mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials.
This commit is contained in:
parent
0a14265b7e
commit
7cbe8070bc
@ -619,7 +619,12 @@ function append_or_replace_prefixed_line {
|
||||
function write-pki-data {
|
||||
local data="${1}"
|
||||
local path="${2}"
|
||||
(umask 077; echo "${data}" | base64 --decode > "${path}")
|
||||
if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then
|
||||
(umask 027; echo "${data}" | base64 --decode > "${path}")
|
||||
chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}"
|
||||
else
|
||||
(umask 077; echo "${data}" | base64 --decode > "${path}")
|
||||
fi
|
||||
}
|
||||
|
||||
function create-node-pki {
|
||||
|
Loading…
Reference in New Issue
Block a user