proxmox-kube/roles/proxmox/tasks/main.yml
2024-10-23 15:20:56 +02:00

33 lines
922 B
YAML

---
- name: Set apparmor profile unconfined
ansible.builtin.lineinfile:
dest: "/etc/pve/lxc/{{ item }}.conf"
regexp: ^lxc.apparmor.profile
line: "lxc.apparmor.profile: unconfined"
loop: "{{ kube_ids }}"
notify: reboot containers
- name: Allow cgroup devices
ansible.builtin.lineinfile:
dest: "/etc/pve/lxc/{{ item }}.conf"
regexp: ^lxc.cgroup.devices.allow
line: "lxc.cgroup.devices.allow: a"
loop: "{{ kube_ids }}"
notify: reboot containers
- name: Blank out lxc.cap.drop
ansible.builtin.lineinfile:
dest: "/etc/pve/lxc/{{ item }}.conf"
regexp: ^lxc.cap.drop
line: "lxc.cap.drop: "
loop: "{{ kube_ids }}"
notify: reboot containers
- name: LXC auto mount proc and sys
ansible.builtin.lineinfile:
dest: "/etc/pve/lxc/{{ item }}.conf"
regexp: ^lxc.mount.auto
line: 'lxc.mount.auto: "proc:rw sys:rw"'
loop: "{{ kube_ids }}"
notify: reboot containers