CadolesKube/typhoon
7
0
Fork 0
mirror of https://github.com/puppetmaster/typhoon.git synced 2025-01-07 12:49:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

doc: set file_permission 0600 for kubeconfig file

Browse Source 
It's only documentation, but kubeconfig file contains sensitive info so it's better to secure it a little
This commit is contained in:
jordanp 2024-09-24 16:25:58 +02:00 committed by Dalton Hubble
parent 6a5b808b17
commit 5932b651e3
12 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -96,8 +96,9 @@ module "yavin" {
# Obtain cluster kubeconfig
resource "local_file" "kubeconfig-yavin" {
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
file_permission = "0600"
}
```

6
docs/fedora-coreos/aws.md
View File

@ -134,8 +134,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-tempest" {
content = module.tempest.kubeconfig-admin
filename = "/home/user/.kube/configs/tempest-config"
content = module.tempest.kubeconfig-admin
filename = "/home/user/.kube/configs/tempest-config"
file_permission = "0600"
}
```
@ -241,4 +242,3 @@ Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-typ
#### Spot
Add `worker_price = "0.10"` to use spot instance workers (instead of "on-demand") and set a maximum spot price in USD. Clusters can tolerate spot market interuptions fairly well (reschedules pods, but cannot drain) to save money, with the tradeoff that requests for workers may go unfulfilled.

5
docs/fedora-coreos/azure.md
View File

@ -152,8 +152,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-ramius" {
content = module.ramius.kubeconfig-admin
filename = "/home/user/.kube/configs/ramius-config"
content = module.ramius.kubeconfig-admin
filename = "/home/user/.kube/configs/ramius-config"
file_permission = "0600"
}
```

6
docs/fedora-coreos/bare-metal.md
View File

@ -302,8 +302,9 @@ systemd[1]: Started Kubernetes control plane.
```
resource "local_file" "kubeconfig-mercury" {
content = module.mercury.kubeconfig-admin
filename = "/home/user/.kube/configs/mercury-config"
content = module.mercury.kubeconfig-admin
filename = "/home/user/.kube/configs/mercury-config"
file_permission = "0600"
}
```
@ -373,4 +374,3 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
| kernel_args | Additional kernel args to provide at PXE boot | [] | ["kvm-intel.nested=1"] |
| worker_node_labels | Map from worker name to list of initial node labels | {} | {"node2" = ["role=special"]} |
| worker_node_taints | Map from worker name to list of initial node taints | {} | {"node2" = ["role=special:NoSchedule"]} |

6
docs/fedora-coreos/digitalocean.md
View File

@ -144,8 +144,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-nemo" {
content = module.nemo.kubeconfig-admin
filename = "/home/user/.kube/configs/nemo-config"
content = module.nemo.kubeconfig-admin
filename = "/home/user/.kube/configs/nemo-config"
file_permission = "0600"
}
```
@ -248,4 +249,3 @@ Check the list of valid [droplet types](https://developers.digitalocean.com/docu
!!! warning
Do not choose a `controller_type` smaller than 2GB. Smaller droplets are not sufficient for running a controller and bootstrapping will fail.

5
docs/fedora-coreos/google-cloud.md
View File

@ -136,8 +136,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-yavin" {
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
file_permission = "0600"
}
```

6
docs/flatcar-linux/aws.md
View File

@ -134,8 +134,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-tempest" {
content = module.tempest.kubeconfig-admin
filename = "/home/user/.kube/configs/tempest-config"
content = module.tempest.kubeconfig-admin
filename = "/home/user/.kube/configs/tempest-config"
file_permission = "0600"
}
```
@ -239,4 +240,3 @@ Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-typ
#### Spot
Add `worker_price = "0.10"` to use spot instance workers (instead of "on-demand") and set a maximum spot price in USD. Clusters can tolerate spot market interuptions fairly well (reschedules pods, but cannot drain) to save money, with the tradeoff that requests for workers may go unfulfilled.

5
docs/flatcar-linux/azure.md
View File

@ -140,8 +140,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-ramius" {
content = module.ramius.kubeconfig-admin
filename = "/home/user/.kube/configs/ramius-config"
content = module.ramius.kubeconfig-admin
filename = "/home/user/.kube/configs/ramius-config"
file_permission = "0600"
}
```

5
docs/flatcar-linux/bare-metal.md
View File

@ -312,8 +312,9 @@ systemd[1]: Started Kubernetes control plane.
```
resource "local_file" "kubeconfig-mercury" {
content = module.mercury.kubeconfig-admin
filename = "/home/user/.kube/configs/mercury-config"
content = module.mercury.kubeconfig-admin
filename = "/home/user/.kube/configs/mercury-config"
file_permission = "0600"
}
```

5
docs/flatcar-linux/digitalocean.md
View File

@ -144,8 +144,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-nemo" {
content = module.nemo.kubeconfig-admin
filename = "/home/user/.kube/configs/nemo-config"
content = module.nemo.kubeconfig-admin
filename = "/home/user/.kube/configs/nemo-config"
file_permission = "0600"
}
```

5
docs/flatcar-linux/google-cloud.md
View File

@ -136,8 +136,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.
```
resource "local_file" "kubeconfig-yavin" {
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
file_permission = "0600"
}
```

6
docs/index.md
View File

@ -87,8 +87,9 @@ module "yavin" {
# Obtain cluster kubeconfig
resource "local_file" "kubeconfig-yavin" {
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
content = module.yavin.kubeconfig-admin
filename = "/home/user/.kube/configs/yavin-config"
file_permission = "0600"
}
```
@ -157,4 +158,3 @@ Poseidon's Github [Sponsors](https://github.com/sponsors/poseidon) support the i
<br>
If you'd like your company here, please contact dghubble at psdn.io.