From 411550cc2379caea26e1a058a06c296060c56e67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Tue, 20 Jan 2026 18:53:17 +0100
Subject: [PATCH] devel: Remove vCluster

Now available on the `vcluster` branch
---
 vcluster/.envrc                               |  9 ---
 vcluster/.gitignore                           |  2 -
 vcluster/README.md                            |  7 --
 vcluster/create-vcluster.sh                   | 69 -------------------
 vcluster/install-staging-vcluster.sh          |  3 -
 vcluster/oidc-cluster-admin.yaml              | 12 ----
 .../update-argo-cluster-connection-token.sh   | 22 ------
 vcluster/scripts/update-kubeconfig.sh         | 10 ---
 vcluster/shell.nix                            |  9 ---
 9 files changed, 143 deletions(-)
 delete mode 100644 vcluster/.envrc
 delete mode 100644 vcluster/.gitignore
 delete mode 100644 vcluster/README.md
 delete mode 100755 vcluster/create-vcluster.sh
 delete mode 100644 vcluster/install-staging-vcluster.sh
 delete mode 100644 vcluster/oidc-cluster-admin.yaml
 delete mode 100755 vcluster/scripts/update-argo-cluster-connection-token.sh
 delete mode 100755 vcluster/scripts/update-kubeconfig.sh
 delete mode 100644 vcluster/shell.nix

diff --git a/vcluster/.envrc b/vcluster/.envrc
deleted file mode 100644
index 82b2b9ef..00000000
--- a/vcluster/.envrc
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-# the shebang is ignored, but nice for editors
-
-if type -P lorri &>/dev/null; then
-  eval "$(lorri direnv)"
-else
-  echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]'
-  use nix
-fi
diff --git a/vcluster/.gitignore b/vcluster/.gitignore
deleted file mode 100644
index 34da8a92..00000000
--- a/vcluster/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-~
-_*
diff --git a/vcluster/README.md b/vcluster/README.md
deleted file mode 100644
index be2998e6..00000000
--- a/vcluster/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Oceanbox k8s vcluster setup
-
-The script `./create-vcluster.sh` provisions a personal vcluster on a Kubernetes cluster, for usage
-with Tilt. It also automatically provisions a local `Dapr` installation on the cluster, and sets up a
-CNPG psql database cluster on the host system, and tunnels it to the vcluster for Archmeister. In
-addition, it sets up an ingress and a kubeconfig.yaml for convenient access, if `vcluster connect` isn't
-available.
diff --git a/vcluster/create-vcluster.sh b/vcluster/create-vcluster.sh
deleted file mode 100755
index 47ac461e..00000000
--- a/vcluster/create-vcluster.sh
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/usr/bin/env bash
-
-if [ ! $# -ge 1 ]; then
-    echo "usage: $0 cluster [helm args]"
-    exit 1
-fi
-
-k='kubectl --context oceanbox'
-
-name=$1
-ns=$name-vcluster
-shift
-
-yq ".clusters[]|select(.name|contains(\"$name-vcluster\")).name" ~/.kube/config | grep -q "$name"
-
-if [ $? = 0 ]; then
-    $k get ns $ns >/dev/null 2>&1 || $k create ns $ns
-    # helm template -n $ns $@ $name oceanbox/atlantis-vcluster | $k apply -f -
-    helm template -n $ns $@ $name ../charts/vcluster | $k apply -f -
-
-    echo "waiting for vcluster $name to appear... "
-    while true; do
-        $k wait -n $ns --for=condition=ready pod -l app=vcluster 2>&1 > /dev/null
-        if [ $? != 0 ]; then
-            echo "zzz..."
-            sleep 15
-        else
-            break
-        fi
-    done
-    vcluster connect $name-vcluster -- kubectl -n dapr-system wait pod --for=condition=ready -l app=dapr-operator
-    echo "wating 20s for Dapr..."
-    sleep 20
-    tmp=/tmp/$name-vlcuster.tmp$$
-    kubectl kustomize ../resources/atlantis/manifests/staging > $tmp
-    vcluster connect $name-vcluster -- kubectl apply -f $tmp
-    rm $tmp
-else
-    cat << EOF
-***
-*** $name-vcluster must be defined in ~/.kube/config
-***
-clusters:
-- cluster:
-    insecure-skip-tls-verify: true
-    server: https://$name-vcluster.beta.oceanbox.io
-  name: $name-vcluster
-contexts:
-- context:
-    cluster: $name-vcluster
-    namespace: atlantis
-    user: oidc
-  name: $name-vcluster
-users:
-- name: oidc
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1beta1
-      args:
-      - oidc-login
-      - get-token
-      - --oidc-issuer-url=https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/v2.0
-      - --oidc-client-id=9b6daef0-02fa-4574-8949-f7c1b5fccd15
-      - --oidc-client-secret=[redacted]
-      command: kubectl
-EOF
-fi
-
-
diff --git a/vcluster/install-staging-vcluster.sh b/vcluster/install-staging-vcluster.sh
deleted file mode 100644
index cc3ab4fa..00000000
--- a/vcluster/install-staging-vcluster.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-./create-vcluster.sh staging --set persistence=true
diff --git a/vcluster/oidc-cluster-admin.yaml b/vcluster/oidc-cluster-admin.yaml
deleted file mode 100644
index 41c72412..00000000
--- a/vcluster/oidc-cluster-admin.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: oidc-cluster-admin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin
-subjects:
-- kind: Group
-  name: eb17a659-4ce6-41bc-9153-d9b117c44479
-
diff --git a/vcluster/scripts/update-argo-cluster-connection-token.sh b/vcluster/scripts/update-argo-cluster-connection-token.sh
deleted file mode 100755
index 326ce614..00000000
--- a/vcluster/scripts/update-argo-cluster-connection-token.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-#
-
-if [ ! $# -ge 1 ]; then
-    echo "usage: $0 cluster [helm args]"
-    exit 1
-fi
-
-if [ ! -f create-vcluster.sh ]; then
-    echo "error: must be run from toplevel directory"
-    exit 1
-fi
-
-k='kubectl --context oceanbox'
-
-name=$1
-cluster=$name-vcluster
-shift
-
-token=$(kubectl get secret --context $cluster -n kube-system admin-token -o json | jq .data.token | tr -d '"' | base64 -d)
-config=$(echo "{\"bearerToken\": \"$token\", \"tlsClientConfig\": { \"insecure\" : true }}" | base64 -w0)
-$k patch -n argocd secret cluster-$cluster -p "{\"data\":{\"config\":\"$config\"}}"
diff --git a/vcluster/scripts/update-kubeconfig.sh b/vcluster/scripts/update-kubeconfig.sh
deleted file mode 100755
index 7001a0a5..00000000
--- a/vcluster/scripts/update-kubeconfig.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-vcluster connect $1-vcluster -n $1-vcluster \
-    --context oceanbox \
-    --update-current=true \
-    --kube-config-context-name $1-vcluster \
-    --insecure --cluster-role cluster-admin \
-    --service-account kube-system/admin \
-    --server https://$1-vcluster.beta.oceanbox.io
-
diff --git a/vcluster/shell.nix b/vcluster/shell.nix
deleted file mode 100644
index b220dd8e..00000000
--- a/vcluster/shell.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-with import <nixpkgs> {};
-mkShell rec {
-  nativeBuildInputs = [
-    dapr-cli
-    vcluster
-  ];
-
-  shellHook = '' '';
-}