Update plan with Step 0.10 and 0.12 implementation details

Step 0.10 (kubeconfig on gilbert):
- Document research on kubectl remote access options
- Choose --apiserver-names + --listen-address approach
- Add references to sources

Step 0.12 (zettelkasten):
- Add instructions to update main blumeops card
- Fix zot port from 5000 to 5050
- Add minikube.md template with remote access docs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

plans/k8s-migration.md

@@ -629,6 +629,36 @@ k9s  # Should show the minikube cluster
 
 The exact approach will be determined during implementation based on what works best with the podman driver.
 
+**Implementation Details:**
+
+Chose **Option 3: Recreate cluster with `--apiserver-names`** after researching alternatives:
+
+1. **SSH tunneling** - Requires keeping a tunnel running or complex on-demand setup
+2. **SOCKS5 proxy with kubeconfig `proxy-url`** - Kubeconfig supports `proxy-url: socks5://localhost:1080` per-context, but still requires managing the proxy
+3. **`--apiserver-names` + `--listen-address`** - Native minikube support, cleanest solution
+
+**Approach:** Recreate the minikube cluster with additional flags:
+```bash
+minikube delete
+minikube start \
+  --driver=podman \
+  --container-runtime=cri-o \
+  --cpus=4 --memory=7800 --disk-size=200g \
+  --apiserver-names=indri \
+  --listen-address=0.0.0.0
+```
+
+- `--apiserver-names=indri` adds "indri" to the API server certificate SAN
+- `--listen-address=0.0.0.0` tells podman to expose the API port on all interfaces
+
+Then configure kubeconfig on gilbert pointing to `https://indri:<port>` with certs copied from indri.
+
+**References:**
+- [minikube start options](https://minikube.sigs.k8s.io/docs/commands/start/)
+- [Using kubectl via SSH Tunnel](https://blog.scottlowe.org/2020/06/16/using-kubectl-via-an-ssh-tunnel/)
+- [SOCKS5 Proxy Access to K8s API](https://kubernetes.ltd/docs/tasks/extend-kubernetes/socks5-proxy-access-api/)
+- [kubectl-tokensshtunnel](https://github.com/jordiprats/kubectl-tokensshtunnel)
+
 ---
 
 ### Step 0.11: Add Minikube to indri-services-check
@@ -663,6 +693,38 @@ mise run indri-services-check
 - `~/code/personal/zk/zot.md`
 - `~/code/personal/zk/minikube.md`
 
+**Files to update:**
+- `~/code/personal/zk/1767747119-YCPO.md` (main blumeops card)
+
+**Updates to main blumeops card:**
+
+1. Add to **Device Tags** table:
+   | `tag:registry` | indri | Container registry access |
+
+2. Add to **Services** table:
+   | **Registry** | https://registry.tail8d86e.ts.net | OCI container registry (Zot) | [[zot]] |
+   | **Kubernetes** | https://indri:<port> | Minikube cluster | [[minikube]] |
+
+3. Add to **Port Map (Indri)** table:
+   | 5050 | Zot | HTTP | localhost | Container registry |
+   | <dynamic> | K8s API | HTTPS | 0.0.0.0 | Minikube API server |
+
+4. Add new section **Remote Kubernetes Access**:
+   ```markdown
+   ## Remote Kubernetes Access (from Gilbert)
+
+   The minikube cluster on indri is accessible from gilbert via direct connection.
+   Cluster was created with `--apiserver-names=indri --listen-address=0.0.0.0`.
+
+   ```bash
+   # Switch to minikube context
+   kubectl config use-context minikube-indri
+
+   # Verify access
+   kubectl get nodes
+   ```
+   ```
+
 **Template for zot.md:**
 ```markdown
 ---
@@ -683,7 +745,7 @@ Zot is an OCI-native container registry running on Indri, providing:
 ## Service Details
 
 - URL: https://registry.tail8d86e.ts.net
-- Local port: 5000
+- Local port: 5050
 - Data directory: ~/zot
 - Config: ~/.config/zot/config.json
 - Managed via: mcquack LaunchAgent
@@ -701,10 +763,10 @@ Zot is an OCI-native container registry running on Indri, providing:
 
 \`\`\`bash
 # List all images
-curl -s http://localhost:5000/v2/_catalog | jq
+curl -s http://localhost:5050/v2/_catalog | jq
 
 # Pull via cache (from indri or k8s)
-podman pull localhost:5000/docker.io/library/nginx:latest
+podman pull localhost:5050/docker.io/library/nginx:latest
 
 # Build and push private image (from gilbert)
 podman build -t registry.tail8d86e.ts.net/blumeops/myapp:v1 .
@@ -723,6 +785,85 @@ tail -f ~/Library/Logs/mcquack.zot.err.log
 - Initial setup for k8s migration Phase 0
 ```
 
+**Template for minikube.md:**
+```markdown
+---
+id: minikube
+aliases:
+  - minikube
+  - kubernetes
+  - k8s
+tags:
+  - blumeops
+---
+
+# Minikube Management Log
+
+Minikube provides a single-node Kubernetes cluster on Indri for running containerized services.
+
+## Cluster Details
+
+- Driver: podman (rootless)
+- Container runtime: CRI-O
+- Kubernetes version: v1.34.0
+- Resources: 4 CPUs, 7800MB RAM, 200GB disk
+- API server: https://indri:<port> (accessible from gilbert via Tailscale)
+
+## Remote Access from Gilbert
+
+Cluster was created with `--apiserver-names=indri --listen-address=0.0.0.0` to allow remote kubectl access.
+
+\`\`\`bash
+# Switch context
+kubectl config use-context minikube-indri
+
+# Verify
+kubectl get nodes
+kubectl get namespaces
+
+# Use k9s
+k9s --context minikube-indri
+\`\`\`
+
+## Useful Commands (on indri)
+
+\`\`\`bash
+# Cluster status
+minikube status
+
+# Start/stop cluster
+minikube start
+minikube stop
+
+# Access dashboard
+minikube dashboard
+
+# SSH into node
+minikube ssh
+
+# View logs
+minikube logs
+\`\`\`
+
+## Podman Machine (prerequisite)
+
+Minikube uses podman as the container runtime. The podman machine must be running:
+
+\`\`\`bash
+# Check podman machine
+podman machine list
+
+# Start if needed
+podman machine start
+\`\`\`
+
+## Log
+
+### [DATE]
+- Initial cluster setup for k8s migration Phase 0
+- Configured for remote access with --apiserver-names=indri
+```
+
 ---
 
 ### Step 0.13: Update Main Playbook