Ensure 0644 mode for ca.crt on nodes (#5428)

Change-Id: I5e018dfaeffe314300b373aeb7ed5f59929cf4f9

roles/kubernetes/kubeadm/tasks/main.yml

@@ -119,6 +119,13 @@
   tags:
     - kube-proxy
 
+- name: Set ca.crt file permission
+  file:
+    path: "{{ kube_cert_dir }}/ca.crt"
+    owner: root
+    group: root
+    mode: "0644"
+
 - name: Restart all kube-proxy pods to ensure that they load the new configmap
   shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
   run_once: true