terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.0"
    }
  }
}

provider "kubernetes" {
  config_path = "/etc/rancher/k3s/k3s.yaml"
}

# ==========================================
# NAMESPACES
# ==========================================

resource "kubernetes_namespace" "geocrop" {
  metadata {
    name = "geocrop"
  }
}

resource "kubernetes_namespace" "argocd" {
  metadata {
    name = "argocd"
  }
}

resource "kubernetes_namespace" "monitoring" {
  metadata {
    name = "monitoring"
  }
}

resource "kubernetes_namespace" "ingress_nginx" {
  metadata {
    name = "ingress-nginx"
  }
}

resource "kubernetes_namespace" "cert_manager" {
  metadata {
    name = "cert-manager"
  }
}

resource "kubernetes_namespace" "authentik" {
  metadata {
    name = "authentik"
  }
}

resource "kubernetes_namespace" "supabase" {
  metadata {
    name = "supabase"
  }
}

resource "kubernetes_namespace" "portainer" {
  metadata {
    name = "portainer"
  }
}

# ==========================================
# PORTAINER (kubectl deployed)
# Port installed via kubectl manifest at:
# NodePort: 30778 (HTTP 9000), 30779 (HTTPS 9443)
# PVC: 10Gi local-path on vmi3045103.contaboserver.net
# ==========================================

# Note: Portainer is manually deployed via kubectl
# and tracked in Terraform state as documentation.
# To manage via Terraform, use helm_release resource
# once helm provider is properly configured.

# ==========================================
# CLUSTER INVENTORY
#
# geocrop namespace:
#   - geocrop-api (FastAPI backend)
#   - geocrop-web (React frontend)
#   - geocrop-worker (RQ inference worker)
#   - geocrop-tiler (Tile server)
#   - geocrop-db (PostGIS database)
#   - redis (Job queue broker)
#   - minio (S3 storage)
#   - mlflow (Experiment tracking)
#   - jupyter-lab (Data science IDE)
#   - gitea (Source control)
#   - gitea-runner (CI runner)
#
# argocd namespace:
#   - argo-server (Workflow UI)
#   - workflow-controller (Workflow engine)
#   - argocd-server (CD dashboard)
#   - argocd-repo-server (Git repo sync)
#   - argocd-application-controller (App controller)
#   - argocd-notifications-controller
#   - argocd-dex-server (OAuth)
#   - argocd-redis
#
# monitoring namespace:
#   - prometheus-server
#   - grafana
#   - prometheus-kube-state-metrics
#   - prometheus-node-exporter (x3 nodes)
#   - ntfy (Notification service)
#   - uptime-kuma (Uptime monitoring)
#
# authentik namespace:
#   - authentik-server
#   - authentik-worker
#   - authentik-postgres
#   - authentik-redis
#
# supabase namespace:
#   - kong (API gateway)
#   - auth (Auth service)
#   - postgres (Database)
#   - storage (Object storage)
#   - rest (REST API)
#   - realtime (Real-time)
#
# ingress-nginx namespace:
#   - ingress-nginx-controller
#
# cert-manager namespace:
#   - cert-manager
#   - cert-manager-cainjector
#   - cert-manager-webhook
#
# portainer namespace:
#   - portainer (Portainer CE web UI)
#     - NodePort: 30778 (HTTP), 30779 (HTTPS)
#     - Storage: 10Gi local-path PVC
#
# kube-system namespace:
#   - coredns
#   - metrics-server
#   - local-path-provisioner
#   - fix-ufw-ds (Firewall fix daemonset)
#
# kubernetes-dashboard namespace:
#   - kubernetes-dashboard
#   - dashboard-metrics-scraper
#
# argo namespace:
#   - argo-server
#   - workflow-controller
# ==========================================