From 78749cea99a0c59b34d2758ae7e9e949c7221b6b Mon Sep 17 00:00:00 2001
From: aksjadha <aksjadha@redhat.com>
Date: Wed, 3 Jun 2026 13:35:58 +0530
Subject: [PATCH] Fix kubelet certificate wait loop in criometricsproxy.yaml
 and update init container's volumeMount to  /var/lib/kubelet

---
 .../01-arbiter-kubelet/_base/files/criometricsproxy.yaml     | 5 +++--
 .../01-master-kubelet/_base/files/criometricsproxy.yaml      | 5 +++--
 .../01-worker-kubelet/_base/files/criometricsproxy.yaml      | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml b/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml
index 8f8cae587d..ae06acd737 100644
--- a/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml
+++ b/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml
@@ -29,13 +29,14 @@ contents:
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: var-lib-kubelet
-          mountPath: "/var"
+          mountPath: "/var/lib/kubelet"
           mountPropagation: HostToContainer
+          readOnly: true
         command: ['/bin/bash', '-ec']
         args:
         - |
           echo -n "Waiting for kubelet key and certificate to be available"
-          while [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] ; do
+          while [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ] ; do
             echo -n "."
             sleep 1
             (( tries += 1 ))
diff --git a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
index 8f8cae587d..ae06acd737 100644
--- a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
+++ b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
@@ -29,13 +29,14 @@ contents:
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: var-lib-kubelet
-          mountPath: "/var"
+          mountPath: "/var/lib/kubelet"
           mountPropagation: HostToContainer
+          readOnly: true
         command: ['/bin/bash', '-ec']
         args:
         - |
           echo -n "Waiting for kubelet key and certificate to be available"
-          while [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] ; do
+          while [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ] ; do
             echo -n "."
             sleep 1
             (( tries += 1 ))
diff --git a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
index 8f8cae587d..ae06acd737 100644
--- a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
+++ b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
@@ -29,13 +29,14 @@ contents:
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: var-lib-kubelet
-          mountPath: "/var"
+          mountPath: "/var/lib/kubelet"
           mountPropagation: HostToContainer
+          readOnly: true
         command: ['/bin/bash', '-ec']
         args:
         - |
           echo -n "Waiting for kubelet key and certificate to be available"
-          while [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] ; do
+          while [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ] ; do
             echo -n "."
             sleep 1
             (( tries += 1 ))