Revert "Make 'kube-bench' happy." since there are changes being conce…

…rned (#381)

This reverts commit 593691e.

files/bootstrap.sh

@@ -331,13 +331,3 @@ fi
 systemctl daemon-reload
 systemctl enable kubelet
 systemctl start kubelet
-
-# Wait for the TLS certificate and private key to be present and add these to the config file so they are picked up the next time the kubelet starts.
-# These cannot be added upfront because they are not present when the kubelet first starts, and adding them would cause the kubelet to crash.
-TLS_CERT_FILE="/var/lib/kubelet/pki/kubelet-server-current.pem"
-while [[ ! -f $TLS_CERT_FILE ]]
-do
-  sleep 1
-done
-echo "$(jq ".tlsCertFile=\"$TLS_CERT_FILE\"" $KUBELET_CONFIG)" > $KUBELET_CONFIG
-echo "$(jq ".tlsPrivateKeyFile=\"$TLS_CERT_FILE\"" $KUBELET_CONFIG)" > $KUBELET_CONFIG

files/kubelet-config.json

@@ -25,12 +25,9 @@
   "hairpinMode": "hairpin-veth",
   "cgroupDriver": "cgroupfs",
   "cgroupRoot": "/",
-  "eventRecordQPS": 0,
   "featureGates": {
     "RotateKubeletServerCertificate": true
   },
-  "protectKernelDefaults": true,
-  "readOnlyPort": 0,
   "serializeImagePulls": false,
   "serverTLSBootstrap": true
 }

install-worker.sh

@@ -227,16 +227,6 @@ EOF
 sudo mv /tmp/release /etc/eks/release
 sudo chown root:root /etc/eks/*
 
-################################################################################
-### Stuff required by "protectKernelDefaults=true" #############################
-################################################################################
-
-cat <<EOF | sudo tee -a /etc/sysctl.d/99-amazon.conf
-vm.overcommit_memory=1
-kernel.panic=10
-kernel.panic_on_oops=1
-EOF
-
 ################################################################################
 ### Cleanup ####################################################################
 ################################################################################