epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-13 21:34:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Move checksums to kubespray_defaults/vars (#12234)

Browse Source 
The checksums are not a defaults and are not meant to be changed from
the inventories.

Furthermore, role defaults have a lower priority that hosts facts, which
technically means a rogue hosts could hijack the hashes for its
variables.
This commit is contained in:
Max Gautier
2025-05-18 23:13:14 +00:00
committed by GitHub
parent 8a4f4d13f7
commit 3a2862ea19
3 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
roles/kubespray_defaults/defaults/main/checksums.yml → roles/kubespray_defaults/vars/main/checksums.yml
View File

0
roles/kubespray_defaults/vars/main.yml → roles/kubespray_defaults/vars/main/main.yml
View File

2
scripts/component_hash_update/src/component_hash_update/download.py
View File

@@ -25,7 +25,7 @@ from typing import Optional, Any
from . import components
CHECKSUMS_YML = Path("roles/kubespray_defaults/defaults/main/checksums.yml")
CHECKSUMS_YML = Path("roles/kubespray_defaults/vars/main/checksums.yml")
logger = logging.getLogger(__name__)