From 3d10f00401ef74d04ae24b5fa7de4bf949a5b7bd Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Fri, 19 Jun 2015 16:18:12 -0400
Subject: [PATCH] Give kube-apiserver CAP_NET_BIND_SERVICE

It is needed to bind on port 443
---
 contrib/ansible/roles/master/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/ansible/roles/master/tasks/main.yml b/contrib/ansible/roles/master/tasks/main.yml
index 5ee28e74b80..949453bc5bf 100644
--- a/contrib/ansible/roles/master/tasks/main.yml
+++ b/contrib/ansible/roles/master/tasks/main.yml
@@ -20,6 +20,10 @@
   notify:
     - restart scheduler
 
+- name: add cap_net_bind_service to kube-apiserver
+  capabilities: path=/usr/bin/kube-apiserver capability=cap_net_bind_service=ep state=present
+  when: not is_atomic
+
 - name: Enable apiserver
   service: name=kube-apiserver enabled=yes state=started