search

Panfactum / stack

The Panfactum Stack
https://panfactum.com
Other
14 stars 5 forks source link

[question]: kube_pg_cluster recovery plan replacing successful recovery #147

Closed wesbragagt closed 3 weeks ago

wesbragagt commented 3 weeks ago

Prior Search

What is your question?

I've performed a database recovery for my production cluster. During the apply the terragrunt processed timed out and I quit the retry. After about 20 minutes I noticed the recovery was complete and a the database pods were up.

When I attempted to re-apply the database module, I noticed that the plan had several modifications which I'm hesitant to proceed, given that it could terminate my current production db.

@fullykubed Is it safe to apply now that I have two healthy pods running?

Plan:

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

OpenTofu will perform the following actions:

  # module.database.kubectl_manifest.scheduled_backup will be created
  + resource "kubectl_manifest" "scheduled_backup" {
      + api_version             = "postgresql.cnpg.io/v1"
      + apply_only              = false
      + field_manager           = "kubectl"
      + force_conflicts         = true
      + force_new               = false
      + id                      = (known after apply)
      + kind                    = "ScheduledBackup"
      + live_manifest_incluster = (sensitive value)
      + live_uid                = (known after apply)
      + name                    = "pg-88cc-default-c6e28fc35378c6ea"
      + namespace               = "implentio"
      + server_side_apply       = true
      + uid                     = (known after apply)
      + validate_schema         = true
      + wait_for_rollout        = true
      + yaml_body               = (sensitive value)
      + yaml_body_parsed        = <<-EOT
            apiVersion: postgresql.cnpg.io/v1
            kind: ScheduledBackup
            metadata:
              name: pg-88cc-default-c6e28fc35378c6ea
              namespace: implentio
            spec:
              backupOwnerReference: cluster
              cluster:
                name: pg-88cc
              immediate: true
              schedule: 0 0 7 * * *
        EOT
      + yaml_incluster          = (sensitive value)
    }

  # module.database.kubernetes_manifest.postgres_cluster is tainted, so it must be replaced
-/+ resource "kubernetes_manifest" "postgres_cluster" {
      ~ object   = {
          ~ metadata   = {
              ~ annotations                = {
                  - "config.linkerd.io/skip-inbound-ports" = "5432"
                  - "panfactum.com/admin-role"             = "admin-implentio-pg-88cc"
                  - "panfactum.com/db"                     = "true"
                  - "panfactum.com/db-type"                = "PostgreSQL"
                  - "panfactum.com/reader-role"            = "reader-implentio-pg-88cc"
                  - "panfactum.com/service"                = "pg-88cc-pooler-rw.implentio"
                  - "panfactum.com/service-port"           = "5432"
                  - "panfactum.com/superuser-role"         = "superuser-implentio-pg-88cc"
                  - "panfactum.com/vault-mount"            = "db/implentio-pg-88cc"
                } -> (known after apply)
              + creationTimestamp          = (known after apply)
              + deletionGracePeriodSeconds = (known after apply)
              + deletionTimestamp          = (known after apply)
              + finalizers                 = (known after apply)
              + generateName               = (known after apply)
              + generation                 = (known after apply)
              ~ labels                     = {
                  - id                                        = "pg-pg-88cc-295bc33c00cc195b"
                  - "panfactum.com/environment"               = "production"
                  - "panfactum.com/local"                     = "false"
                  - "panfactum.com/module"                    = "kube_pg_cluster"
                  - "panfactum.com/prevent-lifetime-eviction" = "true"
                  - "panfactum.com/region"                    = "us-west-2"
                  - "panfactum.com/root-module"               = "implentio_db"
                  - "panfactum.com/scheduler"                 = "true"
                  - "panfactum.com/stack-commit"              = "c61f7564067d148447fb8cfb1c8d8e2b5a91de4d"
                  - "panfactum.com/stack-version"             = "edge.24-09-04"
                  - "panfactum.com/workload"                  = "pg-pg-88cc"
                } -> (known after apply)
              + managedFields              = (known after apply)
                name                       = "pg-88cc"
              + ownerReferences            = (known after apply)
              + resourceVersion            = (known after apply)
              + selfLink                   = (known after apply)
              + uid                        = (known after apply)
                # (1 unchanged attribute hidden)
            }
          ~ spec       = {
              ~ affinity                  = {
                  ~ additionalPodAffinity     = {
                      + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
                      + requiredDuringSchedulingIgnoredDuringExecution  = (known after apply)
                    }
                  ~ additionalPodAntiAffinity = {
                      + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
                      + requiredDuringSchedulingIgnoredDuringExecution  = (known after apply)
                    }
                  ~ nodeAffinity              = {
                      + preferredDuringSchedulingIgnoredDuringExecution = (known after apply)
                      ~ requiredDuringSchedulingIgnoredDuringExecution  = {
                          + nodeSelectorTerms = (known after apply)
                        }
                    }
                  + nodeSelector              = (known after apply)
                  ~ tolerations               = [
                      ~ {
                          + tolerationSeconds = (known after apply)
                            # (4 unchanged attributes hidden)
                        },
                      ~ {
                          + tolerationSeconds = (known after apply)
                            # (4 unchanged attributes hidden)
                        },
                      ~ {
                          + tolerationSeconds = (known after apply)
                            # (4 unchanged attributes hidden)
                        },
                    ]
                    # (3 unchanged attributes hidden)
                }
              ~ backup                    = {
                  ~ barmanObjectStore = {
                      ~ azureCredentials  = {
                          ~ connectionString   = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          + inheritFromAzureAD = (known after apply)
                          ~ storageAccount     = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          ~ storageKey         = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          ~ storageSasToken    = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                        }
                      ~ data              = {
                          + additionalCommandArgs = (known after apply)
                          + encryption            = (known after apply)
                          + immediateCheckpoint   = (known after apply)
                            # (2 unchanged attributes hidden)
                        }
                      ~ endpointCA        = {
                          + key  = (known after apply)
                          + name = (known after apply)
                        }
                      + endpointURL       = (known after apply)
                      ~ googleCredentials = {
                          ~ applicationCredentials = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          + gkeEnvironment         = (known after apply)
                        }
                      + historyTags       = (known after apply)
                      ~ s3Credentials     = {
                          ~ accessKeyId        = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          ~ region             = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          ~ secretAccessKey    = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          ~ sessionToken       = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                            # (1 unchanged attribute hidden)
                        }
                      + tags              = (known after apply)
                      ~ wal               = {
                          + encryption  = (known after apply)
                            # (2 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  ~ volumeSnapshot    = {
                      + annotations            = (known after apply)
                      + labels                 = (known after apply)
                      + tablespaceClassName    = (known after apply)
                      + walClassName           = (known after apply)
                        # (4 unchanged attributes hidden)
                    }
                    # (2 unchanged attributes hidden)
                }
              ~ bootstrap                 = {
                  ~ initdb        = {
                      + dataChecksums              = (known after apply)
                      + database                   = (known after apply)
                      + encoding                   = (known after apply)
                      ~ import                     = {
                          + databases                = (known after apply)
                          + postImportApplicationSQL = (known after apply)
                          + roles                    = (known after apply)
                          + schemaOnly               = (known after apply)
                          ~ source                   = {
                              + externalCluster = (known after apply)
                            }
                          + type                     = (known after apply)
                        }
                      + localeCType                = (known after apply)
                      + localeCollate              = (known after apply)
                      + options                    = (known after apply)
                      + owner                      = (known after apply)
                      + postInitApplicationSQL     = (known after apply)
                      ~ postInitApplicationSQLRefs = {
                          + configMapRefs = (known after apply)
                          + secretRefs    = (known after apply)
                        }
                      + postInitSQL                = (known after apply)
                      + postInitTemplateSQL        = (known after apply)
                      ~ secret                     = {
                          + name = (known after apply)
                        }
                      + walSegmentSize             = (known after apply)
                    }
                  ~ pg_basebackup = {
                      + database = (known after apply)
                      + owner    = (known after apply)
                      ~ secret   = {
                          + name = (known after apply)
                        }
                      + source   = (known after apply)
                    }
                  ~ recovery      = {
                      ~ backup          = {
                          ~ endpointCA = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          + name       = (known after apply)
                        }
                      ~ database        = "app" -> (known after apply)
                      ~ owner           = "app" -> (known after apply)
                      ~ recoveryTarget  = {
                          + backupID        = (known after apply)
                          + exclusive       = (known after apply)
                          + targetImmediate = (known after apply)
                          + targetLSN       = (known after apply)
                          + targetName      = (known after apply)
                          + targetTLI       = (known after apply)
                          + targetTime      = (known after apply)
                          + targetXID       = (known after apply)
                        }
                      ~ secret          = {
                          + name = (known after apply)
                        }
                      ~ volumeSnapshots = {
                          ~ storage           = {
                              + apiGroup = (known after apply)
                              + kind     = (known after apply)
                              + name     = (known after apply)
                            }
                          + tablespaceStorage = (known after apply)
                          ~ walStorage        = {
                              + apiGroup = (known after apply)
                              + kind     = (known after apply)
                              + name     = (known after apply)
                            }
                        }
                        # (1 unchanged attribute hidden)
                    }
                }
              ~ certificates              = {
                  + serverAltDNSNames    = (known after apply)
                    # (4 unchanged attributes hidden)
                }
              + description               = (known after apply)
              + env                       = (known after apply)
              + envFrom                   = (known after apply)
              ~ ephemeralVolumeSource     = {
                  ~ volumeClaimTemplate = {
                      + metadata = (known after apply)
                      ~ spec     = {
                          + accessModes               = (known after apply)
                          ~ dataSource                = {
                              + apiGroup = (known after apply)
                              + kind     = (known after apply)
                              + name     = (known after apply)
                            }
                          ~ dataSourceRef             = {
                              + apiGroup  = (known after apply)
                              + kind      = (known after apply)
                              + name      = (known after apply)
                              + namespace = (known after apply)
                            }
                          ~ resources                 = {
                              + limits   = (known after apply)
                              + requests = (known after apply)
                            }
                          ~ selector                  = {
                              + matchExpressions = (known after apply)
                              + matchLabels      = (known after apply)
                            }
                          + storageClassName          = (known after apply)
                          + volumeAttributesClassName = (known after apply)
                          + volumeMode                = (known after apply)
                          + volumeName                = (known after apply)
                        }
                    }
                }
              ~ ephemeralVolumesSizeLimit = {
                  + shm           = (known after apply)
                  + temporaryData = (known after apply)
                }
              ~ externalClusters          = [
                  ~ {
                      ~ barmanObjectStore    = {
                          ~ azureCredentials  = {
                              ~ connectionString   = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              + inheritFromAzureAD = (known after apply)
                              ~ storageAccount     = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              ~ storageKey         = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              ~ storageSasToken    = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                            }
                          ~ data              = {
                              + additionalCommandArgs = (known after apply)
                              + compression           = (known after apply)
                              + encryption            = (known after apply)
                              + immediateCheckpoint   = (known after apply)
                              + jobs                  = (known after apply)
                            }
                          ~ endpointCA        = {
                              + key  = (known after apply)
                              + name = (known after apply)
                            }
                          + endpointURL       = (known after apply)
                          ~ googleCredentials = {
                              ~ applicationCredentials = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              + gkeEnvironment         = (known after apply)
                            }
                          + historyTags       = (known after apply)
                          ~ s3Credentials     = {
                              ~ accessKeyId        = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              ~ region             = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              ~ secretAccessKey    = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                              ~ sessionToken       = {
                                  + key  = (known after apply)
                                  + name = (known after apply)
                                }
                                # (1 unchanged attribute hidden)
                            }
                          + tags              = (known after apply)
                          ~ wal               = {
                              + compression = (known after apply)
                              + encryption  = (known after apply)
                                # (1 unchanged attribute hidden)
                            }
                            # (2 unchanged attributes hidden)
                        }
                      + connectionParameters = (known after apply)
                        name                 = "pg-88cc"
                      ~ password             = {
                          + key      = (known after apply)
                          + name     = (known after apply)
                          + optional = (known after apply)
                        }
                      ~ sslCert              = {
                          + key      = (known after apply)
                          + name     = (known after apply)
                          + optional = (known after apply)
                        }
                      ~ sslKey               = {
                          + key      = (known after apply)
                          + name     = (known after apply)
                          + optional = (known after apply)
                        }
                      ~ sslRootCert          = {
                          + key      = (known after apply)
                          + name     = (known after apply)
                          + optional = (known after apply)
                        }
                    },
                ]
              ~ imageCatalogRef           = {
                  + apiGroup = (known after apply)
                  + kind     = (known after apply)
                  + major    = (known after apply)
                  + name     = (known after apply)
                }
              + imagePullPolicy           = (known after apply)
              + imagePullSecrets          = (known after apply)
              ~ logLevel                  = "info" -> (known after apply)
              ~ managed                   = {
                  + roles = (known after apply)
                }
              ~ maxSyncReplicas           = 0 -> (known after apply)
              ~ monitoring                = {
                  ~ customQueriesConfigMap      = [
                      - {
                          - key  = "queries"
                          - name = "cnpg-default-monitoring"
                        },
                    ] -> (known after apply)
                  + customQueriesSecret         = (known after apply)
                  ~ disableDefaultQueries       = false -> (known after apply)
                  + podMonitorMetricRelabelings = (known after apply)
                  + podMonitorRelabelings       = (known after apply)
                    # (1 unchanged attribute hidden)
                }
              ~ nodeMaintenanceWindow     = {
                  + inProgress = (known after apply)
                  + reusePVC   = (known after apply)
                }
              + plugins                   = (known after apply)
              ~ postgresGID               = 26 -> (known after apply)
              ~ postgresUID               = 26 -> (known after apply)
              ~ postgresql                = {
                  + enableAlterSystem             = (known after apply)
                  ~ ldap                          = {
                      ~ bindAsAuth     = {
                          + prefix = (known after apply)
                          + suffix = (known after apply)
                        }
                      ~ bindSearchAuth = {
                          + baseDN          = (known after apply)
                          + bindDN          = (known after apply)
                          ~ bindPassword    = {
                              + key      = (known after apply)
                              + name     = (known after apply)
                              + optional = (known after apply)
                            }
                          + searchAttribute = (known after apply)
                          + searchFilter    = (known after apply)
                        }
                      + port           = (known after apply)
                      + scheme         = (known after apply)
                      + server         = (known after apply)
                      + tls            = (known after apply)
                    }
                  + pg_hba                        = (known after apply)
                  + pg_ident                      = (known after apply)
                  + promotionTimeout              = (known after apply)
                  + shared_preload_libraries      = (known after apply)
                  ~ syncReplicaElectionConstraint = {
                      ~ enabled                = false -> (known after apply)
                      + nodeLabelsAntiAffinity = (known after apply)
                    }
                    # (1 unchanged attribute hidden)
                }
              ~ projectedVolumeTemplate   = {
                  + defaultMode = (known after apply)
                  + sources     = (known after apply)
                }
              ~ replica                   = {
                  + enabled = (known after apply)
                  + source  = (known after apply)
                }
              ~ replicationSlots          = {
                  ~ highAvailability    = {
                      ~ enabled    = true -> (known after apply)
                      ~ slotPrefix = "_cnpg_" -> (known after apply)
                    }
                  ~ synchronizeReplicas = {
                      ~ enabled         = true -> (known after apply)
                      + excludePatterns = (known after apply)
                    }
                  ~ updateInterval      = 30 -> (known after apply)
                }
              ~ resources                 = {
                  + claims   = (known after apply)
                    # (2 unchanged attributes hidden)
                }
              ~ seccompProfile            = {
                  + localhostProfile = (known after apply)
                  + type             = (known after apply)
                }
              ~ serviceAccountTemplate    = {
                  ~ metadata = {
                      + labels      = (known after apply)
                        # (1 unchanged attribute hidden)
                    }
                }
              ~ storage                   = {
                  ~ pvcTemplate        = {
                      + accessModes               = (known after apply)
                      ~ dataSource                = {
                          + apiGroup = (known after apply)
                          + kind     = (known after apply)
                          + name     = (known after apply)
                        }
                      ~ dataSourceRef             = {
                          + apiGroup  = (known after apply)
                          + kind      = (known after apply)
                          + name      = (known after apply)
                          + namespace = (known after apply)
                        }
                      ~ resources                 = {
                          + limits   = (known after apply)
                            # (1 unchanged attribute hidden)
                        }
                      ~ selector                  = {
                          + matchExpressions = (known after apply)
                          + matchLabels      = (known after apply)
                        }
                      + volumeAttributesClassName = (known after apply)
                      + volumeMode                = (known after apply)
                      + volumeName                = (known after apply)
                        # (1 unchanged attribute hidden)
                    }
                  ~ resizeInUseVolumes = true -> (known after apply)
                  + size               = (known after apply)
                  + storageClass       = (known after apply)
                }
              + tablespaces               = (known after apply)
              ~ topologySpreadConstraints = [
                  ~ {
                      ~ labelSelector      = {
                          + matchExpressions = (known after apply)
                            # (1 unchanged attribute hidden)
                        }
                      + matchLabelKeys     = (known after apply)
                      + minDomains         = (known after apply)
                      + nodeAffinityPolicy = (known after apply)
                      + nodeTaintsPolicy   = (known after apply)
                        # (3 unchanged attributes hidden)
                    },
                ]
              ~ walStorage                = {
                  ~ pvcTemplate        = {
                      + accessModes               = (known after apply)
                      ~ dataSource                = {
                          + apiGroup = (known after apply)
                          + kind     = (known after apply)
                          + name     = (known after apply)
                        }
                      ~ dataSourceRef             = {
                          + apiGroup  = (known after apply)
                          + kind      = (known after apply)
                          + name      = (known after apply)
                          + namespace = (known after apply)
                        }
                      ~ resources                 = {
                          + limits   = (known after apply)
                          + requests = (known after apply)
                        }
                      ~ selector                  = {
                          + matchExpressions = (known after apply)
                          + matchLabels      = (known after apply)
                        }
                      + storageClassName          = (known after apply)
                      + volumeAttributesClassName = (known after apply)
                      + volumeMode                = (known after apply)
                      + volumeName                = (known after apply)
                    }
                  + resizeInUseVolumes = (known after apply)
                  + size               = (known after apply)
                  + storageClass       = (known after apply)
                }
                # (16 unchanged attributes hidden)
            }
            # (2 unchanged attributes hidden)
        }
        # (1 unchanged attribute hidden)

        # (2 unchanged blocks hidden)
    }

Plan: 2 to add, 0 to change, 1 to destroy.

Cluster yaml:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  annotations:
    config.linkerd.io/skip-inbound-ports: "5432"
    panfactum.com/admin-role: admin-implentio-pg-88cc
    panfactum.com/db: "true"
    panfactum.com/db-type: PostgreSQL
    panfactum.com/reader-role: reader-implentio-pg-88cc
    panfactum.com/service: pg-88cc-pooler-rw.implentio
    panfactum.com/service-port: "5432"
    panfactum.com/superuser-role: superuser-implentio-pg-88cc
    panfactum.com/vault-mount: db/implentio-pg-88cc
  creationTimestamp: "2024-09-30T14:30:18Z"
  generation: 1
  labels:
    id: pg-pg-88cc-295bc33c00cc195b
    panfactum.com/environment: production
    panfactum.com/local: "false"
    panfactum.com/module: kube_pg_cluster
    panfactum.com/prevent-lifetime-eviction: "true"
    panfactum.com/region: us-west-2
    panfactum.com/root-module: implentio_db
    panfactum.com/scheduler: "true"
    panfactum.com/stack-commit: c61f7564067d148447fb8cfb1c8d8e2b5a91de4d
    panfactum.com/stack-version: edge.24-09-04
    panfactum.com/workload: pg-pg-88cc
  name: pg-88cc
  namespace: implentio
  resourceVersion: "117294915"
  uid: 7191bf16-0c11-42b6-9852-746d96374a4b
spec:
  affinity:
    enablePodAntiAffinity: true
    podAntiAffinityType: required
    tolerations:
    - effect: NoSchedule
      key: spot
      operator: Equal
      value: "true"
    - effect: NoSchedule
      key: burstable
      operator: Equal
      value: "true"
    - effect: NoSchedule
      key: arm64
      operator: Equal
      value: "true"
    topologyKey: node.kubernetes.io/instance-type
  backup:
    barmanObjectStore:
      data:
        compression: bzip2
        jobs: 8
      destinationPath: s3://implentio-pg-88cc-backup-64c632f1cc08906d/
      s3Credentials:
        inheritFromIAMRole: true
      serverName: c6e28fc35378c6ea
      wal:
        compression: bzip2
        maxParallel: 8
    retentionPolicy: 3d
    target: prefer-standby
    volumeSnapshot:
      className: cnpg
      online: true
      onlineConfiguration:
        immediateCheckpoint: false
        waitForArchive: true
      snapshotOwnerReference: backup
  bootstrap:
    recovery:
      database: app
      owner: app
      source: pg-88cc
  certificates:
    clientCASecret: pg-client-certs-3e15
    replicationTLSSecret: pg-client-certs-3e15
    serverCASecret: pg-server-certs-20d4
    serverTLSSecret: pg-server-certs-20d4
  enablePDB: false
  enableSuperuserAccess: true
  externalClusters:
  - barmanObjectStore:
      destinationPath: s3://implentio-pg-88cc-backup-64c632f1cc08906d/
      s3Credentials:
        inheritFromIAMRole: true
      serverName: 519e0f766a9acd31
      wal:
        maxParallel: 8
    name: pg-88cc
  failoverDelay: 1
  imageName: ghcr.io/cloudnative-pg/postgresql:16.4
  inheritedMetadata:
    annotations:
      config.linkerd.io/skip-inbound-ports: "5432"
      linkerd.io/inject: enabled
      resize.topolvm.io/increase: 10Gi
      resize.topolvm.io/storage_limit: 1000Gi
      resize.topolvm.io/threshold: 35%
    labels:
      id: pg-pg-88cc-295bc33c00cc195b
      panfactum.com/environment: production
      panfactum.com/local: "false"
      panfactum.com/module: kube_pg_cluster
      panfactum.com/prevent-lifetime-eviction: "true"
      panfactum.com/region: us-west-2
      panfactum.com/root-module: implentio_db
      panfactum.com/scheduler: "true"
      panfactum.com/stack-commit: c61f7564067d148447fb8cfb1c8d8e2b5a91de4d
      panfactum.com/stack-version: edge.24-09-04
      panfactum.com/workload: pg-pg-88cc
      pg-cluster: implentio-pg-88cc
  instances: 2
  logLevel: info
  maxSyncReplicas: 0
  minSyncReplicas: 0
  monitoring:
    customQueriesConfigMap:
    - key: queries
      name: cnpg-default-monitoring
    disableDefaultQueries: false
    enablePodMonitor: true
  postgresGID: 26
  postgresUID: 26
  postgresql:
    parameters:
      archive_mode: "on"
      archive_timeout: 5min
      dynamic_shared_memory_type: posix
      effective_cache_size: 8800MB
      jit: "off"
      log_destination: csvlog
      log_directory: /controller/log
      log_filename: postgres
      log_min_duration_statement: "10000"
      log_rotation_age: "0"
      log_rotation_size: "0"
      log_truncate_on_rotation: "false"
      logging_collector: "on"
      maintenance_work_mem: 1600MB
      max_connections: "100"
      max_parallel_workers: "32"
      max_replication_slots: "32"
      max_slot_wal_keep_size: 10GB
      max_worker_processes: "32"
      shared_buffers: 5600MB
      shared_memory_type: mmap
      shared_preload_libraries: ""
      ssl_max_protocol_version: TLSv1.3
      ssl_min_protocol_version: TLSv1.3
      temp_file_limit: "10000000"
      wal_keep_size: 10GB
      wal_level: logical
      wal_log_hints: "on"
      wal_receiver_timeout: 5s
      wal_sender_timeout: 5s
      work_mem: 40MB
    syncReplicaElectionConstraint:
      enabled: false
  primaryUpdateMethod: switchover
  primaryUpdateStrategy: unsupervised
  priorityClassName: workload-important
  replicationSlots:
    highAvailability:
      enabled: true
      slotPrefix: _cnpg_
    synchronizeReplicas:
      enabled: true
    updateInterval: 30
  resources:
    limits:
      memory: 20800Mi
    requests:
      cpu: "4"
      memory: 16000Mi
  schedulerName: panfactum
  serviceAccountTemplate:
    metadata:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::590183845935:role/pg-88cc-20240803003625866900000002
  smartShutdownTimeout: 1
  startDelay: 600
  stopDelay: 31
  storage:
    pvcTemplate:
      resources:
        requests:
          storage: 100Gi
      storageClassName: ebs-standard
    resizeInUseVolumes: true
  superuserSecret:
    name: pg-88cc-superuser-cd3e105a4b75fa63df55f9724a4ba9e6683ec6b3c49728064fb16f1439e982b2
  switchoverDelay: 30
  topologySpreadConstraints:
  - labelSelector:
      matchLabels:
        id: pg-pg-88cc-295bc33c00cc195b
    maxSkew: 1
    topologyKey: topology.kubernetes.io/zone
    whenUnsatisfiable: DoNotSchedule
status:
  availableArchitectures:
  - goArch: amd64
    hash: 94527128605ac5100415106fe26c480531d094b3f36626e562a8135f342b89e4
  - goArch: arm64
    hash: 9b7b08592e917ed3b20bb3ae404ea4c0c958bdee73e5411c452d6c464d77f0b4
  certificates:
    clientCASecret: pg-client-certs-3e15
    expirations:
      pg-client-certs-3e15: 2024-10-12 00:36:26 +0000 UTC
      pg-server-certs-20d4: 2024-10-12 00:36:26 +0000 UTC
    replicationTLSSecret: pg-client-certs-3e15
    serverAltDNSNames:
    - pg-88cc-rw
    - pg-88cc-rw.implentio
    - pg-88cc-rw.implentio.svc
    - pg-88cc-r
    - pg-88cc-r.implentio
    - pg-88cc-r.implentio.svc
    - pg-88cc-ro
    - pg-88cc-ro.implentio
    - pg-88cc-ro.implentio.svc
    serverCASecret: pg-server-certs-20d4
    serverTLSSecret: pg-server-certs-20d4
  cloudNativePGCommitHash: 336ddf53
  cloudNativePGOperatorHash: 9b7b08592e917ed3b20bb3ae404ea4c0c958bdee73e5411c452d6c464d77f0b4
  conditions:
  - lastTransitionTime: "2024-09-30T16:03:09Z"
    message: Cluster is Ready
    reason: ClusterIsReady
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-09-30T16:02:08Z"
    message: Continuous archiving is working
    reason: ContinuousArchivingSuccess
    status: "True"
    type: ContinuousArchiving
  configMapResourceVersion:
    metrics:
      cnpg-default-monitoring: "117181225"
  currentPrimary: pg-88cc-1
  currentPrimaryTimestamp: "2024-09-30T16:02:06.838367Z"
  healthyPVC:
  - pg-88cc-1
  - pg-88cc-2
  image: ghcr.io/cloudnative-pg/postgresql:16.4
  instanceNames:
  - pg-88cc-1
  - pg-88cc-2
  instances: 2
  instancesReportedState:
    pg-88cc-1:
      isPrimary: true
      timeLineID: 92
    pg-88cc-2:
      isPrimary: false
      timeLineID: 92
  instancesStatus:
    healthy:
    - pg-88cc-1
    - pg-88cc-2
  latestGeneratedNode: 2
  managedRolesStatus: {}
  phase: Cluster in healthy state
  poolerIntegrations:
    pgBouncerIntegration: {}
  pvcCount: 2
  readService: pg-88cc-r
  readyInstances: 2
  secretsResourceVersion:
    applicationSecretVersion: "117181205"
    clientCaSecretVersion: "116121594"
    replicationSecretVersion: "116121594"
    serverCaSecretVersion: "116121596"
    serverSecretVersion: "116121596"
    superuserSecretVersion: "110410123"
  switchReplicaClusterStatus: {}
  targetPrimary: pg-88cc-1
  targetPrimaryTimestamp: "2024-09-30T16:02:04.362530Z"
  timelineID: 92
  topology:
    instances:
      pg-88cc-1: {}
      pg-88cc-2: {}
    nodesUsed: 2
    successfullyExtracted: true
  writeService: pg-88cc-rw

What primary components of the stack does this relate to?

terraform

Code of Conduct

fullykubed commented 3 weeks ago

Your resources are being replaced because they are tainted. TF will automatically taint partially applied resources in some circumstances, especially if an apply times out.

If you do not want the resource to be replaced, just run terragrunt untaint <resource_address>.

Read more here: https://opentofu.org/docs/cli/commands/untaint/