Merge branch 'rbac-kp' into rbac-script-cert

# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
This commit is contained in:
Raj Perera 2017-06-19 12:12:45 -04:00
commit cd143109fc
2 changed files with 18 additions and 1 deletions

View file

@ -24,6 +24,23 @@
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and (item.type not in apiserver_rbac_resources or rbac_enabled)
tags: dnsmasq
# see https://github.com/kubernetes/kubernetes/issues/45084
# TODO: this is only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
command: >
{{bin_dir}}/kubectl patch clusterrole system:kube-dns
--patch='{
"rules": [
{
"apiGroups" : [""],
"resources" : ["endpoints", "services"],
"verbs": ["list", "watch", "get"]
}
]
}'
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
tags: dnsmasq
- name: Kubernetes Apps | Start Resources
kube:
name: "{{item.item.name}}"

View file

@ -23,7 +23,7 @@
{% if not is_kube_master and loadbalancer_apiserver_localhost|default(false) -%}
https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
{%- elif is_kube_master -%}
http://127.0.0.1:{{ kube_apiserver_insecure_port }}
https://127.0.0.1:{{ kube_apiserver_port }}
{%- else -%}
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}