Set certs and files with kubeadm token to mode 0640 (#5325)
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
This commit is contained in:
parent
97764921ed
commit
db5040e6ea
6 changed files with 6 additions and 1 deletions
|
@ -3,6 +3,7 @@
|
|||
copy:
|
||||
src: "{{ kube_cert_dir }}/{{ item.src }}"
|
||||
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
|
||||
mode: 0640
|
||||
remote_src: yes
|
||||
with_items:
|
||||
- {src: apiserver.crt, dest: apiserver.crt.old}
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
copy:
|
||||
src: "{{ kubeconfig_temp_dir.path }}/{{ item }}"
|
||||
dest: "{{ kube_config_dir }}/{{ item }}"
|
||||
mode: 0640
|
||||
remote_src: yes
|
||||
when: kubeconfig_correct_apiserver.rc != 0
|
||||
with_items:
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
copy:
|
||||
src: "{{ kube_cert_dir }}/{{ item.src }}"
|
||||
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
|
||||
mode: 0640
|
||||
remote_src: yes
|
||||
with_items:
|
||||
- {src: apiserver.pem, dest: apiserver.crt}
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
template:
|
||||
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
|
||||
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
|
||||
mode: 0640
|
||||
backup: yes
|
||||
when:
|
||||
- inventory_hostname != groups['kube-master']|first
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
content: "{{ item.content | b64decode }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
mode: 0640
|
||||
no_log: true
|
||||
register: copy_kubeadm_certs
|
||||
with_items: "{{ kubeadm_certs.results }}"
|
||||
|
|
|
@ -12,3 +12,4 @@
|
|||
template:
|
||||
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
|
||||
dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
|
||||
mode: 0640
|
||||
|
|
Loading…
Reference in a new issue