excalidraw: migrate PVC from proxmox-lvm to NFS

Wave 1 of the per-VM SCSI-LUN cap relief. The proxmox-csi-plugin hardcodes a `lun < 30` loop (pkg/csi/utils.go:394) — cap is 29 attachable PVCs per K8s node VM, and k8s-node1 was sitting at 29 with 4 stuck `no free lun found` PVCs queued behind it. Excalidraw stores per-user .excalidraw scene files (no SQLite, no embedded DB) — confirmed safe on NFS. 1.5 MiB of data, 4 active scenes. Migration: - Add nfs_volume module → apply - Scale to 0, rsync helper, swap claim_name → apply - Remove old proxmox-lvm PVC → apply Net: -1 SCSI LUN on k8s-node2. Refs: docs/post-mortems/2026-05-25-immich-anca-elements-io-storm.md (separate concern; this is for the upstream LUN-cap pressure).
2026-05-26 02:33:41 +00:00 · 2026-05-26 02:33:41 +00:00 · 467fa1631d
commit 467fa1631d
parent 16b3969ceb
1 changed files with 9 additions and 28 deletions
--- a/stacks/excalidraw/main.tf
+++ b/stacks/excalidraw/main.tf
@ -27,33 +27,14 @@ module "tls_secret" {
  tls_secret_name = var.tls_secret_name
 }

-resource "kubernetes_persistent_volume_claim" "data_proxmox" {
-  wait_until_bound = false
-  metadata {
-    name      = "excalidraw-data-proxmox"
-    namespace = kubernetes_namespace.excalidraw.metadata[0].name
-    annotations = {
-      "resize.topolvm.io/threshold"     = "10%"
-      "resize.topolvm.io/increase"      = "100%"
-      "resize.topolvm.io/storage_limit" = "5Gi"
-    }
-  }
-  spec {
-    access_modes       = ["ReadWriteOnce"]
-    storage_class_name = "proxmox-lvm"
-    resources {
-      requests = {
-        storage = "1Gi"
-      }
-    }
-  }
-  lifecycle {
-    # The autoresizer expands requests.storage up to storage_limit and
-    # PVCs can't shrink. Without this, every TF apply tries to revert
-    # to the spec value, K8s rejects the shrink, and the PVC ends up
-    # in Terminating-but-in-use limbo.
-    ignore_changes = [spec[0].resources[0].requests]
-  }
+module "nfs_data_host" {
+  source       = "../../modules/kubernetes/nfs_volume"
+  name         = "excalidraw-data-host"
+  namespace    = kubernetes_namespace.excalidraw.metadata[0].name
+  nfs_server   = var.nfs_server
+  nfs_path     = "/srv/nfs/excalidraw"
+  storage      = "1Gi"
+  access_modes = ["ReadWriteOnce"]
 }

 resource "kubernetes_deployment" "excalidraw" {
@ -118,7 +99,7 @@ resource "kubernetes_deployment" "excalidraw" {
        volume {
          name = "data"
          persistent_volume_claim {
-            claim_name = kubernetes_persistent_volume_claim.data_proxmox.metadata[0].name
+            claim_name = module.nfs_data_host.claim_name
          }
        }
      }