From c2d634aaba07caa564056693bc5454f1582426ea Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 20 Jun 2020 17:23:44 +0200
Subject: kubeguard: add kube-router variant

---
 roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml')

diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
index 95fee7c8..f364fb5f 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
@@ -1,3 +1,13 @@
 ---
-### kubeguard needs to be deployed before the cluster has been initialized.
-### there is nothing more todo here.
+- name: install kube-router variant
+  when: "kubernetes_network_plugin_variant == 'with-kube-router'"
+  block:
+  - name: generate kubeguard (kube-router) configuration
+    template:
+      src: "net_kubeguard/kube-router.{{ kubernetes_network_plugin_version }}.yml.j2"
+      dest: /etc/kubernetes/network-plugin.yml
+
+  - name: install kubeguard (kube-router) on to the cluster
+    command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/network-plugin.yml
+    register: kubeguard_apply_result
+    changed_when: (kubeguard_apply_result.stdout_lines | reject("regex", " unchanged$") | list | length) > 0
-- 
cgit v1.2.3