From 49d106f61509f01fb7c8c7411006c9d500f72bc7 Mon Sep 17 00:00:00 2001
From: "Christopher J. Ruwe" <cjr@cruwe.de>
Date: Mon, 14 May 2018 09:29:48 +0000
Subject: [PATCH 1/2] make admin.conf -> .kube/config non-executable

Almost certainly, the .kube/config file (YAML) should not be executable.
---
 roles/kubernetes/client/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
index d34131a3a..67b2da325 100644
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@@ -40,7 +40,7 @@
     src: "{{ kube_config_dir }}/admin.conf"
     dest: "/root/.kube/config"
     remote_src: yes
-    mode: "0700"
+    mode: "0600"
     backup: yes
 
 - name: Copy admin kubeconfig to ansible host

From 73800ef111e831074ec81449ccdfa157f138aded Mon Sep 17 00:00:00 2001
From: "Christopher J. Ruwe" <cjr@cruwe.de>
Date: Tue, 15 May 2018 07:54:32 +0000
Subject: [PATCH 2/2] make certificates non-executable

---
 roles/kubernetes/master/tasks/kubeadm-setup.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 3fcd04715..b841d8357 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -128,7 +128,7 @@
     content: "{{ item.content | b64decode }}"
     owner: root
     group: root
-    mode: 0700
+    mode: 0600
   no_log: true
   register: copy_kubeadm_certs
   with_items: "{{ kubeadm_certs.results }}"