From 09166485bc90aba08bdb7f18ffa184767319eafa Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 25 Jul 2020 13:50:08 -0700 Subject: [PATCH] Declare etcd data directory permissions * Set etcd data directory /var/lib/etcd permissions to 700 * On Flatcar Linux, /var/lib/etcd is pre-existing and Ignition v2 doesn't overwrite the directory. Update the Container Linux config, but add the manual chmod workaround to bootstrap for Flatcar Linux users * https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.4.md#v3410-2020-07-16 * https://github.com/etcd-io/etcd/pull/11798 --- cl/controller.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cl/controller.yaml b/cl/controller.yaml index fb11f52..1765294 100644 --- a/cl/controller.yaml +++ b/cl/controller.yaml @@ -140,6 +140,11 @@ systemd: [Install] WantedBy=multi-user.target storage: + directories: + - path: /var/lib/etcd + filesystem: root + mode: 0700 + overwrite: true files: - path: /etc/kubernetes/kubeconfig filesystem: root @@ -161,6 +166,7 @@ storage: mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/ chown -R etcd:etcd /etc/ssl/etcd chmod -R 500 /etc/ssl/etcd + chmod -R 700 /var/lib/etcd mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/ mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/ mkdir -p /etc/kubernetes/manifests