Remove vault (#7400)

* Remove contrib/vault This is marked as broken since 2018 / 3dcb914607 This still reference apiserver.pem, not used since ddffdb63bf Signed-off-by: Etienne Champetier <e.champetier@ateme.com> * Finish nuking vault from the codebase Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2026-02-16 10:40:04 -03:30 · 2021-03-24 12:26:08 -04:00
parent 8655b92e93
commit f0cdf71ccb
59 changed files with 7 additions and 2032 deletions
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -55,7 +55,7 @@ etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %

 etcd_blkio_weight: 1000

-etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) | union(groups.get('vault', [])) }}"
+etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"

 etcd_compaction_retention: "8"

--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -251,13 +251,6 @@
  when: kube_proxy_mode is defined
  run_once: true

- name: Stop if vault is chose
-  assert:
-    that: cert_management != 'vault'
-    msg: "Support for vault have been removed, please use 'script' or 'none'"
-  when: cert_management is defined
-  run_once: true
-
 - name: Stop if unknown cert_management
  assert:
    that: cert_management|d('script') in ['script', 'none']
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -5,7 +5,6 @@
    state: stopped
  with_items:
    - kubelet
-    - vault
  failed_when: false
  tags:
    - services
@@ -16,11 +15,9 @@
    state: absent
  with_items:
    - kubelet.service
-    - vault.service
    - calico-node.service
    - containerd.service.d/http-proxy.conf
    - crio.service.d/http-proxy.conf
-    - vault.service.d/http-proxy.conf
    - k8s-certs-renew.service
    - k8s-certs-renew.timer
  register: services_removed
@@ -270,14 +267,10 @@
    - /run/kubernetes
    - /usr/local/share/ca-certificates/etcd-ca.crt
    - /usr/local/share/ca-certificates/kube-ca.crt
-    - /usr/local/share/ca-certificates/vault-ca.crt
    - /etc/ssl/certs/etcd-ca.pem
    - /etc/ssl/certs/kube-ca.pem
-    - /etc/ssl/certs/vault-ca.crt
    - /etc/pki/ca-trust/source/anchors/etcd-ca.crt
    - /etc/pki/ca-trust/source/anchors/kube-ca.crt
-    - /etc/pki/ca-trust/source/anchors/vault-ca.crt
-    - /etc/vault
    - /var/log/pods/
    - "{{ bin_dir }}/kubelet"
    - "{{ bin_dir }}/etcd-scripts"