strip cluster bootstraps

2026-04-27 21:34:11 +02:00
parent 0353803d4f
commit 96dde22884
42 changed files with 65 additions and 2338 deletions
--- a/.tofu/platforms/eks/modules/cluster/outputs.tf
+++ b/.tofu/platforms/eks/modules/cluster/outputs.tf
@@ -10,101 +10,17 @@ output "aws_region" {
  value       = var.region
 }

-# ─── PostgreSQL ───────────────────────────────────────────────────────
-
-output "pg_host" {
-  description = "RDS PostgreSQL endpoint (private, reachable from EKS)"
-  value       = aws_db_instance.main.address
+output "oidc_issuer_url" {
+  description = "EKS OIDC issuer URL (for IRSA)"
+  value       = aws_eks_cluster.main.identity[0].oidc[0].issuer
 }

-output "pg_port" {
-  description = "PostgreSQL port"
-  value       = aws_db_instance.main.port
+output "oidc_provider_arn" {
+  description = "IAM OIDC provider ARN (for IRSA trust policies)"
+  value       = aws_iam_openid_connect_provider.eks.arn
 }

-output "pg_admin_login" {
-  description = "RDS administrator login"
-  value       = aws_db_instance.main.username
-}
-
-output "pg_admin_password" {
-  description = "RDS administrator password"
-  value       = random_password.pg_admin.result
-  sensitive   = true
-}
-
-output "pg_keycloak_password" {
-  description = "Pre-generated password for keycloak DB user — create user post-provision"
-  value       = random_password.pg_keycloak.result
-  sensitive   = true
-}
-
-output "pg_gitlab_password" {
-  description = "Pre-generated password for gitlab DB user — create user post-provision"
-  value       = random_password.pg_gitlab.result
-  sensitive   = true
-}
-
-# ─── Redis ────────────────────────────────────────────────────────────
-
-output "redis_host" {
-  description = "ElastiCache Redis primary endpoint"
-  value       = aws_elasticache_replication_group.main.primary_endpoint_address
-}
-
-output "redis_port" {
-  description = "ElastiCache Redis port"
-  value       = aws_elasticache_replication_group.main.port
-}
-
-# ─── S3 ──────────────────────────────────────────────────────────────
-
-output "gitlab_s3_bucket_prefix" {
-  description = "S3 bucket name prefix — buckets are {prefix}-artifacts, {prefix}-uploads, etc."
-  value       = local.s3_bucket_prefix
-}
-
-output "aws_region_output" {
-  description = "AWS region (for S3 connection config)"
-  value       = var.region
-}
-
-# ─── IRSA ────────────────────────────────────────────────────────────
-
-output "gitlab_irsa_role_arn" {
-  description = "IAM Role ARN for GitLab IRSA — annotate the K8s service account with this value"
-  value       = aws_iam_role.gitlab_irsa.arn
-}
-
-output "external_dns_irsa_role_arn" {
-  description = "IAM Role ARN for external-dns IRSA — written to config.yaml by sync-tofu-outputs.sh"
-  value       = aws_iam_role.external_dns_irsa.arn
-}
-
-# ─── Cognito ─────────────────────────────────────────────────────────
-
-output "cognito_user_pool_id" {
-  description = "Cognito User Pool ID"
-  value       = aws_cognito_user_pool.main.id
-}
-
-output "cognito_issuer_url" {
-  description = "Cognito OIDC issuer URL — used in Keycloak IdP config"
-  value       = "https://cognito-idp.${var.region}.amazonaws.com/${aws_cognito_user_pool.main.id}"
-}
-
-output "cognito_hosted_ui_domain" {
-  description = "Cognito hosted UI domain (for auth/token endpoints)"
-  value       = "${aws_cognito_user_pool_domain.main.domain}.auth.${var.region}.amazoncognito.com"
-}
-
-output "cognito_client_id" {
-  description = "Cognito app client ID for the Keycloak IdP"
-  value       = aws_cognito_user_pool_client.keycloak_idp.id
-}
-
-output "cognito_client_secret" {
-  description = "Cognito app client secret for the Keycloak IdP"
-  value       = aws_cognito_user_pool_client.keycloak_idp.client_secret
-  sensitive   = true
+output "vpc_id" {
+  description = "VPC ID"
+  value       = aws_vpc.main.id
 }