Ensure 0644 mode for ca.crt on nodes (#5428)

Change-Id: I5e018dfaeffe314300b373aeb7ed5f59929cf4f9
5 years ago · 696fcaf391
1 changed files with 7 additions and 0 deletions
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@ -119,6 +119,13 @@
  tags:
    - kube-proxy

+- name: Set ca.crt file permission
+  file:
+    path: "{{ kube_cert_dir }}/ca.crt"
+    owner: root
+    group: root
+    mode: "0644"
+
 - name: Restart all kube-proxy pods to ensure that they load the new configmap
  shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
  run_once: true