Skip to content

kubeone installation issues in a hardened environment #3726

New issue
New issue
Open
Open
kubeone installation issues in a hardened environment#3726
Labels
kind/bugCategorizes issue or PR as related to a bug.sig/cluster-managementDenotes a PR or issue as being assigned to SIG Cluster Management.
@dharapvj

Description

@dharapvj
dharapvj
opened on Jul 1, 2025

What happened?

When attempted to use kubeone to install kuberenetes in a security hardened environment, i encountered following issues:

  1. /etc/kubeone/proxy-env - Permission denied
  2. ssh - administratively provibited.

Expected behavior

kubeone installation should proceed without any issues and succeed.

How to reproduce the issue?

Issue 1

  1. set umask to 0027 in the control plane nodes.
  2. set some proxy values in kubeone.yaml
  3. run kubeone apply. kubeone uses sudo to create the proxy-env file which gets created fine but the regular login user does not have access to it (because of umask others do not have access to /etc/kubeone directory and the file within)

Issue 2

  1. On the control plane machines, edit /etc/ssh/sshd_config to add DisableForwarding yes
  2. Restart sshd service by sudo systemctl restart sshd.service
  3. run kubeone apply.
  4. You will not be able to reach control plane machine during the csr-approval stage with error administratively prohibited

What KubeOne version are you using?

Kubeone v1.10.0

What cloud provider are you running on?

vsphere

What operating system are you running in your cluster?

RHEL

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.sig/cluster-managementDenotes a PR or issue as being assigned to SIG Cluster Management.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions