From d8dcb8f6e028ad8fa487fae8eb85ef7516f55d07 Mon Sep 17 00:00:00 2001
From: jwfang <54740235@qq.com>
Date: Mon, 10 Jul 2017 18:53:59 +0800
Subject: [PATCH] no need to patch system:kube-dns

---
 roles/kubernetes-apps/ansible/tasks/main.yml | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 00a1fd74d..421cdec79 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -26,23 +26,6 @@
     - rbac_enabled or item.type not in kubedns_rbac_resources
   tags: dnsmasq
 
-# see https://github.com/kubernetes/kubernetes/issues/45084
-# TODO: this is only needed for "old" kube-dns
-- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
-  command: >
-    {{bin_dir}}/kubectl patch clusterrole system:kube-dns
-    --patch='{
-               "rules": [
-                 {
-                   "apiGroups" : [""],
-                   "resources" : ["endpoints", "services"],
-                   "verbs": ["list", "watch", "get"]
-                 }
-               ]
-             }'
-  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
-  tags: dnsmasq
-
 - name: Kubernetes Apps | Start Resources
   kube:
     name: "{{item.item.name}}"