Set certs and files with kubeadm token to mode 0640 (#5325)

Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
This commit is contained in:
Matthew Mosesohn 2019-11-11 16:41:41 +03:00 committed by Kubernetes Prow Robot
parent 97764921ed
commit db5040e6ea
6 changed files with 6 additions and 1 deletions

View file

@ -3,6 +3,7 @@
copy:
src: "{{ kube_cert_dir }}/{{ item.src }}"
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
mode: 0640
remote_src: yes
with_items:
- {src: apiserver.crt, dest: apiserver.crt.old}

View file

@ -26,6 +26,7 @@
copy:
src: "{{ kubeconfig_temp_dir.path }}/{{ item }}"
dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0640
remote_src: yes
when: kubeconfig_correct_apiserver.rc != 0
with_items:

View file

@ -3,6 +3,7 @@
copy:
src: "{{ kube_cert_dir }}/{{ item.src }}"
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
mode: 0640
remote_src: yes
with_items:
- {src: apiserver.pem, dest: apiserver.crt}

View file

@ -32,6 +32,7 @@
template:
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
mode: 0640
backup: yes
when:
- inventory_hostname != groups['kube-master']|first

View file

@ -24,7 +24,7 @@
content: "{{ item.content | b64decode }}"
owner: root
group: root
mode: 0600
mode: 0640
no_log: true
register: copy_kubeadm_certs
with_items: "{{ kubeadm_certs.results }}"

View file

@ -12,3 +12,4 @@
template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
mode: 0640