Merge pull request #46372 from cmluciano/cml/updateproxykubeadm

Automatic merge from submit-queue (batch tested with PRs 47084, 46016, 46372)

Enable iptables -w in kubeadm selfhosted

Currently containerized kube-proxy cannot support iptables -w
unless the xtables.lock is mounted.

Related: #46103

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>

**Special notes for your reviewer**:
- I need to figure out how to do some pre-setup to touch the file if it does not exist.
**Release note**:
```
support iptables -w in kubeadm containerized kube-proxy
```

cmd/kubeadm/app/phases/addons/manifests.go

@@ -72,11 +72,15 @@ spec:
         - /usr/local/bin/kube-proxy
         - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
         {{ .ClusterCIDR }}
-        securityContext:
-          privileged: true
         volumeMounts:
         - mountPath: /var/lib/kube-proxy
           name: kube-proxy
+        # TODO: Make this a file hostpath mount
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+          readOnly: false
+      securityContext:
+        privileged: true
       hostNetwork: true
       serviceAccountName: kube-proxy
       # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
@@ -87,6 +91,9 @@ spec:
       - name: kube-proxy
         configMap:
           name: kube-proxy
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
 `
 
 	KubeDNSVersion = "1.14.2"