From e1386ba6047ad99e530bdefbc50791beff2526ea Mon Sep 17 00:00:00 2001
From: jwfang <54740235@qq.com>
Date: Mon, 10 Jul 2017 19:14:28 +0800
Subject: [PATCH] only patch system:kube-dns role for old dns

---
 roles/kubernetes-apps/ansible/tasks/main.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 00a1fd74d..b76ec5b07 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -26,8 +26,7 @@
     - rbac_enabled or item.type not in kubedns_rbac_resources
   tags: dnsmasq
 
-# see https://github.com/kubernetes/kubernetes/issues/45084
-# TODO: this is only needed for "old" kube-dns
+# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
 - name: Kubernetes Apps | Patch system:kube-dns ClusterRole
   command: >
     {{bin_dir}}/kubectl patch clusterrole system:kube-dns
@@ -40,7 +39,9 @@
                  }
                ]
              }'
-  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
+  when:
+    - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
+    - rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
   tags: dnsmasq
 
 - name: Kubernetes Apps | Start Resources
-- 
GitLab