feat: add examples 05-08 (kubemix, ansible, mixed runtimes)#20
Merged
miguelgila merged 13 commits intomainfrom Feb 20, 2026
Merged
feat: add examples 05-08 (kubemix, ansible, mixed runtimes)#20miguelgila merged 13 commits intomainfrom
miguelgila merged 13 commits intomainfrom
Conversation
Demonstrates running all three Kubernetes workload types simultaneously on a 10-node cluster (3 batch + 3 daemon + 3 service workers), each reading config from dedicated ConfigMap volumes. Uses pre-built release binaries instead of building from source. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sequential Jobs on a 10-node cluster: Job 1 installs Ansible via apt on all workers, Job 2 runs an Ansible playbook (from ConfigMap) to install and verify nginx. Showcases shared overlay state persisting between workloads. Uses pre-built release binaries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kubectl delete/apply -f on a directory parses all .yml files as Kubernetes manifests. The Ansible playbook is not a K8s resource. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kubectl parses any file ending in .yml/.yaml in a directory. Use .ansible extension instead so the playbook is fully ignored. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uses a DaemonSet instead of a Job to install Ansible — kubelet restarts it after node reboots, reinstalling into the fresh overlay automatically. Workers labeled as login (2) or compute (7) with role-based targeting. Includes nginx playbook Job targeting login nodes only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Job's init container polls for ansible-playbook in the shared overlay, creating an implicit dependency on the bootstrap DaemonSet. This allows deploying everything with a single kubectl apply -f. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deploys htop on all compute nodes (7) via Ansible playbook from ConfigMap. Uses same init container pattern to wait for the bootstrap DaemonSet. Both Jobs run in parallel after a single kubectl apply. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jobs run once and won't re-run after a reboot — packages installed in the overlay are lost. DaemonSets are restarted by kubelet, reinstalling everything into the fresh overlay automatically. Init containers still handle the dependency on ansible-bootstrap. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mixed runtime demo: OpenLDAP (default containerd/runc) alongside Reaper workloads that configure SSSD on all worker nodes. First example showing Reaper consuming a service from a traditional container. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bitnami/openldap tags are no longer available on Docker Hub. Switch to osixia/openldap:1.5.0 with a sidecar container that seeds LDIF via ldapadd -c after the server is ready. This avoids osixia's fragile bootstrap mechanism (status 68 failures). Also adds the base DN entry to the LDIF and uses authenticated searches (osixia ACLs block anonymous reads). Tested end-to-end: OpenLDAP boots, seeder loads 5 posixAccount users, SSSD configured on all 3 workers, getent passwd user1 resolves correctly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The first NSS lookup in a fresh Reaper process can fail because SSSD's responder socket hasn't connected yet. A 1s sleep before getent ensures the lookup succeeds reliably. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Completed by example 08-mix-container-runtime-engines. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #20 +/- ##
=======================================
Coverage 86.20% 86.20%
=======================================
Files 4 4
Lines 174 174
=======================================
Hits 150 150
Misses 24 24 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
getent passwd user1resolves correctly from a fresh Reaper pod🤖 Generated with Claude Code