From 1fcf911269f9020787ffb4a0f721f7e88359f696 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 10 May 2026 16:22:24 +0000 Subject: [PATCH] authentik/pgbouncer: image_pull_policy IfNotPresent -> Always (match live) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The HCL declared `IfNotPresent` since module creation but the live deployment reconciled to `Always` somewhere along the way (likely a Helm/operator default). Since the image is `:latest`, `Always` is the correct value — `IfNotPresent` would skip pulling updated images on pod restart, defeating the point of the floating tag. Drops the lone remaining drift in the authentik stack so plan-to-zero holds across the whole stack, not just the resources I just adopted. --- stacks/authentik/modules/authentik/pgbouncer.tf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/stacks/authentik/modules/authentik/pgbouncer.tf b/stacks/authentik/modules/authentik/pgbouncer.tf index bea34a4d..9e2e05db 100644 --- a/stacks/authentik/modules/authentik/pgbouncer.tf +++ b/stacks/authentik/modules/authentik/pgbouncer.tf @@ -66,9 +66,13 @@ resource "kubernetes_deployment" "pgbouncer" { } } container { - name = "pgbouncer" - image = "edoburu/pgbouncer:latest" - image_pull_policy = "IfNotPresent" + name = "pgbouncer" + image = "edoburu/pgbouncer:latest" + # `:latest` tag — keep `Always` so pod restarts pick up upstream + # updates. The previous `IfNotPresent` value was declared at module + # creation but the live cluster has reconciled to `Always` (likely + # via a Helm/operator default). Match reality to drop the drift. + image_pull_policy = "Always" port { container_port = 6432