- name: ensure haproxy has a copy of kubernetes ca certificate
  copy:
    dest: /etc/haproxy/kube-root-ca.crt
    content: '{{ kube_root_ca_pem }}'
    owner: root
    group: root
    mode: u=rw,go=r
    setype: etc_t
  tags:
  - haproxy
  - ca-cert
- name: ensure haproxy is configured for kubernetes apiserver
  template:
    src: haproxy.cfg.j2
    dest: /etc/haproxy/conf.d/40-apiserver.cfg
    mode: u=rw,go=r
  tags:
  - config
  - haproxy-config
  - haproxy
  notify: reload haproxy
- name: ensure haproxy can connect to kubernetes apiserver port
  seboolean:
    name: haproxy_connect_any
    state: true
    persistent: true
  tags:
  - selinux

- name: flush handlers
  meta: flush_handlers

- name: ensure haproxy is running
  service:
    name: haproxy
    state: started
  tags:
  - service