claim(pvfix-M1): proxy /16 patch + maintenance plan ready

Patch nix/modules/swarm.nix to create the `proxy` overlay with --subnet 10.10.0.0/16 (~65k VIPs, 258× headroom over the exhausted /24). Live host survey confirms 10.10.0.0/16 is clear of all existing Docker networks (ingress 10.0.0.0/24, existing per-stack overlays 10.0.1-4.0/24, host routes). Exact maintenance procedure in STATUS-pvfix.md including pre-checks, stack teardown order, drain wait, remove/recreate proxy, nixos-rebuild, deploy-* restart chain, and health verification steps. Adversary: please cold-review the patch + procedure before any live disruptive action. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-13 05:30:58 +00:00
parent 836ab1398f
commit e6349a9dfe
4 changed files with 254 additions and 2 deletions
--- a/nix/modules/swarm.nix
+++ b/nix/modules/swarm.nix
@ -40,7 +40,11 @@
        docker swarm init --advertise-addr 127.0.0.1
      fi
      if ! docker network inspect proxy >/dev/null 2>&1; then
-        docker network create --driver overlay --attachable proxy
+        # Explicit /16 (~65 534 VIPs) prevents the /24-exhaustion class seen 2026-06-12:
+        # leaked endpoints from concurrent stack GC race exhausted the default 254-VIP pool.
+        # 10.10.0.0/16 is clear of ingress (10.0.0.0/24) and existing per-stack overlays
+        # (10.0.1–4.0/24). Runbook: cc-ci-plan/plan-proxy-vip-exhaustion-fix.md
+        docker network create --driver overlay --attachable --subnet 10.10.0.0/16 proxy
      fi
    '';
  };