Skip to content

Commit

Permalink
Update Kubernetes PKI certificate file permissions
Browse files Browse the repository at this point in the history 
Signed-off-by: bmelbourne <[email protected]>
  • Loading branch information
@bmelbourne
bmelbourne committed Apr 9, 2024
1 parent 3067e56 commit a5727c8
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion roles/kubernetes/kubeadm/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,12 +194,26 @@
tags:
- kube-proxy

- name: Set Kubernetes PKI certificate file permissions
file:
path: "{{ kube_cert_dir }}/{{ item }}"
owner: root
group: root
mode: 0600
with_items:
- apiserver-kubelet-client.crt
- apiserver.crt
- front-proxy-ca.crt
- front-proxy-client.crt
when:
- inventory_hostname in groups['kube_control_plane']

- name: Set ca.crt file permission
file:
path: "{{ kube_cert_dir }}/ca.crt"
owner: root
group: root
mode: "0644"
mode: 0600

- name: Restart all kube-proxy pods to ensure that they load the new configmap
command: "{{ kubectl }} delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
Expand Down

0 comments on commit a5727c8

Please sign in to comment.