Fix ownership related to Calico (#8072)
kube-bench scan outputs warning related to Calico like: * text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)" * text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)" This fixes these warnings.pull/8099/head
parent
6a5b87dda4
commit
19d07a4f2e
|
@ -36,7 +36,7 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/cni/net.d
|
path: /etc/cni/net.d
|
||||||
state: directory
|
state: directory
|
||||||
owner: kube
|
owner: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
- name: Setup CNI
|
- name: Setup CNI
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
template:
|
template:
|
||||||
src: "cni-calico.conflist.j2"
|
src: "cni-calico.conflist.j2"
|
||||||
dest: "/etc/cni/net.d/calico.conflist.template"
|
dest: "/etc/cni/net.d/calico.conflist.template"
|
||||||
owner: kube
|
owner: root
|
||||||
register: calico_conflist
|
register: calico_conflist
|
||||||
notify: reset_calico_cni
|
notify: reset_calico_cni
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue