Fix risky-file-permissions (#8370)

When running ansible-lint directly, we can see a lot of warning message like risky-file-permissions File permissions unset or incorrect This fixes the warning messages.
2026-05-19 14:57:43 -02:30 · 2022-01-09 01:51:12 -08:00
parent 51bd9bee0d
commit f80fd24a55
48 changed files with 76 additions and 1 deletions
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -3,6 +3,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  loop:
    - { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
    - { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
@@ -27,6 +28,7 @@
  template:
    src: "{{ item.src }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
    - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
--- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml
+++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
@@ -3,6 +3,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
  register: manifests
--- a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
+++ b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
@@ -3,6 +3,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
    - { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -25,6 +25,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items: "{{ netchecker_templates }}"
  register: manifests
  when:
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -19,6 +19,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
    - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
@@ -48,6 +49,7 @@
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
  register: nodelocaldns_second_manifests