github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false

Browse Source
This commit is contained in:
Isaac Hollander McCreery
2017-10-27 16:01:08 -07:00
parent 84284c0ba4
commit 9f2b0188bc
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/gce/configure-vm.sh
View File

@@ -93,7 +93,7 @@ function config-ip-firewall {
iptables -N KUBE-METADATA-SERVER iptables -N KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP iptables -A KUBE-METADATA-SERVER -j DROP
fi fi
} }

2
cluster/gce/gci/configure-helper.sh
View File

@@ -52,7 +52,7 @@ function config-ip-firewall {
iptables -N KUBE-METADATA-SERVER iptables -N KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP iptables -A KUBE-METADATA-SERVER -j DROP
fi fi
} }