From 975f84494cf637ae6853d4bc710f28ed18c842fb Mon Sep 17 00:00:00 2001
From: faruryo <faruryo@gmail.com>
Date: Tue, 27 Apr 2021 07:37:03 +0900
Subject: [PATCH] Fix calico-kube-controller becomes Error (#7548)

Change mode so that calico-kube-controllers can be read because it was changed to run as non-root
https://github.com/projectcalico/kube-controllers/pull/566
---
 roles/network_plugin/calico/tasks/install.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 753f66bb2..3dabd56ca 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -28,6 +28,7 @@
     src: "{{ etcd_cert_dir }}/{{ item.s }}"
     dest: "{{ calico_cert_dir }}/{{ item.d }}"
     state: hard
+    mode: 0640
     force: yes
   with_items:
     - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}