From 1bcc641daead5b79d9a6c2335712f3cffb241829 Mon Sep 17 00:00:00 2001
From: MQasimSarfraz <syed.qasim.sarfraz@gmail.com>
Date: Wed, 14 Mar 2018 11:23:22 +0000
Subject: [PATCH] Create vsphere clusterrole only if it doesnt exists

---
 .../cluster_roles/tasks/main.yml                | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index f9c5fc9b2..5dbf49092 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -75,6 +75,18 @@
     - node_webhook_crb_manifest.changed
   tags: node-webhook
 
+- name: Check if vsphere-cloud-provider ClusterRole exists
+  command: "{{ bin_dir }}/kubectl get clusterroles system:vsphere-cloud-provider"
+  register: vsphere_cloud_provider
+  ignore_errors: true
+  when:
+    - rbac_enabled
+    - cloud_provider is defined
+    - cloud_provider == 'vsphere'
+    - kube_version | version_compare('v1.9.0', '>=')
+    - kube_version | version_compare('v1.9.3', '<=')
+  tags: vsphere
+
 - name: Write vsphere-cloud-provider ClusterRole manifest
   template:
     src: "vsphere-rbac.yml.j2"
@@ -84,7 +96,9 @@
     - rbac_enabled
     - cloud_provider is defined
     - cloud_provider == 'vsphere'
+    - vsphere_cloud_provider.rc != 0
     - kube_version | version_compare('v1.9.0', '>=')
+    - kube_version | version_compare('v1.9.3', '<=')
   tags: vsphere
 
 - name: Apply vsphere-cloud-provider ClusterRole
@@ -98,8 +112,9 @@
     - rbac_enabled
     - cloud_provider is defined
     - cloud_provider == 'vsphere'
-    - vsphere_rbac_manifest.changed
+    - vsphere_cloud_provider.rc != 0
     - kube_version | version_compare('v1.9.0', '>=')
+    - kube_version | version_compare('v1.9.3', '<=')
   tags: vsphere
 
 # This is not a cluster role, but should be run after kubeconfig is set on master
-- 
GitLab