--- - name: Kubernetes Apps | Lay Down KubeDNS Template action: "{{ item.module }}" args: src: "{{ item.file }}{% if item.module == 'template' %}.j2{% endif %}" dest: "{{ kube_config_dir }}/{{ item.file }}" with_items: - { name: kube-dns, module: template, file: kubedns-sa.yml, type: sa } - { name: kube-dns, module: template, file: kubedns-config.yml, type: configmap } - { name: kube-dns, module: template, file: kubedns-deploy.yml, type: deployment } - { name: kube-dns, module: template, file: kubedns-svc.yml, type: svc } - { name: dns-autoscaler, module: copy, file: dns-autoscaler-sa.yml, type: sa } - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrole.yml, type: clusterrole } - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding } - { name: dns-autoscaler, module: template, file: dns-autoscaler.yml, type: deployment } register: kubedns_manifests when: - dns_mode in ['kubedns','dnsmasq_kubedns'] - inventory_hostname == groups['kube-master'][0] tags: - dnsmasq - kubedns # see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns - name: Kubernetes Apps | Patch system:kube-dns ClusterRole command: > {{ bin_dir }}/kubectl patch clusterrole system:kube-dns --patch='{ "rules": [ { "apiGroups" : [""], "resources" : ["endpoints", "services"], "verbs": ["list", "watch", "get"] } ] }' when: - dns_mode in ['kubedns', 'dnsmasq_kubedns'] - inventory_hostname == groups['kube-master'][0] - rbac_enabled and kubedns_version is version("1.11.0", "<", strict=True) tags: - dnsmasq - kubedns