diff --git a/plans/k8s-migration.md b/plans/k8s-migration.md index a48fb62..6671c0e 100644 --- a/plans/k8s-migration.md +++ b/plans/k8s-migration.md @@ -629,6 +629,36 @@ k9s # Should show the minikube cluster The exact approach will be determined during implementation based on what works best with the podman driver. +**Implementation Details:** + +Chose **Option 3: Recreate cluster with `--apiserver-names`** after researching alternatives: + +1. **SSH tunneling** - Requires keeping a tunnel running or complex on-demand setup +2. **SOCKS5 proxy with kubeconfig `proxy-url`** - Kubeconfig supports `proxy-url: socks5://localhost:1080` per-context, but still requires managing the proxy +3. **`--apiserver-names` + `--listen-address`** - Native minikube support, cleanest solution + +**Approach:** Recreate the minikube cluster with additional flags: +```bash +minikube delete +minikube start \ + --driver=podman \ + --container-runtime=cri-o \ + --cpus=4 --memory=7800 --disk-size=200g \ + --apiserver-names=indri \ + --listen-address=0.0.0.0 +``` + +- `--apiserver-names=indri` adds "indri" to the API server certificate SAN +- `--listen-address=0.0.0.0` tells podman to expose the API port on all interfaces + +Then configure kubeconfig on gilbert pointing to `https://indri:` with certs copied from indri. + +**References:** +- [minikube start options](https://minikube.sigs.k8s.io/docs/commands/start/) +- [Using kubectl via SSH Tunnel](https://blog.scottlowe.org/2020/06/16/using-kubectl-via-an-ssh-tunnel/) +- [SOCKS5 Proxy Access to K8s API](https://kubernetes.ltd/docs/tasks/extend-kubernetes/socks5-proxy-access-api/) +- [kubectl-tokensshtunnel](https://github.com/jordiprats/kubectl-tokensshtunnel) + --- ### Step 0.11: Add Minikube to indri-services-check @@ -663,6 +693,38 @@ mise run indri-services-check - `~/code/personal/zk/zot.md` - `~/code/personal/zk/minikube.md` +**Files to update:** +- `~/code/personal/zk/1767747119-YCPO.md` (main blumeops card) + +**Updates to main blumeops card:** + +1. Add to **Device Tags** table: + | `tag:registry` | indri | Container registry access | + +2. Add to **Services** table: + | **Registry** | https://registry.tail8d86e.ts.net | OCI container registry (Zot) | [[zot]] | + | **Kubernetes** | https://indri: | Minikube cluster | [[minikube]] | + +3. Add to **Port Map (Indri)** table: + | 5050 | Zot | HTTP | localhost | Container registry | + | | K8s API | HTTPS | 0.0.0.0 | Minikube API server | + +4. Add new section **Remote Kubernetes Access**: + ```markdown + ## Remote Kubernetes Access (from Gilbert) + + The minikube cluster on indri is accessible from gilbert via direct connection. + Cluster was created with `--apiserver-names=indri --listen-address=0.0.0.0`. + + ```bash + # Switch to minikube context + kubectl config use-context minikube-indri + + # Verify access + kubectl get nodes + ``` + ``` + **Template for zot.md:** ```markdown --- @@ -683,7 +745,7 @@ Zot is an OCI-native container registry running on Indri, providing: ## Service Details - URL: https://registry.tail8d86e.ts.net -- Local port: 5000 +- Local port: 5050 - Data directory: ~/zot - Config: ~/.config/zot/config.json - Managed via: mcquack LaunchAgent @@ -701,10 +763,10 @@ Zot is an OCI-native container registry running on Indri, providing: \`\`\`bash # List all images -curl -s http://localhost:5000/v2/_catalog | jq +curl -s http://localhost:5050/v2/_catalog | jq # Pull via cache (from indri or k8s) -podman pull localhost:5000/docker.io/library/nginx:latest +podman pull localhost:5050/docker.io/library/nginx:latest # Build and push private image (from gilbert) podman build -t registry.tail8d86e.ts.net/blumeops/myapp:v1 . @@ -723,6 +785,85 @@ tail -f ~/Library/Logs/mcquack.zot.err.log - Initial setup for k8s migration Phase 0 ``` +**Template for minikube.md:** +```markdown +--- +id: minikube +aliases: + - minikube + - kubernetes + - k8s +tags: + - blumeops +--- + +# Minikube Management Log + +Minikube provides a single-node Kubernetes cluster on Indri for running containerized services. + +## Cluster Details + +- Driver: podman (rootless) +- Container runtime: CRI-O +- Kubernetes version: v1.34.0 +- Resources: 4 CPUs, 7800MB RAM, 200GB disk +- API server: https://indri: (accessible from gilbert via Tailscale) + +## Remote Access from Gilbert + +Cluster was created with `--apiserver-names=indri --listen-address=0.0.0.0` to allow remote kubectl access. + +\`\`\`bash +# Switch context +kubectl config use-context minikube-indri + +# Verify +kubectl get nodes +kubectl get namespaces + +# Use k9s +k9s --context minikube-indri +\`\`\` + +## Useful Commands (on indri) + +\`\`\`bash +# Cluster status +minikube status + +# Start/stop cluster +minikube start +minikube stop + +# Access dashboard +minikube dashboard + +# SSH into node +minikube ssh + +# View logs +minikube logs +\`\`\` + +## Podman Machine (prerequisite) + +Minikube uses podman as the container runtime. The podman machine must be running: + +\`\`\`bash +# Check podman machine +podman machine list + +# Start if needed +podman machine start +\`\`\` + +## Log + +### [DATE] +- Initial cluster setup for k8s migration Phase 0 +- Configured for remote access with --apiserver-names=indri +``` + --- ### Step 0.13: Update Main Playbook