This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cannot disable GKE kubelet read-only port

Posted on 07-18-2023 11:26 PM
andreiflorea
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi everyone,

I'm trying to disable the kubelet read-only port by following Google's article https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port, but I can't seem to do it. 

I'm executing the command from their docs:
gcloud container clusters update <cluster> \
--location=<location> \
--no-enable-insecure-kubelet-readonly-port

This is the error I get:

ERROR: gcloud crashed (AttributeError): May not assign arbitrary value desiredNodeKubeletConfig to message ClusterUpdate

My gcloud CLI is 438.0.0, so that should be fine. I tried on a GKE 1.26 cluster and on a GKE 1.27, the same error appears.

Any ideas?

Thanks!

Solved Solved
3 6 2,317
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
andy_fixstars
Bronze 1
Bronze 1
In response to garisingh
Reply posted on --/--/---- --:-- AM

Hi garisingh,

Could you elaborate more on how to disable the port using the --system-config-from-file flag?

I have a file kubelet_config.yaml with the following:

 

kubeletConfig:
  readOnlyPort: 0

 

I ran the command
gcloud container node-pools update <node-pool> \
--system-config-from-file=kubelet_config.yaml

This returns an error:
ERROR: (gcloud.container.node-pools.update) Invalid node config: unknown fields: ['readOnlyPort'] in "kubeletConfig"

It seems that the --system-config-from-file only allows changing kubelet configs that are listed on the documentation that you linked.  However, it doesn't look like any of them are for the read-only port.  I am on gcloud CLI version 444.0.0

Thank you!

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

Looks like a bug.   😥

Can you open a case with support and/or hit the "Send Feedback" button at the bottom of the doc page and say the command is broken?
I'll do the same on my end.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
andreiflorea
Bronze 2
Bronze 2
In response to garisingh
Reply posted on --/--/---- --:-- AM

Just sent feedback, no support available for me

Jump to Solution

Posted on --/--/---- --:-- AM
garisingh
Staff
In response to andreiflorea
Reply posted on --/--/---- --:-- AM

Thanks.  We have it internally.  It's a bug.  Sorry about that.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
pbastov
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I get the same error. Any update on when this bug might be fixed?

Thank you!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

We are working on a more comprehensive mechanism for this.  We've rolled back the update capability for now.

It is possible to disable the port on existing nodepools using https://cloud.google.com/sdk/gcloud/reference/container/node-pools/update#--system-config-from-file

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
andy_fixstars
Bronze 1
Bronze 1
In response to garisingh
Reply posted on --/--/---- --:-- AM

Hi garisingh,

Could you elaborate more on how to disable the port using the --system-config-from-file flag?

I have a file kubelet_config.yaml with the following:

 

kubeletConfig:
  readOnlyPort: 0

 

I ran the command
gcloud container node-pools update <node-pool> \
--system-config-from-file=kubelet_config.yaml

This returns an error:
ERROR: (gcloud.container.node-pools.update) Invalid node config: unknown fields: ['readOnlyPort'] in "kubeletConfig"

It seems that the --system-config-from-file only allows changing kubelet configs that are listed on the documentation that you linked.  However, it doesn't look like any of them are for the read-only port.  I am on gcloud CLI version 444.0.0

Thank you!

Jump to Solution
Top Labels in this Space