github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

remove the path if it exists before writing pki data.

Browse Source 
if setfacl is called before chmod g+r at anypoint during the lifetime of
the cluster then the default group does not have read permissions on the
file. so we explicitly grant the default group read permissions. See
https://gist.github.com/mmdriley/85ca34f711acbec4b1b94902add488e5 for a
repro.
This commit is contained in:
Vinayak Goyal 2021-06-18 11:03:37 -07:00
parent ab7d8b5b5b
commit 774d228637
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/gce/gci/configure-helper.sh
View File

@ -626,6 +626,8 @@ function append_or_replace_prefixed_line {
function write-pki-data { function write-pki-data {
local data="${1}" local data="${1}"
local path="${2}" local path="${2}"
# remove the path if it exists
rm -f "${path}"
if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then
(umask 027; echo "${data}" | base64 --decode > "${path}") (umask 027; echo "${data}" | base64 --decode > "${path}")
chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}" chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}"