From: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Date: Thu, 10 Jun 2021 10:16:15 +0000 (+0200)
Subject: [ANSIBLE] Create host paths for PVs and set their permissions
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=d357db8f1df643c268cc9c11c7cc43550ed17246;p=oom%2Foffline-installer.git

[ANSIBLE] Create host paths for PVs and set their permissions

Access mode for hostPath type kubernetes PVs has to be set
explicitly as setting it with pod's securityContext is not
supported.

Change-Id: I60ed71001fc7859440510f17c1989b35d28c37b5
Issue-ID: INT-1926
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
---

diff --git a/ansible/roles/k8s-persistent-volume/defaults/main.yml b/ansible/roles/k8s-persistent-volume/defaults/main.yml
index 5260db11..d1a2b69c 100644
--- a/ansible/roles/k8s-persistent-volume/defaults/main.yml
+++ b/ansible/roles/k8s-persistent-volume/defaults/main.yml
@@ -3,3 +3,5 @@ k8s_volumes:
   - name: kube-prometheus
     capacity: "6Gi"
     path_prefix: "{{ nfs_mount_path }}"
+    owner: 1000  # derived from prometheus.prometheusSpec.securityContext.runAsUser
+    group: 2000  # derived from prometheus.prometheusSpec.securityContext.fsGroup
diff --git a/ansible/roles/k8s-persistent-volume/tasks/main.yml b/ansible/roles/k8s-persistent-volume/tasks/main.yml
index 94f4e0b3..8428857f 100644
--- a/ansible/roles/k8s-persistent-volume/tasks/main.yml
+++ b/ansible/roles/k8s-persistent-volume/tasks/main.yml
@@ -9,3 +9,11 @@
     wait: True
     template: pv.yaml.j2
   loop: "{{ k8s_volumes }}"
+
+- name: Create host paths for PVs and set their permissions
+  file:
+    path: "{{ item.path_prefix }}/{{ item.name }}"
+    state: directory
+    owner: "{{ item.owner | default(0) }}"
+    group: "{{ item.group | default(0) }}"
+  loop: "{{ k8s_volumes }}"