diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
index 5ed8f69449dc9f32e33798a9edf104b98655e92d..82b0acb82d8d74992a5924204763ce21df1e11ca 100644
--- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
+++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}/{{ item.dest }}"
+ mode: 0644
with_items:
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}
diff --git a/roles/container-engine/docker-storage/tasks/main.yml b/roles/container-engine/docker-storage/tasks/main.yml
index 6fb6d3f244f60d8b5bea3cdc94d8cfba4873a805..462938191fea182f896a97795974aa3c1cc26137 100644
--- a/roles/container-engine/docker-storage/tasks/main.yml
+++ b/roles/container-engine/docker-storage/tasks/main.yml
@@ -10,6 +10,7 @@
template:
src: docker-storage-setup.j2
dest: /etc/sysconfig/docker-storage-setup
+ mode: 0644
- name: docker-storage-override-directory | docker service storage-setup override dir
file:
diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml
index 4570b260a51eaa9578bc81e77c6b2d13fddf51b5..d8f85477486420e0e5fa4ab13c31588f5ba3333c 100644
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
loop:
- { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
- { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
@@ -27,6 +28,7 @@
template:
src: "{{ item.src }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
- { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
index 94c041d14ff74c035f9bf0bfb99888c6a0c9e9bf..480b3dbf1dc39bad943d5fcc45a171fc0f0c544c 100644
--- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml
+++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
register: manifests
diff --git a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
index 0608fd375d497c74d287a8a5ceb02983a0789d4a..548de89fd81aa33882b395c830c65ea74be53867 100644
--- a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
+++ b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
- { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 46252929a103d8313acaa2a402e8a6e5de2445f1..d08a9ed28fc9e7a62d8a1b459a9a41a0d0df36b1 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -25,6 +25,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items: "{{ netchecker_templates }}"
register: manifests
when:
diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
index 4809aa9b83df3b117d7a8d0dc0e1c63fe15243a2..53970115722c34bb591a97af97da9cdf7039f216 100644
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -19,6 +19,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
- { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
@@ -48,6 +49,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
register: nodelocaldns_second_manifests
diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml
index e80e63e694a84c7c6a850d7abf50744d41258b26..2d2385eb2d4c02f76664c4ea8601b02080c3f389 100644
--- a/roles/kubernetes-apps/argocd/tasks/main.yml
+++ b/roles/kubernetes-apps/argocd/tasks/main.yml
@@ -23,6 +23,7 @@
get_url:
url: "{{ item.url }}"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
loop_control:
label: "{{ item.file }}"
@@ -44,6 +45,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}"
loop_control:
label: "{{ item.file }}"
diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
index ecf6f511d8fdbf0261db8b439e560dbbe308d005..05d5c6930edaf64f73edb249846a6b6a91808138 100644
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
+++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
@@ -7,6 +7,7 @@
template:
src: controller-manager-config.yml.j2
dest: "{{ kube_config_dir }}/controller-manager-config.yml"
+ mode: 0644
when: inventory_hostname == groups['kube_control_plane'][0]
tags: oci
@@ -25,6 +26,7 @@
template:
src: oci-cloud-provider.yml.j2
dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
+ mode: 0644
when: inventory_hostname == groups['kube_control_plane'][0]
tags: oci
diff --git a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
index 75a0b8a10a1cd94bc01cae2f149bd01510756d46..62ecaf90f893f1f5b31ceb8796541addbc84c0df 100644
--- a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
+++ b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
@@ -33,6 +33,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}"
+ mode: 0644
with_items:
- { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset }
- { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset }
diff --git a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
index f12f5feae8963f9d050ec9d0107ff1bf69c2425f..104c314ca5f65118ff6060e2c007f608f0a90733 100644
--- a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
@@ -16,6 +16,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir}}/addons/gvisor/{{ item.file }}"
+ mode: 0644
with_items: "{{ gvisor_templates }}"
register: gvisor_manifests
when:
diff --git a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
index 3fb059fe65a370d27d7b3211d3079f03febf7c2b..a07c7c2883163bf7e0231167da021d6908e58997 100644
--- a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
@@ -17,6 +17,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}"
+ mode: 0644
with_items: "{{ kata_containers_templates }}"
register: kata_containers_manifests
when:
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
index 7b2f41a4cc38ef90a0550d267e708feb3ea765a9..066009661fffa86eb08e7129844d5cb4004e0bf0 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml}
- {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml}
diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
index b8bbd7113e513adca3dbafc09f9b246c30bb4bb3..96abe3990412d1df3ba20845b52d937f4127ee02 100644
--- a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
@@ -22,6 +22,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml}
- {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
index a62a9db3912a0fa9b0bf5bcdaadb455d750a29f7..6590f6d0302c2bad9b52420b7ca5080028201324 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@@ -34,6 +34,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: cinder-csi-driver, file: cinder-csi-driver.yml}
- {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
index 029d7ffe50dba19fc65cb5b488f9480c56895938..7329d49e68ebbc462c41deda2badc347b3b8b691 100644
--- a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: volumesnapshotclasses, file: volumesnapshotclasses.yml}
- {name: volumesnapshotcontents, file: volumesnapshotcontents.yml}
diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
index 05961ef56d2e041564cc10f175541ff75d9c516b..ebaa86f2bbfba45f4be603c850699b2e76f717f5 100644
--- a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
@@ -25,6 +25,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml}
- {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml}
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
index 269d2ec18ffbf1789fc9298e82490e186d14b338..7dec480ead3e0e2b4c31b69dc378850fa6cde04d 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
@@ -16,6 +16,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
+ mode: 0644
with_items:
- vsphere-csi-driver.yml
- vsphere-csi-controller-rbac.yml
diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
index 86e16dbe7bec474f65b1763b5727e67d995ccc77..57fd47e230619a61b5ca1c18b9aa2e2649b664af 100644
--- a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
@@ -16,6 +16,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
+ mode: 0644
with_items:
- external-vsphere-cpi-cloud-config-secret.yml
- external-vsphere-cloud-controller-manager-roles.yml
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
index 0f03dbb313dc5523e4e3a03efd103adfb443f8a0..95a2f7586d121b754dba6803fe0ef9da6de74c8a 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
@@ -63,6 +63,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}"
+ mode: 0644
with_items: "{{ cephfs_provisioner_templates }}"
register: cephfs_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
index 1c3606882b9b8623562efb429108a25336bbe4b8..4cf26d81d3e786cfd6b106312af5252caabe1711 100644
--- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
@@ -13,6 +13,7 @@
file:
path: "{{ local_path_provisioner_claim_root }}"
state: directory
+ mode: 0755
- name: Local Path Provisioner | Render Template
set_fact:
@@ -40,6 +41,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}"
+ mode: 0644
with_items: "{{ local_path_provisioner_templates }}"
register: local_path_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
index 404aee389f22572d4a534bb6b362f0ebf601e63e..88a57105abd8036afbe4ccafa348f4c6d59348d1 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
@@ -40,6 +40,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}"
+ mode: 0644
with_items: "{{ local_volume_provisioner_templates }}"
register: local_volume_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index a563a7bbdc240a534ba6910282b24ce79a0e43f5..107c22fb6408c72b5a3132c61d579ff057fd4d39 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -24,4 +24,5 @@
copy:
dest: /etc/bash_completion.d/helm.sh
content: "{{ helm_completion.stdout }}"
+ mode: 0755
become: True
diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
index 2e8b2f89f4d1dd755a75913af3087956c0a702ea..8a188a4cb35fc8c585697d5d3622cc6b65094d82 100644
--- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
@@ -12,6 +12,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}"
+ mode: 0644
with_items:
- { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole }
- { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
index 33f2dbcf84499fee926236cf9549ba8ced9c1794..4af64adc5b79df4bde7a6978be7b1e3be625244e 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
@@ -38,6 +38,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}"
+ mode: 0644
with_items: "{{ cert_manager_templates }}"
register: cert_manager_manifests
when:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
index 05d35b3ac179b18b1775a9f5ab021c7b9d6b551d..100420121f7d9e1d5e4911062a54eff4f46b390e 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
@@ -35,6 +35,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
+ mode: 0644
with_items: "{{ ingress_nginx_templates }}"
register: ingress_nginx_manifests
when:
diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml
index a515b93819f2720476371ef4b9e30ff7e60bf95f..bbc4dbaadf6a1329d79b647b12fcfecff4567a7e 100644
--- a/roles/kubernetes-apps/krew/tasks/krew.yml
+++ b/roles/kubernetes-apps/krew/tasks/krew.yml
@@ -8,11 +8,13 @@
template:
src: krew.j2
dest: /etc/bash_completion.d/krew
+ mode: 0644
- name: Krew | Copy krew manifest
template:
src: krew.yml.j2
dest: "{{ local_release_dir }}/krew.yml"
+ mode: 0644
- name: Krew | Install krew # noqa 301 305
shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml"
@@ -31,5 +33,6 @@
copy:
dest: /etc/bash_completion.d/krew.sh
content: "{{ krew_completion.stdout }}"
+ mode: 0755
become: True
when: krew_completion.rc == 0
diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml
index b24752ab8382df8d8f8df5e767b5f8c43ddb55ec..a874be05aaf284e42b67aaa944b2194a393f0ff1 100644
--- a/roles/kubernetes-apps/metallb/tasks/main.yml
+++ b/roles/kubernetes-apps/metallb/tasks/main.yml
@@ -34,7 +34,10 @@
- name: Kubernetes Apps | Lay Down MetalLB
become: true
- template: { src: "{{ item }}.j2", dest: "{{ kube_config_dir }}/{{ item }}" }
+ template:
+ src: "{{ item }}.j2"
+ dest: "{{ kube_config_dir }}/{{ item }}"
+ mode: 0644
with_items: ["metallb.yml", "metallb-config.yml"]
register: "rendering"
when:
diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml
index 8b55814791ad467828abe3c294b15be48d890e82..1fe617de80aace192d7ba1af8b89b9e08882b1bd 100644
--- a/roles/kubernetes-apps/metrics_server/tasks/main.yml
+++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml
@@ -39,6 +39,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}"
+ mode: 0644
with_items: "{{ metrics_server_templates }}"
register: metrics_server_manifests
when:
diff --git a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
index 7588c1f7279d634d65f51fd1589b908ea3e7da8a..b49acdfbd8ad1118b2db8ff05c3b02d6a2247625 100644
--- a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "aws-ebs-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
index 04ac99ef835806f59c69110e0beab1eb2895a4eb..9abffbe1fba01a4910a9d9bde5ce02e1e86533e3 100644
--- a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "azure-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
index c8ca8bc15bfbee8a4adb0b2f6dbf962b92c3fa2d..52de1c5a29ca925c71856b083e98cfa91c35abda 100644
--- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "cinder-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
index d85e68fb45a70956db5db91a9260bd068eb88da4..29997e7c6a23e6d7ec9643c042aef33486ae0c62 100644
--- a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "gcp-pd-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
index cc42224e127daa45e08225a9e5ec71e6f19b6e84..3387e7ff4763806cca61e9f59fc21f7e5e096727 100644
--- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "openstack-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index 10f13893d9d04c34c8346441c0326be1b5110144..59a31e40c0c2ede27bec2d3e906fb09774bfc206 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -12,6 +12,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml
index d7c455292e76c7f9f322f3098f193c033f824271..ca6202cb45d5d79eec2495f76b7fb800ff4ab413 100644
--- a/roles/kubernetes-apps/registry/tasks/main.yml
+++ b/roles/kubernetes-apps/registry/tasks/main.yml
@@ -65,6 +65,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
+ mode: 0644
with_items: "{{ registry_templates }}"
register: registry_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -84,6 +85,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
+ mode: 0644
with_items:
- { name: registry-pvc, file: registry-pvc.yml, type: pvc }
register: registry_manifests
diff --git a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
index b979501cd2abf004bfa97a7959069aa16fc1cf24..7e9116f155759e061189e9ce6c547279c587781c 100644
--- a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "cinder-csi-snapshot-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml"
+ mode: 0644
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
index 58f9c2ca26a15d7afb53e35e186c56b743bc0c88..c76eec6a266e0440230e202b51a12f604c1285ed 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml}
- {name: snapshot-controller, file: snapshot-controller.yml}
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 076b8b50a5c49b2da16a5f2f8168fbe4aea7aae2..adbb29594e580ded87f75ed478bdad4859d460fb 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -20,6 +20,7 @@
template:
src: "cni-calico.conflist.j2"
dest: "/etc/cni/net.d/calico.conflist.template"
+ mode: 0644
owner: root
register: calico_conflist
notify: reset_calico_cni
@@ -126,6 +127,7 @@
assemble:
src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds"
dest: "{{ kube_config_dir }}/kdd-crds.yml"
+ mode: 0644
delimiter: "---\n"
regexp: ".*\\.yaml"
remote_src: true
@@ -330,6 +332,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: calico-config, file: calico-config.yml, type: cm}
- {name: calico-node, file: calico-node.yml, type: ds}
@@ -346,6 +349,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: calico, file: calico-typha.yml, type: typha}
register: calico_node_typha_manifest
diff --git a/roles/network_plugin/calico/tasks/typha_certs.yml b/roles/network_plugin/calico/tasks/typha_certs.yml
index 9f94067bcb854c39ee75f8cd5acc82f07a2ca508..d5b1caaadeaf9ffca96c8240e22ebada52f3a9ec 100644
--- a/roles/network_plugin/calico/tasks/typha_certs.yml
+++ b/roles/network_plugin/calico/tasks/typha_certs.yml
@@ -9,6 +9,7 @@
file:
path: /etc/calico/certs
state: directory
+ mode: 0755
when: typha_server_secret.rc != 0
- name: Calico | Copy ssl script for typha certs
diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml
index 2b781af631b526fa14ccbb8297298e26e0acd285..29e4129ccf0015b8eadea0684c97b108cb31e45b 100644
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -3,6 +3,7 @@
template:
src: "cni-canal.conflist.j2"
dest: "/etc/cni/net.d/canal.conflist.template"
+ mode: 0644
owner: kube
register: canal_conflist
notify: reset_canal_cni
@@ -50,6 +51,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: canal-config, file: canal-config.yaml, type: cm}
- {name: canal-node, file: canal-node.yaml, type: ds}
@@ -74,3 +76,4 @@
file:
path: "{{ canal_policy_dir }}"
state: directory
+ mode: 0755
diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml
index 6cd5ff946080e287e13688bc57106b85a2c30c87..8acd6339002a27db5e89e558e6b4edd7d3b36f92 100644
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -18,6 +18,7 @@
file:
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ cilium_cert_dir }}/{{ item.d }}"
+ mode: 0644
state: hard
force: yes
loop:
@@ -40,6 +41,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
loop:
- {name: cilium, file: cilium-config.yml, type: cm}
- {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
@@ -57,6 +59,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/hubble/{{ item.file }}"
+ mode: 0644
loop:
- {name: hubble, file: hubble-config.yml, type: cm}
- {name: hubble, file: hubble-crb.yml, type: clusterrolebinding}
@@ -76,4 +79,5 @@
template:
src: 000-cilium-portmap.conflist.j2
dest: /etc/cni/net.d/000-cilium-portmap.conflist
+ mode: 0644
when: cilium_enable_portmap
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index 2d75f41b38472c93e831114a890535458a53e569..cf2d428dbb49947186f62c8b556d94c642420bb0 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -15,6 +15,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
diff --git a/roles/network_plugin/kube-ovn/tasks/main.yml b/roles/network_plugin/kube-ovn/tasks/main.yml
index 3278642b112b336efc2332edfd718023bbda6c50..f720c51e6064975bba3808952568ebe5d2627608 100644
--- a/roles/network_plugin/kube-ovn/tasks/main.yml
+++ b/roles/network_plugin/kube-ovn/tasks/main.yml
@@ -9,6 +9,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
- {name: ovn, file: cni-ovn.yml}
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index e331f2b149226c590e75740b5b99fd8d440a1df4..6cda7fe35dd1e36afaf6e946ed55c2275a869818 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -15,6 +15,7 @@
template:
src: kubeconfig.yml.j2
dest: /var/lib/kube-router/kubeconfig
+ mode: 0644
owner: kube
notify:
- reset_kube_router
@@ -42,6 +43,7 @@
template:
src: cni-conf.json.j2
dest: /etc/cni/net.d/10-kuberouter.conflist
+ mode: 0644
owner: kube
notify:
- reset_kube_router
@@ -55,5 +57,6 @@
template:
src: kube-router.yml.j2
dest: "{{ kube_config_dir }}/kube-router.yml"
+ mode: 0644
delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true
diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml
index 0c381c79e8abe1d3a3ad272e2e6c2dd5f0ee765c..d4709f4edb1e60c9e1de3d9c1b7f200fc86ad428 100644
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -23,6 +23,7 @@
template:
src: debian-network-macvlan.cfg.j2
dest: /etc/network/interfaces.d/60-mac0.cfg
+ mode: 0644
notify: Macvlan | restart network
when: ansible_os_family in ["Debian"]
@@ -50,6 +51,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/sysconfig/network-scripts/{{ item.dst }}"
+ mode: 0644
with_items:
- {src: centos-network-macvlan.cfg, dst: ifcfg-mac0 }
- {src: centos-routes-macvlan.cfg, dst: route-mac0 }
@@ -61,6 +63,7 @@
template:
src: coreos-service-nat_ouside.j2
dest: /etc/systemd/system/enable_nat_ouside.service
+ mode: 0644
when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and enable_nat_default_gateway
- name: Macvlan | Enable service nat via gateway on Flatcar Container Linux
@@ -74,6 +77,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/systemd/network/{{ item.dst }}"
+ mode: 0644
with_items:
- {src: coreos-device-macvlan.cfg, dst: macvlan.netdev }
- {src: coreos-interface-macvlan.cfg, dst: output.network }
@@ -85,11 +89,13 @@
template:
src: 10-macvlan.conf.j2
dest: /etc/cni/net.d/10-macvlan.conf
+ mode: 0644
- name: Macvlan | Install loopback definition for Macvlan
template:
src: 99-loopback.conf.j2
dest: /etc/cni/net.d/99-loopback.conf
+ mode: 0644
- name: Enable net.ipv4.conf.all.arp_notify in sysctl
sysctl:
diff --git a/roles/network_plugin/multus/tasks/main.yml b/roles/network_plugin/multus/tasks/main.yml
index 7f603973dbc3aa874f24e75f3fa6dd5577d60638..3552b05ba765e3488fbbddd53e41c8ce3ed49e79 100644
--- a/roles/network_plugin/multus/tasks/main.yml
+++ b/roles/network_plugin/multus/tasks/main.yml
@@ -3,6 +3,7 @@
copy:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}"
+ mode: 0644
with_items:
- {name: multus-crd, file: multus-crd.yml, type: customresourcedefinition}
- {name: multus-serviceaccount, file: multus-serviceaccount.yml, type: serviceaccount}
@@ -14,6 +15,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
+ mode: 0644
with_items:
- {name: multus-daemonset, file: multus-daemonset.yml, type: daemonset}
register: multus_manifest_2
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index f2509055a10a4f4da1e5ef85c0296beaf65b8347..ae4a5a467323db4bc13a51ce60d1fb1d9aaf9453 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -3,8 +3,10 @@
template:
src: weave-net.yml.j2
dest: "{{ kube_config_dir }}/weave-net.yml"
+ mode: 0644
- name: Weave | Fix nodePort for Weave
template:
src: 10-weave.conflist.j2
dest: /etc/cni/net.d/10-weave.conflist
+ mode: 0644