diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 151cc515c..f65a64029 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -21,6 +21,23 @@ when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] tags: dnsmasq +# see https://github.com/kubernetes/kubernetes/issues/45084 +# TODO: this is only needed for "old" kube-dns +- name: Kubernetes Apps | Patch system:kube-dns ClusterRole + command: > + {{bin_dir}}/kubectl patch clusterrole system:kube-dns + --patch='{ + "rules": [ + { + "apiGroups" : [""], + "resources" : ["endpoints", "services"], + "verbs": ["list", "watch", "get"] + } + ] + }' + when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] + tags: dnsmasq + - name: Kubernetes Apps | Start Resources kube: name: "{{item.item.name}}"