From 388317ad6460ba3b23131f2e5f27edf3744ed508 Mon Sep 17 00:00:00 2001
From: Cheng Pan <chengpan@amazon.com>
Date: Wed, 11 Dec 2019 14:24:37 -0800
Subject: [PATCH] Revert "Make 'kube-bench' happy." since there are changes
 being concerned (#381)

This reverts commit 593691ee46b2df9e7d3fa17818fe63724a78ed59.
---
 files/bootstrap.sh        | 10 ----------
 files/kubelet-config.json |  3 ---
 install-worker.sh         | 10 ----------
 3 files changed, 23 deletions(-)

diff --git a/files/bootstrap.sh b/files/bootstrap.sh
index 7c9998b3f..ee8c8a211 100755
--- a/files/bootstrap.sh
+++ b/files/bootstrap.sh
@@ -331,13 +331,3 @@ fi
 systemctl daemon-reload
 systemctl enable kubelet
 systemctl start kubelet
-
-# Wait for the TLS certificate and private key to be present and add these to the config file so they are picked up the next time the kubelet starts.
-# These cannot be added upfront because they are not present when the kubelet first starts, and adding them would cause the kubelet to crash.
-TLS_CERT_FILE="/var/lib/kubelet/pki/kubelet-server-current.pem"
-while [[ ! -f $TLS_CERT_FILE ]]
-do
-  sleep 1
-done
-echo "$(jq ".tlsCertFile=\"$TLS_CERT_FILE\"" $KUBELET_CONFIG)" > $KUBELET_CONFIG
-echo "$(jq ".tlsPrivateKeyFile=\"$TLS_CERT_FILE\"" $KUBELET_CONFIG)" > $KUBELET_CONFIG
diff --git a/files/kubelet-config.json b/files/kubelet-config.json
index f03c60bde..3a41c2a95 100644
--- a/files/kubelet-config.json
+++ b/files/kubelet-config.json
@@ -25,12 +25,9 @@
   "hairpinMode": "hairpin-veth",
   "cgroupDriver": "cgroupfs",
   "cgroupRoot": "/",
-  "eventRecordQPS": 0,
   "featureGates": {
     "RotateKubeletServerCertificate": true
   },
-  "protectKernelDefaults": true,
-  "readOnlyPort": 0,
   "serializeImagePulls": false,
   "serverTLSBootstrap": true
 }
diff --git a/install-worker.sh b/install-worker.sh
index c370462ad..25acb7330 100644
--- a/install-worker.sh
+++ b/install-worker.sh
@@ -227,16 +227,6 @@ EOF
 sudo mv /tmp/release /etc/eks/release
 sudo chown root:root /etc/eks/*
 
-################################################################################
-### Stuff required by "protectKernelDefaults=true" #############################
-################################################################################
-
-cat <<EOF | sudo tee -a /etc/sysctl.d/99-amazon.conf
-vm.overcommit_memory=1
-kernel.panic=10
-kernel.panic_on_oops=1
-EOF
-
 ################################################################################
 ### Cleanup ####################################################################
 ################################################################################