Fix ownership related to Calico (#8072)

kube-bench scan outputs warning related to Calico like:

* text: "Ensure that the Container Network Interface file
  permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
  ownership is set to root:root (Manual)"

This fixes these warnings.
pull/8099/head
Kenichi Omichi 2021-10-19 17:35:57 -07:00 committed by GitHub
parent 6a5b87dda4
commit 19d07a4f2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View File

@ -36,7 +36,7 @@
file: file:
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: kube owner: root
mode: 0755 mode: 0755
- name: Setup CNI - name: Setup CNI
copy: copy:

View File

@ -20,7 +20,7 @@
template: template:
src: "cni-calico.conflist.j2" src: "cni-calico.conflist.j2"
dest: "/etc/cni/net.d/calico.conflist.template" dest: "/etc/cni/net.d/calico.conflist.template"
owner: kube owner: root
register: calico_conflist register: calico_conflist
notify: reset_calico_cni notify: reset_calico_cni