From 550af42ab54d60615a319bfeb7217a62b252111c Mon Sep 17 00:00:00 2001
From: "Brint E. Kriebel" <github@bekit.net>
Date: Thu, 28 Dec 2017 11:08:48 -0800
Subject: [PATCH] deployment: Set permissions of pki secret volume

The PKI folder should only be readable by root. Set the permissions to
0400.

This removes the following warnings from the logs:
  WARNING: file '/etc/openvpn/pki/private.key' is group or others accessible
  WARNING: file '/etc/openvpn/pki/ta.key' is group or others accessible
---
 kube/deployment.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kube/deployment.yaml b/kube/deployment.yaml
index 8ff1f6a..e1bc867 100644
--- a/kube/deployment.yaml
+++ b/kube/deployment.yaml
@@ -59,6 +59,7 @@ spec:
       - name: openvpn-pki
         secret:
           secretName: openvpn-pki
+          defaultMode: 0400
       - name: openvpn-ccd
         configMap:
           name: openvpn-ccd