From c634c05b1eec1d64d912905e626f7177d85728d8 Mon Sep 17 00:00:00 2001
From: Anton Gura <anton.gura@id.thesoul.io>
Date: Thu, 20 Jul 2023 11:01:27 +0200
Subject: [PATCH] enchance security with CIS Kubernetes V1.23 Benchmark item
 number 4.1.9

---
 roles/kubernetes/node/tasks/kubelet.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index c08ef5fb814..be429dcfb66 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -12,7 +12,7 @@
     dest: "{{ kube_config_dir }}/kubelet.env"
     setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
     backup: yes
-    mode: 0640
+    mode: 0600
   notify: Node | restart kubelet
   tags:
     - kubelet
@@ -22,7 +22,7 @@
   template:
     src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
     dest: "{{ kube_config_dir }}/kubelet-config.yaml"
-    mode: 0640
+    mode: 0600
   notify: Kubelet | restart kubelet
   tags:
     - kubelet