Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubelet: Restrict access to TLS private key #2639

Merged
merged 2 commits into from
Jan 4, 2023

Commits on Dec 9, 2022

  1. kubelet: Restrict access to tls private key

    This moves the `tlsPrivateKeyFile` to be under a `private` subdirectory.
    This allows us to keep the public cert files readable for non-system
    processes that expect to be able to read them while limiting access to
    the more sensitive private key.
    
    Signed-off-by: Sean McGinnis <[email protected]>
    stmcginnis committed Dec 9, 2022
    Configuration menu
    Copy the full SHA
    75a446b View commit details
    Browse the repository at this point in the history
  2. migrations: Add migration for kubelet private key path

    This adds a migration to update the `kubelet-server.key` file location
    used for Kubernetes PKI. This was moved from the common location with
    the public key to a separate private location so users would still be
    able to read the public key if needed.
    
    Signed-off-by: Sean McGinnis <[email protected]>
    stmcginnis committed Dec 9, 2022
    Configuration menu
    Copy the full SHA
    e1e35d4 View commit details
    Browse the repository at this point in the history