External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-25 06:56:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

feat: make kubernetes owner parametrized (#8952)

Browse Source 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
This commit is contained in:
Alessio Greggi
2022-06-17 10:34:32 +02:00
committed by GitHub
parent 890fad389d
commit 97b4d79ed5
17 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/etcd/tasks/gen_certs_script.yml
View File

@@ -4,7 +4,7 @@
path: "{{ etcd_cert_dir }}"
group: "{{ etcd_cert_group }}"
state: directory
owner: kube
owner: "{{ etcd_owner }}"
mode: "{{ etcd_cert_dir_mode }}"
recurse: yes
@@ -81,7 +81,7 @@
dest: "{{ item.item }}"
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: kube
owner: "{{ etcd_owner }}"
mode: 0640
with_items: "{{ etcd_master_certs.results }}"
when:
@@ -111,7 +111,7 @@
dest: "{{ item.item }}"
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: kube
owner: "{{ etcd_owner }}"
mode: 0640
with_items: "{{ etcd_master_node_certs.results }}"
when:
@@ -165,6 +165,6 @@
path: "{{ etcd_cert_dir }}"
group: "{{ etcd_cert_group }}"
state: directory
owner: kube
owner: "{{ etcd_owner }}"
mode: "{{ etcd_cert_dir_mode }}"
recurse: yes