From 5380ba24558460d7f7b6141ad00b66d7a880ed4f Mon Sep 17 00:00:00 2001
From: Adrien <adrien@reslinger.net>
Date: Tue, 2 Jun 2020 20:54:14 +0200
Subject: [PATCH] Force security access on etcd directory

---
 tasks/install_server.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tasks/install_server.yml b/tasks/install_server.yml
index 9047a18..ff7d23a 100644
--- a/tasks/install_server.yml
+++ b/tasks/install_server.yml
@@ -113,6 +113,16 @@
 #    - groups['KubernetesMasters'] | length > 1
   changed_when: False
 
+- name: Secure etcd directory
+  file:
+    path: "/var/lib/etcd"
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+  when:
+    - kubernetes_master|bool
+
 - name: Deploy initial kubeadm config
   template:
     src: kubeadm-config.yaml.j2