From c2ea6842a7ebbcf27322170668cfc4690f46b9d3 Mon Sep 17 00:00:00 2001
From: vinayak goyal <vinaygo@google.com>
Date: Mon, 16 Nov 2020 22:59:30 +0000
Subject: [PATCH] If the file already exists we need to grant group read
 permissions explicitly.

---
 cluster/gce/gci/configure-helper.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 264f92d9b69..d1572c8e683 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -622,6 +622,7 @@ function write-pki-data {
   if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then
     (umask 027; echo "${data}" | base64 --decode > "${path}")
     chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}"
+    chmod g+r "${path}"
   else
     (umask 077; echo "${data}" | base64 --decode > "${path}")
   fi