epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 03:37:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

basic rbac support

Browse Source
This commit is contained in:
jwfang
2017-06-27 12:27:25 +08:00
parent b495d36fa5
commit 092bf07cbf
27 changed files with 374 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
roles/kubernetes-apps/ansible/tasks/main.yml
View File

@@ -13,11 +13,34 @@
src: "{{item.file}}"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: kube-dns, file: kubedns-deploy.yml, type: deployment}
- {name: kube-dns, file: kubedns-svc.yml, type: svc}
- {name: kubedns, file: kubedns-sa.yml, type: sa}
- {name: kubedns, file: kubedns-deploy.yml, type: deployment}
- {name: kubedns, file: kubedns-svc.yml, type: svc}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
register: manifests
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
- rbac_enabled or item.type not in kubedns_rbac_resources
tags: dnsmasq
# see https://github.com/kubernetes/kubernetes/issues/45084
# TODO: this is only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
command: >
{{bin_dir}}/kubectl patch clusterrole system:kube-dns
--patch='{
"rules": [
{
"apiGroups" : [""],
"resources" : ["endpoints", "services"],
"verbs": ["list", "watch", "get"]
}
]
}'
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
tags: dnsmasq
- name: Kubernetes Apps | Start Resources
@@ -29,6 +52,7 @@
filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "{{item.changed | ternary('latest','present') }}"
with_items: "{{ manifests.results }}"
failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
tags: dnsmasq