From 7b05910eaa57c1b37cecd2b295c8e99d5a9b15d9 Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Date: Fri, 12 Jun 2026 17:17:51 +0200
Subject: [PATCH] fixes

---
 .tofu/platforms/upc/prod/main.tf | 103 -------------------------------
 .tofu/scripts/get-kubeconfig.sh  |  55 +++++++++++++++--
 .tofu/scripts/setup-cluster.sh   |  58 ++++++++++-------
 bootstrap.sh                     |   2 +-
 4 files changed, 87 insertions(+), 131 deletions(-)

diff --git a/.tofu/platforms/upc/prod/main.tf b/.tofu/platforms/upc/prod/main.tf
index 195dbed..91c5109 100644
--- a/.tofu/platforms/upc/prod/main.tf
+++ b/.tofu/platforms/upc/prod/main.tf
@@ -1,64 +1,3 @@
-# =============================================================================
-# UpCloud Workload Cluster
-# =============================================================================
-# A lean UCS cluster for running application workloads. No managed data
-# services — those live on the platform cluster. ArgoCD (on the platform
-# cluster) deploys apps to this cluster via the app-of-apps pattern.
-#
-# Platform components deployed by deploy-workload.sh:
-#   nginx-ingress, cert-manager, external-dns, external-secrets, alloy
-#
-# Usage:
-#   tofu init && tofu plan && tofu apply
-#   ./sync-tofu-outputs.sh --env upcloud-workload
-#   ./deploy-workload.sh --env upcloud-workload
-# =============================================================================
-
-variable "prefix" {
-  description = "Prefix for resource names"
-  type        = string
-  default     = "clst-workload"
-}
-
-variable "zone" {
-  description = "UpCloud zone"
-  type        = string
-  default     = "no-svg1"
-}
-
-variable "node_plan" {
-  description = "UpCloud server plan for worker nodes"
-  type        = string
-  default     = "2xCPU-4GB"
-}
-
-variable "node_count" {
-  description = "Number of worker nodes"
-  type        = number
-  default     = 2
-}
-
-variable "network_cidr" {
-  description = "CIDR block for the private network"
-  type        = string
-  default     = "10.110.0.0/24"
-}
-
-variable "control_plane_ip_filter" {
-  description = "CIDRs allowed to access the K8s API"
-  type        = list(string)
-  default     = ["0.0.0.0/0"]
-}
-
-variable "tags" {
-  description = "Labels to apply to resources"
-  type        = map(string)
-  default = {
-    Environment = "workload"
-    ManagedBy   = "tofu"
-  }
-}
-
 module "cluster" {
   source = "../modules/cluster"
 
@@ -76,45 +15,3 @@ module "cluster" {
     ManagedBy   = "tofu"
   }
 }
-
-# ─── Networking ───────────────────────────────────────────────────────
-
-resource "upcloud_router" "kubernetes" {
-  name = "${var.prefix}-workload-router"
-}
-
-resource "upcloud_gateway" "kubernetes" {
-  name     = "${var.prefix}-workload-gateway"
-  zone     = var.zone
-  features = ["nat"]
-  router {
-    id = upcloud_router.kubernetes.id
-  }
-}
-
-resource "upcloud_network" "kubernetes" {
-  name   = "${var.prefix}-workload-network"
-  zone   = var.zone
-  router = upcloud_router.kubernetes.id
-
-  ip_network {
-    address            = var.network_cidr
-    dhcp               = true
-    dhcp_default_route = true
-    family             = "IPv4"
-    gateway            = cidrhost(var.network_cidr, 1)
-  }
-
-  depends_on = [upcloud_gateway.kubernetes]
-}
-
-# ─── Kubernetes Cluster ───────────────────────────────────────────────
-
-resource "upcloud_kubernetes_cluster" "main-prod" {
-  name                    = "${var.prefix}-workload"
-  zone                    = var.zone
-  network                 = upcloud_network.kubernetes.id
-  control_plane_ip_filter = var.control_plane_ip_filter
-
-  private_node_groups = true
-}
diff --git a/.tofu/scripts/get-kubeconfig.sh b/.tofu/scripts/get-kubeconfig.sh
index 61d588d..e6e53f1 100644
--- a/.tofu/scripts/get-kubeconfig.sh
+++ b/.tofu/scripts/get-kubeconfig.sh
@@ -5,9 +5,56 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 TOFU_ROOT="$(dirname "$SCRIPT_DIR")"
 PROJECT_ROOT="$(dirname "$TOFU_ROOT")"
 
-CLUSTER="${1:?Usage: $0 <cluster> (e.g., aks-dev, eks-prod)}"
+usage() {
+  cat <<EOF
+Usage: $0 <cluster> --envtype <dev|prod|workload>
+
+  Fetch (or reuse) a kubeconfig for the given cluster.
+  Platform is read from the cluster prefix (<platform>-...).
+  Env type must be supplied explicitly — it is no longer inferred
+  from the cluster name, so names like 'upc-forte-group' work.
+
+  Examples:
+    $0 aks-dev          --envtype dev
+    $0 upc-forte-group  --envtype prod
+    $0 eks-workload     --envtype workload
+EOF
+  exit "${1:-0}"
+}
+
+CLUSTER=""
+ENVTYPE=""
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --envtype)    ENVTYPE="${2:-}"; shift 2 ;;
+    --envtype=*)  ENVTYPE="${1#*=}"; shift ;;
+    -h|--help)    usage 0 ;;
+    -*)           echo "Unknown option: $1"; usage 1 ;;
+    *)
+      if [[ -z "$CLUSTER" ]]; then
+        CLUSTER="$1"; shift
+      else
+        echo "Error: unexpected argument '$1'"; usage 1
+      fi
+      ;;
+  esac
+done
+
+[[ -z "$CLUSTER" ]] && { echo "Error: <cluster> argument required"; usage 1; }
+[[ -z "$ENVTYPE" ]] && { echo "Error: --envtype <dev|prod|workload> required"; usage 1; }
+
+case "$ENVTYPE" in
+  dev|prod|workload) ;;
+  *) echo "Error: invalid --envtype '$ENVTYPE'. Expected: dev, prod, workload"; exit 1 ;;
+esac
+
 PLATFORM="${CLUSTER%%-*}"
-ENV="${CLUSTER#*-}"
+ENV="$ENVTYPE"
+
+case "$PLATFORM" in
+  aks|eks|gke|upc) ;;
+  *) echo "Error: unknown platform '$PLATFORM'. Expected: aks, eks, gke, upc"; exit 1 ;;
+esac
 
 KUBECONFIG_FILE="$PROJECT_ROOT/private/$CLUSTER/kubeconfig"
 
@@ -53,10 +100,6 @@ else
       CLUSTER_ID=$(tofu output -raw cluster_id 2>/dev/null || echo "${UPCLOUD_CLUSTER_ID:-}")
       upctl kubernetes config "$CLUSTER_ID" > "$KUBECONFIG_FILE"
       ;;
-    *)
-      echo "Error: unknown platform '$PLATFORM'"
-      exit 1
-      ;;
   esac
 
   chmod 600 "$KUBECONFIG_FILE"
diff --git a/.tofu/scripts/setup-cluster.sh b/.tofu/scripts/setup-cluster.sh
index c36fb07..3bfd637 100644
--- a/.tofu/scripts/setup-cluster.sh
+++ b/.tofu/scripts/setup-cluster.sh
@@ -8,26 +8,33 @@ PROJECT_ROOT="$(dirname "$TOFU_ROOT")"
 # ─── Usage ────────────────────────────────────────────────────────────
 usage() {
   cat <<EOF
-Usage: $0 <cluster> [options]
+Usage: $0 <cluster> --envtype <dev|prod|workload> [options]
 
   Provision a Kubernetes cluster using OpenTofu.
-  Mirrors bootstrap.sh convention: cluster = <platform>-<env>
+  Cluster name is opaque — platform is read from its prefix
+  (<platform>-...), env is taken from --envtype.
 
-  Clusters:   aks-dev | aks-prod | eks-dev | eks-prod
-              gke-dev | gke-prod | upc-dev | upc-prod
-              upc-forte-group
-              <platform>-workload (for workload clusters)
+  Platforms (inferred from cluster prefix):
+    aks | eks | gke | upc
+
+  Env types (required via --envtype):
+    dev       Platform cluster, development
+    prod      Platform cluster, production
+    workload  Lean cluster for application workloads (no managed data
+              services — those run on the platform cluster)
 
   Options:
-    --plan        Plan only, don't apply
-    --destroy     Destroy the cluster (use teardown-cluster.sh instead)
-    --auto        Skip confirmation prompts
-    -h, --help    Show this help
+    --envtype <type>   dev | prod | workload  (required)
+    --plan             Plan only, don't apply
+    --destroy          Destroy the cluster (use teardown-cluster.sh instead)
+    --auto             Skip confirmation prompts
+    -h, --help         Show this help
 
   Examples:
-    $0 aks-dev
-    $0 eks-prod --plan
-    $0 upc-dev --auto
+    $0 aks-dev          --envtype dev
+    $0 eks-prod         --envtype prod --plan
+    $0 upc-forte-group  --envtype prod --auto
+    $0 upc-workload     --envtype workload
 
   Prerequisites:
     - tofu, kubectl, helm installed
@@ -42,17 +49,20 @@ EOF
 
 # ─── Parse arguments ──────────────────────────────────────────────────
 CLUSTER=""
+ENVTYPE=""
 PLAN_ONLY=false
 DESTROY=false
 AUTO_APPROVE=false
 
 while [[ $# -gt 0 ]]; do
   case "$1" in
-    --plan)       PLAN_ONLY=true; shift ;;
-    --destroy)    DESTROY=true; shift ;;
-    --auto)       AUTO_APPROVE=true; shift ;;
-    -h|--help)    usage 0 ;;
-    -*)           echo "Unknown option: $1"; usage 1 ;;
+    --plan)        PLAN_ONLY=true; shift ;;
+    --destroy)     DESTROY=true; shift ;;
+    --auto)        AUTO_APPROVE=true; shift ;;
+    --envtype)     ENVTYPE="${2:-}"; shift 2 ;;
+    --envtype=*)   ENVTYPE="${1#*=}"; shift ;;
+    -h|--help)     usage 0 ;;
+    -*)            echo "Unknown option: $1"; usage 1 ;;
     *)
       if [[ -z "$CLUSTER" ]]; then
         CLUSTER="$1"
@@ -66,10 +76,16 @@ while [[ $# -gt 0 ]]; do
 done
 
 [[ -z "$CLUSTER" ]] && { echo "Error: <cluster> argument required"; usage 1; }
+[[ -z "$ENVTYPE" ]] && { echo "Error: --envtype <dev|prod|workload> required"; usage 1; }
 
-# ─── Map cluster → platform + env ────────────────────────────────────
-PLATFORM="${CLUSTER%%-*}"   # aks-dev → aks
-ENV="${CLUSTER#*-}"         # aks-dev → dev
+case "$ENVTYPE" in
+  dev|prod|workload) ;;
+  *) echo "Error: invalid --envtype '$ENVTYPE'. Expected: dev, prod, workload"; exit 1 ;;
+esac
+
+# ─── Resolve platform + env ───────────────────────────────────────────
+PLATFORM="${CLUSTER%%-*}"   # cluster prefix → platform (e.g. upc-forte-group → upc)
+ENV="$ENVTYPE"              # env comes from --envtype, not the cluster name
 
 case "$PLATFORM" in
   aks|eks|gke|upc) ;;
diff --git a/bootstrap.sh b/bootstrap.sh
index 99592ec..e6a3ba7 100644
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -3,7 +3,7 @@
 # in case of  $'\r': command not found error, run command below first
 # sed -i 's/\r$//' ./bootstrap.sh
 
-CLUSTER="${1:?Usage: ./bootstrap.sh <cluster> (upc-dev|upc-prod|upc-forte-group|aks-dev|aks-prod|eks-dev|eks-prod|gke-dev|gke-prod)}"
+CLUSTER="${1:?Usage: ./bootstrap.sh <cluster>  # e.g. upc-dev, upc-prod, upc-forte-group, aks-dev, eks-prod, gke-dev — must match clusters/<cluster>.yaml}"
 
 echo "running $0 for cluster: ${CLUSTER}..."