From bf752dffa5f8b7587401a4bc3c8c4c3f5c3203f5 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 10 May 2026 21:57:01 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20pvc-autoresizer=20+=20TF=20drift=20safet?= =?UTF-8?q?y=20=E2=80=94=20bulk=20add=20ignore=5Fchanges?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After fixing the threshold=80% misconfig and seeing two PVCs (prometheus + technitium primary) get stuck Terminating, a 3rd round showed four more PVCs (frigate, hackmd, immich-postgresql, paperless-ngx) in the same state. Same root cause: TF spec'd a smaller storage size than the autoresizer-grown live value, K8s rejected the shrink, TF force-replaced the PVC, and the pvc-protection finalizer held it in Terminating while the pod kept using the underlying volume. Bulk-inject lifecycle.ignore_changes = [spec[0].resources[0].requests] on every kubernetes_persistent_volume_claim block that has resize.topolvm.io/threshold annotations. The pattern was already documented in .claude/CLAUDE.md but ~63 stacks were missing it. Live PVCs are unaffected; this only prevents future TF applies from attempting the destroy+recreate. Co-Authored-By: Claude Opus 4.7 --- stacks/actualbudget/factory/main.tf | 7 +++++++ stacks/affine/main.tf | 7 +++++++ stacks/beads-server/main.tf | 7 +++++++ stacks/broker-sync/main.tf | 7 +++++++ stacks/changedetection/main.tf | 7 +++++++ stacks/chrome-service/main.tf | 7 +++++++ stacks/claude-agent-service/main.tf | 7 +++++++ stacks/dbaas/modules/dbaas/main.tf | 7 +++++++ stacks/diun/main.tf | 7 +++++++ stacks/ebooks/main.tf | 14 +++++++++++++ stacks/excalidraw/main.tf | 7 +++++++ stacks/f1-stream/main.tf | 7 +++++++ stacks/freshrss/main.tf | 14 +++++++++++++ stacks/frigate/main.tf | 7 +++++++ stacks/grampsweb/main.tf | 7 +++++++ stacks/hackmd/main.tf | 7 +++++++ stacks/headscale/modules/headscale/main.tf | 7 +++++++ stacks/health/main.tf | 7 +++++++ stacks/hermes-agent/main.tf | 7 +++++++ stacks/immich/main.tf | 7 +++++++ stacks/insta2spotify/main.tf | 7 +++++++ .../modules/instagram-poster/main.tf | 7 +++++++ stacks/isponsorblocktv/main.tf | 7 +++++++ .../modules/mailserver/roundcubemail.tf | 14 +++++++++++++ stacks/matrix/main.tf | 7 +++++++ stacks/meshcentral/main.tf | 14 +++++++++++++ stacks/n8n/main.tf | 7 +++++++ stacks/navidrome/main.tf | 7 +++++++ stacks/nextcloud/main.tf | 7 +++++++ stacks/novelapp/main.tf | 7 +++++++ stacks/ntfy/main.tf | 7 +++++++ stacks/onlyoffice/main.tf | 7 +++++++ stacks/openclaw/main.tf | 21 +++++++++++++++++++ stacks/paperless-ngx/main.tf | 14 +++++++++++++ stacks/plotting-book/main.tf | 7 +++++++ stacks/postiz/modules/postiz/main.tf | 7 +++++++ stacks/priority-pass/main.tf | 7 +++++++ stacks/privatebin/main.tf | 7 +++++++ stacks/resume/main.tf | 7 +++++++ stacks/rybbit/main.tf | 7 +++++++ stacks/send/main.tf | 7 +++++++ stacks/servarr/aiostreams/main.tf | 7 +++++++ stacks/servarr/listenarr/main.tf | 7 +++++++ stacks/servarr/mam-farming/main.tf | 7 +++++++ stacks/servarr/prowlarr/main.tf | 7 +++++++ stacks/servarr/qbittorrent/main.tf | 7 +++++++ stacks/speedtest/main.tf | 7 +++++++ stacks/stirling-pdf/main.tf | 7 +++++++ stacks/tandoor/main.tf | 7 +++++++ stacks/technitium/modules/technitium/ha.tf | 14 +++++++++++++ stacks/tor-proxy/main.tf | 7 +++++++ .../uptime-kuma/modules/uptime-kuma/main.tf | 7 +++++++ .../vaultwarden/modules/vaultwarden/main.tf | 7 +++++++ stacks/wealthfolio/main.tf | 7 +++++++ stacks/whisper/main.tf | 7 +++++++ 55 files changed, 441 insertions(+) diff --git a/stacks/actualbudget/factory/main.tf b/stacks/actualbudget/factory/main.tf index d8d0f9ac..e0d77f4b 100644 --- a/stacks/actualbudget/factory/main.tf +++ b/stacks/actualbudget/factory/main.tf @@ -58,6 +58,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "actualbudget" { diff --git a/stacks/affine/main.tf b/stacks/affine/main.tf index b9dec0e3..e36bf04a 100644 --- a/stacks/affine/main.tf +++ b/stacks/affine/main.tf @@ -169,6 +169,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "affine" { diff --git a/stacks/beads-server/main.tf b/stacks/beads-server/main.tf index 3c44dcb1..2a5279d4 100644 --- a/stacks/beads-server/main.tf +++ b/stacks/beads-server/main.tf @@ -55,6 +55,13 @@ resource "kubernetes_persistent_volume_claim" "dolt_data" { requests = { storage = "2Gi" } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_config_map" "dolt_init" { diff --git a/stacks/broker-sync/main.tf b/stacks/broker-sync/main.tf index 083ee699..bd614f76 100644 --- a/stacks/broker-sync/main.tf +++ b/stacks/broker-sync/main.tf @@ -73,6 +73,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { requests = { storage = "1Gi" } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } locals { diff --git a/stacks/changedetection/main.tf b/stacks/changedetection/main.tf index 34cb456a..cd211745 100644 --- a/stacks/changedetection/main.tf +++ b/stacks/changedetection/main.tf @@ -82,6 +82,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "changedetection" { diff --git a/stacks/chrome-service/main.tf b/stacks/chrome-service/main.tf index b7319040..d4aac64d 100644 --- a/stacks/chrome-service/main.tf +++ b/stacks/chrome-service/main.tf @@ -88,6 +88,13 @@ resource "kubernetes_persistent_volume_claim" "profile_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # --- NFS backup target --- diff --git a/stacks/claude-agent-service/main.tf b/stacks/claude-agent-service/main.tf index 50a8d01d..a8f8e5af 100644 --- a/stacks/claude-agent-service/main.tf +++ b/stacks/claude-agent-service/main.tf @@ -212,6 +212,13 @@ resource "kubernetes_persistent_volume_claim" "workspace" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # --- Deployment --- diff --git a/stacks/dbaas/modules/dbaas/main.tf b/stacks/dbaas/modules/dbaas/main.tf index 54e29bee..f4537634 100644 --- a/stacks/dbaas/modules/dbaas/main.tf +++ b/stacks/dbaas/modules/dbaas/main.tf @@ -360,6 +360,13 @@ resource "kubernetes_persistent_volume_claim" "pgadmin_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_postgresql_backup_host" { diff --git a/stacks/diun/main.tf b/stacks/diun/main.tf index 8f8c3baa..e05983a3 100644 --- a/stacks/diun/main.tf +++ b/stacks/diun/main.tf @@ -105,6 +105,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "diun" { diff --git a/stacks/ebooks/main.tf b/stacks/ebooks/main.tf index 57d82af0..23810911 100644 --- a/stacks/ebooks/main.tf +++ b/stacks/ebooks/main.tf @@ -164,6 +164,13 @@ resource "kubernetes_persistent_volume_claim" "calibre_config_iscsi" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_calibre_ingest_host" { @@ -219,6 +226,13 @@ resource "kubernetes_persistent_volume_claim" "abs_config_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_audiobookshelf_metadata_host" { diff --git a/stacks/excalidraw/main.tf b/stacks/excalidraw/main.tf index a84e76dd..be5b85c3 100644 --- a/stacks/excalidraw/main.tf +++ b/stacks/excalidraw/main.tf @@ -46,6 +46,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "excalidraw" { diff --git a/stacks/f1-stream/main.tf b/stacks/f1-stream/main.tf index 856b8de8..be954403 100644 --- a/stacks/f1-stream/main.tf +++ b/stacks/f1-stream/main.tf @@ -97,6 +97,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "f1-stream" { diff --git a/stacks/freshrss/main.tf b/stacks/freshrss/main.tf index fb724162..6544f782 100644 --- a/stacks/freshrss/main.tf +++ b/stacks/freshrss/main.tf @@ -81,6 +81,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_persistent_volume_claim" "extensions_proxmox" { @@ -103,6 +110,13 @@ resource "kubernetes_persistent_volume_claim" "extensions_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } diff --git a/stacks/frigate/main.tf b/stacks/frigate/main.tf index b43eb18d..520b0c2a 100644 --- a/stacks/frigate/main.tf +++ b/stacks/frigate/main.tf @@ -47,6 +47,13 @@ resource "kubernetes_persistent_volume_claim" "config_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_media_host" { diff --git a/stacks/grampsweb/main.tf b/stacks/grampsweb/main.tf index c342f1d3..430c136e 100644 --- a/stacks/grampsweb/main.tf +++ b/stacks/grampsweb/main.tf @@ -85,6 +85,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "random_password" "secret_key" { diff --git a/stacks/hackmd/main.tf b/stacks/hackmd/main.tf index 63b64865..ca9c991e 100644 --- a/stacks/hackmd/main.tf +++ b/stacks/hackmd/main.tf @@ -44,6 +44,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "hackmd" { diff --git a/stacks/headscale/modules/headscale/main.tf b/stacks/headscale/modules/headscale/main.tf index b445738e..e27efe98 100644 --- a/stacks/headscale/modules/headscale/main.tf +++ b/stacks/headscale/modules/headscale/main.tf @@ -68,6 +68,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "headscale" { diff --git a/stacks/health/main.tf b/stacks/health/main.tf index 384146b4..517fec04 100644 --- a/stacks/health/main.tf +++ b/stacks/health/main.tf @@ -44,6 +44,13 @@ resource "kubernetes_persistent_volume_claim" "uploads_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "health" { diff --git a/stacks/hermes-agent/main.tf b/stacks/hermes-agent/main.tf index c27d5aaf..7da2df5b 100644 --- a/stacks/hermes-agent/main.tf +++ b/stacks/hermes-agent/main.tf @@ -75,6 +75,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # --- ConfigMaps --- diff --git a/stacks/immich/main.tf b/stacks/immich/main.tf index 36085b58..3389e47c 100644 --- a/stacks/immich/main.tf +++ b/stacks/immich/main.tf @@ -107,6 +107,13 @@ resource "kubernetes_persistent_volume_claim" "immich_postgresql_encrypted" { requests = { storage = "10Gi" } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_ml_cache_host" { diff --git a/stacks/insta2spotify/main.tf b/stacks/insta2spotify/main.tf index c566c183..d4d0175c 100644 --- a/stacks/insta2spotify/main.tf +++ b/stacks/insta2spotify/main.tf @@ -65,6 +65,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "insta2spotify" { diff --git a/stacks/instagram-poster/modules/instagram-poster/main.tf b/stacks/instagram-poster/modules/instagram-poster/main.tf index 1278d576..be51f4a0 100644 --- a/stacks/instagram-poster/modules/instagram-poster/main.tf +++ b/stacks/instagram-poster/modules/instagram-poster/main.tf @@ -201,6 +201,13 @@ resource "kubernetes_persistent_volume_claim" "data" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "instagram_poster" { diff --git a/stacks/isponsorblocktv/main.tf b/stacks/isponsorblocktv/main.tf index c2184a76..ee5bfed4 100644 --- a/stacks/isponsorblocktv/main.tf +++ b/stacks/isponsorblocktv/main.tf @@ -36,6 +36,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # Mute and skip ads for vermont smart tv diff --git a/stacks/mailserver/modules/mailserver/roundcubemail.tf b/stacks/mailserver/modules/mailserver/roundcubemail.tf index 04b2f4b3..d127fc83 100644 --- a/stacks/mailserver/modules/mailserver/roundcubemail.tf +++ b/stacks/mailserver/modules/mailserver/roundcubemail.tf @@ -60,6 +60,13 @@ resource "kubernetes_persistent_volume_claim" "roundcube_html_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_persistent_volume_claim" "roundcube_enigma_encrypted" { @@ -82,6 +89,13 @@ resource "kubernetes_persistent_volume_claim" "roundcube_enigma_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "roundcubemail" { diff --git a/stacks/matrix/main.tf b/stacks/matrix/main.tf index e0029fa9..36d6045b 100644 --- a/stacks/matrix/main.tf +++ b/stacks/matrix/main.tf @@ -80,6 +80,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "matrix" { diff --git a/stacks/meshcentral/main.tf b/stacks/meshcentral/main.tf index 876a2d7f..74f10096 100644 --- a/stacks/meshcentral/main.tf +++ b/stacks/meshcentral/main.tf @@ -45,6 +45,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_persistent_volume_claim" "files_encrypted" { @@ -67,6 +74,13 @@ resource "kubernetes_persistent_volume_claim" "files_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_backups_host" { diff --git a/stacks/n8n/main.tf b/stacks/n8n/main.tf index 50eceb9b..0d5fdcf5 100644 --- a/stacks/n8n/main.tf +++ b/stacks/n8n/main.tf @@ -138,6 +138,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # --- RBAC: Allow n8n to exec into OpenClaw pods for task execution --- diff --git a/stacks/navidrome/main.tf b/stacks/navidrome/main.tf index 16ab8f7f..c49a034c 100644 --- a/stacks/navidrome/main.tf +++ b/stacks/navidrome/main.tf @@ -82,6 +82,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_music" { diff --git a/stacks/nextcloud/main.tf b/stacks/nextcloud/main.tf index d72a190e..7becd3c2 100644 --- a/stacks/nextcloud/main.tf +++ b/stacks/nextcloud/main.tf @@ -208,6 +208,13 @@ resource "kubernetes_persistent_volume_claim" "nextcloud_data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_nextcloud_backup_host" { diff --git a/stacks/novelapp/main.tf b/stacks/novelapp/main.tf index 8f3d0102..779d3c7b 100644 --- a/stacks/novelapp/main.tf +++ b/stacks/novelapp/main.tf @@ -69,6 +69,13 @@ resource "kubernetes_persistent_volume_claim" "novelapp-data" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "novelapp" { diff --git a/stacks/ntfy/main.tf b/stacks/ntfy/main.tf index 8399a39b..c8c5f072 100644 --- a/stacks/ntfy/main.tf +++ b/stacks/ntfy/main.tf @@ -44,6 +44,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "ntfy" { diff --git a/stacks/onlyoffice/main.tf b/stacks/onlyoffice/main.tf index 051e40a9..fbe05593 100644 --- a/stacks/onlyoffice/main.tf +++ b/stacks/onlyoffice/main.tf @@ -112,6 +112,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "onlyoffice-document-server" { diff --git a/stacks/openclaw/main.tf b/stacks/openclaw/main.tf index e944fcad..34442301 100644 --- a/stacks/openclaw/main.tf +++ b/stacks/openclaw/main.tf @@ -302,6 +302,13 @@ resource "kubernetes_persistent_volume_claim" "home_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_workspace_host" { @@ -332,6 +339,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } ## cc-config NFS volume removed — replaced by dotfiles repo clone in init container @@ -1126,6 +1140,13 @@ resource "kubernetes_persistent_volume_claim" "openlobster_data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "random_password" "openlobster_graphql_token" { diff --git a/stacks/paperless-ngx/main.tf b/stacks/paperless-ngx/main.tf index 03b75eab..ffb87255 100644 --- a/stacks/paperless-ngx/main.tf +++ b/stacks/paperless-ngx/main.tf @@ -84,6 +84,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_persistent_volume_claim" "data_encrypted" { @@ -106,6 +113,13 @@ resource "kubernetes_persistent_volume_claim" "data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } diff --git a/stacks/plotting-book/main.tf b/stacks/plotting-book/main.tf index 2f049f20..1f6f2b06 100644 --- a/stacks/plotting-book/main.tf +++ b/stacks/plotting-book/main.tf @@ -69,6 +69,13 @@ resource "kubernetes_persistent_volume_claim" "plotting-book-data" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "plotting-book" { diff --git a/stacks/postiz/modules/postiz/main.tf b/stacks/postiz/modules/postiz/main.tf index 3b0758a7..2dc5525a 100644 --- a/stacks/postiz/modules/postiz/main.tf +++ b/stacks/postiz/modules/postiz/main.tf @@ -57,6 +57,13 @@ resource "kubernetes_persistent_volume_claim" "uploads" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # ExternalSecret: patches the chart-managed `postiz-secrets` Secret with diff --git a/stacks/priority-pass/main.tf b/stacks/priority-pass/main.tf index d7f17ce8..618c77c2 100644 --- a/stacks/priority-pass/main.tf +++ b/stacks/priority-pass/main.tf @@ -52,6 +52,13 @@ resource "kubernetes_persistent_volume_claim" "uploads" { requests = { storage = "1Gi" } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "priority-pass" { diff --git a/stacks/privatebin/main.tf b/stacks/privatebin/main.tf index f4b5116b..be6abd3b 100644 --- a/stacks/privatebin/main.tf +++ b/stacks/privatebin/main.tf @@ -45,6 +45,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "privatebin" { diff --git a/stacks/resume/main.tf b/stacks/resume/main.tf index cf5f1148..848c05b0 100644 --- a/stacks/resume/main.tf +++ b/stacks/resume/main.tf @@ -182,6 +182,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # Reactive Resume app diff --git a/stacks/rybbit/main.tf b/stacks/rybbit/main.tf index 6c62150a..7e9c1791 100644 --- a/stacks/rybbit/main.tf +++ b/stacks/rybbit/main.tf @@ -86,6 +86,13 @@ resource "kubernetes_persistent_volume_claim" "clickhouse_data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_config_map" "clickhouse_memory" { diff --git a/stacks/send/main.tf b/stacks/send/main.tf index 9325e2f5..cd3ef3d0 100644 --- a/stacks/send/main.tf +++ b/stacks/send/main.tf @@ -46,6 +46,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "send" { diff --git a/stacks/servarr/aiostreams/main.tf b/stacks/servarr/aiostreams/main.tf index cf23cf1e..65cbf598 100644 --- a/stacks/servarr/aiostreams/main.tf +++ b/stacks/servarr/aiostreams/main.tf @@ -40,6 +40,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "aiostreams" { diff --git a/stacks/servarr/listenarr/main.tf b/stacks/servarr/listenarr/main.tf index 0e8d2a84..3e538f91 100644 --- a/stacks/servarr/listenarr/main.tf +++ b/stacks/servarr/listenarr/main.tf @@ -23,6 +23,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_downloads_host" { diff --git a/stacks/servarr/mam-farming/main.tf b/stacks/servarr/mam-farming/main.tf index 4e101331..5a8d4821 100644 --- a/stacks/servarr/mam-farming/main.tf +++ b/stacks/servarr/mam-farming/main.tf @@ -41,6 +41,13 @@ resource "kubernetes_persistent_volume_claim" "mam_data" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # --------------------------- Grabber --------------------------------- diff --git a/stacks/servarr/prowlarr/main.tf b/stacks/servarr/prowlarr/main.tf index b12d7331..3115a924 100644 --- a/stacks/servarr/prowlarr/main.tf +++ b/stacks/servarr/prowlarr/main.tf @@ -27,6 +27,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_downloads_host" { diff --git a/stacks/servarr/qbittorrent/main.tf b/stacks/servarr/qbittorrent/main.tf index 598dd180..8aafd8f9 100644 --- a/stacks/servarr/qbittorrent/main.tf +++ b/stacks/servarr/qbittorrent/main.tf @@ -27,6 +27,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } module "nfs_downloads_host" { diff --git a/stacks/speedtest/main.tf b/stacks/speedtest/main.tf index 5c3e7f6d..90e4772f 100644 --- a/stacks/speedtest/main.tf +++ b/stacks/speedtest/main.tf @@ -77,6 +77,13 @@ resource "kubernetes_persistent_volume_claim" "config_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "speedtest" { diff --git a/stacks/stirling-pdf/main.tf b/stacks/stirling-pdf/main.tf index ae8af656..b7c4976e 100644 --- a/stacks/stirling-pdf/main.tf +++ b/stacks/stirling-pdf/main.tf @@ -45,6 +45,13 @@ resource "kubernetes_persistent_volume_claim" "configs_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "stirling-pdf" { diff --git a/stacks/tandoor/main.tf b/stacks/tandoor/main.tf index 77abf9ae..647711f2 100644 --- a/stacks/tandoor/main.tf +++ b/stacks/tandoor/main.tf @@ -78,6 +78,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "tandoor" { diff --git a/stacks/technitium/modules/technitium/ha.tf b/stacks/technitium/modules/technitium/ha.tf index 2311090c..8da1712e 100644 --- a/stacks/technitium/modules/technitium/ha.tf +++ b/stacks/technitium/modules/technitium/ha.tf @@ -26,6 +26,13 @@ resource "kubernetes_persistent_volume_claim" "secondary_config_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } # Primary-only service for zone transfers (AXFR) and API access @@ -214,6 +221,13 @@ resource "kubernetes_persistent_volume_claim" "tertiary_config_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "technitium_tertiary" { diff --git a/stacks/tor-proxy/main.tf b/stacks/tor-proxy/main.tf index b0035d29..d86d80d8 100644 --- a/stacks/tor-proxy/main.tf +++ b/stacks/tor-proxy/main.tf @@ -157,6 +157,13 @@ resource "kubernetes_persistent_volume_claim" "torrserver_data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "torrserver" { diff --git a/stacks/uptime-kuma/modules/uptime-kuma/main.tf b/stacks/uptime-kuma/modules/uptime-kuma/main.tf index 2d4158a6..b3e71e18 100644 --- a/stacks/uptime-kuma/modules/uptime-kuma/main.tf +++ b/stacks/uptime-kuma/modules/uptime-kuma/main.tf @@ -64,6 +64,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "uptime-kuma" { diff --git a/stacks/vaultwarden/modules/vaultwarden/main.tf b/stacks/vaultwarden/modules/vaultwarden/main.tf index 29ca70ae..395586f1 100644 --- a/stacks/vaultwarden/modules/vaultwarden/main.tf +++ b/stacks/vaultwarden/modules/vaultwarden/main.tf @@ -43,6 +43,13 @@ resource "kubernetes_persistent_volume_claim" "vaultwarden_data_encrypted" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "vaultwarden" { diff --git a/stacks/wealthfolio/main.tf b/stacks/wealthfolio/main.tf index a3ac9253..55941d50 100644 --- a/stacks/wealthfolio/main.tf +++ b/stacks/wealthfolio/main.tf @@ -123,6 +123,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "wealthfolio" { diff --git a/stacks/whisper/main.tf b/stacks/whisper/main.tf index 34d49460..b7377924 100644 --- a/stacks/whisper/main.tf +++ b/stacks/whisper/main.tf @@ -44,6 +44,13 @@ resource "kubernetes_persistent_volume_claim" "data_proxmox" { } } } + lifecycle { + # The autoresizer expands requests.storage up to storage_limit and + # PVCs can't shrink. Without this, every TF apply tries to revert + # to the spec value, K8s rejects the shrink, and the PVC ends up + # in Terminating-but-in-use limbo. + ignore_changes = [spec[0].resources[0].requests] + } } resource "kubernetes_deployment" "whisper" {