97b4d79ed5
* feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
25 lines
660 B
YAML
25 lines
660 B
YAML
---
|
|
- name: Calculate etcd cert serial
|
|
command: "openssl x509 -in {{ kube_cert_dir }}/apiserver-etcd-client.crt -noout -serial"
|
|
register: "etcd_client_cert_serial_result"
|
|
changed_when: false
|
|
tags:
|
|
- network
|
|
|
|
- name: Set etcd_client_cert_serial
|
|
set_fact:
|
|
etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout.split('=')[1] }}"
|
|
tags:
|
|
- network
|
|
|
|
- name: Ensure etcdctl script is installed
|
|
import_role:
|
|
name: etcdctl
|
|
when: etcd_deployment_type == "kubeadm"
|
|
|
|
- name: Set ownership for etcd data directory
|
|
file:
|
|
path: "{{ etcd_data_dir }}"
|
|
owner: "{{ etcd_owner }}"
|
|
group: "{{ etcd_owner }}"
|
|
mode: 0700
|