From 50a5e829ca80a32a88e75d393879eed32298ec00 Mon Sep 17 00:00:00 2001 From: fchinembiri Date: Mon, 4 May 2026 19:59:33 +0200 Subject: [PATCH] feat: update terraform with full cluster inventory and Portainer - Added all cluster namespaces to terraform (geocrop, argocd, monitoring, ingress-nginx, cert-manager, authentik, supabase, portainer) - Added comprehensive cluster inventory documenting all pods/deployments - Portainer CE deployed via kubectl (NodePort 30778/30779) - Imported existing namespaces into terraform state - Updated helm provider version in lock file --- terraform/.terraform.lock.hcl | 20 ++++ terraform/main.tf | 131 ++++++++++++++++++++- terraform/terraform.tfstate | 212 +++++++++++++++++++++++++++++++++- 3 files changed, 358 insertions(+), 5 deletions(-) diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index a9683e5..a6d2d16 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,6 +1,26 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/helm" { + version = "2.17.0" + constraints = "~> 2.0" + hashes = [ + "h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=", + "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", + "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", + "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3", + "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c", + "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd", + "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940", + "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e", + "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930", + "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f", + "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654", + "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.38.0" constraints = "~> 2.0" diff --git a/terraform/main.tf b/terraform/main.tf index e79faf3..3cb518f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -11,19 +11,142 @@ provider "kubernetes" { config_path = "/etc/rancher/k3s/k3s.yaml" } -# Core application namespace +# ========================================== +# NAMESPACES +# ========================================== + resource "kubernetes_namespace" "geocrop" { metadata { name = "geocrop" } } -# GitOps management namespace resource "kubernetes_namespace" "argocd" { metadata { name = "argocd" } } -# Note: Resource quotas are intentionally omitted for now -# to allow heavy MLOps processes (Jupyter/MLflow) to use available cluster RAM. +resource "kubernetes_namespace" "monitoring" { + metadata { + name = "monitoring" + } +} + +resource "kubernetes_namespace" "ingress_nginx" { + metadata { + name = "ingress-nginx" + } +} + +resource "kubernetes_namespace" "cert_manager" { + metadata { + name = "cert-manager" + } +} + +resource "kubernetes_namespace" "authentik" { + metadata { + name = "authentik" + } +} + +resource "kubernetes_namespace" "supabase" { + metadata { + name = "supabase" + } +} + +resource "kubernetes_namespace" "portainer" { + metadata { + name = "portainer" + } +} + +# ========================================== +# PORTAINER (kubectl deployed) +# Port installed via kubectl manifest at: +# NodePort: 30778 (HTTP 9000), 30779 (HTTPS 9443) +# PVC: 10Gi local-path on vmi3045103.contaboserver.net +# ========================================== + +# Note: Portainer is manually deployed via kubectl +# and tracked in Terraform state as documentation. +# To manage via Terraform, use helm_release resource +# once helm provider is properly configured. + +# ========================================== +# CLUSTER INVENTORY +# +# geocrop namespace: +# - geocrop-api (FastAPI backend) +# - geocrop-web (React frontend) +# - geocrop-worker (RQ inference worker) +# - geocrop-tiler (Tile server) +# - geocrop-db (PostGIS database) +# - redis (Job queue broker) +# - minio (S3 storage) +# - mlflow (Experiment tracking) +# - jupyter-lab (Data science IDE) +# - gitea (Source control) +# - gitea-runner (CI runner) +# +# argocd namespace: +# - argo-server (Workflow UI) +# - workflow-controller (Workflow engine) +# - argocd-server (CD dashboard) +# - argocd-repo-server (Git repo sync) +# - argocd-application-controller (App controller) +# - argocd-notifications-controller +# - argocd-dex-server (OAuth) +# - argocd-redis +# +# monitoring namespace: +# - prometheus-server +# - grafana +# - prometheus-kube-state-metrics +# - prometheus-node-exporter (x3 nodes) +# - ntfy (Notification service) +# - uptime-kuma (Uptime monitoring) +# +# authentik namespace: +# - authentik-server +# - authentik-worker +# - authentik-postgres +# - authentik-redis +# +# supabase namespace: +# - kong (API gateway) +# - auth (Auth service) +# - postgres (Database) +# - storage (Object storage) +# - rest (REST API) +# - realtime (Real-time) +# +# ingress-nginx namespace: +# - ingress-nginx-controller +# +# cert-manager namespace: +# - cert-manager +# - cert-manager-cainjector +# - cert-manager-webhook +# +# portainer namespace: +# - portainer (Portainer CE web UI) +# - NodePort: 30778 (HTTP), 30779 (HTTPS) +# - Storage: 10Gi local-path PVC +# +# kube-system namespace: +# - coredns +# - metrics-server +# - local-path-provisioner +# - fix-ufw-ds (Firewall fix daemonset) +# +# kubernetes-dashboard namespace: +# - kubernetes-dashboard +# - dashboard-metrics-scraper +# +# argo namespace: +# - argo-server +# - workflow-controller +# ========================================== \ No newline at end of file diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate index e204f4f..7dcee0b 100644 --- a/terraform/terraform.tfstate +++ b/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.9", - "serial": 2, + "serial": 19, "lineage": "80e41663-9b90-f349-cc6c-be6879179605", "outputs": {}, "resources": [ @@ -40,6 +40,76 @@ } ] }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "authentik", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "authentik", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "authentik", + "resource_version": "3514025", + "uid": "b088b647-a07a-41a3-8b90-8d6de8e2d414" + } + ], + "timeouts": null, + "wait_for_default_service_account": null + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "authentik" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "cert_manager", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "cert-manager", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "cert-manager", + "resource_version": "2878", + "uid": "39f3b924-9098-425c-aac2-456e1eff6376" + } + ], + "timeouts": null, + "wait_for_default_service_account": null + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "cert-manager" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, { "mode": "managed", "type": "kubernetes_namespace", @@ -74,6 +144,146 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" } ] + }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "ingress_nginx", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "ingress-nginx", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "ingress-nginx", + "resource_version": "4046501", + "uid": "5a5bd1ce-22cd-42ef-b6fb-3721fee1f8a5" + } + ], + "timeouts": null, + "wait_for_default_service_account": false + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "ingress-nginx" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "monitoring", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "monitoring", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "monitoring", + "resource_version": "2663689", + "uid": "2f68bdaf-68a6-4006-b61d-f90d6927a8ea" + } + ], + "timeouts": null, + "wait_for_default_service_account": null + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "monitoring" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "portainer", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "portainer", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "portainer", + "resource_version": "4046578", + "uid": "4d684a99-7e04-498a-b691-22df1708a8f0" + } + ], + "timeouts": null, + "wait_for_default_service_account": false + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "portainer" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "kubernetes_namespace", + "name": "supabase", + "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "supabase", + "metadata": [ + { + "annotations": {}, + "generate_name": "", + "generation": 0, + "labels": {}, + "name": "supabase", + "resource_version": "1817651", + "uid": "1b307137-cb5e-4f96-90a8-6ff6a3d2dcb6" + } + ], + "timeouts": null, + "wait_for_default_service_account": null + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "api_version": "v1", + "kind": "Namespace", + "name": "supabase" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] } ], "check_results": null