doc: set file_permission 0600 for kubeconfig file

It's only documentation, but kubeconfig file contains sensitive info so it's better to secure it a little
2025-07-24 04:21:34 +02:00 · 2024-09-24 16:25:58 +02:00
parent 6a5b808b17
commit 5932b651e3
12 changed files with 36 additions and 29 deletions
--- a/docs/flatcar-linux/aws.md
+++ b/docs/flatcar-linux/aws.md
@ -134,8 +134,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.

 ```
 resource "local_file" "kubeconfig-tempest" {
-  content  = module.tempest.kubeconfig-admin
-  filename = "/home/user/.kube/configs/tempest-config"
+  content         = module.tempest.kubeconfig-admin
+  filename        = "/home/user/.kube/configs/tempest-config"
+  file_permission = "0600"
 }
 ```

@ -239,4 +240,3 @@ Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-typ
 #### Spot

 Add `worker_price = "0.10"` to use spot instance workers (instead of "on-demand") and set a maximum spot price in USD. Clusters can tolerate spot market interuptions fairly well (reschedules pods, but cannot drain) to save money, with the tradeoff that requests for workers may go unfulfilled.
-
--- a/docs/flatcar-linux/azure.md
+++ b/docs/flatcar-linux/azure.md
@ -140,8 +140,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.

 ```
 resource "local_file" "kubeconfig-ramius" {
-  content  = module.ramius.kubeconfig-admin
-  filename = "/home/user/.kube/configs/ramius-config"
+  content         = module.ramius.kubeconfig-admin
+  filename        = "/home/user/.kube/configs/ramius-config"
+  file_permission = "0600"
 }
 ```

--- a/docs/flatcar-linux/bare-metal.md
+++ b/docs/flatcar-linux/bare-metal.md
@ -312,8 +312,9 @@ systemd[1]: Started Kubernetes control plane.

 ```
 resource "local_file" "kubeconfig-mercury" {
-  content  = module.mercury.kubeconfig-admin
-  filename = "/home/user/.kube/configs/mercury-config"
+  content         = module.mercury.kubeconfig-admin
+  filename        = "/home/user/.kube/configs/mercury-config"
+  file_permission = "0600"
 }
 ```

--- a/docs/flatcar-linux/digitalocean.md
+++ b/docs/flatcar-linux/digitalocean.md
@ -144,8 +144,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready.

 ```
 resource "local_file" "kubeconfig-nemo" {
-  content  = module.nemo.kubeconfig-admin
-  filename = "/home/user/.kube/configs/nemo-config"
+  content         = module.nemo.kubeconfig-admin
+  filename        = "/home/user/.kube/configs/nemo-config"
+  file_permission = "0600"
 }
 ```

--- a/docs/flatcar-linux/google-cloud.md
+++ b/docs/flatcar-linux/google-cloud.md
@ -136,8 +136,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready.

 ```
 resource "local_file" "kubeconfig-yavin" {
-  content  = module.yavin.kubeconfig-admin
-  filename = "/home/user/.kube/configs/yavin-config"
+  content         = module.yavin.kubeconfig-admin
+  filename        = "/home/user/.kube/configs/yavin-config"
+  file_permission = "0600"
 }
 ```