docs: add clustered deployment guide for shared storage

[DeepDiver1975]

Summary

Adds an admin-manual page describing how to run the ownCloud Docker image across multiple application nodes that share common file storage (e.g. NFS) — on Kubernetes, Docker Swarm, or plain Docker hosts behind a load balancer.

The existing nfs.adoc page only covers the NFS mount/client layer (protocol version, mount options, rsize/wsize, MTU). The parent deployment_recommendations.adoc describes the scale-out scenarios but not the container-image operational specifics that cause problems in a clustered setup. This new sibling page fills that gap.

New page: installation/deployment_recommendations/clustered_shared_storage.adoc, wired into the nav as a sibling of the NFS page.

What it covers

All grounded in the owncloud/base image's startup scripts and config.php:

• Locking / cache / sessions must be backed by a shared Redis — never POSIX/NFS locks or files on the share. OWNCLOUD_REDIS_ENABLED=true auto-wires memcache.locking + memcache.distributed.
• Session footgun: OWNCLOUD_SESSION_SAVE_HANDLER=redis requires a tcp:// OWNCLOUD_SESSION_SAVE_PATH set alongside it — it is not auto-derived from the Redis host.
• Startup chown storm: the image recursively chowns the whole data tree on every boot; use OWNCLOUD_SKIP_CHOWN / OWNCLOUD_SKIP_CHMOD and fix ownership once out of band.
• UID/GID alignment + root_squash considerations for NFS.
• Attribute-cache coherence trade-offs (actimeo/noac), cross-linked to the NFS page.
• Cron on exactly one node — the image starts a cron daemon per container when enabled.
• Upgrades/migrations are uncoordinated across nodes — must be gated to a single node with cluster-wide maintenance mode.
• Config from env vars, plus S3 primary object storage as the scale-out alternative.
• A two-role reference (app replicas vs. single cron/migration node) and a checklist.

Notes for reviewers

• Draft: please sanity-check the Redis session DSN syntax (tcp://redis:6379?auth=...) against the supported phpredis form.
• All nine xref: targets were verified to resolve to existing pages.

🤖 Generated with Claude Code

[DeepDiver1975]

Review Analysis

Reviewed adversarially and re-verified the load-bearing claims against the owncloud/base image source (startup scripts + config.php).

Correctness — verified against the image

• ✅ OWNCLOUD_REDIS_ENABLED=true → memcache.locking + memcache.distributed = \OC\Memcache\Redis (config.php)
• ✅ Startup chown walks the tree every boot, gated by OWNCLOUD_SKIP_CHOWN/SKIP_CHMOD (25-chown.sh)
• ✅ memcache.local defaults to APCu (45-caching.sh)
• ✅ Session defaults files / ${OWNCLOUD_VOLUME_SESSIONS} + redis-session locking params and defaults (80-session.sh)
• ✅ Cron daemon starts per-container under OWNCLOUD_CROND_ENABLED=true (55-cron.sh)
• ✅ Install-or-migrate runs occ upgrade on every boot with no coordination (30-install.sh / usr/bin/owncloud)
• ✅ www-data = UID 33; system:cron matches existing docs usage
• ✅ All internal <<...>> anchors resolve (sessions/config-from-env/object-storage-alternative explicit; file-locking/caching via the repo's global idprefix:''/idseparator:'-' auto-IDs)

Fixed in this PR

• Removed three unused URL attributes (efs-url, filestore-url, azure-files-url)
• Fixed a double space in the apps table cell

Still open before un-drafting

• ⚠️ Confirm the Redis session DSN syntax OWNCLOUD_SESSION_SAVE_PATH=tcp://redis:6379?auth=... against the supported phpredis session.save_path form. This is the one technical claim not verifiable from the image alone.
• The checklist uses * [ ] syntax, which has no precedent elsewhere in this repo. Worth a quick npm run antora-dev-local to confirm it renders as checkboxes rather than literal [ ] (plain bullets are the safe fallback).
• Run npm run linkcheck after a build — xref targets were manually verified, but the external URLs were not.

Conventions / Security

• Matches repo AsciiDoc style (:toc: right, admonitions, xref:, attribute-based URLs); nav entry placed correctly.
• no_root_squash correctly framed as a scoped security trade-off; no secrets committed (placeholders only).