152 lines
3.3 KiB
HCL
152 lines
3.3 KiB
HCL
terraform {
|
|
required_providers {
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = "~> 2.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "kubernetes" {
|
|
config_path = "/etc/rancher/k3s/k3s.yaml"
|
|
}
|
|
|
|
# ==========================================
|
|
# NAMESPACES
|
|
# ==========================================
|
|
|
|
resource "kubernetes_namespace" "geocrop" {
|
|
metadata {
|
|
name = "geocrop"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "argocd" {
|
|
metadata {
|
|
name = "argocd"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "monitoring" {
|
|
metadata {
|
|
name = "monitoring"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "ingress_nginx" {
|
|
metadata {
|
|
name = "ingress-nginx"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "cert_manager" {
|
|
metadata {
|
|
name = "cert-manager"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "authentik" {
|
|
metadata {
|
|
name = "authentik"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "supabase" {
|
|
metadata {
|
|
name = "supabase"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "portainer" {
|
|
metadata {
|
|
name = "portainer"
|
|
}
|
|
}
|
|
|
|
# ==========================================
|
|
# PORTAINER (kubectl deployed)
|
|
# Port installed via kubectl manifest at:
|
|
# NodePort: 30778 (HTTP 9000), 30779 (HTTPS 9443)
|
|
# PVC: 10Gi local-path on vmi3045103.contaboserver.net
|
|
# ==========================================
|
|
|
|
# Note: Portainer is manually deployed via kubectl
|
|
# and tracked in Terraform state as documentation.
|
|
# To manage via Terraform, use helm_release resource
|
|
# once helm provider is properly configured.
|
|
|
|
# ==========================================
|
|
# CLUSTER INVENTORY
|
|
#
|
|
# geocrop namespace:
|
|
# - geocrop-api (FastAPI backend)
|
|
# - geocrop-web (React frontend)
|
|
# - geocrop-worker (RQ inference worker)
|
|
# - geocrop-tiler (Tile server)
|
|
# - geocrop-db (PostGIS database)
|
|
# - redis (Job queue broker)
|
|
# - minio (S3 storage)
|
|
# - mlflow (Experiment tracking)
|
|
# - jupyter-lab (Data science IDE)
|
|
# - gitea (Source control)
|
|
# - gitea-runner (CI runner)
|
|
#
|
|
# argocd namespace:
|
|
# - argo-server (Workflow UI)
|
|
# - workflow-controller (Workflow engine)
|
|
# - argocd-server (CD dashboard)
|
|
# - argocd-repo-server (Git repo sync)
|
|
# - argocd-application-controller (App controller)
|
|
# - argocd-notifications-controller
|
|
# - argocd-dex-server (OAuth)
|
|
# - argocd-redis
|
|
#
|
|
# monitoring namespace:
|
|
# - prometheus-server
|
|
# - grafana
|
|
# - prometheus-kube-state-metrics
|
|
# - prometheus-node-exporter (x3 nodes)
|
|
# - ntfy (Notification service)
|
|
# - uptime-kuma (Uptime monitoring)
|
|
#
|
|
# authentik namespace:
|
|
# - authentik-server
|
|
# - authentik-worker
|
|
# - authentik-postgres
|
|
# - authentik-redis
|
|
#
|
|
# supabase namespace:
|
|
# - kong (API gateway)
|
|
# - auth (Auth service)
|
|
# - postgres (Database)
|
|
# - storage (Object storage)
|
|
# - rest (REST API)
|
|
# - realtime (Real-time)
|
|
#
|
|
# ingress-nginx namespace:
|
|
# - ingress-nginx-controller
|
|
#
|
|
# cert-manager namespace:
|
|
# - cert-manager
|
|
# - cert-manager-cainjector
|
|
# - cert-manager-webhook
|
|
#
|
|
# portainer namespace:
|
|
# - portainer (Portainer CE web UI)
|
|
# - NodePort: 30778 (HTTP), 30779 (HTTPS)
|
|
# - Storage: 10Gi local-path PVC
|
|
#
|
|
# kube-system namespace:
|
|
# - coredns
|
|
# - metrics-server
|
|
# - local-path-provisioner
|
|
# - fix-ufw-ds (Firewall fix daemonset)
|
|
#
|
|
# kubernetes-dashboard namespace:
|
|
# - kubernetes-dashboard
|
|
# - dashboard-metrics-scraper
|
|
#
|
|
# argo namespace:
|
|
# - argo-server
|
|
# - workflow-controller
|
|
# ========================================== |