P5.1: Migrate minikube from podman to QEMU2 driver (#38)

## Summary - Migrate minikube from podman driver to qemu2 driver for proper NFS/SMB volume mount support - Update ansible minikube role with qemu installation and containerd runtime - Remove podman role dependency from indri.yml - Add synology user creation steps and post-migration zot reconfiguration notes ## Why Phase 6 (Kiwix/Transmission migration) was blocked because the podman driver lacks kernel capabilities for filesystem mounts. QEMU2 creates an actual VM with full mount support. ## Deployment and Testing - [ ] Create k8s-storage user on Synology DSM - [ ] Store credentials in 1Password (synology-k8s-storage) - [ ] Export current k8s state - [ ] Stop and delete podman-based minikube cluster - [ ] Run ansible to create QEMU2 cluster - [ ] Test NFS volume mount with test pod - [ ] Redeploy ArgoCD and all apps - [ ] Verify all services healthy - [ ] Reconfigure zot registry mirrors for containerd (post-migration) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/38
2026-01-21 16:03:37 -08:00 · 2026-01-21 16:03:37 -08:00 · 21848a7919
commit 21848a7919
parent 7b60cca31e
20 changed files with 490 additions and 542 deletions
--- a/mise-tasks/ensure-minikube-indri-kubectl-config
+++ b/mise-tasks/ensure-minikube-indri-kubectl-config
@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#MISE description="Ensure kubectl config for minikube-indri is set up on this workstation"
+
+set -euo pipefail
+
+CONFIG_DIR="$HOME/.kube/minikube-indri"
+CONFIG_FILE="$CONFIG_DIR/config.yml"
+
+echo "Ensuring minikube-indri kubectl config..."
+
+# Create directory if needed
+mkdir -p "$CONFIG_DIR"
+
+# Fetch certificates from indri
+echo "Fetching certificates from indri..."
+CA_CERT=$(ssh indri 'cat ~/.minikube/ca.crt')
+CLIENT_CERT=$(ssh indri 'cat ~/.minikube/profiles/minikube/client.crt')
+CLIENT_KEY=$(ssh indri 'cat ~/.minikube/profiles/minikube/client.key')
+
+# Write certificate files
+echo "$CA_CERT" > "$CONFIG_DIR/ca.crt"
+echo "$CLIENT_CERT" > "$CONFIG_DIR/client.crt"
+echo "$CLIENT_KEY" > "$CONFIG_DIR/client.key"
+chmod 600 "$CONFIG_DIR/client.key"
+
+# Write kubeconfig
+cat > "$CONFIG_FILE" << EOF
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: $CONFIG_DIR/ca.crt
+    server: https://k8s.tail8d86e.ts.net
+  name: minikube-indri
+contexts:
+- context:
+    cluster: minikube-indri
+    user: minikube-indri
+  name: minikube-indri
+current-context: minikube-indri
+users:
+- name: minikube-indri
+  user:
+    client-certificate: $CONFIG_DIR/client.crt
+    client-key: $CONFIG_DIR/client.key
+EOF
+
+echo "Config written to $CONFIG_FILE"
+
+# Warn if KUBECONFIG doesn't include this file
+if [[ -z "${KUBECONFIG:-}" ]] || [[ ":$KUBECONFIG:" != *":$CONFIG_FILE:"* ]]; then
+    echo ""
+    echo "WARNING: KUBECONFIG does not include $CONFIG_FILE"
+    echo "Add this to your shell config:"
+    echo "  export KUBECONFIG=\"\$KUBECONFIG:$CONFIG_FILE\""
+fi
+
+echo ""
+echo "Test with: kubectl --context=minikube-indri get nodes"