Initial Kuryr support

This commit enables deploying Kuryr networking on top of OpenShift in
containers. kuryr-controller is a Deployment and kuryr-cni is deployed
as DaemonSet (container will drop all CNI configuration files).

Co-Authored-By: Antoni Segura Puimedon <celebdor@gmail.com>

1 files changed, 31 insertions, 0 deletions

diff --git a/roles/kuryr/tasks/serviceaccount.yaml b/roles/kuryr/tasks/serviceaccount.yaml
new file mode 100644
index 000000000..088f13091
--- /dev/null
+++ b/roles/kuryr/tasks/serviceaccount.yaml
@@ -0,0 +1,31 @@
+---
+- name: Create Controller service account
+  oc_serviceaccount:
+    name: kuryr-controller
+    namespace: "{{ kuryr_namespace }}"
+  register: saout
+
+- name: Create a role for the Kuryr
+  oc_clusterrole: "{{ kuryr_clusterrole }}"
+
+- name: Fetch the created Kuryr controller cluster role
+  oc_clusterrole:
+    name: kuryrctl
+    state: list
+  register: crout
+
+- name: Grant Kuryr the privileged security context constraints
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
+    namespace: "{{ kuryr_namespace }}"
+    resource_kind: scc
+    resource_name: privileged
+    state: present
+
+- name: Assign role to Kuryr service account
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
+    namespace: "{{ kuryr_namespace }}"
+    resource_kind: cluster-role
+    resource_name: "{{ crout.results.results.metadata.name }}"
+    state: present