From 050bd0527f0061e534efea0d9a40a7a6a89f7918 Mon Sep 17 00:00:00 2001 From: satandyh <8116964+satandyh@users.noreply.github.com> Date: Mon, 24 Jul 2023 05:24:11 +0300 Subject: [PATCH] enchance security with CIS Kubernetes V1.23 (#10304) Benchmark item number 4.1.9 --- roles/kubernetes/node/tasks/kubelet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml index c08ef5fb8..be429dcfb 100644 --- a/roles/kubernetes/node/tasks/kubelet.yml +++ b/roles/kubernetes/node/tasks/kubelet.yml @@ -12,7 +12,7 @@ dest: "{{ kube_config_dir }}/kubelet.env" setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}" backup: yes - mode: 0640 + mode: 0600 notify: Node | restart kubelet tags: - kubelet @@ -22,7 +22,7 @@ template: src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubelet-config.yaml" - mode: 0640 + mode: 0600 notify: Kubelet | restart kubelet tags: - kubelet