- Rename P5.1 from qemu2_migration to docker_migration
- Mark P5.1 verification checklist complete
- Document direct NFS volume mount solution (tested and working)
- Update P6 to use NFS instead of SMB CSI
- Unblock P6: ready to implement
Sifaka NFS exports now allow 192.168.1.0/24 (docker via indri NAT)
and 100.64.0.0/10 (Tailscale). No LaunchAgents or minikube mount needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- ArgoCD deployed and all apps synced
- Document remaining steps (secrets, post-merge reset)
- Simplified and reorganized documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The crio-compat name was misleading since we're now using docker driver.
Renamed to 'default' and updated all references.
Fully-qualified image names still used for consistency across runtimes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
After approving macOS network access GUI prompt, minikube can now
reach sifaka. NFS still denied because sifaka exports don't include
Docker network (192.168.49.0/24). Updated Option B as viable alternative
if sifaka NFS exports are updated.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document completed steps (docker driver working, kubectl access, ansible updated)
- Add detailed analysis of volume mount options for P6
- Recommend hostPath via Docker Desktop file sharing as simplest approach
- Document why direct NFS won't work (Docker network isolation)
- Include sample LaunchDaemon for persistent NFS mount
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change driver from qemu2 to docker
- Remove socket_vmnet and qemu dependencies
- Remove NFS mount and minikube mount LaunchAgent/LaunchDaemon
- Remove old podman zot-mirror.conf
- Update containerd registry mirror config for docker driver
- Uses host.minikube.internal:5050 to reach zot
- Configures pull-through cache for docker.io, ghcr.io, quay.io
- Add dynamic tailscale serve configuration for k8s API
(port is dynamic with docker driver, not fixed at 6443)
- Remove svc:k8s from tailscale_serve defaults (minikube role handles it)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates reusable script that fetches certificates from indri and sets up
kubeconfig at ~/.kube/minikube-indri/config.yml for remote kubectl access.
Part of P5.1 migration to docker driver.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The k8s API server is now at 192.168.105.2:6443 (inside qemu2 VM)
instead of localhost:44491 (old podman port mapping).
Note: TCP passthrough via tailscale svc:k8s is configured but
connection times out - may need admin console approval or debugging.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check containerd registry config before writing to avoid unnecessary changes
- Fix ansible_env deprecation warnings (use ansible_facts['env'])
- Document macOS network permission popup for minikube mount
- Document passwordless sudo configuration for indri
- Add checks to skip sudo tasks when state already matches
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- LaunchDaemon: mounts sifaka:/volume1/torrents to /Volumes/torrents-nfs at boot
- LaunchAgent: runs minikube mount to pass through to /mnt/torrents in VM
- Handlers to load both services when plist files change
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hosts file entry for registry.tail8d86e.ts.net in VM
- Configure containerd registry mirror to use local zot
- Update P5.1 doc with implementation notes and manual steps
- Mark P5.1 as complete
Manual steps still required after cluster creation:
1. sudo brew services start socket_vmnet (once per reboot)
2. sudo mount -t nfs sifaka:/volume1/torrents /Volumes/torrents-nfs
3. minikube mount /Volumes/torrents-nfs:/mnt/torrents (GUI session)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Install socket_vmnet via homebrew
- Start socket_vmnet service (requires sudo)
- Add --network=socket_vmnet to minikube start
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change minikube driver from podman to qemu2
- Change container runtime from cri-o to containerd
- Add qemu installation to minikube role
- Remove podman role from indri.yml playbook
- Update handlers for containerd instead of cri-o
- Temporarily disable registry mirror config (needs containerd format)
- Add k8s-storage synology user creation steps to P5.1 doc
- Add post-migration tasks for zot registry mirror reconfiguration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
