From 050bd0527f0061e534efea0d9a40a7a6a89f7918 Mon Sep 17 00:00:00 2001
From: satandyh <8116964+satandyh@users.noreply.github.com>
Date: Mon, 24 Jul 2023 05:24:11 +0300
Subject: [PATCH] enchance security with CIS Kubernetes V1.23 (#10304)

Benchmark item number 4.1.9
---
 roles/kubernetes/node/tasks/kubelet.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index c08ef5fb8..be429dcfb 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -12,7 +12,7 @@
     dest: "{{ kube_config_dir }}/kubelet.env"
     setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
     backup: yes
-    mode: 0640
+    mode: 0600
   notify: Node | restart kubelet
   tags:
     - kubelet
@@ -22,7 +22,7 @@
   template:
     src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
     dest: "{{ kube_config_dir }}/kubelet-config.yaml"
-    mode: 0640
+    mode: 0600
   notify: Kubelet | restart kubelet
   tags:
     - kubelet
-- 
GitLab