feat: update terraform with full cluster inventory and Portainer

- Added all cluster namespaces to terraform (geocrop, argocd, monitoring, ingress-nginx, cert-manager, authentik, supabase, portainer) - Added comprehensive cluster inventory documenting all pods/deployments - Portainer CE deployed via kubectl (NodePort 30778/30779) - Imported existing namespaces into terraform state - Updated helm provider version in lock file
2026-05-04 19:59:33 +02:00 · 2026-05-04 19:59:33 +02:00 · 50a5e829ca
parent e2cfec586b
commit 50a5e829ca
3 changed files with 358 additions and 5 deletions
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@ -1,6 +1,26 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/helm" {
  version     = "2.17.0"
  constraints = "~> 2.0"
  hashes = [
    "h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=",
    "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4",
    "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7",
    "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3",
    "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c",
    "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd",
    "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940",
    "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e",
    "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930",
    "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f",
    "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654",
    "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
  ]
 }
 provider "registry.terraform.io/hashicorp/kubernetes" {
  version     = "2.38.0"
  constraints = "~> 2.0"
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -11,19 +11,142 @@ provider "kubernetes" {
  config_path = "/etc/rancher/k3s/k3s.yaml"
 }
-# Core application namespace
+# ==========================================
 # NAMESPACES
 # ==========================================
 resource "kubernetes_namespace" "geocrop" {
  metadata {
    name = "geocrop"
  }
 }
 # GitOps management namespace
 resource "kubernetes_namespace" "argocd" {
  metadata {
    name = "argocd"
  }
 }
-# Note: Resource quotas are intentionally omitted for now 
+resource "kubernetes_namespace" "monitoring" {
-# to allow heavy MLOps processes (Jupyter/MLflow) to use available cluster RAM.
+  metadata {
    name = "monitoring"
  }
 }
 resource "kubernetes_namespace" "ingress_nginx" {
  metadata {
    name = "ingress-nginx"
  }
 }
 resource "kubernetes_namespace" "cert_manager" {
  metadata {
    name = "cert-manager"
  }
 }
 resource "kubernetes_namespace" "authentik" {
  metadata {
    name = "authentik"
  }
 }
 resource "kubernetes_namespace" "supabase" {
  metadata {
    name = "supabase"
  }
 }
 resource "kubernetes_namespace" "portainer" {
  metadata {
    name = "portainer"
  }
 }
 # ==========================================
 # PORTAINER (kubectl deployed)
 # Port installed via kubectl manifest at:
 # NodePort: 30778 (HTTP 9000), 30779 (HTTPS 9443)
 # PVC: 10Gi local-path on vmi3045103.contaboserver.net
 # ==========================================
 # Note: Portainer is manually deployed via kubectl
 # and tracked in Terraform state as documentation.
 # To manage via Terraform, use helm_release resource
 # once helm provider is properly configured.
 # ==========================================
 # CLUSTER INVENTORY
 #
 # geocrop namespace:
 #   - geocrop-api (FastAPI backend)
 #   - geocrop-web (React frontend)
 #   - geocrop-worker (RQ inference worker)
 #   - geocrop-tiler (Tile server)
 #   - geocrop-db (PostGIS database)
 #   - redis (Job queue broker)
 #   - minio (S3 storage)
 #   - mlflow (Experiment tracking)
 #   - jupyter-lab (Data science IDE)
 #   - gitea (Source control)
 #   - gitea-runner (CI runner)
 #
 # argocd namespace:
 #   - argo-server (Workflow UI)
 #   - workflow-controller (Workflow engine)
 #   - argocd-server (CD dashboard)
 #   - argocd-repo-server (Git repo sync)
 #   - argocd-application-controller (App controller)
 #   - argocd-notifications-controller
 #   - argocd-dex-server (OAuth)
 #   - argocd-redis
 #
 # monitoring namespace:
 #   - prometheus-server
 #   - grafana
 #   - prometheus-kube-state-metrics
 #   - prometheus-node-exporter (x3 nodes)
 #   - ntfy (Notification service)
 #   - uptime-kuma (Uptime monitoring)
 #
 # authentik namespace:
 #   - authentik-server
 #   - authentik-worker
 #   - authentik-postgres
 #   - authentik-redis
 #
 # supabase namespace:
 #   - kong (API gateway)
 #   - auth (Auth service)
 #   - postgres (Database)
 #   - storage (Object storage)
 #   - rest (REST API)
 #   - realtime (Real-time)
 #
 # ingress-nginx namespace:
 #   - ingress-nginx-controller
 #
 # cert-manager namespace:
 #   - cert-manager
 #   - cert-manager-cainjector
 #   - cert-manager-webhook
 #
 # portainer namespace:
 #   - portainer (Portainer CE web UI)
 #     - NodePort: 30778 (HTTP), 30779 (HTTPS)
 #     - Storage: 10Gi local-path PVC
 #
 # kube-system namespace:
 #   - coredns
 #   - metrics-server
 #   - local-path-provisioner
 #   - fix-ufw-ds (Firewall fix daemonset)
 #
 # kubernetes-dashboard namespace:
 #   - kubernetes-dashboard
 #   - dashboard-metrics-scraper
 #
 # argo namespace:
 #   - argo-server
 #   - workflow-controller
 # ==========================================
--- a/terraform/terraform.tfstate
+++ b/terraform/terraform.tfstate
@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "1.14.9",
-  "serial": 2,
+  "serial": 19,
  "lineage": "80e41663-9b90-f349-cc6c-be6879179605",
  "outputs": {},
  "resources": [
@ -40,6 +40,76 @@
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "authentik",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "authentik",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "authentik",
                "resource_version": "3514025",
                "uid": "b088b647-a07a-41a3-8b90-8d6de8e2d414"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": null
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "authentik"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "cert_manager",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "cert-manager",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "cert-manager",
                "resource_version": "2878",
                "uid": "39f3b924-9098-425c-aac2-456e1eff6376"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": null
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "cert-manager"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
@ -74,6 +144,146 @@
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "ingress_nginx",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "ingress-nginx",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "ingress-nginx",
                "resource_version": "4046501",
                "uid": "5a5bd1ce-22cd-42ef-b6fb-3721fee1f8a5"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": false
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "ingress-nginx"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "monitoring",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "monitoring",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "monitoring",
                "resource_version": "2663689",
                "uid": "2f68bdaf-68a6-4006-b61d-f90d6927a8ea"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": null
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "monitoring"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "portainer",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "portainer",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "portainer",
                "resource_version": "4046578",
                "uid": "4d684a99-7e04-498a-b691-22df1708a8f0"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": false
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "portainer"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "kubernetes_namespace",
      "name": "supabase",
      "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "supabase",
            "metadata": [
              {
                "annotations": {},
                "generate_name": "",
                "generation": 0,
                "labels": {},
                "name": "supabase",
                "resource_version": "1817651",
                "uid": "1b307137-cb5e-4f96-90a8-6ff6a3d2dcb6"
              }
            ],
            "timeouts": null,
            "wait_for_default_service_account": null
          },
          "sensitive_attributes": [],
          "identity_schema_version": 1,
          "identity": {
            "api_version": "v1",
            "kind": "Namespace",
            "name": "supabase"
          },
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    }
  ],
  "check_results": null