Merge pull request #95418 from vinayakankugoyal/pki

Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
This commit is contained in:
Kubernetes Prow Robot 2020-10-09 18:08:47 -07:00 committed by GitHub
commit 33fd5552bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -619,7 +619,12 @@ function append_or_replace_prefixed_line {
function write-pki-data {
local data="${1}"
local path="${2}"
(umask 077; echo "${data}" | base64 --decode > "${path}")
if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then
(umask 027; echo "${data}" | base64 --decode > "${path}")
chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}"
else
(umask 077; echo "${data}" | base64 --decode > "${path}")
fi
}
function create-node-pki {