ldraney/pal-e-platform
1
0
Fork 0
Code Issues 104 Pull requests 7 Projects Releases Packages Wiki Activity Actions

Remove app-level CNPG resources from platform #17

Merged
forgejo_admin merged 1 commit from 16-remove-app-level-cnpg-resources-from-pla into main 2026-03-02 21:49:23 +00:00
Conversation 0 Commits 1 Files changed 4 -181
forgejo_admin commented 2026-03-02 21:47:58 +00:00
Contributor
Copy link

Summary

  • Remove app-level CNPG resources (cluster, scheduled backup, app credentials) from pal-e-platform
  • Platform should only own the CNPG operator and shared infrastructure
  • App-level Postgres concerns will be managed by pal-e-services

Changes

  • terraform/main.tf -- Removed 4 resource blocks: kubernetes_manifest.cnpg_cluster, kubernetes_manifest.cnpg_scheduled_backup, kubernetes_secret_v1.cnpg_superuser, kubernetes_secret_v1.paledocs_db_credentials
  • terraform/variables.tf -- Removed 3 variables: paledocs_db_username, paledocs_db_password, cnpg_superuser_password
  • terraform/outputs.tf -- Removed 2 outputs: cnpg_cluster_name, postgres_internal_dsn. Kept cnpg_namespace (shared infra)
  • terraform/k3s.tfvars.example -- Removed 2 example values: paledocs_db_password, cnpg_superuser_password

Preserved (shared platform infra):

  • helm_release.cnpg (operator), namespaces, MinIO bucket + CNPG IAM, kubernetes_secret_v1.cnpg_s3_creds, output "cnpg_namespace"

Test Plan

  • tofu fmt -check passes
  • tofu validate passes (Success! The configuration is valid.)
  • No dangling references to removed resources
  • After merge: tofu state rm the 4 removed resources, then tofu plan confirms clean state

Note: Do NOT run tofu plan or tofu state rm until after merge on the main workdir.

Review Checklist

  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive
  • tofu fmt and tofu validate pass

Related Notes

  • plan-2026-02-26-tf-modularize-postgres -- Phase 2b: cleanup platform
  • Forgejo issue: #16
## Summary - Remove app-level CNPG resources (cluster, scheduled backup, app credentials) from pal-e-platform - Platform should only own the CNPG operator and shared infrastructure - App-level Postgres concerns will be managed by pal-e-services ## Changes - `terraform/main.tf` -- Removed 4 resource blocks: `kubernetes_manifest.cnpg_cluster`, `kubernetes_manifest.cnpg_scheduled_backup`, `kubernetes_secret_v1.cnpg_superuser`, `kubernetes_secret_v1.paledocs_db_credentials` - `terraform/variables.tf` -- Removed 3 variables: `paledocs_db_username`, `paledocs_db_password`, `cnpg_superuser_password` - `terraform/outputs.tf` -- Removed 2 outputs: `cnpg_cluster_name`, `postgres_internal_dsn`. Kept `cnpg_namespace` (shared infra) - `terraform/k3s.tfvars.example` -- Removed 2 example values: `paledocs_db_password`, `cnpg_superuser_password` Preserved (shared platform infra): - `helm_release.cnpg` (operator), namespaces, MinIO bucket + CNPG IAM, `kubernetes_secret_v1.cnpg_s3_creds`, `output "cnpg_namespace"` ## Test Plan - [x] `tofu fmt -check` passes - [x] `tofu validate` passes (Success! The configuration is valid.) - [x] No dangling references to removed resources - [ ] After merge: `tofu state rm` the 4 removed resources, then `tofu plan` confirms clean state Note: Do NOT run `tofu plan` or `tofu state rm` until after merge on the main workdir. ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive - [x] `tofu fmt` and `tofu validate` pass ## Related Notes - `plan-2026-02-26-tf-modularize-postgres` -- Phase 2b: cleanup platform - Forgejo issue: #16
Platform should only own the CNPG operator and shared infra. App-level
resources (cluster, scheduled backup, app credentials) belong in
pal-e-services, not pal-e-platform.

Removed from main.tf:
- kubernetes_manifest.cnpg_cluster
- kubernetes_manifest.cnpg_scheduled_backup
- kubernetes_secret_v1.cnpg_superuser
- kubernetes_secret_v1.paledocs_db_credentials

Removed from variables.tf:
- paledocs_db_username, paledocs_db_password, cnpg_superuser_password

Removed from outputs.tf:
- cnpg_cluster_name, postgres_internal_dsn (kept cnpg_namespace)

Removed from k3s.tfvars.example:
- paledocs_db_password, cnpg_superuser_password

Kept (shared platform infra):
- helm_release.cnpg (operator)
- kubernetes_namespace_v1.cnpg_system, kubernetes_namespace_v1.postgres
- minio_s3_bucket.postgres_wal + CNPG IAM resources
- kubernetes_secret_v1.cnpg_s3_creds

Closes #16

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
forgejo_admin deleted branch 16-remove-app-level-cnpg-resources-from-pla 2026-03-02 21:49:23 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform!17
No description provided.