refactor(vault): disable Vault HA

Still need manual unseal after rolling upgrade anyway
2025-01-19 00:38:15 +07:00 · 2022-05-08 22:10:55 +07:00 · 2022-05-08 22:10:55 +07:00 · 683282cd76
commit 683282cd76
parent 4676650f59
1 changed files with 0 additions and 41 deletions
--- a/platform/vault/values.yaml
+++ b/platform/vault/values.yaml
@ -2,47 +2,6 @@ vault:
  injector:
    enabled: false
  server:
-    # TODO enable TLS?
-    ha:
-      enabled: true
-      replicas: 3
-      raft:
-        enabled: true
-        setNodeId: true
-        config: |
-          ui = true
-
-          listener "tcp" {
-            tls_disable = 1
-            address = "[::]:8200"
-            cluster_address = "[::]:8201"
-          }
-
-          storage "raft" {
-            path = "/vault/data"
-
-            retry_join {
-              leader_api_addr = "http://vault-0.vault-internal:8200"
-            }
-            retry_join {
-              leader_api_addr = "http://vault-1.vault-internal:8200"
-            }
-            retry_join {
-              leader_api_addr = "http://vault-2.vault-internal:8200"
-            }
-
-            autopilot {
-              cleanup_dead_servers = "true"
-              last_contact_threshold = "200ms"
-              last_contact_failure_threshold = "10m"
-              max_trailing_logs = 250000
-              min_quorum = 3
-              server_stabilization_time = "10s"
-            }
-          }
-
-          service_registration "kubernetes" {}
-
    dataStorage:
      storageClass: longhorn
    ingress: