Remove Vault from OG Roundtable

Author: athornton

deployments/security/kustomization.yaml

@@ -4,4 +4,3 @@ kind: Kustomization
 resources:
   - resources/cert-manager.yaml
   - resources/ingress-nginx.yaml
-  - resources/vault.yaml

deployments/security/resources/vault.yaml

@@ -7,7 +7,7 @@ These secrets include API keys and tokens that let your application access secur
 You can't include this information inside your application's code base or GitOps deployment manifests because it would be exposed in our open source GitHub repositories.
 Instead, you want your application to have these secrets available only when needed: at runtime inside the Roundtable Kubernetes cluster.
 
-Applications can use Roundtable's Vault_ service to store and access secrets within Kubernetes.
+Applications can use (Phalanx) Roundtable's Vault_ service to store and access secrets within Kubernetes.
 By using Vault, Roundtable applications can use a completely public GitOps approach to deployments while ensuring that secret information like passwords and API tokens never leave the Kubernetes cluster.
 
 This page includes an overview of the Vault system along with procedures for using Vault in your application's deployment.
@@ -37,6 +37,8 @@ Read `DMTN-112: LSST DM Vault <https://dmtn-112.lsst.io>`__ for more information
 Paths for application secrets
 -----------------------------
 
+Note that the following only applies to Original Roundtable.  In general, new applications should be using Phalanx, which has `its own method of managing Vault secrets <https://phalanx.lsst.io/developers/helm-chart/define-secrets.html>`__.
+
 Every application stores its secrets at a specific **path** within the Vault service.
 Paths keep secrets organized and also helps control access with tokens.
 
@@ -96,7 +98,7 @@ Get write access to Vault
 
    .. code-block:: bash
 
-      export VAULT_ADDR="https://vault.lsst.codes"
+      export VAULT_ADDR="https://vault.lsst.cloud"
       export VAULT_TOKEN=<token id>
 
 .. important::

deployments/vault/Chart.yaml

@@ -120,10 +120,6 @@
    :target: https://cd.roundtable.lsst.codes/applications/app-land
    :alt: App Land app status
 
-.. |vault-status| image:: https://cd.roundtable.lsst.codes/api/badge?name=vault
-   :target: https://cd.roundtable.lsst.codes/applications/vault
-   :alt: Vault app status
-
 .. |vault-secrets-operator-status| image:: https://cd.roundtable.lsst.codes/api/badge?name=vault-secrets-operator
    :target: https://cd.roundtable.lsst.codes/applications/vault-secrets-operator
    :alt: Vault Secrets Operator app status

deployments/vault/README.md

@@ -18,5 +18,4 @@ Although this documentation is openly available, application developers shouldn'
    ingress-nginx/index
    monitoring/index
    strimzi/index
-   vault/index
    vault-secrets-operator/index

deployments/vault/values.yaml

@@ -44,9 +44,6 @@ If the IP address ever changes, at least the following DNS records in AWS Route
 - cd.roundtable.lsst.codes
 - grpc.cd.roundtable.lsst.codes
 - keeper.lsst.codes
-- vault.lsst.codes
-- vault-1.lsst.codes
-- vault-2.lsst.codes
 
 Searching for the old IP address on the Route 53 hosted domain page for lsst.codes is the best way to find any records.
 The Route 53 console breaks the records up into multiple pages of results.

docs/app-guide/using-vault-secrets.rst

@@ -16,13 +16,12 @@ security app deployment guide
 
 .. rubric:: Overview
 
-The ``security`` app is responsible for deploying security services for Roundtable, most notably Vault and all of its dependencies.
+The ``security`` app is responsible for deploying security services for Roundtable.  Since Vault has moved to Phalanx Roundtable, it doesn't have much to do.
 It follows the `app of apps <https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/#app-of-apps-pattern>`__ pattern.
 It deploys:
 
 - :doc:`ingress-nginx <../ingress-nginx/index>` for shared ingress.
 - :doc:`cert-manager <../cert-manager/index>` for Let's-Encrypt-provided TLS certificates.
-- :doc:`vault <../vault/index>` for the Vault secret service.
 
 .. rubric:: Bootstrapping the Application