epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: make kubernetes owner parametrized (#8952)

Browse Source 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
This commit is contained in:
Alessio Greggi
2022-06-17 10:34:32 +02:00
committed by GitHub
parent 890fad389d
commit 97b4d79ed5
17 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/network_plugin/canal/tasks/main.yml
View File

@@ -4,7 +4,7 @@
src: "cni-canal.conflist.j2"
dest: "/etc/cni/net.d/canal.conflist.template"
mode: 0644
owner: kube
owner: "{{ kube_owner }}"
register: canal_conflist
notify: reset_canal_cni

2
roles/network_plugin/cni/tasks/main.yml
View File

@@ -4,7 +4,7 @@
path: /opt/cni/bin
state: directory
mode: 0755
owner: kube
owner: "{{ kube_owner }}"
recurse: true
- name: CNI | Copy cni plugins

6
roles/network_plugin/kube-router/tasks/main.yml
View File

@@ -7,7 +7,7 @@
file:
path: /var/lib/kube-router
state: directory
owner: kube
owner: "{{ kube_owner }}"
recurse: true
mode: 0755
@@ -16,7 +16,7 @@
src: kubeconfig.yml.j2
dest: /var/lib/kube-router/kubeconfig
mode: 0644
owner: kube
owner: "{{ kube_owner }}"
notify:
- reset_kube_router
@@ -44,7 +44,7 @@
src: cni-conf.json.j2
dest: /etc/cni/net.d/10-kuberouter.conflist
mode: 0644
owner: kube
owner: "{{ kube_owner }}"
notify:
- reset_kube_router