From 9611b112eb2bf3eed3a61c947b24406f5d7f19c8 Mon Sep 17 00:00:00 2001
From: Pavithra Ramesh <pavithrar@google.com>
Date: Thu, 24 Jan 2019 13:21:06 -0800
Subject: [PATCH] Add xtables.lock file to mounts

nodelocaldns needs to use the same iptables lock file to avoid
contention with other entities modifying iptables rules.
---
 cluster/addons/dns/nodelocaldns/nodelocaldns.yaml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
index cbdd8e92518..8a43559ea6f 100644
--- a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
+++ b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
@@ -136,12 +136,19 @@ spec:
           initialDelaySeconds: 60
           timeoutSeconds: 5
         volumeMounts:
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+          readOnly: false
         - name: config-volume
           mountPath: /etc/coredns
       volumes:
-        - name: config-volume
-          configMap:
-            name: node-local-dns
-            items:
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+      - name: config-volume
+        configMap:
+          name: node-local-dns
+          items:
             - key: Corefile
               path: Corefile