Merge pull request #54725 from ihmccreery/fix-mdc-fw

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false **What this PR does / why we need it**: Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false; fixes introduced in #54150 (env var value of 'false' would trigger this). Ref #8867. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2017-10-27 19:45:18 -07:00 · 2017-10-27 19:45:18 -07:00 · afe40ae875
parent 5ad34ac60a 9f2b0188bc
commit afe40ae875
2 changed files with 2 additions and 2 deletions
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@ -93,7 +93,7 @@ function config-ip-firewall {
  iptables -N KUBE-METADATA-SERVER
  iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER

-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
    iptables -A KUBE-METADATA-SERVER -j DROP
  fi
 }
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -52,7 +52,7 @@ function config-ip-firewall {
  iptables -N KUBE-METADATA-SERVER
  iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER

-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
    iptables -A KUBE-METADATA-SERVER -j DROP
  fi
 }