From 36e3aae6153ca75f488accd2a1c64bbc680c41ce Mon Sep 17 00:00:00 2001 From: jwfang <54740235@qq.com> Date: Sat, 17 Jun 2017 19:53:29 +0800 Subject: [PATCH] patch system:kube-dns clusterrole for get --- roles/kubernetes-apps/ansible/tasks/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 151cc515c..f65a64029 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -21,6 +21,23 @@ when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] tags: dnsmasq +# see https://github.com/kubernetes/kubernetes/issues/45084 +# TODO: this is only needed for "old" kube-dns +- name: Kubernetes Apps | Patch system:kube-dns ClusterRole + command: > + {{bin_dir}}/kubectl patch clusterrole system:kube-dns + --patch='{ + "rules": [ + { + "apiGroups" : [""], + "resources" : ["endpoints", "services"], + "verbs": ["list", "watch", "get"] + } + ] + }' + when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] + tags: dnsmasq + - name: Kubernetes Apps | Start Resources kube: name: "{{item.item.name}}"