storage: migrate priority-pass uploads off proxmox-lvm-encrypted to NFS (Phase 1)
Boarding-pass images, no embedded DB. Drops LUKS-at-rest (low-sensitivity, accepted). 21.8M copied + verified on NFS; pod 2/2 on NFS; frees one proxmox-csi slot. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
06f5c12476
commit
98fe65e345
1 changed files with 11 additions and 26 deletions
|
|
@ -35,31 +35,16 @@ module "tls_secret" {
|
||||||
tls_secret_name = var.tls_secret_name
|
tls_secret_name = var.tls_secret_name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_persistent_volume_claim" "uploads" {
|
# Uploads on NFS. Migrated off proxmox-lvm-encrypted 2026-06-05 (Phase 1) —
|
||||||
wait_until_bound = false
|
# boarding-pass images, no embedded DB; drops LUKS-at-rest (low-sensitivity, accepted).
|
||||||
metadata {
|
# See docs/plans/2026-06-05-block-storage-harden-nfs-design.md
|
||||||
name = "priority-pass-uploads"
|
module "nfs_priority_pass" {
|
||||||
namespace = kubernetes_namespace.priority-pass.metadata[0].name
|
source = "../../modules/kubernetes/nfs_volume"
|
||||||
annotations = {
|
name = "priority-pass-uploads-nfs"
|
||||||
"resize.topolvm.io/threshold" = "10%"
|
namespace = kubernetes_namespace.priority-pass.metadata[0].name
|
||||||
"resize.topolvm.io/increase" = "100%"
|
nfs_server = "192.168.1.127"
|
||||||
"resize.topolvm.io/storage_limit" = "10Gi"
|
nfs_path = "/srv/nfs/priority-pass"
|
||||||
}
|
storage = "10Gi"
|
||||||
}
|
|
||||||
spec {
|
|
||||||
access_modes = ["ReadWriteOnce"]
|
|
||||||
storage_class_name = "proxmox-lvm-encrypted"
|
|
||||||
resources {
|
|
||||||
requests = { storage = "1Gi" }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
lifecycle {
|
|
||||||
# The autoresizer expands requests.storage up to storage_limit and
|
|
||||||
# PVCs can't shrink. Without this, every TF apply tries to revert
|
|
||||||
# to the spec value, K8s rejects the shrink, and the PVC ends up
|
|
||||||
# in Terminating-but-in-use limbo.
|
|
||||||
ignore_changes = [spec[0].resources[0].requests]
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_deployment" "priority-pass" {
|
resource "kubernetes_deployment" "priority-pass" {
|
||||||
|
|
@ -94,7 +79,7 @@ resource "kubernetes_deployment" "priority-pass" {
|
||||||
volume {
|
volume {
|
||||||
name = "uploads"
|
name = "uploads"
|
||||||
persistent_volume_claim {
|
persistent_volume_claim {
|
||||||
claim_name = kubernetes_persistent_volume_claim.uploads.metadata[0].name
|
claim_name = module.nfs_priority_pass.claim_name
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
container {
|
container {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue