mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials.
This commit is contained in:
parent
0a14265b7e
commit
7cbe8070bc
@ -619,7 +619,12 @@ function append_or_replace_prefixed_line {
|
|||||||
function write-pki-data {
|
function write-pki-data {
|
||||||
local data="${1}"
|
local data="${1}"
|
||||||
local path="${2}"
|
local path="${2}"
|
||||||
(umask 077; echo "${data}" | base64 --decode > "${path}")
|
if [[ -n "${KUBE_PKI_READERS_GROUP:-}" ]]; then
|
||||||
|
(umask 027; echo "${data}" | base64 --decode > "${path}")
|
||||||
|
chgrp "${KUBE_PKI_READERS_GROUP:-}" "${path}"
|
||||||
|
else
|
||||||
|
(umask 077; echo "${data}" | base64 --decode > "${path}")
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function create-node-pki {
|
function create-node-pki {
|
||||||
|
Loading…
Reference in New Issue
Block a user