Remove non-functional Woodpecker gRPC funnel (PR #173) #182

New issue

Closed

opened 2026-03-26 23:12:46 +00:00 by forgejo_admin · 2 comments

forgejo_admin commented

2026-03-26 23:12:46 +00:00

Owner

Type

Bug

Lineage

standalone — discovered during Mac agent setup (#174)

Repo

forgejo_admin/pal-e-platform

What Broke

PR #173 added a Tailscale funnel for Woodpecker gRPC (port 9000). Funnels terminate TLS and proxy as HTTP/1.1, which breaks gRPC's HTTP/2 binary framing. The funnel exists in Terraform and creates a pod, but serves no purpose — all agent traffic now goes through the Tailscale subnet router (#175) instead.

Repro Steps

kubectl get pods -n tailscale | grep woodpecker-grpc — pod running, consuming resources
kubectl logs -n tailscale ts-woodpecker-grpc-funnel-* — shows proxy error: malformed HTTP response
The funnel is unused — Mac agent connects via subnet router

Expected Behavior

No non-functional infrastructure running. The gRPC funnel resource should be removed from Terraform.

Environment

Resource: kubernetes_ingress_v1.woodpecker_grpc_funnel in terraform/main.tf
Pod: ts-woodpecker-grpc-funnel-* in tailscale namespace

Acceptance Criteria

woodpecker_grpc_funnel resource removed from terraform/main.tf
tofu apply destroys the funnel pod
No woodpecker-grpc node in tailscale status
Mac agent still connected (uses subnet router, not funnel)

pal-e-platform #173 — the PR that created this (merged, now known to be non-functional)
pal-e-platform #175 — subnet router that replaced it

### Type Bug ### Lineage standalone — discovered during Mac agent setup (#174) ### Repo `forgejo_admin/pal-e-platform` ### What Broke PR #173 added a Tailscale funnel for Woodpecker gRPC (port 9000). Funnels terminate TLS and proxy as HTTP/1.1, which breaks gRPC's HTTP/2 binary framing. The funnel exists in Terraform and creates a pod, but serves no purpose — all agent traffic now goes through the Tailscale subnet router (#175) instead. ### Repro Steps 1. `kubectl get pods -n tailscale | grep woodpecker-grpc` — pod running, consuming resources 2. `kubectl logs -n tailscale ts-woodpecker-grpc-funnel-*` — shows `proxy error: malformed HTTP response` 3. The funnel is unused — Mac agent connects via subnet router ### Expected Behavior No non-functional infrastructure running. The gRPC funnel resource should be removed from Terraform. ### Environment - Resource: `kubernetes_ingress_v1.woodpecker_grpc_funnel` in `terraform/main.tf` - Pod: `ts-woodpecker-grpc-funnel-*` in tailscale namespace ### Acceptance Criteria - [ ] `woodpecker_grpc_funnel` resource removed from `terraform/main.tf` - [ ] `tofu apply` destroys the funnel pod - [ ] No `woodpecker-grpc` node in `tailscale status` - [ ] Mac agent still connected (uses subnet router, not funnel) ### Related - pal-e-platform #173 — the PR that created this (merged, now known to be non-functional) - pal-e-platform #175 — subnet router that replaced it

forgejo_admin commented

2026-03-27 21:31:34 +00:00

Author

Owner

Scope Review: READY

Review note: review-401-2026-03-27
Scope is solid, all file targets verified, single-repo single-agent pass.

One clarification for the implementing agent: The issue body references terraform/main.tf but the resource was modularized to terraform/modules/networking/main.tf (lines 259-286) during state splitting (#197). The moved block at terraform/main.tf lines 174-177 must also be removed. Both are straightforward deletions.

## Scope Review: READY Review note: `review-401-2026-03-27` Scope is solid, all file targets verified, single-repo single-agent pass. **One clarification for the implementing agent:** The issue body references `terraform/main.tf` but the resource was modularized to `terraform/modules/networking/main.tf` (lines 259-286) during state splitting (#197). The `moved` block at `terraform/main.tf` lines 174-177 must also be removed. Both are straightforward deletions.

forgejo_admin referenced this issue from a commit

2026-03-27 21:35:09 +00:00

fix: remove non-functional Woodpecker gRPC funnel

forgejo_admin referenced this issue from a pull request that will close it,

2026-03-27 21:35:47 +00:00

fix: remove non-functional Woodpecker gRPC funnel (#182) #207

forgejo_admin closed this issue

2026-03-27 21:37:08 +00:00

forgejo_admin referenced this issue from a commit

2026-03-27 21:37:08 +00:00

fix: remove non-functional Woodpecker gRPC funnel (#182) (#207)

forgejo_admin commented

2026-03-27 21:50:36 +00:00

Author

Owner

Validation: PASS

Validation note: validation-182-2026-03-27
6 checks: 6 PASS, 0 FAIL

PR #207 merged at 31a27a3
No gRPC funnel resource in terraform/modules/networking/main.tf
No gRPC moved{} block in terraform/main.tf
No gRPC references anywhere in terraform/
kubectl get ingress -A confirms no gRPC ingress in cluster
tofu plan shows 0 to destroy (resource already cleaned up)

## Validation: PASS Validation note: `validation-182-2026-03-27` 6 checks: 6 PASS, 0 FAIL - PR #207 merged at `31a27a3` - No gRPC funnel resource in `terraform/modules/networking/main.tf` - No gRPC moved{} block in `terraform/main.tf` - No gRPC references anywhere in `terraform/` - `kubectl get ingress -A` confirms no gRPC ingress in cluster - `tofu plan` shows 0 to destroy (resource already cleaned up)