Added nodeport for traefik and added rbac for traefik

roles/initialize-kubernetes/tasks/main.yml

@@ -48,7 +48,7 @@
     KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
   ignore_errors: true
 
-- name: Copy Traefik yml
+- name: Copy Traefik ds yml
   template:
     src: ../templates/traefik-ds.yml.j2
     dest: "{{ ansible_env.HOME }}/traefik-ds.yml"
@@ -58,3 +58,14 @@
     kubectl apply -f {{ ansible_env.HOME }}/traefik-ds.yml
   environment:
     KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"
+
+- name: Copy Traefik rbac yaml
+  template:
+    src: ../templates/traefik-rbac.yaml.j2
+    dest: "{{ ansible_env.HOME }}/traefik-rbac.yaml"
+
+- name: Install Traefik RBAC
+  shell: >
+    kubectl apply -f {{ ansible_env.HOME }}/traefik-rbac.yaml
+  environment:
+    KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf"

roles/initialize-kubernetes/templates/traefik-ds.yml.j2

@@ -59,3 +59,4 @@ spec:
     - protocol: TCP
       port: 8080
       name: admin
+  type: NodePort

roles/initialize-kubernetes/templates/traefik-rbac.yaml.j2

@@ -0,0 +1,43 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses/status
+    verbs:
+    - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: traefik-ingress-controller
+  namespace: kube-system