38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
---
|
|
- name: Check AppArmor status
|
|
command: which apparmor_parser
|
|
register: apparmor_status
|
|
failed_when: false
|
|
changed_when: apparmor_status.rc != 0
|
|
|
|
- name: Set apparmor_enabled
|
|
set_fact:
|
|
apparmor_enabled: "{{ apparmor_status.rc == 0 }}"
|
|
|
|
- name: Render templates for PodSecurityPolicy
|
|
template:
|
|
src: "{{ item.file }}.j2"
|
|
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
|
mode: 0640
|
|
register: psp_manifests
|
|
with_items:
|
|
- {file: psp.yml, type: psp, name: psp}
|
|
- {file: psp-cr.yml, type: clusterrole, name: psp-cr}
|
|
- {file: psp-crb.yml, type: rolebinding, name: psp-crb}
|
|
|
|
- name: Add policies, roles, bindings for PodSecurityPolicy
|
|
kube:
|
|
name: "{{ item.item.name }}"
|
|
kubectl: "{{ bin_dir }}/kubectl"
|
|
resource: "{{ item.item.type }}"
|
|
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
|
state: "latest"
|
|
register: result
|
|
until: result is succeeded
|
|
retries: 10
|
|
delay: 6
|
|
with_items: "{{ psp_manifests.results }}"
|
|
environment:
|
|
KUBECONFIG: "{{ kube_config_dir }}/admin.conf"
|
|
loop_control:
|
|
label: "{{ item.item.file }}" |