From 98add8894fa30c9536b671c450bcf8f685ac0fe7 Mon Sep 17 00:00:00 2001
From: Jack Francis <jack.francis@microsoft.com>
Date: Tue, 19 Dec 2017 12:23:07 -0800
Subject: [PATCH] 3 new static kubelet configs

---
 docs/clusterdefinition.md         | 3 +++
 pkg/acsengine/defaults-kubelet.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/docs/clusterdefinition.md b/docs/clusterdefinition.md
index ca30df9a19..4c7078ef6b 100644
--- a/docs/clusterdefinition.md
+++ b/docs/clusterdefinition.md
@@ -180,6 +180,9 @@ Below is a list of kubelet options that are *not* currently user-configurable, e
 |"--kubeconfig"|"/var/lib/kubelet/kubeconfig"|
 |"--register-node" (master nodes only)|"true"|
 |"--register-with-taints" (master nodes only)|"node-role.kubernetes.io/master=true:NoSchedule"|
+|"--read-only-port"|"0"|
+|"--protect-kernel-defaults"|"true"|
+|"--keep-terminated-pod-volumes"|"false"|
 |"--feature-gates" (agent nodes only)|"Accelerators=true"|
 
 #### controllerManagerConfig
diff --git a/pkg/acsengine/defaults-kubelet.go b/pkg/acsengine/defaults-kubelet.go
index 7728d77b4c..b373bfbd71 100644
--- a/pkg/acsengine/defaults-kubelet.go
+++ b/pkg/acsengine/defaults-kubelet.go
@@ -24,6 +24,9 @@ func setKubeletConfig(cs *api.ContainerService) {
 		"--enforce-node-allocatable":        "",
 		"--kubeconfig":                      "/var/lib/kubelet/kubeconfig",
 		"--azure-container-registry-config": "/etc/kubernetes/azure.json",
+		"--read-only-port":                  "0",
+		"--protect-kernel-defaults":         "true",
+		"--keep-terminated-pod-volumes":     "false",
 	}
 
 	staticWindowsKubeletConfig := make(map[string]string)