Fix vsphere cloud_provider RBAC permissions

roles/kubernetes-apps/cluster_roles/tasks/main.yml

@@ -75,6 +75,33 @@
     - node_webhook_crb_manifest.changed
   tags: node-webhook
 
+- name: Write vsphere-cloud-provider ClusterRole manifest
+  template:
+    src: "vsphere-rbac.yml.j2"
+    dest: "{{ kube_config_dir }}/vsphere-rbac.yml"
+  register: vsphere_rbac_manifest
+  when:
+    - rbac_enabled
+    - cloud_provider is defined
+    - cloud_provider == 'vsphere'
+    - kube_version | version_compare('v1.9.0', '>=')
+  tags: vsphere
+
+- name: Apply vsphere-cloud-provider ClusterRole
+  kube:
+    name: "system:vsphere-cloud-provider"
+    kubectl: "{{bin_dir}}/kubectl"
+    resource: "clusterrolebinding"
+    filename: "{{ kube_config_dir }}/vsphere-rbac.yml"
+    state: latest
+  when:
+    - rbac_enabled
+    - cloud_provider is defined
+    - cloud_provider == 'vsphere'
+    - vsphere_rbac_manifest.changed
+    - kube_version | version_compare('v1.9.0', '>=')
+  tags: vsphere
+
 # This is not a cluster role, but should be run after kubeconfig is set on master
 - name: Write kube system namespace manifest
   template: