Add RBAC support for canal (#1604)

Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
2026-03-06 10:08:37 +03:00 · 2017-09-04 11:29:40 +03:00
parent 702ce446df
commit a3e6896a43
18 changed files with 274 additions and 46 deletions
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@@ -1,20 +1,11 @@
 ---
- name: Create canal ConfigMap
-  run_once: true
+- name: Canal | Start Resources
  kube:
-    name: "canal-config"
+    name: "{{item.item.name}}"
+    namespace: "{{ system_namespace }}"
    kubectl: "{{bin_dir}}/kubectl"
-    filename: "{{kube_config_dir}}/canal-config.yaml"
-    resource: "configmap"
-    namespace: "{{system_namespace}}"
-
- name: Start flannel and calico-node
-  run_once: true
-  kube:
-    name: "canal-node"
-    kubectl: "{{bin_dir}}/kubectl"
-    filename: "{{kube_config_dir}}/canal-node.yaml"
-    resource: "ds"
-    namespace: "{{system_namespace}}"
-    state: "{{ item | ternary('latest','present') }}"
-  with_items: "{{ canal_node_manifest.changed }}"
+    resource: "{{item.item.type}}"
+    filename: "{{kube_config_dir}}/{{item.item.file}}"
+    state: "{{item.changed | ternary('latest','present') }}"
+  with_items: "{{ canal_manifests.results }}"
+  when: inventory_hostname == groups['kube-master'][0]