ldraney/pal-e-platform
1
0
Fork 0
Code Issues 91 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Apply pal-e-platform TF drift — 11 resources #372

New issue
Open
opened 2026-05-19 02:18:23 +00:00 by ldraney · 0 comments
ldraney commented 2026-05-19 02:18:23 +00:00
Owner
Copy link

Type

Bug

Lineage

Standalone — discovered during platform drift audit 2026-05-18.

Repo

ldraney/pal-e-platform

What Broke

tofu plan shows 11 drifted resources (5 add, 5 change, 1 destroy). Code and cluster are out of sync.

Create (5): admin_app_user_provision job, admin_app_db_url_westside_admin secret (re-create), paledocs_db_url secret, embedding_worker_metrics service.

Update (5): netpol_postgres NetworkPolicy, woodpecker Helm release, harbor_portal_nginx ConfigMap, harbor_portal_proxy Deployment, minio Helm release (v5.4.0).

Replace (1): harbor_oidc null_resource (tainted, re-runs provisioner).

Repro Steps

  1. cd ~/pal-e-platform/terraform && tofu plan — observe 11 changes
  2. Note the tainted harbor_oidc and Helm value drift on Woodpecker/MinIO

Expected Behavior

tofu plan should show "No changes" when code matches cluster state.

Environment

  • Cluster/namespace: prod / multiple namespaces
  • TF state: ~/pal-e-platform/terraform

Acceptance Criteria

  • Each change reviewed for safety (especially tainted harbor_oidc provisioner)
  • westside_admin DB URL re-create confirmed harmless (project decommissioning)
  • tofu apply succeeds
  • tofu plan shows "No changes" after apply
  • Harbor, Woodpecker, MinIO remain healthy post-apply

Related

  • project-pal-e-platform — platform operations
### Type Bug ### Lineage Standalone — discovered during platform drift audit 2026-05-18. ### Repo `ldraney/pal-e-platform` ### What Broke `tofu plan` shows 11 drifted resources (5 add, 5 change, 1 destroy). Code and cluster are out of sync. **Create (5):** `admin_app_user_provision` job, `admin_app_db_url_westside_admin` secret (re-create), `paledocs_db_url` secret, `embedding_worker_metrics` service. **Update (5):** `netpol_postgres` NetworkPolicy, `woodpecker` Helm release, `harbor_portal_nginx` ConfigMap, `harbor_portal_proxy` Deployment, `minio` Helm release (v5.4.0). **Replace (1):** `harbor_oidc` null_resource (tainted, re-runs provisioner). ### Repro Steps 1. `cd ~/pal-e-platform/terraform && tofu plan` — observe 11 changes 2. Note the tainted `harbor_oidc` and Helm value drift on Woodpecker/MinIO ### Expected Behavior `tofu plan` should show "No changes" when code matches cluster state. ### Environment - Cluster/namespace: prod / multiple namespaces - TF state: ~/pal-e-platform/terraform ### Acceptance Criteria - [ ] Each change reviewed for safety (especially tainted harbor_oidc provisioner) - [ ] westside_admin DB URL re-create confirmed harmless (project decommissioning) - [ ] `tofu apply` succeeds - [ ] `tofu plan` shows "No changes" after apply - [ ] Harbor, Woodpecker, MinIO remain healthy post-apply ### Related - `project-pal-e-platform` — platform operations
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix-gem-bin-path
netpol-westside-ror
fix-woodpecker-multi-pipeline
345-harbor-mobile-css
290-payment-pipeline-observability
spec-board-centric-renderer
284-fix-add-pal-e-docs-namespace-to-postgres
284-add-pal-e-docs-postgres-netpol
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform#372
No description provided.