Skip to content
Snippets Groups Projects
Commit d84ff06f authored by Andreas Krüger's avatar Andreas Krüger Committed by Matthew Mosesohn
Browse files

Set filemode to 0640 (#2315) 

* Set filemode to 0640

weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.

* Set mode 0640 on users_file with basic auth
parent bfe19623
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/kubernetes/master/tasks/users-file.yml
+ 1
0
View file @ d84ff06f
...@@ -10,5 +10,6 @@ ...@@ -10,5 +10,6 @@
template: template:
src: known_users.csv.j2 src: known_users.csv.j2
dest: "{{ kube_users_dir }}/known_users.csv" dest: "{{ kube_users_dir }}/known_users.csv"
mode: 0640
backup: yes backup: yes
notify: Master | set secret_changed notify: Master | set secret_changed
roles/network_plugin/weave/tasks/main.yml
+ 1
0
View file @ d84ff06f
...@@ -17,4 +17,5 @@ ...@@ -17,4 +17,5 @@
template: template:
src: weave-net.yml.j2 src: weave-net.yml.j2
dest: "{{ kube_config_dir }}/weave-net.yml" dest: "{{ kube_config_dir }}/weave-net.yml"
mode: 0640
register: weave_manifest register: weave_manifest
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment