diff --git a/roles/kubernetes/master/tasks/users-file.yml b/roles/kubernetes/master/tasks/users-file.yml
index ec0264c4d35d936f2b7b617f8a21e24ec2726c79..e8425d1bc9363d50a0dc06603e9497ec4eacd373 100644
--- a/roles/kubernetes/master/tasks/users-file.yml
+++ b/roles/kubernetes/master/tasks/users-file.yml
@@ -10,5 +10,6 @@
   template:
     src: known_users.csv.j2
     dest: "{{ kube_users_dir }}/known_users.csv"
+    mode: 0640
     backup: yes
   notify: Master | set secret_changed
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index 738dddd15c0035942684183e2b7314d5c64dd442..f3f1da6ac3a83c3f403fee8e40b31109d4f4a0c4 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -17,4 +17,5 @@
   template:
     src: weave-net.yml.j2
     dest: "{{ kube_config_dir }}/weave-net.yml"
+    mode: 0640
   register: weave_manifest