From bee9b6b6995babf8ed17a6e21ec259b5fb8eabae Mon Sep 17 00:00:00 2001 From: Kenichi Omichi Date: Wed, 7 Oct 2020 02:32:42 +0000 Subject: [PATCH] Chmod kubeconfig to avoid group-readable After upgrading to newer Kubernetes(v1.17 at least), kubectl command shows the following warning message: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/foo/.kube/config The kubeconfig was copied from {{ artifacts_dir }}/admin.conf with kubeconfig_localhost feature. It is better to set valid file mode at getting it on Kubespray. --- roles/kubernetes/client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index 2baeadf234e..8c7fba34fee 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -87,7 +87,7 @@ copy: content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}" dest: "{{ artifacts_dir }}/admin.conf" - mode: 0640 + mode: 0600 delegate_to: localhost connection: local become: no