From 160adcf033ec89b087923a2d650b3721cb635153 Mon Sep 17 00:00:00 2001
From: maxim <nikromax@gmail.com>
Date: Tue, 26 Oct 2021 15:59:33 +0600
Subject: [PATCH 1/4] fix: fix aws-iam-user-with-policy terraform module

---
 .../aws-iam-user-with-policy/iam-user.tf      | 31 -------------------
 1 file changed, 31 deletions(-)

diff --git a/terraform/modules/aws-iam-user-with-policy/iam-user.tf b/terraform/modules/aws-iam-user-with-policy/iam-user.tf
index 76ce54ca..377b68fd 100644
--- a/terraform/modules/aws-iam-user-with-policy/iam-user.tf
+++ b/terraform/modules/aws-iam-user-with-policy/iam-user.tf
@@ -12,34 +12,3 @@ resource "aws_iam_user_policy" "this" {
 
   policy = var.policy
 }
-
-data "aws_iam_policy_document" "user_policy" {
-
-  statement {
-    actions = [
-      "s3:ListBucket",
-      "s3:GetBucketLocation",
-      "s3:ListBucketMultipartUploads",
-      "s3:ListBucketVersions"
-    ]
-    effect = "Allow"
-    resources = [
-      for buckets in var.bucket_names :
-    "arn:aws:s3:::${buckets}"]
-  }
-
-  statement {
-    actions = [
-      "s3:GetObject",
-      "s3:PutObject",
-      "s3:DeleteObject",
-      "s3:AbortMultipartUpload",
-      "s3:ListMultipartUploadParts"
-    ]
-    effect = "Allow"
-    resources = [
-      for buckets in var.bucket_names :
-    "arn:aws:s3:::${buckets}/${var.path}*"]
-  }
-}
-

From a3daaea60dd0c0249a972ba9516700908680b67d Mon Sep 17 00:00:00 2001
From: maxim <nikromax@gmail.com>
Date: Tue, 26 Oct 2021 16:04:58 +0600
Subject: [PATCH 2/4] refactor: delete unused examples

---
 README.md                                     |   6 +
 terraform/layer1-aws/examples/aws-ecr.tf      |  38 ---
 .../layer1-aws/examples/aws-eks-fargate.tf    |   7 -
 .../layer1-aws/examples/aws-rds-postgresql.tf | 252 -----------------
 terraform/layer1-aws/examples/aws-rds-wp.tf   | 195 -------------
 .../layer2-k8s/eks-kube-prometheus-stack.tf   |   2 +-
 terraform/layer2-k8s/eks-loki-stack.tf        |   2 +-
 .../layer2-k8s/examples/eks-apm-server.tf     |  24 --
 .../layer2-k8s/examples/eks-elasticsearch.tf  |  25 --
 .../examples/eks-elk-k8s-resources.tf         | 107 -------
 terraform/layer2-k8s/examples/eks-filebeat.tf |  20 --
 .../examples/eks-k8s-resources-wp.tf          |  40 ---
 terraform/layer2-k8s/examples/eks-kibana.tf   |  53 ----
 .../layer2-k8s/examples/eks-metricbeat.tf     |  20 --
 .../examples/eks-mysql-backup-wp.tf           |  77 -----
 .../layer2-k8s/examples/eks-oauth2-proxy.tf   |  42 ---
 .../examples/eks-postgresql-backups.tf        |  21 --
 .../examples/eks-prometheus-mysql-exporter.tf |  20 --
 .../eks-prometheus-postgresql-exporter.tf     |  81 ------
 .../templates/elastic/apm-values.yaml         |  55 ----
 .../elastic/elasticsearch-values.yaml         |  77 -----
 .../templates/elastic/filebeat-values.yaml    |  51 ----
 .../templates/elastic/kibana-values.yaml      | 262 ------------------
 .../templates/elastic/metricbeat-values.yaml  | 110 --------
 ...-values.tmpl => gitlab-runner-values.yaml} |   0
 ...ack-values.tmpl => loki-stack-values.yaml} |   0
 .../templates/mysql-backup-values.yaml        |  19 --
 .../templates/oauth2-proxy-values.yaml        |  31 ---
 .../templates/postgresql-backups-values.tmpl  |  43 ---
 .../postgresql-exporter-user-script.tmpl      |  29 --
 .../templates/prometheus-mysql-exporter.yaml  |  15 -
 .../prometheus-postgresql-exporter.tmpl       |  26 --
 ...eus-values.tmpl => prometheus-values.yaml} |   0
 33 files changed, 8 insertions(+), 1742 deletions(-)
 delete mode 100644 terraform/layer1-aws/examples/aws-ecr.tf
 delete mode 100644 terraform/layer1-aws/examples/aws-eks-fargate.tf
 delete mode 100644 terraform/layer1-aws/examples/aws-rds-postgresql.tf
 delete mode 100644 terraform/layer1-aws/examples/aws-rds-wp.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-apm-server.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-elasticsearch.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-elk-k8s-resources.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-filebeat.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-k8s-resources-wp.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-kibana.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-metricbeat.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-mysql-backup-wp.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-oauth2-proxy.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-postgresql-backups.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-prometheus-mysql-exporter.tf
 delete mode 100644 terraform/layer2-k8s/examples/eks-prometheus-postgresql-exporter.tf
 delete mode 100644 terraform/layer2-k8s/templates/elastic/apm-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/elastic/elasticsearch-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/elastic/filebeat-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/elastic/kibana-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/elastic/metricbeat-values.yaml
 rename terraform/layer2-k8s/templates/{gitlab-runner-values.tmpl => gitlab-runner-values.yaml} (100%)
 rename terraform/layer2-k8s/templates/{loki-stack-values.tmpl => loki-stack-values.yaml} (100%)
 delete mode 100644 terraform/layer2-k8s/templates/mysql-backup-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/oauth2-proxy-values.yaml
 delete mode 100644 terraform/layer2-k8s/templates/postgresql-backups-values.tmpl
 delete mode 100644 terraform/layer2-k8s/templates/postgresql-exporter-user-script.tmpl
 delete mode 100644 terraform/layer2-k8s/templates/prometheus-mysql-exporter.yaml
 delete mode 100644 terraform/layer2-k8s/templates/prometheus-postgresql-exporter.tmpl
 rename terraform/layer2-k8s/templates/{prometheus-values.tmpl => prometheus-values.yaml} (100%)

diff --git a/README.md b/README.md
index 7d331f62..8869a36d 100644
--- a/README.md
+++ b/README.md
@@ -469,6 +469,12 @@ Each layer has an `examples/` directory that contains working examples that expa
 
 This will allow you to expand your basic functionality by launching a monitoring system based on ELK or Prometheus Stack, etc.
 
+
+* If you want to deploy **`ELK stack`**, move `layer1-aws/examples/aws-s3-bucket-elastic-stack.tf` and `layer2-k8s/examples/eks-elk.tf` to the root of the layers. 
+* If you want to deploy **`Pritunl VPN`** server just move `layer1-aws/examples/aws-ec2-pritunl.tf` to the root of the layer.
+* If you want to deploy **`Gitlab runner`** that runs workers as k8s pods (in EKS cluster), move `layer1-aws/examples/aws-s3-bucket-gitlab-runner-cache.tf` and `layer2-k8s/examples/eks-gitlab-runner.tf` to the root of the layers.
+* If you want to deploy `Istio Operator` move `layer2-k8s/examples/eks-istio.tf` to the root of the layer.
+
 ## TFSEC
 
 We use GitHub Actions and [tfsec](https://github.com/aquasecurity/tfsec) to check our terraform code using static analysis to spot potential security issues. However, we needed to skip some checks. The list of those checks is below:
diff --git a/terraform/layer1-aws/examples/aws-ecr.tf b/terraform/layer1-aws/examples/aws-ecr.tf
deleted file mode 100644
index 9fe4bb47..00000000
--- a/terraform/layer1-aws/examples/aws-ecr.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-resource "aws_ecr_repository" "main" {
-  count = length(var.ecr_repos)
-  name  = format("${local.name}/%s", var.ecr_repos[count.index])
-
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-}
-
-resource "aws_ecr_lifecycle_policy" "main" {
-  count      = length(var.ecr_repos)
-  repository = aws_ecr_repository.main.*.name[count.index]
-  policy     = <<EOF
-{
-    "rules": [
-        {
-            "rulePriority": 1,
-            "description": "Expire images more than ${var.ecr_repo_retention_count} count",
-            "selection": {
-                "tagStatus": "any",
-                "countType": "imageCountMoreThan",
-                "countNumber": ${var.ecr_repo_retention_count}
-            },
-            "action": {
-                "type": "expire"
-            }
-        }
-    ]
-}
-EOF
-
-  depends_on = [aws_ecr_repository.main]
-}
-
-output "docker_repository_urls" {
-  value       = aws_ecr_repository.main.*.repository_url
-  description = "description"
-}
diff --git a/terraform/layer1-aws/examples/aws-eks-fargate.tf b/terraform/layer1-aws/examples/aws-eks-fargate.tf
deleted file mode 100644
index 64c7d4a8..00000000
--- a/terraform/layer1-aws/examples/aws-eks-fargate.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-module "eks-fargate-profile" {
-  source       = "terraform-module/eks-fargate-profile/aws"
-  version      = "2.2.6"
-  subnet_ids   = module.vpc.private_subnets
-  cluster_name = module.eks.cluster_id
-  namespaces   = ["fargate", "ci"]
-}
diff --git a/terraform/layer1-aws/examples/aws-rds-postgresql.tf b/terraform/layer1-aws/examples/aws-rds-postgresql.tf
deleted file mode 100644
index a200f0f2..00000000
--- a/terraform/layer1-aws/examples/aws-rds-postgresql.tf
+++ /dev/null
@@ -1,252 +0,0 @@
-# RDS Variables
-variable "rds_instance" {
-  type        = string
-  default     = "db.t3.micro"
-  description = "Instance class of the rds database"
-}
-
-locals {
-  # Passwords for services and secrets
-  db_password = random_string.postgres_password.result
-  # Changed to production values because when restore db from production snapshot, db name and username changed.
-  db_database = "d${random_string.postgres_database.result}"
-  db_username = "u${random_string.postgres_user.result}"
-  db_name     = local.name
-}
-
-resource "random_string" "postgres_password" {
-  length  = 20
-  special = false
-}
-
-resource "random_string" "postgres_database" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "postgres_user" {
-  length  = 8
-  special = false
-}
-
-resource "aws_security_group" "rds" {
-  name_prefix = "${local.name}-rds"
-  description = "Allow inbound traffic to EKS from allowed ips and EKS workers"
-  vpc_id      = module.vpc.vpc_id
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_security_group_rule" "workers_to_rds" {
-  description              = "Allow nodes to communicate with RDS."
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.rds.id
-  source_security_group_id = module.eks.worker_security_group_id
-  from_port                = 5432
-  to_port                  = 5432
-  type                     = "ingress"
-}
-
-module "db" {
-  source  = "terraform-aws-modules/rds/aws"
-  version = "2.20.0"
-
-  identifier = local.db_name
-
-  engine            = "postgres"
-  engine_version    = "12.5"
-  instance_class    = var.rds_instance
-  allocated_storage = 30
-  storage_encrypted = true
-
-  name                                = local.db_database
-  username                            = local.db_username
-  password                            = local.db_password
-  port                                = "5432"
-  iam_database_authentication_enabled = false
-  vpc_security_group_ids              = [aws_security_group.rds.id]
-  subnet_ids                          = module.vpc.database_subnets
-  auto_minor_version_upgrade          = false
-
-  maintenance_window      = "Sun:00:00-Sun:03:00"
-  backup_window           = "03:00-06:00"
-  monitoring_interval     = "30"
-  monitoring_role_name    = local.db_name
-  create_monitoring_role  = true
-  multi_az                = false
-  backup_retention_period = 0
-
-  family                    = "postgres12"
-  major_engine_version      = "12"
-  final_snapshot_identifier = local.db_name
-  deletion_protection       = false
-
-  #snapshot_identifier	    = var.stage_snapshot_identifier
-
-  tags = {
-    Name        = local.db_name
-    Environment = local.env
-  }
-}
-
-resource "aws_s3_bucket" "rds_backups" {
-  bucket = "${local.name}-rds-backup"
-  acl    = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  lifecycle_rule {
-    id      = "postgresql-backups-lifecycle-rule"
-    enabled = false
-
-    tags = {
-      "rule" = "postgresql-backups-lifecycle-rule"
-    }
-
-    transition {
-      days          = 365
-      storage_class = "GLACIER"
-    }
-  }
-
-  tags = {
-    Name        = "${local.name}-rds-backups"
-    Environment = local.env
-  }
-}
-
-resource "aws_s3_bucket_public_access_block" "rds_backups" {
-  bucket = aws_s3_bucket.rds_backups.id
-
-  # Block new public ACLs and uploading public objects
-  block_public_acls = true
-  # Retroactively remove public access granted through public ACLs
-  ignore_public_acls = true
-  # Block new public bucket policies
-  block_public_policy = true
-  # Retroactivley block public and cross-account access if bucket has public policies
-  restrict_public_buckets = true
-}
-
-module "aws_iam_rds_backups" {
-  source = "../modules/aws-iam-user-with-policy"
-
-  name = "${local.name}-rds-backups"
-  policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:ListBucket",
-          "s3:GetBucketLocation",
-          "s3:ListBucketMultipartUploads",
-          "s3:ListBucketVersions"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${aws_s3_bucket.rds_backups.id}"
-        ]
-      },
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:GetObject",
-          "s3:PutObject",
-          "s3:DeleteObject",
-          "s3:AbortMultipartUpload",
-          "s3:ListMultipartUploadParts"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${aws_s3_bucket.rds_backups.id}/*"
-        ]
-      }
-    ]
-  })
-}
-
-module "ssm" {
-  source = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=0.4.1"
-
-  parameter_write = [
-    {
-      name      = "/${local.name_wo_region}/env/pg_host"
-      value     = module.db.this_db_instance_address
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/pg_port"
-      value     = 5432
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/pg_user"
-      value     = local.db_username
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/pg_database"
-      value     = local.db_database
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/pg_pass"
-      value     = local.db_password
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/s3/pg_backups_bucket_name"
-      value     = aws_s3_bucket.rds_backups.id
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/s3/pg_backups_bucket_region"
-      value     = aws_s3_bucket.rds_backups.region
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/s3/access_key_id"
-      value     = module.aws_iam_rds_backups.access_key_id
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/${local.name_wo_region}/env/s3/access_secret_key"
-      value     = module.aws_iam_rds_backups.access_secret_key
-      type      = "String"
-      overwrite = "true"
-    }
-  ]
-
-  tags = {
-    ManagedBy = "Terraform"
-  }
-}
-
-output "db" {
-  description = "description"
-  value = {
-    "username" = local.db_username
-    "database" = local.db_database
-    "password" = local.db_password
-    "address"  = module.db.this_db_instance_address
-  }
-}
-
-
-
-
diff --git a/terraform/layer1-aws/examples/aws-rds-wp.tf b/terraform/layer1-aws/examples/aws-rds-wp.tf
deleted file mode 100644
index fa404526..00000000
--- a/terraform/layer1-aws/examples/aws-rds-wp.tf
+++ /dev/null
@@ -1,195 +0,0 @@
-# RDS Variables
-variable "rds_instance_wp" {
-  type        = string
-  default     = "db.t3.small"
-  description = "Instance class of the rds database"
-}
-
-locals {
-  # Passwords for services and secrets
-  wp_db_password = random_string.mysql_password_wp.result
-  wp_db_database = "d${random_string.mysql_database_wp.result}"
-  wp_db_username = "u${random_string.mysql_user_wp.result}"
-  wp_db_name     = "${local.name}-wp"
-}
-
-resource "random_string" "mysql_password_wp" {
-  length  = 20
-  special = false
-}
-
-resource "random_string" "mysql_database_wp" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "mysql_user_wp" {
-  length  = 8
-  special = false
-}
-
-resource "aws_security_group" "wp_rds" {
-  name_prefix = "${local.name}-wp-rds"
-  description = "Allow inbound traffic to EKS from allowed ips and EKS workers"
-  vpc_id      = module.vpc.vpc_id
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_security_group_rule" "workers_to_wp_rds" {
-  description              = "Allow nodes to communicate with WP RDS."
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.wp_rds.id
-  source_security_group_id = module.eks.worker_security_group_id
-  from_port                = 3306
-  to_port                  = 3306
-  type                     = "ingress"
-}
-
-module "db_wp" {
-  source  = "terraform-aws-modules/rds/aws"
-  version = "2.20.0"
-
-  identifier = local.wp_db_name
-
-  engine            = "mysql"
-  engine_version    = "5.7.26"
-  instance_class    = var.rds_instance_wp
-  allocated_storage = 10
-  storage_encrypted = true
-
-  name                                = local.wp_db_database
-  username                            = local.wp_db_username
-  password                            = local.wp_db_password
-  port                                = "3306"
-  iam_database_authentication_enabled = true
-  vpc_security_group_ids              = [aws_security_group.wp_rds.id]
-  subnet_ids                          = module.vpc.database_subnets
-  auto_minor_version_upgrade          = false
-
-  maintenance_window      = "Sun:00:00-Sun:03:00"
-  backup_window           = "03:00-06:00"
-  monitoring_interval     = "30"
-  monitoring_role_name    = local.wp_db_name
-  create_monitoring_role  = true
-  multi_az                = false
-  backup_retention_period = 0
-
-  # enabled_cloudwatch_logs_exports = ["audit", "general", "slowquery"]
-
-  family                    = "mysql5.7"
-  major_engine_version      = "5.7"
-  final_snapshot_identifier = local.wp_db_name
-  deletion_protection       = false
-
-  parameters = [
-    {
-      name  = "character_set_client"
-      value = "utf8"
-    },
-    {
-      name  = "character_set_server"
-      value = "utf8"
-    }
-  ]
-
-  options = [
-    {
-      option_name = "MARIADB_AUDIT_PLUGIN"
-
-      option_settings = [
-        {
-          name  = "SERVER_AUDIT_EVENTS"
-          value = "CONNECT"
-        },
-        {
-          name  = "SERVER_AUDIT_FILE_ROTATIONS"
-          value = "37"
-        },
-      ]
-    },
-  ]
-
-  tags = {
-    Name        = local.wp_db_name
-    Environment = "dev"
-  }
-}
-
-resource "aws_s3_bucket" "rds_backup_wp" {
-  bucket = "${local.name}-rds-backup-wp"
-  acl    = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  tags = {
-    Name        = "${local.name}-rds-backup-wp"
-    Environment = local.env
-  }
-}
-
-resource "aws_s3_bucket_public_access_block" "rds_backup_wp" {
-  bucket = aws_s3_bucket.rds_backup_wp.id
-
-  # Block new public ACLs and uploading public objects
-  block_public_acls = true
-  # Retroactively remove public access granted through public ACLs
-  ignore_public_acls = true
-  # Block new public bucket policies
-  block_public_policy = true
-  # Retroactivley block public and cross-account access if bucket has public policies
-  restrict_public_buckets = true
-}
-
-#output wp_db {
-#  description = "description"
-#  value = {
-#    "username"         = local.wp_db_username
-#    "database"         = local.wp_db_database
-#    "password"         = local.wp_db_password
-#    "address"          = module.db_wp.this_db_instance_address
-#    "s3_backup_bucket" = aws_s3_bucket.rds_backup_wp.id
-#  }
-#}
-
-module "wp_ssm" {
-  source = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store"
-
-  parameter_write = [{
-    name      = "/wp/database/username"
-    value     = "${local.wp_db_username}"
-    type      = "String"
-    overwrite = "true"
-    },
-    {
-      name      = "/wp/database/database"
-      value     = "${local.wp_db_database}"
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/wp/database/password"
-      value     = "${local.wp_db_password}"
-      type      = "String"
-      overwrite = "true"
-    },
-    {
-      name      = "/wp/database/address"
-      value     = "${module.db_wp.this_db_instance_address}"
-      type      = "String"
-      overwrite = "true"
-    },
-  ]
-
-  tags = {
-    ManagedBy = "Terraform"
-  }
-}
diff --git a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf b/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
index 07bcac43..0fa613ce 100644
--- a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
+++ b/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
@@ -4,7 +4,7 @@ locals {
   prometheus_domain_name   = "prometheus-${local.domain_suffix}"
   alertmanager_domain_name = "alertmanager-${local.domain_suffix}"
 
-  kube_prometheus_stack_template = templatefile("${path.module}/templates/prometheus-values.tmpl",
+  kube_prometheus_stack_template = templatefile("${path.module}/templates/prometheus-values.yaml",
     {
       prometheus_domain_name     = local.prometheus_domain_name
       alertmanager_domain_name   = local.alertmanager_domain_name
diff --git a/terraform/layer2-k8s/eks-loki-stack.tf b/terraform/layer2-k8s/eks-loki-stack.tf
index 314b070a..e1a594ad 100644
--- a/terraform/layer2-k8s/eks-loki-stack.tf
+++ b/terraform/layer2-k8s/eks-loki-stack.tf
@@ -1,7 +1,7 @@
 locals {
   grafana_loki_password = random_string.grafana_loki_password.result
 
-  loki_stack_template = templatefile("${path.module}/templates/loki-stack-values.tmpl",
+  loki_stack_template = templatefile("${path.module}/templates/loki-stack-values.yaml",
     {
       grafana_domain_name  = "grafana-${local.domain_suffix}"
       grafana_password     = local.grafana_loki_password
diff --git a/terraform/layer2-k8s/examples/eks-apm-server.tf b/terraform/layer2-k8s/examples/eks-apm-server.tf
deleted file mode 100644
index f37cd68d..00000000
--- a/terraform/layer2-k8s/examples/eks-apm-server.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-data "template_file" "apm-server" {
-  template = file("${path.module}/templates/elastic/apm-values.yaml")
-
-  vars = {
-    domain_name = local.apm_domain_name
-  }
-}
-
-resource "helm_release" "apm-server" {
-  name        = "apm-server"
-  chart       = "apm-server"
-  repository  = local.helm_repo_elastic
-  version     = var.elk_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.apm.rendered,
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [helm_release.elasticsearch, kubernetes_namespace.elk]
-}
diff --git a/terraform/layer2-k8s/examples/eks-elasticsearch.tf b/terraform/layer2-k8s/examples/eks-elasticsearch.tf
deleted file mode 100644
index a4964d2b..00000000
--- a/terraform/layer2-k8s/examples/eks-elasticsearch.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-data "template_file" "elasticsearch" {
-  template = file("${path.module}/templates/elastic/elasticsearch-values.yaml")
-
-  vars = {
-    iam_role_arn       = module.aws_iam_elastic_stack.role_arn
-    storage_class_name = kubernetes_storage_class.elk.id
-  }
-}
-
-resource "helm_release" "elasticsearch" {
-  name        = "elasticsearch"
-  chart       = "elasticsearch"
-  repository  = local.helm_repo_elastic
-  version     = var.elk_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.elasticsearch.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [kubernetes_storage_class.elk, data.template_file.elasticsearch, kubernetes_namespace.elk, kubernetes_secret.elasticsearch_credentials, kubernetes_secret.elasticsearch_certificates]
-}
diff --git a/terraform/layer2-k8s/examples/eks-elk-k8s-resources.tf b/terraform/layer2-k8s/examples/eks-elk-k8s-resources.tf
deleted file mode 100644
index 8a970d21..00000000
--- a/terraform/layer2-k8s/examples/eks-elk-k8s-resources.tf
+++ /dev/null
@@ -1,107 +0,0 @@
-locals {
-  kibana_domain_name = "kibana-${local.domain_suffix}"
-  apm_domain_name    = "apm-${local.domain_suffix}"
-}
-
-resource "kubernetes_storage_class" "elk" {
-  metadata {
-    name = "elk"
-  }
-  storage_provisioner    = "kubernetes.io/aws-ebs"
-  reclaim_policy         = "Retain"
-  allow_volume_expansion = true
-  parameters = {
-    type      = "gp2"
-    encrypted = true
-    fsType    = "ext4"
-  }
-}
-
-module "elastic_tls" {
-  source = "../modules/self-signed-certificate"
-
-  name                  = local.name
-  common_name           = "elasticsearch-master"
-  dns_names             = [local.domain_name, "*.${local.domain_name}", "elasticsearch-master", "elasticsearch-master.${kubernetes_namespace.elk.id}", "kibana", "kibana.${kubernetes_namespace.elk.id}", "kibana-kibana", "kibana-kibana.${kubernetes_namespace.elk.id}", "logstash", "logstash.${kubernetes_namespace.elk.id}"]
-  validity_period_hours = 8760
-  early_renewal_hours   = 336
-}
-
-resource "kubernetes_secret" "elasticsearch_credentials" {
-  metadata {
-    name      = "elastic-credentials"
-    namespace = kubernetes_namespace.elk.id
-  }
-
-  data = {
-    "username" = "elastic"
-    "password" = random_string.elasticsearch_password.result
-  }
-}
-
-resource "kubernetes_secret" "elasticsearch_certificates" {
-  metadata {
-    name      = "elastic-certificates"
-    namespace = kubernetes_namespace.elk.id
-  }
-
-  data = {
-    "tls.crt" = module.elastic_tls.cert_pem
-    "tls.key" = module.elastic_tls.private_key_pem
-    "tls.p8"  = module.elastic_tls.p8
-  }
-}
-
-resource "kubernetes_secret" "elasticsearch_s3_user_creds" {
-  metadata {
-    name      = "elasticsearch-s3-user-creds"
-    namespace = kubernetes_namespace.elk.id
-  }
-
-  data = {
-    "aws_s3_user_access_key" = module.aws_iam_elastic_stack.access_key_id
-    "aws_s3_user_secret_key" = module.aws_iam_elastic_stack.access_secret_key
-  }
-}
-
-resource "random_string" "elasticsearch_password" {
-  length  = 32
-  special = false
-  upper   = true
-}
-
-module "aws_iam_elastic_stack" {
-  source = "../modules/aws-iam-user-with-policy"
-
-  name = "${local.name}-elk"
-  policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:ListBucket",
-          "s3:GetBucketLocation",
-          "s3:ListBucketMultipartUploads",
-          "s3:ListBucketVersions"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${local.elastic_stack_bucket_name}"
-        ]
-      },
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:GetObject",
-          "s3:PutObject",
-          "s3:DeleteObject",
-          "s3:AbortMultipartUpload",
-          "s3:ListMultipartUploadParts"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${local.elastic_stack_bucket_name}/*"
-        ]
-      }
-    ]
-  })
-}
diff --git a/terraform/layer2-k8s/examples/eks-filebeat.tf b/terraform/layer2-k8s/examples/eks-filebeat.tf
deleted file mode 100644
index 48f698f7..00000000
--- a/terraform/layer2-k8s/examples/eks-filebeat.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-data "template_file" "filebeat" {
-  template = file("${path.module}/templates/elastic/filebeat-values.yaml")
-}
-
-resource "helm_release" "filebeat" {
-  name        = "filebeat"
-  chart       = "filebeat"
-  repository  = local.helm_repo_elastic
-  version     = var.elk_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.filebeat.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [helm_release.elasticsearch, kubernetes_namespace.elk]
-}
diff --git a/terraform/layer2-k8s/examples/eks-k8s-resources-wp.tf b/terraform/layer2-k8s/examples/eks-k8s-resources-wp.tf
deleted file mode 100644
index ec5d099e..00000000
--- a/terraform/layer2-k8s/examples/eks-k8s-resources-wp.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-locals {
-  wp_db_password      = data.terraform_remote_state.layer1-aws.outputs.wp_db["password"]
-  wp_db_address       = data.terraform_remote_state.layer1-aws.outputs.wp_db["address"]
-  wp_db_username      = data.terraform_remote_state.layer1-aws.outputs.wp_db["username"]
-  wp_db_database      = data.terraform_remote_state.layer1-aws.outputs.wp_db["database"]
-  wp_db_backup_bucket = data.terraform_remote_state.layer1-aws.outputs.wp_db["s3_backup_bucket"]
-}
-
-
-resource "kubernetes_namespace" "wp" {
-  metadata {
-    name = "wp"
-  }
-}
-
-resource "kubernetes_secret" "wp_mysql" {
-  metadata {
-    name      = "mysql-connection"
-    namespace = kubernetes_namespace.wp.id
-  }
-
-  data = {
-    "db-user"     = local.wp_db_username
-    "db-password" = local.wp_db_password
-    "db-host"     = local.wp_db_address
-    "db-name"     = local.wp_db_database
-    "db-url"      = "mysql://${local.wp_db_username}:${local.wp_db_password}@${local.wp_db_address}:3306/${local.wp_db_database}"
-  }
-}
-
-resource "kubernetes_secret" "wp_mysql_exporter" {
-  metadata {
-    name      = "mysql-exporter"
-    namespace = kubernetes_namespace.wp.id
-  }
-
-  data = {
-    "DATA_SOURCE_NAME" = "${local.wp_db_username}:${local.wp_db_password}@(${local.wp_db_address}:3306)/${local.wp_db_database}"
-  }
-}
diff --git a/terraform/layer2-k8s/examples/eks-kibana.tf b/terraform/layer2-k8s/examples/eks-kibana.tf
deleted file mode 100644
index e953d3e2..00000000
--- a/terraform/layer2-k8s/examples/eks-kibana.tf
+++ /dev/null
@@ -1,53 +0,0 @@
-resource "kubernetes_secret" "kibana_enc_key" {
-  metadata {
-    name      = "kibana-encryption-key"
-    namespace = kubernetes_namespace.elk.id
-  }
-
-  data = {
-    "encryptionkey" = random_string.kibana_enc_key.result
-  }
-}
-
-resource "random_string" "kibana_enc_key" {
-  length  = 32
-  special = false
-  upper   = true
-}
-
-resource "random_string" "kibana_password" {
-  length  = 32
-  special = false
-  upper   = true
-}
-
-data "template_file" "kibana" {
-  template = file("${path.module}/templates/elastic/kibana-values.yaml")
-
-  vars = {
-    domain_name             = local.kibana_domain_name
-    bucket_name             = local.elastic_stack_bucket_name
-    kibana_user             = "kibana-${local.env}"
-    kibana_password         = random_string.kibana_password.result
-    kibana_base64_creds     = base64encode("kibana-${local.env}:${random_string.kibana_password.result}")
-    snapshot_retention_days = var.elk_snapshot_retention_days
-    index_retention_days    = var.elk_index_retention_days
-  }
-}
-
-resource "helm_release" "kibana" {
-  name        = "kibana"
-  chart       = "kibana"
-  repository  = local.helm_repo_elastic
-  version     = var.elk_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.kibana.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [helm_release.elasticsearch, kubernetes_namespace.elk, kubernetes_secret.kibana_enc_key]
-}
diff --git a/terraform/layer2-k8s/examples/eks-metricbeat.tf b/terraform/layer2-k8s/examples/eks-metricbeat.tf
deleted file mode 100644
index b1b9c49b..00000000
--- a/terraform/layer2-k8s/examples/eks-metricbeat.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-data "template_file" "metricbeat" {
-  template = file("${path.module}/templates/elastic/metricbeat-values.yaml")
-}
-
-resource "helm_release" "metricbeat" {
-  name        = "metricbeat"
-  chart       = "metricbeat"
-  repository  = local.helm_repo_elastic
-  version     = var.elk_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.metricbeat.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [helm_release.elasticsearch, kubernetes_namespace.elk]
-}
diff --git a/terraform/layer2-k8s/examples/eks-mysql-backup-wp.tf b/terraform/layer2-k8s/examples/eks-mysql-backup-wp.tf
deleted file mode 100644
index 3deeade2..00000000
--- a/terraform/layer2-k8s/examples/eks-mysql-backup-wp.tf
+++ /dev/null
@@ -1,77 +0,0 @@
-module "aws_iam_wp_buckup_s3" {
-  source = "../modules/aws-iam-user-with-policy"
-
-  name = "${local.name}-rds-wp"
-  policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:ListBucket",
-          "s3:GetBucketLocation",
-          "s3:ListBucketMultipartUploads",
-          "s3:ListBucketVersions"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${local.wp_db_backup_bucket}"
-        ]
-      },
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "s3:GetObject",
-          "s3:PutObject",
-          "s3:DeleteObject",
-          "s3:AbortMultipartUpload",
-          "s3:ListMultipartUploadParts"
-        ],
-        "Resource" : [
-          "arn:aws:s3:::${local.wp_db_backup_bucket}/*"
-        ]
-      }
-    ]
-  })
-}
-
-resource "kubernetes_secret" "wp_backup_s3" {
-  metadata {
-    name      = "mysql-backup-s3-creds"
-    namespace = kubernetes_namespace.wp.id
-  }
-
-  data = {
-    "bucketName"      = local.wp_db_backup_bucket
-    "awsEndpoint"     = "https://s3.${local.region}.amazonaws.com"
-    "region"          = local.region
-    "accessKeyId"     = module.aws_iam_wp_buckup_s3.access_key_id
-    "secretAccessKey" = module.aws_iam_wp_buckup_s3.access_secret_key
-  }
-}
-
-data "template_file" "mysql_backup_wp" {
-  template = file("${path.module}/templates/mysql-backup-values.yaml")
-
-  vars = {
-    bucket_name = local.wp_db_backup_bucket
-    db_host     = local.wp_db_address
-    db_name     = local.wp_db_database
-  }
-}
-
-resource "helm_release" "mysql_backup_wp" {
-  name        = "mysql-backup"
-  chart       = "mysql-backup"
-  repository  = local.helm_repo_softonic
-  version     = "2.1.4"
-  namespace   = kubernetes_namespace.wp.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.mysql_backup_wp.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [kubernetes_namespace.wp]
-}
diff --git a/terraform/layer2-k8s/examples/eks-oauth2-proxy.tf b/terraform/layer2-k8s/examples/eks-oauth2-proxy.tf
deleted file mode 100644
index eeeb386c..00000000
--- a/terraform/layer2-k8s/examples/eks-oauth2-proxy.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-resource "random_string" "kibana_ouath2_secret_cookie" {
-  length  = 32
-  special = false
-  upper   = true
-}
-
-resource "kubernetes_secret" "kibana_oauth2_secrets" {
-  metadata {
-    name      = "kibana-oauth2-secrets"
-    namespace = kubernetes_namespace.elk.id
-  }
-
-  data = {
-    "cookie-secret" = random_string.kibana_ouath2_secret_cookie.result
-    "client-secret" = local.kibana_gitlab_client_secret
-    "client-id"     = local.kibana_gitlab_client_id
-  }
-}
-
-data "template_file" "oauth2_proxy" {
-  template = file("${path.module}/templates/oauth2-proxy-values.yaml")
-
-  vars = {
-    domain_name  = local.kibana_domain_name
-    gitlab_group = local.kibana_gitlab_group
-  }
-}
-
-resource "helm_release" "oauth2_proxy" {
-  name        = "oauth2-proxy"
-  chart       = "oauth2-proxy"
-  repository  = local.helm_repo_stable
-  version     = var.oauth2_proxy_version
-  namespace   = kubernetes_namespace.elk.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.oauth2_proxy.rendered
-  ]
-}
-
diff --git a/terraform/layer2-k8s/examples/eks-postgresql-backups.tf b/terraform/layer2-k8s/examples/eks-postgresql-backups.tf
deleted file mode 100644
index 2e44f2ed..00000000
--- a/terraform/layer2-k8s/examples/eks-postgresql-backups.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-locals {
-  postgresql_backups_template = templatefile("${path.module}/templates/postgresql-backups-values.tmpl",
-    {
-      name_wo_region = local.name_wo_region
-  })
-}
-
-resource "helm_release" "postgresql_backups" {
-  name        = "postgresql-backups"
-  chart       = "../../helm-charts/postgresql-backups"
-  namespace   = kubernetes_namespace.prod.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    local.postgresql_backups_template
-  ]
-}
-
-
-
diff --git a/terraform/layer2-k8s/examples/eks-prometheus-mysql-exporter.tf b/terraform/layer2-k8s/examples/eks-prometheus-mysql-exporter.tf
deleted file mode 100644
index a0da4a54..00000000
--- a/terraform/layer2-k8s/examples/eks-prometheus-mysql-exporter.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-data "template_file" "prometheus_mysql_exporter" {
-  template = file("${path.module}/templates/prometheus-mysql-exporter.yaml")
-}
-
-resource "helm_release" "prometheus_mysql_exporter_wp" {
-  name        = "prometheus-mysql-exporter"
-  chart       = "prometheus-mysql-exporter"
-  version     = var.prometheus_mysql_exporter_version
-  repository  = local.helm_repo_prometheus_community
-  namespace   = kubernetes_namespace.wp.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    data.template_file.prometheus_mysql_exporter.rendered
-  ]
-
-  # This dep needs for correct apply
-  depends_on = [kubernetes_namespace.wp, kubernetes_secret.wp_mysql_exporter]
-}
diff --git a/terraform/layer2-k8s/examples/eks-prometheus-postgresql-exporter.tf b/terraform/layer2-k8s/examples/eks-prometheus-postgresql-exporter.tf
deleted file mode 100644
index 156b8d61..00000000
--- a/terraform/layer2-k8s/examples/eks-prometheus-postgresql-exporter.tf
+++ /dev/null
@@ -1,81 +0,0 @@
-locals {
-  pg_host          = data.aws_ssm_parameter.pg_host.value
-  pg_user          = data.aws_ssm_parameter.pg_user.value
-  pg_port          = data.aws_ssm_parameter.pg_port.value
-  pg_pass          = data.aws_ssm_parameter.pg_pass.value
-  pg_database      = data.aws_ssm_parameter.pg_database.value
-  pg_exporter_pass = random_string.pg_exporter_pass.result
-
-  postgresql_exporter_user_template = templatefile("${path.module}/templates/postgresql-exporter-user-script.tmpl",
-    {
-      pg_host          = local.pg_host
-      pg_user          = local.pg_user
-      pg_port          = local.pg_port
-      pg_pass          = local.pg_pass
-      pg_database      = local.pg_database
-      pg_exporter_pass = local.pg_exporter_pass
-  })
-
-  prometheus_postgresql_exporter_template = templatefile("${path.module}/templates/prometheus-postgresql-exporter.tmpl",
-    {
-      pg_host     = local.pg_host
-      pg_pass     = local.pg_exporter_pass
-      pg_port     = local.pg_port
-      pg_database = local.pg_database
-  })
-
-}
-
-resource "helm_release" "postgresql_exporter_user" {
-  name        = "pg-exporter-user"
-  chart       = "../../helm-charts/pg-exporter-user"
-  namespace   = kubernetes_namespace.monitoring.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    local.postgresql_exporter_user_template
-  ]
-}
-
-resource "helm_release" "postgresql_exporter" {
-  name        = "prometheus-postgres-exporter"
-  chart       = "prometheus-postgres-exporter"
-  repository  = local.helm_repo_prometheus_community
-  version     = "1.4.0"
-  namespace   = kubernetes_namespace.monitoring.id
-  wait        = false
-  max_history = var.helm_release_history_size
-
-  values = [
-    local.prometheus_postgresql_exporter_template
-  ]
-
-  depends_on = [helm_release.postgresql_exporter_user]
-}
-
-resource "random_string" "pg_exporter_pass" {
-  length  = 32
-  special = false
-  upper   = true
-}
-
-data "aws_ssm_parameter" "pg_host" {
-  name = "/${local.name_wo_region}/env/pg_host"
-}
-
-data "aws_ssm_parameter" "pg_port" {
-  name = "/${local.name_wo_region}/env/pg_port"
-}
-
-data "aws_ssm_parameter" "pg_user" {
-  name = "/${local.name_wo_region}/env/pg_user"
-}
-
-data "aws_ssm_parameter" "pg_database" {
-  name = "/${local.name_wo_region}/env/pg_database"
-}
-
-data "aws_ssm_parameter" "pg_pass" {
-  name = "/${local.name_wo_region}/env/pg_pass"
-}
diff --git a/terraform/layer2-k8s/templates/elastic/apm-values.yaml b/terraform/layer2-k8s/templates/elastic/apm-values.yaml
deleted file mode 100644
index 3cea690f..00000000
--- a/terraform/layer2-k8s/templates/elastic/apm-values.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-imageTag: "7.8.0"
-
-ingress:
-  enabled: true
-  annotations:
-    kubernetes.io/ingress.class: nginx
-  path: /
-  hosts:
-    - ${domain_name}
-#  tls:
-#  - hosts: 
-#    - ${domain_name}
-
-apmConfig:
-  apm-server.yml: |
-    apm-server:
-      host: "0.0.0.0:8200"
-      # ssl:
-      #   enabled: true
-      #   certificate: /usr/share/apm-server/config/certs/tls.crt
-      #   key: /usr/share/apm-server/config/certs/tls.key
-    queue: {}
-    output.elasticsearch:
-      username: '$${ELASTICSEARCH_USERNAME}'
-      password: '$${ELASTICSEARCH_PASSWORD}'
-      protocol: https
-      hosts: ["elasticsearch-master:9200"]
-      ssl.verification_mode: none
-
-secretMounts:
-  - name: elastic-certificates
-    secretName: elastic-certificates
-    path: /usr/share/apm-server/config/certs
-
-extraEnvs:
-  - name: 'ELASTICSEARCH_USERNAME'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: username
-  - name: 'ELASTICSEARCH_PASSWORD'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: password
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: node.kubernetes.io/lifecycle
-          operator: NotIn
-          values:
-            - spot
diff --git a/terraform/layer2-k8s/templates/elastic/elasticsearch-values.yaml b/terraform/layer2-k8s/templates/elastic/elasticsearch-values.yaml
deleted file mode 100644
index 1a236a52..00000000
--- a/terraform/layer2-k8s/templates/elastic/elasticsearch-values.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
-rbac:
-  create: true
-  serviceAccountAnnotations:
-    "eks.amazonaws.com/role-arn": ${iam_role_arn}
-
-image: "halfb00t/elasticsearch"
-imageTag: 7.8.0
-
-esMajorVersion: 7
-replicas: 1
-
-clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
-clusterName: "elasticsearch"
-
-volumeClaimTemplate:
-  accessModes: [ "ReadWriteOnce" ]
-  storageClassName: "${storage_class_name}"
-  resources:
-    requests:
-      storage: 100Gi
-
-resources:
-  limits:
-    cpu: 1000m
-    memory: 2Gi
-  requests:
-    cpu: 512m
-    memory: 2Gi
-
-esJavaOpts: -Xmx1500m -Xms1500m
-protocol: https
-esConfig:
-  elasticsearch.yml: |
-    xpack.security.enabled: true
-    xpack.monitoring.collection.enabled: true
-    xpack.security.transport.ssl.enabled: true
-    xpack.security.transport.ssl.verification_mode: certificate
-    xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certs/tls.key
-    xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certs/tls.crt
-    xpack.security.http.ssl.enabled: true
-    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certs/tls.key
-    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certs/tls.crt
-
-extraEnvs:
-  - name: ELASTIC_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: password
-  - name: ELASTIC_USERNAME
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: username
-
-secretMounts:
-  - name: elastic-certificates
-    secretName: elastic-certificates
-    path: /usr/share/elasticsearch/config/certs
-
-keystore:
-  - secretName: elasticsearch-s3-user-creds
-    items:
-    - key: aws_s3_user_access_key
-      path: s3.client.default.access_key
-    - key: aws_s3_user_secret_key
-      path: s3.client.default.secret_key
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: node.kubernetes.io/lifecycle
-          operator: NotIn
-          values:
-            - spot
\ No newline at end of file
diff --git a/terraform/layer2-k8s/templates/elastic/filebeat-values.yaml b/terraform/layer2-k8s/templates/elastic/filebeat-values.yaml
deleted file mode 100644
index 5131ba96..00000000
--- a/terraform/layer2-k8s/templates/elastic/filebeat-values.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-imageTag: 7.8.0
-
-filebeatConfig:
-  filebeat.yml: |
-    filebeat.inputs:
-    - type: docker
-      containers.ids:
-      - '*'
-    processors:
-      - add_kubernetes_metadata:
-          host: $${NODE_NAME}
-          in_cluster: true
-          labels.dedot: true
-          annotations.dedot: true
-      - drop_event:
-          when:
-            equals:
-              kubernetes.container.name: "filebeat"
-
-    output.elasticsearch:
-      username: '$${ELASTICSEARCH_USERNAME}'
-      password: '$${ELASTICSEARCH_PASSWORD}'
-      protocol: https
-      hosts: ["elasticsearch-master:9200"]
-      ssl.verification_mode: none
-
-extraVolumeMounts:
-  - name: elastic-certificates
-    mountPath: /usr/share/filebeat/config/certs
-
-extraVolumes:
-  - name: elastic-certificates
-    secret:
-      secretName: elastic-certificates
-
-extraEnvs:
-  - name: 'ELASTICSEARCH_USERNAME'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: username
-  - name: 'ELASTICSEARCH_PASSWORD'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: password
-
-tolerations:
-  - effect: NoSchedule
-    operator: Exists
-
diff --git a/terraform/layer2-k8s/templates/elastic/kibana-values.yaml b/terraform/layer2-k8s/templates/elastic/kibana-values.yaml
deleted file mode 100644
index 3db9ff53..00000000
--- a/terraform/layer2-k8s/templates/elastic/kibana-values.yaml
+++ /dev/null
@@ -1,262 +0,0 @@
-imageTag: 7.8.0
-imagePullPolicy: Always
-
-resources:
-  requests:
-    cpu: "512m"
-    memory: "1Gi"
-  limits:
-    cpu: "512m"
-    memory: "1Gi"
-
-ingress:
-  enabled: true
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
-    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_set_header Authorization "Basic ${kibana_base64_creds}";
-      proxy_set_header es-security-runas-user $http_x_forwarded_user;
-      proxy_set_header x-proxy-user $http_x_forwarded_user;
-  path: /
-  hosts:
-    - ${domain_name}
-#  tls:
-#  - hosts: 
-#    - ${domain_name}
-    
-elasticsearchHosts: "https://elasticsearch-master:9200"
-
-extraEnvs:
-  - name: "NODE_OPTIONS"
-    value: "--max-old-space-size=800"
-  - name: 'ELASTICSEARCH_USERNAME'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: username
-  - name: 'ELASTICSEARCH_PASSWORD'
-    valueFrom:
-      secretKeyRef:
-        name: elastic-credentials
-        key: password
-  - name: 'KIBANA_ENCRYPTION_KEY'
-    valueFrom:
-      secretKeyRef:
-        name: kibana-encryption-key
-        key: encryptionkey
-
-kibanaConfig:
-  kibana.yml: |
-    server.ssl:
-      enabled: true
-      key: /usr/share/kibana/config/certs/tls.key
-      certificate: /usr/share/kibana/config/certs/tls.crt
-    xpack.security.encryptionKey: $${KIBANA_ENCRYPTION_KEY}
-    elasticsearch.requestHeadersWhitelist: [ es-security-runas-user, authorization ]
-    xpack.monitoring.elasticsearch.requestHeadersWhitelist: [ es-security-runas-user, authorization ]
-    elasticsearch.ssl:
-      verificationMode: none
-      certificateAuthorities: /usr/share/kibana/config/certs/tls.crt
-
-protocol: https
-
-secretMounts:
-  - name: elastic-certificates
-    secretName: elastic-certificates
-    path: /usr/share/kibana/config/certs
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: node.kubernetes.io/lifecycle
-          operator: In
-          values:
-            - spot
-
-extraInitContainers:
-  - name: es-check
-    image: "appropriate/curl:latest"
-    imagePullPolicy: "IfNotPresent"
-    command:
-      - "/bin/sh"
-      - "-c"
-      - |
-        is_down=true
-        while "$is_down"; do
-          if curl -k -sSf --fail-early --connect-timeout 5 -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200;
-          then
-            is_down=false
-          else
-            sleep 5
-          fi
-        done
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: s3-repo
-    image: "appropriate/curl:latest"
-    imagePullPolicy: "IfNotPresent"
-    command:
-      - "/bin/sh"
-      - "-c"
-      - "curl -k -X PUT -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_snapshot/s3_repository -H 'Content-Type:application/json' -d '{ \"type\": \"s3\", \"settings\": {\"bucket\": \"${bucket_name}\", \"server_side_encryption\": \"true\"}}'"
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: roles
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X POST -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_security/role/kibana_basic_user -H ''Content-Type: application/json'' 
-        -d ''{"applications":[{"application":"kibana-.kibana","privileges":["feature_discover.all","feature_visualize.all","feature_dashboard.all","feature_dev_tools.all","feature_advancedSettings.all"],"resources":["space:default"]}]}''
-        &&
-        curl -X POST -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_security/role/all_indexes_read -H ''Content-Type: application/json'' 
-        -d ''{"indices":[{"names":["*"],"privileges":["read"],"allow_restricted_indices":false}]}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: kibana-user
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X POST -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_security/user/${kibana_user} -H ''Content-Type: application/json'' 
-        -d ''{"password" : "${kibana_password}","roles" : [ "superuser"],"full_name" : "Kibana User","email" : ""}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: snapshots
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X PUT -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_slm/policy/daily-snapshots?pretty -H ''Content-Type: application/json'' 
-        -d ''{"schedule": "0 30 1 * * ?","name": "<daily-snap-{now/d}>","repository": "s3_repository","config": {"ignore_unavailable": false,"include_global_state": false},"retention": {"expire_after": "${snapshot_retention_days}d","min_count": 5,"max_count": 50}}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: delete-old-indicies
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X PUT -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_ilm/policy/delete_old_indicies -H ''Content-Type: application/json'' 
-        -d ''{"policy": {"phases": {"hot": {"actions": {"set_priority": {"priority": 100 }}}, "delete": { "min_age": "${index_retention_days}d", "actions": {"delete": {} }}}}}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: filebeat-template
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X PUT -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_template/filebeat?pretty -H ''Content-Type: application/json'' 
-        -d ''{"index_patterns": ["filebeat-*"], "settings": {"number_of_shards": 1,"number_of_replicas": 1,"index.lifecycle.name": "delete_old_indicies" }}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: apm-template
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X PUT -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_template/apm?pretty -H ''Content-Type: application/json'' 
-        -d ''{"index_patterns": ["apm-*"], "settings": {"number_of_shards": 1,"number_of_replicas": 1,"index.lifecycle.name": "delete_old_indicies" }}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
-  - name: metricbeat-template
-    command:
-      - /bin/sh
-      - -c
-      - 'curl -X PUT -k -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD https://elasticsearch-master:9200/_template/metricbeat?pretty -H ''Content-Type: application/json'' 
-        -d ''{"index_patterns": ["metricbeat-*"], "settings": {"number_of_shards": 1,"number_of_replicas": 1,"index.lifecycle.name": "delete_old_indicies" }}'''
-    image: appropriate/curl:latest
-    imagePullPolicy: IfNotPresent
-    env:
-      - name: 'ELASTICSEARCH_USERNAME'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: username
-      - name: 'ELASTICSEARCH_PASSWORD'
-        valueFrom:
-          secretKeyRef:
-            name: elastic-credentials
-            key: password
diff --git a/terraform/layer2-k8s/templates/elastic/metricbeat-values.yaml b/terraform/layer2-k8s/templates/elastic/metricbeat-values.yaml
deleted file mode 100644
index a7145ac7..00000000
--- a/terraform/layer2-k8s/templates/elastic/metricbeat-values.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
-daemonset:
-  extraEnvs:
-    - name: 'ELASTICSEARCH_USERNAME'
-      valueFrom:
-        secretKeyRef:
-          name: elastic-credentials
-          key: username
-    - name: 'ELASTICSEARCH_PASSWORD'
-      valueFrom:
-        secretKeyRef:
-          name: elastic-credentials
-          key: password
-  # Allows you to add any config files in /usr/share/metricbeat
-  # such as metricbeat.yml for daemonset
-  metricbeatConfig:
-    metricbeat.yml: |
-      metricbeat.modules:
-      - module: kubernetes
-        metricsets:
-          - container
-          - node
-          - pod
-          - system
-          - volume
-        period: 10s
-        host: "$${NODE_NAME}"
-        hosts: ["https://$${NODE_NAME}:10250"]
-        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-        ssl.verification_mode: "none"
-        # If using Red Hat OpenShift remove ssl.verification_mode entry and
-        # uncomment these settings:
-        #ssl.certificate_authorities:
-          #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
-        processors:
-        - add_kubernetes_metadata: ~
-      - module: kubernetes
-        enabled: true
-        metricsets:
-          - event
-      - module: system
-        period: 10s
-        metricsets:
-          - cpu
-          - load
-          - memory
-          - network
-          - process
-          - process_summary
-        processes: ['.*']
-        process.include_top_n:
-          by_cpu: 5
-          by_memory: 5
-      - module: system
-        period: 1m
-        metricsets:
-          - filesystem
-          - fsstat
-        processors:
-        - drop_event.when.regexp:
-            system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
-      output.elasticsearch:
-        username: '$${ELASTICSEARCH_USERNAME}'
-        password: '$${ELASTICSEARCH_PASSWORD}'
-        protocol: https
-        hosts: ["elasticsearch-master:9200"]
-        ssl.verification_mode: none
-    
-  secretMounts:
-  - name: elastic-certificates
-    secretName: elastic-certificates
-    path: /usr/share/metricbeat/config/certs
-
-deployment:
-  extraEnvs:
-    - name: 'ELASTICSEARCH_USERNAME'
-      valueFrom:
-        secretKeyRef:
-          name: elastic-credentials
-          key: username
-    - name: 'ELASTICSEARCH_PASSWORD'
-      valueFrom:
-        secretKeyRef:
-          name: elastic-credentials
-          key: password
-  # Allows you to add any config files in /usr/share/metricbeat
-  # such as metricbeat.yml for deployment
-  metricbeatConfig:
-    metricbeat.yml: |
-      metricbeat.modules:
-      - module: kubernetes
-        enabled: true
-        metricsets:
-          - state_node
-          - state_deployment
-          - state_replicaset
-          - state_pod
-          - state_container
-        period: 10s
-        hosts: ["$${KUBE_STATE_METRICS_HOSTS}"]
-      output.elasticsearch:
-        username: '$${ELASTICSEARCH_USERNAME}'
-        password: '$${ELASTICSEARCH_PASSWORD}'
-        protocol: https
-        hosts: ["elasticsearch-master:9200"]
-        ssl.verification_mode: none
-
-  secretMounts:
-  - name: elastic-certificates
-    secretName: elastic-certificates
-    path: /usr/share/metricbeat/config/certs
\ No newline at end of file
diff --git a/terraform/layer2-k8s/templates/gitlab-runner-values.tmpl b/terraform/layer2-k8s/templates/gitlab-runner-values.yaml
similarity index 100%
rename from terraform/layer2-k8s/templates/gitlab-runner-values.tmpl
rename to terraform/layer2-k8s/templates/gitlab-runner-values.yaml
diff --git a/terraform/layer2-k8s/templates/loki-stack-values.tmpl b/terraform/layer2-k8s/templates/loki-stack-values.yaml
similarity index 100%
rename from terraform/layer2-k8s/templates/loki-stack-values.tmpl
rename to terraform/layer2-k8s/templates/loki-stack-values.yaml
diff --git a/terraform/layer2-k8s/templates/mysql-backup-values.yaml b/terraform/layer2-k8s/templates/mysql-backup-values.yaml
deleted file mode 100644
index 0fb26662..00000000
--- a/terraform/layer2-k8s/templates/mysql-backup-values.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-mysql:
-  port: 3306
-  host: ${db_host}
-  database: ${db_name}
-  secret:
-    name: mysql-connection
-    keys:
-      user: db-user
-      password: db-password
-
-s3:
-  enabled: true
-  bucket: ${bucket_name}
-  filePrefix: mysqldump
-  secret:
-    name: mysql-backup-s3-creds
-    keys:
-      accessKeyId: accessKeyId
-      secretAccessKey: secretAccessKey
diff --git a/terraform/layer2-k8s/templates/oauth2-proxy-values.yaml b/terraform/layer2-k8s/templates/oauth2-proxy-values.yaml
deleted file mode 100644
index 677f828b..00000000
--- a/terraform/layer2-k8s/templates/oauth2-proxy-values.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-image:
-  tag: "v6.0.0"
-
-config:
-  existingSecret: kibana-oauth2-secrets
-
-extraArgs:
-  provider: gitlab
-  email-domain: "*"
-  gitlab-group: "${gitlab_group}"
-  redirect-url: "https://${domain_name}/oauth2/callback"
-  upstream: "https://${domain_name}/"
-  approval-prompt: auto
-
-ingress:
-  enabled: true
-  path: /oauth2
-  hosts:
-    - ${domain_name}
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-
-resources:
-  limits:
-    cpu: 100m
-    memory: 256Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
diff --git a/terraform/layer2-k8s/templates/postgresql-backups-values.tmpl b/terraform/layer2-k8s/templates/postgresql-backups-values.tmpl
deleted file mode 100644
index b295a084..00000000
--- a/terraform/layer2-k8s/templates/postgresql-backups-values.tmpl
+++ /dev/null
@@ -1,43 +0,0 @@
-image:
-  repository: dymokd/pg-backups-s3
-  tag: latest
-  pullPolicy: IfNotPresent
-
-ExternalSecret:
-  enabled: true
-  Envs:
-    - key: /${name_wo_region}/infra/alertmanager/slack_url
-      name: SLACK_URL
-    - key: /${name_wo_region}/env/pg_host
-      name: PG_HOST
-    - key: /${name_wo_region}/env/pg_port
-      name: PG_PORT
-    - key: /${name_wo_region}/env/pg_user
-      name: PG_USER
-    - key: /${name_wo_region}/env/pg_database
-      name: PG_DATABASE
-    - key: /${name_wo_region}/env/pg_pass
-      name: PG_PASS
-    - key: /${name_wo_region}/env/s3/pg_backups_bucket_name
-      name: AWS_BUCKET_NAME
-    - key: /${name_wo_region}/env/s3/pg_backups_bucket_region
-      name: AWS_BUCKET_REGION
-    - key: /${name_wo_region}/env/s3/access_key_id
-      name: AWS_ACCESS_KEY_ID
-    - key: /${name_wo_region}/env/s3/access_secret_key
-      name: AWS_SECRET_ACCESS_KEY
-
-scheduler:
-  enabled: true
-  schedule: "00 17 * * *"
-  resources:
-    limits:
-      cpu: 100m
-      memory: 256Mi
-    requests:
-      cpu: 100m
-      memory: 256Mi
-  successfulJobsHistoryLimit: 5
-  concurrencyPolicy: Forbid
-  failedJobsHistoryLimit: 5
-  restartPolicy: OnFailure
diff --git a/terraform/layer2-k8s/templates/postgresql-exporter-user-script.tmpl b/terraform/layer2-k8s/templates/postgresql-exporter-user-script.tmpl
deleted file mode 100644
index a602c1c9..00000000
--- a/terraform/layer2-k8s/templates/postgresql-exporter-user-script.tmpl
+++ /dev/null
@@ -1,29 +0,0 @@
-image:
-  repository: dymokd/pg-exporter-user
-  tag: latest
-  pullPolicy: IfNotPresent
-
-ttlSecondsAfterFinished: 0
-activeDeadlineSeconds: 3600
-backoffLimit: 6
-
-Envs:
-  - name: PG_HOST
-    value: "${pg_host}"
-  - name: PG_PORT
-    value: "${pg_port}"
-  - name: PG_USER
-    value: "${pg_user}"
-  - name: PG_PASS
-    value: "${pg_pass}"
-  - name: PG_DATABASE
-    value: "${pg_database}"
-  - name: PG_EXPORTER_PASS
-    value: "${pg_exporter_pass}"
-
-
-command: ["/bin/bash", "-c"]
-
-args: ["PGPASSWORD=$PG_PASS psql --set=generate_pass=$PG_EXPORTER_PASS -h $PG_HOST -p $PG_PORT -U $PG_USER -d $PG_DATABASE -f /app/pg_exporter_user.sql"]
-
-
diff --git a/terraform/layer2-k8s/templates/prometheus-mysql-exporter.yaml b/terraform/layer2-k8s/templates/prometheus-mysql-exporter.yaml
deleted file mode 100644
index b76e3a92..00000000
--- a/terraform/layer2-k8s/templates/prometheus-mysql-exporter.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-serviceMonitor:
-  enabled: true
-
-mysql:
-  existingSecret: mysql-exporter
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-            - SPOT
diff --git a/terraform/layer2-k8s/templates/prometheus-postgresql-exporter.tmpl b/terraform/layer2-k8s/templates/prometheus-postgresql-exporter.tmpl
deleted file mode 100644
index 6bc0ccae..00000000
--- a/terraform/layer2-k8s/templates/prometheus-postgresql-exporter.tmpl
+++ /dev/null
@@ -1,26 +0,0 @@
-config:
-  datasource:
-    host: ${pg_host}
-    user: "postgres_exporter"
-    password: ${pg_pass}
-    port: ${pg_port}
-    database: ${pg_database}
-    sslmode: disable
-
-serviceMonitor:
-  enabled: true
-  namespace: monitoring
-  interval: 30s
-  telemetryPath: /metrics
-  timeout: 10s
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-            - SPOT
-
diff --git a/terraform/layer2-k8s/templates/prometheus-values.tmpl b/terraform/layer2-k8s/templates/prometheus-values.yaml
similarity index 100%
rename from terraform/layer2-k8s/templates/prometheus-values.tmpl
rename to terraform/layer2-k8s/templates/prometheus-values.yaml

From 6899b9f24affaea214f02140d6d4e1f391752a81 Mon Sep 17 00:00:00 2001
From: maxim <nikromax@gmail.com>
Date: Tue, 26 Oct 2021 16:38:25 +0600
Subject: [PATCH 3/4] refactor: delete variables related to ecr repos

---
 terraform/layer1-aws/variables.tf | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf
index 7d33435a..7d2b4f71 100644
--- a/terraform/layer1-aws/variables.tf
+++ b/terraform/layer1-aws/variables.tf
@@ -245,17 +245,3 @@ variable "eks_cluster_encryption_config_enable" {
   default     = false
   description = "Enable or not encryption for k8s secrets with aws-kms"
 }
-
-# ECR
-variable "ecr_repos" {
-  type        = list(any)
-  default     = ["demo"]
-  description = "List of docker repositories"
-}
-
-variable "ecr_repo_retention_count" {
-  type        = number
-  default     = 50
-  description = "number of images to store in ECR"
-}
-

From f61ec8ba0020ccaae19b5891606cda047af68c13 Mon Sep 17 00:00:00 2001
From: maxim <nikromax@gmail.com>
Date: Tue, 26 Oct 2021 16:51:16 +0600
Subject: [PATCH 4/4] add notes in doc how to deploy teamcity

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 8869a36d..d474f107 100644
--- a/README.md
+++ b/README.md
@@ -474,6 +474,7 @@ This will allow you to expand your basic functionality by launching a monitoring
 * If you want to deploy **`Pritunl VPN`** server just move `layer1-aws/examples/aws-ec2-pritunl.tf` to the root of the layer.
 * If you want to deploy **`Gitlab runner`** that runs workers as k8s pods (in EKS cluster), move `layer1-aws/examples/aws-s3-bucket-gitlab-runner-cache.tf` and `layer2-k8s/examples/eks-gitlab-runner.tf` to the root of the layers.
 * If you want to deploy `Istio Operator` move `layer2-k8s/examples/eks-istio.tf` to the root of the layer.
+* If you want to deploy `Teamcity` move `layer2-k8s/examples/eks-teamcity.tf` to the root of the layer.
 
 ## TFSEC