From 836f413cf1096c9b020b20319d0767aee4f9b990 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Sat, 8 Dec 2018 19:04:51 -0500 Subject: [PATCH] Create /var/lib/etcd with 0700 If we let the hostpath with DirectoryOrCreate to create this directory it defaults to 0755. A default install should use 0700 for better security especially if the directory is not present. Change-Id: Idc0266685895767b0d1c5710c8a4fb704805652f --- cmd/kubeadm/app/phases/etcd/local.go | 12 ++++++++++++ cmd/kubeadm/app/phases/etcd/local_test.go | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/phases/etcd/local.go b/cmd/kubeadm/app/phases/etcd/local.go index 6681d5a810..c1b7eb565a 100644 --- a/cmd/kubeadm/app/phases/etcd/local.go +++ b/cmd/kubeadm/app/phases/etcd/local.go @@ -18,6 +18,7 @@ package etcd import ( "fmt" + "os" "path/filepath" "strings" @@ -48,6 +49,12 @@ func CreateLocalEtcdStaticPodManifestFile(manifestDir string, cfg *kubeadmapi.In } // gets etcd StaticPodSpec emptyInitialCluster := []etcdutil.Member{} + + // creates target folder if not already exists + if err := os.MkdirAll(cfg.Etcd.Local.DataDir, 0700); err != nil { + return errors.Wrapf(err, "failed to create etcd directory %q", cfg.Etcd.Local.DataDir) + } + spec := GetEtcdPodSpec(cfg, emptyInitialCluster) // writes etcd StaticPod to disk if err := staticpodutil.WriteStaticPodToDisk(kubeadmconstants.Etcd, manifestDir, spec); err != nil { @@ -100,6 +107,11 @@ func CreateStackedEtcdStaticPodManifestFile(client clientset.Interface, manifest fmt.Println("[etcd] Announced new etcd member joining to the existing etcd cluster") klog.V(1).Infof("Updated etcd member list: %v", initialCluster) + // creates target folder if not already exists + if err := os.MkdirAll(cfg.Etcd.Local.DataDir, 0700); err != nil { + return errors.Wrapf(err, "failed to create etcd directory %q", cfg.Etcd.Local.DataDir) + } + klog.V(1).Info("Creating local etcd static pod manifest file") // gets etcd StaticPodSpec, actualized for the current InitConfiguration and the new list of etcd members spec := GetEtcdPodSpec(cfg, initialCluster) diff --git a/cmd/kubeadm/app/phases/etcd/local_test.go b/cmd/kubeadm/app/phases/etcd/local_test.go index e06ed677c8..8c2aa4ae30 100644 --- a/cmd/kubeadm/app/phases/etcd/local_test.go +++ b/cmd/kubeadm/app/phases/etcd/local_test.go @@ -67,7 +67,7 @@ func TestCreateLocalEtcdStaticPodManifestFile(t *testing.T) { KubernetesVersion: "v1.7.0", Etcd: kubeadmapi.Etcd{ Local: &kubeadmapi.LocalEtcd{ - DataDir: "/var/lib/etcd", + DataDir: tmpdir + "/etcd", }, }, },