From 614defc53f93b773476e1a9ef4451eb23cec008b Mon Sep 17 00:00:00 2001
From: bertiethorpe <bertie443@gmail.com>
Date: Fri, 7 Mar 2025 10:02:28 +0000
Subject: [PATCH 1/2] test kubernetes hostvars for compute-init

---
 ansible/test.yml | 89 ++++++++++++++++++++++++++++++++++++++++++++++++
 requirements.txt |  1 +
 requirements.yml |  2 ++
 3 files changed, 92 insertions(+)
 create mode 100644 ansible/test.yml

diff --git a/ansible/test.yml b/ansible/test.yml
new file mode 100644
index 000000000..7dfc9ce90
--- /dev/null
+++ b/ansible/test.yml
@@ -0,0 +1,89 @@
+---
+
+- hosts: compute
+  become: yes
+  gather_facts: yes
+  tasks:
+####### to be part of k3s role run at build time
+    - name: Install pip
+      dnf:
+        name: python3-pip
+      delegate_to: "{{ groups['control'] | first }}"
+      run_once: true
+
+    - name: Install pip dependencies for k8s ansible module
+      ansible.builtin.pip:
+        name:
+          - kubernetes==30.1.0
+      delegate_to: "{{ groups['control'] | first }}"
+      run_once: true
+#######
+    - name: Create Slurm Namespace
+      kubernetes.core.k8s:
+        name: slurm
+        api_version: v1
+        kind: Namespace
+        state: present
+      delegate_to: "{{ groups['control'] | first }}"
+      run_once: true
+
+    - name: Create Kubernetes Secret for each compute node hostvars
+      kubernetes.core.k8s:
+        state: present
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ inventory_hostname }}-hostvars"
+            namespace: slurm
+          type: Opaque
+          data:
+            hostvars.yml: "{{ lookup('ansible.builtin.template', 'roles/compute_init/templates/hostvars.yml.j2') | b64encode }}"
+      delegate_to: "{{ groups['control'] | first }}"
+
+    - name: Deploy Slurm Config Push DaemonSet
+      kubernetes.core.k8s:
+        state: present
+        definition:
+          apiVersion: apps/v1
+          kind: DaemonSet
+          metadata:
+            name: "slurm-hostvars-writer-{{ inventory_hostname }}"
+            namespace: slurm
+          spec:
+            selector:
+              matchLabels:
+                name: slurm-hostvars-writer
+            template:
+              metadata:
+                labels:
+                  name: slurm-hostvars-writer
+              spec:
+                securityContext:
+                  runAsUser: 1000
+                  runAsGroup: 1000
+                  fsGroup: 1000
+                containers:
+                  - name: pause
+                    image: registry.k8s.io/pause
+                initContainers:
+                  - name: copy-hostvars
+                    image: busybox:1.37
+                    command: ['sh', '-c', 'mkdir -p /etc/compute-init/hostvars && cat /mnt/hostvars/hostvars.yml > /etc/compute-init/hostvars/{{ inventory_hostname }}.yml']
+                    volumeMounts:
+                      - name: hostvars-dir
+                        mountPath: /etc/
+                      - name: hostvars-secret
+                        mountPath: /mnt/hostvars
+                        readOnly: true
+                volumes:
+                  - name: hostvars-dir
+                    hostPath:
+                      path: /etc/
+                      type: Directory
+                  - name: hostvars-secret
+                    projected:
+                      sources:
+                        - secret:
+                            name: "{{ inventory_hostname }}-hostvars"
+      delegate_to: "{{ groups['control'] | first }}"
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 872ee9516..4965e1adf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,4 +9,5 @@ cookiecutter
 selinux # this is a shim to avoid having to use --system-site-packages, you still need sudo yum install libselinux-python3
 netaddr
 matplotlib
+kubernetes==31.0.0
 pulp-cli==0.23.2
diff --git a/requirements.yml b/requirements.yml
index 34a436453..ceea09cb4 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -48,6 +48,8 @@ collections:
   - name: https://github.com/azimuth-cloud/ansible-collection-image-utils
     type: git
     version: 0.4.0
+  - name: kubernetes.core
+    version: 2.4.2
   # stackhpc.pulp has pulp.squeezer as dependency, any version, but latest
   # requires newer ansible than can install
   - name: pulp.squeezer

From a2b94ea66b875dee0f6f405ee858a773041bf5fe Mon Sep 17 00:00:00 2001
From: bertiethorpe <bertie443@gmail.com>
Date: Fri, 7 Mar 2025 13:35:38 +0000
Subject: [PATCH 2/2] fix permissions on /etc/compute-init

---
 ansible/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/test.yml b/ansible/test.yml
index 7dfc9ce90..66774948c 100644
--- a/ansible/test.yml
+++ b/ansible/test.yml
@@ -60,16 +60,16 @@
                   name: slurm-hostvars-writer
               spec:
                 securityContext:
-                  runAsUser: 1000
-                  runAsGroup: 1000
-                  fsGroup: 1000
+                  runAsUser: 0
+                  runAsGroup: 0
+                  fsGroup: 0
                 containers:
                   - name: pause
                     image: registry.k8s.io/pause
                 initContainers:
                   - name: copy-hostvars
                     image: busybox:1.37
-                    command: ['sh', '-c', 'mkdir -p /etc/compute-init/hostvars && cat /mnt/hostvars/hostvars.yml > /etc/compute-init/hostvars/{{ inventory_hostname }}.yml']
+                    command: ['sh', '-c', 'mkdir -p /etc/compute-init/hostvars && cat /mnt/hostvars/hostvars.yml > /etc/compute-init/hostvars/{{ inventory_hostname }}.yml && chmod 0400 /etc/compute-init/hostvars/{{ inventory_hostname }}.yml']
                     volumeMounts:
                       - name: hostvars-dir
                         mountPath: /etc/