Browse Source
enchance security with CIS Kubernetes V1.23 (#10304)
Benchmark item number 4.1.9
pull/10308/head
satandyh
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
2 additions and
2 deletions
-
roles/kubernetes/node/tasks/kubelet.yml
|
|
|
@ -12,7 +12,7 @@ |
|
|
|
dest: "{{ kube_config_dir }}/kubelet.env" |
|
|
|
setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}" |
|
|
|
backup: yes |
|
|
|
mode: 0640 |
|
|
|
mode: 0600 |
|
|
|
notify: Node | restart kubelet |
|
|
|
tags: |
|
|
|
- kubelet |
|
|
|
@ -22,7 +22,7 @@ |
|
|
|
template: |
|
|
|
src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2" |
|
|
|
dest: "{{ kube_config_dir }}/kubelet-config.yaml" |
|
|
|
mode: 0640 |
|
|
|
mode: 0600 |
|
|
|
notify: Kubelet | restart kubelet |
|
|
|
tags: |
|
|
|
- kubelet |
|
|
|
|
