Chmod kubeconfig to avoid group-readable (#6800)

After upgrading to newer Kubernetes(v1.17 at least), kubectl command shows the following warning message: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/foo/.kube/config The kubeconfig was copied from {{ artifacts_dir }}/admin.conf with kubeconfig_localhost feature. It is better to set valid file mode at getting it on Kubespray.
4 years ago · e6c28982dd
1 changed files with 1 additions and 1 deletions
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@ -87,7 +87,7 @@
  copy:
    content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
    dest: "{{ artifacts_dir }}/admin.conf"
-    mode: 0640
+    mode: 0600
  delegate_to: localhost
  connection: local
  become: no