From c6c842112e3f691e5bb9c1e957728b39d4e06ae8 Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Wed, 23 May 2018 21:03:48 +0100
Subject: [PATCH] CA Key File Permissions

- locking down the ca.key somewhat by forcing the file permissions to 0600
---
 nodeup/pkg/model/kube_controller_manager.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nodeup/pkg/model/kube_controller_manager.go b/nodeup/pkg/model/kube_controller_manager.go
index 49215a4e9f..b82401b19d 100644
--- a/nodeup/pkg/model/kube_controller_manager.go
+++ b/nodeup/pkg/model/kube_controller_manager.go
@@ -67,6 +67,7 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
 		c.AddTask(&nodetasks.File{
 			Path:     filepath.Join(b.PathSrvKubernetes(), "ca.key"),
 			Contents: fi.NewStringResource(serialized),
+			Mode:     fi.String("600"),
 			Type:     nodetasks.FileType_File,
 		})
 	}