From 9651e2e754c14cd8353d628a1cfbb9f3e2e20154 Mon Sep 17 00:00:00 2001
From: Kai Lueke <kailuke@microsoft.com>
Date: Mon, 9 Oct 2023 18:42:06 +0200
Subject: [PATCH] coreos-base/misc-files: Make Kubernetes work by default
 through symlink

In the past user had to customize Kubernetes or use a bind mount to make
writing the default /usr/libexec/kubernetes/ path work. With
systemd-sysext on by default the bind mount doesn't work anymore because
it can get lost. A newer workaround is to use a systemd-sysext image
that creates a symlink in /usr/libexec/... to redirect to somewhere
under /var/.
Instead of relying on workarounds, make Kubernetes work by default on
Flatcar by having the symlink be part of the generic image. The target
folder will be created through a tmpfiles rule.
---
 changelog/changes/2023-10-09-kubernetes-usr-libexec.md       | 1 +
 .../coreos-base/misc-files/misc-files-0-r2.ebuild            | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 changelog/changes/2023-10-09-kubernetes-usr-libexec.md

diff --git a/changelog/changes/2023-10-09-kubernetes-usr-libexec.md b/changelog/changes/2023-10-09-kubernetes-usr-libexec.md
new file mode 100644
index 0000000000..6c2d51a80f
--- /dev/null
+++ b/changelog/changes/2023-10-09-kubernetes-usr-libexec.md
@@ -0,0 +1 @@
+- To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r2.ebuild
index 77d5330688..ce1111ac7f 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r2.ebuild
@@ -142,4 +142,9 @@ src_install() {
         # Enable some sockets that aren't enabled by their own ebuilds.
         systemd_enable_service sockets.target sshd.socket
     fi
+
+    # Create a symlink for Kubernetes to redirect writes from /usr/libexec/... to /var/kubernetes/...
+    # (The below keepdir will result in a tmpfiles entry in base_image_var.conf)
+    keepdir /var/kubernetes/kubelet-plugins/volume/exec
+    dosym /var/kubernetes/kubelet-plugins/volume/exec /usr/libexec/kubernetes/kubelet-plugins/volume/exec
 }