From 6cefbdf9104389b65eb118a528d65bf9f8be3591 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 20 Mar 2026 21:53:35 +1100 Subject: [PATCH] feat: add shared bins volume for uv and cobbler-enc - Add puppet-shared-bins PVC (10GB) for shared binaries - Mount /opt/bin in both compiler and master deployments - Add init container to install uv binary and cobbler script to shared volume - Update cobbler-enc to use absolute path and uv cache directory - Configure puppet.conf to reference cobbler-enc from /opt/bin --- .../deployment_puppetserver-compiler.yaml | 39 ++++++++++++++++--- .../deployment_puppetserver-master.yaml | 5 +++ apps/base/puppet/persistentvolumeclaims.yaml | 18 +++++++++ apps/base/puppet/resources/cobbler-enc | 2 +- .../puppet/resources/compiler/puppet.conf | 2 +- 5 files changed, 59 insertions(+), 7 deletions(-) diff --git a/apps/base/puppet/deployment_puppetserver-compiler.yaml b/apps/base/puppet/deployment_puppetserver-compiler.yaml index bb17410..2ef724a 100644 --- a/apps/base/puppet/deployment_puppetserver-compiler.yaml +++ b/apps/base/puppet/deployment_puppetserver-compiler.yaml @@ -94,6 +94,8 @@ spec: - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true + - mountPath: /opt/bin/ + name: puppet-shared-bins initContainers: - name: copy-configmaps image: busybox:1.35 @@ -107,8 +109,6 @@ spec: cp /configmaps/puppet.conf /etc/puppetlabs/puppet/puppet.conf cp /configmaps/puppetdb.conf /etc/puppetlabs/puppet/puppetdb.conf cp /configmaps/autosign.conf /etc/puppetlabs/puppet/autosign.conf - cp /configmaps/cobbler-enc /etc/puppetlabs/puppet/cobbler-enc - chmod +x /etc/puppetlabs/puppet/cobbler-enc echo "Configmap files copied successfully" volumeMounts: - mountPath: /etc/puppetlabs/puppet/ @@ -122,9 +122,6 @@ spec: - mountPath: /configmaps/autosign.conf name: compiler-autosign-conf subPath: autosign.conf - - mountPath: /configmaps/cobbler-enc - name: puppet-cobbler-enc - subPath: cobbler-enc - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; mkdir -p /etc/puppetlabs/code/environments; @@ -175,6 +172,35 @@ spec: name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume + - name: setup-shared-bins + image: git.unkin.net/unkin/almalinux9-base:20260308 + command: + - sh + - -c + args: + - | + echo "Setting up shared binaries..." + mkdir -p /opt/bin + mkdir -p /opt/bin/.cache/uv + + # Copy cobbler to shared bin volume + cp /configmaps/cobbler-enc /opt/bin/cobbler-enc + chmod +x /opt/bin/cobbler-enc + + # Install uv to shared bin volume + cd /tmp + wget -O uv-x86_64-unknown-linux-gnu.tar.gz https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github/astral-sh/uv/releases/download/0.9.20/uv-x86_64-unknown-linux-gnu.tar.gz + tar xf uv-x86_64-unknown-linux-gnu.tar.gz + cp uv-x86_64-unknown-linux-gnu/uv /opt/bin/uv + chmod +x /opt/bin/uv + + echo "Shared binaries setup completed" + volumeMounts: + - mountPath: /opt/bin/ + name: puppet-shared-bins + - mountPath: /configmaps/cobbler-enc + name: puppet-cobbler-enc + subPath: cobbler-enc securityContext: fsGroup: 999 volumes: @@ -200,5 +226,8 @@ spec: - name: puppet-cobbler-enc configMap: name: puppet-cobbler-enc + - name: puppet-shared-bins + persistentVolumeClaim: + claimName: puppet-shared-bins strategy: type: RollingUpdate diff --git a/apps/base/puppet/deployment_puppetserver-master.yaml b/apps/base/puppet/deployment_puppetserver-master.yaml index d86080b..a6dd57b 100644 --- a/apps/base/puppet/deployment_puppetserver-master.yaml +++ b/apps/base/puppet/deployment_puppetserver-master.yaml @@ -93,6 +93,8 @@ spec: - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true + - mountPath: /opt/bin/ + name: puppet-shared-bins initContainers: - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; @@ -163,3 +165,6 @@ spec: secret: secretName: eyaml-keys defaultMode: 0600 + - name: puppet-shared-bins + persistentVolumeClaim: + claimName: puppet-shared-bins diff --git a/apps/base/puppet/persistentvolumeclaims.yaml b/apps/base/puppet/persistentvolumeclaims.yaml index dda0468..f6bd3c5 100644 --- a/apps/base/puppet/persistentvolumeclaims.yaml +++ b/apps/base/puppet/persistentvolumeclaims.yaml @@ -124,3 +124,21 @@ spec: requests: storage: 10Gi storageClassName: cephfs-raid6-delete +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: puppet-shared-bins + app.kubernetes.io/instance: puppetserver + app.kubernetes.io/name: puppetserver + app.kubernetes.io/version: 0.9.20 + name: puppet-shared-bins + namespace: puppet +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi + storageClassName: cephfs-raid6-delete diff --git a/apps/base/puppet/resources/cobbler-enc b/apps/base/puppet/resources/cobbler-enc index 99f2f63..8943cfb 100755 --- a/apps/base/puppet/resources/cobbler-enc +++ b/apps/base/puppet/resources/cobbler-enc @@ -1,4 +1,4 @@ -#!/usr/bin/env -S uv run --quiet --script +#!/usr/bin/env -S /opt/bin/uv run --quiet --cache-dir /opt/bin/.cache/uv --script # /// script # requires-python = ">=3.11" # dependencies = ['pyyaml','requests'] diff --git a/apps/base/puppet/resources/compiler/puppet.conf b/apps/base/puppet/resources/compiler/puppet.conf index b66a812..30459d0 100644 --- a/apps/base/puppet/resources/compiler/puppet.conf +++ b/apps/base/puppet/resources/compiler/puppet.conf @@ -13,7 +13,7 @@ environmentpath = /etc/puppetlabs/code/environments [master] node_terminus = exec -external_nodes = /etc/puppetlabs/puppet/cobbler-enc +external_nodes = /opt/bin/cobbler-enc autosign = /etc/puppetlabs/puppet/autosign.conf default_manifest = /etc/puppetlabs/code/environments/develop/manifests default_environment = develop -- 2.47.3