feat: make kubernetes owner parametrized (#8952)

* feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2026-02-28 09:39:12 +03:00 · 2022-06-17 10:34:32 +02:00
parent 890fad389d
commit 97b4d79ed5
17 changed files with 40 additions and 14 deletions
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -22,6 +22,7 @@ common_required_pkgs:
 # GCE docker repository
 disable_ipv6_dns: false

+kube_owner: kube
 kube_cert_group: kube-cert
 kube_config_dir: /etc/kubernetes
 kube_cert_dir: "{{ kube_config_dir }}/ssl"
--- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
+++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
@@ -3,7 +3,7 @@
  file:
    path: "{{ item }}"
    state: directory
-    owner: kube
+    owner: "{{ kube_owner }}"
    mode: 0755
  when: inventory_hostname in groups['k8s_cluster']
  become: true
@@ -71,7 +71,7 @@
  file:
    path: "{{ item }}"
    state: directory
-    owner: kube
+    owner: "{{ kube_owner }}"
    mode: 0755
  with_items:
    - "/etc/cni/net.d"