patch system:kube-dns clusterrole for get
This commit is contained in:
jwfang
parent
442ebce3d8
commit
525db1f109
1 changed files with 17 additions and 0 deletions
|
|
@ -24,6 +24,23 @@
|
||||||
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and (item.type not in rbac_resources or rbac_enabled)
|
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and (item.type not in rbac_resources or rbac_enabled)
|
||||||
tags: dnsmasq
|
tags: dnsmasq
|
||||||
|
|
||||||
|
# see https://github.com/kubernetes/kubernetes/issues/45084
|
||||||
|
# TODO: this is only needed for "old" kube-dns
|
||||||
|
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
|
||||||
|
command: >
|
||||||
|
{{bin_dir}}/kubectl patch clusterrole system:kube-dns
|
||||||
|
--patch='{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"apiGroups" : [""],
|
||||||
|
"resources" : ["endpoints", "services"],
|
||||||
|
"verbs": ["list", "watch", "get"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}'
|
||||||
|
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
||||||
|
tags: dnsmasq
|
||||||
|
|
||||||
- name: Kubernetes Apps | Start Resources
|
- name: Kubernetes Apps | Start Resources
|
||||||
kube:
|
kube:
|
||||||
name: "{{item.item.name}}"
|
name: "{{item.item.name}}"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue