Merge "Restrict etcd data directory permissions"

This commit is contained in:
Zuul 2018-12-21 18:04:33 +00:00 committed by Gerrit Code Review
commit a9b632267d
1 changed files with 23 additions and 0 deletions

View File

@ -78,6 +78,29 @@ data:
# were restarted. "Failed to add /run/systemd/ask-password to directory
# watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
fs.inotify.max_user_watches: '1048576'
overrides:
divingbell_perm:
labels:
- label:
key: kubernetes-etcd
values:
- enabled
conf:
perm:
- path: '/var/lib/etcd/*'
owner: 'root'
group: 'root'
permissions: '0700'
- label:
key: calico-etcd
values:
- enabled
conf:
perm:
- path: '/var/lib/etcd/*'
owner: 'root'
group: 'root'
permissions: '0700'
dependencies:
- ucp-divingbell-htk
---