From b4af71310946f0096b2dc2eed0671c532a9c8f75 Mon Sep 17 00:00:00 2001
From: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
Date: Fri, 2 Dec 2022 13:25:15 -0500
Subject: [PATCH] Remove KUBE_ALLOW_PRIV from kubelet.service

KUBE_ALLOW_PRIV results in trying to run kubelet with the
"--allow-privileged=true" flag, which has not been supported by
kubelet since K8s 1.15 that in turn causes the kubelet to error out.

Default kubelet.service contains KUBE_ALLOW_PRIV invalid setting due
to the fact that the upstream kubernetes-contrib package hasn't been
updated in years.

This change removes KUBE_ALLOW_PRIV from kubelet.service in the
kubernetes-unversioned package.

Closes-Bug: 1998629

Test-plan:
PASS - Install AIO-SX and ensure that
       /lib/systemd/system/kubelet.service doesn't contain
       "$KUBE_ALLOW_PRIV"

Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
Change-Id: Ide0f9c8db180908cc9c6528f474214966655be95
---
 ...KUBE_ALLOW_PRIV-from-kubelet-service.patch | 25 +++++++++++++++++++
 .../debian/deb_folder/patches/series          |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 kubernetes/kubernetes-unversioned/debian/deb_folder/patches/Remove-KUBE_ALLOW_PRIV-from-kubelet-service.patch

diff --git a/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/Remove-KUBE_ALLOW_PRIV-from-kubelet-service.patch b/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/Remove-KUBE_ALLOW_PRIV-from-kubelet-service.patch
new file mode 100644
index 000000000..8a0d80d3b
--- /dev/null
+++ b/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/Remove-KUBE_ALLOW_PRIV-from-kubelet-service.patch
@@ -0,0 +1,25 @@
+From c7f3a7c54c3fc5bbf8708e98e4cef145eaeb6983 Mon Sep 17 00:00:00 2001
+From: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
+Date: Fri, 2 Dec 2022 18:55:34 +0530
+Subject: [PATCH] Remove KUBE_ALLOW_PRIV from kubelet service
+
+Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
+---
+ init/systemd/kubelet.service | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/init/systemd/kubelet.service b/init/systemd/kubelet.service
+index 1082bba..5808312 100644
+--- a/init/systemd/kubelet.service
++++ b/init/systemd/kubelet.service
+@@ -15,7 +15,6 @@ ExecStart=/usr/bin/kubelet \
+ 	    $KUBELET_ADDRESS \
+ 	    $KUBELET_PORT \
+ 	    $KUBELET_HOSTNAME \
+-	    $KUBE_ALLOW_PRIV \
+ 	    $KUBELET_ARGS
+ Restart=on-failure
+ KillMode=process
+-- 
+2.17.1
+
diff --git a/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/series b/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/series
index eb4803e41..6e5f0e3a7 100644
--- a/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/series
+++ b/kubernetes/kubernetes-unversioned/debian/deb_folder/patches/series
@@ -1 +1,2 @@
 kubelet-service-remove-docker-dependency.patch
+Remove-KUBE_ALLOW_PRIV-from-kubelet-service.patch