[ANSIBLE] Create host paths for PVs and set their permissions

Access mode for hostPath type kubernetes PVs has to be set
explicitly as setting it with pod's securityContext is not
supported.

Change-Id: I60ed71001fc7859440510f17c1989b35d28c37b5
Issue-ID: INT-1926
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>

diff --git a/ansible/roles/k8s-persistent-volume/defaults/main.yml b/ansible/roles/k8s-persistent-volume/defaults/main.yml
index 5260db1..d1a2b69 100644 (file)
--- a/ansible/roles/k8s-persistent-volume/defaults/main.yml
+++ b/ansible/roles/k8s-persistent-volume/defaults/main.yml
@@ -3,3 +3,5 @@ k8s_volumes:
   - name: kube-prometheus
     capacity: "6Gi"
     path_prefix: "{{ nfs_mount_path }}"
+    owner: 1000  # derived from prometheus.prometheusSpec.securityContext.runAsUser
+    group: 2000  # derived from prometheus.prometheusSpec.securityContext.fsGroup

diff --git a/ansible/roles/k8s-persistent-volume/tasks/main.yml b/ansible/roles/k8s-persistent-volume/tasks/main.yml
index 94f4e0b..8428857 100644 (file)
--- a/ansible/roles/k8s-persistent-volume/tasks/main.yml
+++ b/ansible/roles/k8s-persistent-volume/tasks/main.yml
@@ -9,3 +9,11 @@
     wait: True
     template: pv.yaml.j2
   loop: "{{ k8s_volumes }}"
+
+- name: Create host paths for PVs and set their permissions
+  file:
+    path: "{{ item.path_prefix }}/{{ item.name }}"
+    state: directory
+    owner: "{{ item.owner | default(0) }}"
+    group: "{{ item.group | default(0) }}"
+  loop: "{{ k8s_volumes }}"