From 308a2fd4b77469dc4f70ad299b404f036fde178e Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Wed, 4 Mar 2026 01:35:41 +0000
Subject: [PATCH] fix: hard reset kubelet identity before kubeadm init

Clear kubelet cert/bootstrap artifacts after reset and force hostname override in kubeadm nodeRegistration so the node consistently registers as cp-1 instead of inheriting stale template identity.
---
 nixos/kubeadm/modules/k8s-common.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nixos/kubeadm/modules/k8s-common.nix b/nixos/kubeadm/modules/k8s-common.nix
index 3fd9809..589efae 100644
--- a/nixos/kubeadm/modules/k8s-common.nix
+++ b/nixos/kubeadm/modules/k8s-common.nix
@@ -131,7 +131,7 @@ in
       echo "Using kube-vip interface: $iface"
       echo "Using kubeadm node name: $node_name"
 
-      hostnamectl set-hostname "$node_name" || true
+      hostname "$node_name" || true
 
       rm -f /var/lib/kubelet/config.yaml /var/lib/kubelet/kubeadm-flags.env
 
@@ -139,6 +139,9 @@ in
       systemctl stop kubelet || true
       systemctl reset-failed kubelet || true
       env -i PATH=/run/current-system/sw/bin:/usr/bin:/bin kubeadm reset -f || true
+      rm -f /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf
+      rm -f /var/lib/kubelet/kubeconfig /var/lib/kubelet/instance-config.yaml
+      rm -rf /var/lib/kubelet/pki
 
       systemctl daemon-reload
       systemctl unmask kubelet || true
@@ -161,6 +164,8 @@ in
       nodeRegistration:
         name: "KUBEADM_NODE_NAME"
         criSocket: unix:///run/containerd/containerd.sock
+        kubeletExtraArgs:
+          hostname-override: "KUBEADM_NODE_NAME"
       ---
       apiVersion: kubeadm.k8s.io/v1beta4
       kind: ClusterConfiguration