From 3fa4ba9359fa9363cdc3f9a41bca6e5905d2c1d6 Mon Sep 17 00:00:00 2001 From: Bartek Grzybowski Date: Thu, 10 Jun 2021 12:16:15 +0200 Subject: [ANSIBLE] Create host paths for PVs and set their permissions Access mode for hostPath type kubernetes PVs has to be set explicitly as setting it with pod's securityContext is not supported. Change-Id: I60ed71001fc7859440510f17c1989b35d28c37b5 Issue-ID: INT-1926 Signed-off-by: Bartek Grzybowski --- ansible/roles/k8s-persistent-volume/defaults/main.yml | 2 ++ ansible/roles/k8s-persistent-volume/tasks/main.yml | 8 ++++++++ 2 files changed, 10 insertions(+) (limited to 'ansible/roles') diff --git a/ansible/roles/k8s-persistent-volume/defaults/main.yml b/ansible/roles/k8s-persistent-volume/defaults/main.yml index 5260db11..d1a2b69c 100644 --- a/ansible/roles/k8s-persistent-volume/defaults/main.yml +++ b/ansible/roles/k8s-persistent-volume/defaults/main.yml @@ -3,3 +3,5 @@ k8s_volumes: - name: kube-prometheus capacity: "6Gi" path_prefix: "{{ nfs_mount_path }}" + owner: 1000 # derived from prometheus.prometheusSpec.securityContext.runAsUser + group: 2000 # derived from prometheus.prometheusSpec.securityContext.fsGroup diff --git a/ansible/roles/k8s-persistent-volume/tasks/main.yml b/ansible/roles/k8s-persistent-volume/tasks/main.yml index 94f4e0b3..8428857f 100644 --- a/ansible/roles/k8s-persistent-volume/tasks/main.yml +++ b/ansible/roles/k8s-persistent-volume/tasks/main.yml @@ -9,3 +9,11 @@ wait: True template: pv.yaml.j2 loop: "{{ k8s_volumes }}" + +- name: Create host paths for PVs and set their permissions + file: + path: "{{ item.path_prefix }}/{{ item.name }}" + state: directory + owner: "{{ item.owner | default(0) }}" + group: "{{ item.group | default(0) }}" + loop: "{{ k8s_volumes }}" -- cgit 1.2.3-korg