ADR-0031 — IaC with OpenTofu; the IaC↔GitOps boundary

V1 Freeze (2026-06-12): Deferred. V1 runs local/Compose; no provisioned cloud substrate. Re-opens at P4.

Context

Something must provision the cloud substrate (clusters, networks, buckets, KMS, IAM/OIDC) and bootstrap GitOps. Two questions: which IaC tool, and where IaC stops and GitOps begins — managing the same in-cluster object with both is an anti-pattern (two reconcilers fighting).

Decision

Consequences

Positive

Negative / costs

Alternatives considered

Scaling

State split per env + per layer (network/cluster/data) bounds blast radius; a DR region is just another stack instantiation; pinned module versions tested in nonprod first.