Revert "provision: deploy tenant alice2 (plan: m, apps: 1)"

This reverts commit 20a0884a5f.

clusters/contabo-mkt/tenants/alice2/apps-sync.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: tenant-alice2-apps
-  namespace: flux-system
-spec:
-  interval: 5m
-  retryInterval: 1m
-  timeout: 5m
-  prune: true
-  wait: true
-  targetNamespace: tenant-alice2
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-    namespace: flux-system
-  path: ./clusters/contabo-mkt/tenants/alice2/apps
-  kubeConfig:
-    secretRef:
-      name: tenant-alice2-kubeconfig
-      key: config

clusters/contabo-mkt/tenants/alice2/apps/app-wordpress.yaml

@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: wordpress
-  namespace: apps
-  labels:
-    app: wordpress
-    openova.io/tenant: "alice2"
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: wordpress
-  template:
-    metadata:
-      labels:
-        app: wordpress
-        openova.io/tenant: "alice2"
-    spec:
-      containers:
-        - name: wordpress
-          image: wordpress:6-apache
-          ports:
-            - containerPort: 80
-          env:
-            - name: WORDPRESS_DB_HOST
-              value: "mysql"
-            - name: WORDPRESS_DB_USER
-              value: "app"
-            - name: WORDPRESS_DB_PASSWORD
-              value: "d990ee01f54d0ffa2c584bc295db8aaa"
-            - name: WORDPRESS_DB_NAME
-              value: "db_wordpress"
-            - name: MYSQL_HOST
-              value: "mysql"
-            - name: MYSQL_USER
-              value: "app"
-            - name: MYSQL_PASSWORD
-              value: "d990ee01f54d0ffa2c584bc295db8aaa"
-            - name: MYSQL_DATABASE
-              value: "db_wordpress"
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              cpu: 500m
-              memory: 512Mi
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: wordpress
-  namespace: apps
-spec:
-  selector:
-    app: wordpress
-  ports:
-    - port: 80
-      targetPort: 80

clusters/contabo-mkt/tenants/alice2/apps/db-mysql.yaml

@@ -1,88 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mysql-credentials
-  namespace: apps
-type: Opaque
-stringData:
-  MYSQL_ROOT_PASSWORD: "d990ee01f54d0ffa2c584bc295db8aaa"
-  MYSQL_USER: app
-  MYSQL_PASSWORD: "d990ee01f54d0ffa2c584bc295db8aaa"
-  MYSQL_DATABASE: db_wordpress
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mysql-initdb
-  namespace: apps
-data:
-  init.sql: |
-    FLUSH PRIVILEGES;
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mysql-data
-  namespace: apps
-spec:
-  accessModes: ["ReadWriteOnce"]
-  resources:
-    requests:
-      storage: 2Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mysql
-  namespace: apps
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: mysql
-  template:
-    metadata:
-      labels:
-        app: mysql
-    spec:
-      containers:
-        - name: mysql
-          image: mariadb:11
-          ports:
-            - containerPort: 3306
-          envFrom:
-            - secretRef:
-                name: mysql-credentials
-          resources:
-            requests:
-              cpu: 50m
-              memory: 128Mi
-            limits:
-              cpu: 500m
-              memory: 256Mi
-          volumeMounts:
-            - name: mysqldata
-              mountPath: /var/lib/mysql
-            - name: initdb
-              mountPath: /docker-entrypoint-initdb.d
-      volumes:
-        - name: mysqldata
-          persistentVolumeClaim:
-            claimName: mysql-data
-        - name: initdb
-          configMap:
-            name: mysql-initdb
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mysql
-  namespace: apps
-spec:
-  selector:
-    app: mysql
-  ports:
-    - port: 3306
-      targetPort: 3306

clusters/contabo-mkt/tenants/alice2/apps/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: apps
-resources:
-  - app-wordpress.yaml
-  - db-mysql.yaml
-  - namespace.yaml

clusters/contabo-mkt/tenants/alice2/apps/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: apps

clusters/contabo-mkt/tenants/alice2/ingress.yaml

@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: tenant-ingress
-  namespace: tenant-alice2
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-spec:
-  ingressClassName: traefik
-  rules:
-    - host: alice2.omani.rest
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: wordpress-x-tenant-alice2-x-vcluster
-                port:
-                  number: 80
-          - path: /wordpress
-            pathType: Prefix
-            backend:
-              service:
-                name: wordpress-x-tenant-alice2-x-vcluster
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - alice2.omani.rest
-      secretName: tenant-alice2-tls

clusters/contabo-mkt/tenants/alice2/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - apps-sync.yaml
-  - ingress.yaml
-  - namespace.yaml
-  - provisioning-rbac.yaml
-  - vcluster.yaml

clusters/contabo-mkt/tenants/alice2/namespace.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tenant-alice2
-  labels:
-    openova.io/tenant: "alice2"
-    openova.io/managed-by: provisioning

clusters/contabo-mkt/tenants/alice2/provisioning-rbac.yaml

@@ -1,58 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: provisioning-tenant
-  namespace: tenant-alice2
-  labels:
-    openova.io/managed-by: provisioning
-rules:
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources: ["helmreleases"]
-    verbs: ["get", "list", "watch", "patch", "delete"]
-  - apiGroups: ["kustomize.toolkit.fluxcd.io"]
-    resources: ["kustomizations"]
-    verbs: ["get", "list", "watch", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    # delete needed so waitForVclusterDNSOrKick can bounce vcluster-0 when
-    # the syncer's initial DNS reconciliation doesn't publish the
-    # kube-dns-x-kube-system-x-vcluster service. Issues #103, #105.
-    resources: ["pods"]
-    verbs: ["get", "list", "watch", "delete"]
-  - apiGroups: [""]
-    # services verb needed for waitForVclusterDNSOrKick to read the synced
-    # kube-dns-x-kube-system-x-vcluster Service to know DNS is live.
-    # Without this, the DNS probe returns 403 → we think DNS isn't synced
-    # → we kick vcluster-0 unnecessarily → 150s wasted per tenant.
-    # Also used by pod-truth reconciler to verify tenant apps are healthy
-    # regardless of provision-record freshness. Issue #115.
-    resources: ["services"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["deployments"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests"]
-    # patch needed so stripCertificateFinalizers can drop
-    # finalizer.cert-manager.io/certificate-secret-binding at teardown;
-    # without it the tenant NS can't GC because cert-manager can't
-    # reconcile the delete inside a Terminating NS. Issue #86.
-    verbs: ["get", "list", "watch", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: provisioning-tenant
-  namespace: tenant-alice2
-  labels:
-    openova.io/managed-by: provisioning
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: provisioning-tenant
-subjects:
-  - kind: ServiceAccount
-    name: provisioning
-    namespace: sme

clusters/contabo-mkt/tenants/alice2/vcluster.yaml

@@ -1,60 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: vcluster
-  namespace: tenant-alice2
-spec:
-  interval: 10m
-  chart:
-    spec:
-      chart: vcluster
-      version: "0.33.*"
-      sourceRef:
-        kind: HelmRepository
-        name: loft
-        namespace: vcluster-system
-  values:
-    controlPlane:
-      distro:
-        k8s:
-          enabled: true
-      backingStore:
-        database:
-          embedded:
-            enabled: true
-      statefulSet:
-        image:
-          registry: ghcr.io
-          repository: loft-sh/vcluster-oss
-        resources:
-          requests:
-            cpu: 100m
-            memory: 192Mi
-          limits:
-            cpu: 2000m
-            memory: 2Gi
-        persistence:
-          volumeClaim:
-            size: 5Gi
-      service:
-        enabled: true
-        spec:
-          type: ClusterIP
-    exportKubeConfig:
-      context: vcluster
-      server: https://vcluster.tenant-alice2:443
-      insecure: false
-      additionalSecrets:
-        - name: vc-vcluster
-          server: https://vcluster.tenant-alice2:443
-          insecure: false
-          context: vcluster
-    sync:
-      toHost:
-        services:
-          enabled: true
-        ingresses:
-          enabled: false
-      fromHost:
-        ingressClasses:
-          enabled: true

clusters/contabo-mkt/tenants/kustomization.yaml

@@ -3,4 +3,3 @@ kind: Kustomization
 resources:
   - bakkal
   - test-2
-  - alice2