Skip to content

fix: pause WS3-gated resources until the WireGuard server lands#14

Merged
devantler merged 2 commits into
mainfrom
claude/pause-until-ws3
Jul 4, 2026
Merged

fix: pause WS3-gated resources until the WireGuard server lands#14
devantler merged 2 commits into
mainfrom
claude/pause-until-ws3

Conversation

@devantler

Copy link
Copy Markdown
Contributor

🤖 Generated by the Daily AI Assistant

Why

Once platform#2467 makes provider-upjet-unifi reachable (writable /tmp + Cloud Connector), it will reconcile these resources — but they all still carry WS3 placeholders. The admin DNS records would be created pointing at 10.200.0.10 (a VIP that doesn't exist yet), breaking LAN access to the admin UIs, and the WireGuard Client/TrafficRoute would fail on their placeholder peer IP / keys / network-id.

What

Hold every resource with crossplane.io/paused: "true" (one commonAnnotations line). The provider connects and can manage the controller, but touches nothing here until WS3 lands the real values. Unpause = remove the annotation (per-resource as each WS3 dependency lands).

Merge order

Merge this before/with #2467 so the resources are paused before the provider can write. (The provider is currently broken on /tmp, so nothing is at risk until #2467 deploys.)

Every managed resource here still carries WS3 placeholders — the WireGuard
Client's peer endpoint IP + keys, the TrafficRoute's VPN-client network id, and
the admin DNS records' gateway VIP (10.200.0.10, which doesn't exist yet). Once
provider-upjet-unifi becomes reachable (platform#2467: writable /tmp + Cloud
Connector), it would try to reconcile these — failing the Client/TrafficRoute on
their placeholders and, worse, CREATING local DNS records that point the admin
hostnames at a dead VIP, breaking LAN access to those UIs.

Hold every resource with crossplane.io/paused via commonAnnotations so the
provider connects and can manage the controller, but touches nothing here until
WS3 fills the real values. Unpause by removing the annotation (per-resource as
each WS3 dependency lands, or all at once when WS3 is complete).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This change modifies kustomization.yaml to add a commonAnnotations entry setting crossplane.io/paused: "true" for all resources in the kustomization. Accompanying comments explain that the pause is intentional, pending the existence of the platform WireGuard server (WS3), to avoid failures or incorrect local DNS records from placeholder-dependent resources.

Changes

Cohort / File(s) Summary
kustomization.yaml Added commonAnnotations block with crossplane.io/paused: "true" and explanatory comments about the WS3 dependency.

Related issues: None specified.

Related PRs: None specified.

Suggested labels: documentation, kustomize

Suggested reviewers: None specified.


A pause, a wait, a WireGuard yet unborn,
Annotations placed before the dawn,
DNS records held safe from harm,
Crossplane rests, no false alarm,
Till WS3 wakes, the flow reborn.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title accurately summarizes the main change: pausing WS3-gated resources until the WireGuard server is ready.
Description check ✅ Passed The description matches the changeset and explains why the kustomization-wide pause is needed.

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kustomization.yaml`:
- Around line 17-21: The blanket pause annotation is applied through
kustomization-level commonAnnotations, so every resource added to this
kustomization will inherit crossplane.io/paused automatically. Move the pause
handling to the WS3-gated resources themselves or split the kustomization so
only the intended manifests like wireguard-vpn-client and admin-dns receive the
annotation, keeping future resources from being paused unintentionally.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c6229b9b-e452-4181-b69b-3f5f7d424514

📥 Commits

Reviewing files that changed from the base of the PR and between dc6d79b and ffdf242.

📒 Files selected for processing (1)
  • kustomization.yaml
📜 Review details
🔇 Additional comments (1)
kustomization.yaml (1)

7-18: LGTM!

Comment thread kustomization.yaml
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@devantler devantler marked this pull request as ready for review July 4, 2026 19:57
@devantler devantler merged commit baadd69 into main Jul 4, 2026
9 checks passed
@devantler devantler deleted the claude/pause-until-ws3 branch July 4, 2026 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant