Make Kubernetes work with read-only root This makes Kubernetes work with a read-only root. There's two places where they hardcode paths: One is the DeviceManager socket path (/var/lib/kubelet/device-plugins/kubelet.sock), that one is easy to fix because KubeletRootDir is available one scope above. The other one is the pod logs dir which is too far removed from the main Kubelet config, so I just changed their hardcoded path to ours. The first patch should be upstreamable, for the second one we'd need to take a different approach to upstream. Test Plan: Should be covered by existing E2E tests. X-Origin-Diff: phab/D693 GitOrigin-RevId: 4606ab228a24bd4a0274f8e3156123710a59f2aa

commit: 842536b10bd1b11e62317940feef215442a8ecb4 [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Tue Jan 26 13:54:57 2021 +0100
committer: Lorenz Brun <lorenz@nexantic.com> Tue Jan 26 13:54:57 2021 +0100
tree: 264906157b5cd51ef39e952326b85da48b5bbb5b
parent: f12bedfa4cd144c3abc4deac58405067d55f9c87 [diff]
diff --git a/build/fietsje/deps_kubernetes.go b/build/fietsje/deps_kubernetes.go
index 13b425d..c6e24d1 100644
--- a/build/fietsje/deps_kubernetes.go
+++ b/build/fietsje/deps_kubernetes.go

@@ -30,6 +30,8 @@
 		),
 		prePatches(
 			"k8s-e2e-tests-providerless.patch",
+			"k8s-fix-paths.patch",
+			"k8s-fix-logs-path.patch",
 		),
 	).inject(
 		// repo infra, not requested by k8s, but used with bazel
commit	842536b10bd1b11e62317940feef215442a8ecb4	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Tue Jan 26 13:54:57 2021 +0100
committer	Lorenz Brun <lorenz@nexantic.com>	Tue Jan 26 13:54:57 2021 +0100
tree	264906157b5cd51ef39e952326b85da48b5bbb5b
parent	f12bedfa4cd144c3abc4deac58405067d55f9c87 [diff]