From 7f36b6eae63364c2f726a9ae3a1b6875c2aef1e0 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Sat, 6 Feb 2021 14:17:40 +0100 Subject: [PATCH] Fix FS mount bug order --- tasks/cluster_k3s.yml | 19 +++++++++++++++++++ tasks/cluster_kubeadm.yml | 20 ++++++++++++++++++++ tasks/install_server.yml | 20 -------------------- 3 files changed, 39 insertions(+), 20 deletions(-) diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml index cb4e527..de195e9 100644 --- a/tasks/cluster_k3s.yml +++ b/tasks/cluster_k3s.yml @@ -98,6 +98,25 @@ with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} +- name: Audit policies directory + file: + path: "/etc/kubernetes/policies" + state: directory + owner: root + group: root + mode: 0700 + when: + - kubernetes_master|bool + +- name: Configure audit policy + copy: + src: "etc/kubernetes/policies/audit-policy.yaml" + dest: "/etc/kubernetes/policies/audit-policy.yaml" + group: root + owner: root + mode: 0644 + when: + - kubernetes_master|bool # Check controlers - name: Check if /etc/rancher/k3s/k3s.yaml already existe diff --git a/tasks/cluster_kubeadm.yml b/tasks/cluster_kubeadm.yml index c15325d..f7e254f 100644 --- a/tasks/cluster_kubeadm.yml +++ b/tasks/cluster_kubeadm.yml @@ -158,6 +158,26 @@ state: started enabled: yes +- name: Audit policies directory + file: + path: "/etc/kubernetes/policies" + state: directory + owner: root + group: root + mode: 0700 + when: + - kubernetes_master|bool + +- name: Configure audit policy + copy: + src: "etc/kubernetes/policies/audit-policy.yaml" + dest: "/etc/kubernetes/policies/audit-policy.yaml" + group: root + owner: root + mode: 0644 + when: + - kubernetes_master|bool + # First controler - name: Check if /etc/kubernetes/admin.conf already existe stat: diff --git a/tasks/install_server.yml b/tasks/install_server.yml index 0dac5ad..79ec6c8 100644 --- a/tasks/install_server.yml +++ b/tasks/install_server.yml @@ -21,26 +21,6 @@ - kubernetes_master|bool - groups['KubernetesMasters'] | length > 1 -- name: Audit policies directory - file: - path: "/etc/kubernetes/policies" - state: directory - owner: root - group: root - mode: 0700 - when: - - kubernetes_master|bool - -- name: Configure audit policy - copy: - src: "etc/kubernetes/policies/audit-policy.yaml" - dest: "/etc/kubernetes/policies/audit-policy.yaml" - group: root - owner: root - mode: 0644 - when: - - kubernetes_master|bool - - name: Kubernetes cluster with kubeadm include_tasks: "cluster_kubeadm.yml" when: