P5.1: Migrate minikube from podman to QEMU2 driver #38

Merged

eblume merged 16 commits from feature/p5.1-qemu2-migration into main 2026-01-21 16:03:38 -08:00

Conversation 0 Commits 16 Files changed 20 +490 -542

eblume commented 2026-01-20 21:08:41 -08:00

Owner

Copy link

Summary

• Migrate minikube from podman driver to qemu2 driver for proper NFS/SMB volume mount support
• Update ansible minikube role with qemu installation and containerd runtime
• Remove podman role dependency from indri.yml
• Add synology user creation steps and post-migration zot reconfiguration notes

Why

Phase 6 (Kiwix/Transmission migration) was blocked because the podman driver lacks kernel capabilities for filesystem mounts. QEMU2 creates an actual VM with full mount support.

Deployment and Testing

• Create k8s-storage user on Synology DSM
• Store credentials in 1Password (synology-k8s-storage)
• Export current k8s state
• Stop and delete podman-based minikube cluster
• Run ansible to create QEMU2 cluster
• Test NFS volume mount with test pod
• Redeploy ArgoCD and all apps
• Verify all services healthy
• Reconfigure zot registry mirrors for containerd (post-migration)

🤖 Generated with Claude Code

## Summary - Migrate minikube from podman driver to qemu2 driver for proper NFS/SMB volume mount support - Update ansible minikube role with qemu installation and containerd runtime - Remove podman role dependency from indri.yml - Add synology user creation steps and post-migration zot reconfiguration notes ## Why Phase 6 (Kiwix/Transmission migration) was blocked because the podman driver lacks kernel capabilities for filesystem mounts. QEMU2 creates an actual VM with full mount support. ## Deployment and Testing - [ ] Create k8s-storage user on Synology DSM - [ ] Store credentials in 1Password (synology-k8s-storage) - [ ] Export current k8s state - [ ] Stop and delete podman-based minikube cluster - [ ] Run ansible to create QEMU2 cluster - [ ] Test NFS volume mount with test pod - [ ] Redeploy ArgoCD and all apps - [ ] Verify all services healthy - [ ] Reconfigure zot registry mirrors for containerd (post-migration) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit 2026-01-20 21:08:41 -08:00

P5.1: Update minikube role for QEMU2 driver ... 919f926241

- Change minikube driver from podman to qemu2
- Change container runtime from cri-o to containerd
- Add qemu installation to minikube role
- Remove podman role from indri.yml playbook
- Update handlers for containerd instead of cri-o
- Temporarily disable registry mirror config (needs containerd format)
- Add k8s-storage synology user creation steps to P5.1 doc
- Add post-migration tasks for zot registry mirror reconfiguration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-20 21:20:13 -08:00

Increase minikube resources to 6 CPUs and 12GB RAM ... 0474962e89

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-20 21:41:55 -08:00

Add socket_vmnet for proper qemu2 networking ... 4b2c1a346f

- Install socket_vmnet via homebrew
- Start socket_vmnet service (requires sudo)
- Add --network=socket_vmnet to minikube start

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 08:03:42 -08:00

P5.1: Add VM config to ansible role, mark phase complete ... 26ec02e1be

- Add hosts file entry for registry.tail8d86e.ts.net in VM
- Configure containerd registry mirror to use local zot
- Update P5.1 doc with implementation notes and manual steps
- Mark P5.1 as complete

Manual steps still required after cluster creation:
1. sudo brew services start socket_vmnet (once per reboot)
2. sudo mount -t nfs sifaka:/volume1/torrents /Volumes/torrents-nfs
3. minikube mount /Volumes/torrents-nfs:/mnt/torrents (GUI session)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 08:23:26 -08:00

Add LaunchDaemon/LaunchAgent for persistent NFS and minikube mounts ... 40376b635f

- LaunchDaemon: mounts sifaka:/volume1/torrents to /Volumes/torrents-nfs at boot
- LaunchAgent: runs minikube mount to pass through to /mnt/torrents in VM
- Handlers to load both services when plist files change

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 11:27:09 -08:00

Fix ansible idempotency and document macOS network permission ... b096df4c71

- Check containerd registry config before writing to avoid unnecessary changes
- Fix ansible_env deprecation warnings (use ansible_facts['env'])
- Document macOS network permission popup for minikube mount
- Document passwordless sudo configuration for indri
- Add checks to skip sudo tasks when state already matches

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 2 commits 2026-01-21 13:30:25 -08:00

Update tailscale_serve for qemu2 API server address ... 2c28a3fc54

The k8s API server is now at 192.168.105.2:6443 (inside qemu2 VM)
instead of localhost:44491 (old podman port mapping).

Note: TCP passthrough via tailscale svc:k8s is configured but
connection times out - may need admin console approval or debugging.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

save some work 5724b61fb4

eblume added 3 commits 2026-01-21 14:05:45 -08:00

Add mise task for minikube-indri kubectl config ... 201c90b27e

Creates reusable script that fetches certificates from indri and sets up
kubeconfig at ~/.kube/minikube-indri/config.yml for remote kubectl access.

Part of P5.1 migration to docker driver.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Migrate minikube ansible role from qemu2 to docker driver ... 9fac4439b1

- Change driver from qemu2 to docker
- Remove socket_vmnet and qemu dependencies
- Remove NFS mount and minikube mount LaunchAgent/LaunchDaemon
- Remove old podman zot-mirror.conf
- Update containerd registry mirror config for docker driver
  - Uses host.minikube.internal:5050 to reach zot
  - Configures pull-through cache for docker.io, ghcr.io, quay.io
- Add dynamic tailscale serve configuration for k8s API
  (port is dynamic with docker driver, not fixed at 6443)
- Remove svc:k8s from tailscale_serve defaults (minikube role handles it)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Update P5.1 plan with completion status and P6 storage options ... 75f945385c

- Document completed steps (docker driver working, kubectl access, ansible updated)
- Add detailed analysis of volume mount options for P6
- Recommend hostPath via Docker Desktop file sharing as simplest approach
- Document why direct NFS won't work (Docker network isolation)
- Include sample LaunchDaemon for persistent NFS mount

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 14:08:08 -08:00

Update P5.1 with network connectivity finding ... a7b0b84d08

After approving macOS network access GUI prompt, minikube can now
reach sifaka. NFS still denied because sifaka exports don't include
Docker network (192.168.49.0/24). Updated Option B as viable alternative
if sifaka NFS exports are updated.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 14:25:06 -08:00

Rename ProxyClass from crio-compat to default ... f0a3cbf5ff

The crio-compat name was misleading since we're now using docker driver.
Renamed to 'default' and updated all references.

Fully-qualified image names still used for consistency across runtimes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 14:49:08 -08:00

Update P5.1 plan to complete status ... 70357d247b

- ArgoCD deployed and all apps synced
- Document remaining steps (secrets, post-merge reset)
- Simplified and reorganized documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 15:29:46 -08:00

Add restore from backup instructions to miniflux README ... 181f11265d

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume added 1 commit 2026-01-21 16:00:03 -08:00

Complete P5.1 docker migration, update P6 with NFS solution ... 960395eea4

- Rename P5.1 from qemu2_migration to docker_migration
- Mark P5.1 verification checklist complete
- Document direct NFS volume mount solution (tested and working)
- Update P6 to use NFS instead of SMB CSI
- Unblock P6: ready to implement

Sifaka NFS exports now allow 192.168.1.0/24 (docker via indri NAT)
and 100.64.0.0/10 (Tailscale). No LaunchAgents or minikube mount needed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

eblume merged commit 21848a7919 into main 2026-01-21 16:03:38 -08:00

eblume referenced this pull request from a commit 2026-01-21 16:03:40 -08:00

P5.1: Migrate minikube from podman to QEMU2 driver (#38)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!38

No description provided.