From b3541e1f9d3059a5e880b342e058eb1753ab7eab Mon Sep 17 00:00:00 2001
From: Jacob Cody Wimer <jacob.wimer@gmail.com>
Date: Wed, 13 Feb 2019 14:34:02 -0500
Subject: [PATCH] Added nodeport for traefik and added rbac for traefik

---
 roles/initialize-kubernetes/tasks/main.yml    | 15 ++++++-
 .../templates/traefik-ds.yml.j2               |  3 +-
 .../templates/traefik-rbac.yaml.j2            | 43 +++++++++++++++++++
 3 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 roles/initialize-kubernetes/templates/traefik-rbac.yaml.j2

diff --git a/roles/initialize-kubernetes/tasks/main.yml b/roles/initialize-kubernetes/tasks/main.yml
index cd8a074..bfbd340 100644
--- a/roles/initialize-kubernetes/tasks/main.yml
+++ b/roles/initialize-kubernetes/tasks/main.yml
@@ -48,7 +48,7 @@
     KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
   ignore_errors: true
 
-- name: Copy Traefik yml
+- name: Copy Traefik ds yml
   template:
     src: ../templates/traefik-ds.yml.j2
     dest: "{{ ansible_env.HOME }}/traefik-ds.yml"
@@ -57,4 +57,15 @@
   shell: >
     kubectl apply -f {{ ansible_env.HOME }}/traefik-ds.yml
   environment:
-    KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
\ No newline at end of file
+    KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
+
+- name: Copy Traefik rbac yaml
+  template:
+    src: ../templates/traefik-rbac.yaml.j2
+    dest: "{{ ansible_env.HOME }}/traefik-rbac.yaml"
+
+- name: Install Traefik RBAC
+  shell: >
+    kubectl apply -f {{ ansible_env.HOME }}/traefik-rbac.yaml
+  environment:
+    KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
diff --git a/roles/initialize-kubernetes/templates/traefik-ds.yml.j2 b/roles/initialize-kubernetes/templates/traefik-ds.yml.j2
index a085774..fdb7e9a 100644
--- a/roles/initialize-kubernetes/templates/traefik-ds.yml.j2
+++ b/roles/initialize-kubernetes/templates/traefik-ds.yml.j2
@@ -58,4 +58,5 @@ spec:
       name: web
     - protocol: TCP
       port: 8080
-      name: admin
\ No newline at end of file
+      name: admin
+  type: NodePort
diff --git a/roles/initialize-kubernetes/templates/traefik-rbac.yaml.j2 b/roles/initialize-kubernetes/templates/traefik-rbac.yaml.j2
new file mode 100644
index 0000000..35601da
--- /dev/null
+++ b/roles/initialize-kubernetes/templates/traefik-rbac.yaml.j2
@@ -0,0 +1,43 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses/status
+    verbs:
+    - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: traefik-ingress-controller
+  namespace: kube-system