Merge branch 'signoz-move-to-lets-encrypt-staging' into ibcdpe-1095-s…

…ignoz-move-to-lets-encrypt

deployments/main.tf

@@ -69,14 +69,13 @@ module "dpe-sandbox-spacelift-development" {
 
   enable_cluster_ingress = true
   enable_otel_ingress    = true
-  ssl_hostname           = "a09a38cc5a8d6497ea69c6bf6318701b-1974793757.us-east-1.elb.amazonaws.com"
-
+  ssl_hostname           = "dev.sagedpe.org"
   auth0_jwks_uri         = "https://dev-sage-dpe.us.auth0.com/.well-known/jwks.json"
-  
+
   ses_email_identities = ["aws-dpe-dev@sagebase.org"]
   ses_email_domains    = ["sagebase.org"]
   # Defines the email address that will be used as the sender of the email alerts
-  smtp_from            = "aws-dpe-dev@sagebase.org"
+  smtp_from = "aws-dpe-dev@sagebase.org"
 }
 
 module "dpe-sandbox-spacelift-production" {

deployments/stacks/dpe-k8s-deployments/main.tf

@@ -105,11 +105,8 @@ module "envoy-gateway" {
   git_revision         = var.git_revision
   namespace            = "envoy-gateway"
   argo_deployment_name = "envoy-gateway"
-  cluster_issuer_name  = "selfsigned"
-  # To determine more elegant ways to fill in these values, for example, if we have
-  # a pre-defined DNS name for the cluster (https://sagebionetworks.jira.com/browse/IT-3931)
-  ssl_hostname   = var.ssl_hostname
-  auth0_jwks_uri = var.auth0_jwks_uri
+  cluster_issuer_name  = "lets-encrypt-prod"
+  ssl_hostname         = var.ssl_hostname
 }
 
 module "cert-manager" {

deployments/stacks/dpe-k8s-deployments/variables.tf

@@ -86,11 +86,6 @@ variable "auth0_jwks_uri" {
   type        = string
 }
 
-variable "auth0_domain" {
-  description = "Auth0 domain"
-  type        = string
-}
-
 variable "smtp_user" {
   description = "The SMTP user. Required if smtp_user, smtp_password, and smtp_from are set"
   type        = string

modules/envoy-gateway/main.tf

@@ -63,15 +63,6 @@ spec:
           - op: replace
             path: /metadata/name
             value: ${var.cluster_issuer_name}
-      - target:
-          kind: SecurityPolicy
-        patch: |-
-          - op: replace
-            path: /spec/jwt/providers
-            value:
-              - name: auth0
-                remoteJWKS:
-                  uri: ${var.auth0_jwks_uri}
   destination:
     server: 'https://kubernetes.default.svc'
     namespace: ${var.namespace}

modules/envoy-gateway/resources/cert-issuer.yaml

@@ -1,25 +1,18 @@
 # To implement using something like letsencrypt
-# apiVersion: cert-manager.io/v1
-# kind: ClusterIssuer
-# metadata:
-#   name: letsencrypt-staging
-# spec:
-#   acme:
-#     server: https://acme-staging-v02.api.letsencrypt.org/directory
-#     email: "bryan.fauble@sagebase.org"
-#     privateKeySecretRef:
-#       name: letsencrypt-staging-account-key
-#     solvers:
-#     - http01:
-#         gatewayHTTPRoute:
-#           parentRefs:
-#           - kind: Gateway
-#             name: eg
-#             namespace: envoy-gateway
----
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: selfsigned
+  name: lets-encrypt-prod
 spec:
-  selfSigned: {}
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: "dpe@sagebase.org"
+    privateKeySecretRef:
+      name: letsencrypt-prod-account-key
+    solvers:
+    - http01:
+        gatewayHTTPRoute:
+          parentRefs:
+          - kind: Gateway
+            name: eg
+            namespace: envoy-gateway

modules/envoy-gateway/resources/kustomization.yaml

@@ -6,4 +6,3 @@ resources:
 - envoy-proxy.yaml
 - gateway.yaml
 - traffic-policy.yaml
-- security-policy.yaml

modules/envoy-gateway/variables.tf

@@ -35,8 +35,3 @@ variable "ssl_hostname" {
   description = "The hostname to use for the SSL certificate"
   type        = string
 }
-
-variable "auth0_jwks_uri" {
-  description = "The JWKS URI for Auth0"
-  type        = string
-}