From 211039f7e6cdf2dffb1c18201f33576a81782ac4 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@netgo.de>
Date: Tue, 22 Feb 2022 19:18:32 +0100
Subject: [PATCH] bugfix: kubernetes deployment without root user and global
 become

---
 kubernetes.yml                       | 15 +++++++--------
 provisioning.yml                     |  4 +++-
 roles/kubernetes/base/tasks/main.yml |  1 +
 setup.yml                            |  5 ++---
 smardigo.yml                         |  4 ++--
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/kubernetes.yml b/kubernetes.yml
index c3c5062..7aa355f 100644
--- a/kubernetes.yml
+++ b/kubernetes.yml
@@ -11,12 +11,11 @@
           - ansible_version.major >= 2
           - ansible_version.minor >= 10
         msg: "The ansible version has to be at least ({{ ansible_version.full }})"
-      delegate_to: 127.0.0.1
-      become: false
+      tags:
+        - always
 
     - name: "Import autodiscover pre-tasks"
       import_tasks: tasks/autodiscover_pre_tasks.yml
-      become: false
       tags:
         - always
 
@@ -25,8 +24,8 @@
     - { role: kubernetes/namespace }
     - { role: kubernetes/cloud-controller-manager }
     - { role: kubernetes/container-storage-interface }
-# TODO setup prometheus operator here
-    - { role: kubernetes/cert-manager } # TODO depends on prometheus
-    - { role: kubernetes/external-dns } # TODO depends on prometheus
-    - { role: kubernetes/ingress-controller } # TODO depends on prometheus
-    - { role: kubernetes/apps } # TODO depends on prometheus (argo-cd)
+    - { role: kubernetes/apps, tags: prometheus }
+    - { role: kubernetes/cert-manager }
+    - { role: kubernetes/external-dns }
+    - { role: kubernetes/ingress-controller }
+    - { role: kubernetes/apps, tags: !prometheus }
diff --git a/provisioning.yml b/provisioning.yml
index 6726227..f0133a4 100644
--- a/provisioning.yml
+++ b/provisioning.yml
@@ -13,6 +13,8 @@
           - ansible_version.major >= 2
           - ansible_version.minor >= 10
         msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+      tags:
+        - always
 
     - name: "Getting all firewalls from hetzner"
       uri:
@@ -39,7 +41,7 @@
         jmesquery: '[*].{id: id, name: name}'
       tags:
         - update_networks
-    
+
     - name: "Printing firewall entries"
       debug:
         msg: "{{ firewall_records }}"
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index a8c6ff1..b53ce94 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -62,6 +62,7 @@
     owner: root
     group: root
     remote_src: yes
+  become: yes
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
   tags:
diff --git a/setup.yml b/setup.yml
index 52d3542..a11e4aa 100644
--- a/setup.yml
+++ b/setup.yml
@@ -2,7 +2,7 @@
 
 - name: 'apply setup to {{ host | default("all") }}'
   hosts: '{{ host | default("all") }}'
-  serial: "{{ serial_number | default(5) }}"
+  serial: "{{ serial_number | default(10) }}"
   strategy: free
   vars:
     ansible_ssh_host: "{{ stage_server_domain }}"
@@ -17,8 +17,7 @@
           - ansible_version.minor >= 10
         msg: "The ansible version has to be at least ({{ ansible_version.full }})"
       tags:
-        - common
-        - pgadmin4
+        - always
 
     - name: Updating apt cache
       apt:
diff --git a/smardigo.yml b/smardigo.yml
index 1dacbe4..a24ee1b 100644
--- a/smardigo.yml
+++ b/smardigo.yml
@@ -14,8 +14,8 @@
           - ansible_version.major >= 2
           - ansible_version.minor >= 10
         msg: "The ansible version has to be at least ({{ ansible_version.full }})"
-      delegate_to: 127.0.0.1
-      become: false
+      tags:
+        - always
 
     - name: "Import autodiscover pre-tasks"
       import_tasks: tasks/autodiscover_pre_tasks.yml