39 lines
805 B
YAML
39 lines
805 B
YAML
- name: ensure haproxy has a copy of kubernetes ca certificate
|
|
copy:
|
|
dest: /etc/haproxy/kube-root-ca.crt
|
|
content: '{{ kube_root_ca_pem }}'
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
setype: etc_t
|
|
tags:
|
|
- haproxy
|
|
- ca-cert
|
|
- name: ensure haproxy is configured for kubernetes apiserver
|
|
template:
|
|
src: haproxy.cfg.j2
|
|
dest: /etc/haproxy/conf.d/40-apiserver.cfg
|
|
mode: u=rw,go=r
|
|
tags:
|
|
- config
|
|
- haproxy-config
|
|
- haproxy
|
|
notify: reload haproxy
|
|
- name: ensure haproxy can connect to kubernetes apiserver port
|
|
seboolean:
|
|
name: haproxy_connect_any
|
|
state: true
|
|
persistent: true
|
|
tags:
|
|
- selinux
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure haproxy is running
|
|
service:
|
|
name: haproxy
|
|
state: started
|
|
tags:
|
|
- service
|