOfActions() int64 {
+	if m != nil {
+		return m.TotalNumberOfActions
+	}
+	return 0
+}
+
+type WorkflowActionStatus struct {
+	WorkflowId           string               `protobuf:"bytes,1,opt,name=workflow_id,json=workflowId,proto3" json:"workflow_id,omitempty"`
+	TaskName             string               `protobuf:"bytes,2,opt,name=task_name,json=taskName,proto3" json:"task_name,omitempty"`
+	ActionName           string               `protobuf:"bytes,3,opt,name=action_name,json=actionName,proto3" json:"action_name,omitempty"`
+	ActionStatus         ActionState          `protobuf:"varint,4,opt,name=action_status,json=actionStatus,proto3,enum=github.com.packethost.tinkerbell.protos.workflow.ActionState" json:"action_status,omitempty"`
+	Seconds              int64                `protobuf:"varint,5,opt,name=seconds,proto3" json:"seconds,omitempty"`
+	Message              string               `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"`
+	CreatedAt            *timestamp.Timestamp `protobuf:"bytes,7,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
+	WorkerId             string               `protobuf:"bytes,8,opt,name=worker_id,json=workerId,proto3" json:"worker_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
+}
+
+func (m *WorkflowActionStatus) Reset()         { *m = WorkflowActionStatus{} }
+func (m *WorkflowActionStatus) String() string { return proto.CompactTextString(m) }
+func (*WorkflowActionStatus) ProtoMessage()    {}
+func (*WorkflowActionStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{6}
+}
+
+func (m *WorkflowActionStatus) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowActionStatus.Unmarshal(m, b)
+}
+func (m *WorkflowActionStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowActionStatus.Marshal(b, m, deterministic)
+}
+func (m *WorkflowActionStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowActionStatus.Merge(m, src)
+}
+func (m *WorkflowActionStatus) XXX_Size() int {
+	return xxx_messageInfo_WorkflowActionStatus.Size(m)
+}
+func (m *WorkflowActionStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowActionStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowActionStatus proto.InternalMessageInfo
+
+func (m *WorkflowActionStatus) GetWorkflowId() string {
+	if m != nil {
+		return m.WorkflowId
+	}
+	return ""
+}
+
+func (m *WorkflowActionStatus) GetTaskName() string {
+	if m != nil {
+		return m.TaskName
+	}
+	return ""
+}
+
+func (m *WorkflowActionStatus) GetActionName() string {
+	if m != nil {
+		return m.ActionName
+	}
+	return ""
+}
+
+func (m *WorkflowActionStatus) GetActionStatus() ActionState {
+	if m != nil {
+		return m.ActionStatus
+	}
+	return ActionState_ACTION_PENDING
+}
+
+func (m *WorkflowActionStatus) GetSeconds() int64 {
+	if m != nil {
+		return m.Seconds
+	}
+	return 0
+}
+
+func (m *WorkflowActionStatus) GetMessage() string {
+	if m != nil {
+		return m.Message
+	}
+	return ""
+}
+
+func (m *WorkflowActionStatus) GetCreatedAt() *timestamp.Timestamp {
+	if m != nil {
+		return m.CreatedAt
+	}
+	return nil
+}
+
+func (m *WorkflowActionStatus) GetWorkerId() string {
+	if m != nil {
+		return m.WorkerId
+	}
+	return ""
+}
+
+type WorkflowContextRequest struct {
+	WorkerId             string   `protobuf:"bytes,1,opt,name=worker_id,json=workerId,proto3" json:"worker_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *WorkflowContextRequest) Reset()         { *m = WorkflowContextRequest{} }
+func (m *WorkflowContextRequest) String() string { return proto.CompactTextString(m) }
+func (*WorkflowContextRequest) ProtoMessage()    {}
+func (*WorkflowContextRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{7}
+}
+
+func (m *WorkflowContextRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowContextRequest.Unmarshal(m, b)
+}
+func (m *WorkflowContextRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowContextRequest.Marshal(b, m, deterministic)
+}
+func (m *WorkflowContextRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowContextRequest.Merge(m, src)
+}
+func (m *WorkflowContextRequest) XXX_Size() int {
+	return xxx_messageInfo_WorkflowContextRequest.Size(m)
+}
+func (m *WorkflowContextRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowContextRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowContextRequest proto.InternalMessageInfo
+
+func (m *WorkflowContextRequest) GetWorkerId() string {
+	if m != nil {
+		return m.WorkerId
+	}
+	return ""
+}
+
+type WorkflowContextList struct {
+	WorkflowContexts     []*WorkflowContext `protobuf:"bytes,1,rep,name=workflow_contexts,json=workflowContexts,proto3" json:"workflow_contexts,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
+	XXX_unrecognized     []byte             `json:"-"`
+	XXX_sizecache        int32              `json:"-"`
+}
+
+func (m *WorkflowContextList) Reset()         { *m = WorkflowContextList{} }
+func (m *WorkflowContextList) String() string { return proto.CompactTextString(m) }
+func (*WorkflowContextList) ProtoMessage()    {}
+func (*WorkflowContextList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{8}
+}
+
+func (m *WorkflowContextList) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowContextList.Unmarshal(m, b)
+}
+func (m *WorkflowContextList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowContextList.Marshal(b, m, deterministic)
+}
+func (m *WorkflowContextList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowContextList.Merge(m, src)
+}
+func (m *WorkflowContextList) XXX_Size() int {
+	return xxx_messageInfo_WorkflowContextList.Size(m)
+}
+func (m *WorkflowContextList) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowContextList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowContextList proto.InternalMessageInfo
+
+func (m *WorkflowContextList) GetWorkflowContexts() []*WorkflowContext {
+	if m != nil {
+		return m.WorkflowContexts
+	}
+	return nil
+}
+
+type WorkflowActionsRequest struct {
+	WorkflowId           string   `protobuf:"bytes,1,opt,name=workflow_id,json=workflowId,proto3" json:"workflow_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *WorkflowActionsRequest) Reset()         { *m = WorkflowActionsRequest{} }
+func (m *WorkflowActionsRequest) String() string { return proto.CompactTextString(m) }
+func (*WorkflowActionsRequest) ProtoMessage()    {}
+func (*WorkflowActionsRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{9}
+}
+
+func (m *WorkflowActionsRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowActionsRequest.Unmarshal(m, b)
+}
+func (m *WorkflowActionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowActionsRequest.Marshal(b, m, deterministic)
+}
+func (m *WorkflowActionsRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowActionsRequest.Merge(m, src)
+}
+func (m *WorkflowActionsRequest) XXX_Size() int {
+	return xxx_messageInfo_WorkflowActionsRequest.Size(m)
+}
+func (m *WorkflowActionsRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowActionsRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowActionsRequest proto.InternalMessageInfo
+
+func (m *WorkflowActionsRequest) GetWorkflowId() string {
+	if m != nil {
+		return m.WorkflowId
+	}
+	return ""
+}
+
+type WorkflowAction struct {
+	TaskName             string   `protobuf:"bytes,1,opt,name=task_name,json=taskName,proto3" json:"task_name,omitempty"`
+	Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Image                string   `protobuf:"bytes,3,opt,name=image,proto3" json:"image,omitempty"`
+	Timeout              int64    `protobuf:"varint,4,opt,name=timeout,proto3" json:"timeout,omitempty"`
+	Command              []string `protobuf:"bytes,5,rep,name=command,proto3" json:"command,omitempty"`
+	OnTimeout            []string `protobuf:"bytes,6,rep,name=on_timeout,json=onTimeout,proto3" json:"on_timeout,omitempty"`
+	OnFailure            []string `protobuf:"bytes,7,rep,name=on_failure,json=onFailure,proto3" json:"on_failure,omitempty"`
+	WorkerId             string   `protobuf:"bytes,8,opt,name=worker_id,json=workerId,proto3" json:"worker_id,omitempty"`
+	Volumes              []string `protobuf:"bytes,9,rep,name=volumes,proto3" json:"volumes,omitempty"`
+	Environment          []string `protobuf:"bytes,10,rep,name=environment,proto3" json:"environment,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *WorkflowAction) Reset()         { *m = WorkflowAction{} }
+func (m *WorkflowAction) String() string { return proto.CompactTextString(m) }
+func (*WorkflowAction) ProtoMessage()    {}
+func (*WorkflowAction) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{10}
+}
+
+func (m *WorkflowAction) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowAction.Unmarshal(m, b)
+}
+func (m *WorkflowAction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowAction.Marshal(b, m, deterministic)
+}
+func (m *WorkflowAction) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowAction.Merge(m, src)
+}
+func (m *WorkflowAction) XXX_Size() int {
+	return xxx_messageInfo_WorkflowAction.Size(m)
+}
+func (m *WorkflowAction) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowAction.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowAction proto.InternalMessageInfo
+
+func (m *WorkflowAction) GetTaskName() string {
+	if m != nil {
+		return m.TaskName
+	}
+	return ""
+}
+
+func (m *WorkflowAction) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *WorkflowAction) GetImage() string {
+	if m != nil {
+		return m.Image
+	}
+	return ""
+}
+
+func (m *WorkflowAction) GetTimeout() int64 {
+	if m != nil {
+		return m.Timeout
+	}
+	return 0
+}
+
+func (m *WorkflowAction) GetCommand() []string {
+	if m != nil {
+		return m.Command
+	}
+	return nil
+}
+
+func (m *WorkflowAction) GetOnTimeout() []string {
+	if m != nil {
+		return m.OnTimeout
+	}
+	return nil
+}
+
+func (m *WorkflowAction) GetOnFailure() []string {
+	if m != nil {
+		return m.OnFailure
+	}
+	return nil
+}
+
+func (m *WorkflowAction) GetWorkerId() string {
+	if m != nil {
+		return m.WorkerId
+	}
+	return ""
+}
+
+func (m *WorkflowAction) GetVolumes() []string {
+	if m != nil {
+		return m.Volumes
+	}
+	return nil
+}
+
+func (m *WorkflowAction) GetEnvironment() []string {
+	if m != nil {
+		return m.Environment
+	}
+	return nil
+}
+
+type WorkflowActionList struct {
+	ActionList           []*WorkflowAction `protobuf:"bytes,1,rep,name=action_list,json=actionList,proto3" json:"action_list,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *WorkflowActionList) Reset()         { *m = WorkflowActionList{} }
+func (m *WorkflowActionList) String() string { return proto.CompactTextString(m) }
+func (*WorkflowActionList) ProtoMessage()    {}
+func (*WorkflowActionList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{11}
+}
+
+func (m *WorkflowActionList) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_WorkflowActionList.Unmarshal(m, b)
+}
+func (m *WorkflowActionList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_WorkflowActionList.Marshal(b, m, deterministic)
+}
+func (m *WorkflowActionList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WorkflowActionList.Merge(m, src)
+}
+func (m *WorkflowActionList) XXX_Size() int {
+	return xxx_messageInfo_WorkflowActionList.Size(m)
+}
+func (m *WorkflowActionList) XXX_DiscardUnknown() {
+	xxx_messageInfo_WorkflowActionList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WorkflowActionList proto.InternalMessageInfo
+
+func (m *WorkflowActionList) GetActionList() []*WorkflowAction {
+	if m != nil {
+		return m.ActionList
+	}
+	return nil
+}
+
+type GetWorkflowDataRequest struct {
+	WorkflowID           string   `protobuf:"bytes,1,opt,name=workflow_iD,json=workflowID,proto3" json:"workflow_iD,omitempty"`
+	Version              int32    `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetWorkflowDataRequest) Reset()         { *m = GetWorkflowDataRequest{} }
+func (m *GetWorkflowDataRequest) String() string { return proto.CompactTextString(m) }
+func (*GetWorkflowDataRequest) ProtoMessage()    {}
+func (*GetWorkflowDataRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{12}
+}
+
+func (m *GetWorkflowDataRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetWorkflowDataRequest.Unmarshal(m, b)
+}
+func (m *GetWorkflowDataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetWorkflowDataRequest.Marshal(b, m, deterministic)
+}
+func (m *GetWorkflowDataRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetWorkflowDataRequest.Merge(m, src)
+}
+func (m *GetWorkflowDataRequest) XXX_Size() int {
+	return xxx_messageInfo_GetWorkflowDataRequest.Size(m)
+}
+func (m *GetWorkflowDataRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetWorkflowDataRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetWorkflowDataRequest proto.InternalMessageInfo
+
+func (m *GetWorkflowDataRequest) GetWorkflowID() string {
+	if m != nil {
+		return m.WorkflowID
+	}
+	return ""
+}
+
+func (m *GetWorkflowDataRequest) GetVersion() int32 {
+	if m != nil {
+		return m.Version
+	}
+	return 0
+}
+
+type GetWorkflowDataResponse struct {
+	Data                 []byte   `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
+	Version              int32    `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GetWorkflowDataResponse) Reset()         { *m = GetWorkflowDataResponse{} }
+func (m *GetWorkflowDataResponse) String() string { return proto.CompactTextString(m) }
+func (*GetWorkflowDataResponse) ProtoMessage()    {}
+func (*GetWorkflowDataResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{13}
+}
+
+func (m *GetWorkflowDataResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GetWorkflowDataResponse.Unmarshal(m, b)
+}
+func (m *GetWorkflowDataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GetWorkflowDataResponse.Marshal(b, m, deterministic)
+}
+func (m *GetWorkflowDataResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GetWorkflowDataResponse.Merge(m, src)
+}
+func (m *GetWorkflowDataResponse) XXX_Size() int {
+	return xxx_messageInfo_GetWorkflowDataResponse.Size(m)
+}
+func (m *GetWorkflowDataResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GetWorkflowDataResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GetWorkflowDataResponse proto.InternalMessageInfo
+
+func (m *GetWorkflowDataResponse) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func (m *GetWorkflowDataResponse) GetVersion() int32 {
+	if m != nil {
+		return m.Version
+	}
+	return 0
+}
+
+type UpdateWorkflowDataRequest struct {
+	WorkflowID           string   `protobuf:"bytes,1,opt,name=workflow_iD,json=workflowID,proto3" json:"workflow_iD,omitempty"`
+	Metadata             []byte   `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	Data                 []byte   `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *UpdateWorkflowDataRequest) Reset()         { *m = UpdateWorkflowDataRequest{} }
+func (m *UpdateWorkflowDataRequest) String() string { return proto.CompactTextString(m) }
+func (*UpdateWorkflowDataRequest) ProtoMessage()    {}
+func (*UpdateWorkflowDataRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_892c7f566756b0be, []int{14}
+}
+
+func (m *UpdateWorkflowDataRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_UpdateWorkflowDataRequest.Unmarshal(m, b)
+}
+func (m *UpdateWorkflowDataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_UpdateWorkflowDataRequest.Marshal(b, m, deterministic)
+}
+func (m *UpdateWorkflowDataRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_UpdateWorkflowDataRequest.Merge(m, src)
+}
+func (m *UpdateWorkflowDataRequest) XXX_Size() int {
+	return xxx_messageInfo_UpdateWorkflowDataRequest.Size(m)
+}
+func (m *UpdateWorkflowDataRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_UpdateWorkflowDataRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_UpdateWorkflowDataRequest proto.InternalMessageInfo
+
+func (m *UpdateWorkflowDataRequest) GetWorkflowID() string {
+	if m != nil {
+		return m.WorkflowID
+	}
+	return ""
+}
+
+func (m *UpdateWorkflowDataRequest) GetMetadata() []byte {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+func (m *UpdateWorkflowDataRequest) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterEnum("github.com.packethost.tinkerbell.protos.workflow.State", State_name, State_value)
+	proto.RegisterEnum("github.com.packethost.tinkerbell.protos.workflow.ActionState", ActionState_name, ActionState_value)
+	proto.RegisterType((*Empty)(nil), "github.com.packethost.tinkerbell.protos.workflow.Empty")
+	proto.RegisterType((*Workflow)(nil), "github.com.packethost.tinkerbell.protos.workflow.Workflow")
+	proto.RegisterType((*CreateRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.CreateRequest")
+	proto.RegisterType((*CreateResponse)(nil), "github.com.packethost.tinkerbell.protos.workflow.CreateResponse")
+	proto.RegisterType((*GetRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.GetRequest")
+	proto.RegisterType((*WorkflowContext)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowContext")
+	proto.RegisterType((*WorkflowActionStatus)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowActionStatus")
+	proto.RegisterType((*WorkflowContextRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowContextRequest")
+	proto.RegisterType((*WorkflowContextList)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowContextList")
+	proto.RegisterType((*WorkflowActionsRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowActionsRequest")
+	proto.RegisterType((*WorkflowAction)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowAction")
+	proto.RegisterType((*WorkflowActionList)(nil), "github.com.packethost.tinkerbell.protos.workflow.WorkflowActionList")
+	proto.RegisterType((*GetWorkflowDataRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.GetWorkflowDataRequest")
+	proto.RegisterType((*GetWorkflowDataResponse)(nil), "github.com.packethost.tinkerbell.protos.workflow.GetWorkflowDataResponse")
+	proto.RegisterType((*UpdateWorkflowDataRequest)(nil), "github.com.packethost.tinkerbell.protos.workflow.UpdateWorkflowDataRequest")
+}
+
+func init() { proto.RegisterFile("workflow.proto", fileDescriptor_892c7f566756b0be) }
+
+var fileDescriptor_892c7f566756b0be = []byte{
+	// 1172 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x6f, 0xdb, 0x54,
+	0x14, 0xaf, 0x9d, 0xe6, 0xeb, 0x64, 0xcd, 0xba, 0xbb, 0xaa, 0x33, 0x19, 0x68, 0xc1, 0x12, 0x52,
+	0x35, 0xa4, 0xac, 0x2a, 0xaa, 0x18, 0x0c, 0x09, 0x4a, 0x92, 0x86, 0x48, 0x5b, 0x3a, 0x39, 0x29,
+	0x93, 0x10, 0x28, 0x72, 0xe3, 0xdb, 0xd6, 0x34, 0xf6, 0x0d, 0xbe, 0xd7, 0xed, 0x90, 0x98, 0xc4,
+	0x2b, 0x9a, 0x78, 0xe1, 0x19, 0xf1, 0x30, 0x89, 0x7f, 0x8a, 0x17, 0xfe, 0x0d, 0x1e, 0xd1, 0xfd,
+	0x4a, 0xec, 0x64, 0x5b, 0x15, 0xe7, 0x65, 0x6f, 0x3e, 0x1f, 0xbf, 0x73, 0x8f, 0xcf, 0xf9, 0xdd,
+	0x7b, 0x0e, 0x54, 0xaf, 0x48, 0x74, 0x71, 0x3a, 0x26, 0x57, 0x8d, 0x49, 0x44, 0x18, 0x41, 0x1f,
+	0x9f, 0xf9, 0xec, 0x3c, 0x3e, 0x69, 0x8c, 0x48, 0xd0, 0x98, 0xb8, 0xa3, 0x0b, 0xcc, 0xce, 0x09,
+	0x65, 0x8d, 0x88, 0x5c, 0xe2, 0x48, 0xba, 0xd0, 0x86, 0x86, 0xd4, 0xee, 0x9d, 0x11, 0x72, 0x36,
+	0xc6, 0x0f, 0x84, 0xfe, 0x24, 0x3e, 0x7d, 0xc0, 0xfc, 0x00, 0x53, 0xe6, 0x06, 0x13, 0xe9, 0x6a,
+	0x17, 0x21, 0xdf, 0x0e, 0x26, 0xec, 0x67, 0xfb, 0x1f, 0x13, 0x4a, 0xcf, 0x14, 0x0c, 0x55, 0xc1,
+	0xf4, 0x3d, 0xcb, 0xa8, 0x1b, 0x3b, 0x65, 0xc7, 0xf4, 0x3d, 0x54, 0x83, 0x12, 0xc3, 0xc1, 0x64,
+	0xec, 0x32, 0x6c, 0x99, 0x42, 0x3b, 0x95, 0xd1, 0x36, 0x14, 0x98, 0x1b, 0x9d, 0x61, 0x66, 0xe5,
+	0x84, 0x45, 0x49, 0xe8, 0x1b, 0xc8, 0x53, 0xc6, 0x01, 0xeb, 0x75, 0x63, 0xa7, 0xba, 0xb7, 0xd7,
+	0x58, 0x22, 0xef, 0x46, 0x9f, 0x23, 0x1d, 0x19, 0x00, 0x3d, 0x84, 0xf2, 0x28, 0xc2, 0x2e, 0xc3,
+	0xde, 0x01, 0xb3, 0xf2, 0x75, 0x63, 0xa7, 0xb2, 0x57, 0x6b, 0xc8, 0x1f, 0x6b, 0xe8, 0x1f, 0x6b,
+	0x0c, 0xf4, 0x8f, 0x39, 0x33, 0x67, 0x8e, 0x8c, 0x27, 0x9e, 0x42, 0x16, 0xae, 0x47, 0x4e, 0x9d,
+	0x39, 0xd2, 0xc3, 0x63, 0x2c, 0x91, 0xc5, 0xeb, 0x91, 0x53, 0x67, 0x84, 0x60, 0xdd, 0x73, 0x99,
+	0x6b, 0x95, 0x44, 0x35, 0xc4, 0xb7, 0xdd, 0x84, 0x8d, 0xa6, 0x48, 0xca, 0xc1, 0x3f, 0xc5, 0x98,
+	0xb2, 0x54, 0x41, 0x8d, 0x37, 0x16, 0xd4, 0x4c, 0x16, 0xd4, 0xae, 0x43, 0x55, 0x07, 0xa1, 0x13,
+	0x12, 0x52, 0x3c, 0xdf, 0x26, 0xfb, 0x7d, 0x80, 0x0e, 0x66, 0xfa, 0x8c, 0x79, 0xeb, 0x7f, 0x26,
+	0xdc, 0xd4, 0x1d, 0x6e, 0x92, 0x90, 0xe1, 0xe7, 0x0c, 0xdd, 0x83, 0x8a, 0xae, 0xf9, 0x70, 0xea,
+	0x0c, 0x5a, 0xd5, 0xf5, 0xd0, 0x47, 0x50, 0x1d, 0xc5, 0x51, 0x84, 0x43, 0x36, 0xe4, 0x5a, 0x1c,
+	0xa9, 0xa4, 0x36, 0x94, 0xf6, 0x99, 0x50, 0xa2, 0x0f, 0xe1, 0x86, 0x76, 0x63, 0x2e, 0xbd, 0x50,
+	0x54, 0xa8, 0x28, 0xdd, 0xc0, 0xa5, 0x17, 0xc9, 0x48, 0xee, 0x88, 0xf9, 0x24, 0x14, 0xc4, 0x98,
+	0x45, 0x3a, 0x10, 0x4a, 0xb4, 0x0b, 0x5b, 0x69, 0xb7, 0xa1, 0x1f, 0x7a, 0xf8, 0xb9, 0xe8, 0x7b,
+	0xce, 0x41, 0x29, 0xe7, 0x2e, 0xb7, 0xa0, 0x1f, 0x17, 0x10, 0x92, 0x77, 0x05, 0xc1, 0xbb, 0x87,
+	0x4b, 0xf1, 0x4e, 0xc6, 0x95, 0xec, 0x4b, 0x9f, 0x25, 0x74, 0x68, 0x1f, 0xee, 0x30, 0xc2, 0xdc,
+	0xf1, 0x30, 0x8c, 0x83, 0x13, 0x1c, 0x0d, 0xc9, 0xa9, 0x3a, 0x93, 0x0a, 0x92, 0xe4, 0x9c, 0x2d,
+	0x61, 0xee, 0x09, 0xeb, 0xd1, 0xa9, 0x84, 0x52, 0xfb, 0x5f, 0x13, 0xb6, 0x74, 0xe9, 0x67, 0xe1,
+	0x62, 0x7a, 0x7d, 0xfd, 0xef, 0x42, 0x99, 0x17, 0x74, 0x18, 0xba, 0xc1, 0xec, 0xea, 0xb9, 0xf4,
+	0xa2, 0xe7, 0x06, 0x98, 0xa3, 0xd5, 0x1f, 0x0b, 0xb3, 0x2c, 0x3a, 0x48, 0x95, 0x70, 0xf8, 0x01,
+	0x36, 0x12, 0x25, 0x89, 0xa9, 0xba, 0x8b, 0xd9, 0x6b, 0x72, 0xc3, 0x4d, 0x66, 0x6f, 0x41, 0x91,
+	0xe2, 0x11, 0x09, 0x3d, 0xaa, 0xda, 0xa3, 0x45, 0x6e, 0x09, 0x30, 0xa5, 0xee, 0x99, 0x6c, 0x43,
+	0xd9, 0xd1, 0x62, 0xfa, 0x32, 0x17, 0x97, 0xb9, 0xcc, 0x77, 0xa1, 0x2c, 0x29, 0xc8, 0x2b, 0x25,
+	0x6f, 0x57, 0x49, 0x2a, 0xba, 0x9e, 0xbd, 0x0f, 0xdb, 0x73, 0xdc, 0xd6, 0xd7, 0x20, 0x05, 0x33,
+	0xe6, 0x60, 0xbf, 0x1a, 0x70, 0x7b, 0x0e, 0xf7, 0xd8, 0xa7, 0x0c, 0xf9, 0x70, 0x6b, 0xda, 0x97,
+	0x91, 0xd4, 0x53, 0xcb, 0xa8, 0xe7, 0x76, 0x2a, 0x7b, 0x5f, 0x2c, 0x55, 0xbc, 0xf9, 0xa4, 0x36,
+	0xaf, 0xd2, 0x0a, 0x6a, 0x7f, 0x36, 0xcb, 0x5c, 0xd1, 0x45, 0x67, 0x7e, 0x1d, 0x39, 0xec, 0x57,
+	0x26, 0x54, 0xd3, 0xd8, 0x34, 0x5f, 0x8c, 0x39, 0xbe, 0x20, 0x58, 0x4f, 0xf0, 0x48, 0x7c, 0xa3,
+	0x2d, 0xc8, 0xfb, 0x01, 0xef, 0x93, 0x64, 0x8f, 0x14, 0x78, 0xff, 0xf8, 0xa4, 0x20, 0x31, 0x13,
+	0x94, 0xc9, 0x39, 0x5a, 0xe4, 0x96, 0x11, 0x09, 0x02, 0x37, 0xf4, 0xac, 0x7c, 0x3d, 0xc7, 0x3b,
+	0xab, 0x44, 0xf4, 0x01, 0x00, 0x09, 0x87, 0x1a, 0x56, 0x10, 0xc6, 0x32, 0x09, 0x07, 0x0a, 0x28,
+	0xcd, 0xa7, 0xae, 0x3f, 0x8e, 0x23, 0x6c, 0x15, 0xb5, 0xf9, 0x50, 0x2a, 0xde, 0xda, 0x5d, 0x7e,
+	0xe8, 0x25, 0x19, 0xc7, 0x01, 0xa6, 0x56, 0x59, 0x1e, 0xaa, 0x44, 0x54, 0x87, 0x0a, 0x0e, 0x2f,
+	0xfd, 0x88, 0x84, 0x01, 0x0e, 0x99, 0x05, 0xc2, 0x9a, 0x54, 0xd9, 0x11, 0xa0, 0x74, 0x8d, 0x44,
+	0x83, 0xbf, 0x9f, 0x5e, 0x9d, 0xb1, 0x4f, 0x99, 0x6a, 0xed, 0xa3, 0x4c, 0xad, 0x95, 0x51, 0xf5,
+	0xbd, 0xe3, 0xd1, 0xed, 0x3e, 0x6c, 0x77, 0x30, 0xd3, 0x0e, 0x2d, 0x97, 0xb9, 0xaf, 0xed, 0x69,
+	0x6b, 0xa1, 0xa7, 0x2d, 0xf1, 0xab, 0x38, 0xa2, 0xfc, 0x7d, 0xe4, 0x6d, 0xca, 0x3b, 0x5a, 0xb4,
+	0x3b, 0x70, 0x67, 0x21, 0xa8, 0x1a, 0x04, 0x7a, 0xe6, 0xf0, 0x70, 0x37, 0xe4, 0xcc, 0x79, 0x4b,
+	0xa0, 0x31, 0xbc, 0x77, 0x2c, 0x06, 0x5d, 0xa6, 0x04, 0x6b, 0x50, 0x0a, 0x30, 0x73, 0xc5, 0x79,
+	0xa6, 0x38, 0x6f, 0x2a, 0x4f, 0xf3, 0xc8, 0xcd, 0xf2, 0xb8, 0xdf, 0x81, 0xbc, 0x7c, 0x3b, 0x2b,
+	0x50, 0x7c, 0xda, 0xee, 0xb5, 0xba, 0xbd, 0xce, 0xe6, 0x1a, 0x17, 0x9c, 0xe3, 0x5e, 0x8f, 0x0b,
+	0x06, 0x02, 0x28, 0x1c, 0x1e, 0x74, 0x1f, 0xb7, 0x5b, 0x9b, 0x26, 0x37, 0x0c, 0xba, 0x4f, 0xda,
+	0x47, 0xc7, 0x83, 0xcd, 0x1c, 0x17, 0xfa, 0xc7, 0xcd, 0x66, 0xbb, 0xdf, 0xdf, 0x5c, 0xbf, 0xcf,
+	0xa0, 0x92, 0x7c, 0x8a, 0x11, 0x54, 0x0f, 0x9a, 0x83, 0xee, 0x51, 0x6f, 0x38, 0x8b, 0xba, 0x0d,
+	0x48, 0xe9, 0xba, 0xbd, 0xe1, 0x53, 0xe7, 0xa8, 0xe3, 0x70, 0xa8, 0x91, 0xf0, 0xd5, 0xe1, 0x4c,
+	0x74, 0x0b, 0x36, 0x94, 0x4e, 0x9d, 0x9d, 0x4b, 0xb8, 0xe9, 0x14, 0xd6, 0xf7, 0x5e, 0xde, 0x84,
+	0x8a, 0xae, 0x53, 0xff, 0x72, 0x84, 0x7e, 0x33, 0xf4, 0x18, 0x9e, 0x6e, 0x4b, 0x9f, 0x2f, 0x45,
+	0x9b, 0xd4, 0x22, 0x50, 0x7b, 0x94, 0x09, 0xab, 0xda, 0xfe, 0x02, 0x2a, 0x09, 0x46, 0xa0, 0x4f,
+	0x97, 0x8a, 0x35, 0xdb, 0x14, 0x6a, 0xfb, 0x99, 0x78, 0x8f, 0x5e, 0x40, 0xb5, 0x25, 0xd6, 0x9e,
+	0xd5, 0x33, 0x58, 0x6e, 0x3b, 0x14, 0x1b, 0x2b, 0xfa, 0x05, 0x36, 0xf8, 0x65, 0xd3, 0x87, 0x53,
+	0x94, 0x21, 0x48, 0xc6, 0x5f, 0xdf, 0x35, 0xd0, 0x4b, 0x03, 0x50, 0xa2, 0xf8, 0x7a, 0xa1, 0xca,
+	0x5c, 0x81, 0x95, 0xc6, 0x0a, 0xfa, 0xc3, 0x00, 0xd4, 0x3f, 0x27, 0x57, 0x5a, 0xdf, 0xbe, 0xc4,
+	0x21, 0xa3, 0xd9, 0xb3, 0x39, 0x58, 0xe1, 0x25, 0x94, 0xcb, 0xc1, 0xae, 0x81, 0xfe, 0x32, 0xe0,
+	0xf6, 0x62, 0x89, 0x28, 0x6a, 0xae, 0x34, 0x41, 0x55, 0x86, 0x5f, 0xad, 0x12, 0x44, 0x3c, 0xd2,
+	0x6b, 0xe8, 0xcf, 0x74, 0x0f, 0xd5, 0xf8, 0xcd, 0x98, 0x5f, 0x7a, 0x78, 0xd7, 0xbe, 0x5c, 0x21,
+	0x88, 0x4a, 0xef, 0x77, 0x03, 0x90, 0x83, 0x27, 0x24, 0x62, 0xa9, 0x9d, 0x71, 0xf5, 0xde, 0x64,
+	0xb9, 0x6e, 0xf6, 0x1a, 0xef, 0xe7, 0xcd, 0xb9, 0x09, 0xb4, 0x64, 0xad, 0x5e, 0x3f, 0x14, 0x6b,
+	0xad, 0xd5, 0x82, 0xc8, 0xd7, 0xd0, 0x5e, 0x43, 0xaf, 0xd2, 0x84, 0x7b, 0xa2, 0xc7, 0xd2, 0x3b,
+	0x95, 0xe4, 0xdf, 0xc6, 0xc2, 0x72, 0xf0, 0xad, 0x1c, 0xcc, 0xef, 0x56, 0x9e, 0xfc, 0x49, 0x59,
+	0x5c, 0x13, 0xd0, 0xe1, 0x52, 0xe1, 0xdf, 0xb8, 0x67, 0x64, 0xa3, 0xe0, 0xd7, 0xf0, 0x5d, 0x49,
+	0xeb, 0x4e, 0x0a, 0xc2, 0xe9, 0x93, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0xdd, 0x08, 0x15, 0x66,
+	0x21, 0x11, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// WorkflowSvcClient is the client API for WorkflowSvc service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type WorkflowSvcClient interface {
+	CreateWorkflow(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
+	GetWorkflow(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Workflow, error)
+	DeleteWorkflow(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error)
+	ListWorkflows(ctx context.Context, in *Empty, opts ...grpc.CallOption) (WorkflowSvc_ListWorkflowsClient, error)
+	GetWorkflowContext(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*WorkflowContext, error)
+	ShowWorkflowEvents(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (WorkflowSvc_ShowWorkflowEventsClient, error)
+	GetWorkflowContexts(ctx context.Context, in *WorkflowContextRequest, opts ...grpc.CallOption) (*WorkflowContextList, error)
+	GetWorkflowActions(ctx context.Context, in *WorkflowActionsRequest, opts ...grpc.CallOption) (*WorkflowActionList, error)
+	ReportActionStatus(ctx context.Context, in *WorkflowActionStatus, opts ...grpc.CallOption) (*Empty, error)
+	GetWorkflowData(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error)
+	GetWorkflowMetadata(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error)
+	GetWorkflowDataVersion(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error)
+	UpdateWorkflowData(ctx context.Context, in *UpdateWorkflowDataRequest, opts ...grpc.CallOption) (*Empty, error)
+}
+
+type workflowSvcClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewWorkflowSvcClient(cc *grpc.ClientConn) WorkflowSvcClient {
+	return &workflowSvcClient{cc}
+}
+
+func (c *workflowSvcClient) CreateWorkflow(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
+	out := new(CreateResponse)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/CreateWorkflow", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) GetWorkflow(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Workflow, error) {
+	out := new(Workflow)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflow", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) DeleteWorkflow(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/DeleteWorkflow", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) ListWorkflows(ctx context.Context, in *Empty, opts ...grpc.CallOption) (WorkflowSvc_ListWorkflowsClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_WorkflowSvc_serviceDesc.Streams[0], "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/ListWorkflows", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &workflowSvcListWorkflowsClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type WorkflowSvc_ListWorkflowsClient interface {
+	Recv() (*Workflow, error)
+	grpc.ClientStream
+}
+
+type workflowSvcListWorkflowsClient struct {
+	grpc.ClientStream
+}
+
+func (x *workflowSvcListWorkflowsClient) Recv() (*Workflow, error) {
+	m := new(Workflow)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowContext(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*WorkflowContext, error) {
+	out := new(WorkflowContext)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowContext", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) ShowWorkflowEvents(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (WorkflowSvc_ShowWorkflowEventsClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_WorkflowSvc_serviceDesc.Streams[1], "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/ShowWorkflowEvents", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &workflowSvcShowWorkflowEventsClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type WorkflowSvc_ShowWorkflowEventsClient interface {
+	Recv() (*WorkflowActionStatus, error)
+	grpc.ClientStream
+}
+
+type workflowSvcShowWorkflowEventsClient struct {
+	grpc.ClientStream
+}
+
+func (x *workflowSvcShowWorkflowEventsClient) Recv() (*WorkflowActionStatus, error) {
+	m := new(WorkflowActionStatus)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowContexts(ctx context.Context, in *WorkflowContextRequest, opts ...grpc.CallOption) (*WorkflowContextList, error) {
+	out := new(WorkflowContextList)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowContexts", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowActions(ctx context.Context, in *WorkflowActionsRequest, opts ...grpc.CallOption) (*WorkflowActionList, error) {
+	out := new(WorkflowActionList)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowActions", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) ReportActionStatus(ctx context.Context, in *WorkflowActionStatus, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/ReportActionStatus", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowData(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error) {
+	out := new(GetWorkflowDataResponse)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowData", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowMetadata(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error) {
+	out := new(GetWorkflowDataResponse)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowMetadata", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) GetWorkflowDataVersion(ctx context.Context, in *GetWorkflowDataRequest, opts ...grpc.CallOption) (*GetWorkflowDataResponse, error) {
+	out := new(GetWorkflowDataResponse)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowDataVersion", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *workflowSvcClient) UpdateWorkflowData(ctx context.Context, in *UpdateWorkflowDataRequest, opts ...grpc.CallOption) (*Empty, error) {
+	out := new(Empty)
+	err := c.cc.Invoke(ctx, "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/UpdateWorkflowData", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// WorkflowSvcServer is the server API for WorkflowSvc service.
+type WorkflowSvcServer interface {
+	CreateWorkflow(context.Context, *CreateRequest) (*CreateResponse, error)
+	GetWorkflow(context.Context, *GetRequest) (*Workflow, error)
+	DeleteWorkflow(context.Context, *GetRequest) (*Empty, error)
+	ListWorkflows(*Empty, WorkflowSvc_ListWorkflowsServer) error
+	GetWorkflowContext(context.Context, *GetRequest) (*WorkflowContext, error)
+	ShowWorkflowEvents(*GetRequest, WorkflowSvc_ShowWorkflowEventsServer) error
+	GetWorkflowContexts(context.Context, *WorkflowContextRequest) (*WorkflowContextList, error)
+	GetWorkflowActions(context.Context, *WorkflowActionsRequest) (*WorkflowActionList, error)
+	ReportActionStatus(context.Context, *WorkflowActionStatus) (*Empty, error)
+	GetWorkflowData(context.Context, *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error)
+	GetWorkflowMetadata(context.Context, *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error)
+	GetWorkflowDataVersion(context.Context, *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error)
+	UpdateWorkflowData(context.Context, *UpdateWorkflowDataRequest) (*Empty, error)
+}
+
+// UnimplementedWorkflowSvcServer can be embedded to have forward compatible implementations.
+type UnimplementedWorkflowSvcServer struct {
+}
+
+func (*UnimplementedWorkflowSvcServer) CreateWorkflow(ctx context.Context, req *CreateRequest) (*CreateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateWorkflow not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflow(ctx context.Context, req *GetRequest) (*Workflow, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflow not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) DeleteWorkflow(ctx context.Context, req *GetRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteWorkflow not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) ListWorkflows(req *Empty, srv WorkflowSvc_ListWorkflowsServer) error {
+	return status.Errorf(codes.Unimplemented, "method ListWorkflows not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowContext(ctx context.Context, req *GetRequest) (*WorkflowContext, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowContext not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) ShowWorkflowEvents(req *GetRequest, srv WorkflowSvc_ShowWorkflowEventsServer) error {
+	return status.Errorf(codes.Unimplemented, "method ShowWorkflowEvents not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowContexts(ctx context.Context, req *WorkflowContextRequest) (*WorkflowContextList, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowContexts not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowActions(ctx context.Context, req *WorkflowActionsRequest) (*WorkflowActionList, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowActions not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) ReportActionStatus(ctx context.Context, req *WorkflowActionStatus) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ReportActionStatus not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowData(ctx context.Context, req *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowData not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowMetadata(ctx context.Context, req *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowMetadata not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) GetWorkflowDataVersion(ctx context.Context, req *GetWorkflowDataRequest) (*GetWorkflowDataResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetWorkflowDataVersion not implemented")
+}
+func (*UnimplementedWorkflowSvcServer) UpdateWorkflowData(ctx context.Context, req *UpdateWorkflowDataRequest) (*Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateWorkflowData not implemented")
+}
+
+func RegisterWorkflowSvcServer(s *grpc.Server, srv WorkflowSvcServer) {
+	s.RegisterService(&_WorkflowSvc_serviceDesc, srv)
+}
+
+func _WorkflowSvc_CreateWorkflow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).CreateWorkflow(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/CreateWorkflow",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).CreateWorkflow(ctx, req.(*CreateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_GetWorkflow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflow(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflow",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflow(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_DeleteWorkflow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).DeleteWorkflow(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/DeleteWorkflow",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).DeleteWorkflow(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_ListWorkflows_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(Empty)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(WorkflowSvcServer).ListWorkflows(m, &workflowSvcListWorkflowsServer{stream})
+}
+
+type WorkflowSvc_ListWorkflowsServer interface {
+	Send(*Workflow) error
+	grpc.ServerStream
+}
+
+type workflowSvcListWorkflowsServer struct {
+	grpc.ServerStream
+}
+
+func (x *workflowSvcListWorkflowsServer) Send(m *Workflow) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _WorkflowSvc_GetWorkflowContext_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowContext(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowContext",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowContext(ctx, req.(*GetRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_ShowWorkflowEvents_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(GetRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(WorkflowSvcServer).ShowWorkflowEvents(m, &workflowSvcShowWorkflowEventsServer{stream})
+}
+
+type WorkflowSvc_ShowWorkflowEventsServer interface {
+	Send(*WorkflowActionStatus) error
+	grpc.ServerStream
+}
+
+type workflowSvcShowWorkflowEventsServer struct {
+	grpc.ServerStream
+}
+
+func (x *workflowSvcShowWorkflowEventsServer) Send(m *WorkflowActionStatus) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _WorkflowSvc_GetWorkflowContexts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(WorkflowContextRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowContexts(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowContexts",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowContexts(ctx, req.(*WorkflowContextRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_GetWorkflowActions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(WorkflowActionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowActions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowActions",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowActions(ctx, req.(*WorkflowActionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_ReportActionStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(WorkflowActionStatus)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).ReportActionStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/ReportActionStatus",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).ReportActionStatus(ctx, req.(*WorkflowActionStatus))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_GetWorkflowData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetWorkflowDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowData(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowData",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowData(ctx, req.(*GetWorkflowDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_GetWorkflowMetadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetWorkflowDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowMetadata(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowMetadata",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowMetadata(ctx, req.(*GetWorkflowDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_GetWorkflowDataVersion_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetWorkflowDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).GetWorkflowDataVersion(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/GetWorkflowDataVersion",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).GetWorkflowDataVersion(ctx, req.(*GetWorkflowDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _WorkflowSvc_UpdateWorkflowData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateWorkflowDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(WorkflowSvcServer).UpdateWorkflowData(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc/UpdateWorkflowData",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(WorkflowSvcServer).UpdateWorkflowData(ctx, req.(*UpdateWorkflowDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _WorkflowSvc_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "github.com.packethost.tinkerbell.protos.workflow.WorkflowSvc",
+	HandlerType: (*WorkflowSvcServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateWorkflow",
+			Handler:    _WorkflowSvc_CreateWorkflow_Handler,
+		},
+		{
+			MethodName: "GetWorkflow",
+			Handler:    _WorkflowSvc_GetWorkflow_Handler,
+		},
+		{
+			MethodName: "DeleteWorkflow",
+			Handler:    _WorkflowSvc_DeleteWorkflow_Handler,
+		},
+		{
+			MethodName: "GetWorkflowContext",
+			Handler:    _WorkflowSvc_GetWorkflowContext_Handler,
+		},
+		{
+			MethodName: "GetWorkflowContexts",
+			Handler:    _WorkflowSvc_GetWorkflowContexts_Handler,
+		},
+		{
+			MethodName: "GetWorkflowActions",
+			Handler:    _WorkflowSvc_GetWorkflowActions_Handler,
+		},
+		{
+			MethodName: "ReportActionStatus",
+			Handler:    _WorkflowSvc_ReportActionStatus_Handler,
+		},
+		{
+			MethodName: "GetWorkflowData",
+			Handler:    _WorkflowSvc_GetWorkflowData_Handler,
+		},
+		{
+			MethodName: "GetWorkflowMetadata",
+			Handler:    _WorkflowSvc_GetWorkflowMetadata_Handler,
+		},
+		{
+			MethodName: "GetWorkflowDataVersion",
+			Handler:    _WorkflowSvc_GetWorkflowDataVersion_Handler,
+		},
+		{
+			MethodName: "UpdateWorkflowData",
+			Handler:    _WorkflowSvc_UpdateWorkflowData_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "ListWorkflows",
+			Handler:       _WorkflowSvc_ListWorkflows_Handler,
+			ServerStreams: true,
+		},
+		{
+			StreamName:    "ShowWorkflowEvents",
+			Handler:       _WorkflowSvc_ShowWorkflowEvents_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "workflow.proto",
+}
diff --git a/protos/workflow/workflow.proto b/protos/workflow/workflow.proto
new file mode 100644
index 000000000..2562c4117
--- /dev/null
+++ b/protos/workflow/workflow.proto
@@ -0,0 +1,132 @@
+syntax = "proto3";
+
+option go_package = "github.com/packethost/tinkerbell/protos/workflow";
+
+package github.com.packethost.tinkerbell.protos.workflow;
+
+import "google/protobuf/timestamp.proto";
+
+service WorkflowSvc {
+    rpc CreateWorkflow(CreateRequest) returns (CreateResponse);
+    rpc GetWorkflow(GetRequest) returns (Workflow);
+    rpc DeleteWorkflow(GetRequest) returns (Empty);
+    rpc ListWorkflows(Empty) returns (stream Workflow);
+    rpc GetWorkflowContext(GetRequest) returns (WorkflowContext);
+    rpc ShowWorkflowEvents(GetRequest) returns (stream WorkflowActionStatus);
+    rpc GetWorkflowContexts(WorkflowContextRequest) returns (WorkflowContextList) {}
+    rpc GetWorkflowActions(WorkflowActionsRequest) returns (WorkflowActionList) {}
+    rpc ReportActionStatus(WorkflowActionStatus) returns (Empty) {}
+    rpc GetWorkflowData(GetWorkflowDataRequest) returns (GetWorkflowDataResponse) {}
+    rpc GetWorkflowMetadata(GetWorkflowDataRequest) returns (GetWorkflowDataResponse) {}
+    rpc GetWorkflowDataVersion(GetWorkflowDataRequest) returns (GetWorkflowDataResponse) {}
+    rpc UpdateWorkflowData(UpdateWorkflowDataRequest) returns (Empty) {}
+}
+
+message Empty {
+}
+
+message Workflow {
+    string id = 1;
+    string template = 2;
+    string target = 3;
+    State state = 4;
+    google.protobuf.Timestamp createdAt = 5;
+    google.protobuf.Timestamp updatedAt = 6;
+    google.protobuf.Timestamp deletedAt = 7;  
+    string data = 8; 
+}
+
+enum State {
+    PENDING = 0;
+    RUNNING = 1; 
+    FAILED = 2;
+    TIMEOUT = 3;
+    SUCCESS = 4;
+} 
+
+message CreateRequest {
+    string template = 1;
+    string target = 2;
+}
+
+message CreateResponse {
+	string id = 1;
+}
+
+message GetRequest {
+    string id = 1;
+}
+
+enum ActionState {
+    ACTION_PENDING = 0;
+    ACTION_IN_PROGRESS = 1;
+    ACTION_SUCCESS = 2;
+    ACTION_FAILED = 3;
+    ACTION_TIMEOUT = 4;
+}
+
+message WorkflowContext {
+    string workflow_id = 1;
+    string current_worker = 2;
+    string current_task = 3;
+    string current_action = 4;
+    int64 current_action_index = 5;
+    ActionState current_action_state = 6;
+    int64 total_number_of_actions = 7;
+}
+
+message WorkflowActionStatus {
+    string workflow_id = 1;
+    string task_name = 2;
+    string action_name = 3;
+    ActionState action_status = 4;
+    int64 seconds = 5;
+    string message = 6;
+    google.protobuf.Timestamp createdAt = 7;
+    string worker_id = 8;
+}
+
+message WorkflowContextRequest {
+    string worker_id = 1;
+}
+
+message WorkflowContextList {
+    repeated WorkflowContext workflow_contexts = 1;
+}
+
+message WorkflowActionsRequest {
+    string workflow_id = 1;
+}
+
+message WorkflowAction {
+    string task_name = 1;
+    string name = 2;
+    string image = 3;
+    int64 timeout = 4;
+    repeated string command = 5;
+    repeated string on_timeout = 6;
+    repeated string on_failure = 7;
+    string worker_id = 8;
+    repeated string volumes = 9;
+    repeated string environment = 10;
+}
+
+message WorkflowActionList {
+    repeated WorkflowAction action_list = 1;
+}
+
+message GetWorkflowDataRequest {
+    string workflow_iD = 1;
+    int32 version = 2;
+}
+
+message GetWorkflowDataResponse {
+    bytes data = 1;
+    int32 version = 2;
+}
+
+message UpdateWorkflowDataRequest {
+    string workflow_iD = 1;
+    bytes metadata = 2;
+    bytes data = 3;
+}
diff --git a/registry/Dockerfile b/registry/Dockerfile
new file mode 100644
index 000000000..12f06ed32
--- /dev/null
+++ b/registry/Dockerfile
@@ -0,0 +1,11 @@
+FROM registry:2 AS auth
+ARG REGISTRY_USERNAME
+ARG REGISTRY_PASSWORD
+RUN mkdir /auth \
+  && htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd
+
+FROM registry:2
+RUN mkdir -p /certs /auth 
+COPY --from=auth /auth/htpasswd /auth
+EXPOSE 443
+
diff --git a/server/.gitkeep b/server/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/test-docker-compose.yml b/test-docker-compose.yml
new file mode 100644
index 000000000..bda313b3e
--- /dev/null
+++ b/test-docker-compose.yml
@@ -0,0 +1,209 @@
+version: '2.1'
+services:
+  certs:
+    build: tls
+    volumes:
+      - ./certs:/certs
+
+  tinkerbell:
+    build: .
+    environment: 
+      FACILITY: ${FACILITY:-lab1}
+      PACKET_ENV: ${PACKET_ENV:-testing}
+      PACKET_VERSION: ${PACKET_VERSION:-5efab5ef3a42cb88f2d54f4ed3201c2dd6797b7d}
+      ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-9b78d0ad01d1467aa92c49c3a349b79d}
+      ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-0}
+      PGDATABASE: tinkerbell
+      PGHOST: db
+      PGPASSWORD: tinkerbell
+      PGPORT: 5432
+      PGSSLMODE: disable
+      PGUSER: tinkerbell
+    depends_on:
+      certs:
+        condition: service_started
+      fluentbit:
+        condition: service_started
+      db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- 127.0.0.1:42114/cert"]
+      interval: 5s
+      timeout: 2s
+      retries: 30
+    volumes: 
+      - ./certs:/certs/${FACILITY}
+        #logging:
+        #driver: fluentd
+        #options:
+        #tag: tinkerbell
+    ports:
+      - 42113:42113/tcp
+      - 42114:42114/tcp
+
+  db:
+    build:
+      context: deploy
+    environment:
+      POSTGRES_DB: tinkerbell
+      POSTGRES_PASSWORD: tinkerbell
+      POSTGRES_USER: tinkerbell
+    ports:
+      - 5432:5432
+    depends_on:
+      - "fluentbit"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U tinkerbell"]
+      #test: ["CMD-SHELL","psql -U tinkerbell -c \"select COUNT(*) from hardware;\""]
+      interval: 1s
+      timeout: 1s
+      retries: 30
+    logging:
+      driver: fluentd
+      options:
+        tag: db
+
+ #cli:
+ #  build:
+ #    context: .
+ #    dockerfile: cmd/tinkerbell/Dockerfile
+ #  environment:
+ #    TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113
+ #    TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert
+ #  depends_on:
+ #    - "fluentbit"
+ #  logging:
+ #    driver: fluentd
+ #    options:
+ #      tag: tinkerbell-cli
+ #  network_mode: host
+
+  cserver:
+    build: ../cacher
+    environment:
+      FACILITY: ${FACILITY:-lab1}
+      PACKET_API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN}
+      PACKET_API_URL: ${PACKET_API_URL:-https://lab-api.packet.net}
+      PACKET_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN-djR2TAvbnkY92i8Ea2KFMZW6MusW1fk7qzeCUHgtnQRSsXnqxoCr6V2vhSxpqASf}
+      PACKET_ENV: testing
+      PACKET_VERSION: 5efab5ef3a42cb88f2d54f4ed3201c2dd6797b7d
+      PGDATABASE: tinkerbell
+      PGHOST: db
+      PGPASSWORD: tinkerbell
+      PGPORT: 5432
+      PGSSLMODE: disable
+      PGUSER: tinkerbell
+      ROLLBAR_TOKEN: 9b78d0ad01d1467aa92c49c3a349b79d
+    labels:
+      io.rancher.container.pull_image: always
+      io.rancher.scheduler.affinity:host_label: prov=true
+    depends_on:
+      db:
+        condition: service_healthy
+ #ccli:
+ #  build:
+ #    context: ../cacher/cmd/cacherc
+ #  environment:
+ #    CACHER_CERT_URL: http://cacher.${FACILITY:-lab1}.packet.net:42112/cert
+ #    CACHER_GRPC_AUTHORITY: cacher.${FACILITY:-lab1}.packet.net:42111
+ #  depends_on:
+ #    - "fluentbit"
+ #  links:
+ #    - cserver:cacher.${FACILITY:-lab1}.packet.net
+
+  registry:
+    build:
+      context: registry
+      args: 
+        REGISTRY_USERNAME: username
+        REGISTRY_PASSWORD: password
+    environment: 
+      REGISTRY_HTTP_ADDR: localhost:443
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+    volumes: 
+      - ./certs:/certs
+    depends_on:
+      - fluentbit
+    logging:
+      driver: fluentd
+      options:
+        tag: registry
+    network_mode: host
+
+ #boots:
+ #  build:
+ #    context: ../boots
+ #  network_mode: host
+ #  command: -dhcp-addr 0.0.0.0:67 -tftp-addr 127.0.0.1:69 -http-addr 127.0.0.1:8080 -log-level DEBUG
+ #  environment:
+ #    API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-PcyR6MvHb7wMmyYf9p8dJ2Dvnb9HxX8E}
+ #    API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-djR2TAvbnkY92i8Ea2KFMZW6MusW1fk7qzeCUHgtnQRSsXnqxoCr6V2vhSxpqASf}
+ #    FACILITY_CODE: ${FACILITY:-lab1}
+ #    PACKET_ENV: ${PACKET_ENV:-testing}
+ #    PACKET_VERSION: ${PACKET_VERSION:-5efab5ef3a42cb88f2d54f4ed3201c2dd6797b7d}
+ #    ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-9b78d0ad01d1467aa92c49c3a349b79d}
+ #    ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-0}
+ #    MIRROR_HOST: ${MIRROR_HOST:-127.0.0.1}
+ #    CACHER_GRPC_AUTHORITY: 127.0.0.1:42111
+ #    CACHER_CERT_URL: http://127.0.0.1:42114/cert
+ #    DNS_SERVERS: 8.8.8.8
+ #    PUBLIC_IP: 127.0.0.1
+ #    BOOTP_BIND: 127.0.0.1:67
+ #    HTTP_BIND: 127.0.0.1:80
+ #    SYSLOG_BIND: 127.0.0.1:514
+ #    TFTP_BIND: 127.0.0.1:69
+ #    DOCKER_REGISTRY: 127.0.0.1
+ #    REGISTRY_USERNAME: username
+ #    REGISTRY_PASSWORD: password
+ #    TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113
+ #    TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert
+ #    ELASTIC_SEARCH_URL: 127.0.0.1:9200
+ #  depends_on:
+ #    db:
+ #      condition: service_healthy
+ #    tinkerbell:
+ #      condition: service_healthy
+ #    fluentbit:
+ #      condition: service_started
+ #  logging:
+ #    driver: fluentd
+ #    options:
+ #      tag: boots
+ #  ports:
+ #    - 127.0.0.1:80:80/tcp
+ #    - 67:67/udp
+ #    - 69:69/udp
+ 
+  elasticsearch:
+    image: elasticsearch:7.3.0
+    ports:
+      - 9200:9200
+      - 9300:9300
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - discovery.type=single-node
+
+  kibana:
+    image: kibana:7.3.0
+    depends_on:
+      - elasticsearch
+    restart: always
+    environment:
+      ELASTICSEARCH_URL: http://elasticsearch:9200
+    ports:
+      - 5601:5601
+
+  fluentbit:
+    image: fluent/fluent-bit:1.3
+    ports:
+      - 24224:24224
+      - 24224:24224/udp
+    depends_on:
+      - kibana
+    volumes:
+      - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
+
diff --git a/test/actions/action1/hello_world.sh b/test/actions/action1/hello_world.sh
new file mode 100755
index 000000000..c0cddeaf3
--- /dev/null
+++ b/test/actions/action1/hello_world.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo "This is Action1"
+echo "This is again Action1"
diff --git a/test/actions/overwrite_data/Dockerfile b/test/actions/overwrite_data/Dockerfile
new file mode 100644
index 000000000..5ba04d78c
--- /dev/null
+++ b/test/actions/overwrite_data/Dockerfile
@@ -0,0 +1,2 @@
+FROM bash
+CMD echo  '{"action_02": "data_02"}' > /workflow/data
diff --git a/test/actions/update_data/Dockerfile b/test/actions/update_data/Dockerfile
new file mode 100644
index 000000000..9098c195e
--- /dev/null
+++ b/test/actions/update_data/Dockerfile
@@ -0,0 +1,5 @@
+FROM bash
+ADD hello_world.sh /bin/hello_world.sh
+RUN  chmod +x /bin/hello_world.sh
+#CMD echo  '{"action_01": "data_01"}' > /workflow/data
+ENTRYPOINT [ "/bin/hello_world.sh" ]
diff --git a/test/build_images.sh b/test/build_images.sh
new file mode 100755
index 000000000..690a6309c
--- /dev/null
+++ b/test/build_images.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+docker pull bash
+docker tag bash:latest localhost/bash
+docker build -t localhost/update-data actions/update_data/
+docker build -t localhost/overwrite-data actions/overwrite_data/
+
diff --git a/test/data/hardware/hardware_1.json b/test/data/hardware/hardware_1.json
new file mode 100644
index 000000000..38ef714c9
--- /dev/null
+++ b/test/data/hardware/hardware_1.json
@@ -0,0 +1,112 @@
+{
+  "allow_pxe": true,
+  "arch": "x86_64",
+  "bonding_mode": 4,
+  "efi_boot": true,
+  "facility_code": "ewr1",
+  "id": "f9f56dff-098a-4c5f-a51c-19ad35de85d1",
+  "instance": {
+    "allow_pxe": true,
+    "always_pxe": true,
+    "customdata": {},
+    "hostname": "sample-machine",
+    "id": "3b2cccf1-1906-4d82-9fe0-c6d5188e70eb",
+    "ip_addresses": [],
+    "ipxe_script_url": "https://boot.netboot.xyz",
+    "network_ready": false,
+    "operating_system_version": {
+      "distro": "custom_ipxe",
+      "image_tag": null,
+      "os_slug": "custom_ipxe",
+      "slug": "custom_ipxe",
+      "version": "1"
+    },
+    "project": {},
+    "rescue": false,
+    "ssh_keys": [],
+    "state": "active",
+    "storage": {},
+    "tags": [],
+    "userdata": ""
+  },
+  "ip_addresses": [
+    {
+      "address": "172.24.7.50",
+      "address_family": 4,
+      "cidr": 30,
+      "enabled": true,
+      "gateway": "172.24.7.49",
+      "management": true,
+      "netmask": "255.255.255.252",
+      "network": "172.24.7.48",
+      "public": false,
+      "type": "data"
+    },
+    {
+      "address": "10.250.42.38",
+      "gateway": "10.250.42.1",
+      "netmask": "255.255.255.0",
+      "type": "ipmi"
+    }
+  ],
+  "management": {
+    "address": "10.250.42.38",
+    "gateway": "10.250.42.1",
+    "netmask": "255.255.255.0",
+    "type": "ipmi"
+  },
+  "manufacturer": {
+    "id": "5c6dc6d1-0b75-4e77-811e-e2d3b4e5312a",
+    "slug": "dell"
+  },
+  "network_ports": [
+    {
+      "connected_ports": [
+        {
+          "data": {
+            "bond": null,
+            "mac": null
+          },
+          "hostname": "",
+          "id": "421f34e5-b141-4c4a-8234-239996bf7a1a",
+          "name": "xe-0/0/28",
+          "type": "data"
+        }
+      ],
+      "data": {
+        "bond": null,
+        "mac": "98:03:9b:89:d7:ba"
+      },
+      "id": "213394d4-8642-443d-9140-c625cfaeb354",
+      "name": "eth0",
+      "type": "data"
+    },
+    {
+      "connected_ports": [],
+      "data": {
+        "bond": null,
+        "mac": "98:03:9b:89:d7:bb"
+      },
+      "id": "da245720-aa41-4368-9eca-7fb5af8bd492",
+      "name": "eth1",
+      "type": "data"
+    },
+    {
+      "connected_ports": [],
+      "data": {
+        "bond": null,
+        "mac": "4c:d9:8f:42:21:f3"
+      },
+      "id": "b1b7c29c-41d0-479d-9dbc-392250b8b36f",
+      "name": "ipmi0",
+      "type": "ipmi"
+    }
+  ],
+  "plan_slug": "c2.medium.x86",
+  "plan_version_slug": "c2.medium.x86.01",
+  "preinstalled_operating_system_version": {},
+  "services": {},
+  "state": "in_use",
+  "type": "server",
+  "vlan_id": null
+}
diff --git a/test/data/hardware/hardware_2.json b/test/data/hardware/hardware_2.json
new file mode 100644
index 000000000..0bbb71da2
--- /dev/null
+++ b/test/data/hardware/hardware_2.json
@@ -0,0 +1,113 @@
+{
+  "allow_pxe": true,
+  "arch": "x86_64",
+  "bonding_mode": 4,
+  "efi_boot": true,
+  "facility_code": "ewr1",
+  "id": "f9f56dff-098a-4c5f-a51c-19ad35de85d2",
+  "instance": {
+    "allow_pxe": true,
+    "always_pxe": true,
+    "customdata": {},
+    "hostname": "sample-machine2",
+    "id": "3b2cccf1-1906-4d82-9fe0-c6d5188e70ec",
+    "ip_addresses": [],
+    "ipxe_script_url": "https://boot.netboot.xyz",
+    "network_ready": false,
+    "operating_system_version": {
+      "distro": "custom_ipxe",
+      "image_tag": null,
+      "os_slug": "custom_ipxe",
+      "slug": "custom_ipxe",
+      "version": "1"
+    },
+    "project": {},
+    "rescue": false,
+    "ssh_keys": [],
+    "state": "active",
+    "storage": {},
+    "tags": [],
+    "userdata": ""
+  },
+  "ip_addresses": [
+    {
+      "address": "172.24.7.51",
+      "address_family": 4,
+      "cidr": 30,
+      "enabled": true,
+      "gateway": "172.24.7.49",
+      "management": true,
+      "netmask": "255.255.255.252",
+      "network": "172.24.7.48",
+      "public": false,
+      "type": "data"
+    },
+    {
+      "address": "10.250.42.39",
+      "gateway": "10.250.42.1",
+      "netmask": "255.255.255.0",
+      "type": "ipmi"
+    }
+  ],
+  "management": {
+    "address": "10.250.42.39",
+    "gateway": "10.250.42.1",
+    "netmask": "255.255.255.0",
+    "type": "ipmi"
+  },
+  "manufacturer": {
+    "id": "5c6dc6d1-0b75-4e77-811e-e2d3b4e5312b",
+    "slug": "dell"
+  },
+  "network_ports": [
+    {
+      "connected_ports": [
+        {
+          "data": {
+            "bond": null,
+            "mac": null
+          },
+          "hostname": "",
+          "id": "421f34e5-b141-4c4a-8234-239996bf7a1b",
+          "name": "xe-0/0/28",
+          "type": "data"
+        }
+      ],
+      "data": {
+        "bond": null,
+        "mac": "98:03:9b:89:d7:da"
+      },
+      "id": "213394d4-8642-443d-9140-c625cfaeb354",
+      "name": "eth0",
+      "type": "data"
+    },
+    {
+      "connected_ports": [],
+      "data": {
+        "bond": null,
+        "mac": "98:03:9b:89:d7:db"
+      },
+      "id": "da245720-aa41-4368-9eca-7fb5af8bd493",
+      "name": "eth1",
+      "type": "data"
+    },
+    {
+      "connected_ports": [],
+      "data": {
+        "bond": null,
+        "mac": "4c:d9:8f:42:21:f4"
+      },
+      "id": "b1b7c29c-41d0-479d-9dbc-392250b8b37f",
+      "name": "ipmi0",
+      "type": "ipmi"
+    }
+  ],
+  "plan_slug": "c2.medium.x86",
+  "plan_version_slug": "c2.medium.x86.01",
+  "preinstalled_operating_system_version": {},
+  "services": {},
+  "state": "in_use",
+  "type": "server",
+  "vlan_id": null
+}
+  
diff --git a/test/data/target/target_1.json b/test/data/target/target_1.json
new file mode 100644
index 000000000..f63db6d5b
--- /dev/null
+++ b/test/data/target/target_1.json
@@ -0,0 +1 @@
+{"targets": {"machine1": {"mac_addr": "98:03:9b:89:d7:ba"},"machine2": {"mac_addr": "98:03:9b:89:d7:da"}}}
diff --git a/test/data/template/sample_1 b/test/data/template/sample_1
new file mode 100644
index 000000000..6882554cc
--- /dev/null
+++ b/test/data/template/sample_1
@@ -0,0 +1,19 @@
+version: '0.1'
+name: packet_osie_provision
+global_timeout: 600
+tasks:
+- name: "run_one_worker"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  environment:
+       MIRROR_HOST: 192.168.1.2
+  actions:
+  - name: "server_partitioning"
+    image: update-data
+    timeout: 60
+    environment:
+       NGINX_HOST: 192.168.1.2
+  - name: "update_db"
+    image: update-data
+    timeout: 50
+    environment:
+       MIRROR_HOST: 192.168.1.3
diff --git a/test/data/template/sample_2 b/test/data/template/sample_2
new file mode 100644
index 000000000..dfecbb64b
--- /dev/null
+++ b/test/data/template/sample_2
@@ -0,0 +1,18 @@
+version: '0.1'
+name: packet_osie_provision
+global_timeout: 600
+tasks:
+- name: "timeout-task"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  actions:
+  - name: "update-data"
+    image: update-data
+    timeout: 10
+    on-timeout: ["echo", "Timeout"]
+    on-failure: ["echo", "Failure"]
+  - name: "sleep-till-timeout"
+    image: bash
+    command: ["sleep", "20"]
+    timeout: 6
+    on-timeout: ["echo", "Timeout"]
+    on-failure: ["echo", "Failure"]
diff --git a/test/data/template/sample_3 b/test/data/template/sample_3
new file mode 100644
index 000000000..4d71e7875
--- /dev/null
+++ b/test/data/template/sample_3
@@ -0,0 +1,25 @@
+version: '0.1'
+name: packet_osie_provision
+global_timeout: 600
+tasks:
+- name: "run-first-worker"
+  worker: "{{index .Targets "machine1" "mac_addr"}}"
+  actions:
+  - name: "update-data"
+    image: update-data
+    timeout: 10
+    on-timeout: ["echo", "Timeout"]
+    on-failure: ["echo", "Failure"]
+  - name: "overwrite-data"
+    image: overwrite-data
+    timeout: 10
+    on-timeout: ["echo", "Timeout"]
+    on-failure: ["echo", "Failure"]
+- name: "run-second-worker"
+  worker: "{{index .Targets "machine2" "mac_addr"}}"
+  actions:
+  - name: "overwrite-again"
+    image: update-data
+    timeout: 10
+    on-timeout: ["echo", "Timeout"]
+    on-failure: ["echo", "Failure"]
diff --git a/test/e2e_test.go b/test/e2e_test.go
new file mode 100644
index 000000000..7e5496906
--- /dev/null
+++ b/test/e2e_test.go
@@ -0,0 +1,72 @@
+package e2e
+
+import (
+	"os"
+	"testing"
+	"time"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/packethost/tinkerbell/test/framework"
+	"github.com/sirupsen/logrus"
+)
+
+var log *logrus.Logger = framework.Log
+
+func TestMain(m *testing.M) {
+	log.Infoln("########Creating Setup########")
+	err := framework.StartStack()
+	time.Sleep(10 * time.Second)
+	if err != nil {
+		os.Exit(1)
+	}
+	os.Setenv("TINKERBELL_GRPC_AUTHORITY", "127.0.0.1:42113")
+	os.Setenv("TINKERBELL_CERT_URL", "http://127.0.0.1:42114/cert")
+	client.Setup()
+	log.Infoln("########Setup Created########")
+
+	log.Infoln("Creating hardware inventory")
+	//push hardware data into hardware table
+	hwData := []string{"hardware_1.json", "hardware_2.json"}
+	err = framework.PushHardwareData(hwData)
+	if err != nil {
+		log.Errorln("Failed to push hardware inventory : ", err)
+		os.Exit(2)
+	}
+	log.Infoln("Hardware inventory created")
+
+	log.Infoln("########Starting Tests########")
+	status := m.Run()
+	log.Infoln("########Finished Tests########")
+	log.Infoln("########Removing setup########")
+	//err = framework.TearDown()
+	if err != nil {
+		os.Exit(3)
+	}
+	log.Infoln("########Setup removed########")
+	os.Exit(status)
+}
+
+var testCases = map[string]struct {
+	target   string
+	template string
+	workers  int64
+	expected workflow.ActionState
+	ephData  string
+}{
+	"testWfWithWorker": {"target_1.json", "sample_1", 1, workflow.ActionState_ACTION_SUCCESS, `{"action_02": "data_02"}`},
+	"testWfTimeout":    {"target_1.json", "sample_2", 1, workflow.ActionState_ACTION_TIMEOUT, `{"action_01": "data_01"}`},
+	//"testWfWithMultiWorkers": {"target_1.json", "sample_3", 2, workflow.ActionState_ACTION_SUCCESS, `{"action_01": "data_01"}`},
+}
+
+var runTestMap = map[string]func(t *testing.T){
+	"testWfWithWorker": TestWfWithWorker,
+	"testWfTimeout":    TestWfTimeout,
+	//"testWfWithMultiWorkers": TestWfWithMultiWorkers,
+}
+
+func TestE2E(t *testing.T) {
+	for key, val := range runTestMap {
+		t.Run(key, val)
+	}
+}
diff --git a/test/framework/hardware.go b/test/framework/hardware.go
new file mode 100644
index 000000000..77b39a2e3
--- /dev/null
+++ b/test/framework/hardware.go
@@ -0,0 +1,40 @@
+package framework
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/hardware"
+)
+
+func readHwData(file string) (string, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
+}
+
+// PushHardwareData : push hardware data
+func PushHardwareData(hwDataFiles []string) error {
+	for _, hwFile := range hwDataFiles {
+		filepath := "data/hardware/" + hwFile
+		data, err := readHwData(filepath)
+		if err != nil {
+			return err
+		}
+		_, err = client.HardwareClient.Push(context.Background(), &hardware.PushRequest{Data: data})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/test/framework/setup.go b/test/framework/setup.go
new file mode 100644
index 000000000..75e161c1c
--- /dev/null
+++ b/test/framework/setup.go
@@ -0,0 +1,161 @@
+package framework
+
+import (
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+func buildCerts(filepath string) error {
+	cmd := exec.Command("/bin/sh", "-c", "docker-compose -f "+filepath+" up --build certs")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
+
+func buildLocalDockerRegistry(filepath string) error {
+	cmd := exec.Command("/bin/sh", "-c", "docker-compose -f "+filepath+" up --build -d registry")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
+
+func buildActionImages() error {
+	cmd := exec.Command("/bin/sh", "-c", "./build_images.sh")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
+
+func pushImages() error {
+	cmd := exec.Command("/bin/sh", "-c", "./push_images.sh")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
+
+func startDb(filepath string) error {
+	cmd := exec.Command("/bin/sh", "-c", "docker-compose -f "+filepath+" up --build -d db")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
+
+func removeWorkerImage() error {
+	cmd := exec.Command("/bin/sh", "-c", "docker image rm worker")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+
+}
+
+func createWorkerImage() error {
+	cmd := exec.Command("/bin/sh", "-c", "docker build -t worker ../worker/")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	if err != nil {
+		logger.Errorln("Faield to create worker image", err)
+	}
+	logger.Infoln("Worker Image created")
+	return err
+}
+
+func initializeLogger() {
+	level := os.Getenv("TEST_LOG_LEVEL")
+	if level != "" {
+		switch strings.ToLower(level) {
+		case "panic":
+			logger.SetLevel(logrus.PanicLevel)
+		case "fatal":
+			logger.SetLevel(logrus.FatalLevel)
+		case "error":
+			logger.SetLevel(logrus.ErrorLevel)
+		case "warn", "warning":
+			logger.SetLevel(logrus.WarnLevel)
+		case "info":
+			logger.SetLevel(logrus.InfoLevel)
+		case "debug":
+			logger.SetLevel(logrus.DebugLevel)
+		case "trace":
+			logger.SetLevel(logrus.TraceLevel)
+		default:
+			logger.SetLevel(logrus.InfoLevel)
+			logger.Errorln("Invalid value for TEST_LOG_LEVEL ", level, " .Setting it to default(Info)")
+		}
+	} else {
+		logger.SetLevel(logrus.InfoLevel)
+		logger.Errorln("Variable TEST_LOG_LEVEL is not set. Default is Info.")
+	}
+	logger.SetFormatter(&logrus.JSONFormatter{})
+}
+
+// StartStack : Starting stack
+func StartStack() error {
+	// Docker compose file for starting the containers
+	filepath := "../test-docker-compose.yml"
+
+	// Intialize logger
+	initializeLogger()
+
+	// Start Db and logging components
+	err := startDb(filepath)
+	if err != nil {
+		return err
+	}
+
+	// Building certs
+	err = buildCerts(filepath)
+	if err != nil {
+		return err
+	}
+
+	// Building registry
+	err = buildLocalDockerRegistry(filepath)
+	if err != nil {
+		return err
+	}
+
+	//Build default images
+	err = buildActionImages()
+	if err != nil {
+		return err
+	}
+
+	//Push Images into registry
+	err = pushImages()
+	if err != nil {
+		return err
+	}
+
+	//Remove older worker image
+	err = removeWorkerImage()
+	if err != nil {
+		return err
+	}
+
+	//Create new Worker image locally
+	err = createWorkerImage()
+	if err != nil {
+		logger.Errorln("failed to create worker Image")
+		return errors.Wrap(err, "worker image creation failed")
+	}
+
+	initializeLogger()
+
+	// Start other containers
+	cmd := exec.Command("/bin/sh", "-c", "docker-compose -f "+filepath+" up --build -d")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	return nil
+}
diff --git a/test/framework/target.go b/test/framework/target.go
new file mode 100644
index 000000000..c3e7047e1
--- /dev/null
+++ b/test/framework/target.go
@@ -0,0 +1,35 @@
+package framework
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/target"
+)
+
+func getTargets(file string) (string, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
+}
+
+// CreateTargets : create target in the database
+func CreateTargets(tar string) (string, error) {
+	filepath := "data/target/" + tar
+	data, err := getTargets(filepath)
+	uuid, err := client.TargetClient.CreateTargets(context.Background(), &target.PushRequest{Data: data})
+	if err != nil {
+		return "", err
+	}
+	return uuid.Uuid, nil
+}
diff --git a/test/framework/tearDown.go b/test/framework/tearDown.go
new file mode 100644
index 000000000..8132d98c9
--- /dev/null
+++ b/test/framework/tearDown.go
@@ -0,0 +1,15 @@
+package framework
+
+import (
+	"os"
+	"os/exec"
+)
+
+// TearDown : remove the setup
+func TearDown() error {
+	cmd := exec.Command("/bin/sh", "-c", "docker-compose rm -svf")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	return err
+}
diff --git a/test/framework/template.go b/test/framework/template.go
new file mode 100644
index 000000000..7560689d9
--- /dev/null
+++ b/test/framework/template.go
@@ -0,0 +1,37 @@
+package framework
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/template"
+)
+
+func readTemplateData(file string) ([]byte, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return []byte(""), err
+	}
+	defer f.Close()
+
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		return []byte(""), err
+	}
+	return data, nil
+}
+
+// CreateTemplate : create template in the database
+func CreateTemplate(tmpl string) (string, error) {
+	filePath := "data/template/" + tmpl
+	// Read Content of template
+	data, err := readTemplateData(filePath)
+	req := template.WorkflowTemplate{Name: ("test_" + tmpl), Data: data}
+	res, err := client.TemplateClient.CreateTemplate(context.Background(), &req)
+	if err != nil {
+		return "", err
+	}
+	return res.Id, nil
+}
diff --git a/test/framework/utils.go b/test/framework/utils.go
new file mode 100644
index 000000000..682af3c88
--- /dev/null
+++ b/test/framework/utils.go
@@ -0,0 +1,34 @@
+package framework
+
+import (
+	"github.com/sirupsen/logrus"
+)
+
+var logger = logrus.New()
+var log *logrus.Entry
+
+// Log : This Log will be used in test cases.
+var Log = logger
+
+// SetupWorkflow ... Set up workflow
+func SetupWorkflow(tar string, tmpl string) (string, error) {
+	//Add target machine mac/ip addr into targets table
+	targetID, err := CreateTargets(tar)
+	if err != nil {
+		return "", err
+	}
+	logger.Infoln("Target Created : ", targetID)
+	//Add template in template table
+	templateID, err := CreateTemplate(tmpl)
+	if err != nil {
+		return "", err
+	}
+	logger.Infoln("Template Created : ", templateID)
+	workflowID, err := CreateWorkflow(templateID, targetID)
+	if err != nil {
+		logger.Debugln("Workflow is not Created because : ", err)
+		return "", err
+	}
+	logger.Infoln("Workflow Created : ", workflowID)
+	return workflowID, nil
+}
diff --git a/test/framework/worker.go b/test/framework/worker.go
new file mode 100644
index 000000000..8d64bcc6a
--- /dev/null
+++ b/test/framework/worker.go
@@ -0,0 +1,187 @@
+package framework
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	dc "github.com/docker/docker/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+var cli *dc.Client
+var workerID = []string{"f9f56dff-098a-4c5f-a51c-19ad35de85d1", "f9f56dff-098a-4c5f-a51c-19ad35de85d2"}
+
+func initializeDockerClient() (*dc.Client, error) {
+	c, err := dc.NewClientWithOpts(dc.FromEnv, dc.WithAPIVersionNegotiation())
+	if err != nil {
+		return nil, errors.Wrap(err, "DOCKER CLIENT")
+	}
+	return c, nil
+}
+
+func createWorkerContainer(ctx context.Context, cli *dc.Client, workerID string, wfID string) (string, error) {
+	volume := map[string]struct{}{"/var/run/docker.sock": {}}
+	config := &container.Config{
+		Image:        "worker",
+		AttachStdout: true,
+		AttachStderr: true,
+		Tty:          true,
+		Volumes:      volume,
+		Env:          []string{"TINKERBELL_GRPC_AUTHORITY=127.0.0.1:42113", "TINKERBELL_CERT_URL=http://127.0.0.1:42114/cert", "WORKER_ID=" + workerID, "DOCKER_REGISTRY=localhost:443", "DOCKER_API_VERSION=v1.40", "REGISTRY_USERNAME=username", "REGISTRY_PASSWORD=password"},
+	}
+	hostConfig := &container.HostConfig{
+		NetworkMode: "host",
+		Binds:       []string{"/var/run/docker.sock:/var/run/docker.sock:rw", "/worker:/worker:rw"},
+	}
+	resp, err := cli.ContainerCreate(ctx, config, hostConfig, nil, workerID)
+	if err != nil {
+		return "", errors.Wrap(err, "DOCKER CREATE")
+	}
+	return resp.ID, nil
+}
+
+func runContainer(ctx context.Context, cli *dc.Client, id string) error {
+	err := cli.ContainerStart(ctx, id, types.ContainerStartOptions{})
+	if err != nil {
+		return errors.Wrap(err, "DOCKER START")
+	}
+	return nil
+}
+
+func waitContainer(ctx context.Context, cli *dc.Client, id string, wg *sync.WaitGroup, failedWorkers chan<- string, statusChannel chan<- int64, stopLogs chan<- bool) {
+	// send API call to wait for the container completion
+	wait, errC := cli.ContainerWait(ctx, id, container.WaitConditionNotRunning)
+	select {
+	case status := <-wait:
+		statusChannel <- status.StatusCode
+		fmt.Println("Worker with id ", id, "finished sucessfully with status code ", status.StatusCode)
+		//stopLogs <- true
+	case err := <-errC:
+		log.Println("Worker with id ", id, "failed : ", err)
+		failedWorkers <- id
+		//stopLogs <- true
+	}
+	wg.Done()
+}
+
+func removeContainer(ctx context.Context, cli *dc.Client, id string) error {
+	// create options for removing container
+	opts := types.ContainerRemoveOptions{
+		Force:         true,
+		RemoveLinks:   false,
+		RemoveVolumes: true,
+	}
+	// send API call to remove the container
+	err := cli.ContainerRemove(ctx, id, opts)
+	if err != nil {
+		return err
+	}
+	log.Println("Worker Container removed : ", id)
+	return nil
+}
+func checkCurrentStatus(ctx context.Context, wfID string, workflowStatus chan workflow.ActionState) {
+	for len(workflowStatus) == 0 {
+		GetCurrentStatus(ctx, wfID, workflowStatus)
+	}
+}
+
+func captureLogs(ctx context.Context, cli *dc.Client, id string) {
+	reader, err := cli.ContainerLogs(context.Background(), id, types.ContainerLogsOptions{
+		ShowStdout: true,
+		ShowStderr: true,
+		Follow:     true,
+		Timestamps: false,
+	})
+	if err != nil {
+		panic(err)
+	}
+	defer reader.Close()
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		fmt.Println(scanner.Text())
+	}
+	fmt.Println("Logging Finished for container ", id)
+}
+
+func StartWorkers(workers int64, workerStatus chan<- int64, wfID string) (workflow.ActionState, error) {
+	log = logger.WithField("workflow_id", wfID)
+	var wg sync.WaitGroup
+	failedWorkers := make(chan string, workers)
+	workflowStatus := make(chan workflow.ActionState, 1)
+	cli, err := initializeDockerClient()
+	if err != nil {
+		return workflow.ActionState_ACTION_FAILED, err
+	}
+	workerContainer := make([]string, workers)
+	var i int64
+	for i = 0; i < workers; i++ {
+		ctx := context.Background()
+		cID, err := createWorkerContainer(ctx, cli, workerID[i], wfID)
+		log = logger.WithFields(logrus.Fields{"workflow_id": wfID, "worker_id": workerID[i]})
+		if err != nil {
+			log.Errorln("Failed to create worker container : ", err)
+		} else {
+			workerContainer[i] = cID
+			log.Debugln("Worker container created with ID : ", cID)
+			// Run container
+			//startedAt := time.Now()
+			err = runContainer(ctx, cli, cID)
+
+			if err != nil {
+				fmt.Println("Worker with id ", cID, " failed to start: ", err)
+				// TODO Should be remove the containers which started previously?
+			} else {
+				fmt.Println("Worker started with ID : ", cID)
+				wg.Add(1)
+				//capturing logs of action container in a go-routine
+				stopLogs := make(chan bool)
+				go captureLogs(ctx, cli, cID)
+
+				go waitContainer(ctx, cli, cID, &wg, failedWorkers, workerStatus, stopLogs)
+				go checkCurrentStatus(ctx, wfID, workflowStatus)
+			}
+		}
+	}
+
+	if err != nil {
+		return workflow.ActionState_ACTION_FAILED, err
+	}
+
+	status := <-workflowStatus
+	log.Infoln("Status of Workflow : ", status)
+	wg.Wait()
+	ctx := context.Background()
+	for _, cID := range workerContainer {
+		err := removeContainer(ctx, cli, cID)
+		if err != nil {
+			log.Errorln("Failed to remove worker container with ID : ", cID)
+		}
+	}
+
+	if len(failedWorkers) > 0 {
+		for i = 0; i < workers; i++ {
+			failedContainer, ok := <-failedWorkers
+			if ok {
+				log.Errorln("Worker Failed : ", failedContainer)
+				err = errors.New("Test Failed")
+			}
+
+			if len(failedContainer) > 0 {
+				continue
+			} else {
+				break
+			}
+		}
+	}
+	if err != nil {
+		return status, err
+	}
+	return status, nil
+}
diff --git a/test/framework/workflow.go b/test/framework/workflow.go
new file mode 100644
index 000000000..ecfc997a6
--- /dev/null
+++ b/test/framework/workflow.go
@@ -0,0 +1,51 @@
+package framework
+
+import (
+	"context"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+)
+
+// CreateWorkflow : create workflow
+func CreateWorkflow(template string, target string) (string, error) {
+	req := workflow.CreateRequest{Template: template, Target: target}
+	res, err := client.WorkflowClient.CreateWorkflow(context.Background(), &req)
+	if err != nil {
+		return "", err
+	}
+	return res.Id, nil
+}
+
+// GetCurrentStatus : get the current status of workflow from server
+func GetCurrentStatus(ctx context.Context, wfID string, status chan workflow.ActionState) {
+	req := workflow.GetRequest{Id: wfID}
+	wf, err := client.WorkflowClient.GetWorkflowContext(ctx, &req)
+	if err != nil {
+		log.Errorln("This is in Getting status ERROR: ", err)
+		status <- workflow.ActionState_ACTION_FAILED
+	}
+	if wf.CurrentActionState == workflow.ActionState_ACTION_FAILED {
+		status <- workflow.ActionState_ACTION_FAILED
+	} else if wf.CurrentActionState == workflow.ActionState_ACTION_TIMEOUT {
+		status <- workflow.ActionState_ACTION_TIMEOUT
+	}
+	currProgress := calWorkflowProgress(wf.CurrentActionIndex, wf.TotalNumberOfActions, wf.CurrentActionState)
+	if currProgress == 100 && wf.CurrentActionState == workflow.ActionState_ACTION_SUCCESS {
+		status <- workflow.ActionState_ACTION_SUCCESS
+	}
+}
+
+func calWorkflowProgress(cur int64, total int64, state workflow.ActionState) int64 {
+	if total == 0 || (cur == 0 && state != workflow.ActionState_ACTION_SUCCESS) {
+		return 0
+	}
+	var taskCompleted int64
+	if state == workflow.ActionState_ACTION_SUCCESS {
+		taskCompleted = cur + 1
+	} else {
+		taskCompleted = cur
+	}
+	progress := (taskCompleted * 100) / total
+	return progress
+}
diff --git a/test/push_images.sh b/test/push_images.sh
new file mode 100755
index 000000000..c03528633
--- /dev/null
+++ b/test/push_images.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+for i in {1..10}
+do
+    docker login -u username -p password localhost
+    if [ $? -eq 0 ]; then
+        break
+    fi
+    sleep 1
+done
+docker push localhost/update-data
+docker push localhost/overwrite-data
+docker push localhost/bash
diff --git a/test/test_wf_timeout.go b/test/test_wf_timeout.go
new file mode 100644
index 000000000..e69c41feb
--- /dev/null
+++ b/test/test_wf_timeout.go
@@ -0,0 +1,49 @@
+package e2e
+
+import (
+	"context"
+	"testing"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/packethost/tinkerbell/test/framework"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestWfTimeout : Timeout Test
+func TestWfTimeout(t *testing.T) {
+	// Start test only if the test case exist in the table
+	if test, ok := testCases["testWfTimeout"]; ok {
+		wfID, err := framework.SetupWorkflow(test.target, test.template)
+
+		if err != nil {
+			t.Error(err)
+		}
+		assert.NoError(t, err, "Create Workflow")
+
+		// Start the Worker
+		workerStatus := make(chan int64, test.workers)
+		wfStatus, err := framework.StartWorkers(test.workers, workerStatus, wfID)
+		if err != nil {
+			log.Errorf("Test Failed\n")
+			t.Error(err)
+		}
+		assert.Equal(t, test.expected, wfStatus)
+		assert.NoError(t, err, "Workers Failed")
+
+		for i := int64(0); i < test.workers; i++ {
+			if len(workerStatus) > 0 {
+				// Check for worker exit status
+				status := <-workerStatus
+				expected := 0
+				assert.Equal(t, int64(expected), status)
+
+				//checking for ephemeral data validation
+				resp, err := client.WorkflowClient.GetWorkflowData(context.Background(), &workflow.GetWorkflowDataRequest{WorkflowID: wfID, Version: 0})
+				if err != nil {
+					assert.Equal(t, test.ephData, string(resp.GetData()))
+				}
+			}
+		}
+	}
+}
diff --git a/test/test_wf_with_multi_workers.go b/test/test_wf_with_multi_workers.go
new file mode 100644
index 000000000..7a9b68b7d
--- /dev/null
+++ b/test/test_wf_with_multi_workers.go
@@ -0,0 +1,52 @@
+package e2e
+
+import (
+	"context"
+	"testing"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/packethost/tinkerbell/test/framework"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestWfWithMultiWorkers : Two Worker Test
+func TestWfWithMultiWorkers(t *testing.T) {
+	// Start test only if the test case exist in the table
+	if test, ok := testCases["testWfWithMultiWorkers"]; ok {
+		wfID, err := framework.SetupWorkflow(test.target, test.template)
+
+		if err != nil {
+			t.Error(err)
+		}
+		assert.NoError(t, err, "Create Workflow")
+
+		// Start the Worker
+		workerStatus := make(chan int64, test.workers)
+		wfStatus, err := framework.StartWorkers(test.workers, workerStatus, wfID)
+		if err != nil {
+			log.Errorf("Test Failed\n")
+			t.Error(err)
+		}
+		assert.Equal(t, test.expected, wfStatus)
+		assert.NoError(t, err, "Workers Failed")
+
+		for i := int64(0); i < test.workers; i++ {
+			if len(workerStatus) > 0 {
+				// Check for worker exit status
+				status := <-workerStatus
+				expected := 0
+				if test.expected != workflow.ActionState_ACTION_SUCCESS {
+					expected = 1
+				}
+				assert.Equal(t, int64(expected), status)
+
+				//checking for ephemeral data validation
+				resp, err := client.WorkflowClient.GetWorkflowData(context.Background(), &workflow.GetWorkflowDataRequest{WorkflowID: wfID, Version: 0})
+				if err != nil {
+					assert.Equal(t, test.ephData, string(resp.GetData()))
+				}
+			}
+		}
+	}
+}
diff --git a/test/test_wf_with_worker.go b/test/test_wf_with_worker.go
new file mode 100644
index 000000000..97e583b6b
--- /dev/null
+++ b/test/test_wf_with_worker.go
@@ -0,0 +1,54 @@
+package e2e
+
+import (
+	"context"
+	"testing"
+
+	"github.com/packethost/tinkerbell/client"
+	"github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/packethost/tinkerbell/test/framework"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestWfWithWorker : One Worker Test
+func TestWfWithWorker(t *testing.T) {
+
+	// Start test only if the test case exist in the table
+	if test, ok := testCases["testWfWithWorker"]; ok {
+		wfID, err := framework.SetupWorkflow(test.target, test.template)
+
+		if err != nil {
+			t.Error(err)
+		}
+		if !assert.NoError(t, err, "Create Workflow") {
+			t.Fatal(err)
+		}
+
+		// Start the Worker
+		workerStatus := make(chan int64, test.workers)
+		wfStatus, err := framework.StartWorkers(test.workers, workerStatus, wfID)
+		if err != nil {
+			log.Errorf("Test Failed\n")
+			t.Error(err)
+		}
+		assert.Equal(t, test.expected, wfStatus)
+		assert.NoError(t, err, "Workers Failed")
+
+		for i := int64(0); i < test.workers; i++ {
+			if len(workerStatus) > 0 {
+				//Check for worker exit status
+				status := <-workerStatus
+				expected := 0
+				if test.expected != workflow.ActionState_ACTION_SUCCESS {
+					expected = 1
+				}
+				assert.Equal(t, int64(expected), status)
+				//checking for ephemeral data validation
+				resp, err := client.WorkflowClient.GetWorkflowData(context.Background(), &workflow.GetWorkflowDataRequest{WorkflowID: wfID, Version: 0})
+				if err != nil {
+					assert.Equal(t, test.ephData, string(resp.GetData()))
+				}
+			}
+		}
+	}
+}
diff --git a/tls/.gitignore b/tls/.gitignore
new file mode 100644
index 000000000..355164c12
--- /dev/null
+++ b/tls/.gitignore
@@ -0,0 +1 @@
+*/
diff --git a/tls/.gitkeep b/tls/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tls/Dockerfile b/tls/Dockerfile
new file mode 100644
index 000000000..277aa3d09
--- /dev/null
+++ b/tls/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine:3.7
+ENTRYPOINT [ "/entrypoint.sh" ]
+COPY . .
+RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client
+RUN apk add --no-cache --update --upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl
+
diff --git a/tls/ca-config.json b/tls/ca-config.json
new file mode 100644
index 000000000..9c9e14d77
--- /dev/null
+++ b/tls/ca-config.json
@@ -0,0 +1,24 @@
+{
+  "signing": {
+    "default": {
+      "expiry": "168h"
+    },
+    "profiles": {
+      "server": {
+        "expiry": "8760h",
+        "usages": [
+          "signing",
+          "key encipherment",
+          "server auth"
+        ]
+      },
+      "signing": {
+        "expiry": "8760h",
+        "usages": [
+          "signing",
+          "key encipherment"
+        ]
+      }
+    }
+  }
+}
diff --git a/tls/ca.in.json b/tls/ca.in.json
new file mode 100644
index 000000000..0c0cf7a24
--- /dev/null
+++ b/tls/ca.in.json
@@ -0,0 +1,12 @@
+{
+  "CN": "Autogenerated CA",
+  "key": {
+    "algo": "rsa",
+    "size": 2048
+  },
+  "names": [
+    {
+      "L": "@FACILITY@"
+    }
+  ]
+}
diff --git a/tls/entrypoint.sh b/tls/entrypoint.sh
new file mode 100755
index 000000000..52016bb2b
--- /dev/null
+++ b/tls/entrypoint.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+# set -o errexit -o nounset -o pipefail
+
+if [ -z "${TINKERBELL_TLS_CERT:-}" ]; then
+	(
+		FACILITY=$(echo "$FACILITY" | tr '[:upper:]' '[:lower:]')
+		echo "creating directory"
+		mkdir -p "certs"
+		FACILITY=$FACILITY sh gencerts.sh
+		rm server.csr server-csr.json
+		rm ca.csr ca.json
+	)
+fi
+
+"$@"
diff --git a/tls/gencerts.sh b/tls/gencerts.sh
new file mode 100644
index 000000000..0d7913314
--- /dev/null
+++ b/tls/gencerts.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+if ! { [[ -r ca.json ]] && [[ -r ca.pem ]] && [[ -r ca-key.pem ]]; }; then
+	sed "s|@FACILITY@|$FACILITY|g" <ca.in.json >ca.json
+	cfssl gencert \
+		-initca ca.json | cfssljson -bare ca
+	rm -f server-csr.json server-*.pem
+fi
+if ! { [[ -r server-csr.json ]] && [[ -r server.pem ]] && [[ -r server-key.pem ]]; }; then
+	sed "s|@FACILITY@|$FACILITY|g" <server-csr.in.json >server-csr.json
+	cfssl gencert \
+		-ca=ca.pem \
+		-ca-key=ca-key.pem \
+		-config=ca-config.json \
+		-profile=server \
+		server-csr.json | cfssljson -bare server
+	cat server.pem ca.pem | tee bundle.pem
+fi
+
+# only "modify" the file if truly necessary since workflow will serve it with
+# modtime info for client caching purposes
+cat server.pem ca.pem >bundle.pem.tmp
+if ! cmp -s bundle.pem.tmp bundle.pem; then
+	mv bundle.pem.tmp bundle.pem
+else
+	rm bundle.pem.tmp
+fi
+
+mv *.pem certs/
diff --git a/tls/server-csr.in.json b/tls/server-csr.in.json
new file mode 100644
index 000000000..fdb3ca2c0
--- /dev/null
+++ b/tls/server-csr.in.json
@@ -0,0 +1,20 @@
+{
+  "CN": "tinkerbell",
+  "hosts": [
+    "tinkerbell.@FACILITY@.packet.net",
+    "tinkerbell.registry",
+    "tinkerbell.tinkerbell",
+    "tinkerbell",
+    "localhost",
+    "127.0.0.1"
+  ],
+  "key": {
+    "algo": "rsa",
+    "size": 2048
+  },
+  "names": [
+    {
+      "L": "@FACILITY@"
+    }
+  ]
+}
diff --git a/worker/.gitkeep b/worker/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/worker/Dockerfile b/worker/Dockerfile
new file mode 100644
index 000000000..09f81ea17
--- /dev/null
+++ b/worker/Dockerfile
@@ -0,0 +1,5 @@
+FROM alpine:3.10
+
+RUN apk add --no-cache --update --upgrade ca-certificates
+COPY tinkerbell-worker /bin/worker
+ENTRYPOINT [ "/bin/worker" ]
diff --git a/worker/action.go b/worker/action.go
new file mode 100644
index 000000000..5d74a6494
--- /dev/null
+++ b/worker/action.go
@@ -0,0 +1,307 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const workflowData = `/workflow/data:/workflow/data`
+
+var (
+	registry string
+	cli      *client.Client
+	log      *logrus.Entry
+)
+
+func executeAction(ctx context.Context, action *pb.WorkflowAction, wfID string) (string, pb.ActionState, error) {
+	log = logger.WithFields(logrus.Fields{"workflow_id": wfID, "worker_id": action.GetWorkerId()})
+	err := pullActionImage(ctx, action)
+	if err != nil {
+		return fmt.Sprintf("Failed to pull Image : %s", action.GetImage()), 1, errors.Wrap(err, "DOCKER PULL")
+	}
+
+	id, err := createContainer(ctx, action, action.Command, wfID)
+	if err != nil {
+		return fmt.Sprintf("Failed to create container"), 1, errors.Wrap(err, "DOCKER CREATE")
+	}
+	var timeCtx context.Context
+	var cancel context.CancelFunc
+	if action.Timeout > 0 {
+		timeCtx, cancel = context.WithTimeout(context.Background(), time.Duration(action.Timeout)*time.Second)
+	} else {
+		timeCtx, cancel = context.WithTimeout(context.Background(), 1*time.Hour)
+	}
+	defer cancel()
+	//run container with timeout context
+	//startedAt := time.Now()
+	err = runContainer(timeCtx, id)
+	if err != nil {
+		return fmt.Sprintf("Failed to run container"), 1, errors.Wrap(err, "DOCKER RUN")
+	}
+
+	failedActionStatus := make(chan pb.ActionState)
+
+	//capturing logs of action container in a go-routine
+	go captureLogs(ctx, id)
+
+	status, err, werr := waitContainer(timeCtx, id)
+	if werr != nil {
+		rerr := removeContainer(ctx, id)
+		if rerr != nil {
+			log.WithField("container_id", id).Errorln("Failed to remove container as ", rerr)
+		}
+		return fmt.Sprintf("Failed to wait for completion of action"), status, errors.Wrap(err, "DOCKER_WAIT")
+	}
+	rerr := removeContainer(ctx, id)
+	if rerr != nil {
+		return fmt.Sprintf("Failed to remove container of action"), status, errors.Wrap(rerr, "DOCKER_REMOVE")
+	}
+	log.Infoln("Container removed with Status ", pb.ActionState(status))
+	if status != pb.ActionState_ACTION_SUCCESS {
+		if status == pb.ActionState_ACTION_TIMEOUT && action.OnTimeout != nil {
+			id, err = createContainer(ctx, action, action.OnTimeout, wfID)
+			if err != nil {
+				log.Errorln("Failed to create container for on-timeout command: ", err)
+			}
+			log.Infoln("Container created with on-timeout command : ", action.OnTimeout)
+			failedActionStatus := make(chan pb.ActionState)
+		        go captureLogs(ctx, id)
+			go waitFailedContainer(ctx, id, failedActionStatus)
+			err = runContainer(ctx, id)
+			if err != nil {
+				log.Errorln("Failed to run on-timeout command: ", err)
+			}
+			onTimeoutStatus := <-failedActionStatus
+			log.Infoln("On-Timeout Container status : ", onTimeoutStatus)
+		} else {
+			if action.OnFailure != nil {
+				id, err = createContainer(ctx, action, action.OnFailure, wfID)
+				if err != nil {
+					log.Errorln("Failed to create on-failure command: ", err)
+				}
+				log.Infoln("Container created with on-failure command : ", action.OnFailure)
+				go captureLogs(ctx, id)
+				go waitFailedContainer(ctx, id, failedActionStatus)
+				err = runContainer(ctx, id)
+				if err != nil {
+					log.Errorln("Failed to run on-failure command: ", err)
+				}
+				onFailureStatus := <-failedActionStatus
+				log.Infoln("on-failure Container status : ", onFailureStatus)
+			}
+		}
+		log.Infoln("Wait finished for failed or timeout container")
+		if err != nil {
+			rerr := removeContainer(ctx, id)
+			if rerr != nil {
+				log.Errorln("Failed to remove container as ", rerr)
+			}
+			log.Infoln("Failed to wait for container : ", err)
+		}
+		rerr = removeContainer(ctx, id)
+		if rerr != nil {
+			log.Errorln("Failed to remove container as ", rerr)
+		}
+	}
+	log.Infoln("Action container exits with status code ", status)
+	return fmt.Sprintf("Successfull Execution"), status, nil
+}
+
+func captureLogs(ctx context.Context, id string) {
+	reader, err := cli.ContainerLogs(context.Background(), id, types.ContainerLogsOptions{
+		ShowStdout: true,
+		ShowStderr: true,
+		Follow:     true,
+		Timestamps: false,
+	})
+	if err != nil {
+		panic(err)
+	}
+	defer reader.Close()
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		fmt.Println(scanner.Text())
+	}
+}
+
+func pullActionImage(ctx context.Context, action *pb.WorkflowAction) error {
+	user := os.Getenv("REGISTRY_USERNAME")
+	pwd := os.Getenv("REGISTRY_PASSWORD")
+	if user == "" || pwd == "" {
+		return errors.New("required REGISTRY_USERNAME and REGISTRY_PASSWORD")
+	}
+
+	authConfig := types.AuthConfig{
+		Username:      user,
+		Password:      pwd,
+		ServerAddress: registry,
+	}
+	encodedJSON, err := json.Marshal(authConfig)
+	if err != nil {
+		return errors.Wrap(err, "DOCKER AUTH")
+	}
+	authStr := base64.URLEncoding.EncodeToString(encodedJSON)
+
+	out, err := cli.ImagePull(ctx, registry+"/"+action.GetImage(), types.ImagePullOptions{RegistryAuth: authStr})
+	if err != nil {
+		return errors.Wrap(err, "DOCKER PULL")
+	}
+	defer out.Close()
+	io.Copy(os.Stdout, out)
+	return nil
+}
+
+func createContainer(ctx context.Context, action *pb.WorkflowAction, cmd []string, wfID string) (string, error) {
+	config := &container.Config{
+		Image:        registry + "/" + action.GetImage(),
+		AttachStdout: true,
+		AttachStderr: true,
+		Tty:	      true,
+		Env:          action.GetEnvironment(),
+	}
+
+	if cmd != nil {
+		config.Cmd = cmd
+	}
+
+	wfDir := dataDir + string(os.PathSeparator) + wfID
+	hostConfig := &container.HostConfig{
+		Privileged: true,
+		Binds:      []string{wfDir + ":/workflow"},
+	}
+	hostConfig.Binds = append(hostConfig.Binds, action.GetVolumes()...)
+
+	log.Infoln("Starting the container with cmd", cmd)
+	resp, err := cli.ContainerCreate(ctx, config, hostConfig, nil, action.GetName())
+	if err != nil {
+		return "", errors.Wrap(err, "DOCKER CREATE")
+	}
+	return resp.ID, nil
+}
+
+func runContainer(ctx context.Context, id string) error {
+	log.Debugln("run Container with ID : ", id)
+	err := cli.ContainerStart(ctx, id, types.ContainerStartOptions{})
+	if err != nil {
+		return errors.Wrap(err, "DOCKER START")
+	}
+	return nil
+}
+
+func waitContainer(ctx context.Context, id string) (pb.ActionState, error, error) {
+	// Inspect whether the container is in running state
+	inspect, err := cli.ContainerInspect(ctx, id)
+	if err != nil {
+		log.Debugln("Container does not exists")
+		return pb.ActionState_ACTION_FAILED, nil, nil
+	}
+	if inspect.ContainerJSONBase.State.Running {
+		log.Debugln("Container with id : ", id, " is in running state")
+		//return pb.ActionState_ACTION_FAILED, nil, nil
+	}
+	// send API call to wait for the container completion
+	log.Debugln("Starting Container wait for id : ", id)
+	wait, errC := cli.ContainerWait(ctx, id, container.WaitConditionNotRunning)
+
+	select {
+	case status := <-wait:
+		log.Infoln("Container with id ", id, "finished with status code : ", status.StatusCode)
+		if status.StatusCode == 0 {
+			return pb.ActionState_ACTION_SUCCESS, nil, nil
+		}
+		return pb.ActionState_ACTION_FAILED, nil, nil
+	case err := <-errC:
+		log.Errorln("Container wait failed for id : ", id, " Error : ", err)
+		return pb.ActionState_ACTION_FAILED, nil, err
+	case <-ctx.Done():
+		log.Errorln("Container wait for id : ", id, " is timedout Error : ", err)
+		return pb.ActionState_ACTION_TIMEOUT, ctx.Err(), nil
+	}
+}
+
+func waitFailedContainer(ctx context.Context, id string, failedActionStatus chan pb.ActionState) {
+	// send API call to wait for the container completion
+	log.Debugln("Starting Container wait for id : ", id)
+	wait, errC := cli.ContainerWait(ctx, id, container.WaitConditionNotRunning)
+
+	select {
+	case status := <-wait:
+		log.Infoln("Container with id ", id, "finished with status code : ", status.StatusCode)
+		if status.StatusCode == 0 {
+			failedActionStatus <- pb.ActionState_ACTION_SUCCESS
+		}
+		failedActionStatus <- pb.ActionState_ACTION_FAILED
+	case err := <-errC:
+		log.Errorln("Container wait failed for id : ", id, " Error : ", err)
+		failedActionStatus <- pb.ActionState_ACTION_FAILED
+	}
+}
+
+func removeContainer(ctx context.Context, id string) error {
+	// create options for removing container
+	opts := types.ContainerRemoveOptions{
+		Force:         true,
+		RemoveLinks:   false,
+		RemoveVolumes: true,
+	}
+	log.Debugln("Start removing container ", id)
+	// send API call to remove the container
+	err := cli.ContainerRemove(ctx, id, opts)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func initializeDockerClient() (*client.Client, error) {
+	registry = os.Getenv("DOCKER_REGISTRY")
+	if registry == "" {
+		return nil, errors.New("requried DOCKER_REGISTRY")
+	}
+	c, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		return nil, errors.Wrap(err, "DOCKER CLIENT")
+	}
+	level := os.Getenv("WORKER_LOG_LEVEL")
+	if level != "" {
+		switch strings.ToLower(level) {
+		case "panic":
+			logger.SetLevel(logrus.PanicLevel)
+		case "fatal":
+			logger.SetLevel(logrus.FatalLevel)
+		case "error":
+			logger.SetLevel(logrus.ErrorLevel)
+		case "warn", "warning":
+			logger.SetLevel(logrus.WarnLevel)
+		case "info":
+			logger.SetLevel(logrus.InfoLevel)
+		case "debug":
+			logger.SetLevel(logrus.DebugLevel)
+		case "trace":
+			logger.SetLevel(logrus.TraceLevel)
+		default:
+			logger.SetLevel(logrus.InfoLevel)
+			logger.Errorln("Invalid value for WORKER_LOG_LEVEL", level, " .Setting it to default(Info)")
+		}
+	} else {
+		logger.SetLevel(logrus.InfoLevel)
+		logger.Errorln("Variable WORKER_LOG_LEVEL is not set. Default is Info")
+	}
+	logger.SetFormatter(&logrus.JSONFormatter{})
+	return c, nil
+}
diff --git a/worker/main.go b/worker/main.go
new file mode 100644
index 000000000..715bd6999
--- /dev/null
+++ b/worker/main.go
@@ -0,0 +1,85 @@
+package main
+
+import (
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/packethost/tinkerbell/client"
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+)
+
+const (
+	retryIntervalDefault = 3
+	retryCountDefault    = 3
+)
+
+var (
+	rClient       pb.WorkflowSvcClient
+	retryInterval time.Duration
+	retries       int
+)
+
+var logger = logrus.New()
+
+func main() {
+	setupRetry()
+	client.Setup()
+	conn, err := tryClientConnection()
+	if err != nil {
+		logger.Fatalln(err)
+	}
+	rClient = pb.NewWorkflowSvcClient(conn)
+	err = processWorkflowActions(rClient)
+	if err != nil {
+		logger.Errorln("Worker Finished with error", err)
+	}
+}
+
+func tryClientConnection() (*grpc.ClientConn, error) {
+	var err error
+	for r := 1; r <= retries; r++ {
+		c, e := client.GetConnection()
+		if e != nil {
+			err = e
+			logger.Errorln(err)
+			logger.Errorf("Retrying after %v seconds", retryInterval)
+			<-time.After(retryInterval * time.Second)
+			continue
+		}
+		return c, nil
+	}
+	return nil, err
+}
+
+func setupRetry() {
+	interval := os.Getenv("RETRY_INTERVAL")
+	if interval == "" {
+		logger.Infof("RETRY_INTERVAL not set. Using default, %d seconds\n", retryIntervalDefault)
+		retryInterval = retryIntervalDefault
+	} else {
+		interval, err := time.ParseDuration(interval)
+		if err != nil {
+			logger.Warningf("Invalid RETRY_INTERVAL set. Using default, %d seconds.\n", retryIntervalDefault)
+			retryInterval = retryIntervalDefault
+		} else {
+			retryInterval = interval
+		}
+	}
+
+	maxRetry := os.Getenv("MAX_RETRY")
+	if maxRetry == "" {
+		logger.Infof("MAX_RETRY not set. Using default, %d retries.\n", retryCountDefault)
+		retries = retryCountDefault
+	} else {
+		max, err := strconv.Atoi(maxRetry)
+		if err != nil {
+			logger.Warningf("Invalid MAX_RETRY set. Using default, %d retries.\n", retryCountDefault)
+			retries = retryCountDefault
+		} else {
+			retries = max
+		}
+	}
+}
diff --git a/worker/worker.go b/worker/worker.go
new file mode 100644
index 000000000..7e661eb8f
--- /dev/null
+++ b/worker/worker.go
@@ -0,0 +1,372 @@
+package main
+
+import (
+	"context"
+	sha "crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	pb "github.com/packethost/tinkerbell/protos/workflow"
+	"github.com/sirupsen/logrus"
+
+	"google.golang.org/grpc/status"
+)
+
+const (
+	dataFile                 = "data"
+	dataDir                  = "/worker"
+	maxFileSize              = "MAX_FILE_SIZE" // in bytes
+	defaultMaxFileSize int64 = 10485760        //10MB ~= 10485760Bytes
+)
+
+var (
+	workflowcontexts = map[string]*pb.WorkflowContext{}
+	workflowactions  = map[string]*pb.WorkflowActionList{}
+	workflowDataSHA  = map[string]string{}
+)
+
+// WorkflowMetadata is the metadata related to workflow data
+type WorkflowMetadata struct {
+	WorkerID  string    `json:"worker-id"`
+	Action    string    `json:"action-name"`
+	Task      string    `json:"task-name"`
+	UpdatedAt time.Time `json:"updated-at"`
+	SHA       string    `json:"sha256"`
+}
+
+func processWorkflowActions(client pb.WorkflowSvcClient) error {
+	workerID := os.Getenv("WORKER_ID")
+	if workerID == "" {
+		return fmt.Errorf("requried WORKER_NAME")
+	}
+	log = logger.WithField("worker_id", workerID)
+	ctx := context.Background()
+	for {
+		err := fetchLatestContext(ctx, client, workerID)
+		if err != nil {
+			return err
+		}
+
+		if allWorkflowsFinished() {
+			log.Infoln("All workflows finished")
+			return nil
+		}
+
+		cli, err = initializeDockerClient()
+		if err != nil {
+			return err
+		}
+
+		for wfID, wfContext := range workflowcontexts {
+			actions, ok := workflowactions[wfID]
+			if !ok {
+				return fmt.Errorf("Can't find actions for workflow %s", wfID)
+			}
+
+			turn := false
+			actionIndex := 0
+			var nextAction *pb.WorkflowAction
+			if wfContext.GetCurrentAction() == "" {
+				if actions.GetActionList()[0].GetWorkerId() == workerID {
+					actionIndex = 0
+					turn = true
+				}
+			} else {
+				switch wfContext.GetCurrentActionState() {
+				case pb.ActionState_ACTION_SUCCESS:
+					if isLastAction(wfContext, actions) {
+						log.Infof("Workflow %s completed successfully\n", wfID)
+						continue
+					}
+					nextAction = actions.GetActionList()[wfContext.GetCurrentActionIndex()+1]
+					actionIndex = int(wfContext.GetCurrentActionIndex()) + 1
+				case pb.ActionState_ACTION_FAILED:
+					log.Infof("Workflow %s Failed\n", wfID)
+					continue
+				case pb.ActionState_ACTION_TIMEOUT:
+					log.Infof("Workflow %s Timeout\n", wfID)
+					continue
+				default:
+					log.Infof("Current context %s\n", wfContext)
+					nextAction = actions.GetActionList()[wfContext.GetCurrentActionIndex()]
+					actionIndex = int(wfContext.GetCurrentActionIndex())
+				}
+				if nextAction.GetWorkerId() == workerID {
+					turn = true
+				}
+			}
+
+			if turn {
+				wfDir := dataDir + string(os.PathSeparator) + wfID
+				if _, err := os.Stat(wfDir); os.IsNotExist(err) {
+					err := os.Mkdir(wfDir, os.FileMode(0755))
+					if err != nil {
+						log.Fatal(err)
+					}
+
+					f := openDataFile(wfDir)
+					_, err = f.Write([]byte("{}"))
+					if err != nil {
+						log.Fatal(err)
+					}
+
+					f.Close()
+					if err != nil {
+						log.Fatal(err)
+					}
+				}
+				log.Printf("Starting with action %s\n", actions.GetActionList()[actionIndex])
+			} else {
+				log.Infof("Sleep for %d seconds\n", retryInterval)
+				time.Sleep(retryInterval)
+			}
+
+			for turn {
+				action := actions.GetActionList()[actionIndex]
+				if wfContext.GetCurrentActionState() != pb.ActionState_ACTION_IN_PROGRESS {
+					actionStatus := &pb.WorkflowActionStatus{
+						WorkflowId:   wfID,
+						TaskName:     action.GetTaskName(),
+						ActionName:   action.GetName(),
+						ActionStatus: pb.ActionState_ACTION_IN_PROGRESS,
+						Seconds:      0,
+						Message:      "Started execution",
+						WorkerId:     action.GetWorkerId(),
+					}
+					err := reportActionStatus(ctx, client, actionStatus)
+					if err != nil {
+						exitWithGrpcError(err)
+					}
+					log.WithField("action_name", actionStatus.ActionName).Infoln("Sent action status ", actionStatus.ActionStatus)
+					log.Debugf("Sent action status %s\n", actionStatus)
+				}
+
+				// get workflow data
+				getWorkflowData(ctx, client, wfID)
+
+				// start executing the action
+				start := time.Now()
+				_, status, err := executeAction(ctx, actions.GetActionList()[actionIndex], wfID)
+				elapsed := time.Since(start)
+
+				actionStatus := &pb.WorkflowActionStatus{
+					WorkflowId: wfID,
+					TaskName:   action.GetTaskName(),
+					ActionName: action.GetName(),
+					Seconds:    int64(elapsed.Seconds()),
+					WorkerId:   action.GetWorkerId(),
+				}
+
+				if err != nil || status != pb.ActionState_ACTION_SUCCESS {
+					if status == pb.ActionState_ACTION_TIMEOUT {
+						log.WithFields(logrus.Fields{"action": action.GetName(), "Task": action.GetTaskName()}).Errorln("Action timed out")
+						actionStatus.ActionStatus = pb.ActionState_ACTION_TIMEOUT
+						actionStatus.Message = "Action Timed out"
+					} else {
+						log.WithFields(logrus.Fields{"action": action.GetName(), "Task": action.GetTaskName()}).Errorln("Action Failed")
+						actionStatus.ActionStatus = pb.ActionState_ACTION_FAILED
+						actionStatus.Message = "Action Failed"
+					}
+					rerr := reportActionStatus(ctx, client, actionStatus)
+					if rerr != nil {
+						exitWithGrpcError(rerr)
+					}
+					return err
+				}
+
+				actionStatus.ActionStatus = pb.ActionState_ACTION_SUCCESS
+				actionStatus.Message = "Finished Execution Successfully"
+
+				err = reportActionStatus(ctx, client, actionStatus)
+				if err != nil {
+					exitWithGrpcError(err)
+				}
+				log.Infof("Sent action status %s\n", actionStatus)
+
+				// send workflow data, if updated
+				updateWorkflowData(ctx, client, actionStatus)
+
+				if len(actions.GetActionList()) == actionIndex+1 {
+					log.Infoln("Reached to end of workflow")
+					turn = false
+					break
+				}
+				nextAction := actions.GetActionList()[actionIndex+1]
+				if nextAction.GetWorkerId() != workerID {
+					log.Debugf("Different worker has turn %s\n", nextAction.GetWorkerId())
+					turn = false
+				} else {
+					actionIndex = actionIndex + 1
+				}
+			}
+		}
+	}
+}
+
+func fetchLatestContext(ctx context.Context, client pb.WorkflowSvcClient, workerID string) error {
+	log.Infof("Fetching latest context for worker %s\n", workerID)
+	res, err := client.GetWorkflowContexts(ctx, &pb.WorkflowContextRequest{WorkerId: workerID})
+	if err != nil {
+		return err
+	}
+	for _, wfContext := range res.GetWorkflowContexts() {
+		workflowcontexts[wfContext.WorkflowId] = wfContext
+		if _, ok := workflowactions[wfContext.WorkflowId]; !ok {
+			wfActions, err := client.GetWorkflowActions(ctx, &pb.WorkflowActionsRequest{WorkflowId: wfContext.WorkflowId})
+			if err != nil {
+				return err
+			}
+			workflowactions[wfContext.WorkflowId] = wfActions
+		}
+	}
+	return nil
+}
+
+func allWorkflowsFinished() bool {
+	for wfID, wfContext := range workflowcontexts {
+		actions := workflowactions[wfID]
+		if wfContext.GetCurrentActionState() == pb.ActionState_ACTION_FAILED || wfContext.GetCurrentActionState() == pb.ActionState_ACTION_TIMEOUT {
+			continue
+		}
+		if !(wfContext.GetCurrentActionState() == pb.ActionState_ACTION_SUCCESS && isLastAction(wfContext, actions)) {
+			return false
+		}
+	}
+	return true
+}
+
+func exitWithGrpcError(err error) {
+	if err != nil {
+		errStatus, _ := status.FromError(err)
+		log.WithField("Error code : ", errStatus.Code()).Errorln(errStatus.Message())
+		os.Exit(1)
+	}
+}
+
+func isLastAction(wfContext *pb.WorkflowContext, actions *pb.WorkflowActionList) bool {
+	return int(wfContext.GetCurrentActionIndex()) == len(actions.GetActionList())-1
+}
+
+func reportActionStatus(ctx context.Context, client pb.WorkflowSvcClient, actionStatus *pb.WorkflowActionStatus) error {
+	var err error
+	for r := 1; r <= retries; r++ {
+		_, err = client.ReportActionStatus(ctx, actionStatus)
+		if err != nil {
+			log.Println("Report action status to server failed as : ", err)
+			log.Printf("Retrying after %v seconds", retryInterval)
+			<-time.After(retryInterval * time.Second)
+			continue
+		}
+		return nil
+	}
+	return err
+}
+
+func getWorkflowData(ctx context.Context, client pb.WorkflowSvcClient, workflowID string) {
+	res, err := client.GetWorkflowData(ctx, &pb.GetWorkflowDataRequest{WorkflowID: workflowID})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if len(res.GetData()) != 0 {
+		log.Debugf("Data received: %x", res.GetData())
+		wfDir := dataDir + string(os.PathSeparator) + workflowID
+		f := openDataFile(wfDir)
+		defer f.Close()
+
+		_, err := f.Write(res.GetData())
+		if err != nil {
+			log.Fatal(err)
+		}
+		h := sha.New()
+		workflowDataSHA[workflowID] = base64.StdEncoding.EncodeToString(h.Sum(res.Data))
+	}
+}
+
+func updateWorkflowData(ctx context.Context, client pb.WorkflowSvcClient, actionStatus *pb.WorkflowActionStatus) {
+	wfDir := dataDir + string(os.PathSeparator) + actionStatus.GetWorkflowId()
+	f := openDataFile(wfDir)
+	defer f.Close()
+
+	data, err := ioutil.ReadAll(f)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if isValidDataFile(f, data) {
+		h := sha.New()
+		if _, ok := workflowDataSHA[actionStatus.GetWorkflowId()]; !ok {
+			checksum := base64.StdEncoding.EncodeToString(h.Sum(data))
+			workflowDataSHA[actionStatus.GetWorkflowId()] = checksum
+			sendUpdate(ctx, client, actionStatus, data, checksum)
+		} else {
+			newSHA := base64.StdEncoding.EncodeToString(h.Sum(data))
+			if !strings.EqualFold(workflowDataSHA[actionStatus.GetWorkflowId()], newSHA) {
+				sendUpdate(ctx, client, actionStatus, data, newSHA)
+			}
+		}
+	}
+}
+
+func sendUpdate(ctx context.Context, client pb.WorkflowSvcClient, st *pb.WorkflowActionStatus, data []byte, checksum string) {
+	meta := WorkflowMetadata{
+		WorkerID:  st.GetWorkerId(),
+		Action:    st.GetActionName(),
+		Task:      st.GetTaskName(),
+		UpdatedAt: time.Now(),
+		SHA:       checksum,
+	}
+	metadata, err := json.Marshal(meta)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	log.Debugf("Sending updated data: %v\n", string(data))
+	_, err = client.UpdateWorkflowData(ctx, &pb.UpdateWorkflowDataRequest{
+		WorkflowID: st.GetWorkflowId(),
+		Data:       data,
+		Metadata:   metadata,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func openDataFile(wfDir string) *os.File {
+	f, err := os.OpenFile(wfDir+string(os.PathSeparator)+dataFile, os.O_RDWR|os.O_CREATE, 0644)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return f
+}
+
+func isValidDataFile(f *os.File, data []byte) bool {
+	var dataMap map[string]interface{}
+	err := json.Unmarshal(data, &dataMap)
+	if err != nil {
+		log.Print(err)
+		return false
+	}
+
+	stat, err := f.Stat()
+	if err != nil {
+		log.Print(err)
+		return false
+	}
+
+	val := os.Getenv(maxFileSize)
+	if val != "" {
+		maxSize, err := strconv.ParseInt(val, 10, 64)
+		if err == nil {
+			log.Print(err)
+		}
+		return stat.Size() <= maxSize
+	}
+	return stat.Size() <= defaultMaxFileSize
+}