C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Flannel RBAC Fix

Browse source 
Fixes a bug that can occur if `cni-flannel-rbac.yml` was written but the playbook failed before it was applied. Uses the same approach as calico.
This commit is contained in:
Chad Swenson 2017-11-02 23:20:23 -05:00
parent 5c5e879c2c
commit 16ae2c1809
2 changed files with 17 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
View file

@ -1,19 +1,14 @@
--- ---
- name: "Flannel | Create ServiceAccount ClusterRole and ClusterRoleBinding"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/cni-flannel-rbac.yml"
run_once: true
when: rbac_enabled and flannel_rbac_manifest.changed
- name: Flannel | Start Resources - name: Flannel | Start Resources
kube: kube:
name: "kube-flannel" name: "{{item.item.name}}"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/cni-flannel.yml"
resource: "ds"
namespace: "{{ system_namespace }}" namespace: "{{ system_namespace }}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "latest" state: "latest"
with_items: "{{ flannel_manifest.changed }}" with_items: "{{ flannel_node_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0] and not item|skipped
- name: Flannel | Wait for flannel subnet.env file presence - name: Flannel | Wait for flannel subnet.env file presence
wait_for: wait_for:

22
roles/network_plugin/flannel/tasks/main.yml
View file

@ -1,16 +1,14 @@
--- ---
- include: pre-upgrade.yml - include: pre-upgrade.yml
- name: Flannel | Create cni-flannel-rbac manifest - name: Flannel | Create Flannel manifests
template: template:
src: cni-flannel-rbac.yml.j2 src: "{{item.file}}.j2"
dest: "{{ kube_config_dir }}/cni-flannel-rbac.yml" dest: "{{kube_config_dir}}/{{item.file}}"
register: flannel_rbac_manifest with_items:
when: inventory_hostname == groups['kube-master'][0] and rbac_enabled - {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
- name: Flannel | Create cni-flannel manifest register: flannel_node_manifests
template: when:
src: cni-flannel.yml.j2 - inventory_hostname in groups['kube-master']
dest: "{{ kube_config_dir }}/cni-flannel.yml" - rbac_enabled or item.type not in rbac_resources
register: flannel_manifest
when: inventory_hostname == groups['kube-master'][0]