3a39904011
By default Calico CNI does not create any network access policies or profiles if 'policy' is enabled in CNI config. And without any policies/profiles network access to/from PODs is blocked. K8s related policies are created by calico-policy-controller in such case. So we need to start it as soon as possible, before any real workloads. This patch also fixes kube-api port in calico-policy-controller yaml template. Closes #1132
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
---
|
|
- name: Kubernetes Apps | Wait for kube-apiserver
|
|
uri:
|
|
url: http://localhost:8080/healthz
|
|
register: result
|
|
until: result.status == 200
|
|
retries: 10
|
|
delay: 6
|
|
when: inventory_hostname == groups['kube-master'][0]
|
|
|
|
- name: Kubernetes Apps | Lay Down KubeDNS Template
|
|
template:
|
|
src: "{{item.file}}"
|
|
dest: "{{kube_config_dir}}/{{item.file}}"
|
|
with_items:
|
|
- {name: kubedns, file: kubedns-deploy.yml, type: deployment}
|
|
- {name: kubedns, file: kubedns-svc.yml, type: svc}
|
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
|
|
register: manifests
|
|
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
|
tags: dnsmasq
|
|
|
|
- name: Kubernetes Apps | Start Resources
|
|
kube:
|
|
name: "{{item.item.name}}"
|
|
namespace: "{{ system_namespace }}"
|
|
kubectl: "{{bin_dir}}/kubectl"
|
|
resource: "{{item.item.type}}"
|
|
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
|
state: "{{item.changed | ternary('latest','present') }}"
|
|
with_items: "{{ manifests.results }}"
|
|
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
|
tags: dnsmasq
|
|
|
|
- name: Kubernetes Apps | Netchecker
|
|
include: tasks/netchecker.yml
|
|
when: deploy_netchecker
|
|
tags: netchecker
|