feat: removing hashicorp vault and external-secrets (#1618)

Co-authored-by: Cas Lubbers <clubbers@akamai.com>
linode · Jun 7, 2024 · dbca465 · dbca465
1 parent 48730d9
commit dbca465
Show file tree

Hide file tree

Showing 81 changed files with 23 additions and 18,069 deletions.
diff --git a/.env.sample b/.env.sample
@@ -19,7 +19,6 @@ AWS_DEFAULT_REGION=''
 AWS_REGION=''
 AWS_ACCESS_KEY_ID=''
 AWS_SECRET_ACCESS_KEY=''
-# Vault:
-VAULT_TOKEN=''
+
 
 OTOMI_CHARTS_URL='https://github.com/redkubes/otomi-charts.git'
diff --git a/.values/.secrets.sample b/.values/.secrets.sample
@@ -14,5 +14,3 @@ AWS_DEFAULT_REGION=''
 AWS_REGION=''
 AWS_ACCESS_KEY_ID=''
 AWS_SECRET_ACCESS_KEY=''
-# Vault:
-VAULT_TOKEN=''
diff --git a/.values/env/apps/vault.yaml b/.values/env/apps/vault.yaml
diff --git a/README.md b/README.md
@@ -105,7 +105,6 @@ Otomi offers a set of integrated Kubernetes applications (using upstream open so
 - [Grafana](https://github.com/grafana/grafana): Visualize metrics, logs, and traces from multiple sources
 - [Grafana Loki](https://github.com/grafana/loki): Collecting container application logs
 - [Harbor](https://github.com/goharbor/harbor): Container image registry with role-based access control, image scanning, and image signing
-- [HashiCorp Vault](https://github.com/hashicorp/vault): Manage Secrets and Protect Sensitive Data
 - [OPA/Gatekeeper](https://github.com/open-policy-agent/gatekeeper): Policy-based control for cloud-native environments
 - [Jaeger](https://github.com/jaegertracing/jaeger): End-to-end distributed tracing and monitor for complex distributed systems
 - [Kiali](https://github.com/kiali/kiali): Observe Istio service mesh relations and connections

diff --git a/apps.yaml b/apps.yaml
@@ -85,17 +85,6 @@ appsInfo:
     license: Apache 2.0
     about: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
     integration: ExternalDNS is used by Otomi to make public service domains accessible by registering them with Otomi's load balancer CNAME or IP address. When ExternalDNS is not enabled (default), then Otomi will rely on nip.io to create host names for all services.
-  external-secrets:
-    title: External Secrets Operator
-    appVersion: 0.10.2
-    repo: https://github.com/external-secrets/external-secrets
-    maintainers: External Secrets community
-    relatedLinks:
-      - https://otomi.io/docs/apps/external-secrets
-      - https://external-secrets.io
-    license: Apache 2.0
-    about: External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
-    integration: External Secrets is used by Otomi to allow teams to automatically sync (partial) secrets created in the packaged (Hashicorp) Vault.
   falco:
     title: Falco
     appVersion: 0.33.1
@@ -352,18 +341,6 @@ appsInfo:
     dependencies: Prometheus, Grafana, Loki, Tempo
     about: The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. In addition, it removes the need to run, operate and maintain multiple agents/collectors in order to support open-source telemetry data formats (e.g. Jaeger, Prometheus, etc.) to multiple open-source or commercial back-ends.
     integration: OpenTelemetry Collector is used to receive telementry data from Istio Envoy access logs and export this data to Tempo.
-  vault:
-    title: Vault Operator
-    appVersion: 1.16.0
-    repo: https://github.com/hashicorp/vault
-    maintainers: HashiCorp
-    relatedLinks:
-      - https://otomi.io/docs/apps/vault
-      - https://www.vaultproject.io/
-      - https://www.vaultproject.io/docs/configuration/storage
-    license: MPL-2.0
-    about: Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
-    integration: Vault has been made team aware. When enabled, a space will automatically be created for each team, and only team members are allowed access. Vault is automatically configured to use Otomi's Keycloak OIDC settings for SSO. Vault runs natively on Kubernetes. To prevent data from Vault being lost during a rolling cluster upgrade, data persistence can be configured in combination with external (blob) storage.
   velero:
     title: Velero
     appVersion: 1.9.0

diff --git a/binzx/otomi b/binzx/otomi
@@ -232,7 +232,6 @@ vars=(
   TRACE
   VERBOSITY
   VALUES_INPUT
-  VAULT_TOKEN
 )
 dump_vars "${vars[@]}"
 

diff --git a/chart/otomi/templates/sops-secrets.yaml b/chart/otomi/templates/sops-secrets.yaml
@@ -28,7 +28,4 @@ data:
 {{- with .region }}
   GOOGLE_REGION: {{ . | b64enc }}{{ end }}
 {{- end }}
-{{- with $v.vault }}
-  VAULT_TOKEN: {{ .token | b64enc }}
-{{- end }}
 {{- end }}
diff --git a/chart/otomi/values.yaml b/chart/otomi/values.yaml
@@ -89,7 +89,7 @@ otomi: {}
 # KMS for encrypting values
 # kms:
 #   sops:
-#   # provider can be one of aws|azure|google|vault
+#   # provider can be one of aws|azure|google
 #     provider: ''
 #     aws:
 #       keys: ''
@@ -105,8 +105,6 @@ otomi: {}
 #       keys: ''
 #       accountJson: ''
 #       project: ''
-#     vault:
-#       token: ''
 # Bring your own IDP, or leave commented out to use keycloak as IDP
 # oidc:
 #   clientID: ''

diff --git a/charts/external-secrets/.helmignore b/charts/external-secrets/.helmignore
diff --git a/charts/external-secrets/Chart.yaml b/charts/external-secrets/Chart.yaml
diff --git a/charts/external-secrets/README.md b/charts/external-secrets/README.md
diff --git a/charts/external-secrets/README.md.gotmpl b/charts/external-secrets/README.md.gotmpl
diff --git a/charts/external-secrets/ci/main-values.yaml b/charts/external-secrets/ci/main-values.yaml
diff --git a/charts/external-secrets/templates/NOTES.txt b/charts/external-secrets/templates/NOTES.txt