Merge pull request #51824 from ihmccreery/oss-mdc

Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237) Allow metadata firewall & proxy on in GCE, off by default **What this PR does / why we need it**: Add necessary variables in kube-env to allow a user to turn on metadata firewall and proxy for K8s on GCE. Ref #8867. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: **Special notes for your reviewer**: **Release note**: ```release-note GCE users can enable the metadata firewall and metadata proxy with KUBE_FIREWALL_METADATA_SERVER and ENABLE_METADATA_PROXY, respectively. ```
2025-09-20 01:23:48 +00:00 · 2017-09-15 01:07:58 -07:00
parent 9d8c11924f 6930f5ac31
commit b3e641d7f3
3 changed files with 17 additions and 6 deletions
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -199,9 +199,8 @@ if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
 	NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true"
 fi

-# Turn the simple metadata proxy on by default.
-ENABLE_METADATA_PROXY="${ENABLE_METADATA_PROXY:-simple}"
-if [[ ${ENABLE_METADATA_PROXY} != "false" ]]; then
+# Apply the right node label if metadata proxy is on.
+if [[ ${ENABLE_METADATA_PROXY:-} == "simple" ]]; then
        NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
 fi