Skip to content
Snippets Groups Projects
Commit 3dcb9146 authored by Antoine Legrand's avatar Antoine Legrand Committed by k8s-ci-robot
Browse files

Remove Vault (#3684) 

* Remove Vault

* Remove reference to 'kargo' in the doc

* change check order
parent b2b42184
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 16 additions and 54 deletions
roles/etcd/tasks/main.yml
+ 3
1
View file @ 3dcb9146
......@@ -5,7 +5,9 @@
- etcd-secrets
- facts
- include_tasks: "gen_certs_{{ cert_management }}.yml"
- include_tasks: "gen_certs_script.yml"
when:
- cert_management |d('script') == "script"
tags:
- etcd-secrets
......
roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+ 9
3
View file @ 3dcb9146
......@@ -188,13 +188,19 @@
when: kube_proxy_mode is defined
run_once: true
- name: Stop if unknown cert_management
- name: Stop if vault is chose
assert:
that: cert_management in ['script', 'vault']
msg: "cert_management can only be 'script' or 'vault'"
that: cert_management != 'vault'
msg: "Support for vault have been removed, please use 'script' or 'none'"
when: cert_management is defined
run_once: true
- name: Stop if unknown cert_management
assert:
that: cert_management|d('script') in ['script', 'none']
msg: "cert_management can only be 'script' or 'none'"
run_once: true
- name: Stop if unknown resolvconf_mode
assert:
that: resolvconf_mode in ['docker_dns', 'host_resolvconf', 'none']
......
roles/kubernetes/secrets/defaults/main.yml
+ 0
1
View file @ 3dcb9146
---
kube_cert_group: kube-cert
kube_vault_mount_path: "/kube"
roles/kubernetes/secrets/meta/main.yml
+ 0
1
View file @ 3dcb9146
---
# NOTE: Dynamic task dependency on Vault Role if cert_management == "vault"
roles/kubernetes/secrets/tasks/main.yml
+ 3
1
View file @ 3dcb9146
......@@ -69,7 +69,9 @@
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- include_tasks: "gen_certs_{{ cert_management }}.yml"
- include_tasks: "gen_certs_script.yml"
when:
- cert_management |d('script') == 'script'
tags:
- k8s-secrets
- k8s-gen-certs
......
roles/kubespray-defaults/defaults/main.yaml
+ 1
8
View file @ 3dcb9146
......@@ -224,7 +224,7 @@ docker_options: >-
etcd_deployment_type: docker
kubelet_deployment_type: docker
cert_management: script
vault_deployment_type: docker
helm_deployment_type: host
# Enable kubeadm deployment (experimental)
......@@ -303,13 +303,6 @@ kube_feature_gates: |-
{{ feature_gate_v1_12 }}
{%- endif %}
# Vault data dirs.
vault_base_dir: /etc/vault
vault_cert_dir: "{{ vault_base_dir }}/ssl"
vault_config_dir: "{{ vault_base_dir }}/config"
vault_roles_dir: "{{ vault_base_dir }}/roles"
vault_secrets_dir: "{{ vault_base_dir }}/secrets"
# Local volume provisioner storage classes
local_volume_provisioner_storage_classes:
- name: "{{ local_volume_provisioner_storage_class | default('local-storage') }}"
......
scale.yml
+ 0
1
View file @ 3dcb9146
......@@ -51,7 +51,6 @@
- { role: container-engine, tags: "container-engine"}
- { role: download, tags: download, when: "not skip_downloads" }
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
- { role: kubernetes/node, tags: node }
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
- { role: network_plugin, tags: network }
......
tests/files/gce_coreos-vault-upgrade.yml deleted 100644 → 0
+ 0
12
View file @ b2b42184
# Instance settings
cloud_machine_type: "n1-standard-1"
cloud_image_family: coreos-stable
cloud_region: us-central1-b
mode: aio
# Instance settings
cert_management: vault
kube_network_plugin: flannel
deploy_netchecker: true
kubedns_min_replicas: 1
cloud_provider: gce
tests/files/gce_ubuntu-vault-sep.yml deleted 100644 → 0
+ 0
12
View file @ b2b42184
# Instance settings
cloud_machine_type: "n1-standard-1"
cloud_image_family: ubuntu-1604-lts
cloud_region: us-central1-b
mode: separate
# Instance settings
cert_management: vault
kube_network_plugin: canal
deploy_netchecker: true
kubedns_min_replicas: 1
cloud_provider: gce
upgrade-cluster.yml
+ 0
14
View file @ 3dcb9146
......@@ -52,13 +52,6 @@
- { role: download, tags: download, when: "not skip_downloads" }
environment: "{{proxy_env}}"
- hosts: etcd:k8s-cluster:vault
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults, when: "cert_management == 'vault'" }
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
environment: "{{proxy_env}}"
- hosts: etcd
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
......@@ -71,13 +64,6 @@
- { role: kubespray-defaults}
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
- hosts: etcd:k8s-cluster:vault
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults, when: "cert_management == 'vault'"}
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
environment: "{{proxy_env}}"
#Handle upgrades to master components first to maintain backwards compat.
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment