From 2d4b7e2193cf2803b18e3da23b04c3d5a8bbea75 Mon Sep 17 00:00:00 2001
From: Max Baumann <max@bmn.dev>
Date: Fri, 13 Dec 2024 19:10:49 +0100
Subject: [PATCH] chore: remove infrastructure (#910)

---
 .dockerignore                                 |   2 +-
 README.md                                     |   4 -
 infrastructure/README.md                      | 124 ----------
 infrastructure/charts/README.md               |   4 -
 infrastructure/charts/dashboard/.helmignore   |  23 --
 infrastructure/charts/dashboard/Chart.yaml    |   6 -
 .../charts/dashboard/templates/NOTES.txt      |  16 --
 .../charts/dashboard/templates/_helpers.tpl   |  62 -----
 .../dashboard/templates/deployment.yaml       |  64 ------
 .../charts/dashboard/templates/hpa.yaml       |  32 ---
 .../charts/dashboard/templates/service.yaml   |  15 --
 .../dashboard/templates/serviceaccount.yaml   |  12 -
 .../templates/tests/test-connection.yaml      |  15 --
 infrastructure/charts/dashboard/values.yaml   |  62 -----
 infrastructure/charts/service/.helmignore     |  23 --
 infrastructure/charts/service/Chart.yaml      |  24 --
 .../charts/service/templates/NOTES.txt        |  22 --
 .../charts/service/templates/_helpers.tpl     |  84 -------
 .../charts/service/templates/deployment.yaml  |  91 --------
 .../charts/service/templates/hpa.yaml         |  28 ---
 .../charts/service/templates/ingress.yaml     |  61 -----
 .../charts/service/templates/service.yaml     |  21 --
 .../service/templates/serviceaccount.yaml     |  12 -
 .../templates/tests/test-connection.yaml      |  15 --
 infrastructure/charts/service/values.yaml     |  79 -------
 infrastructure/fly/jaeger.staging.toml        |  18 --
 infrastructure/fly/spicedb.staging.toml       |  39 ----
 infrastructure/terraform/.gitignore           |  34 ---
 infrastructure/terraform/README.md            |  12 -
 .../environments/local/.terraform.lock.hcl    |  41 ----
 .../terraform/environments/local/README.md    |  12 -
 .../terraform/environments/local/main.tf      |  26 ---
 .../terraform/environments/local/providers.tf |   7 -
 .../terraform/environments/local/versions.tf  |  13 --
 .../environments/staging/.terraform.lock.hcl  |  82 -------
 .../environments/staging/cert-manager.tf      |  32 ---
 .../terraform/environments/staging/cert.tf    | 101 ---------
 .../environments/staging/cloudflare.tf        |  87 -------
 .../terraform/environments/staging/coredns.tf |  51 -----
 .../terraform/environments/staging/gcp.tf     |   4 -
 .../terraform/environments/staging/gke.tf     |  68 ------
 .../terraform/environments/staging/outputs.tf |   3 -
 .../environments/staging/providers.tf         |  24 --
 .../environments/staging/variables.tf         |  34 ---
 .../environments/staging/versions.tf          |  23 --
 .../.terraform.lock.hcl                       |  22 --
 .../hw-tf-module-cluster-resources/apisix.tf  | 212 ------------------
 .../auth-svc.tf                               |  47 ----
 .../hw-tf-module-cluster-resources/coredns.tf |  63 ------
 .../hw-tf-module-cluster-resources/dapr.tf    |  37 ---
 .../dashboard.tf                              |  78 -------
 .../replicator.tf                             |  15 --
 .../task-svc.tf                               | 101 ---------
 .../user-svc.tf                               |  53 -----
 .../versions.tf                               |  13 --
 renovate.json                                 |   1 -
 56 files changed, 1 insertion(+), 2253 deletions(-)
 delete mode 100644 infrastructure/README.md
 delete mode 100644 infrastructure/charts/README.md
 delete mode 100644 infrastructure/charts/dashboard/.helmignore
 delete mode 100644 infrastructure/charts/dashboard/Chart.yaml
 delete mode 100644 infrastructure/charts/dashboard/templates/NOTES.txt
 delete mode 100644 infrastructure/charts/dashboard/templates/_helpers.tpl
 delete mode 100644 infrastructure/charts/dashboard/templates/deployment.yaml
 delete mode 100644 infrastructure/charts/dashboard/templates/hpa.yaml
 delete mode 100644 infrastructure/charts/dashboard/templates/service.yaml
 delete mode 100644 infrastructure/charts/dashboard/templates/serviceaccount.yaml
 delete mode 100644 infrastructure/charts/dashboard/templates/tests/test-connection.yaml
 delete mode 100644 infrastructure/charts/dashboard/values.yaml
 delete mode 100644 infrastructure/charts/service/.helmignore
 delete mode 100644 infrastructure/charts/service/Chart.yaml
 delete mode 100644 infrastructure/charts/service/templates/NOTES.txt
 delete mode 100644 infrastructure/charts/service/templates/_helpers.tpl
 delete mode 100644 infrastructure/charts/service/templates/deployment.yaml
 delete mode 100644 infrastructure/charts/service/templates/hpa.yaml
 delete mode 100644 infrastructure/charts/service/templates/ingress.yaml
 delete mode 100644 infrastructure/charts/service/templates/service.yaml
 delete mode 100644 infrastructure/charts/service/templates/serviceaccount.yaml
 delete mode 100644 infrastructure/charts/service/templates/tests/test-connection.yaml
 delete mode 100644 infrastructure/charts/service/values.yaml
 delete mode 100644 infrastructure/fly/jaeger.staging.toml
 delete mode 100644 infrastructure/fly/spicedb.staging.toml
 delete mode 100644 infrastructure/terraform/.gitignore
 delete mode 100644 infrastructure/terraform/README.md
 delete mode 100644 infrastructure/terraform/environments/local/.terraform.lock.hcl
 delete mode 100644 infrastructure/terraform/environments/local/README.md
 delete mode 100644 infrastructure/terraform/environments/local/main.tf
 delete mode 100644 infrastructure/terraform/environments/local/providers.tf
 delete mode 100644 infrastructure/terraform/environments/local/versions.tf
 delete mode 100644 infrastructure/terraform/environments/staging/.terraform.lock.hcl
 delete mode 100644 infrastructure/terraform/environments/staging/cert-manager.tf
 delete mode 100644 infrastructure/terraform/environments/staging/cert.tf
 delete mode 100644 infrastructure/terraform/environments/staging/cloudflare.tf
 delete mode 100644 infrastructure/terraform/environments/staging/coredns.tf
 delete mode 100644 infrastructure/terraform/environments/staging/gcp.tf
 delete mode 100644 infrastructure/terraform/environments/staging/gke.tf
 delete mode 100644 infrastructure/terraform/environments/staging/outputs.tf
 delete mode 100644 infrastructure/terraform/environments/staging/providers.tf
 delete mode 100644 infrastructure/terraform/environments/staging/variables.tf
 delete mode 100644 infrastructure/terraform/environments/staging/versions.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/.terraform.lock.hcl
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/apisix.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/auth-svc.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/coredns.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/dapr.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/dashboard.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/replicator.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/task-svc.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/user-svc.tf
 delete mode 100644 infrastructure/terraform/modules/hw-tf-module-cluster-resources/versions.tf

diff --git a/.dockerignore b/.dockerignore
index 209129db6..f2a0c6748 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,4 +3,4 @@ README.md
 Dockerfile
 docker-compose.yml
 .*
-infrastructure
+
diff --git a/README.md b/README.md
index fffc433ea..90eb1b631 100644
--- a/README.md
+++ b/README.md
@@ -420,10 +420,6 @@ if err != nil {
 [We disarmed the versioning for pre-production.](https://github.com/helpwave/services/issues/125).
 To arm the versioning, search for "arm-versioning" in the codebase.
 
-## Deployment
-
-[See infrastructure/README.md](infrastructure/README.md)
-
 ## Archived Services
 
 - impulse-svc ([9bbe537](https://github.com/helpwave/services/commit/9bbe53744dc2650bc99b21e0894c1a9bc42f6f12))
diff --git a/infrastructure/README.md b/infrastructure/README.md
deleted file mode 100644
index ac3d515c9..000000000
--- a/infrastructure/README.md
+++ /dev/null
@@ -1,124 +0,0 @@
-# infrastructure
-
-## Fly.io
-
-We moved to [Fly.io](https://fly.io/) since https://github.com/helpwave/services/issues/164.
-
-### To-dos
-- Use FLY_APP_ID env for DAPR_APP_ID
-- Use Dapr mTLS between services
-- Get rid of `[env]` in `fly.toml`´s
-	- The `fly.toml` should be environment agnostic
-- IaC for Fly.io
-
-### Create a new microservice on Fly.io
-
-__Pre-Requirements__
-- `flyctl` is installed
-- [Authenticated `flyctl`](https://fly.io/docs/flyctl/auth-login/) in the organization of choice
-- Microservice is tested, checked in via git and overall ready to deploy
-
-__1. Create a new App__
-
-```shell
-flyctl launch
-	--build-arg SERVICE=user-svc
-	--dockerfile ../../Dockerfile.standalone
-	--env INSECURE_FAKE_TOKEN_ENABLE=true # When deployed on staging
-	--internal-port 80
-	--name helpwave-staging-user-svc # The name of the App
-	--no-deploy
-	--no-public-ips # Any outside actor should call the service through our API-Gateway
-	--path services/user-svc
-	--region ams # Amsterdam
-	--org helpwave-staging # Replace "<ORGANIZATION>" with the name of the organization
-```
-
-__2. Ensure correct `fly.toml`__
-
-We need to rewrite some of the generated `fly.toml`.
-
-```toml
-primary_region = "ams"
-
-[build]
-  dockerfile = "../../Dockerfile.standalone"
-
-[build.args]
-  SERVICE = "user-svc"
-
-[env]
-  INSECURE_FAKE_TOKEN_ENABLE=true
-
-[deploy]
-  strategy = "bluegreen"
-  release_command = "./run-migrations.sh"
-
-[checks]
-  [checks.dapr_sidecar]
-    grace_period = "5s"
-    interval = "10s"
-    method = "get"
-    path = "/v1.0/healthz"
-    port = 3500
-    timeout = "2s"
-   type = "http"
-
-[metrics]
-  port = 9090
-  path = "/metrics"
-```
-
-__3. Attach database__
-
-```shell
-fly postgres attach --app <APP_NAME> --variable-name POSTGRES_DSN <POSTGRES_APP_NAME>
-```
-
-__4. Deploy service__
-
-```shell
-flyctl deploy
-	--config services/user-svc/fly.toml
-	--app helpwave-staging-user-svc
-	# --local-only # Optional. When omitted, the image will be build directly on Fly
-```
-
-__5. Configure APISIX__
-
-`apisix/apisix.yaml`
-```yaml
-...
-services:
-  ...
-  - id: user-svc
-    upstream_id: dapr-grpc
-    plugins:
-      grpc-web: {}
-      proxy-rewrite:
-        headers:
-          add:
-            dapr-app-id: user-svc
-...
-routes:
-  ...
-  - id: user-svc
-    uri: /user-svc/*
-    service_id: user-svc
-    plugins:
-      cors:
-        # TODO: Scope to grpc-web spec
-        allow_origins: "**"
-        allow_methods: "**"
-        allow_headers: "**"
-        expose_headers: "**"
-        max_age: 5
-        allow_credential: true
-        _meta:
-          priority: -1
-...
-```
-
-__6. Deploy APISIX__
-
-`flyctl deploy --config apisix/fly.toml --app helpwave-staging-gateway`
diff --git a/infrastructure/charts/README.md b/infrastructure/charts/README.md
deleted file mode 100644
index bc1d384cb..000000000
--- a/infrastructure/charts/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Helm Charts
-
-This directory contains custom [helm](https://helm.sh/) charts.
-
diff --git a/infrastructure/charts/dashboard/.helmignore b/infrastructure/charts/dashboard/.helmignore
deleted file mode 100644
index 0e8a0eb36..000000000
--- a/infrastructure/charts/dashboard/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/infrastructure/charts/dashboard/Chart.yaml b/infrastructure/charts/dashboard/Chart.yaml
deleted file mode 100644
index 4929915a0..000000000
--- a/infrastructure/charts/dashboard/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: dashboard
-description: Helm chart for the helpwave dashboard frontend
-type: application
-version: 0.1.0
-appVersion: "1.16.0"
diff --git a/infrastructure/charts/dashboard/templates/NOTES.txt b/infrastructure/charts/dashboard/templates/NOTES.txt
deleted file mode 100644
index 456e9f42e..000000000
--- a/infrastructure/charts/dashboard/templates/NOTES.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dashboard.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dashboard.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dashboard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
diff --git a/infrastructure/charts/dashboard/templates/_helpers.tpl b/infrastructure/charts/dashboard/templates/_helpers.tpl
deleted file mode 100644
index cc7fdc394..000000000
--- a/infrastructure/charts/dashboard/templates/_helpers.tpl
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dashboard.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dashboard.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dashboard.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "dashboard.labels" -}}
-helm.sh/chart: {{ include "dashboard.chart" . }}
-{{ include "dashboard.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "dashboard.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "dashboard.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "dashboard.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "dashboard.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/infrastructure/charts/dashboard/templates/deployment.yaml b/infrastructure/charts/dashboard/templates/deployment.yaml
deleted file mode 100644
index 202f3f567..000000000
--- a/infrastructure/charts/dashboard/templates/deployment.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "dashboard.fullname" . }}
-  labels:
-    {{- include "dashboard.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "dashboard.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "dashboard.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "dashboard.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: PORT
-              value: {{ .Values.service.port | quote }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/infrastructure/charts/dashboard/templates/hpa.yaml b/infrastructure/charts/dashboard/templates/hpa.yaml
deleted file mode 100644
index c5f654420..000000000
--- a/infrastructure/charts/dashboard/templates/hpa.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "dashboard.fullname" . }}
-  labels:
-    {{- include "dashboard.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "dashboard.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/infrastructure/charts/dashboard/templates/service.yaml b/infrastructure/charts/dashboard/templates/service.yaml
deleted file mode 100644
index 155124b74..000000000
--- a/infrastructure/charts/dashboard/templates/service.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "dashboard.fullname" . }}
-  labels:
-    {{- include "dashboard.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "dashboard.selectorLabels" . | nindent 4 }}
diff --git a/infrastructure/charts/dashboard/templates/serviceaccount.yaml b/infrastructure/charts/dashboard/templates/serviceaccount.yaml
deleted file mode 100644
index 4948fb9bc..000000000
--- a/infrastructure/charts/dashboard/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "dashboard.serviceAccountName" . }}
-  labels:
-    {{- include "dashboard.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
diff --git a/infrastructure/charts/dashboard/templates/tests/test-connection.yaml b/infrastructure/charts/dashboard/templates/tests/test-connection.yaml
deleted file mode 100644
index 90a22ee35..000000000
--- a/infrastructure/charts/dashboard/templates/tests/test-connection.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "dashboard.fullname" . }}-test-connection"
-  labels:
-    {{- include "dashboard.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "dashboard.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
diff --git a/infrastructure/charts/dashboard/values.yaml b/infrastructure/charts/dashboard/values.yaml
deleted file mode 100644
index 521654400..000000000
--- a/infrastructure/charts/dashboard/values.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-# Default values for dashboard.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 2
-
-image:
-  repository: ghcr.io/helpwave/web-app
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "edge"
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-service:
-  type: ClusterIP
-  port: 80
-
-resources:
-  limits:
-    cpu: 100m
-    memory: 64Mi
-  requests:
-    cpu: 100m
-    memory: 64Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 5
-  targetCPUUtilizationPercentage: 80
-  targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
diff --git a/infrastructure/charts/service/.helmignore b/infrastructure/charts/service/.helmignore
deleted file mode 100644
index 0e8a0eb36..000000000
--- a/infrastructure/charts/service/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/infrastructure/charts/service/Chart.yaml b/infrastructure/charts/service/Chart.yaml
deleted file mode 100644
index c8cd753d1..000000000
--- a/infrastructure/charts/service/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: service
-description: Basic Helm chart for services of helpwave
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/infrastructure/charts/service/templates/NOTES.txt b/infrastructure/charts/service/templates/NOTES.txt
deleted file mode 100644
index 6ed99a2b8..000000000
--- a/infrastructure/charts/service/templates/NOTES.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "service.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "service.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
diff --git a/infrastructure/charts/service/templates/_helpers.tpl b/infrastructure/charts/service/templates/_helpers.tpl
deleted file mode 100644
index 3ee5e2438..000000000
--- a/infrastructure/charts/service/templates/_helpers.tpl
+++ /dev/null
@@ -1,84 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "service.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{- define "postgres.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 54 | trimSuffix "-" }}-postgres
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "service.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{- define "postgres.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 54 | trimSuffix "-" }}-postgres
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 54 | trimSuffix "-" }}-postgres
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 54 | trimSuffix "-" }}-postgres
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "service.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "service.labels" -}}
-helm.sh/chart: {{ include "service.chart" . }}
-{{ include "service.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "service.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "service.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{- define "postgres.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "postgres.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "service.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "service.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/infrastructure/charts/service/templates/deployment.yaml b/infrastructure/charts/service/templates/deployment.yaml
deleted file mode 100644
index d9faa7a3a..000000000
--- a/infrastructure/charts/service/templates/deployment.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "service.fullname" . }}
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "service.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-          dapr.io/enabled: {{ .Values.app.dapr | quote }}
-          dapr.io/app-id: {{ .Values.app.name | quote }}
-          dapr.io/app-port: {{ .Values.app.port | quote }}
-      labels:
-        {{- include "service.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "service.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      {{ if not .Values.postgres.disabled }}
-      initContainers:
-        - name: migrate
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          command: ['ash', '-c', 'wget -qO migrate.tgz https://github.com/golang-migrate/migrate/releases/download/v4.15.2/migrate.linux-amd64.tar.gz && tar xzf migrate.tgz && POSTGRESQL_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB?sslmode=disable" && ./migrate -database $POSTGRESQL_URL -path migrations up']
-          env:
-            - name: POSTGRES_HOST
-              value: {{ .Values.postgres.host }}
-            - name: POSTGRES_PORT
-              value: {{ .Values.postgres.port | quote }}
-            - name: POSTGRES_USER
-              value: {{ .Values.postgres.user }}
-            - name: POSTGRES_PASSWORD
-              value: {{ .Values.postgres.password }}
-            - name: POSTGRES_DB
-              value: {{ .Values.postgres.database }}
-      {{ end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            {{ if .Values.insecureDisableTLSVerify }}
-            - name: INSECURE_DISABLE_TLS_VERIFY
-              value: "true"
-            {{ end }}
-            {{ if not .Values.postgres.disabled }}
-            - name: POSTGRES_HOST
-              value: {{ .Values.postgres.host }}
-            - name: POSTGRES_PORT
-              value: {{ .Values.postgres.port | quote }}
-            - name: POSTGRES_USER
-              value: {{ .Values.postgres.user }}
-            - name: POSTGRES_PASSWORD
-              value: {{ .Values.postgres.password }}
-            - name: POSTGRES_DB
-              value: {{ .Values.postgres.database }}
-            {{ end }}
-            - name: PORT
-              value: {{ .Values.app.port | quote }}
-            - name: MODE
-              value: {{ .Values.app.env | quote }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/infrastructure/charts/service/templates/hpa.yaml b/infrastructure/charts/service/templates/hpa.yaml
deleted file mode 100644
index 76643a972..000000000
--- a/infrastructure/charts/service/templates/hpa.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "service.fullname" . }}
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "service.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/infrastructure/charts/service/templates/ingress.yaml b/infrastructure/charts/service/templates/ingress.yaml
deleted file mode 100644
index e70d42228..000000000
--- a/infrastructure/charts/service/templates/ingress.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "service.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
-  {{- end }}
-{{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ $fullName }}
-                port:
-                  number: {{ $svcPort }}
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-    {{- end }}
-{{- end }}
diff --git a/infrastructure/charts/service/templates/service.yaml b/infrastructure/charts/service/templates/service.yaml
deleted file mode 100644
index e47bebff0..000000000
--- a/infrastructure/charts/service/templates/service.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{- if .Values.service.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "service.fullname" . }}
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-    - port: 1337
-      targetPort: 3500
-      protocol: TCP
-      name: dapr-public-lel
-  selector:
-    {{- include "service.selectorLabels" . | nindent 4 }}
-{{- end }}
diff --git a/infrastructure/charts/service/templates/serviceaccount.yaml b/infrastructure/charts/service/templates/serviceaccount.yaml
deleted file mode 100644
index 32507a874..000000000
--- a/infrastructure/charts/service/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "service.serviceAccountName" . }}
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
diff --git a/infrastructure/charts/service/templates/tests/test-connection.yaml b/infrastructure/charts/service/templates/tests/test-connection.yaml
deleted file mode 100644
index e626c8e15..000000000
--- a/infrastructure/charts/service/templates/tests/test-connection.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "service.fullname" . }}-test-connection"
-  labels:
-    {{- include "service.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "service.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
diff --git a/infrastructure/charts/service/values.yaml b/infrastructure/charts/service/values.yaml
deleted file mode 100644
index 928c4a1c0..000000000
--- a/infrastructure/charts/service/values.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-replicaCount: 2
-
-postgres:
-  disabled: false
-  host: localhost
-  port: 5432
-  user: helpwave
-  password: helpwave
-  database: helpwave
-
-app:
-  dapr: true
-  name: service
-  port: 8080
-  env: production
-
-image:
-  repository: helpwave/service
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "edge"
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-
-securityContext: {}
-
-service:
-  enabled: false
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-
-resources:
-  limits:
-    cpu: 100m
-    memory: 128Mi
-  requests:
-    cpu: 100m
-    memory: 128Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-insecureDisableTLSVerify: false
diff --git a/infrastructure/fly/jaeger.staging.toml b/infrastructure/fly/jaeger.staging.toml
deleted file mode 100644
index ba2de68c3..000000000
--- a/infrastructure/fly/jaeger.staging.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-# fly.toml app configuration file generated for helpwave-staging-spicedb on 2024-08-20T16:19:36+02:00
-#
-# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
-#
-
-app = 'helpwave-staging-jaeger'
-primary_region = 'ams'
-
-[build]
-image = 'jaegertracing/all-in-one:1.60'
-
-# TODO: healthchecks
-
-[env]
-COLLECTOR_OTLP_ENABLED = 'true'
-
-[[vm]]
-size = 'shared-cpu-1x'
diff --git a/infrastructure/fly/spicedb.staging.toml b/infrastructure/fly/spicedb.staging.toml
deleted file mode 100644
index 3437f2e98..000000000
--- a/infrastructure/fly/spicedb.staging.toml
+++ /dev/null
@@ -1,39 +0,0 @@
-# fly.toml app configuration file generated for helpwave-staging-spicedb on 2024-08-20T16:19:36+02:00
-#
-# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
-#
-
-app = 'helpwave-staging-spicedb'
-primary_region = 'ams'
-
-[build]
-  image = 'authzed/spicedb:v1.31.0' # TODO: renovate
-
-[deploy]
-  release_command = 'migrate head'
-
-# TODO: healthchecks (figure out how how to use a secret in checks)
-
-[env]
-  SPICEDB_DATASTORE_ENGINE = 'postgres'
-  SPICEDB_SKIP_RELEASE_CHECK = 'true' # we know due to renovate on dev compose
-  SPICEDB_TELEMETRY_ENDPOINT = '' # prevent spicedb from talking home
-
-  # record traces for all requests on staging
-  # SPICEDB_OTEL_SAMPLE_RATIO=1
-  # Secrets:
-  #  SPICEDB_GRPC_PRESHARED_KEY=<string>
-  #  SPICEDB_DATASTORE_CONN_URI=postgres://<user>:<password>@<host>:<port>/spicedb?sslmode=disable
-  #  SPICEDB_OTEL_ENDPOINT= TODO
-  #  SPICEDB_OTEL_INSECURE=
-  #  SPICEDB_OTEL_PROVIDER=
-
-[[vm]]
-  size = 'shared-cpu-1x'
-
-[[metrics]]
-  port = 9090
-  path = '/metrics'
-
-[experimental]
-  cmd = ["serve"]
diff --git a/infrastructure/terraform/.gitignore b/infrastructure/terraform/.gitignore
deleted file mode 100644
index 9b8a46e69..000000000
--- a/infrastructure/terraform/.gitignore
+++ /dev/null
@@ -1,34 +0,0 @@
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-crash.*.log
-
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
diff --git a/infrastructure/terraform/README.md b/infrastructure/terraform/README.md
deleted file mode 100644
index 24fb20376..000000000
--- a/infrastructure/terraform/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# terraform
-
-This is the central place for our infrastructure.
-Applying the approach known as _infrastructure-as-code_ we manage our infra using [terraform](https://www.terraform.io/) files.
-
-The basis for this is the `hw-tf-module-cluster-resources` module.
-Specific environments are available in `environments`.
-
-To deploy a local version run `terraform apply` from `environments/local` against a local kubernetes cluster.
-You may start one using [kind](https://kind.sigs.k8s.io/).
-
-Also see `../charts`.
diff --git a/infrastructure/terraform/environments/local/.terraform.lock.hcl b/infrastructure/terraform/environments/local/.terraform.lock.hcl
deleted file mode 100644
index ca30f142f..000000000
--- a/infrastructure/terraform/environments/local/.terraform.lock.hcl
+++ /dev/null
@@ -1,41 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/gavinbunney/kubectl" {
-  version     = "1.14.0"
-  constraints = "1.14.0"
-  hashes = [
-    "h1:gLFn+RvP37sVzp9qnFCwngRjjFV649r6apjxvJ1E/SE=",
-    "h1:mX2AOFIMIxJmW5kM8DT51gloIOKCr9iT6W8yodnUyfs=",
-    "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
-    "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
-    "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
-    "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4",
-    "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5",
-    "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5",
-    "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf",
-    "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93",
-    "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.8.0"
-  constraints = "2.8.0"
-  hashes = [
-    "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=",
-    "h1:abRryu69lsIGXctqjMVoaKqi74eE12Vzd2FLpds1/PI=",
-    "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54",
-    "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f",
-    "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575",
-    "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1",
-    "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e",
-    "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b",
-    "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447",
-    "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca",
-    "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb",
-    "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2",
-    "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
diff --git a/infrastructure/terraform/environments/local/README.md b/infrastructure/terraform/environments/local/README.md
deleted file mode 100644
index dc96f169d..000000000
--- a/infrastructure/terraform/environments/local/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# iac-environments-local
-
-Apply the cluster-resources module to your local development cluster
-
-### Port-Forward the APISIX Dashboard or Gateway
-
-#### Dashboard
-*Username/Password: admin/admin*
-> kubectl port-forward service/apisix-dashboard 1337:http
-
-#### Gateway
-> kubectl port-forward service/apisix-gateway 8080:apisix-gateway
diff --git a/infrastructure/terraform/environments/local/main.tf b/infrastructure/terraform/environments/local/main.tf
deleted file mode 100644
index fd0b1f5b7..000000000
--- a/infrastructure/terraform/environments/local/main.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-resource "kubectl_manifest" "hostpath" {
-  yaml_body = <<YAML
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: hostpath
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 1Gi
-  hostPath:
-    path: /tmp
-  persistentVolumeReclaimPolicy: Retain
-  volumeMode: Filesystem
-YAML
-}
-
-module "cluster-resources" {
-  source = "../../modules/hw-tf-module-cluster-resources"
-  depends_on = [
-    kubectl_manifest.hostpath
-  ]
-
-  services_insecureDisableTLSVerify = true
-}
diff --git a/infrastructure/terraform/environments/local/providers.tf b/infrastructure/terraform/environments/local/providers.tf
deleted file mode 100644
index 72b9ceaf1..000000000
--- a/infrastructure/terraform/environments/local/providers.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-provider "kubectl" {}
-
-provider "helm" {
-  kubernetes {
-    config_path = "~/.kube/config"
-  }
-}
diff --git a/infrastructure/terraform/environments/local/versions.tf b/infrastructure/terraform/environments/local/versions.tf
deleted file mode 100644
index 84e907972..000000000
--- a/infrastructure/terraform/environments/local/versions.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-terraform {
-  required_providers {
-    kubectl = {
-      source = "gavinbunney/kubectl"
-      version = "1.14.0"
-    }
-
-    helm = {
-      source = "hashicorp/helm"
-      version = "2.8.0"
-    }
-  }
-}
diff --git a/infrastructure/terraform/environments/staging/.terraform.lock.hcl b/infrastructure/terraform/environments/staging/.terraform.lock.hcl
deleted file mode 100644
index ae1f6fdae..000000000
--- a/infrastructure/terraform/environments/staging/.terraform.lock.hcl
+++ /dev/null
@@ -1,82 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/cloudflare/cloudflare" {
-  version     = "3.35.0"
-  constraints = "~> 3.0"
-  hashes = [
-    "h1:MnFPQ4VOICJgdxz7ZDMvKBdK2dk3xuQF2PELjAEgQIg=",
-    "zh:13aabc00fee823422831bcc870227650cc765fc4c9622074d24d6d62a4ac0e37",
-    "zh:1544405f0ea6b388dad7eb25c434427b2682417396da9186e1b33551e6b4adff",
-    "zh:5d58394cb8e71bd4bf6ef0135f1ca6a4ad2cec937f3731b224125eb34ee059f7",
-    "zh:648596ed545ed01ae757d5a0b37c20e8050cfb51d42e9a2c82fcc94d883ff11d",
-    "zh:68d75e14eef4f073faa975ed6baf4db7e0e1f2fc61a4e54fd95325df42793810",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:9916cc626fef57428c4c60db7897b34068c65639b68482e94f62d97d773d64bc",
-    "zh:9c8c9f369eb30e7360a0ebd7918e4846ca4d5bca430b861fdbde7522a3146459",
-    "zh:a40e244688bbcb6f1a771e6ea89fb0b0b7bb53be3fab718abc66b3593e0f8133",
-    "zh:cc5a6191aa8713275550ff2b6adda6e6d56e4780c9cbe3d1da1dc23ea893bfff",
-    "zh:d1dd435780e8c7e79bff26b46a76df0e123971849355ad17877d1e24dc5953c3",
-    "zh:d751fc72f2833f2bdb897fa89de2bb5b6efbad1e648896642f0e6fe5cde789c8",
-    "zh:dfc4c90b3605ec1bb7cc7a9f1fb1b67235578bdd6b9be78e7b3516b55d0422db",
-    "zh:e6101a80fe24e2df3ab60152458ff1666a4a1befc87c62e459a219cdbb53e6df",
-    "zh:e9bcf26c44dd231f74703b6a6717470021a3ba7e1d7531dcf7287a6441300e27",
-  ]
-}
-
-provider "registry.terraform.io/gavinbunney/kubectl" {
-  version     = "1.14.0"
-  constraints = "1.14.0"
-  hashes = [
-    "h1:mX2AOFIMIxJmW5kM8DT51gloIOKCr9iT6W8yodnUyfs=",
-    "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
-    "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
-    "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
-    "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4",
-    "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5",
-    "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5",
-    "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf",
-    "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93",
-    "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/google" {
-  version     = "4.47.0"
-  constraints = "4.47.0"
-  hashes = [
-    "h1:lLDKVdwuDFlU8AqPX7v2DCwE+EdTYa0YSBTwyu/2LB4=",
-    "zh:030359653ee8e3a7a0ec30f06f7ac0d2bf5cb8bf895d06155646114fa13766e5",
-    "zh:14b18f549466eb99cac08fd2d89c8df3591cc3688c9e5ed12fb4a957482d0e2d",
-    "zh:3a9b9d1878f4004a7fee0ab8f8dea600307ad75a872f591590f704bf504b25af",
-    "zh:412b809bc61a74857912da5c2e9deddf5edf2eb883999ffb29573146ca12097b",
-    "zh:456372baa4fbb397f2d67fa291a15d216937e24dd1c05a66d6484ca2e24829e8",
-    "zh:69dc08f0e8eb672a8be11070b4ebb319b4a1725d928498607a0534a65089f3ef",
-    "zh:bc582257b94b0d2bd225b829016963580c681b09b0545c474420a27909b53fea",
-    "zh:bf1a8bf7e54f3e709d6323bdd12b5bf5cce3b245414f8aa09cb1860aa98f407d",
-    "zh:dc322cd105f3d0d0268e75a646f45471158ac668ed665309483f19c16385783b",
-    "zh:ee3b36c484dd4aea0855300e325fe31eee067eeb759192cee3ccad6fae45f610",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-    "zh:f58ac64cc632d80243c2a97a009c44e8b7672adbab11cce488a77a7efeca33f0",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.8.0"
-  constraints = "2.8.0"
-  hashes = [
-    "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=",
-    "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54",
-    "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f",
-    "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575",
-    "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1",
-    "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e",
-    "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b",
-    "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447",
-    "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca",
-    "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb",
-    "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2",
-    "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
diff --git a/infrastructure/terraform/environments/staging/cert-manager.tf b/infrastructure/terraform/environments/staging/cert-manager.tf
deleted file mode 100644
index 97622b160..000000000
--- a/infrastructure/terraform/environments/staging/cert-manager.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-  cert-manager is a tool that manages X.509 certificates.
-  We mainly use it to request and update certificates from LetsEncrypt.
-
-  cf. https://cert-manager.io/
-*/
-
-resource "helm_release" "cert-manager" {
-  name = "cert-manager"
-  repository = "https://charts.jetstack.io"
-  chart = "cert-manager"
-  version = "1.11.0"
-
-  namespace = "cert-manager"
-  create_namespace = true
-
-  set {
-    name = "installCRDs"
-    value = true
-  }
-
-  set {
-    name = "startupapicheck.timeout"
-    value = "5m"
-  }
-
-  set {
-    name = "prometheus.enabled"
-    value = false
-  }
-}
-
diff --git a/infrastructure/terraform/environments/staging/cert.tf b/infrastructure/terraform/environments/staging/cert.tf
deleted file mode 100644
index 6e2a19fed..000000000
--- a/infrastructure/terraform/environments/staging/cert.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-locals {
-  cert_manager_namespace = "cert-manager"
-  apisix_namespace = "apisix"
-}
-
-resource "kubectl_manifest" "cert_cloudflare_api_token_secret" {
-  depends_on = [
-    helm_release.cert-manager
-  ]
-
-  sensitive_fields = [
-    "stringData"
-  ]
-
-  yaml_body = <<YAML
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloudflare-api-token
-  namespace: ${local.cert_manager_namespace}
-type: Opaque
-stringData:
-  api-token: ${var.cm_cf_api_token}
-YAML
-}
-
-resource "kubectl_manifest" "cert_issuer_letsencrypt" {
-  depends_on = [
-    helm_release.cert-manager
-  ]
-
-  yaml_body = <<YAML
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt
-  namespace: ${local.cert_manager_namespace}
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: ${var.cm_acme_email}
-    privateKeySecretRef:
-      name: letsencrypt
-    solvers:
-      - dns01:
-          cloudflare:
-            apiTokenSecretRef:
-              name: cloudflare-api-token
-              key: api-token
-YAML
-}
-
-resource "kubectl_manifest" "cert_certificate_x-helpwave-de" {
-  depends_on = [
-    helm_release.cert-manager
-  ]
-
-  yaml_body = <<YAML
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: x-helpwave-de
-  namespace: ${local.cert_manager_namespace}
-spec:
-  secretName: x-helpwave-de
-  dnsNames:
-    - ${cloudflare_record.api-helpwave-de.hostname}
-    - ${cloudflare_record.staging-helpwave-de.hostname}
-    - ${cloudflare_record.staging-api-helpwave-de.hostname}
-    - ${cloudflare_record.tasks-helpwave-de.hostname}
-    - ${cloudflare_record.staging-tasks-helpwave-de.hostname}
-  issuerRef:
-    name: letsencrypt
-    kind: Issuer
-    group: cert-manager.io
-YAML
-}
-
-resource "kubectl_manifest" "cert_apisix_tls_x-helpwave-de" {
-  depends_on = [
-    module.cluster-resources
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixTls
-metadata:
-  name: x-helpwave-de
-  namespace: apisix
-spec:
-  hosts:
-    - ${cloudflare_record.api-helpwave-de.hostname}
-    - ${cloudflare_record.staging-helpwave-de.hostname}
-    - ${cloudflare_record.staging-api-helpwave-de.hostname}
-    - ${cloudflare_record.tasks-helpwave-de.hostname}
-    - ${cloudflare_record.staging-tasks-helpwave-de.hostname}
-  secret:
-    name: x-helpwave-de
-    namespace: cert-manager
-YAML
-}
diff --git a/infrastructure/terraform/environments/staging/cloudflare.tf b/infrastructure/terraform/environments/staging/cloudflare.tf
deleted file mode 100644
index 2088e500c..000000000
--- a/infrastructure/terraform/environments/staging/cloudflare.tf
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
-resource "cloudflare_account" "helpwave" {
-  name = "helpwave"
-
-  lifecycle {
-    prevent_destroy = true
-  }
-}
-
-resource "cloudflare_zone" "helpwave-de" {
-  account_id = cloudflare_account.helpwave.id
-  zone = "helpwave.de"
-
-  lifecycle {
-    prevent_destroy = true
-  }
-}
-*/
-
-//
-// API
-//
-
-/* TODO
-https://github.com/helpwave/services/pull/74
-### Why bypassing Cloudflare and using cert-manager?
-There are several requirements for tunneling gRPC through the Cloudflare proxy. The most important and obvious requirement is that our origin server (in our case *Google Cloud L4 LB* -> *APISIX*) must support TLS on Port 443 and SNI for the certificate that is issued by Cloudflare to establish the communication between the Cloudflare proxy and our origin server, also called ["Full - SSL/TLS encryption mode"](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full/). Sounds like a pretty usual setup.
-
-Unfortunately, this triggers the following error in APISIX: `http_ssl_phase(): failed to fetch ssl config: failed to find SNI: please check if the client requests via IP or uses an outdated protocol. If you need to report an issue, provide a packet capture file of the TLS handshake.`.
-*During my testing and debugging, the correct hostname was also in the log. That means APISIX was aware of the Hostname. And yes, the issued origin certificate was also in APISIX registered, and yes, also in the etcd. I've also swapped out APISIX with nginx (plus the origin certificate for sure) in our cluster, works perfectly fine.*
-After hours of debugging, I've decided to go forward and ditching Cloudflare for now. It should be clear that the issue is most likely on the APISIX side, not Cloudflares. **Big TODO. We should dig into this.**
-Here are similar errors, which have already been addressed but not solved yet
-- https://github.com/apache/apisix/issues/4394
-- https://github.com/apache/apisix/issues/8207
-
-**With this pull-request, the IP of our GC LB is public and gets not proxied by Cloudflare. The SSL certificate gets issued by Lets Encrypt.**
-*/
-
-resource "cloudflare_record" "api-helpwave-de" {
-  zone_id = var.cf_zone_id
-  name = "api"
-  value = google_compute_address.staging-ipv4.address
-  type    = "A"
-  comment = "Managed through Terraform"
-  # Unproxied for now. See top.
-  proxied = false
-}
-
-resource "cloudflare_record" "staging-helpwave-de" {
-  zone_id = var.cf_zone_id
-  name = "staging"
-  value = cloudflare_record.api-helpwave-de.hostname
-  type = "CNAME"
-  comment = "Managed through Terraform"
-  # Unproxied for now. See top.
-  proxied = false
-}
-
-resource "cloudflare_record" "staging-api-helpwave-de" {
-  zone_id = var.cf_zone_id
-  name = "staging-api"
-  value = cloudflare_record.api-helpwave-de.hostname
-  type = "CNAME"
-  comment = "Managed through Terraform"
-  # Unproxied for now. See top.
-  proxied = false
-}
-
-resource "cloudflare_record" "tasks-helpwave-de" {
-  zone_id = var.cf_zone_id
-  name = "tasks"
-  value = cloudflare_record.api-helpwave-de.hostname
-  type = "CNAME"
-  comment = "Managed through Terraform"
-  # Unproxied for now. See top.
-  proxied = false
-}
-
-resource "cloudflare_record" "staging-tasks-helpwave-de" {
-  zone_id = var.cf_zone_id
-  name = "staging-tasks"
-  value = cloudflare_record.api-helpwave-de.hostname
-  type = "CNAME"
-  comment = "Managed through Terraform"
-  # Unproxied for now. See top.
-  proxied = false
-}
diff --git a/infrastructure/terraform/environments/staging/coredns.tf b/infrastructure/terraform/environments/staging/coredns.tf
deleted file mode 100644
index 6803e5f65..000000000
--- a/infrastructure/terraform/environments/staging/coredns.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-  GKE still does not use CoreDNS by default, so we have to deploy it manually
-*/
-
-locals {
-  coredns_cluster_ip = "10.83.240.20"
-}
-
-resource "helm_release" "coredns" {
-  name  = "coredns"
-  repository = "https://coredns.github.io/helm"
-  chart = "coredns"
-
-  depends_on = [
-    google_container_node_pool.primary_spot_nodes
-  ]
-
-  namespace = "kube-system"
-  create_namespace = false
-
-  set {
-    name = "replicaCount"
-    value = 2
-  }
-
-  set {
-    name = "service.clusterIP"
-    value = local.coredns_cluster_ip
-  }
-}
-
-resource "kubectl_manifest" "kube-dns_config_map" {
-  depends_on = [
-    helm_release.coredns
-  ]
-
-  yaml_body = <<YAML
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kube-dns
-  namespace: kube-system
-data:
-  stubDomains: |
-    {
-      "helpwave.de": [
-        "${local.coredns_cluster_ip}"
-      ]
-    }
-YAML
-}
diff --git a/infrastructure/terraform/environments/staging/gcp.tf b/infrastructure/terraform/environments/staging/gcp.tf
deleted file mode 100644
index 7c9e9240e..000000000
--- a/infrastructure/terraform/environments/staging/gcp.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-resource "google_compute_address" "staging-ipv4" {
-  name = "helpwave-test-address-staging"
-  region = var.gcp_region
-}
diff --git a/infrastructure/terraform/environments/staging/gke.tf b/infrastructure/terraform/environments/staging/gke.tf
deleted file mode 100644
index b583cc5e0..000000000
--- a/infrastructure/terraform/environments/staging/gke.tf
+++ /dev/null
@@ -1,68 +0,0 @@
-data "google_client_config" "staging" {}
-
-resource "google_container_cluster" "staging" {
-  name = "helpwave-test-gke-staging"
-  location = var.gcp_zone // zonal cluster
-
-  remove_default_node_pool = true
-  initial_node_count = 1
-}
-
-resource "google_container_node_pool" "primary_spot_nodes" {
-  name = "primary-spot-nodes"
-  cluster = google_container_cluster.staging.id
-
-  // initial_node_count = 2
-  node_count = 4
-  lifecycle {
-    ignore_changes = [
-      initial_node_count
-    ]
-  }
-
-  /*
-  autoscaling {
-    location_policy = "ANY"
-    min_node_count = 1
-    max_node_count = 3
-  }
-  */
-
-  upgrade_settings {
-    max_surge = 1
-    max_unavailable = 0
-  }
-
-  node_config {
-    machine_type = "e2-medium"
-
-    disk_type = "pd-standard"
-    disk_size_gb = 10
-
-    spot = true
-
-    metadata = {
-      "disable-legacy-endpoints" = true
-    }
-  }
-}
-
-module "cluster-resources" {
-  source = "../../modules/hw-tf-module-cluster-resources"
-
-  depends_on = [
-    google_container_cluster.staging,
-    google_container_node_pool.primary_spot_nodes,
-    google_compute_address.staging-ipv4,
-    helm_release.coredns,
-    helm_release.cert-manager
-  ]
-
-  apisix_gateway_type = "LoadBalancer"
-  apisix_gateway_ip = google_compute_address.staging-ipv4.address
-
-  coredns_config_map_name = "coredns-coredns"
-
-  api_hostname = cloudflare_record.staging-api-helpwave-de.hostname
-  dashboard_hostname = cloudflare_record.staging-tasks-helpwave-de.hostname
-}
diff --git a/infrastructure/terraform/environments/staging/outputs.tf b/infrastructure/terraform/environments/staging/outputs.tf
deleted file mode 100644
index decd44bda..000000000
--- a/infrastructure/terraform/environments/staging/outputs.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "staging-ipv4" {
-  value = google_compute_address.staging-ipv4.address
-}
diff --git a/infrastructure/terraform/environments/staging/providers.tf b/infrastructure/terraform/environments/staging/providers.tf
deleted file mode 100644
index bb9cc567a..000000000
--- a/infrastructure/terraform/environments/staging/providers.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-provider "google" {
-  project = var.gcp_project
-  region = var.gcp_region
-  zone = var.gcp_zone
-}
-
-provider "helm" {
-  kubernetes {
-    host  = "https://${google_container_cluster.staging.endpoint}"
-    token = data.google_client_config.staging.access_token
-    cluster_ca_certificate = base64decode(google_container_cluster.staging.master_auth.0.cluster_ca_certificate)
-  }
-}
-
-provider "cloudflare" {
-  api_token = var.cf_api_token
-}
-
-provider "kubectl" {
-  host  = "https://${google_container_cluster.staging.endpoint}"
-  token = data.google_client_config.staging.access_token
-  cluster_ca_certificate = base64decode(google_container_cluster.staging.master_auth.0.cluster_ca_certificate)
-  load_config_file = false
-}
diff --git a/infrastructure/terraform/environments/staging/variables.tf b/infrastructure/terraform/environments/staging/variables.tf
deleted file mode 100644
index fba49902a..000000000
--- a/infrastructure/terraform/environments/staging/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "gcp_project" {
-  type = string
-}
-
-variable "gcp_region" {
-  type    = string
-  default = "europe-west3"
-}
-
-variable "gcp_zone" {
-  type    = string
-  default = "europe-west3-b"
-}
-
-variable "cf_api_token" {
-  type = string
-  sensitive = true
-}
-
-variable "cf_zone_id" {
-  type = string
-}
-
-variable "cm_cf_api_token" {
-  type = string
-  description = "Cloudflare API token used by cert-manager for ACME DNS01"
-  sensitive = true
-}
-
-variable "cm_acme_email" {
-  type = string
-  default = "info@helpwave.de"
-  description = "E-Mail used by cert-manager for ACME"
-}
diff --git a/infrastructure/terraform/environments/staging/versions.tf b/infrastructure/terraform/environments/staging/versions.tf
deleted file mode 100644
index 925609b4b..000000000
--- a/infrastructure/terraform/environments/staging/versions.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-terraform {
-  required_providers {
-    google = {
-      source = "hashicorp/google"
-      version = "4.47.0"
-    }
-
-    helm = {
-      source = "hashicorp/helm"
-      version = "2.8.0"
-    }
-
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 3.0"
-    }
-
-    kubectl = {
-      source = "gavinbunney/kubectl"
-      version = "1.14.0"
-    }
-  }
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/.terraform.lock.hcl b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/.terraform.lock.hcl
deleted file mode 100644
index fe8a9808d..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/.terraform.lock.hcl
+++ /dev/null
@@ -1,22 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.8.0"
-  constraints = "2.8.0"
-  hashes = [
-    "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=",
-    "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54",
-    "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f",
-    "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575",
-    "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1",
-    "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e",
-    "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b",
-    "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447",
-    "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca",
-    "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb",
-    "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2",
-    "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/apisix.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/apisix.tf
deleted file mode 100644
index e6f29efa6..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/apisix.tf
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
-  APISIX is an Ingress and API Gateway.
-  We use it to route incoming traffic to the correct service using its CRDs.
-  Before we can apply a variety of plugins.
-
-  cf. https://apisix.apache.org/
-      https://apisix.apache.org/docs/ingress-controller/getting-started/
-      https://apisix.apache.org/docs/helm-chart/apisix/
-*/
-
-//
-// Variables
-//
-
-variable "apisix_gateway_type" {
-  type = string
-  description = "The gateway service is where user traffic will turn up. Should it be a NodePort or LoadBalancer Service?"
-  default = "NodePort"
-
-  validation {
-    condition = can(regex("^(NodePort|LoadBalancer)$", var.apisix_gateway_type))
-    error_message = "Must be NodePort or LoadBalancer"
-  }
-}
-
-variable "apisix_gateway_ip" {
-  type = string
-  description = "In case apisix_gateway_type is LoadBalance, set a loadBalancerIP as provided by the load balancer"
-  default = ""
-}
-
-variable "apisix_gateway_tls_enabled" {
-  type = bool
-  description = "Enable TLS for the gateway"
-  default = true
-}
-
-variable "api_hostname" {
-  type = string
-  description = "The hostname of the api"
-  default = "api.helpwave.de"
-}
-
-locals {
-  apisix_name = "apisix"
-  apisix_namespace = "apisix"
-}
-
-//
-// Helm Releases
-//
-
-// APISIX Ingress Controller
-
-
-resource "helm_release" "apisix" {
-  name  = local.apisix_name
-  repository = "https://charts.apiseven.com"
-  chart = "apisix"
-
-  depends_on = [
-    helm_release.dapr
-  ]
-
-  namespace = local.apisix_namespace
-  create_namespace = true
-
-  set {
-    name  = "gateway.type"
-    value = var.apisix_gateway_type
-  }
-
-  set {
-    name  = "gateway.loadBalancerIP"
-    value = var.apisix_gateway_ip
-  }
-
-  set {
-    name  = "gateway.tls.enabled"
-    value = var.apisix_gateway_tls_enabled
-  }
-
-  set {
-    name = "ingress-controller.enabled"
-    value = "true"
-  }
-
-  set {
-    name = "ingress-controller.config.apisix.serviceNamespace"
-    value = "apisix"
-  }
-
-  set {
-    name = "dashboard.enabled"
-    value = "true"
-  }
-
-  // BEGIN OF Dapr podAnnotations
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/enabled"
-    value = "true"
-  }
-
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/sidecar-listen-addresses"
-    value = "0.0.0.0"
-  }
-
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/app-id"
-    value = "apisix"
-  }
-
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/app-port"
-    value = "9080"
-  }
-
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/enable-metrics"
-    value = "true"
-  }
-
-  set {
-    name = "apisix.podAnnotations.dapr\\.io/metrics-port"
-    value = "9099"
-  }
-  // END OF Dapr podAnnotations
-}
-
-resource "kubectl_manifest" "apisix_dapr_upstream" {
-  depends_on = [
-    helm_release.apisix
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixUpstream
-metadata:
-  name: ${local.apisix_name}-dapr
-  namespace: ${local.apisix_namespace}
-spec:
-  loadbalancer:
-    type: roundrobin
-  portLevelSettings:
-  - port: 3500
-    scheme: http
-  - port: 50001
-    scheme: grpc
-YAML
-}
-
-resource "kubectl_manifest" "apisix_dapr_route" {
-  depends_on = [
-    helm_release.apisix
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixRoute
-metadata:
-  name: ${local.apisix_name}-dapr
-  namespace: ${local.apisix_namespace}
-spec:
-  http:
-  - backends:
-    - serviceName: ${local.apisix_name}-dapr
-      servicePort: 50001
-    match:
-      hosts:
-      - ${var.api_hostname}
-      paths:
-      - /*
-    name: ${local.apisix_name}-dapr
-YAML
-}
-
-resource "kubectl_manifest" "apisix_task-svc_route" {
-  depends_on = [
-    helm_release.apisix
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixRoute
-metadata:
-  name: task-svc
-  namespace: ${local.apisix_namespace}
-spec:
-  http:
-  - backends:
-    - serviceName: ${local.apisix_name}-dapr
-      servicePort: 50001
-    match:
-      hosts:
-      - ${var.api_hostname}
-      paths:
-      - /task-svc/*
-      - /tasks-svc/*
-    name: task-svc
-    plugins:
-      - name: cors
-        enable: true
-      - name: grpc-web
-        enable: true
-      - name: proxy-rewrite
-        enable: true
-        config:
-          headers:
-            dapr-app-id: task.task
-YAML
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/auth-svc.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/auth-svc.tf
deleted file mode 100644
index e4c321e05..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/auth-svc.tf
+++ /dev/null
@@ -1,47 +0,0 @@
-resource "helm_release" "auth-svc" {
-  name  = "auth-svc"
-  chart = "../../../charts/service"
-  wait = true
-
-  depends_on = [
-    helm_release.dapr,
-  ]
-
-  namespace = "auth"
-  create_namespace = true
-
-  set {
-    name  = "app.name"
-    value = "auth"
-  }
-
-  set {
-    name  = "image.repository"
-    value = "ghcr.io/helpwave/auth-svc"
-  }
-
-  set {
-    name  = "image.tag"
-    value = "edge"
-  }
-
-  set {
-    name  = "image.pullPolicy"
-    value = "Always"
-  }
-
-  set {
-    name  = "service.enabled"
-    value = true
-  }
-
-  set {
-    name  = "postgres.disabled"
-    value = true
-  }
-
-  set {
-    name  = "insecureDisableTLSVerify"
-    value = var.services_insecureDisableTLSVerify
-  }
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/coredns.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/coredns.tf
deleted file mode 100644
index 1d5e3b4c1..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/coredns.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-  CoreDNS is an extensible DNS server maintained by the CNCF and comes with Kubernetes.
-  We use it for public -> internal DNS rewriting.
-
-  cf. https://coredns.io/
-*/
-
-//
-// Variables
-//
-
-variable "coredns_config_map_name" {
-  type = string
-  description = "The metadata.name for the CoreDNS configmap"
-  default = "coredns"
-}
-
-//
-// Update Corefile
-//
-
-resource "kubectl_manifest" "coredns_config_map" {
-  yaml_body = <<YAML
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ${var.coredns_config_map_name}
-  namespace: kube-system
-data:
-  Corefile: |
-    .:53 {
-        errors
-        health {
-           lameduck 5s
-        }
-        ready
-
-        # our changes to the default Corefile:
-
-        # end of changes
-
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-           pods insecure
-           fallthrough in-addr.arpa ip6.arpa
-           ttl 30
-        }
-        prometheus :9153
-        forward . /etc/resolv.conf {
-           max_concurrent 1000
-        }
-        cache 30
-        loop
-        reload
-        loadbalance
-    }
-YAML
-}
-
-/*
-  In case CoreDNS does not load a new config fast enough, you can manually trigger a reload by
-  sending a SIGUSR1 signal to the process:
-  $ kubectl exec -n kube-system coredns-bunchof-numbers -- kill -SIGUSR1 1
-*/
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dapr.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dapr.tf
deleted file mode 100644
index 4718be1c4..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dapr.tf
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-  Dapr is the swiss-army knife of distributed development.
-  It features a bunch of building blocks, e.g. it does service discovery, manages PubSub and simplifies tracing.
-
-  cf. https://dapr.io/
-      https://docs.dapr.io/developing-applications/building-blocks/
-      https://docs.dapr.io/operations/
-*/
-
-//
-// Variables
-//
-
-variable "dapr_ha" {
-  type = bool
-  description = "Should Dapr run in High Availability mode?"
-  default = false
-}
-
-//
-// Helm Release
-//
-
-resource "helm_release" "dapr" {
-  name = "dapr"
-  repository = "https://dapr.github.io/helm-charts"
-  chart = "dapr"
-  version = "1.9.5"
-
-  namespace = "dapr-system"
-  create_namespace = true
-
-  set {
-    name = "global.ha.enabled"
-    value = var.dapr_ha
-  }
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dashboard.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dashboard.tf
deleted file mode 100644
index e3e011649..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/dashboard.tf
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// Variables
-//
-
-variable "dashboard_namespace" {
-  type = string
-  description = "The namespace for the dashboard"
-  default = "dashboard-fe"
-}
-
-variable "dashboard_hostname" {
-  type = string
-  description = "The hostname of the dashboard"
-  default = "tasks.helpwave.de"
-}
-
-//
-// Helm Release
-//
-
-resource "helm_release" "dashboard-fe" {
-  name  = "dashboard-fe"
-  chart = "../../../charts/dashboard"
-  wait = true
-
-  depends_on = [
-    helm_release.apisix
-  ]
-
-  namespace = var.dashboard_namespace
-  create_namespace = true
-}
-
-resource "kubectl_manifest" "apisix_dashboard-fe_upstream" {
-  depends_on = [
-    helm_release.apisix,
-    helm_release.dashboard-fe
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixUpstream
-metadata:
-  name: dashboard-fe
-  namespace: ${var.dashboard_namespace}
-spec:
-  loadbalancer:
-    type: roundrobin
-  portLevelSettings:
-  - port: 80
-    scheme: http
-YAML
-}
-
-resource "kubectl_manifest" "apisix_dashboard-fe_route" {
-  depends_on = [
-    helm_release.apisix
-  ]
-
-  yaml_body = <<YAML
-apiVersion: apisix.apache.org/v2
-kind: ApisixRoute
-metadata:
-  name: dashboard-fe
-  namespace: ${var.dashboard_namespace}
-spec:
-  http:
-  - name: dashboard-fe
-    backends:
-    - serviceName: dashboard-fe
-      servicePort: 80
-    match:
-      hosts:
-      - ${var.dashboard_hostname}
-      paths:
-      - /*
-YAML
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/replicator.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/replicator.tf
deleted file mode 100644
index 3fbd5a76d..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/replicator.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
-  kubernetes-replicator is a utility for replicating namespace-bound resources (Secrets, Config Maps and RoleBindings)
-  into different namespaces.
-
-  cf. https://github.com/mittwald/kubernetes-replicator
-*/
-
-resource "helm_release" "reflector" {
-  name = "kubernetes-replicator"
-  repository = "https://helm.mittwald.de"
-  chart = "kubernetes-replicator"
-
-  namespace = "default"
-  create_namespace = false
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/task-svc.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/task-svc.tf
deleted file mode 100644
index 654767db5..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/task-svc.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-
-locals {
-  // TODO: use secrets when we swap out db
-  task_svc_db_database = "helpwave"
-  task_svc_db_username = "helpwave"
-  task_svc_db_password = "helpwave"
-}
-
-resource "helm_release" "task_svc_db" {
-  name  = "task-postgres"
-  repository = "https://charts.bitnami.com/bitnami"
-  chart = "postgresql"
-  wait = true
-
-  namespace = "task"
-  create_namespace = true
-
-  set {
-    name  = "auth.enablePostgresUser"
-    value = true
-  }
-
-  set {
-    name  = "auth.database"
-    value = local.task_svc_db_database
-  }
-
-  set {
-    name  = "auth.username"
-    value = local.task_svc_db_username
-  }
-
-  set {
-    name  = "auth.password"
-    value = local.task_svc_db_password
-  }
-
-  set {
-    name  = "auth.postgresPassword"
-    value = local.task_svc_db_password
-  }
-}
-
-resource "helm_release" "task-svc" {
-  name  = "task-svc"
-  chart = "../../../charts/service"
-  wait = true
-
-  depends_on = [
-    helm_release.dapr,
-    helm_release.task_svc_db
-  ]
-
-  namespace = "task"
-  create_namespace = true
-
-  set {
-    name  = "app.name"
-    value = "task"
-  }
-
-  set {
-    name  = "image.repository"
-    value = "ghcr.io/helpwave/task-svc"
-  }
-
-  set {
-    name  = "image.tag"
-    value = "edge"
-  }
-
-  set {
-    name  = "image.pullPolicy"
-    value = "Always"
-  }
-
-  set {
-    name  = "service.enabled"
-    value = true
-  }
-
-  set {
-    name  = "postgres.host"
-    value = "task-postgres-postgresql.task"
-  }
-
-  set {
-    name  = "postgres.user"
-    value = "postgres"
-  }
-
-  set {
-    name  = "postgres.database"
-    value = local.task_svc_db_database
-  }
-
-  set {
-    name  = "postgres.password"
-    value = local.task_svc_db_password
-  }
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/user-svc.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/user-svc.tf
deleted file mode 100644
index 49ed40bc4..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/user-svc.tf
+++ /dev/null
@@ -1,53 +0,0 @@
-
-variable "services_insecureDisableTLSVerify" {
-  type = bool
-  default = false
-}
-
-resource "helm_release" "user-svc" {
-  name  = "user-svc"
-  chart = "../../../charts/service"
-  wait = true
-
-  depends_on = [
-    helm_release.dapr,
-  ]
-
-  namespace = "user"
-  create_namespace = true
-
-  set {
-    name  = "app.name"
-    value = "user"
-  }
-
-  set {
-    name  = "image.repository"
-    value = "ghcr.io/helpwave/user-svc"
-  }
-
-  set {
-    name  = "image.tag"
-    value = "edge"
-  }
-
-  set {
-    name  = "image.pullPolicy"
-    value = "Always"
-  }
-
-  set {
-    name  = "service.enabled"
-    value = true
-  }
-
-  set {
-    name  = "postgres.disabled"
-    value = true
-  }
-
-  set {
-    name  = "insecureDisableTLSVerify"
-    value = var.services_insecureDisableTLSVerify
-  }
-}
diff --git a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/versions.tf b/infrastructure/terraform/modules/hw-tf-module-cluster-resources/versions.tf
deleted file mode 100644
index 84e907972..000000000
--- a/infrastructure/terraform/modules/hw-tf-module-cluster-resources/versions.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-terraform {
-  required_providers {
-    kubectl = {
-      source = "gavinbunney/kubectl"
-      version = "1.14.0"
-    }
-
-    helm = {
-      source = "hashicorp/helm"
-      version = "2.8.0"
-    }
-  }
-}
diff --git a/renovate.json b/renovate.json
index 1fa7f72b2..e9d6f853a 100644
--- a/renovate.json
+++ b/renovate.json
@@ -19,7 +19,6 @@
   },
   "rangeStrategy": "pin",
   "ignorePaths": [
-    "infrastructure/**",
     "gen/**"
   ],
   "packageRules": [