6518e54154
Some checks failed
ci/woodpecker/push/default Pipeline failed
New k8s nodes were only getting the personal `wizard` key in authorized_keys — not the automated k8s-version-upgrade pipeline's key (Vault secret/k8s-upgrade/ssh_key_pub). So a freshly provisioned node is invisible to the upgrade chain (it SSHes in as `wizard` to drain+upgrade): node4/5/6 all hit "Permission denied (publickey)" on 2026-06-17 and had to have the key pushed by hand. Bake the public key into the cloud-init template so every new node gets it on first boot. (unattended-upgrades is already in this template — node4/node5 missed it only because the LIVE PVE cloud-init snippet lagged this source: it deploys via a Tier-0 `stacks/infra` apply that hadn't run since before their 2026-05-26 provision. Same lesson applies to THIS change — it reaches new nodes only after `stacks/infra` is applied to refresh the snippet on the PVE host.) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| create-template-vm | ||
| create-vm | ||
| docker-registry | ||
| kubernetes | ||