millions-book-5295407/25/2022, 11:07 AM
1.1.12 - Ensure that the etcd data directory ownership is set to
1. Check that theuser and group exists on the host. If they don’t, exit with an error.
2. Create etcd’s data directory withas the user and group owner.
3. Ensure the etcd process is ran as theSource: https://rancher.com/docs/rancher/v2.6/en/security/hardening-guides/rke2-1.6-hardening-2.6/#ensure-etcd-is-configured-properly User creation is (partly ?) documented:user and group by setting the etcd static pod’s
Questions: 1 - Is there a reason to not specify a UID/GID (as opposed to RKE) ? 2 - What is the best way to set the
sudo useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
for etcd pods ? • Is it done by enabling cis profile into
? (This is not the case of my cluster currently as I try to pass test before enabling it.) • As opposed to RKE, it seems to not be possible to set etcd user/group explicitly into
. • Last option seems to update
Let me know if I misunderstood something.
high-waitress-6659407/25/2022, 5:51 PM
millions-book-5295407/26/2022, 7:21 AM
that's an exercise for the reader.ok
...so unless you want to break expectations, I wouldn't advise changing it.ok, thank you for this. I will continue my investigations regarding point 2.
rapid-helmet-8607408/01/2022, 6:32 PM
millions-book-5295408/02/2022, 7:24 AM
rapid-helmet-8607408/02/2022, 2:18 PM