viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin bf752dffa5 fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 
After fixing the threshold=80% misconfig and seeing two PVCs
(prometheus + technitium primary) get stuck Terminating, a 3rd round
showed four more PVCs (frigate, hackmd, immich-postgresql,
paperless-ngx) in the same state. Same root cause: TF spec'd a
smaller storage size than the autoresizer-grown live value, K8s
rejected the shrink, TF force-replaced the PVC, and the
pvc-protection finalizer held it in Terminating while the pod kept
using the underlying volume.

Bulk-inject lifecycle.ignore_changes = [spec[0].resources[0].requests]
on every kubernetes_persistent_volume_claim block that has
resize.topolvm.io/threshold annotations. The pattern was already
documented in .claude/CLAUDE.md but ~63 stacks were missing it.

Live PVCs are unaffected; this only prevents future TF applies from
attempting the destroy+recreate.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-10 21:57:01 +00:00
..
_template ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
actualbudget fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
affine fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
authentik state(dbaas): update encrypted state 2026-05-10 21:00:00 +00:00
beads-server fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
blog ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
broker-sync fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
calico [infra] Partial Calico adoption: namespaces only (Wave 5b) 2026-04-18 22:52:56 +00:00
changedetection fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
chrome-service fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
city-guesser ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
claude-agent-service fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
claude-memory ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
cloudflared cloudflare: disable AI bot edge-block so x402 can issue payment offers 2026-05-10 18:37:29 +00:00
cnpg [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
coturn [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
crowdsec ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
cyberchef ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
dashy ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
dawarich ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
dbaas fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
descheduler [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
diun fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
ebook2audiobook ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
ebooks fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
echo state(dbaas): update encrypted state 2026-05-10 21:00:00 +00:00
excalidraw fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
external-secrets [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
f1-stream fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
fire-planner fire-planner / k8s-portal / insta2spotify: revert auth=public to auth=none 2026-05-10 19:00:11 +00:00
foolery ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
forgejo fix: pvc-autoresizer threshold should be 10%, not 80% 2026-05-10 19:56:16 +00:00
freedify ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
freshrss fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
frigate fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
grampsweb fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
hackmd fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
headscale fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
health fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
hermes-agent fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
homepage ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
immich fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
infra [forgejo] Phases 3+4+5: cutover, decommission, docs sweep 2026-05-07 18:30:02 +00:00
infra-maintenance [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
insta2spotify fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
instagram-poster fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
isponsorblocktv fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
job-hunter grafana: env-var datasources + reloader so Vault rotations stop breaking dashboards 2026-05-09 17:38:38 +00:00
jsoncrack ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
k8s-dashboard ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
k8s-portal fire-planner / k8s-portal / insta2spotify: revert auth=public to auth=none 2026-05-10 19:00:11 +00:00
k8s-version-upgrade k8s-version-upgrade: detection script refresh apt before madison + DRY_RUN_OVERRIDE 2026-05-10 19:33:11 +00:00
kms ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
kured kured(sentinel-gate): fix auth + write-perm so safety checks actually run 2026-05-10 18:16:54 +00:00
kyverno [forgejo] Phases 3+4+5: cutover, decommission, docs sweep 2026-05-07 18:30:02 +00:00
linkwarden ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
llama-cpp infra/llama-cpp: benchmark report + -fa flag fix 2026-05-10 15:03:16 +00:00
local-path [infra] Adopt local-path-provisioner into Terraform (Wave 5c) 2026-04-18 22:39:55 +00:00
mailserver fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
matrix fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
meshcentral fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
metallb [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
metrics-server [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
monitoring fix: HA Sofia REST sensors + PVC drift safety 2026-05-10 21:48:29 +00:00
n8n fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
navidrome fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
netbox ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
networking-toolbox ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
nextcloud fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
nfs-csi [infra] TrueNAS decommission — remove active references from Terraform + configs 2026-04-19 16:57:05 +00:00
nodelocal-dns [dns] NodeLocal DNSCache — deploy DaemonSet to all nodes (WS C) 2026-04-19 15:46:41 +00:00
novelapp fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
ntfy fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
nvidia ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
onlyoffice fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
openclaw fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
osm_routing [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
owntracks Woodpecker CI deploy [CI SKIP] 2026-05-10 18:57:31 +00:00
paperless-ngx fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
payslip-ingest grafana: env-var datasources + reloader so Vault rotations stop breaking dashboards 2026-05-09 17:38:38 +00:00
phpipam ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
platform [infra] Add Cloudflare provider to all stack lock files and generated providers 2026-04-16 16:31:36 +00:00
plotting-book fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
poison-fountain ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
postiz fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
priority-pass fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
privatebin fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
proxmox-csi proxmox-csi: opt SCs into pvc-autoresizer (resize.topolvm.io/enabled=true) 2026-05-10 18:22:25 +00:00
pvc-autoresizer [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
rbac [infra] Migrate Terraform state from local SOPS to PostgreSQL backend 2026-04-16 19:33:12 +00:00
real-estate-crawler ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
redis fix: pvc-autoresizer threshold should be 10%, not 80% 2026-05-10 19:56:16 +00:00
reloader [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
resume fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
reverse-proxy chore: remove decommissioned registry.viktorbarzin.me ingress 2026-05-09 11:03:51 +00:00
rybbit fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
sealed-secrets [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
send fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
servarr fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
shadowsocks [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
speedtest fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
status-page [infra] Establish KYVERNO_LIFECYCLE_V1 drift-suppression convention [ci skip] 2026-04-18 14:15:51 +00:00
stirling-pdf fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
tandoor fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
technitium fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
terminal ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
tor-proxy fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
trading-bot ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
traefik ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
travel_blog ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
tuya-bridge state(dbaas): update encrypted state 2026-05-10 21:00:00 +00:00
uptime-kuma fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
url ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
vault vault: enroll audit-vault-0 in pvc-autoresizer (10Gi limit) 2026-05-10 20:01:06 +00:00
vaultwarden fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
vpa ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
wealthfolio fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
webhook_handler ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
whisper fix: pvc-autoresizer + TF drift safety — bulk add ignore_changes 2026-05-10 21:57:01 +00:00
wireguard [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
woodpecker ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
xray ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
ytdlp ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00