From 71bb7ae16869e5d95b10e8194d0dce5f38aa04e5 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 29 Jul 2022 10:46:24 +0530
Subject: [PATCH 1/4] restrict rw permissions to owner

---
 scripts/cluster-creation/aks-engine.sh | 4 ++--
 scripts/cluster-creation/onprem-k8s.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/cluster-creation/aks-engine.sh b/scripts/cluster-creation/aks-engine.sh
index 9d287ea07..9adc6b6cc 100644
--- a/scripts/cluster-creation/aks-engine.sh
+++ b/scripts/cluster-creation/aks-engine.sh
@@ -91,7 +91,7 @@ create_cluster()
 {
 
 sudo touch kubernetes.json
-sudo chmod 777 kubernetes.json
+sudo chmod 644 kubernetes.json
 # For docker runtime, remove kubernetesConfig block
 cat >> kubernetes.json <<EOL
 {
@@ -159,5 +159,5 @@ create_cluster
 echo "creating aks-engine cluster completed."
 
 echo "changing file permissions to access the kubeconfig"
-sudo chmod -R 777  ~/${TEMP_DIR}/_output
+sudo chmod 644 ~/${TEMP_DIR}/_output/${dnsPrefix}/kubeconfig
 echo "kubeconfig of this cluster should be under ~/${TEMP_DIR}/_output/${dnsPrefix}/kubeconfig"
diff --git a/scripts/cluster-creation/onprem-k8s.sh b/scripts/cluster-creation/onprem-k8s.sh
index 147681133..ed5a0e282 100755
--- a/scripts/cluster-creation/onprem-k8s.sh
+++ b/scripts/cluster-creation/onprem-k8s.sh
@@ -25,7 +25,7 @@ download_install_docker()
 create_cluster()
 {
 sudo touch kind-config.yaml
-sudo chmod 777 kind-config.yaml
+sudo chmod 644 kind-config.yaml
 cat >> kind-config.yaml <<EOL
 kind: Cluster
 apiVersion: kind.sigs.k8s.io/v1alpha3

From f7a11a31fe67b3d7498514455b1dec8c53d1e179 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 29 Jul 2022 11:49:17 +0530
Subject: [PATCH 2/4] remove usage of worldwrite file permissions

---
 scripts/cluster-creation/aks-engine.sh | 6 +++---
 scripts/cluster-creation/onprem-k8s.sh | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/cluster-creation/aks-engine.sh b/scripts/cluster-creation/aks-engine.sh
index 9adc6b6cc..c45cf7a59 100644
--- a/scripts/cluster-creation/aks-engine.sh
+++ b/scripts/cluster-creation/aks-engine.sh
@@ -91,9 +91,9 @@ create_cluster()
 {
 
 sudo touch kubernetes.json
-sudo chmod 644 kubernetes.json
+
 # For docker runtime, remove kubernetesConfig block
-cat >> kubernetes.json <<EOL
+sudo tee -a kubernetes.json > /dev/null << 'EOF'
 {
   "apiVersion": "vlabs",
   "properties": {
@@ -132,7 +132,7 @@ cat >> kubernetes.json <<EOL
     }
   }
 }
-EOL
+EOF
 
 echo "deploying aks-engine cluster ..."
 sudo aks-engine deploy --subscription-id ${subscriptionId} --client-id ${clientId} --client-secret ${clientSecret} --dns-prefix ${dnsPrefix} --location ${location} --api-model  kubernetes.json
diff --git a/scripts/cluster-creation/onprem-k8s.sh b/scripts/cluster-creation/onprem-k8s.sh
index ed5a0e282..ae6307fb1 100755
--- a/scripts/cluster-creation/onprem-k8s.sh
+++ b/scripts/cluster-creation/onprem-k8s.sh
@@ -25,14 +25,14 @@ download_install_docker()
 create_cluster()
 {
 sudo touch kind-config.yaml
-sudo chmod 644 kind-config.yaml
-cat >> kind-config.yaml <<EOL
+sudo tee -a kind-config.yaml > /dev/null << 'EOF'
 kind: Cluster
 apiVersion: kind.sigs.k8s.io/v1alpha3
 nodes:
  - role: control-plane
  - role: worker
-EOL
+EOF
+
 sudo kind create cluster --config kind-config.yaml  --name $clusterName
 }
 
@@ -95,7 +95,7 @@ echo "parsing args"
 parse_args $@
 
 echo "download and install docker"
-download_install_docker
+#download_install_docker
 
 echo "download and install kind"
 install-kind

From 967b115466ad656e6815087a5eb430cc09967ef5 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 29 Jul 2022 11:54:23 +0530
Subject: [PATCH 3/4] remove worldwrite file permission

---
 scripts/cluster-creation/aks-engine.sh | 5 +----
 scripts/cluster-creation/onprem-k8s.sh | 3 +--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/scripts/cluster-creation/aks-engine.sh b/scripts/cluster-creation/aks-engine.sh
index c45cf7a59..e76a4e96b 100644
--- a/scripts/cluster-creation/aks-engine.sh
+++ b/scripts/cluster-creation/aks-engine.sh
@@ -89,11 +89,8 @@ while getopts 'hs:c:w:d:l:' opt; do
 }
 create_cluster()
 {
-
-sudo touch kubernetes.json
-
 # For docker runtime, remove kubernetesConfig block
-sudo tee -a kubernetes.json > /dev/null << 'EOF'
+sudo tee kubernetes.json > /dev/null << 'EOF'
 {
   "apiVersion": "vlabs",
   "properties": {
diff --git a/scripts/cluster-creation/onprem-k8s.sh b/scripts/cluster-creation/onprem-k8s.sh
index ae6307fb1..f3614d210 100755
--- a/scripts/cluster-creation/onprem-k8s.sh
+++ b/scripts/cluster-creation/onprem-k8s.sh
@@ -24,8 +24,7 @@ download_install_docker()
 
 create_cluster()
 {
-sudo touch kind-config.yaml
-sudo tee -a kind-config.yaml > /dev/null << 'EOF'
+sudo tee kind-config.yaml > /dev/null << 'EOF'
 kind: Cluster
 apiVersion: kind.sigs.k8s.io/v1alpha3
 nodes:

From 5bf1b416f4819b8b05d76442c9445227854c46ee Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 29 Jul 2022 11:56:40 +0530
Subject: [PATCH 4/4] remove worldwrite file permission

---
 scripts/cluster-creation/aks-engine.sh | 2 --
 scripts/cluster-creation/onprem-k8s.sh | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/scripts/cluster-creation/aks-engine.sh b/scripts/cluster-creation/aks-engine.sh
index e76a4e96b..ba763e354 100644
--- a/scripts/cluster-creation/aks-engine.sh
+++ b/scripts/cluster-creation/aks-engine.sh
@@ -155,6 +155,4 @@ echo "creating cluster: ${ClusterName}"
 create_cluster
 echo "creating aks-engine cluster completed."
 
-echo "changing file permissions to access the kubeconfig"
-sudo chmod 644 ~/${TEMP_DIR}/_output/${dnsPrefix}/kubeconfig
 echo "kubeconfig of this cluster should be under ~/${TEMP_DIR}/_output/${dnsPrefix}/kubeconfig"
diff --git a/scripts/cluster-creation/onprem-k8s.sh b/scripts/cluster-creation/onprem-k8s.sh
index f3614d210..3603c0265 100755
--- a/scripts/cluster-creation/onprem-k8s.sh
+++ b/scripts/cluster-creation/onprem-k8s.sh
@@ -94,7 +94,7 @@ echo "parsing args"
 parse_args $@
 
 echo "download and install docker"
-#download_install_docker
+download_install_docker
 
 echo "download and install kind"
 install-kind