extract monitoring, nvidia, mailserver, cloudflared, kyverno from platform [ci skip]

Phase 2 of platform stack split. 5 more modules extracted into independent stacks. All applied successfully with zero destroys. Cloudflared now reads k8s_users from Vault directly to compute user_domains. Woodpecker pipeline runs all 8 extracted stacks in parallel. Memory bumped to 6Gi for 9 concurrent TF processes. Platform reduced from 27 to 19 modules.
2026-03-17 21:34:11 +00:00 · 2026-03-17 21:34:11 +00:00 · ae36dc253b
commit ae36dc253b
parent 3c804aedf8
73 changed files with 166093 additions and 96 deletions
--- a/stacks/monitoring/modules/monitoring/goflow2.tf
+++ b/stacks/monitoring/modules/monitoring/goflow2.tf
@ -0,0 +1,97 @@
+resource "kubernetes_deployment" "goflow2" {
+  metadata {
+    name      = "goflow2"
+    namespace = kubernetes_namespace.monitoring.metadata[0].name
+    labels = {
+      app  = "goflow2"
+      tier = var.tier
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "goflow2"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "goflow2"
+        }
+      }
+      spec {
+        container {
+          name  = "goflow2"
+          image = "netsampler/goflow2:v2.2.1"
+          args  = ["-listen", "netflow://:2055"]
+
+          port {
+            name           = "netflow"
+            container_port = 2055
+            protocol       = "UDP"
+          }
+          port {
+            name           = "metrics"
+            container_port = 8080
+            protocol       = "TCP"
+          }
+
+          resources {
+            requests = {
+              cpu    = "50m"
+              memory = "128Mi"
+            }
+            limits = {
+              memory = "128Mi"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "goflow2" {
+  metadata {
+    name      = "goflow2"
+    namespace = kubernetes_namespace.monitoring.metadata[0].name
+    labels = {
+      app = "goflow2"
+    }
+  }
+  spec {
+    selector = {
+      app = "goflow2"
+    }
+    port {
+      name        = "metrics"
+      port        = 8080
+      target_port = 8080
+      protocol    = "TCP"
+    }
+  }
+}
+
+resource "kubernetes_service" "goflow2-netflow" {
+  metadata {
+    name      = "goflow2-netflow"
+    namespace = kubernetes_namespace.monitoring.metadata[0].name
+    labels = {
+      app = "goflow2"
+    }
+  }
+  spec {
+    type = "NodePort"
+    selector = {
+      app = "goflow2"
+    }
+    port {
+      name        = "netflow"
+      port        = 2055
+      target_port = 2055
+      protocol    = "UDP"
+      node_port   = 32055
+    }
+  }
+}