cleanup

chronograf.tf

@@ -1,92 +0,0 @@
-
-resource "kubernetes_persistent_volume" "chronograf" {
-  metadata {
-    name = "pv-p9hostpath-chronograf"
-  }
-  spec {
-    capacity = { 
-      storage = "8Gi"
-    }   
-    access_modes = ["ReadWriteMany"]
-    persistent_volume_source {
-      host_path {
-        path = "/mnt/datastore/chronograf"
-      }   
-    }   
-  }
-}
-
-resource "random_password" "chronograf_token_secret" {
-  length = 80
-  special = true
-}
-
-resource "helm_release" "chronograf" {
-  name      = "chronograf"
-  namespace = kubernetes_namespace.this.metadata.0.name
-
-  repository = "https://helm.influxdata.com/"
-  chart      = "chronograf"
-  version    = "1.2.5"
-
-  values = [
-    jsonencode({
-      ingress = {
-        enabled = true
-        className = "traefik"
-        hostname   = local.chronograf_domain
-        tls = true
-        secretName = "chronograf-tls"
-        annotations = {
-          "cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
-          # "kubernetes.io/ingress.class"                             = "traefik"
-          # "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
-          # "traefik.ingress.kubernetes.io/router.tls"                = "true"
-          # "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
-          # "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
-          # "traefik.ingress.kubernetes.io/router.middlewares"        = "redirect-metrics@file" # hide /metrics from the internet
-        }
-        labels = {}
-      }
-    }),
-
-    jsonencode({
-      updateStrategy = {
-        type = "Recreate"
-      },
-      persistence = {
-        enabled       = "true"
-        accessMode = "ReadWriteMany"
-        storageClass = "-"
-      }
-    }),
-    jsonencode({
-      oauth = { 
-        enabled = true
-        token_secret = random_password.chronograf_token_secret.result
-        jwks = local.jwks_url
-        generic = {
-          enabled = true
-          name = "Cognito"
-          public_url = "https://${local.chronograf_domain}/"
-          auth_url  = local.cognito_authz_url
-          token_url = local.cognito_token_url
-          api_url = "${local.cognito_userinfo_url}"
-          api_key = "email"
-          scopes  = "email openid profile"
-        }
-      } 
-    })
-  ]
-
-
-  set_sensitive {
-    name  = "oauth.generic.client_id"
-    value = aws_cognito_user_pool_client.this.id
-  }
-  set_sensitive {
-    name  = "oauth.generic.client_secret"
-    value = aws_cognito_user_pool_client.this.client_secret
-  }
-
-}

influxdb.tf

@@ -1,53 +0,0 @@
-# resource "helm_release" "influx" {
-#   name      = "influxdb"
-#   namespace = kubernetes_namespace.this.metadata.0.name
-
-#   repository = "https://helm.influxdata.com/"
-#   chart      = "influxdb"
-#   version    = "4.12.0"
-
-#   values = [
-#     jsonencode({
-#       ingress = {
-#         enabled = true
-#         hostname   = local.influx_domain
-#         tls = true
-#         secretName = "influxdb-tls"
-#         annotations = {
-#           "cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
-#           # "kubernetes.io/ingress.class"                             = "traefik"
-#           # "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
-#           # "traefik.ingress.kubernetes.io/router.tls"                = "true"
-#           # "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
-#           # "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
-#           # "traefik.ingress.kubernetes.io/router.middlewares"        = "redirect-metrics@file" # hide /metrics from the internet
-#         }
-#         labels = {}
-#       }
-#     }),
-
-#     jsonencode({
-#       persistence = {
-#         enabled       = "true"
-#         existingClaim = kubernetes_persistent_volume_claim.this.metadata.0.name
-#       }
-#     }),
-
-#     jsonencode({
-#       config = {
-#         coordinator = {
-#           # "max-concurrent-queries" = 10
-#           "query-timeout" = "1m"
-#         }
-#         retention = {
-#           enabled = true
-#           "check-interval" = "60m0s"
-#         }
-#         monitor = {
-#           "store-enabled" = true
-#           "store-interval" = "30s"
-#         }
-#     }),
-
-#   ]
-# }

locals.tf

@@ -1,7 +1,6 @@
 locals {
     namespace = "influxdb"
     influx_domain = "influxdb.thomasklein.me"
-    chronograf_domain = "chronograf.thomasklein.me"
 }
 
 data "aws_region" "current" {}

oidc.tf

@@ -1,34 +0,0 @@
-
-data "aws_cognito_user_pools" "thomasklein_infra" {
-  name = "thomasklein-infra"
-}
-
-resource "aws_cognito_user_pool_client" "this" {
-  name = "chronograf"
-
-  user_pool_id = data.aws_cognito_user_pools.thomasklein_infra.ids[0]
-
-  allowed_oauth_flows_user_pool_client = true
-  allowed_oauth_flows                  = ["code"]
-  allowed_oauth_scopes                 = ["profile", "email", "openid"]
-
-  supported_identity_providers = ["COGNITO"]
-
-  generate_secret = true
-  callback_urls   = [
-    "https://${local.chronograf_domain}/oauth/cognito/callback",
-    "https://${local.chronograf_domain}/oauth/Cognito/callback"
-  ]
-}
-
-locals {
-  # these should be available as an attribute
-  cognito_base_url = "https://${data.aws_cognito_user_pools.thomasklein_infra.name}.auth.${data.aws_region.current.name}.amazoncognito.com"
-
-  cognito_authz_url    = "${local.cognito_base_url}/oauth2/authorize"
-  cognito_token_url    = "${local.cognito_base_url}/oauth2/token"
-  cognito_userinfo_url = "${local.cognito_base_url}/oauth2/userInfo"
-
-  jwks_url = "https://cognito-idp.${data.aws_region.current.name}.amazonaws.com/${aws_cognito_user_pool_client.this.user_pool_id}/.well-known/jwks.json"
-}
-# https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json