ingress-nginx icon indicating copy to clipboard operation
ingress-nginx copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

sensitive file with too large permission

Open zzzzoy opened this issue 7 months ago • 2 comments

ingress-nginx-controller places the key file on the disk and use permission 0o700 for starting the nginx server. https://github.com/kubernetes/ingress-nginx/blob/main/pkg/util/file/filesystem.go i think 0600 shall be enough.


$ ll /etc/ingress-controller/ssl/kube-system-ingress-cert.pem
-rwx------ 1 root root 4911 Mar 26 11:08 /etc/ingress-controller/ssl/kube-system-ingress-cert.pem

zzzzoy avatar Mar 26 '25 06:03 zzzzoy