[tf] cleanup config (aptos-labs#24)

RuslanBahlai · Mar 1, 2022 · 11df992 · 11df992
1 parent 6017bae
commit 11df992
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 21 deletions.
diff --git a/.gitignore b/.gitignore
@@ -41,6 +41,14 @@ diem-move/vm-genesis/genesis/vm_config.toml
 
 # Terraform
 .terraform/
+terraform/terraform.tfstate*
+terraform/.terraform.tfstate*
+terraform/validator/*/*-kubernetes.json
+terraform/validator/*/*-vault.ca
+terraform/validator/*/*-kube.config
+terraform/validator/vault-init/backend.tf
+terraform/testnet/*-kubernetes.json
+terraform/testnet/*-vault.ca
 
 # Move Build Output
 build/

diff --git a/helm/validator/files/configs/keymanager.yaml b/helm/validator/files/configs/keymanager.yaml
diff --git a/terraform/testnet/testnet/files/grafana.ini b/terraform/testnet/testnet/files/grafana.ini
@@ -1,5 +1,30 @@
+{{- if .Values.monitoring.grafana.googleAuth }}
+
+{{- with .Values.monitoring.grafana.config }}
+[auth.google]
+enabled = true
+client_id = {{ .client_id }}
+client_secret = {{ .client_secret }}
+scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
+auth_url = https://accounts.google.com/o/oauth2/auth
+token_url = https://accounts.google.com/o/oauth2/token
+allowed_domains = {{ .allowed_domains }}
+allow_sign_up = true
+{{- end }}
+
+[users]
+auto_assign_org_role = Editor
+
+[server]
+protocol = http
+root_url = http://mon.{{ .Values.service.domain }}/grafana
+serve_from_sub_path = true
+
+{{- else }}
 [auth.anonymous]
 enabled = true
 
 # Role for unauthenticated users, other valid values are `Editor` and `Admin`
 org_role = Editor
+
+{{- end }}
diff --git a/terraform/testnet/testnet/templates/monitoring.yaml b/terraform/testnet/testnet/templates/monitoring.yaml
@@ -75,9 +75,6 @@ spec:
     {{- include "testnet.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/name: monitoring
   ports:
-  - name: prom-http
-    port: 9090
-    targetPort: 9090
   - name: grafana-http
     port: 80
     targetPort: 3000
@@ -166,7 +163,6 @@ spec:
         args:
         - "--web.enable-lifecycle"
         - "--config.file=/etc/prometheus/prometheus.yml"
-        - "--web.external-url=http://mon.{{ $domain }}:9090"
         - "--storage.tsdb.min-block-duration=15m"
         - "--storage.tsdb.max-block-duration=30m"
         - "--storage.tsdb.retention.time={{ .prometheus.retention }}"

diff --git a/terraform/testnet/testnet/values.yaml b/terraform/testnet/testnet/values.yaml
@@ -135,6 +135,8 @@ monitoring:
       requests:
         cpu: 0.25
         memory: 128Mi
+    googleAuth:
+    config:
 
 cluster_test:
   enabled: true

diff --git a/terraform/validator/vault-init/main.tf b/terraform/validator/vault-init/main.tf
@@ -1,5 +1,3 @@
-provider "vault" {}
-
 variable "namespace" {
   description = "Prefix to use when naming secrets and transit keys"
   default     = "diem"