only patch system:kube-dns role for old dns

This commit is contained in:
jwfang 2017-07-10 19:14:28 +08:00
parent 83deecb9e9
commit e1386ba604

View file

@ -26,8 +26,7 @@
- rbac_enabled or item.type not in kubedns_rbac_resources - rbac_enabled or item.type not in kubedns_rbac_resources
tags: dnsmasq tags: dnsmasq
# see https://github.com/kubernetes/kubernetes/issues/45084 # see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
# TODO: this is only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole - name: Kubernetes Apps | Patch system:kube-dns ClusterRole
command: > command: >
{{bin_dir}}/kubectl patch clusterrole system:kube-dns {{bin_dir}}/kubectl patch clusterrole system:kube-dns
@ -40,7 +39,9 @@
} }
] ]
}' }'
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
- rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
tags: dnsmasq tags: dnsmasq
- name: Kubernetes Apps | Start Resources - name: Kubernetes Apps | Start Resources