Enable iptables -w in kubeadm selfhosted

Currently containerized kube-proxy cannot support iptables -w unless the xtables.lock is mounted. Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2025-07-30 15:05:27 +00:00 · 2017-05-24 14:38:28 -04:00 · 2017-05-24 14:38:28 -04:00 · 289c37ae21
commit 289c37ae21
parent 695d438508
1 changed files with 9 additions and 2 deletions
--- a/cmd/kubeadm/app/phases/addons/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/manifests.go
@ -72,11 +72,15 @@ spec:
        - /usr/local/bin/kube-proxy
        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
        {{ .ClusterCIDR }}
-        securityContext:
-          privileged: true
        volumeMounts:
        - mountPath: /var/lib/kube-proxy
          name: kube-proxy
+        # TODO: Make this a file hostpath mount
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+          readOnly: false
+      securityContext:
+        privileged: true
      hostNetwork: true
      serviceAccountName: kube-proxy
      # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
@ -87,6 +91,9 @@ spec:
      - name: kube-proxy
        configMap:
          name: kube-proxy
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
 `

 	KubeDNSVersion = "1.14.2"