ldraney/pal-e-platform
1
0
Fork 0
Code Issues 104 Pull requests 7 Projects Releases Packages Wiki Activity Actions

NetworkPolicy: allow westside-ror to Postgres #366

Open
ldraney wants to merge 14 commits from netpol-westside-ror into main
pull from: netpol-westside-ror
merge into: ldraney:main
Conversation 1 Commits 14 Files changed -
ldraney commented 2026-05-10 17:28:04 +00:00
Owner
Copy link

Changes

  • Add westside-ror namespace to the postgres default-deny-ingress network policy ingress rules

Test Plan

  • kubectl patch verified — Rails app connects and queries live data (58 players, 8 teams, 8 coaches)
  • terraform apply to reconcile state

Review Checklist

  • Follows existing pattern (same as basketball-api, pal-enterprises entries)
  • Single-line addition, no side effects

Related Notes

Closes #365

## Changes - Add `westside-ror` namespace to the postgres `default-deny-ingress` network policy ingress rules ## Test Plan - [x] kubectl patch verified — Rails app connects and queries live data (58 players, 8 teams, 8 coaches) - [ ] `terraform apply` to reconcile state ## Review Checklist - [x] Follows existing pattern (same as basketball-api, pal-enterprises entries) - [x] Single-line addition, no side effects ## Related Notes Closes #365
NetworkPolicy: allow westside-ror namespace to Postgres
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
3624990c53 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
forgejo_admin commented 2026-05-10 17:28:51 +00:00
Contributor
Copy link

Tofu Plan Output (full)

module.networking.tailscale_acl.this: Refreshing state... [id=acl]
module.database.data.kubernetes_namespace_v1.pal_e_production: Reading...
module.database.data.kubernetes_namespace_v1.westside_admin: Reading...
module.database.data.kubernetes_namespace_v1.basketball_api: Reading...
module.database.kubernetes_namespace_v1.cnpg_system: Refreshing state... [id=cnpg-system]
module.database.kubernetes_namespace_v1.postgres: Refreshing state... [id=postgres]
module.keycloak.kubernetes_namespace_v1.keycloak: Refreshing state... [id=keycloak]
module.monitoring.kubernetes_namespace_v1.monitoring: Refreshing state... [id=monitoring]
module.staging.kubernetes_namespace_v1.staging: Refreshing state... [id=staging]
module.database.data.kubernetes_namespace_v1.pal_e_production: Read complete after 0s [id=pal-e-app]
module.database.data.kubernetes_namespace_v1.basketball_api: Read complete after 0s [id=basketball-api]
module.networking.kubernetes_namespace_v1.tailscale: Refreshing state... [id=tailscale]
module.forgejo.kubernetes_namespace_v1.forgejo: Refreshing state... [id=forgejo]
module.database.data.kubernetes_namespace_v1.westside_admin: Read complete after 0s [id=westside-admin]
module.database.kubernetes_secret_v1.paledocs_db_url: Refreshing state... [id=pal-e-app/paledocs-db-url]
module.monitoring.kubernetes_secret_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter]
module.monitoring.helm_release.kube_prometheus_stack: Refreshing state... [id=kube-prometheus-stack]
module.monitoring.kubernetes_service_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter]
module.monitoring.kubernetes_secret_v1.grafana_oidc: Refreshing state... [id=monitoring/grafana-oidc]
module.monitoring.helm_release.loki_stack: Refreshing state... [id=loki-stack]
module.database.helm_release.cnpg: Refreshing state... [id=cnpg]
module.monitoring.kubernetes_config_map_v1.uptime_dashboard: Refreshing state... [id=monitoring/uptime-dashboard]
module.database.kubernetes_job_v1.admin_app_user_provision: Refreshing state... [id=basketball-api/admin-app-user-provision-c5662180]
module.keycloak.kubernetes_service_v1.keycloak: Refreshing state... [id=keycloak/keycloak]
module.keycloak.kubernetes_config_map_v1.keycloak_westside_theme: Refreshing state... [id=keycloak/keycloak-westside-theme]
module.keycloak.kubernetes_secret_v1.keycloak_admin: Refreshing state... [id=keycloak/keycloak-admin]
module.keycloak.kubernetes_persistent_volume_claim_v1.keycloak_data: Refreshing state... [id=keycloak/keycloak-data]
module.forgejo.kubernetes_secret_v1.forgejo_oidc: Refreshing state... [id=forgejo/forgejo-oidc]
module.forgejo.kubernetes_config_map_v1.forgejo_custom_css: Refreshing state... [id=forgejo/forgejo-custom-css]
module.networking.helm_release.tailscale_operator: Refreshing state... [id=tailscale-operator]
kubernetes_manifest.netpol_basketball_api: Refreshing state...
kubernetes_manifest.netpol_monitoring: Refreshing state...
kubernetes_manifest.netpol_cnpg_system: Refreshing state...
kubernetes_manifest.netpol_staging: Refreshing state...
kubernetes_manifest.netpol_postgres: Refreshing state...
kubernetes_manifest.netpol_keycloak: Refreshing state...
module.database.kubernetes_secret_v1.admin_app_db_url: Refreshing state... [id=basketball-api/admin-app-db-url]
module.database.kubernetes_secret_v1.admin_app_db_url_westside_admin: Refreshing state... [id=westside-admin/admin-app-db-url]
module.keycloak.kubernetes_deployment_v1.keycloak: Refreshing state... [id=keycloak/keycloak]
module.forgejo.helm_release.forgejo: Refreshing state... [id=forgejo]
kubernetes_manifest.netpol_forgejo: Refreshing state...
module.admin.kubernetes_namespace_v1.admin: Refreshing state... [id=pal-e-admin]
module.admin.kubernetes_secret_v1.admin_auth: Refreshing state... [id=pal-e-admin/admin-auth]
module.admin.kubernetes_secret_v1.harbor_creds: Refreshing state... [id=pal-e-admin/harbor-creds]
module.admin.kubernetes_service_v1.admin: Refreshing state... [id=pal-e-admin/pal-e-admin]
module.admin.kubernetes_deployment_v1.admin: Refreshing state... [id=pal-e-admin/pal-e-admin]
module.monitoring.helm_release.blackbox_exporter: Refreshing state... [id=blackbox-exporter]
module.monitoring.kubernetes_config_map_v1.pal_e_production_dashboard: Refreshing state... [id=monitoring/pal-e-app-dashboard]
module.monitoring.kubernetes_config_map_v1.mac_agent_dashboard: Refreshing state... [id=monitoring/mac-agent-dashboard]
module.monitoring.kubernetes_config_map_v1.basketball_api_dashboard: Refreshing state... [id=monitoring/basketball-api-dashboard]
module.monitoring.kubernetes_manifest.embedding_alerts: Refreshing state...
module.monitoring.kubernetes_config_map_v1.playme2k_dashboard: Refreshing state... [id=monitoring/playme2k-dashboard]
module.monitoring.kubernetes_deployment_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter]
module.monitoring.kubernetes_manifest.payment_pipeline_alerts: Refreshing state...
module.monitoring.kubernetes_config_map_v1.dora_dashboard: Refreshing state... [id=monitoring/dora-dashboard]
module.monitoring.kubernetes_manifest.embedding_worker_service_monitor: Refreshing state...
module.monitoring.kubernetes_manifest.blackbox_alerts: Refreshing state...
module.monitoring.kubernetes_manifest.gmail_oauth_expiry_alert: Refreshing state...
module.monitoring.kubernetes_manifest.dora_exporter_service_monitor: Refreshing state...
module.monitoring.kubernetes_config_map_v1.grafana_loki_datasource: Refreshing state... [id=monitoring/grafana-loki-datasource]
module.networking.kubernetes_ingress_v1.alertmanager_funnel: Refreshing state... [id=monitoring/alertmanager-funnel]
module.networking.kubernetes_ingress_v1.forgejo_funnel: Refreshing state... [id=forgejo/forgejo-funnel]
module.networking.kubernetes_ingress_v1.grafana_funnel: Refreshing state... [id=monitoring/grafana-funnel]
module.networking.kubernetes_ingress_v1.admin_funnel: Refreshing state... [id=pal-e-admin/admin-funnel]
module.networking.kubernetes_ingress_v1.keycloak_funnel: Refreshing state... [id=keycloak/keycloak-funnel]
module.networking.kubernetes_manifest.tailscale_subnet_router: Refreshing state...
module.storage.kubernetes_namespace_v1.minio: Refreshing state... [id=minio]
module.harbor.kubernetes_namespace_v1.harbor: Refreshing state... [id=harbor]
module.storage.kubernetes_config_map_v1.minio_console_nginx: Refreshing state... [id=minio/minio-console-nginx]
module.harbor.kubernetes_config_map_v1.harbor_portal_css: Refreshing state... [id=harbor/harbor-portal-css]
module.harbor.kubernetes_config_map_v1.harbor_portal_nginx: Refreshing state... [id=harbor/harbor-portal-nginx]
module.harbor.helm_release.harbor: Refreshing state... [id=harbor]
module.storage.kubernetes_service_v1.minio_console_proxy: Refreshing state... [id=minio/minio-console-proxy]
module.networking.kubernetes_ingress_v1.harbor_funnel: Refreshing state... [id=harbor/harbor-funnel]
module.networking.kubernetes_ingress_v1.minio_api_funnel: Refreshing state... [id=minio/minio-api-funnel]
module.harbor.kubernetes_service_v1.harbor_portal_proxy: Refreshing state... [id=harbor/harbor-portal-proxy]
kubernetes_manifest.netpol_harbor: Refreshing state...
module.storage.helm_release.minio: Refreshing state... [id=minio]
kubernetes_manifest.netpol_minio: Refreshing state...
module.networking.kubernetes_ingress_v1.minio_funnel: Refreshing state... [id=minio/minio-funnel]
module.storage.kubernetes_config_map_v1.minio_console_css: Refreshing state... [id=minio/minio-console-css]
module.harbor.null_resource.harbor_oidc: Refreshing state... [id=1799244066782611375]
module.harbor.kubernetes_deployment_v1.harbor_portal_proxy: Refreshing state... [id=harbor/harbor-portal-proxy]
module.storage.minio_iam_user.cnpg: Refreshing state... [id=cnpg]
module.storage.minio_iam_user.tf_backup: Refreshing state... [id=tf-backup]
module.storage.minio_s3_bucket.assets: Refreshing state... [id=assets]
module.storage.minio_iam_policy.cnpg_wal: Refreshing state... [id=cnpg-wal]
module.storage.minio_s3_bucket.tf_state_backups: Refreshing state... [id=tf-state-backups]
module.storage.minio_s3_bucket.postgres_wal: Refreshing state... [id=postgres-wal]
module.storage.minio_iam_policy.tf_backup: Refreshing state... [id=tf-backup]
module.storage.minio_iam_user_policy_attachment.cnpg: Refreshing state... [id=cnpg-20260302210642491000000001]
module.storage.minio_iam_user_policy_attachment.tf_backup: Refreshing state... [id=tf-backup-20260314163610110100000001]
module.storage.minio_s3_bucket_policy.assets_public_read: Refreshing state... [id=assets]
module.database.kubernetes_secret_v1.cnpg_s3_creds: Refreshing state... [id=postgres/cnpg-s3-creds]
module.storage.kubernetes_deployment_v1.minio_console_proxy: Refreshing state... [id=minio/minio-console-proxy]
module.database.kubernetes_cron_job_v1.cnpg_backup_verify: Refreshing state... [id=postgres/cnpg-backup-verify]
module.ops.data.kubernetes_namespace_v1.tofu_state: Reading...
module.ops.kubernetes_namespace_v1.ollama: Refreshing state... [id=ollama]
module.ops.kubernetes_service_v1.embedding_worker_metrics: Refreshing state... [id=pal-e-app/embedding-worker-metrics]
module.ops.data.kubernetes_namespace_v1.tofu_state: Read complete after 0s [id=tofu-state]
module.ops.helm_release.nvidia_device_plugin: Refreshing state... [id=nvidia-device-plugin]
module.ops.kubernetes_secret_v1.tf_backup_s3_creds: Refreshing state... [id=tofu-state/tf-backup-s3-creds]
module.ops.kubernetes_service_account_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup]
module.ops.kubernetes_role_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup]
module.ci.kubernetes_namespace_v1.woodpecker: Refreshing state... [id=woodpecker]
module.ci.kubernetes_secret_v1.woodpecker_db_credentials: Refreshing state... [id=woodpecker/woodpecker-db-credentials]
module.ci.kubernetes_secret_v1.woodpecker_cnpg_s3_creds: Refreshing state... [id=woodpecker/cnpg-s3-creds]
module.networking.kubernetes_ingress_v1.woodpecker_funnel: Refreshing state... [id=woodpecker/woodpecker-funnel]
kubernetes_manifest.netpol_ollama: Refreshing state...
module.ops.kubernetes_role_binding_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup]
kubernetes_manifest.netpol_woodpecker: Refreshing state...
module.ops.kubernetes_cron_job_v1.tf_state_backup: Refreshing state... [id=tofu-state/tf-state-backup]
module.ci.kubernetes_manifest.woodpecker_postgres: Refreshing state...
module.ops.helm_release.ollama: Refreshing state... [id=ollama]
module.ci.helm_release.woodpecker: Refreshing state... [id=woodpecker]
module.ci.kubernetes_manifest.woodpecker_postgres_scheduled_backup: Refreshing state...
module.ci.kubernetes_manifest.woodpecker_postgres_podmonitor: Refreshing state...

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

OpenTofu will perform the following actions:

  # module.harbor.null_resource.harbor_oidc is tainted, so it must be replaced
-/+ resource "null_resource" "harbor_oidc" {
      ~ id       = "1799244066782611375" -> (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so OpenTofu can't
guarantee to take exactly these actions if you run "tofu apply" now.
## Tofu Plan Output (full) ``` module.networking.tailscale_acl.this: Refreshing state... [id=acl] module.database.data.kubernetes_namespace_v1.pal_e_production: Reading... module.database.data.kubernetes_namespace_v1.westside_admin: Reading... module.database.data.kubernetes_namespace_v1.basketball_api: Reading... module.database.kubernetes_namespace_v1.cnpg_system: Refreshing state... [id=cnpg-system] module.database.kubernetes_namespace_v1.postgres: Refreshing state... [id=postgres] module.keycloak.kubernetes_namespace_v1.keycloak: Refreshing state... [id=keycloak] module.monitoring.kubernetes_namespace_v1.monitoring: Refreshing state... [id=monitoring] module.staging.kubernetes_namespace_v1.staging: Refreshing state... [id=staging] module.database.data.kubernetes_namespace_v1.pal_e_production: Read complete after 0s [id=pal-e-app] module.database.data.kubernetes_namespace_v1.basketball_api: Read complete after 0s [id=basketball-api] module.networking.kubernetes_namespace_v1.tailscale: Refreshing state... [id=tailscale] module.forgejo.kubernetes_namespace_v1.forgejo: Refreshing state... [id=forgejo] module.database.data.kubernetes_namespace_v1.westside_admin: Read complete after 0s [id=westside-admin] module.database.kubernetes_secret_v1.paledocs_db_url: Refreshing state... [id=pal-e-app/paledocs-db-url] module.monitoring.kubernetes_secret_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter] module.monitoring.helm_release.kube_prometheus_stack: Refreshing state... [id=kube-prometheus-stack] module.monitoring.kubernetes_service_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter] module.monitoring.kubernetes_secret_v1.grafana_oidc: Refreshing state... [id=monitoring/grafana-oidc] module.monitoring.helm_release.loki_stack: Refreshing state... [id=loki-stack] module.database.helm_release.cnpg: Refreshing state... [id=cnpg] module.monitoring.kubernetes_config_map_v1.uptime_dashboard: Refreshing state... [id=monitoring/uptime-dashboard] module.database.kubernetes_job_v1.admin_app_user_provision: Refreshing state... [id=basketball-api/admin-app-user-provision-c5662180] module.keycloak.kubernetes_service_v1.keycloak: Refreshing state... [id=keycloak/keycloak] module.keycloak.kubernetes_config_map_v1.keycloak_westside_theme: Refreshing state... [id=keycloak/keycloak-westside-theme] module.keycloak.kubernetes_secret_v1.keycloak_admin: Refreshing state... [id=keycloak/keycloak-admin] module.keycloak.kubernetes_persistent_volume_claim_v1.keycloak_data: Refreshing state... [id=keycloak/keycloak-data] module.forgejo.kubernetes_secret_v1.forgejo_oidc: Refreshing state... [id=forgejo/forgejo-oidc] module.forgejo.kubernetes_config_map_v1.forgejo_custom_css: Refreshing state... [id=forgejo/forgejo-custom-css] module.networking.helm_release.tailscale_operator: Refreshing state... [id=tailscale-operator] kubernetes_manifest.netpol_basketball_api: Refreshing state... kubernetes_manifest.netpol_monitoring: Refreshing state... kubernetes_manifest.netpol_cnpg_system: Refreshing state... kubernetes_manifest.netpol_staging: Refreshing state... kubernetes_manifest.netpol_postgres: Refreshing state... kubernetes_manifest.netpol_keycloak: Refreshing state... module.database.kubernetes_secret_v1.admin_app_db_url: Refreshing state... [id=basketball-api/admin-app-db-url] module.database.kubernetes_secret_v1.admin_app_db_url_westside_admin: Refreshing state... [id=westside-admin/admin-app-db-url] module.keycloak.kubernetes_deployment_v1.keycloak: Refreshing state... [id=keycloak/keycloak] module.forgejo.helm_release.forgejo: Refreshing state... [id=forgejo] kubernetes_manifest.netpol_forgejo: Refreshing state... module.admin.kubernetes_namespace_v1.admin: Refreshing state... [id=pal-e-admin] module.admin.kubernetes_secret_v1.admin_auth: Refreshing state... [id=pal-e-admin/admin-auth] module.admin.kubernetes_secret_v1.harbor_creds: Refreshing state... [id=pal-e-admin/harbor-creds] module.admin.kubernetes_service_v1.admin: Refreshing state... [id=pal-e-admin/pal-e-admin] module.admin.kubernetes_deployment_v1.admin: Refreshing state... [id=pal-e-admin/pal-e-admin] module.monitoring.helm_release.blackbox_exporter: Refreshing state... [id=blackbox-exporter] module.monitoring.kubernetes_config_map_v1.pal_e_production_dashboard: Refreshing state... [id=monitoring/pal-e-app-dashboard] module.monitoring.kubernetes_config_map_v1.mac_agent_dashboard: Refreshing state... [id=monitoring/mac-agent-dashboard] module.monitoring.kubernetes_config_map_v1.basketball_api_dashboard: Refreshing state... [id=monitoring/basketball-api-dashboard] module.monitoring.kubernetes_manifest.embedding_alerts: Refreshing state... module.monitoring.kubernetes_config_map_v1.playme2k_dashboard: Refreshing state... [id=monitoring/playme2k-dashboard] module.monitoring.kubernetes_deployment_v1.dora_exporter: Refreshing state... [id=monitoring/dora-exporter] module.monitoring.kubernetes_manifest.payment_pipeline_alerts: Refreshing state... module.monitoring.kubernetes_config_map_v1.dora_dashboard: Refreshing state... [id=monitoring/dora-dashboard] module.monitoring.kubernetes_manifest.embedding_worker_service_monitor: Refreshing state... module.monitoring.kubernetes_manifest.blackbox_alerts: Refreshing state... module.monitoring.kubernetes_manifest.gmail_oauth_expiry_alert: Refreshing state... module.monitoring.kubernetes_manifest.dora_exporter_service_monitor: Refreshing state... module.monitoring.kubernetes_config_map_v1.grafana_loki_datasource: Refreshing state... [id=monitoring/grafana-loki-datasource] module.networking.kubernetes_ingress_v1.alertmanager_funnel: Refreshing state... [id=monitoring/alertmanager-funnel] module.networking.kubernetes_ingress_v1.forgejo_funnel: Refreshing state... [id=forgejo/forgejo-funnel] module.networking.kubernetes_ingress_v1.grafana_funnel: Refreshing state... [id=monitoring/grafana-funnel] module.networking.kubernetes_ingress_v1.admin_funnel: Refreshing state... [id=pal-e-admin/admin-funnel] module.networking.kubernetes_ingress_v1.keycloak_funnel: Refreshing state... [id=keycloak/keycloak-funnel] module.networking.kubernetes_manifest.tailscale_subnet_router: Refreshing state... module.storage.kubernetes_namespace_v1.minio: Refreshing state... [id=minio] module.harbor.kubernetes_namespace_v1.harbor: Refreshing state... [id=harbor] module.storage.kubernetes_config_map_v1.minio_console_nginx: Refreshing state... [id=minio/minio-console-nginx] module.harbor.kubernetes_config_map_v1.harbor_portal_css: Refreshing state... [id=harbor/harbor-portal-css] module.harbor.kubernetes_config_map_v1.harbor_portal_nginx: Refreshing state... [id=harbor/harbor-portal-nginx] module.harbor.helm_release.harbor: Refreshing state... [id=harbor] module.storage.kubernetes_service_v1.minio_console_proxy: Refreshing state... [id=minio/minio-console-proxy] module.networking.kubernetes_ingress_v1.harbor_funnel: Refreshing state... [id=harbor/harbor-funnel] module.networking.kubernetes_ingress_v1.minio_api_funnel: Refreshing state... [id=minio/minio-api-funnel] module.harbor.kubernetes_service_v1.harbor_portal_proxy: Refreshing state... [id=harbor/harbor-portal-proxy] kubernetes_manifest.netpol_harbor: Refreshing state... module.storage.helm_release.minio: Refreshing state... [id=minio] kubernetes_manifest.netpol_minio: Refreshing state... module.networking.kubernetes_ingress_v1.minio_funnel: Refreshing state... [id=minio/minio-funnel] module.storage.kubernetes_config_map_v1.minio_console_css: Refreshing state... [id=minio/minio-console-css] module.harbor.null_resource.harbor_oidc: Refreshing state... [id=1799244066782611375] module.harbor.kubernetes_deployment_v1.harbor_portal_proxy: Refreshing state... [id=harbor/harbor-portal-proxy] module.storage.minio_iam_user.cnpg: Refreshing state... [id=cnpg] module.storage.minio_iam_user.tf_backup: Refreshing state... [id=tf-backup] module.storage.minio_s3_bucket.assets: Refreshing state... [id=assets] module.storage.minio_iam_policy.cnpg_wal: Refreshing state... [id=cnpg-wal] module.storage.minio_s3_bucket.tf_state_backups: Refreshing state... [id=tf-state-backups] module.storage.minio_s3_bucket.postgres_wal: Refreshing state... [id=postgres-wal] module.storage.minio_iam_policy.tf_backup: Refreshing state... [id=tf-backup] module.storage.minio_iam_user_policy_attachment.cnpg: Refreshing state... [id=cnpg-20260302210642491000000001] module.storage.minio_iam_user_policy_attachment.tf_backup: Refreshing state... [id=tf-backup-20260314163610110100000001] module.storage.minio_s3_bucket_policy.assets_public_read: Refreshing state... [id=assets] module.database.kubernetes_secret_v1.cnpg_s3_creds: Refreshing state... [id=postgres/cnpg-s3-creds] module.storage.kubernetes_deployment_v1.minio_console_proxy: Refreshing state... [id=minio/minio-console-proxy] module.database.kubernetes_cron_job_v1.cnpg_backup_verify: Refreshing state... [id=postgres/cnpg-backup-verify] module.ops.data.kubernetes_namespace_v1.tofu_state: Reading... module.ops.kubernetes_namespace_v1.ollama: Refreshing state... [id=ollama] module.ops.kubernetes_service_v1.embedding_worker_metrics: Refreshing state... [id=pal-e-app/embedding-worker-metrics] module.ops.data.kubernetes_namespace_v1.tofu_state: Read complete after 0s [id=tofu-state] module.ops.helm_release.nvidia_device_plugin: Refreshing state... [id=nvidia-device-plugin] module.ops.kubernetes_secret_v1.tf_backup_s3_creds: Refreshing state... [id=tofu-state/tf-backup-s3-creds] module.ops.kubernetes_service_account_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup] module.ops.kubernetes_role_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup] module.ci.kubernetes_namespace_v1.woodpecker: Refreshing state... [id=woodpecker] module.ci.kubernetes_secret_v1.woodpecker_db_credentials: Refreshing state... [id=woodpecker/woodpecker-db-credentials] module.ci.kubernetes_secret_v1.woodpecker_cnpg_s3_creds: Refreshing state... [id=woodpecker/cnpg-s3-creds] module.networking.kubernetes_ingress_v1.woodpecker_funnel: Refreshing state... [id=woodpecker/woodpecker-funnel] kubernetes_manifest.netpol_ollama: Refreshing state... module.ops.kubernetes_role_binding_v1.tf_backup: Refreshing state... [id=tofu-state/tf-state-backup] kubernetes_manifest.netpol_woodpecker: Refreshing state... module.ops.kubernetes_cron_job_v1.tf_state_backup: Refreshing state... [id=tofu-state/tf-state-backup] module.ci.kubernetes_manifest.woodpecker_postgres: Refreshing state... module.ops.helm_release.ollama: Refreshing state... [id=ollama] module.ci.helm_release.woodpecker: Refreshing state... [id=woodpecker] module.ci.kubernetes_manifest.woodpecker_postgres_scheduled_backup: Refreshing state... module.ci.kubernetes_manifest.woodpecker_postgres_podmonitor: Refreshing state... OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: -/+ destroy and then create replacement OpenTofu will perform the following actions: # module.harbor.null_resource.harbor_oidc is tainted, so it must be replaced -/+ resource "null_resource" "harbor_oidc" { ~ id = "1799244066782611375" -> (known after apply) # (1 unchanged attribute hidden) } Plan: 1 to add, 0 to change, 1 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so OpenTofu can't guarantee to take exactly these actions if you run "tofu apply" now. ```
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
40ba5ce805
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
8fcc38139a
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
d7e5921a62
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
77739ddb8c
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
578aaa0cb3
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
5abb4227a4
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/pr/terraform Pipeline was successful
Details
ci/woodpecker/push/terraform Pipeline was successful
Details
5cb90202be
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
47fdf63a3b
Merge branch 'main' into netpol-westside-ror
Some checks failed
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline failed
Details
407ef4f19c
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
44e8405cb8
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
74f23677b6
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
0380566467
Merge branch 'main' into netpol-westside-ror
Some checks failed
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline failed
Details
fdfd4adbb8
Merge branch 'main' into netpol-westside-ror
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
6f1f6caa19
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
This pull request can be merged automatically.
The changes on this branch are already on the target branch. This will be an empty commit.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin netpol-westside-ror:netpol-westside-ror
git switch netpol-westside-ror
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform!366
No description provided.