---

name: bootstrap-node description: Bootstrap a new node for Kubernetes without joining it to the cluster. Use when preparing nodes in advance, testing setup, or staging hardware.

Bootstrap a New Node

Prepare a node for Kubernetes cluster membership without actually joining it.

Useful when:

• Preparing multiple nodes before adding them
• Testing the bootstrap process
• Setting up nodes that will be added later

Instructions

Step 1: Verify Tailscale Connectivity

tailscale status | grep -i <node_name>

Get the Tailscale IP address.

Step 2: Ensure Node in Inventory

Check ansible/inventory/hosts.yml, add if missing:

workers:
  hosts:
    <node_name>:
      ansible_host: <tailscale_ip>
      tailscale_ip: <tailscale_ip>
      reserved_cpu: "2"
      reserved_memory: "4Gi"
      node_labels:
        node-role: worker
        workstation: "true"

bootstrap:
  hosts:
    <node_name>: {}

Step 3: Setup SSH Access

ssh -o BatchMode=yes -o ConnectTimeout=5 <tailscale_ip> echo "SSH OK" 2>/dev/null

If fails: ssh-copy-id <user>@<tailscale_ip>

Step 4: Run Bootstrap Playbook

cd /home/al/git/kubani
ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/bootstrap_node.yml --limit <node_name>

Step 5: Validate

ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/preflight_checks.yml --limit <node_name>

What Bootstrap Does

• Updates system packages
• Installs: curl, git, vim, htop, jq, iptables, conntrack
• Configures Tailscale
• Sets up SSH key authentication
• Hardens SSH (disables password auth, root login)
• Configures passwordless sudo
• Sets hostname and timezone
• Enables IP forwarding and bridge netfilter
• Loads kernel modules (br_netfilter, overlay)
• Disables swap
• Configures UFW firewall

Next Steps

Add to cluster with:

ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/add_node.yml --limit "<node_name>,sparky"

Or use the add-node skill.