How to pass flags to konlet in Google Container OS?

[fdcds]

I am running Google Container OS and would like to pass -open-iptables=no to konlet in order to not open a hole for all UDP and TCP traffic in the firewall:

konlet/gce-containers-startup/gce-containers-startup.go

Lines 94 to 99 in 9cb9106

	if openIptables {
	err = utils.OpenIptables()
	if err != nil {
	return fmt.Errorf("Cannot update IPtables: %v", err)
	}
	}

How do I do that?

Update 2021-09-23: In case this should be supported with the current systemd service file, maybe you can answer terraform-google-modules/terraform-google-container-vm#76 regarding how to do this with the Google Container Terraform module?