Add iptables lock-file mount to kube-proxy manifest

2025-07-29 14:37:00 +00:00 · 2017-05-22 18:41:38 -07:00 · 2017-05-22 18:41:38 -07:00 · 6a380e8831
commit 6a380e8831
parent 3fdf6c3d14
1 changed files with 19 additions and 0 deletions
--- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
+++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
@ -54,6 +54,16 @@ metadata:
    component: kube-proxy
 spec:
  hostNetwork: true
+  initContainers:
+  - name: touch-lock
+    image: busybox
+    command: ['/bin/touch', '/run/xtables.lock']
+    securityContext:
+      privileged: true
+    volumeMounts:
+    - mountPath: /run
+      name: run
+      readOnly: false
  containers:
  - name: kube-proxy
    image: {{pillar['kube_docker_registry']}}/kube-proxy:{{pillar['kube-proxy_docker_tag']}}
@ -80,6 +90,9 @@ spec:
    - mountPath: /var/lib/kube-proxy/kubeconfig
      name: kubeconfig
      readOnly: false
+    - mountPath: /run/xtables.lock
+      name: iptableslock
+      readOnly: false
  volumes:
  - hostPath:
      path: /usr/share/ca-certificates
@ -93,3 +106,9 @@ spec:
  - hostPath:
      path: /var/log
    name: varlog
+  - hostPath:
+      path: /run
+    name: run
+  - hostPath:
+      path: /run/xtables.lock
+    name: iptableslock