fix: Prometheus | remove insecure grafana ingress

2025-11-22 23:20:36 +05:00
parent b2fd9d100a
commit 454b299e1c
2 changed files with 6 additions and 55 deletions
--- a/k8s-operators/index.ts
+++ b/k8s-operators/index.ts
@@ -1,12 +1,10 @@
-import * as fs from "fs";
-import * as path from "path";
 import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { TerraformStack } from "cdktf";
 import { Construct } from "constructs";
 import { BarmanCloudPluginInstall } from "./barman";
 import { Prometheus } from "./prometheus";
-import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
+import { OnePassword } from "./1password";

 export class K8SOperators extends TerraformStack {
  constructor(scope: Construct, id: string) {
@@ -18,48 +16,16 @@ export class K8SOperators extends TerraformStack {
      },
    });

-    const kubernetes = new KubernetesProvider(this, "kubernetes", {
-      configPath: "~/.kube/config",
-    });
-
    new Prometheus(this, "prometheus", {
-      providers: {
-        helm,
-        kubernetes,
-      },
+      provider: helm,
      namespace: "monitoring",
      name: "prometheus-operator",
      version: "75.10.0",
    });

-    new Release(this, "onepassword-operator", {
+    new OnePassword(this, "onepassword", {
      provider: helm,
-      name: "onepassword-operator",
-      chart: "connect",
-      repository: "https://1password.github.io/connect-helm-charts/",
-      namespace: "1password",
-      createNamespace: true,
-      set: [
-        {
-          name: "operator.create",
-          value: "true",
-        },
-      ],
-      setSensitive: [
-        {
-          name: "operator.token.value",
-          value: process.env.OP_CONNECT_TOKEN!,
-        },
-        {
-          name: "connect.credentials_base64",
-          value: btoa(
-            fs.readFileSync(
-              path.join(__dirname, "1password-credentials.json"),
-              "utf-8",
-            ),
-          ),
-        },
-      ],
+      name: "onepassword",
    });

    const cnpg = new Release(this, "cnpg-operator", {
--- a/k8s-operators/prometheus/index.ts
+++ b/k8s-operators/prometheus/index.ts
@@ -2,11 +2,10 @@ import * as fs from "fs";
 import * as path from "path";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { Construct } from "constructs";
-import { IngressRoute } from "../../utils";
-import { Providers } from "../../types";
+import { HelmProvider } from "@cdktf/provider-helm/lib/provider";

 type PrometheusOptions = {
-  providers: Providers;
+  provider: HelmProvider;
  name: string;
  namespace: string;
  version: string;
@@ -16,22 +15,8 @@ export class Prometheus extends Construct {
  constructor(scope: Construct, id: string, options: PrometheusOptions) {
    super(scope, id);

-    const { helm, kubernetes } = options.providers;
-
-    new IngressRoute(this, "ingress", {
-      provider: kubernetes,
-      name: "grafana",
-      namespace: options.namespace,
-      entryPoints: ["websecure"],
-      serviceName: "prometheus-operator-grafana",
-      servicePort: 80,
-      tlsSecretName: "grafana-tls",
-      host: "grafana.dogar.dev",
-    });
-
    new Release(this, id, {
      ...options,
-      provider: helm,
      repository: "https://prometheus-community.github.io/helm-charts",
      chart: "kube-prometheus-stack",
      createNamespace: true,