Create /var/lib/etcd with 0700

If we let the hostpath with DirectoryOrCreate to create this directory
it defaults to 0755. A default install should use 0700 for better
security especially if the directory is not present.

Change-Id: Idc0266685895767b0d1c5710c8a4fb704805652f

cmd/kubeadm/app/phases/etcd/local.go

@@ -18,6 +18,7 @@ package etcd
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -48,6 +49,12 @@ func CreateLocalEtcdStaticPodManifestFile(manifestDir string, cfg *kubeadmapi.In
 	}
 	// gets etcd StaticPodSpec
 	emptyInitialCluster := []etcdutil.Member{}
+
+	// creates target folder if not already exists
+	if err := os.MkdirAll(cfg.Etcd.Local.DataDir, 0700); err != nil {
+		return errors.Wrapf(err, "failed to create etcd directory %q", cfg.Etcd.Local.DataDir)
+	}
+
 	spec := GetEtcdPodSpec(cfg, emptyInitialCluster)
 	// writes etcd StaticPod to disk
 	if err := staticpodutil.WriteStaticPodToDisk(kubeadmconstants.Etcd, manifestDir, spec); err != nil {
@@ -100,6 +107,11 @@ func CreateStackedEtcdStaticPodManifestFile(client clientset.Interface, manifest
 	fmt.Println("[etcd] Announced new etcd member joining to the existing etcd cluster")
 	klog.V(1).Infof("Updated etcd member list: %v", initialCluster)
 
+	// creates target folder if not already exists
+	if err := os.MkdirAll(cfg.Etcd.Local.DataDir, 0700); err != nil {
+		return errors.Wrapf(err, "failed to create etcd directory %q", cfg.Etcd.Local.DataDir)
+	}
+
 	klog.V(1).Info("Creating local etcd static pod manifest file")
 	// gets etcd StaticPodSpec, actualized for the current InitConfiguration and the new list of etcd members
 	spec := GetEtcdPodSpec(cfg, initialCluster)

cmd/kubeadm/app/phases/etcd/local_test.go

@@ -67,7 +67,7 @@ func TestCreateLocalEtcdStaticPodManifestFile(t *testing.T) {
 					KubernetesVersion: "v1.7.0",
 					Etcd: kubeadmapi.Etcd{
 						Local: &kubeadmapi.LocalEtcd{
-							DataDir: "/var/lib/etcd",
+							DataDir: tmpdir + "/etcd",
 						},
 					},
 				},