Step 0.10 implementation:
- Recreate minikube with --apiserver-names=indri --listen-address=0.0.0.0
- Add kubectl-credential-1password exec plugin for 1Password integration
- Client certs fetched from 1Password on-demand (no private keys on disk)
- CA cert stored locally (not secret - public key for server verification)
Minikube role updates:
- Add minikube_apiserver_names and minikube_listen_address variables
- Update tasks to include remote access flags
This mirrors the 1Password SSH agent pattern - biometric auth required
for each kubectl command that needs credentials.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Step 0.10 (kubeconfig on gilbert):
- Document research on kubectl remote access options
- Choose --apiserver-names + --listen-address approach
- Add references to sources
Step 0.12 (zettelkasten):
- Add instructions to update main blumeops card
- Fix zot port from 5000 to 5050
- Add minikube.md template with remote access docs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create ansible/roles/minikube for minikube cluster setup
- Use podman driver with cri-o runtime
- Set memory to 7800MB (vs 8192 podman) to account for VM overhead
- Add minikube role to indri playbook
- Update k8s-migration plan with implementation details
Deployed with Kubernetes v1.34.0 and CRI-O 1.24.6.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create ansible/roles/podman for podman machine setup on indri
- Document known reliability issue with podman machine init/start via SSH
(race condition from containers/podman#16945)
- Role attempts init/start but doesn't fail if start hangs
- Workaround: manual init/start on indri if needed
- Update k8s-migration plan with implementation details
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Required for testing zot registry push from workstation.
Podman uses a Linux VM under the hood on macOS.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change zot port from 5000 to 5050 (macOS ControlCenter uses 5000)
- Fix sync config: use destination for namespacing, prefix ** for matching
- Update tailscale_serve to use port 5050
- Add zot role to main playbook
- Document implementation details in plan
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add tag:registry to indri DeviceTags in __main__.py
- Update plan with implementation details noting the tag is
managed via Pulumi, not manually in admin console
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
