Fix ownership related to Calico (#8072)

kube-bench scan outputs warning related to Calico like: * text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)" * text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)" This fixes these warnings.

Fix ownership related to Calico (#8072)
19d07a4f · Kenichi Omichi · GitHub · 6a5b87dd · 19d07a4f · 19d07a4f
Unverified Commit 19d07a4f authored 3 years ago by Kenichi Omichi Committed by GitHub 3 years ago
--- a/roles/container-engine/gvisor/molecule/default/prepare.yml
+++ b/roles/container-engine/gvisor/molecule/default/prepare.yml
@@ -36,7 +36,7 @@
      file:
        path: /etc/cni/net.d
        state: directory
-        owner: kube
+        owner: root
        mode: 0755
    - name: Setup CNI
      copy:

--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -20,7 +20,7 @@
  template:
    src: "cni-calico.conflist.j2"
    dest: "/etc/cni/net.d/calico.conflist.template"
-    owner: kube
+    owner: root
  register: calico_conflist
  notify: reset_calico_cni