-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modifying kubelet to use config files instead of kubelet flags which are about to deprecate. #90
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
--feature-gates=RotateKubeletServerCertificate=true \ | ||
--anonymous-auth=false \ | ||
--client-ca-file=/etc/kubernetes/pki/ca.crt $KUBELET_ARGS $KUBELET_MAX_PODS $KUBELET_EXTRA_ARGS | ||
ExecStartPre=/sbin/iptables -P FORWARD ACCEPT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this gets added here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@errordeveloper - I saw many miss this iptables rule causing problem, hence I added it to ExecStartPre to enforce this command run every time kubelet starts and change the rule.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it part of this PR and there was no discussion about it here? Maybe a comment in the unit file would help also, but I still don't quite understand the purpose, it seems very ad-hoc and as far as I can tell redundant in the context of this AMI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if the above questions is addressed some where else?
why is the FORWARD rule to ACCEPT?
see: awslabs/amazon-eks-ami#90 This should fix #49 that I think is cased by relying on depricated kubelet flags.
Description of changes:
Changing Kubelet to use config files instead of using kubelet flags as they are deprecated.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.