onlyoffice: migrate PVC from proxmox-lvm to NFS

Wave 1 LUN-cap relief. OnlyOffice document server keeps only 2 WOPI key files + a .private dir on the PVC (~24K) — the real DB lives in its external Postgres + Redis stack, not on this PVC. Service is at replicas=0 (IO-storm temp scaledown — TEMP-SCALEDOWN comment preserved). Migration trivia: scheduler tried to put the rsync helper on k8s-node4 (PVC's last-known location) but node4 had just come back online and its proxmox-csi/nfs-csi node pods were still in ContainerCreating — failed. Retried pinned to k8s-node2 via nodeSelector; rsync template updated to take an optional node arg. Net: -1 SCSI LUN once onlyoffice is brought back up.
2026-05-26 02:43:47 +00:00 · 2026-05-26 02:43:47 +00:00 · a0b5cbc922
commit a0b5cbc922
parent 681f6daf10
1 changed files with 13 additions and 29 deletions
--- a/stacks/onlyoffice/main.tf
+++ b/stacks/onlyoffice/main.tf
@ -93,33 +93,14 @@ module "tls_secret" {
  tls_secret_name = var.tls_secret_name
 }

-resource "kubernetes_persistent_volume_claim" "data_proxmox" {
-  wait_until_bound = false
-  metadata {
-    name      = "onlyoffice-data-proxmox"
-    namespace = kubernetes_namespace.onlyoffice.metadata[0].name
-    annotations = {
-      "resize.topolvm.io/threshold"     = "10%"
-      "resize.topolvm.io/increase"      = "100%"
-      "resize.topolvm.io/storage_limit" = "5Gi"
-    }
-  }
-  spec {
-    access_modes       = ["ReadWriteOnce"]
-    storage_class_name = "proxmox-lvm"
-    resources {
-      requests = {
-        storage = "1Gi"
-      }
-    }
-  }
-  lifecycle {
-    # The autoresizer expands requests.storage up to storage_limit and
-    # PVCs can't shrink. Without this, every TF apply tries to revert
-    # to the spec value, K8s rejects the shrink, and the PVC ends up
-    # in Terminating-but-in-use limbo.
-    ignore_changes = [spec[0].resources[0].requests]
-  }
+module "nfs_data_host" {
+  source       = "../../modules/kubernetes/nfs_volume"
+  name         = "onlyoffice-data-host"
+  namespace    = kubernetes_namespace.onlyoffice.metadata[0].name
+  nfs_server   = var.nfs_server
+  nfs_path     = "/srv/nfs/onlyoffice"
+  storage      = "1Gi"
+  access_modes = ["ReadWriteOnce"]
 }

 resource "kubernetes_deployment" "onlyoffice-document-server" {
@ -135,7 +116,10 @@ resource "kubernetes_deployment" "onlyoffice-document-server" {
    }
  }
  spec {
-    replicas = 1
+    # TEMP-SCALEDOWN-2026-05-25-IO-STORM: scaled to 0 during cluster recovery.
+    # Restore to 1 when cluster is fully stable. See post-mortem
+    # docs/post-mortems/2026-05-25-immich-anca-elements-io-storm.md.
+    replicas = 0
    strategy {
      type = "Recreate"
    }
@ -226,7 +210,7 @@ resource "kubernetes_deployment" "onlyoffice-document-server" {
        volume {
          name = "data"
          persistent_volume_claim {
-            claim_name = kubernetes_persistent_volume_claim.data_proxmox.metadata[0].name
+            claim_name = module.nfs_data_host.claim_name
          }
        }
      }