50 Commits

Author	SHA1	Message	Date
MichaelFisher1997	190dc2e095	fix: restore compatibility with older nixos-rebuild sudo flag ... Use --use-remote-sudo in rebuild script since the runner's nixos-rebuild does not support --sudo yet.	2026-03-02 22:30:38 +00:00
MichaelFisher1997	a81799a2b5	fix: stabilize kubeadm bootstrap and reduce Proxmox plan latency ... Move kubeadm reset ahead of kube-vip manifest generation, use super-admin.conf during bootstrap for kube-vip, and restore admin.conf after init. Also switch nixos-rebuild to --sudo and make QEMU guest agent optional so Terraform plan can skip slow guest-agent refreshes when it is not installed.	2026-03-02 22:09:10 +00:00
MichaelFisher1997	46c0786e57	fix: run kube-vip daemon before kubeadm init ... - Start kube-vip as a detached container to claim VIP before kubeadm init - Wait for VIP to be bound before proceeding - Generate static pod manifest for kube-vip - Stop bootstrap kube-vip after API server is healthy (static pod takes over) - Add kube-vip logs output if VIP fails to bind	2026-03-02 20:39:28 +00:00
MichaelFisher1997	1af45ca51e	fix: skip kubeadm wait-control-plane phase, wait for VIP manually ... - Use --skip-phases=wait-control-plane to avoid 4-minute timeout - Wait for kube-vip to bind VIP before checking API server health - Add kube-vip logs and VIP status to debug output	2026-03-02 19:37:06 +00:00
MichaelFisher1997	533f5a91e0	fix: add image pre-pull and debug output for kubeadm init ... - Pre-pull k8s control plane images before init to speed up startup - Add crictl pods and crictl ps -a output on failure for debugging	2026-03-02 18:35:41 +00:00
MichaelFisher1997	c061dda31d	fix: disable webhook authz and clean stale kubelet configs ... - Add authorization.mode: AlwaysAllow to KubeletConfiguration - Remove stale kubelet config.yaml before unmasking in all kubeadm scripts - This prevents 'no client provided, cannot use webhook authorization' error	2026-03-02 17:59:31 +00:00
MichaelFisher1997	fb21fbef4f	fix: disable kubelet webhook auth in kubeadm init config ... - Use explicit kubeadm config file with KubeletConfiguration - Disable webhook authentication which was causing 'no client provided' error - Add ConditionPathExists to kubelet systemd unit	2026-03-02 16:49:21 +00:00
MichaelFisher1997	1b76e07326	fix: kubelet directories and containerd readiness ... - Create /var/lib/kubelet and /var/lib/kubelet/pki directories via tmpfiles - Ensure containerd is running before kubeadm init - Add kubelet logs output on kubeadm init failure for debugging	2026-03-02 14:44:47 +00:00
MichaelFisher1997	db72dcab75	fix: remove kubelet ConditionPathExists, add daemon-reload ... - Remove ConditionPathExists from kubelet service definition as it prevents kubelet from starting when managed by kubeadm - Add systemctl daemon-reload after unmasking in all kubeadm scripts - Add reset-failed for consistent state cleanup	2026-03-02 13:58:49 +00:00
MichaelFisher1997	d42e83358c	fix: mask kubelet before rebuild, unmask in kubeadm helpers ... - Mask kubelet service entirely before nixos-rebuild to prevent systemd from restarting it during switch - Unmask kubelet in th-kubeadm-init/join scripts before starting	2026-03-02 12:44:40 +00:00
MichaelFisher1997	93e43a546f	fix: prevent kubelet auto-start during rebuild ... Add wantedBy = [] to prevent kubelet from being started by multi-user.target during nixos-rebuild switch. This allows rebuilds to succeed even when the cluster is in a transitional state. Kubelet will be started by kubeadm init/join commands instead.	2026-03-02 12:13:05 +00:00
MichaelFisher1997	ab5cc8b01d	fix: disable lingering kubelet service before node rebuild	2026-03-02 10:08:27 +00:00
MichaelFisher1997	f65a414959	fix: stop auto-enabling kubelet during base node rebuild	2026-03-02 09:13:53 +00:00
MichaelFisher1997	7c849ed019	fix: gate kubelet startup until kubeadm config exists	2026-03-02 08:39:22 +00:00
MichaelFisher1997	388b0c4f5d	fix: align kubelet systemd unit with kubeadm flags	2026-03-02 03:44:35 +00:00
MichaelFisher1997	d810547675	fix: ignore kubeadm HTTPProxyCIDR preflight in homelab workflow	2026-03-02 03:06:29 +00:00
MichaelFisher1997	9426968cd4	fix: run kubeadm init/reset with clean environment	2026-03-02 02:36:57 +00:00
MichaelFisher1997	02a6bca60b	fix: harden kubeadm scripts for proxy and preflight issues	2026-03-02 02:02:38 +00:00
MichaelFisher1997	a098c0aa29	fix: avoid sudo env loss for kube-vip image reference	2026-03-02 01:27:44 +00:00
MichaelFisher1997	9b03cec23e	fix: correctly propagate remote command exit status	2026-03-02 00:52:24 +00:00
MichaelFisher1997	fd7be1a428	fix: require admin kubeconfig before skipping cp init	2026-03-01 23:42:56 +00:00
MichaelFisher1997	f9e7356f94	fix: make cp-1 init detection and join token generation robust	2026-03-01 21:56:59 +00:00
MichaelFisher1997	a5f0f0a420	fix: recover when admin kubeconfig is missing on primary control plane	2026-03-01 20:58:44 +00:00
MichaelFisher1997	661fbc2ff4	fix: use admin kubeconfig for final cluster node check	2026-03-01 20:31:57 +00:00
MichaelFisher1997	3fa227d7c9	feat: add SSH-based fallback for kubeadm IP inventory	2026-03-01 19:28:15 +00:00
MichaelFisher1997	718a9930e8	fix: fail fast when terraform node IP outputs are empty	2026-03-01 18:01:09 +00:00
MichaelFisher1997	7ec1ce92cf	fix: auto-detect kube-vip interface and tighten SSH fallback	2026-03-01 17:34:09 +00:00
MichaelFisher1997	88db11292d	fix: fallback SSH user per host during bootstrap steps	2026-03-01 13:34:15 +00:00
MichaelFisher1997	8bd064c828	fix: keep micqdf user during kubeadm node rebuilds	2026-03-01 13:31:46 +00:00
MichaelFisher1997	760d0e8b5b	perf: speed up first bootstrap with fast-mode defaults	2026-03-01 03:33:42 +00:00
MichaelFisher1997	dad409a5b7	fix: restore use-remote-sudo for nixos-rebuild compatibility	2026-02-28 23:20:12 +00:00
MichaelFisher1997	45e818b113	fix: enable nix-command for remote gc and use --sudo	2026-02-28 22:55:15 +00:00
MichaelFisher1997	f5d9eba9d0	feat: parallelize worker rebuilds with retry and timeout	2026-02-28 22:15:48 +00:00
MichaelFisher1997	327c07314c	fix: reclaim remote nix store space before rebuild	2026-02-28 21:24:26 +00:00
MichaelFisher1997	3b5d04dda2	fix: force bash for remote kubeadm commands	2026-02-28 21:06:35 +00:00
MichaelFisher1997	ba912810d1	fix: preconfigure remote nix trusted-users before rebuild	2026-02-28 20:25:50 +00:00
MichaelFisher1997	5c037d9a99	fix: prefer root SSH for deploy and trust micqdf in nix	2026-02-28 20:03:26 +00:00
MichaelFisher1997	244887e9c2	fix: auto-detect SSH login user for node operations	2026-02-28 19:25:48 +00:00
MichaelFisher1997	c94c1f61d8	fix: force explicit SSH identity for kubeadm remote operations	2026-02-28 17:16:31 +00:00
MichaelFisher1997	046de9b3d4	fix: preseed known_hosts for kubeadm SSH operations	2026-02-28 17:07:43 +00:00
MichaelFisher1997	5669305e59	feat: make kubeadm workflows auto-scale with terraform outputs	2026-02-28 16:43:22 +00:00
MichaelFisher1997	f341816112	feat: run kubeadm reconcile after terraform apply on master	2026-02-28 16:39:04 +00:00
MichaelFisher1997	8bcc162956	feat: auto-discover kubeadm node IPs from terraform state	2026-02-28 16:31:23 +00:00
MichaelFisher1997	b0779c51c0	feat: add gitea workflows for kubeadm bootstrap and reset	2026-02-28 16:26:51 +00:00
MichaelFisher1997	9fe845b53d	feat: add repeatable kubeadm rebuild and reset scripts	2026-02-28 16:24:45 +00:00
MichaelFisher1997	885a92f494	chore: add lightweight flake checks for kubeadm configs	2026-02-28 16:19:37 +00:00
MichaelFisher1997	91dd20e60e	fix: escape shell expansion in kubeadm helper scripts	2026-02-28 16:12:25 +00:00
MichaelFisher1997	abac6300ca	refactor: generate kubeadm host configs from flake	2026-02-28 16:09:05 +00:00
MichaelFisher1997	7206d8cd41	feat: implement kubeadm bootstrap scaffolding for Nix nodes	2026-02-28 16:04:14 +00:00
MichaelFisher1997	21be01346b	feat: refactor infra to cp/wk kubeadm topology ... Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3.	2026-02-28 14:16:55 +00:00