feat: make kubernetes owner parametrized (#8952)

* feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2026-02-19 04:00:11 -03:30 · 2022-06-17 10:34:32 +02:00
parent 890fad389d
commit 97b4d79ed5
17 changed files with 40 additions and 14 deletions
--- a/roles/adduser/defaults/main.yml
+++ b/roles/adduser/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+kube_owner: kube
 kube_cert_group: kube-cert
 etcd_data_dir: "/var/lib/etcd"

--- a/roles/adduser/tasks/main.yml
+++ b/roles/adduser/tasks/main.yml
@@ -13,3 +13,4 @@
    shell: "{{ user.shell|default(omit) }}"
    name: "{{ user.name }}"
    system: "{{ user.system|default(omit) }}"
+  when: kube_owner != "root"