058d101bf9
+ use more secure `command` instead of `shell` + read-only command doesn't change state - make idempotent + multi-line long string
46 lines
1.7 KiB
YAML
46 lines
1.7 KiB
YAML
---
|
|
|
|
- name: Ensure that user manifests directory exists
|
|
file:
|
|
path: "{{ kubernetes_user_manifests_path }}/kubernetes"
|
|
state: directory
|
|
recurse: yes
|
|
tags: [init, cni]
|
|
|
|
- name: Apply kube-proxy nodeselector
|
|
block:
|
|
- name: Copy kube-proxy daemonset nodeselector patch
|
|
copy:
|
|
src: nodeselector-os-linux-patch.json
|
|
dest: "{{ kubernetes_user_manifests_path }}/nodeselector-os-linux-patch.json"
|
|
|
|
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
|
|
- name: Check current nodeselector for kube-proxy daemonset
|
|
command: >-
|
|
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
|
|
get ds kube-proxy --namespace=kube-system
|
|
-o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
|
|
register: current_kube_proxy_state
|
|
retries: 60
|
|
delay: 5
|
|
until: current_kube_proxy_state is succeeded
|
|
changed_when: false
|
|
|
|
- name: Apply nodeselector patch for kube-proxy daemonset
|
|
shell: >-
|
|
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
|
|
patch ds kube-proxy --namespace=kube-system --type=strategic -p
|
|
"$(cat nodeselector-os-linux-patch.json)"
|
|
args:
|
|
chdir: "{{ kubernetes_user_manifests_path }}"
|
|
register: patch_kube_proxy_state
|
|
when: current_kube_proxy_state.stdout | trim | lower != "linux"
|
|
|
|
- debug: msg={{ patch_kube_proxy_state.stdout_lines }}
|
|
when: patch_kube_proxy_state is not skipped
|
|
|
|
- debug: msg={{ patch_kube_proxy_state.stderr_lines }}
|
|
when: patch_kube_proxy_state is not skipped
|
|
tags: init
|
|
when:
|
|
- not kube_proxy_remove
|