MetalLB is already installed and configured on the cluster. The pipeline
no longer needs to apply IPAddressPool or L2Advertisement resources.
Removed the 'Setup MetalLB' stage and deleted the metallb overlay files.
The frontend Service type: LoadBalancer is already set, so MetalLB will
automatically assign an external IP on deployment.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wait for the MetalLB controller deployment to be ready before applying
IPAddressPool/L2Advertisement CRDs. If the webhook service has no ready
endpoints (stale ClusterIP from a previously removed controller), delete
the ValidatingWebhookConfiguration so the apply is not blocked. This
prevents the 'connection refused' webhook failure seen when a duplicate
MetalLB install left behind a broken webhook service endpoint.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MetalLB was already installed (metallb-speaker-* / metallb-controller-*)
32 days ago. Applying metallb-native.yaml created duplicate controller and
speaker resources. The new speaker pods could not schedule because the
existing metallb-speaker-* pods already occupy the host ports (7472, 7946)
on all 3 nodes: "1 node(s) didn't have free ports for the requested pod ports"
Fix: remove the kubectl apply for metallb-native.yaml — just apply the
IPAddressPool and L2Advertisement configs which is all we need.
Manual cluster cleanup required (one-time):
kubectl delete deployment controller -n metallb-system
kubectl delete daemonset speaker -n metallb-system
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Speaker DaemonSet on CPU-constrained cluster takes >180s to start all 3 pods.
Don't fail the entire pipeline — warn and print speaker pod status instead.
Controller must still be ready (it handles IP assignment) before continuing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
During rolling updates with the default maxSurge=1, an extra surge pod was
created temporarily (3 pods instead of 2), causing all 3 nodes to report
"Insufficient CPU" and delaying scheduling past the Jenkins rollout timeout.
With maxSurge=0 / maxUnavailable=1, one old pod terminates first before a
new one starts — pod count stays at 2 throughout, no extra CPU needed.
Also increase Jenkins rollout timeout from 300s to 600s as a safety net
for CPU-constrained nodes that may still need extra scheduling time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Speaker runs on all 3 nodes and needs image pull + startup time per node.
90s was too tight — bumped to 180s to handle slow node startups.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add MetalLB IPAddressPool (192.168.108.213/32) and L2Advertisement
so the frontend gets a stable external IP on the LAN
- Change frontend service type: NodePort → LoadBalancer
- Add 'Setup MetalLB' stage in Jenkinsfile that installs MetalLB v0.14.8
(idempotent) and applies the IP pool config before each deploy
After deploy: kubectl get svc frontend -n scrum-manager
should show EXTERNAL-IP: 192.168.108.213
App accessible at: http://192.168.108.213
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend was OOMKilled during rolling update startup (Node.js + Socket.io +
MySQL pool exceeds 256Mi). Raised limit to 512Mi and request to 256Mi.
Jenkinsfile: show kubectl get pods immediately after apply so pod state
is visible in build logs. Added full diagnostics (describe + logs) in
post.failure block so the root cause of any future rollout failure is
visible without needing to SSH into the cluster.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The mysql-data-pvc was already dynamically provisioned by the cluster's
'local-path' StorageClass. The overlay patch tried to change storageClassName
to 'manual' and volumeName on an already-bound PVC, which Kubernetes forbids:
"spec is immutable after creation except resources.requests"
Fixes:
- Remove mysql-pvc-patch from kustomization.yaml (PVC left as-is)
- Remove mysql-pv.yaml resource (not needed with dynamic provisioner)
- Add comment explaining when manual PV/PVC is needed vs not
Jenkinsfile: add --timeout and FQDN to smoke test curl; add comments
explaining MySQL Recreate strategy startup timing expectations.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>