Fix ENABLE_METADATA_CONCEALMENT firewall rules to respect true/false

2025-07-29 06:27:05 +00:00 · 2017-10-27 16:01:08 -07:00 · 2017-10-27 16:01:08 -07:00 · 9f2b0188bc
commit 9f2b0188bc
parent 84284c0ba4
2 changed files with 2 additions and 2 deletions
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@ -93,7 +93,7 @@ function config-ip-firewall {
  iptables -N KUBE-METADATA-SERVER
  iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER

-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
    iptables -A KUBE-METADATA-SERVER -j DROP
  fi
 }
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -52,7 +52,7 @@ function config-ip-firewall {
  iptables -N KUBE-METADATA-SERVER
  iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER

-  if [[ -n "${ENABLE_METADATA_CONCEALMENT:-}" ]]; then
+  if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
    iptables -A KUBE-METADATA-SERVER -j DROP
  fi
 }