Fix diverse issues

roles/kubernetes-apps/ambassador/tasks/main.yml

@@ -3,20 +3,25 @@
   file:
     state: directory
     path: "{{kube_config_dir}}/ambassador"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Ambassador | Create self-signed cert
   shell: "openssl req -x509 -newkey rsa:4096 -keyout {{kube_config_dir}}/ambassador/key.pem -out {{kube_config_dir}}/ambassador/cert.pem -days 365 -nodes -subj '/C=DE/CN=localhost'"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Ambassador | Create secret for the self-signed cert
   shell: "kubectl create secret tls tls-certs --cert={{kube_config_dir}}/ambassador/cert.pem --key={{kube_config_dir}}/ambassador/key.pem"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Ambassador | Copy helm value map
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/ambassador/ambassador_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
   
 - name: Ambassador | Add helm repository
   shell: "helm repo add datawire https://www.getambassador.io"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Ambassador | Install with helm chart
   shell: "helm install --name ambassador --namespace {{ambassador_namespace}} datawire/ambassador -f {{kube_config_dir}}/ambassador/ambassador_values.yaml"

roles/kubernetes-apps/icinga/tasks/main.yml

@@ -6,6 +6,7 @@
 - name: Icinga | Get name of InfluxDB pod
   command: kubectl get pods -l app=influxdb-influxdb -o jsonpath='{.items[0].metadata.name}'
   register: influxdb_name_result
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Icinga | Create database in InfluxDB
   shell: |
@@ -22,6 +23,7 @@
   file:
     path: "{{kube_config_dir}}/icinga"
     state: directory
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Icinga | Copy templates
   template:
@@ -31,6 +33,7 @@
     - "deployment.yaml"
     - "secrets.yaml"
     - "service.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Icinga | Apply kube manifests
   kube:

roles/kubernetes-apps/icinga/templates/service.yaml.j2

@@ -3,7 +3,6 @@ apiVersion: v1
 metadata:
   name: icinga-web
 spec:
-  type: NodePort
   selector:
     app: icinga
   ports:

roles/kubernetes-apps/influxdb/tasks/main.yml

@@ -3,6 +3,7 @@
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/influxdb_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
   
 - name: InfluxDB | Install with helm chart and wait until finished
   shell: "helm install stable/influxdb --name influxdb --wait --timeout 1500 --values {{kube_config_dir}}/influxdb_values.yaml"

roles/kubernetes-apps/istio/tasks/main.yml

@@ -3,16 +3,12 @@
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/istio_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: Istio | Copy namespace template
   template:
     src: "namespace.yaml.j2"
     dest: "{{kube_config_dir}}/istio_namespace.yaml"
-  
-- name: Istio | Create template through helm
-  shell: >
-   helm template {{ local_release_dir }}/istio-1.0.4/install/kubernetes/helm/istio --name istio --namespace {{ istio_namespace }} \
-        --values {{kube_config_dir}}/istio_values.yaml > {{kube_config_dir}}/istio.yaml
   when: inventory_hostname == groups['kube-master'][0]
 
 - name: Istio | Create namespace
@@ -21,6 +17,22 @@
     filename: "{{kube_config_dir}}/istio_namespace.yaml"
   when: inventory_hostname == groups['kube-master'][0]
   
+- name: Istio | Apply CRDs
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ local_release_dir }}/istio-1.0.4/install/kubernetes/helm/istio/templates/crds.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
+  
+- name: Istio | Wait a few seconds until the CRDs are commited to the kube-apiserver
+  wait_for: timeout=10
+  when: inventory_hostname == groups['kube-master'][0]
+  
+- name: Istio | Create template through helm
+  shell: >
+   helm template {{ local_release_dir }}/istio-1.0.4/install/kubernetes/helm/istio --name istio --namespace {{ istio_namespace }} \
+        --values {{kube_config_dir}}/istio_values.yaml > {{kube_config_dir}}/istio.yaml
+  when: inventory_hostname == groups['kube-master'][0]
+
 - name: Istio | Apply template
   kube:
     kubectl: "{{ bin_dir }}/kubectl"

roles/kubernetes-apps/istio/templates/values.yaml.j2

@@ -2,6 +2,8 @@ global:
   mtls:
     enabled: false
     
+  crds: false # These are already applied manually
+
 gateways:
   enabled: false
 
@@ -13,3 +15,5 @@ tracing:
 
 kiali:
   enabled: {{ istio_kiali_enabled }}
+  
+  

roles/kubernetes-apps/mariadb/tasks/main.yml

@@ -3,6 +3,7 @@
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/mariadb_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
   
 - name: MariaDB | Install with helm chart and wait until finished
   shell: "helm install stable/mariadb --name mariadb --wait --timeout 1500 --values {{kube_config_dir}}/mariadb_values.yaml"

roles/kubernetes-apps/nfs_provisioner/tasks/main.yml

@@ -3,6 +3,8 @@
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/nfs_provisioner_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
 
 - name: NFS Client | Install with helm and wait until finished
   shell: helm install --name nfs-client --namespace {{nfs_provisioner_namespace}} --wait --values {{kube_config_dir}}/nfs_provisioner_values.yaml stable/nfs-client-provisioner
+  when: inventory_hostname == groups['kube-master'][0]

roles/kubernetes-apps/rabbitmq/tasks/main.yml

@@ -3,6 +3,7 @@
   template:
     src: "values.yaml.j2"
     dest: "{{kube_config_dir}}/rabbitmq_values.yaml"
+  when: inventory_hostname == groups['kube-master'][0]
   
 - name: RabbitMQ | Install with helm chart and wait until finished
   shell: "helm install stable/rabbitmq --name rabbitmq --wait --timeout 1500 --values {{kube_config_dir}}/rabbitmq_values.yaml"