remove: Docs (impress) and People (desk) from La Suite

Collabora stays (Drive needs it for WOPI document editing). Removed: Helm charts, values, nginx configs, patches, OIDC clients, Vault secrets, S3 buckets, Pingora routes, Kratos return URLs, overlay image overrides and resource patches, local-up.sh restarts.
2026-03-25 17:53:43 +00:00
parent b13555607a
commit 0a322c8a7c
15 changed files with 20 additions and 695 deletions
--- a/base/lasuite/vault-secrets.yaml
+++ b/base/lasuite/vault-secrets.yaml
@@ -25,18 +25,6 @@ spec:
  rolloutRestartTargets:
    - kind: Deployment
      name: hive
-    - kind: Deployment
-      name: people-backend
-    - kind: Deployment
-      name: people-celery-worker
-    - kind: Deployment
-      name: people-celery-beat
-    - kind: Deployment
-      name: docs-backend
-    - kind: Deployment
-      name: docs-celery-worker
-    - kind: Deployment
-      name: docs-y-provider
    - kind: Deployment
      name: drive-backend
    - kind: Deployment
@@ -114,146 +102,6 @@ spec:
        "client-secret":
          text: "{{ index .Secrets \"oidc-client-secret\" }}"
 ---
-# People DB credentials from OpenBao database secrets engine (static role, 24h rotation).
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultDynamicSecret
-metadata:
-  name: people-db-credentials
-  namespace: lasuite
-spec:
-  vaultAuthRef: vso-auth
-  mount: database
-  path: static-creds/people
-  allowStaticCreds: true
-  refreshAfter: 5m
-  rolloutRestartTargets:
-    - kind: Deployment
-      name: people-backend
-    - kind: Deployment
-      name: people-celery-worker
-    - kind: Deployment
-      name: people-celery-beat
-  destination:
-    name: people-db-credentials
-    create: true
-    overwrite: true
-    transformation:
-      excludeRaw: true
-      templates:
-        password:
-          text: "{{ index .Secrets \"password\" }}"
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: people-django-secret
-  namespace: lasuite
-spec:
-  vaultAuthRef: vso-auth
-  mount: secret
-  type: kv-v2
-  path: people
-  refreshAfter: 30s
-  rolloutRestartTargets:
-    - kind: Deployment
-      name: people-backend
-    - kind: Deployment
-      name: people-celery-worker
-    - kind: Deployment
-      name: people-celery-beat
-  destination:
-    name: people-django-secret
-    create: true
-    overwrite: true
-    transformation:
-      excludeRaw: true
-      templates:
-        DJANGO_SECRET_KEY:
-          text: "{{ index .Secrets \"django-secret-key\" }}"
---
-# Docs DB credentials from OpenBao database secrets engine (static role, 24h rotation).
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultDynamicSecret
-metadata:
-  name: docs-db-credentials
-  namespace: lasuite
-spec:
-  vaultAuthRef: vso-auth
-  mount: database
-  path: static-creds/docs
-  allowStaticCreds: true
-  refreshAfter: 5m
-  rolloutRestartTargets:
-    - kind: Deployment
-      name: docs-backend
-    - kind: Deployment
-      name: docs-celery-worker
-    - kind: Deployment
-      name: docs-y-provider
-  destination:
-    name: docs-db-credentials
-    create: true
-    overwrite: true
-    transformation:
-      excludeRaw: true
-      templates:
-        password:
-          text: "{{ index .Secrets \"password\" }}"
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: docs-django-secret
-  namespace: lasuite
-spec:
-  vaultAuthRef: vso-auth
-  mount: secret
-  type: kv-v2
-  path: docs
-  refreshAfter: 30s
-  rolloutRestartTargets:
-    - kind: Deployment
-      name: docs-backend
-    - kind: Deployment
-      name: docs-celery-worker
-    - kind: Deployment
-      name: docs-y-provider
-  destination:
-    name: docs-django-secret
-    create: true
-    overwrite: true
-    transformation:
-      excludeRaw: true
-      templates:
-        DJANGO_SECRET_KEY:
-          text: "{{ index .Secrets \"django-secret-key\" }}"
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: docs-collaboration-secret
-  namespace: lasuite
-spec:
-  vaultAuthRef: vso-auth
-  mount: secret
-  type: kv-v2
-  path: docs
-  refreshAfter: 30s
-  rolloutRestartTargets:
-    - kind: Deployment
-      name: docs-backend
-    - kind: Deployment
-      name: docs-y-provider
-  destination:
-    name: docs-collaboration-secret
-    create: true
-    overwrite: true
-    transformation:
-      excludeRaw: true
-      templates:
-        secret:
-          text: "{{ index .Secrets \"collaboration-secret\" }}"
---
 # Meet DB credentials from OpenBao database secrets engine (static role, 24h rotation).
 apiVersion: secrets.hashicorp.com/v1beta1
 kind: VaultDynamicSecret
@@ -715,3 +563,21 @@ spec:
          text: "{{ index .Secrets \"private-key\" }}"
        selector:
          text: "{{ index .Secrets \"selector\" }}"
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: drive-rs-audiences
+  namespace: lasuite
+spec:
+  vaultAuthRef: vso-auth
+  mount: secret
+  type: kv-v2
+  path: drive-rs-audiences
+  refreshAfter: 1h
+  destination:
+    name: drive-rs-audiences
+    create: true
+  rolloutRestartTargets:
+    - kind: Deployment
+      name: drive-backend