From 34f43d21e3635a35d5855ddcb189a34008e8bb1b Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Mon, 9 Feb 2026 02:01:09 +0000
Subject: [PATCH] Revert "kubelet: conditionalize staticPodPath location
 (#12433)" (#12970)

* Revert "kubelet: conditionalize staticPodPath location (#12433)"

This reverts commit 082507cff2cb3762b5b073f3c84610d547be26dd.

* Add kubelet_static_pod_path to removed variables
---
 docs/operations/hardening.md                                  | 2 --
 roles/kubernetes/node/defaults/main.yml                       | 3 ---
 .../kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2  | 2 +-
 roles/validate_inventory/tasks/main.yml                       | 4 +++-
 4 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/docs/operations/hardening.md b/docs/operations/hardening.md
index 55a3b312b..f84793128 100644
--- a/docs/operations/hardening.md
+++ b/docs/operations/hardening.md
@@ -100,8 +100,6 @@ kubelet_make_iptables_util_chains: true
 kubelet_feature_gates: ["RotateKubeletServerCertificate=true"]
 kubelet_seccomp_default: true
 kubelet_systemd_hardening: true
-# To disable kubelet's staticPodPath (for nodes that don't use static pods like worker nodes)
-kubelet_static_pod_path: ""
 # In case you have multiple interfaces in your
 # control plane nodes and you want to specify the right
 # IP addresses, kubelet_secure_addresses allows you
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 378788f43..863f06523 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -180,9 +180,6 @@ kube_proxy_ipvs_modules:
   - ip_vs_wlc
   - ip_vs_lc
 
-# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md)
-kubelet_static_pod_path: "{{ kube_manifest_dir }}"
-
 ## Enable distributed tracing for kubelet
 kubelet_tracing: false
 kubelet_tracing_endpoint: "[::]:4317"
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 8ad76b552..6035611c8 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -22,7 +22,7 @@ enforceNodeAllocatable:
 - {{ item }}
 {% endfor %}
 {% endif %}
-staticPodPath: "{{ kubelet_static_pod_path }}"
+staticPodPath: {{ kube_manifest_dir }}
 cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }}
 containerLogMaxFiles: {{ kubelet_logfiles_max_nr }}
 containerLogMaxSize: {{ kubelet_logfiles_max_size }}
diff --git a/roles/validate_inventory/tasks/main.yml b/roles/validate_inventory/tasks/main.yml
index e8a818be5..e570a349b 100644
--- a/roles/validate_inventory/tasks/main.yml
+++ b/roles/validate_inventory/tasks/main.yml
@@ -8,7 +8,9 @@
 # should be in roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
 - name: Fail if removed variables are used
   vars:
-    removed_vars: []
+    # Always remove items from this list after the release in comments
+    removed_vars:
+      - kubelet_static_pod_path # 2.31.0
     removed_vars_found: "{{ query('varnames', '^' + (removed_vars | join('|')) + '$') }}"
   assert:
     that: removed_vars_found | length == 0