fix: preseed known_hosts for kubeadm SSH operations

nixos/kubeadm/scripts/rebuild-and-bootstrap.sh

@@ -15,7 +15,7 @@ fi
 source "$INVENTORY_FILE"
 
 SSH_USER="${SSH_USER:-micqdf}"
-SSH_OPTS="${SSH_OPTS:- -o BatchMode=yes -o StrictHostKeyChecking=accept-new }"
+SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o StrictHostKeyChecking=accept-new}"
 
 declare -A NODE_IPS=()
 declare -a CP_NAMES=()
@@ -80,6 +80,18 @@ remote() {
   ssh $SSH_OPTS "$SSH_USER@$host_ip" "$cmd"
 }
 
+prepare_known_hosts() {
+  mkdir -p "$HOME/.ssh"
+  chmod 700 "$HOME/.ssh"
+  touch "$HOME/.ssh/known_hosts"
+  chmod 600 "$HOME/.ssh/known_hosts"
+
+  for node in "${!NODE_IPS[@]}"; do
+    ssh-keygen -R "${NODE_IPS[$node]}" >/dev/null 2>&1 || true
+    ssh-keyscan -H "${NODE_IPS[$node]}" >> "$HOME/.ssh/known_hosts" 2>/dev/null || true
+  done
+}
+
 cluster_has_node() {
   local node_name="$1"
   remote "$PRIMARY_CP_IP" "sudo kubectl --kubeconfig /etc/kubernetes/admin.conf get node $node_name >/dev/null 2>&1"
@@ -101,6 +113,8 @@ rebuild_node() {
 }
 
 populate_nodes
+prepare_known_hosts
+export NIX_SSHOPTS="$SSH_OPTS"
 
 PRIMARY_CONTROL_PLANE="${PRIMARY_CONTROL_PLANE:-cp-1}"
 if [ -z "${NODE_IPS[$PRIMARY_CONTROL_PLANE]:-}" ]; then

nixos/kubeadm/scripts/reset-cluster-nodes.sh

@@ -14,7 +14,7 @@ fi
 source "$INVENTORY_FILE"
 
 SSH_USER="${SSH_USER:-micqdf}"
-SSH_OPTS="${SSH_OPTS:- -o BatchMode=yes -o StrictHostKeyChecking=accept-new }"
+SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o StrictHostKeyChecking=accept-new}"
 
 declare -A NODE_IPS=()
 
@@ -58,6 +58,15 @@ if [ "${#NODE_IPS[@]}" -eq 0 ]; then
   exit 1
 fi
 
+mkdir -p "$HOME/.ssh"
+chmod 700 "$HOME/.ssh"
+touch "$HOME/.ssh/known_hosts"
+chmod 600 "$HOME/.ssh/known_hosts"
+for node_name in "${!NODE_IPS[@]}"; do
+  ssh-keygen -R "${NODE_IPS[$node_name]}" >/dev/null 2>&1 || true
+  ssh-keyscan -H "${NODE_IPS[$node_name]}" >> "$HOME/.ssh/known_hosts" 2>/dev/null || true
+done
+
 reset_node() {
   local node_name="$1"
   local node_ip="$2"