kubernetes-sigs · danilo404 · Mar 17, 2020 · Mar 17, 2020 · Mar 17, 2020 · Mar 17, 2020
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -244,8 +244,10 @@ podsecuritypolicy_enabled: false
 # system_master_memory_reserved: 256M
 # system_master_cpu_reserved: 250m
 
-# An alternative flexvolume plugin directory
+# The flexvolumes plugins directory
 # kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
+# Alternative directory if the default flexvolume plugin directory is not writeable
+# kubelet_flexvolumes_plugins_ro_alt_dir: /var/lib/kubelet/volumeplugins
 
 ## Supplementary addresses that can be added in kubernetes ssl keys.
 ## That can be useful for example to setup a keepalived virtual IP

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
@@ -27,7 +27,8 @@ kube_config_dir: /etc/kubernetes
 kube_cert_dir: "{{ kube_config_dir }}/ssl"
 kube_cert_compat_dir: /etc/kubernetes/pki
 kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
-
+# Alternative path for systems where the default kubelet_flexvolumes_plugins_dir is readonly, e.g. CoreOS
+kubelet_flexvolumes_plugins_ro_alt_dir: /var/lib/kubelet/volumeplugins
 # Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
 # for hostnet pods and infra needs
 resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf

diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -198,12 +198,17 @@
   when:
     - etcd_kubeadm_enabled
 
-- name: check /usr readonly
+- name: check if the flexvolume root path is readonly
   stat:
-    path: "/usr"
-  register: usr
+    path: "{{ kubelet_flexvolumes_plugins_dir | regex_search('^/[^/]+(/|$)') }}"  # matches the first directory in the path
+  register: flexvp_path
+
+- name: notify about the alternative flexvolume path
+  debug:
+    msg: "The flexvolumes plugins path {{ kubelet_flexvolumes_plugins_dir }} is not writeable, using {{ kubelet_flexvolumes_plugins_ro_alt_dir }}."
+  when: not flexvp_path.stat.writeable
 
 - name: set alternate flexvolume path
   set_fact:
-    kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volumeplugins
-  when: not usr.stat.writeable
+    kubelet_flexvolumes_plugins_dir: "{{ kubelet_flexvolumes_plugins_ro_alt_dir }}"
+  when: not flexvp_path.stat.writeable