From d357db8f1df643c268cc9c11c7cc43550ed17246 Mon Sep 17 00:00:00 2001
From: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Date: Thu, 10 Jun 2021 12:16:15 +0200
Subject: [ANSIBLE] Create host paths for PVs and set their permissions

Access mode for hostPath type kubernetes PVs has to be set
explicitly as setting it with pod's securityContext is not
supported.

Change-Id: I60ed71001fc7859440510f17c1989b35d28c37b5
Issue-ID: INT-1926
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
---
 ansible/roles/k8s-persistent-volume/defaults/main.yml | 2 ++
 ansible/roles/k8s-persistent-volume/tasks/main.yml    | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/ansible/roles/k8s-persistent-volume/defaults/main.yml b/ansible/roles/k8s-persistent-volume/defaults/main.yml
index 5260db11..d1a2b69c 100644
--- a/ansible/roles/k8s-persistent-volume/defaults/main.yml
+++ b/ansible/roles/k8s-persistent-volume/defaults/main.yml
@@ -3,3 +3,5 @@ k8s_volumes:
   - name: kube-prometheus
     capacity: "6Gi"
     path_prefix: "{{ nfs_mount_path }}"
+    owner: 1000  # derived from prometheus.prometheusSpec.securityContext.runAsUser
+    group: 2000  # derived from prometheus.prometheusSpec.securityContext.fsGroup
diff --git a/ansible/roles/k8s-persistent-volume/tasks/main.yml b/ansible/roles/k8s-persistent-volume/tasks/main.yml
index 94f4e0b3..8428857f 100644
--- a/ansible/roles/k8s-persistent-volume/tasks/main.yml
+++ b/ansible/roles/k8s-persistent-volume/tasks/main.yml
@@ -9,3 +9,11 @@
     wait: True
     template: pv.yaml.j2
   loop: "{{ k8s_volumes }}"
+
+- name: Create host paths for PVs and set their permissions
+  file:
+    path: "{{ item.path_prefix }}/{{ item.name }}"
+    state: directory
+    owner: "{{ item.owner | default(0) }}"
+    group: "{{ item.group | default(0) }}"
+  loop: "{{ k8s_volumes }}"
-- 
cgit