kubelet: Restrict access to TLS private key #2639
Merged
Commits on Dec 9, 2022
-
kubelet: Restrict access to tls private key
This moves the `tlsPrivateKeyFile` to be under a `private` subdirectory. This allows us to keep the public cert files readable for non-system processes that expect to be able to read them while limiting access to the more sensitive private key. Signed-off-by: Sean McGinnis <stmcg@amazon.com>
-
migrations: Add migration for kubelet private key path
This adds a migration to update the `kubelet-server.key` file location used for Kubernetes PKI. This was moved from the common location with the public key to a separate private location so users would still be able to read the public key if needed. Signed-off-by: Sean McGinnis <stmcg@amazon.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.