diff --git a/AGENTS.md b/AGENTS.md index eb50746..42b6f63 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -66,6 +66,13 @@ Repository guide for agentic contributors working in this repo. - Prefer validating the exact directory you edited, not the whole repo, unless the change is cross-cutting. - For Flux changes, verify the relevant `Kustomization`/`HelmRelease`/`ExternalSecret` manifests render cleanly before committing. +### Kubeconfig refresh + +After a full cluster rebuild, the kubeconfig goes stale (new certs, new IPs). Refresh it with: +- `scripts/refresh-kubeconfig.sh ` (preferred) +- Or manually: `ssh -i ~/.ssh/infra root@ "cat /etc/rancher/k3s/k3s.yaml" | sed 's/127.0.0.1//g' > outputs/kubeconfig` +- The Ansible `site.yml` Finalize step also rewrites the server address to the public IP during bootstrap. + ## Code Style ### General diff --git a/ansible/site.yml b/ansible/site.yml index 34ee49c..71d88e1 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -134,7 +134,7 @@ tasks: - name: Update kubeconfig server address command: | - sed -i 's/127.0.0.1/{{ groups["control_plane"][0] }}.{{ tailscale_tailnet }}/g' ../outputs/kubeconfig + sed -i 's/127.0.0.1/{{ hostvars[groups["control_plane"][0]]["ansible_host"] }}/g' ../outputs/kubeconfig changed_when: true - name: Display success message diff --git a/scripts/refresh-kubeconfig.sh b/scripts/refresh-kubeconfig.sh new file mode 100755 index 0000000..1798e81 --- /dev/null +++ b/scripts/refresh-kubeconfig.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" +KUBECONFIG_PATH="$REPO_ROOT/outputs/kubeconfig" +SSH_KEY="${SSH_KEY:-$HOME/.ssh/infra}" + +CP1_PUBLIC_IP="${1:-}" + +if [ -z "$CP1_PUBLIC_IP" ]; then + if [ -f "$REPO_ROOT/ansible/inventory.ini" ]; then + CP1_PUBLIC_IP=$(grep -A2 '\[control_plane\]' "$REPO_ROOT/ansible/inventory.ini" | grep -oP '\d+\.\d+\.\d+\.\d+' | head -1) + fi +fi + +if [ -z "$CP1_PUBLIC_IP" ]; then + echo "Usage: $0 " + echo " Or ensure ansible/inventory.ini exists with control plane IPs." + exit 1 +fi + +echo "Fetching kubeconfig from $CP1_PUBLIC_IP ..." +ssh -i "$SSH_KEY" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "root@$CP1_PUBLIC_IP" "cat /etc/rancher/k3s/k3s.yaml" \ + | sed "s/127.0.0.1/$CP1_PUBLIC_IP/g" \ + > "$KUBECONFIG_PATH" + +chmod 600 "$KUBECONFIG_PATH" +echo "Kubeconfig saved to $KUBECONFIG_PATH" +echo "Run: export KUBECONFIG=$KUBECONFIG_PATH"