richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Set certs and files with kubeadm token to mode 0640 (#5325) 

Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
pull/5338/head
Matthew Mosesohn 5 years ago
committed by Kubernetes Prow Robot
parent
97764921ed
commit
db5040e6ea
6 changed files with 6 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      roles/kubernetes/master/tasks/kubeadm-certificate.yml
  2. 1
      roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
  3. 1
      roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
  4. 1
      roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml
  5. 2
      roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml
  6. 1
      roles/kubernetes/master/tasks/kubeadm-version.yml

1
roles/kubernetes/master/tasks/kubeadm-certificate.yml
View File

@ -3,6 +3,7 @@
copy: copy:
src: "{{ kube_cert_dir }}/{{ item.src }}" src: "{{ kube_cert_dir }}/{{ item.src }}"
dest: "{{ kube_cert_dir }}/{{ item.dest }}" dest: "{{ kube_cert_dir }}/{{ item.dest }}"
mode: 0640
remote_src: yes remote_src: yes
with_items: with_items:
- {src: apiserver.crt, dest: apiserver.crt.old} - {src: apiserver.crt, dest: apiserver.crt.old}

1
roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
View File

@ -26,6 +26,7 @@
copy: copy:
src: "{{ kubeconfig_temp_dir.path }}/{{ item }}" src: "{{ kubeconfig_temp_dir.path }}/{{ item }}"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0640
remote_src: yes remote_src: yes
when: kubeconfig_correct_apiserver.rc != 0 when: kubeconfig_correct_apiserver.rc != 0
with_items: with_items:

1
roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
View File

@ -3,6 +3,7 @@
copy: copy:
src: "{{ kube_cert_dir }}/{{ item.src }}" src: "{{ kube_cert_dir }}/{{ item.src }}"
dest: "{{ kube_cert_dir }}/{{ item.dest }}" dest: "{{ kube_cert_dir }}/{{ item.dest }}"
mode: 0640
remote_src: yes remote_src: yes
with_items: with_items:
- {src: apiserver.pem, dest: apiserver.crt} - {src: apiserver.pem, dest: apiserver.crt}

1
roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml
View File

@ -32,6 +32,7 @@
template: template:
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
mode: 0640
backup: yes backup: yes
when: when:
- inventory_hostname != groups['kube-master']|first - inventory_hostname != groups['kube-master']|first

2
roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml
View File

@ -24,7 +24,7 @@
content: "{{ item.content | b64decode }}" content: "{{ item.content | b64decode }}"
owner: root owner: root
group: root group: root
mode: 0600
mode: 0640
no_log: true no_log: true
register: copy_kubeadm_certs register: copy_kubeadm_certs
with_items: "{{ kubeadm_certs.results }}" with_items: "{{ kubeadm_certs.results }}"

1
roles/kubernetes/master/tasks/kubeadm-version.yml
View File

@ -12,3 +12,4 @@
template: template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2" src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml" dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
mode: 0640
Write Preview
Loading…
Cancel
Save