From d19267286e279b490241c34e580b37c83e5af39c Mon Sep 17 00:00:00 2001
From: Varun Shivakumar <varun.shivakumar@armis.com>
Date: Tue, 30 Jan 2024 16:23:15 -0500
Subject: [PATCH 1/4] allow 10250 port in iptables for kubelet logs and exec

---
 files/kubelet-containerd.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/kubelet-containerd.service b/files/kubelet-containerd.service
index 946fb1c28..b576e4668 100644
--- a/files/kubelet-containerd.service
+++ b/files/kubelet-containerd.service
@@ -6,7 +6,7 @@ Requires=containerd.service sandbox-image.service
 
 [Service]
 Slice=runtime.slice
-ExecStartPre=/sbin/iptables -P FORWARD ACCEPT -w 5
+ExecStartPre=/sbin/iptables -P FORWARD ACCEPT -w 5 ; /sbin/iptables -I INPUT -p tcp -m tcp --dport 10250 -j ACCEPT
 ExecStart=/usr/bin/kubelet \
     --config /etc/kubernetes/kubelet/kubelet-config.json \
     --kubeconfig /var/lib/kubelet/kubeconfig \

From 8786f694f737c8219f3324a5973e0942c7ef801b Mon Sep 17 00:00:00 2001
From: Varun Shivakumar <varun.shivakumar@armis.com>
Date: Tue, 30 Jan 2024 16:25:46 -0500
Subject: [PATCH 2/4] enable ip_forward in /etc/sysctl.conf

---
 eks-worker-al2.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/eks-worker-al2.json b/eks-worker-al2.json
index 708d09ac1..e493ea61d 100644
--- a/eks-worker-al2.json
+++ b/eks-worker-al2.json
@@ -165,6 +165,13 @@
         "ENABLE_FIPS={{user `enable_fips`}}"
       ]
     },
+    {
+      "type": "shell",
+      "remote_folder": "{{ user `remote_folder`}}",
+      "inline": [
+        "sudo sed -i 's/^net.ipv4.ip_forward = 0$/net.ipv4.ip_forward = 1/' /etc/sysctl.conf"
+      ]
+    },
     {
       "type": "shell",
       "remote_folder": "{{ user `remote_folder`}}",

From 95256d1354e5448af45033dc45f87767525ab939 Mon Sep 17 00:00:00 2001
From: Varun Shivakumar <varun.shivakumar@armis.com>
Date: Tue, 30 Jan 2024 16:50:05 -0500
Subject: [PATCH 3/4] add sudo for kubelet and aws commands

---
 scripts/generate-version-info.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/generate-version-info.sh b/scripts/generate-version-info.sh
index 94ded309c..a0d08453a 100644
--- a/scripts/generate-version-info.sh
+++ b/scripts/generate-version-info.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+# open issue:
+#   https://github.com/awslabs/amazon-eks-ami/pull/1513
+#   https://github.com/awslabs/amazon-eks-ami/pull/1556
+
 # generates a JSON file containing version information for the software in this AMI
 
 set -o errexit
@@ -16,14 +20,14 @@ OUTPUT_FILE="$1"
 sudo rpm --query --all --queryformat '\{"%{NAME}": "%{VERSION}-%{RELEASE}"\}\n' | jq --slurp --sort-keys 'add | {packages:(.)}' > "$OUTPUT_FILE"
 
 # binaries
-KUBELET_VERSION=$(kubelet --version | awk '{print $2}')
+KUBELET_VERSION=$(sudo kubelet --version | awk '{print $2}')
 if [ "$?" != 0 ]; then
   echo "unable to get kubelet version"
   exit 1
 fi
 echo $(jq ".binaries.kubelet = \"$KUBELET_VERSION\"" $OUTPUT_FILE) > $OUTPUT_FILE
 
-CLI_VERSION=$(aws --version | awk '{print $1}' | cut -d '/' -f 2)
+CLI_VERSION=$(sudo /bin/aws --version | awk '{print $1}' | cut -d '/' -f 2)
 if [ "$?" != 0 ]; then
   echo "unable to get aws cli version"
   exit 1

From 8b0f878b08d99d06008d3a37ff223bfc2fc86ee4 Mon Sep 17 00:00:00 2001
From: Varun Shivakumar <varun.shivakumar@armis.com>
Date: Tue, 30 Jan 2024 16:52:37 -0500
Subject: [PATCH 4/4] update permissions for eks binaries

---
 scripts/install-worker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install-worker.sh b/scripts/install-worker.sh
index e61ca9d21..eed9276fe 100644
--- a/scripts/install-worker.sh
+++ b/scripts/install-worker.sh
@@ -304,7 +304,7 @@ for binary in ${BINARIES[*]}; do
     sudo wget $S3_URL_BASE/$binary.sha256
   fi
   sudo sha256sum -c $binary.sha256
-  sudo chmod +x $binary
+  sudo chmod 755 $binary
   sudo mv $binary /usr/bin/
 done