From 1bfe842117041368599f895b0243c76b895e27a3 Mon Sep 17 00:00:00 2001
From: Tomoya Fujita <Tomoya.Fujita@sony.com>
Date: Mon, 26 Jun 2023 16:19:34 -0700
Subject: [PATCH 1/2] /opt/cni/bin should be 755 access permission by default.

Signed-off-by: Tomoya Fujita <Tomoya.Fujita@sony.com>
---
 pkg/yurtadm/util/kubernetes/util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/yurtadm/util/kubernetes/util.go b/pkg/yurtadm/util/kubernetes/util.go
index 666e84e14d0..936d81b426a 100644
--- a/pkg/yurtadm/util/kubernetes/util.go
+++ b/pkg/yurtadm/util/kubernetes/util.go
@@ -161,7 +161,7 @@ func CheckAndInstallKubelet(kubernetesResourceServer, clusterVersion string) err
 		klog.V(1).Infof("Skip download cni, use already exist file: %s", savePath)
 	}
 
-	if err := os.MkdirAll(constants.KubeCniDir, 0600); err != nil {
+	if err := os.MkdirAll(constants.KubeCniDir, 0755); err != nil {
 		return err
 	}
 	if err := util.Untar(savePath, constants.KubeCniDir); err != nil {

From 3672bcdd440990d8161e8d54784f91ceb1838b91 Mon Sep 17 00:00:00 2001
From: Tomoya Fujita <Tomoya.Fujita@sony.com>
Date: Wed, 28 Jun 2023 14:05:17 -0700
Subject: [PATCH 2/2] /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
 should be 640 access permission.

Signed-off-by: Tomoya Fujita <Tomoya.Fujita@sony.com>
---
 pkg/yurtadm/util/kubernetes/util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/yurtadm/util/kubernetes/util.go b/pkg/yurtadm/util/kubernetes/util.go
index 936d81b426a..7e9e6d1ae46 100644
--- a/pkg/yurtadm/util/kubernetes/util.go
+++ b/pkg/yurtadm/util/kubernetes/util.go
@@ -207,7 +207,7 @@ func SetKubeletUnitConfig() error {
 		}
 	}
 
-	if err := os.WriteFile(constants.KubeletServiceConfPath, []byte(constants.KubeletUnitConfig), 0600); err != nil {
+	if err := os.WriteFile(constants.KubeletServiceConfPath, []byte(constants.KubeletUnitConfig), 0640); err != nil {
 		return err
 	}