eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Update P5.1 with network connectivity finding

Browse source 
After approving macOS network access GUI prompt, minikube can now
reach sifaka. NFS still denied because sifaka exports don't include
Docker network (192.168.49.0/24). Updated Option B as viable alternative
if sifaka NFS exports are updated.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-01-21 14:08:05 -08:00
commit a7b0b84d08
1 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

23
plans/k8s-migration/P5.1_qemu2_migration.md
View file

@ -169,7 +169,8 @@ With the docker driver, volume mounts work differently than podman or qemu2. Her
- Sifaka NFS exports `/volume1/torrents` to: - Sifaka NFS exports `/volume1/torrents` to:
- `192.168.105.0/24` (old qemu2 VM network - no longer used) - `192.168.105.0/24` (old qemu2 VM network - no longer used)
- `100.64.0.0/10` (Tailscale CGNAT range) - `100.64.0.0/10` (Tailscale CGNAT range)
- Minikube can resolve `sifaka` (192.168.1.203) but can't reach it (100% packet loss due to Docker network isolation) - Network connectivity: ✅ Works after approving macOS network access GUI prompt
- NFS access: ❌ Denied (sifaka doesn't allow `192.168.49.0/24`)
**Option A: hostPath via Docker Desktop File Sharing** ⭐ RECOMMENDED **Option A: hostPath via Docker Desktop File Sharing** ⭐ RECOMMENDED
1. Mount sifaka NFS share on indri macOS: `mount -t nfs sifaka:/volume1/torrents /Volumes/torrents` 1. Mount sifaka NFS share on indri macOS: `mount -t nfs sifaka:/volume1/torrents /Volumes/torrents`
@ -201,14 +202,24 @@ ssh indri 'docker run --rm -v /Volumes/torrents:/data alpine ls /data'
# type: Directory # type: Directory
``` ```
**Option B: Update sifaka NFS exports for Docker network** **Option B: Update sifaka NFS exports for Docker network** ⭐ ALTERNATIVE
1. Add `192.168.49.0/24` to sifaka's NFS exports 1. In Synology DSM: Control Panel → Shared Folder → torrents → Edit → NFS Permissions
2. Pods mount NFS directly using kubernetes NFS volume type 2. Add `192.168.49.0/24` to allowed clients
3. Pods mount NFS directly using kubernetes NFS volume type
Pros:
- Simpler than Option A (no intermediate macOS mount)
- Direct path, better performance
- Network connectivity confirmed working (after macOS network access approval)
Cons: Cons:
- Requires sifaka configuration change (one-time)
- Docker network might change (though `192.168.49.x` seems stable for minikube) - Docker network might change (though `192.168.49.x` seems stable for minikube)
- Requires sifaka configuration change
- NFS mount from inside container may have permission issues Test command (after updating sifaka):
```bash
ssh indri 'minikube ssh "sudo mount -t nfs sifaka:/volume1/torrents /mnt/torrents && ls /mnt/torrents"'
```
**Option C: Tailscale sidecar for NFS access** **Option C: Tailscale sidecar for NFS access**
1. Pods include a Tailscale sidecar that joins the tailnet 1. Pods include a Tailscale sidecar that joins the tailnet