fchinembiri
/
geocrop-platform.
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update terraform with full cluster inventory and Portainer 

- Added all cluster namespaces to terraform (geocrop, argocd, monitoring, ingress-nginx, cert-manager, authentik, supabase, portainer)
- Added comprehensive cluster inventory documenting all pods/deployments
- Portainer CE deployed via kubectl (NodePort 30778/30779)
- Imported existing namespaces into terraform state
- Updated helm provider version in lock file
This commit is contained in:
fchinembiri 2026-05-04 19:59:33 +02:00
parent e2cfec586b
commit 50a5e829ca
3 changed files with 358 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
terraform/.terraform.lock.hcl
View File

@ -1,6 +1,26 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/helm" {
version = "2.17.0"
constraints = "~> 2.0"
hashes = [
"h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=",
"zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4",
"zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7",
"zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3",
"zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c",
"zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd",
"zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940",
"zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e",
"zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930",
"zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f",
"zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654",
"zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.38.0"
constraints = "~> 2.0"

131
terraform/main.tf
View File

@ -11,19 +11,142 @@ provider "kubernetes" {
config_path = "/etc/rancher/k3s/k3s.yaml"
}
# Core application namespace
# ==========================================
# NAMESPACES
# ==========================================
resource "kubernetes_namespace" "geocrop" {
metadata {
name = "geocrop"
}
}
# GitOps management namespace
resource "kubernetes_namespace" "argocd" {
metadata {
name = "argocd"
}
}
# Note: Resource quotas are intentionally omitted for now
# to allow heavy MLOps processes (Jupyter/MLflow) to use available cluster RAM.
resource "kubernetes_namespace" "monitoring" {
metadata {
name = "monitoring"
}
}
resource "kubernetes_namespace" "ingress_nginx" {
metadata {
name = "ingress-nginx"
}
}
resource "kubernetes_namespace" "cert_manager" {
metadata {
name = "cert-manager"
}
}
resource "kubernetes_namespace" "authentik" {
metadata {
name = "authentik"
}
}
resource "kubernetes_namespace" "supabase" {
metadata {
name = "supabase"
}
}
resource "kubernetes_namespace" "portainer" {
metadata {
name = "portainer"
}
}
# ==========================================
# PORTAINER (kubectl deployed)
# Port installed via kubectl manifest at:
# NodePort: 30778 (HTTP 9000), 30779 (HTTPS 9443)
# PVC: 10Gi local-path on vmi3045103.contaboserver.net
# ==========================================
# Note: Portainer is manually deployed via kubectl
# and tracked in Terraform state as documentation.
# To manage via Terraform, use helm_release resource
# once helm provider is properly configured.
# ==========================================
# CLUSTER INVENTORY
#
# geocrop namespace:
# - geocrop-api (FastAPI backend)
# - geocrop-web (React frontend)
# - geocrop-worker (RQ inference worker)
# - geocrop-tiler (Tile server)
# - geocrop-db (PostGIS database)
# - redis (Job queue broker)
# - minio (S3 storage)
# - mlflow (Experiment tracking)
# - jupyter-lab (Data science IDE)
# - gitea (Source control)
# - gitea-runner (CI runner)
#
# argocd namespace:
# - argo-server (Workflow UI)
# - workflow-controller (Workflow engine)
# - argocd-server (CD dashboard)
# - argocd-repo-server (Git repo sync)
# - argocd-application-controller (App controller)
# - argocd-notifications-controller
# - argocd-dex-server (OAuth)
# - argocd-redis
#
# monitoring namespace:
# - prometheus-server
# - grafana
# - prometheus-kube-state-metrics
# - prometheus-node-exporter (x3 nodes)
# - ntfy (Notification service)
# - uptime-kuma (Uptime monitoring)
#
# authentik namespace:
# - authentik-server
# - authentik-worker
# - authentik-postgres
# - authentik-redis
#
# supabase namespace:
# - kong (API gateway)
# - auth (Auth service)
# - postgres (Database)
# - storage (Object storage)
# - rest (REST API)
# - realtime (Real-time)
#
# ingress-nginx namespace:
# - ingress-nginx-controller
#
# cert-manager namespace:
# - cert-manager
# - cert-manager-cainjector
# - cert-manager-webhook
#
# portainer namespace:
# - portainer (Portainer CE web UI)
# - NodePort: 30778 (HTTP), 30779 (HTTPS)
# - Storage: 10Gi local-path PVC
#
# kube-system namespace:
# - coredns
# - metrics-server
# - local-path-provisioner
# - fix-ufw-ds (Firewall fix daemonset)
#
# kubernetes-dashboard namespace:
# - kubernetes-dashboard
# - dashboard-metrics-scraper
#
# argo namespace:
# - argo-server
# - workflow-controller
# ==========================================

212
terraform/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.14.9",
"serial": 2,
"serial": 19,
"lineage": "80e41663-9b90-f349-cc6c-be6879179605",
"outputs": {},
"resources": [
@ -40,6 +40,76 @@
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "authentik",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "authentik",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "authentik",
"resource_version": "3514025",
"uid": "b088b647-a07a-41a3-8b90-8d6de8e2d414"
}
],
"timeouts": null,
"wait_for_default_service_account": null
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "authentik"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "cert_manager",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "cert-manager",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "cert-manager",
"resource_version": "2878",
"uid": "39f3b924-9098-425c-aac2-456e1eff6376"
}
],
"timeouts": null,
"wait_for_default_service_account": null
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "cert-manager"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
@ -74,6 +144,146 @@
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "ingress_nginx",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "ingress-nginx",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "ingress-nginx",
"resource_version": "4046501",
"uid": "5a5bd1ce-22cd-42ef-b6fb-3721fee1f8a5"
}
],
"timeouts": null,
"wait_for_default_service_account": false
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "ingress-nginx"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "monitoring",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "monitoring",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "monitoring",
"resource_version": "2663689",
"uid": "2f68bdaf-68a6-4006-b61d-f90d6927a8ea"
}
],
"timeouts": null,
"wait_for_default_service_account": null
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "monitoring"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "portainer",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "portainer",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "portainer",
"resource_version": "4046578",
"uid": "4d684a99-7e04-498a-b691-22df1708a8f0"
}
],
"timeouts": null,
"wait_for_default_service_account": false
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "portainer"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "kubernetes_namespace",
"name": "supabase",
"provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "supabase",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {},
"name": "supabase",
"resource_version": "1817651",
"uid": "1b307137-cb5e-4f96-90a8-6ff6a3d2dcb6"
}
],
"timeouts": null,
"wait_for_default_service_account": null
},
"sensitive_attributes": [],
"identity_schema_version": 1,
"identity": {
"api_version": "v1",
"kind": "Namespace",
"name": "supabase"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
}
]
}
],
"check_results": null