chore: 🤖 remove kibana proxy (#282)

* chore: 🤖 remove kibana proxy * terraform-docs: automated action --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ministryofjustice · Oct 29, 2024 · 9e391f1 · 9e391f1
1 parent 16b6ad0
commit 9e391f1
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 74 deletions.
diff --git a/README.md b/README.md
@@ -69,7 +69,6 @@ module "monitoring" {
 | [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [helm_release.alertmanager_proxy](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ecr_exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kibana_proxy](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus_operator_eks](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus_proxy](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -101,7 +100,6 @@ module "monitoring" {
 | [template_file.alertmanager_proxy](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 | [template_file.alertmanager_receivers](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 | [template_file.alertmanager_routes](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
-| [template_file.kibana_proxy](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 | [template_file.prometheus_proxy](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 | [template_file.thanos_proxy](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 
@@ -119,7 +117,6 @@ module "monitoring" {
 | <a name="input_eks_cluster_oidc_issuer_url"></a> [eks\_cluster\_oidc\_issuer\_url](#input\_eks\_cluster\_oidc\_issuer\_url) | This is going to be used when we create the IAM OIDC role | `string` | `""` | no |
 | <a name="input_enable_cloudwatch_exporter"></a> [enable\_cloudwatch\_exporter](#input\_enable\_cloudwatch\_exporter) | Enable or not Cloudwatch exporter | `bool` | `false` | no |
 | <a name="input_enable_ecr_exporter"></a> [enable\_ecr\_exporter](#input\_enable\_ecr\_exporter) | Enable or not ECR exporter | `bool` | `false` | no |
-| <a name="input_enable_kibana_proxy"></a> [enable\_kibana\_proxy](#input\_enable\_kibana\_proxy) | Enable or not Kibana proxy for authentication | `bool` | `false` | no |
 | <a name="input_enable_large_nodesgroup"></a> [enable\_large\_nodesgroup](#input\_enable\_large\_nodesgroup) | Due to Prometheus resource consumption, enabling this will set k8s Prometheus resources to higher values | `bool` | `false` | no |
 | <a name="input_enable_prometheus_affinity_and_tolerations"></a> [enable\_prometheus\_affinity\_and\_tolerations](#input\_enable\_prometheus\_affinity\_and\_tolerations) | Enable or not Prometheus node affinity (check helm values for the expressions) | `bool` | `false` | no |
 | <a name="input_enable_thanos_compact"></a> [enable\_thanos\_compact](#input\_enable\_thanos\_compact) | Enable or not Thanos Compact - not semantically concurrency safe and must be deployed as a singleton against a bucket | `bool` | `false` | no |
@@ -128,7 +125,6 @@ module "monitoring" {
 | <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | `"production"` | no |
 | <a name="input_infrastructure_support"></a> [infrastructure\_support](#input\_infrastructure\_support) | n/a | `string` | `"Cloud Platform"` | no |
 | <a name="input_is_production"></a> [is\_production](#input\_is\_production) | n/a | `string` | `"true"` | no |
-| <a name="input_kibana_upstream"></a> [kibana\_upstream](#input\_kibana\_upstream) | ES upstream for logs | `string` | `""` | no |
 | <a name="input_large_nodesgroup_cpu_requests"></a> [large\_nodesgroup\_cpu\_requests](#input\_large\_nodesgroup\_cpu\_requests) | CPU requests for large nodesgroup | `string` | `"1300m"` | no |
 | <a name="input_large_nodesgroup_memory_requests"></a> [large\_nodesgroup\_memory\_requests](#input\_large\_nodesgroup\_memory\_requests) | Memory requests for large nodesgroup | `string` | `"14000Mi"` | no |
 | <a name="input_oidc_components_client_id"></a> [oidc\_components\_client\_id](#input\_oidc\_components\_client\_id) | OIDC ClientID used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) | `any` | n/a | yes |

diff --git a/proxy.tf b/proxy.tf
@@ -111,65 +111,7 @@ resource "helm_release" "alertmanager_proxy" {
   }
 }
 
-# Kibana_live
-
-data "template_file" "kibana_proxy" {
-  template = file("${path.module}/templates/oauth2-proxy.yaml.tpl")
-
-  vars = {
-    upstream = var.kibana_upstream
-    hostname = terraform.workspace == local.live_workspace ? format("%s.%s", "kibana", local.live_domain) : format(
-      "%s.%s",
-      "kibana",
-      var.cluster_domain_name,
-    )
-    exclude_paths    = "^/-/healthy$"
-    issuer_url       = var.oidc_issuer_url
-    ingress_redirect = false
-    clusterName      = terraform.workspace
-  }
-}
-
-resource "helm_release" "kibana_proxy" {
-  count      = var.enable_kibana_proxy ? 1 : 0
-  name       = "kibana-proxy"
-  namespace  = kubernetes_namespace.monitoring.id
-  repository = "https://oauth2-proxy.github.io/manifests"
-  chart      = "oauth2-proxy"
-  version    = "7.1.0"
-  timeout    = 900
-
-  values = [
-    data.template_file.kibana_proxy.rendered,
-  ]
-
-  set_sensitive {
-    name  = "config.clientID"
-    value = var.oidc_components_client_id
-  }
-
-  set_sensitive {
-    name  = "config.clientSecret"
-    value = var.oidc_components_client_secret
-  }
-
-  set_sensitive {
-    name  = "config.cookieSecret"
-    value = random_id.session_secret.b64_std
-  }
-
-  depends_on = [
-    random_id.session_secret,
-    kubernetes_namespace.monitoring
-  ]
-
-  lifecycle {
-    ignore_changes = [keyring]
-  }
-}
-
 # Thanos
-
 data "template_file" "thanos_proxy" {
   template = file("${path.module}/templates/oauth2-proxy.yaml.tpl")
 

diff --git a/variables.tf b/variables.tf
@@ -43,12 +43,6 @@ variable "enable_prometheus_affinity_and_tolerations" {
   type        = bool
 }
 
-variable "enable_kibana_proxy" {
-  description = "Enable or not Kibana proxy for authentication"
-  default     = false
-  type        = bool
-}
-
 variable "cluster_domain_name" {
   description = "The cluster domain - used by externalDNS and certmanager to create URLs"
 }
@@ -101,12 +95,6 @@ variable "dockerhub_password" {
   type        = string
 }
 
-variable "kibana_upstream" {
-  description = "ES upstream for logs"
-  default     = ""
-  type        = string
-}
-
 variable "eks_cluster_name" {
   default = "live"
 }