richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

enforce user root when sudo is used

pull/45/head
Smaine Kahlouch 9 years ago
parent
4e015dd3f1
commit
d5320961e9
3 changed files with 4 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      roles/kubernetes/master/tasks/main.yml
  2. 4
      roles/kubernetes/node/tasks/main.yml
  3. 1
      roles/kubernetes/node/tasks/secrets.yml

1
roles/kubernetes/master/tasks/main.yml
View File

@ -27,6 +27,7 @@
recursive: yes recursive: yes
delete: yes delete: yes
rsync_opts: [ '--one-file-system'] rsync_opts: [ '--one-file-system']
set_remote_user: false
with_items: with_items:
- "{{ kube_token_dir }}" - "{{ kube_token_dir }}"
- "{{ kube_cert_dir }}" - "{{ kube_cert_dir }}"

4
roles/kubernetes/node/tasks/main.yml
View File

@ -21,12 +21,12 @@
system=yes system=yes
groups={{ kube_cert_group }} groups={{ kube_cert_group }}
- include: install.yml
- include: secrets.yml - include: secrets.yml
tags: tags:
- secrets - secrets
- include: install.yml
- name: Write kubelet config file - name: Write kubelet config file
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet backup=yes template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet backup=yes
notify: notify:

1
roles/kubernetes/node/tasks/secrets.yml
View File

@ -43,6 +43,7 @@
recursive: yes recursive: yes
delete: yes delete: yes
rsync_opts: [ '--one-file-system'] rsync_opts: [ '--one-file-system']
set_remote_user: false
with_items: with_items:
- "{{ kube_cert_dir}}/ca.pem" - "{{ kube_cert_dir}}/ca.pem"
- "{{ kube_cert_dir}}/node.pem" - "{{ kube_cert_dir}}/node.pem"

Write Preview
Loading…
Cancel
Save