Kubernetes support: To work by default, ship a symlink in /usr/libexec

[pothos]

Current situation

Kubernetes tries to write files to /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ which fails on Flatcar.
Workarounds were bind mounts or a sysext with a symlink.

Impact

Does not work by default.

Ideal future situation

/usr/libexec/kubernetes/kubelet-plugins/volume/exec is a symlink to /var/kubernetes/kubelet-plugins/volume/exec in the generic image. A tmpfile rule creates the symlink during image build time and also the target at runtime.

[pothos]

PR: flatcar/scripts#1238

[tormath1]

with this we might be able to get rid of https://github.com/flatcar/mantle/blob/fbb5dee5e8e610cec56e7040c74bf2c6c1e3096a/kola/tests/kubeadm/templates.go#L365

[till]

@pothos How would I use your workaround for my setup (now)? I need to move /usr/libexec/k0s somewhere where it's writable.

[pothos]

You can ship the symlink with a systemd-sysext folder (or .raw image) like done here https://github.com/flatcar/sysext-bakery/blob/main/create_kubernetes_sysext.sh#L85
Easiest is to create a folder /etc/extensions/k8s-compat/usr/… with the symlink in it and add that os-release file, too. Then create the target folder under /var and run systemd-sysext refresh.

[till]

@pothos is there a way without using systemd-sysext? I didn't want to go down that rabbithole 🐇 🕳️ right now