From a80da5db50bf8f356a0b8f4453cec9b35275110d Mon Sep 17 00:00:00 2001 From: Renato Monteiro <45536168+monteiro-renato@users.noreply.github.com> Date: Mon, 7 Apr 2025 14:11:30 +0200 Subject: [PATCH] chore: remove-old-poc-cluster --- .../altinn-monitor-test-rg/grafana.tf | 4 - .../altinn-monitor-test-rg/k6_tests_rg_amw.tf | 5 - .../k6_tests_rg_configs.tf | 61 -------- .../k6_tests_rg_data.tf | 1 - .../k6_tests_rg_k6_operator.tf | 10 -- .../k6_tests_rg_k6_operator_values.yaml | 7 - .../altinn-monitor-test-rg/k6_tests_rg_k8s.tf | 135 ----------------- .../k6_tests_rg_kube_prometheus.tf | 64 -------- ...ests_rg_kube_prometheus_stack_values.tftpl | 46 ------ .../k6_tests_rg_namespaces.tf | 70 --------- .../k6_tests_rg_providers.tf | 33 ---- .../k6_tests_rg_public_cert.pem | 28 ---- .../k6_tests_rg_pyrra.tf | 13 -- .../k6_tests_rg_rbac.tf | 141 ------------------ .../altinn-monitor-test-rg/k6_tests_rg_rg.tf | 4 - .../k6_tests_rg_sealsedsecrets.tf | 9 -- .../altinn-monitor-test-rg/providers.tf | 11 ++ 17 files changed, 11 insertions(+), 631 deletions(-) delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_amw.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_configs.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_data.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator_values.yaml delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k8s.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus_stack_values.tftpl delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_namespaces.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_providers.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_public_cert.pem delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_pyrra.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rbac.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rg.tf delete mode 100644 infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_sealsedsecrets.tf diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/grafana.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/grafana.tf index bcaeb1d13..83423df0c 100644 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/grafana.tf +++ b/infrastructure/adminservices-test/altinn-monitor-test-rg/grafana.tf @@ -14,10 +14,6 @@ resource "azurerm_dashboard_grafana" "grafana" { azure_monitor_workspace_integrations { resource_id = azurerm_monitor_workspace.altinn_monitor.id } - - azure_monitor_workspace_integrations { - resource_id = azurerm_monitor_workspace.k6tests_amw.id - } } resource "azurerm_role_assignment" "tf_grafana_admin" { diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_amw.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_amw.tf deleted file mode 100644 index ac7737661..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_amw.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "azurerm_monitor_workspace" "k6tests_amw" { - name = "k6tests-amw" - resource_group_name = azurerm_resource_group.k6tests_rg.name - location = azurerm_resource_group.k6tests_rg.location -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_configs.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_configs.tf deleted file mode 100644 index 6481bf506..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_configs.tf +++ /dev/null @@ -1,61 +0,0 @@ -locals { - namespaces = concat( - ["platform"], [ - for v - in var.k8s_rbac : - v["namespace"] - ]) - - deploy_envs = [ - { - name : "at22", - env_type : "dev", - suffix : "cloud" - }, - { - name : "at23", - env_type : "dev", - suffix : "cloud" - }, - { - name : "at24", - env_type : "dev", - suffix : "cloud" - }, - { - name : "yt01", - env_type : "perf", - suffix : "cloud" - }, - { - name : "tt02", - env_type : "staging", - suffix : "no" - }, - { - name : "prod", - env_type : "prod", - suffix : "no" - }, - ] - - namespaces_deployenvs = distinct(flatten([ - for n in local.namespaces : [ - for d in local.deploy_envs : { - namespace = n - deploy_env = d - } - ] - ])) -} - -resource "kubernetes_config_map_v1" "deploy_environments_manifests" { - for_each = { for entry in local.namespaces_deployenvs : "${entry.namespace}.${entry.deploy_env.name}" => entry } - metadata { - name = "deploy-environments-${each.value.deploy_env.name}" - namespace = each.value.namespace - } - data = { - BASE_URL = each.value.deploy_env.name == "prod" ? "https://platform.altinn.no" : "https://platform.${each.value.deploy_env.name}.altinn.${each.value.deploy_env.suffix}" - } -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_data.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_data.tf deleted file mode 100644 index b5d7b96ba..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_data.tf +++ /dev/null @@ -1 +0,0 @@ -# data "azurerm_client_config" "current" {} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator.tf deleted file mode 100644 index 5a23c1dd3..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource "helm_release" "k6_operator" { - depends_on = [azurerm_kubernetes_cluster.k6tests] - name = "k6-operator" - namespace = "k6-operator-system" - create_namespace = true - repository = "https://grafana.github.io/helm-charts" - chart = "k6-operator" - version = "3.11.1" - values = ["${file("${path.module}/k6_tests_rg_k6_operator_values.yaml")}"] -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator_values.yaml b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator_values.yaml deleted file mode 100644 index 2d50bc54f..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator_values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -installCRDs: true - -namespace: - create: false - -prometheus: - enabled: true diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k8s.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k8s.tf deleted file mode 100644 index 31f349f0e..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k8s.tf +++ /dev/null @@ -1,135 +0,0 @@ -resource "azurerm_log_analytics_workspace" "k6tests" { - name = "k6tests-law" - location = azurerm_resource_group.k6tests_rg.location - resource_group_name = azurerm_resource_group.k6tests_rg.name - daily_quota_gb = 5 # TODO: check how many logs we are generating and tweak accordingly - retention_in_days = 30 -} - -resource "azurerm_monitor_data_collection_rule" "k6tests" { - name = "k6tests-dcr" - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.k6tests_rg.location - - destinations { - log_analytics { - workspace_resource_id = azurerm_log_analytics_workspace.k6tests.id - name = "ciworkspace" - } - } - - data_flow { - streams = ["Microsoft-ContainerLog", "Microsoft-KubeEvents", "Microsoft-KubePodInventory", "Microsoft-KubeNodeInventory"] - destinations = ["ciworkspace"] - } - - data_sources { - extension { - streams = ["Microsoft-ContainerLog", "Microsoft-KubeEvents", "Microsoft-KubePodInventory", "Microsoft-KubeNodeInventory"] - extension_name = "ContainerInsights" - extension_json = jsonencode({ - "dataCollectionSettings" : { - "interval" : "1m", - "namespaceFilteringMode" : "Include", - "namespaces" : concat( - ["platform"], # This can probably be removed once we "onboard ourselves"; else the code is here for other "system namespaces" we may care about - [for v in var.k8s_rbac : v["namespace"]] # Team namespaces - ), - "enableContainerLogV2" : false - } - }) - name = "ContainerInsightsExtension" - } - } - - description = "DCR for Azure Monitor Container Insights" -} - -resource "azurerm_monitor_data_collection_rule_association" "k6tests" { - name = "ContainerInsightsExtension" - target_resource_id = azurerm_kubernetes_cluster.k6tests.id - data_collection_rule_id = azurerm_monitor_data_collection_rule.k6tests.id - description = "Association of container insights data collection rule. Deleting this association will break the data collection for this AKS Cluster." -} - -resource "azurerm_kubernetes_cluster" "k6tests" { - name = "k6tests-cluster" - location = azurerm_resource_group.k6tests_rg.location - resource_group_name = azurerm_resource_group.k6tests_rg.name - dns_prefix = "k6tests-cluster" - - default_node_pool { - name = "default" - auto_scaling_enabled = true - min_count = 1 - max_count = 10 - vm_size = "Standard_D3_v2" - upgrade_settings { # Adding these to keep plans clean - drain_timeout_in_minutes = 0 - max_surge = "10%" - node_soak_duration_in_minutes = 0 - } - temporary_name_for_rotation = "tmpdefault" - } - - workload_identity_enabled = true - oidc_issuer_enabled = true - - identity { - type = "SystemAssigned" - } - - local_account_disabled = true - role_based_access_control_enabled = true - azure_active_directory_role_based_access_control { - # tenant_id = "" # Optional - admin_group_object_ids = ["c9c317cc-aec0-4c8b-bdad-b54333686e8a"] - azure_rbac_enabled = false - } - - oms_agent { - log_analytics_workspace_id = azurerm_log_analytics_workspace.k6tests.id - msi_auth_for_monitoring_enabled = true - } - - automatic_upgrade_channel = "stable" -} - -resource "azurerm_kubernetes_cluster_node_pool" "spot" { - name = "spot" - kubernetes_cluster_id = azurerm_kubernetes_cluster.k6tests.id - vm_size = "Standard_DS2_v2" - auto_scaling_enabled = true - node_count = 0 - min_count = 0 - max_count = 1 - priority = "Spot" - eviction_policy = "Delete" - spot_max_price = -1 # (the current on-demand price for a Virtual Machine) - node_labels = { - "kubernetes.azure.com/scalesetpriority" : "spot", # Automatically added by Azure - spot : true - } - node_taints = [ - "kubernetes.azure.com/scalesetpriority=spot:NoSchedule", # Automatically added by Azure - ] -} - -resource "azurerm_kubernetes_cluster_node_pool" "prometheus" { - name = "prometheus" - kubernetes_cluster_id = azurerm_kubernetes_cluster.k6tests.id - vm_size = "Standard_D3_v2" - auto_scaling_enabled = false - node_count = 1 - # priority = "Spot" # Spot since we are still testing - # eviction_policy = "Delete" - # spot_max_price = -1 # (the current on-demand price for a Virtual Machine) - node_labels = { - # "kubernetes.azure.com/scalesetpriority" : "spot", # Automatically added by Azure - prometheus : true - } - node_taints = [ - # "kubernetes.azure.com/scalesetpriority=spot:NoSchedule", # Automatically added by Azure - "workload=prometheus:NoSchedule", - ] -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus.tf deleted file mode 100644 index b43cbcfbf..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus.tf +++ /dev/null @@ -1,64 +0,0 @@ -resource "helm_release" "prometheus_operator_crds" { - depends_on = [ - azurerm_kubernetes_cluster.k6tests - ] - name = "prometheus-operator-crds" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "prometheus-operator-crds" - version = "18.0.1" -} - -data "azurerm_monitor_data_collection_rule" "prometheus" { - name = "k6tests-amw" - resource_group_name = "MA_k6tests-amw_norwayeast_managed" -} - -resource "helm_release" "kube_prometheus_stack" { - depends_on = [ - helm_release.prometheus_operator_crds, - azuread_application.prometheus, - azurerm_monitor_workspace.k6tests_amw - ] - name = "kube-prometheus-stack" - namespace = "monitoring" - create_namespace = true - repository = "https://prometheus-community.github.io/helm-charts" - chart = "kube-prometheus-stack" - skip_crds = true - version = "70.0.2" - - values = [ - "${templatefile( - "${path.module}/k6_tests_rg_kube_prometheus_stack_values.tftpl", - { - cluster_name = "${azurerm_kubernetes_cluster.k6tests.name}", - client_id = "${azuread_application.prometheus.client_id}", - tenant_id = "${data.azurerm_client_config.current.tenant_id}", - remote_write_endpoint = "https://k6tests-amw-0vej.norwayeast-1.metrics.ingest.monitor.azure.com/dataCollectionRules/dcr-81e9cf1b38fb4648b047399c5593ebda/streams/Microsoft-PrometheusMetrics/api/v1/write?api-version=2023-04-24" - } - )}" - ] -} - -resource "azuread_application" "prometheus" { - display_name = "adminservicestest-k6tests-prometheus" - sign_in_audience = "AzureADMyOrg" -} - -resource "azuread_service_principal" "prometheus" { - client_id = azuread_application.prometheus.client_id -} - -resource "azuread_application_federated_identity_credential" "prometheus" { - application_id = azuread_application.prometheus.id - display_name = "adminservicestest-k6tests-prometheus" - audiences = ["api://AzureADTokenExchange"] - issuer = azurerm_kubernetes_cluster.k6tests.oidc_issuer_url - subject = "system:serviceaccount:monitoring:kube-prometheus-stack-prometheus" -} - -resource "azurerm_role_assignment" "monitoring_metrics_publisher" { - scope = data.azurerm_monitor_data_collection_rule.prometheus.id - role_definition_name = "Monitoring Metrics Publisher" - principal_id = azuread_service_principal.prometheus.object_id -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus_stack_values.tftpl b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus_stack_values.tftpl deleted file mode 100644 index bb349b6fd..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_kube_prometheus_stack_values.tftpl +++ /dev/null @@ -1,46 +0,0 @@ -crds: - enabled: false -alertmanager: - enabled: true -grafana: - enabled: false -prometheus: - enabled: true - serviceAccount: - annotations: - azure.workload.identity/client-id: "${client_id}" - prometheusSpec: - podMetadata: - labels: - azure.workload.identity/use: "true" - externalLabels: - cluster: "${cluster_name}" - enableRemoteWriteReceiver: true - remoteWrite: - - url: "${remote_write_endpoint}" - azureAd: - cloud: "AzurePublic" - sdk: - tenantId: "${tenant_id}" - tolerations: - # - key: "kubernetes.azure.com/scalesetpriority" - # operator: "Equal" - # value: "spot" - # effect: "NoSchedule" - - key: "workload" - operator: "Equal" - value: "prometheus" - effect: "NoSchedule" - resources: - requests: - memory: 8Gi - nodeSelector: - prometheus: "true" - priorityClassName: "system-cluster-critical" - retention: 8d - storageSpec: - volumeClaimTemplate: - spec: - resources: - requests: - storage: 64Gi diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_namespaces.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_namespaces.tf deleted file mode 100644 index 11cb4d2e9..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_namespaces.tf +++ /dev/null @@ -1,70 +0,0 @@ -import { - to = kubernetes_namespace.dialogporten - id = "dialogporten" -} - -resource "kubernetes_namespace" "dialogporten" { - metadata { - name = "dialogporten" - } -} - -import { - to = kubernetes_namespace.correspondence - id = "correspondence" -} - -resource "kubernetes_namespace" "correspondence" { - metadata { - name = "correspondence" - } -} - - -import { - to = kubernetes_namespace.core - id = "core" -} - -resource "kubernetes_namespace" "core" { - metadata { - name = "core" - } -} - - -import { - to = kubernetes_namespace.authentication - id = "authentication" -} - -resource "kubernetes_namespace" "authentication" { - metadata { - name = "authentication" - } -} - -import { - to = kubernetes_namespace.platform - id = "platform" -} - -resource "kubernetes_namespace" "platform" { - metadata { - name = "platform" - } -} - -locals { - subset_namespaces = setsubtract( - [for v in var.k8s_rbac : v["namespace"]], - ["dialogporten", "correspondence", "core", "authentication", "platform"] - ) -} - -resource "kubernetes_namespace" "namespace" { - for_each = local.subset_namespaces - metadata { - name = each.value - } -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_providers.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_providers.tf deleted file mode 100644 index d011847a7..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_providers.tf +++ /dev/null @@ -1,33 +0,0 @@ -/* -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~> 4.0" - } - } - backend "azurerm" { - use_azuread_auth = true - } -} - -provider "azurerm" { - subscription_id = "1ce8e9af-c2d6-44e7-9c5e-099a308056fe" - features {} - resource_providers_to_register = [ - "Microsoft.Monitor", - "Microsoft.AlertsManagement", - "Microsoft.Dashboard", - "Microsoft.KubernetesConfiguration" - ] -} -*/ -provider "helm" { - kubernetes { - config_path = "~/.kube/config" - } -} - -provider "kubernetes" { - config_path = "~/.kube/config" -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_public_cert.pem b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_public_cert.pem deleted file mode 100644 index bfc873d6c..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_public_cert.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzTCCArWgAwIBAgIRAOIbtxAVipD/xxT7/JK9YaMwDQYJKoZIhvcNAQELBQAw -ADAeFw0yNDEyMDkwODMzMDBaFw0zNDEyMDcwODMzMDBaMAAwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQDXiC/JhXaCZJ9Zhiovj24gAv90WU2cKZWyqJVa -WjRvN5qxQWWJS/vyA1UrqsJg5QpcxqypnsN+aNXRvKt5Dt+1aTgzmuJi4IfqYXqo -sDaWLFvQhlgO5tIzZ8H2Z/nI5Ed8vYH5RSytTK0HEFvO7seXgSpmGL+bd//NCm6Y -fBl9LzjsL1p4MoFMjTlCF3zFFMa195aTd7N28Yhrajtcj0Z475iWGLHgHt6L1dXM -aGt+QwfugvWFed8W4QTBiiLQTurwGnD1yj4GQ16q5xl2BhzCZ7Du5b/61XgaLYu4 -eYnzt3UIVRY3866jNXIJY0WzV8qZxmu1w2gYP0bDfi4dqqMOJk/pL2TnSvpRLj8H -cipKrI1nXzc0En4viMQ4ZXbKa+MEFI2Goz3/KwaVrIAw4QCzz3ObgfgG9eRg2Vwx -AljhNgdZR6OehW07DVpxsYeHBfCRrfOS0Utxizs58CjUmMuCMqzQ43H6W+/P8za8 -zFRexpUc5PIYxE4OxfWvDfxPKLAtY8NNq1/581L5rGk5yBscV4omhLbUhGcXJvyI -UV37QnaZSZIlf8j8vugmdeC7NG4MSyQIhtepAJv44JpgWoLjUqC5QuQjbaGxffhp -KV4DN0jveNVR0IPKkgw3iSc1lzjhBi/Y9p/kYeqjrZZhQWuI2LcE3B4RsMLJ113R -eI50kQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAEwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUXVJ0vnaYKvm5Et4WSHmMJUVTC/UwDQYJKoZIhvcNAQELBQADggIB -ACg7z9CxjoNnxW/vjhcCFor4mRC/A9bKoL3vVcqNmEfZlEjdmO2xg0BABUPKpLM/ -Vnhy7TlYYPfqGsknR9g6Vtc4wtT5qb7lr2oB/r2wNYKBmUmR+DOlVoAlV0xbBBiA -EMrKBEIQO6vRy/h79wXwAOElZqHgzx/2Qx1jvqVzvI+9pF1L8/tBb+uSO3liX640 -cXe9pOqTEj1S61t8vDCRo1YwCXzkB5rRCKM7piIjqDKCtFkEDDSD3bbAL4omwd9N -SyNTrRbnZCR2S2mDTw5ExR6k86kpFPnQ2+rMaNPTISWKaTLxjUJSUE4atkNEZUTf -EBU1MmX+14W1P9HrSsS8xkgu4cbgBVquxTfX766mjVVdXu6V4/aSFM2tiX5H74PW -ZqZh+DMRZyviek8wD3iyuoSi93GO29p/YYnfYbqyxK2+jP6NSZkUJ8tHeZQcVBG7 -o4d0nXho8hJuubeSNGGNlSkLF/fwSnZDfhyifMGoLiT55mWfTyhXSO1i+zyTdOz5 -O8R9/Rw8eGVLdy8tO+ubCgz9yT8JHwpLqQlX7JfH8K/vnAU2eL1vaTCTZqFOwWf+ -UKy4CMYSCVK4XTZAXRivUQAMyroI3rzXsTxG/aOTsI/3bqmLfFgJ6w83fxKoYiKj -R3xOfB4wOsYvYTBHue0uIdiXHlH48EX2aODBNJ0F6x49 ------END CERTIFICATE----- diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_pyrra.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_pyrra.tf deleted file mode 100644 index 7bdbabc5a..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_pyrra.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "helm_release" "pyrra" { - depends_on = [azurerm_kubernetes_cluster.k6tests] - name = "pyrra" - namespace = "pyrra-system" - create_namespace = true - repository = "https://rlex.github.io/helm-charts" - chart = "pyrra" - version = "0.14.2" - set { - name = "genericRules.enabled" - value = "true" - } -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rbac.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rbac.tf deleted file mode 100644 index 0f99e1e2e..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rbac.tf +++ /dev/null @@ -1,141 +0,0 @@ -resource "azurerm_role_assignment" "azure_kubernetes_service_cluster_user_role" { - scope = azurerm_kubernetes_cluster.k6tests.id - role_definition_name = "Azure Kubernetes Service Cluster User Role" - principal_id = "b95b1fc9-7f21-49c3-8932-07161cd9ac5a" -} - -resource "kubernetes_cluster_role_v1" "dev_access" { - metadata { - name = "dev-access" - } - - rule { - api_groups = [""] - resources = ["configmaps"] - verbs = ["get", "list", "watch", "delete"] - } - rule { - api_groups = [""] - resources = ["pods"] - verbs = ["get", "list", "watch"] - } - rule { - api_groups = ["k6.io"] - resources = ["testruns"] - verbs = ["get", "list", "watch", "create", "update", "patch", "delete"] - } - rule { - api_groups = [""] - resources = ["secrets"] - verbs = ["list", "watch"] - } - rule { - api_groups = ["bitnami.com"] - resources = ["sealedsecrets"] - verbs = ["list", "watch", "delete"] - } -} - -resource "kubernetes_cluster_role_v1" "sp_access" { - metadata { - name = "github-sp-access" - } - - rule { - api_groups = [""] - resources = ["configmaps"] - verbs = ["create", "update", "delete", "get"] - } - rule { - api_groups = ["bitnami.com"] - resources = ["sealedsecrets"] - verbs = ["create", "update"] - } - rule { - api_groups = ["k6.io"] - resources = ["testruns"] - verbs = ["create", "update", "get", "list", "watch", "delete"] - } - rule { - api_groups = [""] - resources = ["pods"] - verbs = ["get", "list"] - } - rule { - api_groups = [""] - resources = ["pods/log"] - verbs = ["get", "list"] - } -} - -variable "k8s_rbac" { - type = map( - object( - { - namespace = string - dev_group = string - sp_group = string - } - ) - ) - default = { - dialogporten = { - namespace = "dialogporten", - dev_group = "c403060d-5c8a-41b0-8c19-84fa60d0ce18" - sp_group = "b22b612d-9dc5-4f8b-8816-e551749bd19c" - } - correspondence = { - namespace = "correspondence" - dev_group = "954a4d24-8c7e-4382-9861-2b5d1a515253" - sp_group = "e36ca3b3-f495-45a5-bca4-4fc83424633f" - } - core = { - namespace = "core" - dev_group = "4dde4651-a9ca-4df1-9e05-216272284c7d" - sp_group = "e87d6f10-6fc0-4a09-a9b0-e8c994ed4052" - } - authentication = { - namespace = "authentication" - dev_group = "5c42ac79-86e2-46d0-85d3-ae751dd5f057" - sp_group = "328cbe61-aeb1-4782-bb36-d288c69b4f15" - } - } -} - -resource "kubernetes_role_binding_v1" "dev_access" { - for_each = var.k8s_rbac - - metadata { - name = "dev-access" - namespace = each.value.namespace - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "dev-access" - } - subject { - kind = "Group" - namespace = each.value.namespace - name = each.value.dev_group - } -} - -resource "kubernetes_role_binding_v1" "sp_access" { - for_each = var.k8s_rbac - - metadata { - name = "github-sp-access" - namespace = each.value.namespace - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "github-sp-access" - } - subject { - kind = "Group" - namespace = each.value.namespace - name = each.value.sp_group - } -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rg.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rg.tf deleted file mode 100644 index 126bcd7df..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rg.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "azurerm_resource_group" "k6tests_rg" { - name = "k6tests-rg" - location = "norwayeast" -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_sealsedsecrets.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_sealsedsecrets.tf deleted file mode 100644 index 4b7025276..000000000 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_sealsedsecrets.tf +++ /dev/null @@ -1,9 +0,0 @@ -resource "helm_release" "sealed_secrets" { - depends_on = [azurerm_kubernetes_cluster.k6tests] - name = "sealedsecrets" - namespace = "sealedsecrets-system" - create_namespace = true - repository = "https://bitnami-labs.github.io/sealed-secrets" - chart = "sealed-secrets" - version = "2.17.1" -} diff --git a/infrastructure/adminservices-test/altinn-monitor-test-rg/providers.tf b/infrastructure/adminservices-test/altinn-monitor-test-rg/providers.tf index 49d67143a..52169defa 100644 --- a/infrastructure/adminservices-test/altinn-monitor-test-rg/providers.tf +++ b/infrastructure/adminservices-test/altinn-monitor-test-rg/providers.tf @@ -57,3 +57,14 @@ provider "azurerm" { features {} resource_provider_registrations = "none" } + +// TODO: Remove in a next PR. This can't be removed before the infra is destroyed. +provider "helm" { + kubernetes { + config_path = "~/.kube/config" + } +} +// TODO: Remove in a next PR. This can't be removed before the infra is destroyed. +provider "kubernetes" { + config_path = "~/.kube/config" +}