diff options
| author | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
|---|---|---|
| committer | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
| commit | 69adb23c59e991ddcabf5cfce415fd8b638dbc1a (patch) | |
| tree | 8693e708f751923f6f7f9dd48004303bebb4e126 /roles/ands_kaas/templates | |
| parent | 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (diff) | |
| download | ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.gz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.bz2 ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.xz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.zip | |
Improve handling of filesystem permissions and other fixes
Diffstat (limited to 'roles/ands_kaas/templates')
| -rw-r--r-- | roles/ands_kaas/templates/00-gfs-volumes.yml.j2 | 13 | ||||
| -rw-r--r-- | roles/ands_kaas/templates/50-kaas-pods.yml.j2 | 17 |
2 files changed, 15 insertions, 15 deletions
diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 index c9341ed..a69942d 100644 --- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 +++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 @@ -2,18 +2,23 @@ apiVersion: v1 kind: Template metadata: - name: + name: {{ kaas_project }}-gfs-volumes annotations: - descriptions: "KATRIN Volumes" + descriptions: "{{ kaas_project }} glusterfs volumes" objects: {% for name, vol in kaas_project_volumes.iteritems() %} {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} {% set cfgpath = vol.path | default("") %} {% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %} +{% if oc_name | regex_search("^" + kaas_project) %} +{% set pvname = oc_name %} +{% else %} +{% set pvname = (kaas_project + "-" + oc_name) | regex_replace('_','-') %} +{% endif %} - apiVersion: v1 kind: PersistentVolume metadata: - name: {{ oc_name }} + name: {{ pvname }} spec: persistentVolumeReclaimPolicy: Retain glusterfs: @@ -32,7 +37,7 @@ objects: metadata: name: {{ oc_name }} spec: - volumeName: {{ oc_name }} + volumeName: {{ pvname }} accessModes: - {{ vol.access | default('ReadWriteMany') }} resources: diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 index 2ed7462..216dc01 100644 --- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 +++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 @@ -7,7 +7,7 @@ metadata: annotations: descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} objects: -{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %} +{% for name, pod in kaas_project_pods.iteritems() %} {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} {% set privkey = "kaas_" ~ name ~ "_privkey" %} {% set cakey = "kaas_" ~ name ~ "_ca" %} @@ -104,20 +104,15 @@ objects: {% if (pod.groups is defined) or (pod.run_as is defined) %} securityContext: {% if (pod.run_as is defined) %} - {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} - runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} - {% else %} - runAsUser: {{ pod.run_as }} - {% endif %} + runAsUser: {{ (kaas_project_uids[pod.run_as] is defined) | ternary(kaas_project_uids[pod.run_as].id, pod.run_as) }} {% endif %} {% if (pod.groups is defined) %} + {% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %} + fsGroup: {{ (kaas_project_gids[pod.groups[0]] is defined) | ternary(kaas_project_gids[pod.groups[0]].id, pod.groups[0]) }} + {% endif %} supplementalGroups: {% for group in pod.groups %} - {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} - {% else %} - - {{ group }} - {% endif %} + - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }} {% endfor %} {% endif %} {% endif %} |