Merge "Restrict etcd data directory permissions"
This commit is contained in:
commit
a9b632267d
@ -78,6 +78,29 @@ data:
|
|||||||
# were restarted. "Failed to add /run/systemd/ask-password to directory
|
# were restarted. "Failed to add /run/systemd/ask-password to directory
|
||||||
# watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
|
# watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
|
||||||
fs.inotify.max_user_watches: '1048576'
|
fs.inotify.max_user_watches: '1048576'
|
||||||
|
overrides:
|
||||||
|
divingbell_perm:
|
||||||
|
labels:
|
||||||
|
- label:
|
||||||
|
key: kubernetes-etcd
|
||||||
|
values:
|
||||||
|
- enabled
|
||||||
|
conf:
|
||||||
|
perm:
|
||||||
|
- path: '/var/lib/etcd/*'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
permissions: '0700'
|
||||||
|
- label:
|
||||||
|
key: calico-etcd
|
||||||
|
values:
|
||||||
|
- enabled
|
||||||
|
conf:
|
||||||
|
perm:
|
||||||
|
- path: '/var/lib/etcd/*'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
permissions: '0700'
|
||||||
dependencies:
|
dependencies:
|
||||||
- ucp-divingbell-htk
|
- ucp-divingbell-htk
|
||||||
---
|
---
|
||||||
|
Loading…
Reference in New Issue
Block a user