diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index a089102758f5079f0d91a05d9345171985e0a6de..e97f07f1dc21acb6d0c979a8dda06ee9f52404a0 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -119,48 +119,7 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
prometheusName: 'k8s',
alertmanagerName: 'main',
- versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' },
- imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' },
-
- tlsCipherSuites: [
- 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
- 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
-
- // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
- // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
- // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2
- // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
- // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
- // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
-
- // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go
-
- 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
- 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
- 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
- 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
- ],
-
- resources+:: {
- 'addon-resizer': {
- requests: { cpu: '10m', memory: '30Mi' },
- limits: { cpu: '50m', memory: '30Mi' },
- },
- 'kube-rbac-proxy': {
- requests: { cpu: '10m', memory: '20Mi' },
- limits: { cpu: '20m', memory: '40Mi' },
- },
- },
+ versions+:: { grafana: '7.3.5' },
grafana+:: {
labels: {
diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
deleted file mode 100644
index 5122e837ce322c005e715e332c7e3ab1cc04932e..0000000000000000000000000000000000000000
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
+++ /dev/null
@@ -1,95 +0,0 @@
-// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet
-// are converted to use kube-rbac-proxy/container.libsonnet
-
-{
- local krp = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
-
- specMixin:: {
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- spec+: {
- template+: {
- spec+: {
- containers+: [{
- name: krp.config.kubeRbacProxy.name,
- image: krp.config.kubeRbacProxy.image,
- args: [
- '--logtostderr',
- '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
- '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
- '--upstream=' + krp.config.kubeRbacProxy.upstream,
- ],
- ports: [
- { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
- ],
- securityContext: {
- runAsUser: 65532,
- runAsGroup: 65532,
- runAsNonRoot: true,
- },
- }],
- },
- },
- },
- },
-
- deploymentMixin:: {
- local dm = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- deployment+: krp.specMixin {
- config+:: {
- kubeRbacProxy+: dm.config.kubeRbacProxy,
- },
- },
- },
-
- statefulSetMixin:: {
- local sm = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- statefulSet+: krp.specMixin {
- config+:: {
- kubeRbacProxy+: sm.config.kubeRbacProxy,
- },
- },
- },
-}