|
|
|
@ -75,6 +75,48 @@ |
|
|
|
- node_webhook_crb_manifest.changed |
|
|
|
tags: node-webhook |
|
|
|
|
|
|
|
- name: Check if vsphere-cloud-provider ClusterRole exists |
|
|
|
command: "{{ bin_dir }}/kubectl get clusterroles system:vsphere-cloud-provider" |
|
|
|
register: vsphere_cloud_provider |
|
|
|
ignore_errors: true |
|
|
|
when: |
|
|
|
- rbac_enabled |
|
|
|
- cloud_provider is defined |
|
|
|
- cloud_provider == 'vsphere' |
|
|
|
- kube_version | version_compare('v1.9.0', '>=') |
|
|
|
- kube_version | version_compare('v1.9.3', '<=') |
|
|
|
tags: vsphere |
|
|
|
|
|
|
|
- name: Write vsphere-cloud-provider ClusterRole manifest |
|
|
|
template: |
|
|
|
src: "vsphere-rbac.yml.j2" |
|
|
|
dest: "{{ kube_config_dir }}/vsphere-rbac.yml" |
|
|
|
register: vsphere_rbac_manifest |
|
|
|
when: |
|
|
|
- rbac_enabled |
|
|
|
- cloud_provider is defined |
|
|
|
- cloud_provider == 'vsphere' |
|
|
|
- vsphere_cloud_provider.rc != 0 |
|
|
|
- kube_version | version_compare('v1.9.0', '>=') |
|
|
|
- kube_version | version_compare('v1.9.3', '<=') |
|
|
|
tags: vsphere |
|
|
|
|
|
|
|
- name: Apply vsphere-cloud-provider ClusterRole |
|
|
|
kube: |
|
|
|
name: "system:vsphere-cloud-provider" |
|
|
|
kubectl: "{{bin_dir}}/kubectl" |
|
|
|
resource: "clusterrolebinding" |
|
|
|
filename: "{{ kube_config_dir }}/vsphere-rbac.yml" |
|
|
|
state: latest |
|
|
|
when: |
|
|
|
- rbac_enabled |
|
|
|
- cloud_provider is defined |
|
|
|
- cloud_provider == 'vsphere' |
|
|
|
- vsphere_cloud_provider.rc != 0 |
|
|
|
- kube_version | version_compare('v1.9.0', '>=') |
|
|
|
- kube_version | version_compare('v1.9.3', '<=') |
|
|
|
tags: vsphere |
|
|
|
|
|
|
|
# This is not a cluster role, but should be run after kubeconfig is set on master |
|
|
|
- name: Write kube system namespace manifest |
|
|
|
template: |
|
|
|
|
Brad Beam
6 years ago
GitHub