diff options
| author | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
|---|---|---|
| committer | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
| commit | 69adb23c59e991ddcabf5cfce415fd8b638dbc1a (patch) | |
| tree | 8693e708f751923f6f7f9dd48004303bebb4e126 /roles/ands_kaas/templates/50-kaas-pods.yml.j2 | |
| parent | 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (diff) | |
| download | ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.gz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.bz2 ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.xz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.zip | |
Improve handling of filesystem permissions and other fixes
Diffstat (limited to 'roles/ands_kaas/templates/50-kaas-pods.yml.j2')
| -rw-r--r-- | roles/ands_kaas/templates/50-kaas-pods.yml.j2 | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 index 2ed7462..216dc01 100644 --- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 +++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 @@ -7,7 +7,7 @@ metadata: annotations: descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} objects: -{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %} +{% for name, pod in kaas_project_pods.iteritems() %} {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} {% set privkey = "kaas_" ~ name ~ "_privkey" %} {% set cakey = "kaas_" ~ name ~ "_ca" %} @@ -104,20 +104,15 @@ objects: {% if (pod.groups is defined) or (pod.run_as is defined) %} securityContext: {% if (pod.run_as is defined) %} - {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} - runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} - {% else %} - runAsUser: {{ pod.run_as }} - {% endif %} + runAsUser: {{ (kaas_project_uids[pod.run_as] is defined) | ternary(kaas_project_uids[pod.run_as].id, pod.run_as) }} {% endif %} {% if (pod.groups is defined) %} + {% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %} + fsGroup: {{ (kaas_project_gids[pod.groups[0]] is defined) | ternary(kaas_project_gids[pod.groups[0]].id, pod.groups[0]) }} + {% endif %} supplementalGroups: {% for group in pod.groups %} - {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} - {% else %} - - {{ group }} - {% endif %} + - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }} {% endfor %} {% endif %} {% endif %} |