diff --git a/clustermesh/clustermesh.go b/clustermesh/clustermesh.go index 063bdba23e..fe46c67fa7 100644 --- a/clustermesh/clustermesh.go +++ b/clustermesh/clustermesh.go @@ -46,7 +46,7 @@ var ( replicas = int32(1) deploymentMaxSurge = intstr.FromInt(1) deploymentMaxUnavailable = intstr.FromInt(1) - secretDefaultMode = int32(420) + secretDefaultMode = int32(0400) ) var clusterRole = &rbacv1.ClusterRole{ diff --git a/hubble/relay.go b/hubble/relay.go index 98c9b94566..62158c0ecf 100644 --- a/hubble/relay.go +++ b/hubble/relay.go @@ -27,6 +27,7 @@ const ( ) var ( + secretDefaultMode = int32(0400) relayReplicas = int32(1) relayPortIntstr = intstr.FromInt(defaults.RelayPort) deploymentMaxSurge = intstr.FromInt(1) @@ -168,6 +169,7 @@ func (k *K8sHubble) generateRelayDeployment() *appsv1.Deployment { Name: "tls", VolumeSource: corev1.VolumeSource{ Projected: &corev1.ProjectedVolumeSource{ + DefaultMode: &secretDefaultMode, Sources: []corev1.VolumeProjection{ { Secret: &corev1.SecretProjection{ diff --git a/install/install.go b/install/install.go index 384acb8e9e..423a06f59f 100644 --- a/install/install.go +++ b/install/install.go @@ -37,7 +37,7 @@ var ( agentTerminationGracePeriodSeconds = int64(1) hostPathDirectoryOrCreate = corev1.HostPathDirectoryOrCreate hostPathFileOrCreate = corev1.HostPathFileOrCreate - secretDefaultMode = int32(420) + secretDefaultMode = int32(0400) operatorReplicas = int32(1) operatorMaxSurge = intstr.FromInt(1) operatorMaxUnavailable = intstr.FromInt(1) @@ -594,6 +594,7 @@ func (k *K8sInstaller) generateAgentDaemonSet() *appsv1.DaemonSet { Name: "hubble-tls", VolumeSource: corev1.VolumeSource{ Projected: &corev1.ProjectedVolumeSource{ + DefaultMode: &secretDefaultMode, Sources: []corev1.VolumeProjection{ { Secret: &corev1.SecretProjection{