Browse Source

Fix ownership related to Calico (#8072)

kube-bench scan outputs warning related to Calico like:

* text: "Ensure that the Container Network Interface file
  permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
  ownership is set to root:root (Manual)"

This fixes these warnings.
pull/8099/head
Kenichi Omichi 3 years ago
committed by GitHub
parent
commit
19d07a4f2e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
  1. 2
      roles/container-engine/gvisor/molecule/default/prepare.yml
  2. 2
      roles/network_plugin/calico/tasks/install.yml

2
roles/container-engine/gvisor/molecule/default/prepare.yml

@ -36,7 +36,7 @@
file:
path: /etc/cni/net.d
state: directory
owner: kube
owner: root
mode: 0755
- name: Setup CNI
copy:

2
roles/network_plugin/calico/tasks/install.yml

@ -20,7 +20,7 @@
template:
src: "cni-calico.conflist.j2"
dest: "/etc/cni/net.d/calico.conflist.template"
owner: kube
owner: root
register: calico_conflist
notify: reset_calico_cni

Loading…
Cancel
Save