Chmod kubeconfig to avoid group-readable (#6800)

After upgrading to newer Kubernetes(v1.17 at least), kubectl command shows the following warning message: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/foo/.kube/config The kubeconfig was copied from {{ artifacts_dir }}/admin.conf with kubeconfig_localhost feature. It is better to set valid file mode at getting it on Kubespray.
kubernetes-sigs · Oct 9, 2020 · e6c2898 · e6c2898
1 parent 64f6971
commit e6c2898
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
@@ -87,7 +87,7 @@
   copy:
     content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
     dest: "{{ artifacts_dir }}/admin.conf"
-    mode: 0640
+    mode: 0600
   delegate_to: localhost
   connection: local
   become: no