From a7b0b84d081109ac09d4cd5d5297f17a7f9d036b Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Wed, 21 Jan 2026 14:08:05 -0800 Subject: [PATCH] Update P5.1 with network connectivity finding After approving macOS network access GUI prompt, minikube can now reach sifaka. NFS still denied because sifaka exports don't include Docker network (192.168.49.0/24). Updated Option B as viable alternative if sifaka NFS exports are updated. Co-Authored-By: Claude Opus 4.5 --- plans/k8s-migration/P5.1_qemu2_migration.md | 23 +++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/plans/k8s-migration/P5.1_qemu2_migration.md b/plans/k8s-migration/P5.1_qemu2_migration.md index e37b65b..29636d6 100644 --- a/plans/k8s-migration/P5.1_qemu2_migration.md +++ b/plans/k8s-migration/P5.1_qemu2_migration.md @@ -169,7 +169,8 @@ With the docker driver, volume mounts work differently than podman or qemu2. Her - Sifaka NFS exports `/volume1/torrents` to: - `192.168.105.0/24` (old qemu2 VM network - no longer used) - `100.64.0.0/10` (Tailscale CGNAT range) -- Minikube can resolve `sifaka` (192.168.1.203) but can't reach it (100% packet loss due to Docker network isolation) +- Network connectivity: ✅ Works after approving macOS network access GUI prompt +- NFS access: ❌ Denied (sifaka doesn't allow `192.168.49.0/24`) **Option A: hostPath via Docker Desktop File Sharing** ⭐ RECOMMENDED 1. Mount sifaka NFS share on indri macOS: `mount -t nfs sifaka:/volume1/torrents /Volumes/torrents` @@ -201,14 +202,24 @@ ssh indri 'docker run --rm -v /Volumes/torrents:/data alpine ls /data' # type: Directory ``` -**Option B: Update sifaka NFS exports for Docker network** -1. Add `192.168.49.0/24` to sifaka's NFS exports -2. Pods mount NFS directly using kubernetes NFS volume type +**Option B: Update sifaka NFS exports for Docker network** ⭐ ALTERNATIVE +1. In Synology DSM: Control Panel → Shared Folder → torrents → Edit → NFS Permissions +2. Add `192.168.49.0/24` to allowed clients +3. Pods mount NFS directly using kubernetes NFS volume type + +Pros: +- Simpler than Option A (no intermediate macOS mount) +- Direct path, better performance +- Network connectivity confirmed working (after macOS network access approval) Cons: +- Requires sifaka configuration change (one-time) - Docker network might change (though `192.168.49.x` seems stable for minikube) -- Requires sifaka configuration change -- NFS mount from inside container may have permission issues + +Test command (after updating sifaka): +```bash +ssh indri 'minikube ssh "sudo mount -t nfs sifaka:/volume1/torrents /mnt/torrents && ls /mnt/torrents"' +``` **Option C: Tailscale sidecar for NFS access** 1. Pods include a Tailscale sidecar that joins the tailnet