PoliNetworkOrg · lorenzocorallo · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
diff --git a/modules/aks/cert-manager.tf b/modules/aks/cert-manager.tf
diff --git a/modules/aks/k8s.tf b/modules/aks/k8s.tf
@@ -2,7 +2,7 @@
 }

 # tfsec:ignore:azure-container-limit-authorized-ips
 resource "azurerm_kubernetes_cluster" "k8s" {
  name                              = "aks-polinetwork"
  dns_prefix                        = "aks-polinetwork"
  location                          = var.rg_location
@@ -72,22 +72,6 @@
   min_count             = each.value.min_count
 }
 
-resource "helm_release" "nginx_ingress" {
-  name             = "nginx-ingress"
-  repository       = "https://kubernetes.github.io/ingress-nginx"
-  chart            = "ingress-nginx"
-  namespace        = "ingress-nginx"
-  version          = "4.10.0"
-  create_namespace = true
-
-  values = [
-    templatefile("${path.module}/values/ingress.yaml.tftpl", {
-      resource_group = var.rg_name
-    })
-  ]
-}
-
-
 resource "kubernetes_cluster_role_binding" "adminorg" {
   metadata {
     name = "admin-global"

diff --git a/modules/aks/values/cert-manager.yaml.tftpl b/modules/aks/values/cert-manager.yaml.tftpl
diff --git a/modules/aks/values/ingress.yaml.tftpl b/modules/aks/values/ingress.yaml.tftpl
diff --git a/modules/aks/variables.tf b/modules/aks/variables.tf
@@ -36,18 +36,3 @@ variable "kubernetes_orchestrator_version" {
   type        = string
   description = "Kubernetes version"
 }
-
-variable "cert_namespace" {
-  type    = string
-  default = "cert-manager"
-}
-
-# variable "repo_credentials" {
-#   type = list(object({
-#     key           = string,
-#     url           = string,
-#     sshPrivateKey = string,
-#     name          = string
-#   }))
-#   nullable = true
-# }
diff --git a/modules/monitoring/values/grafana.yaml.tftpl b/modules/monitoring/values/grafana.yaml.tftpl
@@ -9,19 +9,6 @@ defaultRules:
 
 grafana:
   adminPassword: ${grafana_admin_password}
-  ingress:
-    enabled: true
-    hosts:
-      - monitoring.polinetwork.org
-    annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
-      kubernetes.io/ingress.class: nginx
-      kubernetes.io/tls-acme: "true"
-    path: /
-    tls:
-      - hosts:
-          - monitoring.polinetwork.org
-        secretName: grafana-ingress-secret
   persistence:
     enabled: true
     type: pvc
@@ -118,47 +105,3 @@ additionalPrometheusRulesMap:
             annotations:
               summary: High deployment failure rate
               description: More than 90% of total replicas for Deployment {{$labels.namespace}}/{{$labels.deployment}} are down
-      - name: cert-manager
-        rules:
-          - alert: CertManagerAbsent
-            annotations:
-              description: New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.
-              runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerabsent
-              summary: Cert Manager has dissapeared from Prometheus service discovery.
-            expr: absent(up{job="cert-manager"})
-            for: 10m
-            labels:
-              severity: critical
-      - name: certificates
-        rules:
-          - alert: CertManagerCertExpirySoon
-            annotations:
-              dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-              description: The domain that this cert covers will be unavailable after {{$value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration}}.
-              runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertexpirysoon
-              summary: The cert `{{ $labels.name }}` is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago.
-            expr: |
-              avg by (exported_namespace, namespace, name) (certmanager_certificate_expiration_timestamp_seconds - time()) < (21 * 24 * 3600) # 21 days in seconds
-            for: 1h
-            labels:
-              severity: warning
-          - alert: CertManagerCertNotReady
-            annotations:
-              dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-              description: This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert, the ingress controller _may_ be able to serve that instead.
-              runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertnotready
-              summary: The cert `{{ $labels.name }}` is not ready to serve traffic.
-            expr: max by (name, exported_namespace, namespace, condition) (certmanager_certificate_ready_status{condition!="True"} == 1)
-            for: 10m
-            labels:
-              severity: critical
-          - alert: CertManagerHittingRateLimits
-            annotations:
-              dashboard_url: https://grafana.example.com/d/TvuRo2iMk/cert-manager
-              description: Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week.
-              runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerhittingratelimits
-              summary: Cert manager hitting LetsEncrypt rate limits.
-            expr: sum by (host) (rate(certmanager_http_acme_client_request_count{status="429"}[5m])) > 0
-            for: 5m
-            labels:
-              severity: critical