97b4d79ed5
* feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
27 lines
608 B
YAML
27 lines
608 B
YAML
---
|
|
kube_owner: kube
|
|
kube_cert_group: kube-cert
|
|
etcd_data_dir: "/var/lib/etcd"
|
|
|
|
addusers:
|
|
etcd:
|
|
name: etcd
|
|
comment: "Etcd user"
|
|
createhome: no
|
|
system: yes
|
|
shell: /sbin/nologin
|
|
kube:
|
|
name: kube
|
|
comment: "Kubernetes user"
|
|
createhome: no
|
|
system: yes
|
|
shell: /sbin/nologin
|
|
group: "{{ kube_cert_group }}"
|
|
|
|
adduser:
|
|
name: "{{ user.name }}"
|
|
group: "{{ user.name|default(None) }}"
|
|
comment: "{{ user.comment|default(None) }}"
|
|
shell: "{{ user.shell|default(None) }}"
|
|
system: "{{ user.system|default(None) }}"
|
|
createhome: "{{ user.createhome|default(None) }}"
|