etcd: Fix permissions of /etc/ssl/etcd/ssl (#6908)

roles/etcd/defaults/main.yml

@@ -14,6 +14,7 @@ etcd_backup_retention_count: -1
 
 etcd_config_dir: /etc/ssl/etcd
 etcd_cert_dir: "{{ etcd_config_dir }}/ssl"
+etcd_cert_dir_mode: "0700"
 etcd_cert_group: root
 # Note: This does not set up DNS entries. It simply adds the following DNS
 # entries to the certificate

roles/etcd/tasks/gen_certs_script.yml

@@ -5,7 +5,7 @@
     group: "{{ etcd_cert_group }}"
     state: directory
     owner: kube
-    mode: 0700
+    mode: "{{ etcd_cert_dir_mode }}"
     recurse: yes
 
 - name: "Gen_certs | create etcd script dir (on {{ groups['etcd'][0] }})"
@@ -157,5 +157,5 @@
     group: "{{ etcd_cert_group }}"
     state: directory
     owner: kube
-    mode: 0640
+    mode: "{{ etcd_cert_dir_mode }}"
     recurse: yes