Merge pull request #338 from appuio/decommission/remove-ldap

Remove LDAP service from decommission documentation
appuio · Jun 24, 2024 · 6f00025 · 6f00025
2 parents 53cc8df + ee8259e
commit 6f00025
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 15 deletions.
diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc
@@ -108,9 +108,6 @@ vault kv delete clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cloudscale
 
 # delete registry secret
 vault kv delete clusters/kv/${TENANT_ID}/${CLUSTER_ID}/registry
-
-# delete ldap secret
-vault kv delete clusters/kv/${TENANT_ID}/${CLUSTER_ID}/vshn-ldap
 ----
 
 . Decommission Puppet-managed LBs according to the https://wiki.vshn.net/display/VT/How+To%3A+Decommission+a+VM[VSHN documentation] (Internal link).
@@ -143,22 +140,14 @@ At this point in the decommissioning process, you'll have to extract the Restic
 
 . Delete all other Vault entries
 
-. Delete LDAP service (via portal)
+. Delete Keycloak service (via portal)
 +
 Go to https://control.vshn.net/vshn/services
 +
 - Search cluster name
 +
 - Delete cluster entry service using the delete button
 
-. Remove IPs from LDAP allowlist
-+
-Edit https://git.vshn.net/vshn-puppet/vshn_hieradata/-/blob/master/corp/prod/ldap.yaml
-+
-- Search cluster IPs and remove those lines and any comments related.
-+
-- Create a Merge Request and invite a colleague for a review/approve/merge
-
 . Delete all DNS records related with cluster (zonefiles)
 
 . Update any related documentation
diff --git a/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc b/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc
@@ -124,6 +124,4 @@ NOTE: Don't forget to remove the LB configuration in the https://git.vshn.net/ap
 
 . Remove cluster DNS records from VSHN DNS
 
-. Remove cluster IPs from LDAP allowlist, if applicable
-
 . https://kb.vshn.ch/vshnsyn/how-tos/decommission.html[Decommission cluster in Project Syn]
diff --git a/docs/modules/ROOT/partials/architecture/networking-external.adoc b/docs/modules/ROOT/partials/architecture/networking-external.adoc
@@ -12,7 +12,6 @@ The Project Syn infrastructure components that must be reachable are
 
 Additionally, APPUiO Managed OpenShift 4 requires access to VSHN's identity management:
 
-* VSHN LDAP at `ldaps://ldap.vshn.net:636`
 * VSHN SSO at `\https://id.vshn.net`
 
 Finally, APPUiO Managed OpenShift 4 requires access to VSHN's central metrics storage at `\https://metrics-receive.appuio.net`