Declare etcd data directory permissions
* Set etcd data directory /var/lib/etcd permissions to 700 * On Flatcar Linux, /var/lib/etcd is pre-existing and Ignition v2 doesn't overwrite the directory. Update the Container Linux config, but add the manual chmod workaround to bootstrap for Flatcar Linux users * https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.4.md#v3410-2020-07-16 * https://github.com/etcd-io/etcd/pull/11798
This commit is contained in:
parent
f96e91f225
commit
264d23a1b5
|
@ -142,6 +142,11 @@ systemd:
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
filesystem: root
|
||||||
|
mode: 0700
|
||||||
|
overwrite: true
|
||||||
files:
|
files:
|
||||||
- path: /etc/kubernetes/kubeconfig
|
- path: /etc/kubernetes/kubeconfig
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -163,6 +168,7 @@ storage:
|
||||||
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
||||||
chown -R etcd:etcd /etc/ssl/etcd
|
chown -R etcd:etcd /etc/ssl/etcd
|
||||||
chmod -R 500 /etc/ssl/etcd
|
chmod -R 500 /etc/ssl/etcd
|
||||||
|
chmod -R 700 /var/lib/etcd
|
||||||
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
||||||
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
||||||
mkdir -p /etc/kubernetes/manifests
|
mkdir -p /etc/kubernetes/manifests
|
||||||
|
|
|
@ -129,6 +129,8 @@ systemd:
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
mode: 0700
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
|
|
@ -142,6 +142,11 @@ systemd:
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
filesystem: root
|
||||||
|
mode: 0700
|
||||||
|
overwrite: true
|
||||||
files:
|
files:
|
||||||
- path: /etc/kubernetes/kubeconfig
|
- path: /etc/kubernetes/kubeconfig
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -163,6 +168,7 @@ storage:
|
||||||
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
||||||
chown -R etcd:etcd /etc/ssl/etcd
|
chown -R etcd:etcd /etc/ssl/etcd
|
||||||
chmod -R 500 /etc/ssl/etcd
|
chmod -R 500 /etc/ssl/etcd
|
||||||
|
chmod -R 700 /var/lib/etcd
|
||||||
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
||||||
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
||||||
mkdir -p /etc/kubernetes/manifests
|
mkdir -p /etc/kubernetes/manifests
|
||||||
|
|
|
@ -128,6 +128,8 @@ systemd:
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
mode: 0700
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
|
|
@ -156,6 +156,10 @@ systemd:
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
filesystem: root
|
||||||
|
mode: 0700
|
||||||
|
overwrite: true
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
filesystem: root
|
filesystem: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
@ -180,6 +184,7 @@ storage:
|
||||||
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
||||||
chown -R etcd:etcd /etc/ssl/etcd
|
chown -R etcd:etcd /etc/ssl/etcd
|
||||||
chmod -R 500 /etc/ssl/etcd
|
chmod -R 500 /etc/ssl/etcd
|
||||||
|
chmod -R 700 /var/lib/etcd
|
||||||
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
||||||
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
||||||
mkdir -p /etc/kubernetes/manifests
|
mkdir -p /etc/kubernetes/manifests
|
||||||
|
|
|
@ -139,6 +139,8 @@ systemd:
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
mode: 0700
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
|
|
@ -153,6 +153,10 @@ systemd:
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
filesystem: root
|
||||||
|
mode: 0700
|
||||||
|
overwrite: true
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
filesystem: root
|
filesystem: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
@ -171,6 +175,7 @@ storage:
|
||||||
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
||||||
chown -R etcd:etcd /etc/ssl/etcd
|
chown -R etcd:etcd /etc/ssl/etcd
|
||||||
chmod -R 500 /etc/ssl/etcd
|
chmod -R 500 /etc/ssl/etcd
|
||||||
|
chmod -R 700 /var/lib/etcd
|
||||||
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
||||||
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
||||||
mkdir -p /etc/kubernetes/manifests
|
mkdir -p /etc/kubernetes/manifests
|
||||||
|
|
|
@ -140,6 +140,8 @@ systemd:
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
mode: 0700
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
|
|
@ -140,6 +140,11 @@ systemd:
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
filesystem: root
|
||||||
|
mode: 0700
|
||||||
|
overwrite: true
|
||||||
files:
|
files:
|
||||||
- path: /etc/kubernetes/kubeconfig
|
- path: /etc/kubernetes/kubeconfig
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -161,6 +166,7 @@ storage:
|
||||||
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
mv tls/etcd/etcd-client* /etc/kubernetes/bootstrap-secrets/
|
||||||
chown -R etcd:etcd /etc/ssl/etcd
|
chown -R etcd:etcd /etc/ssl/etcd
|
||||||
chmod -R 500 /etc/ssl/etcd
|
chmod -R 500 /etc/ssl/etcd
|
||||||
|
chmod -R 700 /var/lib/etcd
|
||||||
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
mv auth/kubeconfig /etc/kubernetes/bootstrap-secrets/
|
||||||
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
mv tls/k8s/* /etc/kubernetes/bootstrap-secrets/
|
||||||
mkdir -p /etc/kubernetes/manifests
|
mkdir -p /etc/kubernetes/manifests
|
||||||
|
|
|
@ -128,6 +128,8 @@ systemd:
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
directories:
|
directories:
|
||||||
|
- path: /var/lib/etcd
|
||||||
|
mode: 0700
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
|
Loading…
Reference in New Issue