strip cluster bootstraps

2026-04-27 21:34:11 +02:00
parent 0353803d4f
commit 96dde22884
42 changed files with 65 additions and 2338 deletions
--- a/.tofu/platforms/aks/prod/main.tf
+++ b/.tofu/platforms/aks/prod/main.tf
@@ -1,38 +1,16 @@
 module "cluster" {
  source = "../modules/cluster"

-  prefix              = "devhub"
+  prefix              = "clst"
  location            = "westeurope"
-  resource_group_name = "devhub-prod-rg"
+  resource_group_name = "clst-prod-rg"

  # AKS — general-purpose nodes for production
  aks_node_vm_size = "Standard_D4s_v3"
  aks_node_count   = 3

-  # PostgreSQL — general-purpose tier for production
-  pg_sku_name              = "GP_Standard_D2s_v3"
-  pg_version               = "16"
-  pg_storage_mb            = 102400 # 100 GB
-  pg_backup_retention_days = 14
-  pg_ha_mode               = "ZoneRedundant"
-  pg_standby_zone          = "2"
-
-  # Redis — Standard C1 (1 GB) with replication for production
-  redis_sku_name = "Standard"
-  redis_family   = "C"
-  redis_capacity = 1
-
-  # Blob storage — geo-redundant for production
-  storage_replication = "GRS"
-
-  # DNS — must match an existing Azure DNS zone
-  domain = "example.com" # TODO: set to your actual domain
-  # dns_zone_resource_group = "my-dns-rg"  # uncomment if DNS zone is in a separate RG
-
  enable_delete_lock = true

-  # api_server_authorized_ip_ranges = ["0.0.0.0/0"] # TODO: restrict to known CIDRs
-
  tags = {
    Environment = "prod"
    ManagedBy   = "tofu"
--- a/.tofu/platforms/aks/prod/outputs.tf
+++ b/.tofu/platforms/aks/prod/outputs.tf
@@ -16,76 +16,11 @@ output "location" {
  value = module.cluster.location
 }

-# ─── PostgreSQL ───────────────────────────────────────────────────────
-
-output "pg_host" {
-  value = module.cluster.pg_host
+output "oidc_issuer_url" {
+  value = module.cluster.oidc_issuer_url
 }

-output "pg_port" {
-  value = module.cluster.pg_port
-}
-
-output "pg_admin_login" {
-  value = module.cluster.pg_admin_login
-}
-
-output "pg_admin_password" {
-  value     = module.cluster.pg_admin_password
-  sensitive = true
-}
-
-output "pg_keycloak_password" {
-  value     = module.cluster.pg_keycloak_password
-  sensitive = true
-}
-
-output "pg_gitlab_password" {
-  value     = module.cluster.pg_gitlab_password
-  sensitive = true
-}
-
-# ─── Redis ────────────────────────────────────────────────────────────
-
-output "redis_host" {
-  value = module.cluster.redis_host
-}
-
-output "redis_port" {
-  value = module.cluster.redis_port
-}
-
-output "redis_password" {
-  value     = module.cluster.redis_password
-  sensitive = true
-}
-
-# ─── Blob Storage ─────────────────────────────────────────────────────
-
-output "storage_account_name" {
-  value = module.cluster.storage_account_name
-}
-
-output "storage_primary_access_key" {
-  value     = module.cluster.storage_primary_access_key
-  sensitive = true
-}
-
-output "gitlab_identity_client_id" {
-  value = module.cluster.gitlab_identity_client_id
-}
-
-# ─── Entra ID ────────────────────────────────────────────────────────
-
-output "entra_tenant_id" {
-  value = module.cluster.entra_tenant_id
-}
-
-output "entra_keycloak_client_id" {
-  value = module.cluster.entra_keycloak_client_id
-}
-
-output "entra_keycloak_client_secret" {
-  value     = module.cluster.entra_keycloak_client_secret
+output "kubeconfig" {
+  value     = module.cluster.kubeconfig
  sensitive = true
 }
--- a/.tofu/platforms/aks/prod/providers.tf
+++ b/.tofu/platforms/aks/prod/providers.tf
@@ -6,14 +6,6 @@ terraform {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~> 3.0"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = "~> 3.0"
-    }
  }
 }

@@ -23,7 +15,3 @@ provider "azurerm" {
  #   ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET
  # Or: az login (uses your Azure CLI session)
 }
-
-provider "azuread" {
-  # Uses same Azure CLI session or ARM_TENANT_ID env var
-}