Fix ownership related to Calico (#8072)

kube-bench scan outputs warning related to Calico like: * text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)" * text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)" This fixes these warnings.
3 years ago · 19d07a4f2e
2 changed files with 2 additions and 2 deletions
--- a/roles/container-engine/gvisor/molecule/default/prepare.yml
+++ b/roles/container-engine/gvisor/molecule/default/prepare.yml
@ -36,7 +36,7 @@
      file:
        path: /etc/cni/net.d
        state: directory
-        owner: kube
+        owner: root
        mode: 0755
    - name: Setup CNI
      copy:
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@ -20,7 +20,7 @@
  template:
    src: "cni-calico.conflist.j2"
    dest: "/etc/cni/net.d/calico.conflist.template"
-    owner: kube
+    owner: root
  register: calico_conflist
  notify: reset_calico_cni