enchance security with CIS Kubernetes V1.23 (#10304)

Benchmark item number 4.1.9
2023-07-24 05:24:11 +03:00
parent fe32de94b9
commit 050bd0527f
1 changed files with 2 additions and 2 deletions
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@ -12,7 +12,7 @@
    dest: "{{ kube_config_dir }}/kubelet.env"
    setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
    backup: yes
-    mode: 0640
+    mode: 0600
  notify: Node | restart kubelet
  tags:
    - kubelet
@ -22,7 +22,7 @@
  template:
    src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
    dest: "{{ kube_config_dir }}/kubelet-config.yaml"
-    mode: 0640
+    mode: 0600
  notify: Kubelet | restart kubelet
  tags:
    - kubelet