From 454b299e1c0df492bef9cd299c82b87ef9ad265c Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Sat, 22 Nov 2025 23:20:36 +0500 Subject: [PATCH] fix: Prometheus | remove insecure grafana ingress --- k8s-operators/index.ts | 42 +++---------------------------- k8s-operators/prometheus/index.ts | 19 ++------------ 2 files changed, 6 insertions(+), 55 deletions(-) diff --git a/k8s-operators/index.ts b/k8s-operators/index.ts index 7c13a17..fc561b1 100644 --- a/k8s-operators/index.ts +++ b/k8s-operators/index.ts @@ -1,12 +1,10 @@ -import * as fs from "fs"; -import * as path from "path"; import { HelmProvider } from "@cdktf/provider-helm/lib/provider"; import { Release } from "@cdktf/provider-helm/lib/release"; import { TerraformStack } from "cdktf"; import { Construct } from "constructs"; import { BarmanCloudPluginInstall } from "./barman"; import { Prometheus } from "./prometheus"; -import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; +import { OnePassword } from "./1password"; export class K8SOperators extends TerraformStack { constructor(scope: Construct, id: string) { @@ -18,48 +16,16 @@ export class K8SOperators extends TerraformStack { }, }); - const kubernetes = new KubernetesProvider(this, "kubernetes", { - configPath: "~/.kube/config", - }); - new Prometheus(this, "prometheus", { - providers: { - helm, - kubernetes, - }, + provider: helm, namespace: "monitoring", name: "prometheus-operator", version: "75.10.0", }); - new Release(this, "onepassword-operator", { + new OnePassword(this, "onepassword", { provider: helm, - name: "onepassword-operator", - chart: "connect", - repository: "https://1password.github.io/connect-helm-charts/", - namespace: "1password", - createNamespace: true, - set: [ - { - name: "operator.create", - value: "true", - }, - ], - setSensitive: [ - { - name: "operator.token.value", - value: process.env.OP_CONNECT_TOKEN!, - }, - { - name: "connect.credentials_base64", - value: btoa( - fs.readFileSync( - path.join(__dirname, "1password-credentials.json"), - "utf-8", - ), - ), - }, - ], + name: "onepassword", }); const cnpg = new Release(this, "cnpg-operator", { diff --git a/k8s-operators/prometheus/index.ts b/k8s-operators/prometheus/index.ts index 47f5b7a..2ddd80e 100644 --- a/k8s-operators/prometheus/index.ts +++ b/k8s-operators/prometheus/index.ts @@ -2,11 +2,10 @@ import * as fs from "fs"; import * as path from "path"; import { Release } from "@cdktf/provider-helm/lib/release"; import { Construct } from "constructs"; -import { IngressRoute } from "../../utils"; -import { Providers } from "../../types"; +import { HelmProvider } from "@cdktf/provider-helm/lib/provider"; type PrometheusOptions = { - providers: Providers; + provider: HelmProvider; name: string; namespace: string; version: string; @@ -16,22 +15,8 @@ export class Prometheus extends Construct { constructor(scope: Construct, id: string, options: PrometheusOptions) { super(scope, id); - const { helm, kubernetes } = options.providers; - - new IngressRoute(this, "ingress", { - provider: kubernetes, - name: "grafana", - namespace: options.namespace, - entryPoints: ["websecure"], - serviceName: "prometheus-operator-grafana", - servicePort: 80, - tlsSecretName: "grafana-tls", - host: "grafana.dogar.dev", - }); - new Release(this, id, { ...options, - provider: helm, repository: "https://prometheus-community.github.io/helm-charts", chart: "kube-prometheus-stack", createNamespace: true,