From 361c08206460e2c7cea70468970cd5e87124b921 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Fri, 23 Mar 2018 10:08:04 +0100
Subject: [PATCH] govcloud: remove terraform configs

---
 platforms/govcloud/config.tf    |   1 -
 platforms/govcloud/main.tf      | 238 -----------------------
 platforms/govcloud/s3.tf        |  65 -------
 platforms/govcloud/tectonic.tf  | 118 ------------
 platforms/govcloud/tls.tf       |  47 -----
 platforms/govcloud/variables.tf | 331 --------------------------------
 6 files changed, 800 deletions(-)
 delete mode 120000 platforms/govcloud/config.tf
 delete mode 100644 platforms/govcloud/main.tf
 delete mode 100644 platforms/govcloud/s3.tf
 delete mode 100644 platforms/govcloud/tectonic.tf
 delete mode 100644 platforms/govcloud/tls.tf
 delete mode 100644 platforms/govcloud/variables.tf

diff --git a/platforms/govcloud/config.tf b/platforms/govcloud/config.tf
deleted file mode 120000
index a040ec375dc..00000000000
--- a/platforms/govcloud/config.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../config.tf
\ No newline at end of file
diff --git a/platforms/govcloud/main.tf b/platforms/govcloud/main.tf
deleted file mode 100644
index e45cefe30df..00000000000
--- a/platforms/govcloud/main.tf
+++ /dev/null
@@ -1,238 +0,0 @@
-provider "aws" {
-  region  = "us-gov-west-1"
-  profile = "${var.tectonic_govcloud_profile}"
-  version = "1.8.0"
-
-  assume_role {
-    role_arn     = "${var.tectonic_aws_installer_role == "" ? "" : "${var.tectonic_aws_installer_role}"}"
-    session_name = "TECTONIC_INSTALLER_${var.tectonic_cluster_name}"
-  }
-}
-
-data "aws_availability_zones" "azs" {}
-
-module "container_linux" {
-  source = "../../modules/container_linux"
-
-  release_channel = "${var.tectonic_container_linux_channel}"
-  release_version = "${var.tectonic_container_linux_version}"
-}
-
-module "vpc" {
-  source = "../../modules/aws/vpc"
-
-  base_domain     = "${var.tectonic_base_domain}"
-  cidr_block      = "${var.tectonic_govcloud_vpc_cidr_block}"
-  cluster_id      = "${module.tectonic.cluster_id}"
-  cluster_name    = "${var.tectonic_cluster_name}"
-  custom_dns_name = "${var.tectonic_dns_name}"
-  enable_etcd_sg  = "${length(compact(var.tectonic_etcd_servers)) == 0 ? 1 : 0}"
-  external_vpc_id = "${var.tectonic_govcloud_external_vpc_id}"
-
-  external_master_subnet_ids = "${compact(var.tectonic_govcloud_external_master_subnet_ids)}"
-  external_worker_subnet_ids = "${compact(var.tectonic_govcloud_external_worker_subnet_ids)}"
-  extra_tags                 = "${var.tectonic_govcloud_extra_tags}"
-
-  // empty map subnet_configs will have the vpc module creating subnets in all availabile AZs
-  new_master_subnet_configs = "${var.tectonic_govcloud_master_custom_subnets}"
-  new_worker_subnet_configs = "${var.tectonic_govcloud_worker_custom_subnets}"
-
-  private_master_endpoints = true
-  public_master_endpoints  = false
-}
-
-module "etcd" {
-  source = "../../modules/govcloud/etcd"
-
-  base_domain                = "${var.tectonic_base_domain}"
-  cluster_id                 = "${module.tectonic.cluster_id}"
-  cluster_name               = "${var.tectonic_cluster_name}"
-  container_image            = "${var.tectonic_container_images["etcd"]}"
-  container_linux_channel    = "${var.tectonic_container_linux_channel}"
-  container_linux_version    = "${module.container_linux.version}"
-  ec2_type                   = "${var.tectonic_govcloud_etcd_ec2_type}"
-  external_endpoints         = "${compact(var.tectonic_etcd_servers)}"
-  extra_tags                 = "${var.tectonic_govcloud_extra_tags}"
-  ign_etcd_crt_id_list       = "${module.ignition_masters.etcd_crt_id_list}"
-  ign_etcd_dropin_id_list    = "${module.ignition_masters.etcd_dropin_id_list}"
-  ign_profile_env_id         = "${local.tectonic_http_proxy_enabled ? module.ignition_masters.profile_env_id : ""}"
-  ign_systemd_default_env_id = "${local.tectonic_http_proxy_enabled ? module.ignition_masters.systemd_default_env_id : ""}"
-  instance_count             = "${length(data.template_file.etcd_hostname_list.*.id)}"
-  root_volume_iops           = "${var.tectonic_govcloud_etcd_root_volume_iops}"
-  root_volume_size           = "${var.tectonic_govcloud_etcd_root_volume_size}"
-  root_volume_type           = "${var.tectonic_govcloud_etcd_root_volume_type}"
-  s3_bucket                  = "${aws_s3_bucket.tectonic.bucket}"
-  sg_ids                     = "${concat(var.tectonic_govcloud_etcd_extra_sg_ids, list(module.vpc.etcd_sg_id))}"
-  ssh_key                    = "${var.tectonic_govcloud_ssh_key}"
-  subnets                    = "${module.vpc.worker_subnet_ids}"
-  dns_server_ip              = "${var.tectonic_govcloud_dns_server_ip}"
-}
-
-module "ignition_masters" {
-  source = "../../modules/ignition"
-
-  assets_location           = "${aws_s3_bucket_object.tectonic_assets.bucket}/${aws_s3_bucket_object.tectonic_assets.key}"
-  base_domain               = "${var.tectonic_base_domain}"
-  bootstrap_upgrade_cl      = "${var.tectonic_bootstrap_upgrade_cl}"
-  cloud_provider            = "aws"
-  cluster_name              = "${var.tectonic_cluster_name}"
-  container_images          = "${var.tectonic_container_images}"
-  custom_ca_cert_pem_list   = "${var.tectonic_custom_ca_pem_list}"
-  etcd_advertise_name_list  = "${data.template_file.etcd_hostname_list.*.rendered}"
-  etcd_ca_cert_pem          = "${module.ca_certs.etcd_ca_cert_pem}"
-  etcd_client_crt_pem       = "${module.etcd_certs.etcd_client_cert_pem}"
-  etcd_client_key_pem       = "${module.etcd_certs.etcd_client_key_pem}"
-  etcd_count                = "${length(data.template_file.etcd_hostname_list.*.id)}"
-  etcd_initial_cluster_list = "${data.template_file.etcd_hostname_list.*.rendered}"
-  etcd_peer_crt_pem         = "${module.etcd_certs.etcd_peer_cert_pem}"
-  etcd_peer_key_pem         = "${module.etcd_certs.etcd_peer_key_pem}"
-  etcd_server_crt_pem       = "${module.etcd_certs.etcd_server_cert_pem}"
-  etcd_server_key_pem       = "${module.etcd_certs.etcd_server_key_pem}"
-  http_proxy                = "${var.tectonic_http_proxy_address}"
-  https_proxy               = "${var.tectonic_https_proxy_address}"
-  image_re                  = "${var.tectonic_image_re}"
-  ingress_ca_cert_pem       = "${module.ingress_certs.ca_cert_pem}"
-  iscsi_enabled             = "${var.tectonic_iscsi_enabled}"
-  root_ca_cert_pem          = "${module.ca_certs.kube_ca_cert_pem}"
-  kube_dns_service_ip       = "${module.bootkube.kube_dns_service_ip}"
-  kubeconfig_fetch_cmd      = "/opt/s3-puller.sh ${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key} /etc/kubernetes/kubeconfig"
-  kubelet_debug_config      = "${var.tectonic_kubelet_debug_config}"
-  kubelet_node_label        = "node-role.kubernetes.io/master"
-  kubelet_node_taints       = "node-role.kubernetes.io/master=:NoSchedule"
-  no_proxy                  = "${var.tectonic_no_proxy}"
-}
-
-module "masters" {
-  source = "../../modules/govcloud/master-asg"
-
-  assets_s3_location                   = "${aws_s3_bucket_object.tectonic_assets.bucket}/${aws_s3_bucket_object.tectonic_assets.key}"
-  autoscaling_group_extra_tags         = "${var.tectonic_autoscaling_group_extra_tags}"
-  aws_lbs                              = "${module.vpc.aws_lbs}"
-  base_domain                          = "${var.tectonic_base_domain}"
-  cluster_id                           = "${module.tectonic.cluster_id}"
-  cluster_name                         = "${var.tectonic_cluster_name}"
-  container_images                     = "${var.tectonic_container_images}"
-  container_linux_channel              = "${var.tectonic_container_linux_channel}"
-  container_linux_version              = "${module.container_linux.version}"
-  ec2_type                             = "${var.tectonic_govcloud_master_ec2_type}"
-  extra_tags                           = "${var.tectonic_govcloud_extra_tags}"
-  ign_bootkube_path_unit_id            = "${module.bootkube.systemd_path_unit_id}"
-  ign_bootkube_service_id              = "${module.bootkube.systemd_service_id}"
-  ign_ca_cert_id_list                  = "${module.ignition_masters.ca_cert_id_list}"
-  ign_docker_dropin_id                 = "${module.ignition_masters.docker_dropin_id}"
-  ign_init_assets_service_id           = "${module.ignition_masters.init_assets_service_id}"
-  ign_installer_kubelet_env_id         = "${module.ignition_masters.installer_kubelet_env_id}"
-  ign_installer_runtime_mappings_id    = "${module.ignition_masters.installer_runtime_mappings_id}"
-  ign_iscsi_service_id                 = "${module.ignition_masters.iscsi_service_id}"
-  ign_k8s_node_bootstrap_service_id    = "${module.ignition_masters.k8s_node_bootstrap_service_id}"
-  ign_kubelet_service_id               = "${module.ignition_masters.kubelet_service_id}"
-  ign_locksmithd_service_id            = "${module.ignition_masters.locksmithd_service_id}"
-  ign_max_user_watches_id              = "${module.ignition_masters.max_user_watches_id}"
-  ign_profile_env_id                   = "${local.tectonic_http_proxy_enabled ? module.ignition_masters.profile_env_id : ""}"
-  ign_rm_assets_path_unit_id           = "${module.ignition_masters.rm_assets_path_unit_id}"
-  ign_rm_assets_service_id             = "${module.ignition_masters.rm_assets_service_id}"
-  ign_s3_puller_id                     = "${module.ignition_masters.s3_puller_id}"
-  ign_systemd_default_env_id           = "${local.tectonic_http_proxy_enabled ? module.ignition_masters.systemd_default_env_id : ""}"
-  ign_tectonic_path_unit_id            = "${module.tectonic.systemd_path_unit_id}"
-  ign_tectonic_service_id              = "${module.tectonic.systemd_service_id}"
-  ign_update_ca_certificates_dropin_id = "${module.ignition_masters.update_ca_certificates_dropin_id}"
-  image_re                             = "${var.tectonic_image_re}"
-  instance_count                       = "${var.tectonic_master_count}"
-  master_iam_role                      = "${var.tectonic_govcloud_master_iam_role_name}"
-  master_sg_ids                        = "${concat(var.tectonic_govcloud_master_extra_sg_ids, list(module.vpc.master_sg_id))}"
-  private_endpoints                    = true
-  public_endpoints                     = false
-  root_volume_iops                     = "${var.tectonic_govcloud_master_root_volume_iops}"
-  root_volume_size                     = "${var.tectonic_govcloud_master_root_volume_size}"
-  root_volume_type                     = "${var.tectonic_govcloud_master_root_volume_type}"
-  s3_bucket                            = "${aws_s3_bucket.tectonic.bucket}"
-  ssh_key                              = "${var.tectonic_govcloud_ssh_key}"
-  subnet_ids                           = "${module.vpc.master_subnet_ids}"
-  dns_server_ip                        = "${var.tectonic_govcloud_dns_server_ip}"
-}
-
-module "ignition_workers" {
-  source = "../../modules/ignition"
-
-  bootstrap_upgrade_cl    = "${var.tectonic_bootstrap_upgrade_cl}"
-  cloud_provider          = "aws"
-  container_images        = "${var.tectonic_container_images}"
-  custom_ca_cert_pem_list = "${var.tectonic_custom_ca_pem_list}"
-  etcd_ca_cert_pem        = "${module.ca_certs.etcd_ca_cert_pem}"
-  http_proxy              = "${var.tectonic_http_proxy_address}"
-  https_proxy             = "${var.tectonic_https_proxy_address}"
-  image_re                = "${var.tectonic_image_re}"
-  ingress_ca_cert_pem     = "${module.ingress_certs.ca_cert_pem}"
-  iscsi_enabled           = "${var.tectonic_iscsi_enabled}"
-  root_ca_cert_pem        = "${module.ca_certs.kube_ca_cert_pem}"
-  kube_dns_service_ip     = "${module.bootkube.kube_dns_service_ip}"
-  kubeconfig_fetch_cmd    = "/opt/s3-puller.sh ${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key} /etc/kubernetes/kubeconfig"
-  kubelet_debug_config    = "${var.tectonic_kubelet_debug_config}"
-  kubelet_node_label      = "node-role.kubernetes.io/node"
-  kubelet_node_taints     = ""
-  no_proxy                = "${var.tectonic_no_proxy}"
-}
-
-module "workers" {
-  source = "../../modules/govcloud/worker-asg"
-
-  autoscaling_group_extra_tags         = "${var.tectonic_autoscaling_group_extra_tags}"
-  cluster_id                           = "${module.tectonic.cluster_id}"
-  cluster_name                         = "${var.tectonic_cluster_name}"
-  container_linux_channel              = "${var.tectonic_container_linux_channel}"
-  container_linux_version              = "${module.container_linux.version}"
-  ec2_type                             = "${var.tectonic_govcloud_worker_ec2_type}"
-  extra_tags                           = "${var.tectonic_govcloud_extra_tags}"
-  ign_ca_cert_id_list                  = "${module.ignition_masters.ca_cert_id_list}"
-  ign_docker_dropin_id                 = "${module.ignition_workers.docker_dropin_id}"
-  ign_installer_kubelet_env_id         = "${module.ignition_workers.installer_kubelet_env_id}"
-  ign_installer_runtime_mappings_id    = "${module.ignition_workers.installer_runtime_mappings_id}"
-  ign_iscsi_service_id                 = "${module.ignition_workers.iscsi_service_id}"
-  ign_k8s_node_bootstrap_service_id    = "${module.ignition_workers.k8s_node_bootstrap_service_id}"
-  ign_kubelet_service_id               = "${module.ignition_workers.kubelet_service_id}"
-  ign_locksmithd_service_id            = "${module.ignition_workers.locksmithd_service_id}"
-  ign_max_user_watches_id              = "${module.ignition_workers.max_user_watches_id}"
-  ign_profile_env_id                   = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.profile_env_id : ""}"
-  ign_s3_puller_id                     = "${module.ignition_workers.s3_puller_id}"
-  ign_systemd_default_env_id           = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.systemd_default_env_id : ""}"
-  ign_update_ca_certificates_dropin_id = "${module.ignition_workers.update_ca_certificates_dropin_id}"
-  instance_count                       = "${var.tectonic_worker_count}"
-  load_balancers                       = "${var.tectonic_govcloud_worker_load_balancers}"
-  root_volume_iops                     = "${var.tectonic_govcloud_worker_root_volume_iops}"
-  root_volume_size                     = "${var.tectonic_govcloud_worker_root_volume_size}"
-  root_volume_type                     = "${var.tectonic_govcloud_worker_root_volume_type}"
-  s3_bucket                            = "${aws_s3_bucket.tectonic.bucket}"
-  sg_ids                               = "${concat(var.tectonic_govcloud_worker_extra_sg_ids, list(module.vpc.worker_sg_id))}"
-  ssh_key                              = "${var.tectonic_govcloud_ssh_key}"
-  subnet_ids                           = "${module.vpc.worker_subnet_ids}"
-  vpc_id                               = "${module.vpc.vpc_id}"
-  worker_iam_role                      = "${var.tectonic_govcloud_worker_iam_role_name}"
-  dns_server_ip                        = "${var.tectonic_govcloud_dns_server_ip}"
-}
-
-module "dns" {
-  source                         = "../../modules/dns/powerdns"
-  api_url                        = "${var.tectonic_govcloud_dns_server_api_url}"
-  api_external_elb_dns_name      = "${module.vpc.aws_api_external_dns_name}"
-  api_external_elb_zone_id       = "${module.vpc.aws_elb_api_external_zone_id}"
-  api_internal_elb_dns_name      = "${module.vpc.aws_api_internal_dns_name}"
-  api_internal_elb_zone_id       = "${module.vpc.aws_elb_api_internal_zone_id}"
-  api_ip_addresses               = "${module.vpc.aws_lbs}"
-  base_domain                    = "${var.tectonic_base_domain}"
-  cluster_id                     = "${module.tectonic.cluster_id}"
-  cluster_name                   = "${var.tectonic_cluster_name}"
-  console_elb_dns_name           = "${module.vpc.aws_console_dns_name}"
-  console_elb_zone_id            = "${module.vpc.aws_elb_console_zone_id}"
-  custom_dns_name                = "${var.tectonic_dns_name}"
-  elb_alias_enabled              = true
-  etcd_count                     = "${length(data.template_file.etcd_hostname_list.*.id)}"
-  etcd_ip_addresses              = "${module.etcd.ip_addresses}"
-  external_endpoints             = ["${compact(var.tectonic_etcd_servers)}"]
-  master_count                   = "${var.tectonic_master_count}"
-  tectonic_external_private_zone = "${var.tectonic_govcloud_external_private_zone}"
-  tectonic_external_vpc_id       = "${module.vpc.vpc_id}"
-  tectonic_extra_tags            = "${var.tectonic_govcloud_extra_tags}"
-  tectonic_private_endpoints     = true
-  tectonic_public_endpoints      = false
-  api_key                        = "${var.tectonic_govcloud_dns_server_api_key}"
-}
diff --git a/platforms/govcloud/s3.tf b/platforms/govcloud/s3.tf
deleted file mode 100644
index f3d8c3c8954..00000000000
--- a/platforms/govcloud/s3.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-data "aws_region" "current" {
-  current = true
-}
-
-resource "aws_s3_bucket" "tectonic" {
-  # Buckets must start with a lower case name and are limited to 63 characters,
-  # so we prepend the letter 'a' and use the md5 hex digest for the case of a long domain
-  # leaving 29 chars for the cluster name.
-  bucket = "${var.tectonic_govcloud_assets_s3_bucket_name == "" ? format("%s%s-%s", "a", var.tectonic_cluster_name, md5(format("%s-%s", data.aws_region.current.name , var.tectonic_base_domain))) : var.tectonic_govcloud_assets_s3_bucket_name }"
-
-  acl = "private"
-
-  tags = "${merge(map(
-      "Name", "${var.tectonic_cluster_name}-tectonic",
-      "KubernetesCluster", "${var.tectonic_cluster_name}",
-      "tectonicClusterID", "${module.tectonic.cluster_id}"
-    ), var.tectonic_govcloud_extra_tags)}"
-
-  lifecycle {
-    ignore_changes = ["*"]
-  }
-}
-
-# Bootkube / Tectonic assets
-resource "aws_s3_bucket_object" "tectonic_assets" {
-  bucket = "${aws_s3_bucket.tectonic.bucket}"
-  key    = "assets.zip"
-  source = "${data.archive_file.assets.output_path}"
-  acl    = "private"
-
-  # To be on par with the current Tectonic installer, we only do server-side
-  # encryption, using AES256. Eventually, we should start using KMS-based
-  # client-side encryption.
-  server_side_encryption = "AES256"
-
-  tags = "${merge(map(
-      "Name", "${var.tectonic_cluster_name}-tectonic-assets",
-      "KubernetesCluster", "${var.tectonic_cluster_name}",
-      "tectonicClusterID", "${module.tectonic.cluster_id}"
-    ), var.tectonic_govcloud_extra_tags)}"
-
-  lifecycle {
-    ignore_changes = ["*"]
-  }
-}
-
-# kubeconfig
-resource "aws_s3_bucket_object" "kubeconfig" {
-  bucket  = "${aws_s3_bucket.tectonic.bucket}"
-  key     = "kubeconfig"
-  content = "${module.bootkube.kubeconfig-kubelet}"
-  acl     = "private"
-
-  # The current Tectonic installer stores bits of the kubeconfig in KMS. As we
-  # do not support KMS yet, we at least offload it to S3 for now. Eventually,
-  # we should consider using KMS-based client-side encryption, or uploading it
-  # to KMS.
-  server_side_encryption = "AES256"
-
-  tags = "${merge(map(
-      "Name", "${var.tectonic_cluster_name}-kubeconfig",
-      "KubernetesCluster", "${var.tectonic_cluster_name}",
-      "tectonicClusterID", "${module.tectonic.cluster_id}"
-    ), var.tectonic_govcloud_extra_tags)}"
-}
diff --git a/platforms/govcloud/tectonic.tf b/platforms/govcloud/tectonic.tf
deleted file mode 100644
index d5a53041a23..00000000000
--- a/platforms/govcloud/tectonic.tf
+++ /dev/null
@@ -1,118 +0,0 @@
-data "template_file" "etcd_hostname_list" {
-  count    = "${var.tectonic_etcd_count > 0 ? var.tectonic_etcd_count : length(data.aws_availability_zones.azs.names) == 5 ? 5 : 3}"
-  template = "${var.tectonic_cluster_name}-etcd-${count.index}.${var.tectonic_base_domain}"
-}
-
-module "bootkube" {
-  source         = "../../modules/bootkube"
-  cloud_provider = "aws"
-
-  cluster_name = "${var.tectonic_cluster_name}"
-
-  kube_apiserver_url = "https://${module.dns.api_internal_fqdn}:443"
-  oidc_issuer_url    = "https://${module.dns.ingress_internal_fqdn}/identity"
-
-  # Platform-independent variables wiring, do not modify.
-  container_images = "${var.tectonic_container_images}"
-  versions         = "${var.tectonic_versions}"
-
-  service_cidr        = "${var.tectonic_service_cidr}"
-  cluster_cidr        = "${var.tectonic_cluster_cidr}"
-  tectonic_networking = "${var.tectonic_networking}"
-  calico_mtu          = "1480"
-  pull_secret_path    = "${pathexpand(var.tectonic_pull_secret_path)}"
-
-  advertise_address = "0.0.0.0"
-
-  oidc_username_claim = "email"
-  oidc_groups_claim   = "groups"
-  oidc_client_id      = "tectonic-kubectl"
-  oidc_ca_cert        = "${module.ingress_certs.ca_cert_pem}"
-
-  root_ca_cert_pem         = "${module.ca_certs.root_ca_cert_pem}"
-  aggregator_ca_cert_pem   = "${module.ca_certs.aggregator_ca_cert_pem}"
-  apiserver_cert_pem       = "${module.kube_certs.apiserver_cert_pem}"
-  apiserver_key_pem        = "${module.kube_certs.apiserver_key_pem}"
-  apiserver_proxy_cert_pem = "${module.kube_certs.apiserver_proxy_cert_pem}"
-  apiserver_proxy_key_pem  = "${module.kube_certs.apiserver_proxy_key_pem}"
-  etcd_ca_cert_pem         = "${module.ca_certs.etcd_ca_cert_pem}"
-  etcd_client_cert_pem     = "${module.etcd_certs.etcd_client_cert_pem}"
-  etcd_client_key_pem      = "${module.etcd_certs.etcd_client_key_pem}"
-  etcd_peer_cert_pem       = "${module.etcd_certs.etcd_peer_cert_pem}"
-  etcd_peer_key_pem        = "${module.etcd_certs.etcd_peer_key_pem}"
-  etcd_server_cert_pem     = "${module.etcd_certs.etcd_server_cert_pem}"
-  etcd_server_key_pem      = "${module.etcd_certs.etcd_server_key_pem}"
-  kube_ca_cert_pem         = "${module.ca_certs.kube_ca_cert_pem}"
-  kube_ca_key_pem          = "${module.ca_certs.kube_ca_key_pem}"
-  admin_cert_pem           = "${module.kube_certs.admin_cert_pem}"
-  admin_key_pem            = "${module.kube_certs.admin_key_pem}"
-
-  etcd_endpoints = "${module.dns.etcd_endpoints}"
-  master_count   = "${var.tectonic_master_count}"
-
-  cloud_config_path = ""
-}
-
-module "tectonic" {
-  source   = "../../modules/tectonic"
-  platform = "aws"
-
-  cluster_name = "${var.tectonic_cluster_name}"
-
-  base_address       = "${module.dns.ingress_internal_fqdn}"
-  kube_apiserver_url = "https://${module.dns.api_internal_fqdn}:443"
-  service_cidr       = "${var.tectonic_service_cidr}"
-
-  # Platform-independent variables wiring, do not modify.
-  container_images      = "${var.tectonic_container_images}"
-  container_base_images = "${var.tectonic_container_base_images}"
-  versions              = "${var.tectonic_versions}"
-
-  license_path     = "${pathexpand(var.tectonic_license_path)}"
-  pull_secret_path = "${pathexpand(var.tectonic_pull_secret_path)}"
-
-  admin_email    = "${var.tectonic_admin_email}"
-  admin_password = "${var.tectonic_admin_password}"
-
-  update_channel = "${var.tectonic_update_channel}"
-  update_app_id  = "${var.tectonic_update_app_id}"
-  update_server  = "${var.tectonic_update_server}"
-
-  ca_generated = "${var.tectonic_ca_cert == "" ? false : true}"
-
-  ingress_ca_cert_pem = "${module.ingress_certs.ca_cert_pem}"
-  ingress_cert_pem    = "${module.ingress_certs.cert_pem}"
-  ingress_key_pem     = "${module.ingress_certs.key_pem}"
-
-  identity_client_ca_cert  = "${module.ca_certs.root_ca_cert_pem}"
-  identity_client_cert_pem = "${module.identity_certs.client_cert_pem}"
-  identity_client_key_pem  = "${module.identity_certs.client_key_pem}"
-  identity_server_ca_cert  = "${module.ca_certs.kube_ca_cert_pem}"
-  identity_server_cert_pem = "${module.identity_certs.server_cert_pem}"
-  identity_server_key_pem  = "${module.identity_certs.server_key_pem}"
-
-  console_client_id = "tectonic-console"
-  kubectl_client_id = "tectonic-kubectl"
-  ingress_kind      = "NodePort"
-  master_count      = "${var.tectonic_master_count}"
-  stats_url         = "${var.tectonic_stats_url}"
-
-  image_re = "${var.tectonic_image_re}"
-}
-
-data "archive_file" "assets" {
-  type       = "zip"
-  source_dir = "./generated/"
-
-  # Because the archive_file provider is a data source, depends_on can't be
-  # used to guarantee that the tectonic/bootkube modules have generated
-  # all the assets on disk before trying to archive them. Instead, we use their
-  # ID outputs, that are only computed once the assets have actually been
-  # written to disk. We re-hash the IDs (or dedicated module outputs, like module.bootkube.content_hash)
-  # to make the filename shorter, since there is no security nor collision risk anyways.
-  #
-  # Additionally, data sources do not support managing any lifecycle whatsoever,
-  # and therefore, the archive is never deleted. To avoid cluttering the module
-  # folder, we write it in the Terraform managed hidden folder `.terraform`.
-  output_path = "./.terraform/generated_${sha1("${module.etcd_certs.id} ${module.tectonic.id} ${module.bootkube.id}")}.zip"
-}
diff --git a/platforms/govcloud/tls.tf b/platforms/govcloud/tls.tf
deleted file mode 100644
index 89d467e50fd..00000000000
--- a/platforms/govcloud/tls.tf
+++ /dev/null
@@ -1,47 +0,0 @@
-module "ca_certs" {
-  source = "../../modules/tls/ca/self-signed"
-
-  root_ca_cert_pem = "${var.tectonic_ca_cert}"
-  root_ca_key_alg  = "${var.tectonic_ca_key_alg}"
-  root_ca_key_pem  = "${var.tectonic_ca_key}"
-}
-
-module "kube_certs" {
-  source = "../../modules/tls/kube"
-
-  kube_ca_cert_pem       = "${module.ca_certs.kube_ca_cert_pem}"
-  kube_ca_key_alg        = "${module.ca_certs.kube_ca_key_alg}"
-  kube_ca_key_pem        = "${module.ca_certs.kube_ca_key_pem}"
-  aggregator_ca_cert_pem = "${module.ca_certs.aggregator_ca_cert_pem}"
-  aggregator_ca_key_alg  = "${module.ca_certs.aggregator_ca_key_alg}"
-  aggregator_ca_key_pem  = "${module.ca_certs.aggregator_ca_key_pem}"
-  kube_apiserver_url     = "https://${module.dns.api_internal_fqdn}:443"
-  service_cidr           = "${var.tectonic_service_cidr}"
-}
-
-module "etcd_certs" {
-  source = "../../modules/tls/etcd"
-
-  etcd_ca_cert_pem    = "${module.ca_certs.etcd_ca_cert_pem}"
-  etcd_ca_key_alg     = "${module.ca_certs.etcd_ca_key_alg}"
-  etcd_ca_key_pem     = "${module.ca_certs.etcd_ca_key_pem}"
-  service_cidr        = "${var.tectonic_service_cidr}"
-  etcd_cert_dns_names = "${data.template_file.etcd_hostname_list.*.rendered}"
-}
-
-module "ingress_certs" {
-  source = "../../modules/tls/ingress/self-signed"
-
-  base_address = "${module.dns.ingress_internal_fqdn}"
-  ca_cert_pem  = "${module.ca_certs.kube_ca_cert_pem}"
-  ca_key_alg   = "${module.ca_certs.kube_ca_key_alg}"
-  ca_key_pem   = "${module.ca_certs.kube_ca_key_pem}"
-}
-
-module "identity_certs" {
-  source = "../../modules/tls/identity"
-
-  kube_ca_cert_pem = "${module.ca_certs.kube_ca_cert_pem}"
-  kube_ca_key_alg  = "${module.ca_certs.kube_ca_key_alg}"
-  kube_ca_key_pem  = "${module.ca_certs.kube_ca_key_pem}"
-}
diff --git a/platforms/govcloud/variables.tf b/platforms/govcloud/variables.tf
deleted file mode 100644
index e7cf25eb4fe..00000000000
--- a/platforms/govcloud/variables.tf
+++ /dev/null
@@ -1,331 +0,0 @@
-variable "tectonic_govcloud_config_version" {
-  description = <<EOF
-(internal) This declares the version of the AWS configuration variables.
-It has no impact on generated assets but declares the version contract of the configuration.
-EOF
-
-  default = "1.0"
-}
-
-variable "tectonic_govcloud_profile" {
-  description = <<EOF
-(optional) This declares the AWS credentials profile to use.
-EOF
-
-  type    = "string"
-  default = "default"
-}
-
-variable "tectonic_govcloud_ssh_key" {
-  type        = "string"
-  description = "Name of an SSH key located within the AWS region. Example: coreos-user."
-}
-
-variable "tectonic_aws_installer_role" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) Name of IAM role to use to access AWS in order to deploy the Tectonic Cluster.
-The name is also the full role's ARN.
-
-Example:
- * Role ARN  = arn:aws:iam::123456789012:role/tectonic-installer
-EOF
-}
-
-variable "tectonic_govcloud_master_ec2_type" {
-  type        = "string"
-  description = "Instance size for the master node(s). Example: `t2.medium`."
-  default     = "t2.medium"
-}
-
-variable "tectonic_govcloud_worker_ec2_type" {
-  type        = "string"
-  description = "Instance size for the worker node(s). Example: `t2.medium`."
-  default     = "t2.medium"
-}
-
-variable "tectonic_govcloud_etcd_ec2_type" {
-  type = "string"
-
-  description = <<EOF
-  Instance size for the etcd node(s). Example: `t2.medium`. Read the [etcd recommended hardware](https://coreos.com/etcd/docs/latest/op-guide/hardware.html) guide for best performance
-  EOF
-
-  default = "t2.medium"
-}
-
-variable "tectonic_govcloud_etcd_extra_sg_ids" {
-  description = <<EOF
-(optional) List of additional security group IDs for etcd nodes.
-
-Example: `["sg-51530134", "sg-b253d7cc"]`
-EOF
-
-  type    = "list"
-  default = []
-}
-
-variable "tectonic_govcloud_assets_s3_bucket_name" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) Unique name under which the Amazon S3 bucket will be created. Bucket name must start with a lower case name and is limited to 63 characters.
-The Tectonic Installer uses the bucket to store tectonic assets and kubeconfig.
-If name is not provided the installer will construct the name using "tectonic_cluster_name", current AWS region and "tectonic_base_domain"
-EOF
-}
-
-variable "tectonic_govcloud_master_extra_sg_ids" {
-  description = <<EOF
-(optional) List of additional security group IDs for master nodes.
-
-Example: `["sg-51530134", "sg-b253d7cc"]`
-EOF
-
-  type    = "list"
-  default = []
-}
-
-variable "tectonic_govcloud_worker_extra_sg_ids" {
-  description = <<EOF
-(optional) List of additional security group IDs for worker nodes.
-
-Example: `["sg-51530134", "sg-b253d7cc"]`
-EOF
-
-  type    = "list"
-  default = []
-}
-
-variable "tectonic_govcloud_vpc_cidr_block" {
-  type    = "string"
-  default = "10.0.0.0/16"
-
-  description = <<EOF
-Block of IP addresses used by the VPC.
-This should not overlap with any other networks, such as a private datacenter connected via Direct Connect.
-EOF
-}
-
-variable "tectonic_govcloud_external_vpc_id" {
-  type = "string"
-
-  description = <<EOF
-(optional) ID of an existing VPC to launch nodes into.
-If unset a new VPC is created.
-
-Example: `vpc-123456`
-EOF
-
-  default = ""
-}
-
-variable "tectonic_govcloud_external_private_zone" {
-  default = ""
-
-  description = <<EOF
-(optional) If set, the given Route53 zone ID will be used as the internal (private) zone.
-This zone will be used to create etcd DNS records as well as internal API and internal Ingress records.
-If set, no additional private zone will be created.
-
-Example: `"Z1ILINNUJGTAO1"`
-EOF
-}
-
-variable "tectonic_govcloud_external_master_subnet_ids" {
-  type = "list"
-
-  description = <<EOF
-(optional) List of subnet IDs within an existing VPC to deploy master nodes into.
-Required to use an existing VPC, not applicable otherwise.
-
-Example: `["subnet-111111", "subnet-222222", "subnet-333333"]`
-EOF
-
-  default = []
-}
-
-variable "tectonic_govcloud_external_worker_subnet_ids" {
-  type = "list"
-
-  description = <<EOF
-(optional) List of subnet IDs within an existing VPC to deploy worker nodes into.
-Required to use an existing VPC, not applicable otherwise.
-
-Example: `["subnet-111111", "subnet-222222", "subnet-333333"]`
-EOF
-
-  default = []
-}
-
-variable "tectonic_govcloud_extra_tags" {
-  type        = "map"
-  description = "(optional) Extra AWS tags to be applied to created resources."
-  default     = {}
-}
-
-variable "tectonic_autoscaling_group_extra_tags" {
-  type    = "list"
-  default = []
-
-  description = <<EOF
-(optional) Extra AWS tags to be applied to created autoscaling group resources.
-This is a list of maps having the keys `key`, `value` and `propagate_at_launch`.
-
-Example: `[ { key = "foo", value = "bar", propagate_at_launch = true } ]`
-EOF
-}
-
-variable "tectonic_dns_name" {
-  type        = "string"
-  default     = ""
-  description = "(optional) DNS prefix used to construct the console and API server endpoints."
-}
-
-variable "tectonic_govcloud_etcd_root_volume_type" {
-  type        = "string"
-  default     = "gp2"
-  description = "The type of volume for the root block device of etcd nodes."
-}
-
-variable "tectonic_govcloud_etcd_root_volume_size" {
-  type        = "string"
-  default     = "30"
-  description = "The size of the volume in gigabytes for the root block device of etcd nodes."
-}
-
-variable "tectonic_govcloud_etcd_root_volume_iops" {
-  type    = "string"
-  default = "100"
-
-  description = <<EOF
-The amount of provisioned IOPS for the root block device of etcd nodes.
-Ignored if the volume type is not io1.
-EOF
-}
-
-variable "tectonic_govcloud_master_root_volume_type" {
-  type        = "string"
-  default     = "gp2"
-  description = "The type of volume for the root block device of master nodes."
-}
-
-variable "tectonic_govcloud_master_root_volume_size" {
-  type        = "string"
-  default     = "30"
-  description = "The size of the volume in gigabytes for the root block device of master nodes."
-}
-
-variable "tectonic_govcloud_master_root_volume_iops" {
-  type    = "string"
-  default = "100"
-
-  description = <<EOF
-The amount of provisioned IOPS for the root block device of master nodes.
-Ignored if the volume type is not io1.
-EOF
-}
-
-variable "tectonic_govcloud_worker_root_volume_type" {
-  type        = "string"
-  default     = "gp2"
-  description = "The type of volume for the root block device of worker nodes."
-}
-
-variable "tectonic_govcloud_worker_root_volume_size" {
-  type        = "string"
-  default     = "30"
-  description = "The size of the volume in gigabytes for the root block device of worker nodes."
-}
-
-variable "tectonic_govcloud_worker_root_volume_iops" {
-  type    = "string"
-  default = "100"
-
-  description = <<EOF
-The amount of provisioned IOPS for the root block device of worker nodes.
-Ignored if the volume type is not io1.
-EOF
-}
-
-variable "tectonic_govcloud_master_custom_subnets" {
-  type    = "map"
-  default = {}
-
-  description = <<EOF
-(optional) This configures master availability zones and their corresponding subnet CIDRs directly.
-
-Example:
-`{ eu-west-1a = "10.0.0.0/20", eu-west-1b = "10.0.16.0/20" }`
-EOF
-}
-
-variable "tectonic_govcloud_worker_custom_subnets" {
-  type    = "map"
-  default = {}
-
-  description = <<EOF
-(optional) This configures worker availability zones and their corresponding subnet CIDRs directly.
-
-Example: `{ eu-west-1a = "10.0.64.0/20", eu-west-1b = "10.0.80.0/20" }`
-EOF
-}
-
-variable "tectonic_govcloud_master_iam_role_name" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) Name of IAM role to use for the instance profiles of master nodes.
-The name is also the last part of a role's ARN.
-
-Example:
- * Role ARN  = arn:aws:iam::123456789012:role/tectonic-installer
- * Role Name = tectonic-installer
-EOF
-}
-
-variable "tectonic_govcloud_worker_iam_role_name" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) Name of IAM role to use for the instance profiles of worker nodes.
-The name is also the last part of a role's ARN.
-
-Example:
- * Role ARN  = arn:aws:iam::123456789012:role/tectonic-installer
- * Role Name = tectonic-installer
-EOF
-}
-
-variable "tectonic_govcloud_worker_load_balancers" {
-  type    = "list"
-  default = []
-
-  description = <<EOF
-(optional) List of ELBs to attach all worker instances to.
-This is useful for exposing NodePort services via load-balancers managed separately from the cluster.
-
-Example:
- * `["ingress-nginx"]`
-EOF
-}
-
-variable "tectonic_govcloud_dns_server_ip" {
-  description = "The resolver ip of the dns server."
-  type        = "string"
-}
-
-variable "tectonic_govcloud_dns_server_api_url" {
-  description = "The address of the dns server api to create the records."
-  type        = "string"
-}
-
-variable "tectonic_govcloud_dns_server_api_key" {
-  description = "The api key of the dns server to create the records."
-  type        = "string"
-}