Revert "try oauth2 proxy for prom"

This reverts commit 027c9edb6d.

deploy/prometheus/deploy.jsonnet

@@ -82,7 +82,6 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
         },
       },
 
-    // The Prometheus ingress will route through our OAuth2 proxy below
     'prometheus-k8s': ingress(
         'prometheus-k8s',
         $.values.common.namespace,
@@ -93,19 +92,14 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
               path: '/',
               pathType: 'Prefix',
               backend: {
-                // Instead of directly pointing to Prometheus, we point to the OAuth2 proxy Service
+                service: { name: 'prometheus-k8s', port: { name: 'web' } },
-                service: { name: 'oauth2-proxy-prometheus-service', port: { number: 4180 } },
               },
             }],
           },
         }]
       ) + {
         metadata+: {
-          annotations: {
+          annotations: { 'cert-manager.io/cluster-issuer': 'letsencrypt-prod' },
-            'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
-            'nginx.ingress.kubernetes.io/auth-signin': 'https://$host/oauth2/start?rd=$escaped_request_uri',
-            'nginx.ingress.kubernetes.io/auth-url': 'https://$host/oauth2/auth',
-          },
         },
         spec+: {
           tls: [{
@@ -115,61 +109,6 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
         },
       },
   },
-
-  // Deploy the OAuth2 Proxy for Prometheus
-  'oauth2-proxy-prometheus-deployment': {
-    apiVersion: 'apps/v1',
-    kind: 'Deployment',
-    metadata: {
-      name: 'oauth2-proxy-prometheus',
-      namespace: $.values.common.namespace,
-    },
-    spec: {
-      replicas: 1,
-      selector: { matchLabels: { app: 'oauth2-proxy-prometheus' } },
-      template: {
-        metadata: { labels: { app: 'oauth2-proxy-prometheus' } },
-        spec: {
-          containers: [
-            {
-              name: 'oauth2-proxy-prometheus',
-              image: 'quay.io/oauth2-proxy/oauth2-proxy:v7.8.1',
-              args: [
-                '--provider=keycloak',
-                '--client-id=prometheus',
-                '--client-secret=YbuaHkmWnUnBdCj4SFDD8J19bT4gvSgZ',
-                '--cookie-secret=Y3VmaXN1aGZnMDM0OTc4ZzNoNDA4cm9pZnVoanIwZzhyago=',
-                '--oidc-issuer-url=https://sso.panic.haus/realms/panic-haus',
-                '--cookie-domain=metrics.prod.panic.haus',
-                '--email-domain=*',
-                '--http-address=0.0.0.0:4180',
-                '--redirect-url=https://metrics.prod.panic.haus/oauth2/callback',
-                '--upstream=http://prometheus-k8s.monitoring.svc.cluster.local:9090',
-                '--scope=openid',
-                '--login-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/auth',
-                '--validate-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/userinfo',
-                '--redeem-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/token',
-              ],
-              ports: [{ containerPort: 4180, name: 'http' }],
-            },
-          ],
-        },
-      },
-    },
-  },
-
-  'oauth2-proxy-prometheus-service': {
-    apiVersion: 'v1',
-    kind: 'Service',
-    metadata: {
-      name: 'oauth2-proxy-prometheus-service',
-      namespace: $.values.common.namespace,
-    },
-    spec: {
-      ports: [{ name: 'http', port: 4180, targetPort: 4180 }],
-      selector: { app: 'oauth2-proxy-prometheus' },
-    },
-  },
 };
 
 // Assemble all manifests (kube-prometheus stack components)
@@ -188,4 +127,4 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
 { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
 { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
 { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }
+{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }

deploy/prometheus/manifests/prometheus-k8s-ingress.yaml

@@ -3,8 +3,6 @@ kind: Ingress
 metadata:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
-    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
   name: prometheus-k8s
   namespace: monitoring
 spec:
@@ -15,9 +13,9 @@ spec:
       paths:
       - backend:
           service:
-            name: oauth2-proxy-prometheus-service
+            name: prometheus-k8s
             port:
-              number: 4180
+              name: web
         path: /
         pathType: Prefix
   tls: