Load kernel modules automatically inside a kube-proxy pod

This change will mount `/lib/modules` on host to the kube-proxy pod, so that a kube-proxy pod can load kernel modules by need or when `modprobe <kmod>` is run inside the pod. This will be convenient for kube-proxy running in IPVS mode. Users will don't have to run `modprobe ip_vs` on nodes before starting a kube-proxy pod.
2025-07-29 14:37:00 +00:00 · 2017-09-06 13:38:40 +08:00 · 2017-09-06 13:38:40 +08:00 · eeab4a60f7
commit eeab4a60f7
parent 5d8046e482
2 changed files with 12 additions and 0 deletions
--- a/cluster/addons/kube-proxy/kube-proxy-ds.yaml
+++ b/cluster/addons/kube-proxy/kube-proxy-ds.yaml
@ -53,6 +53,9 @@ spec:
        - mountPath: /run/xtables.lock
          name: xtables-lock
          readOnly: false
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
      volumes:
      - name: varlog
        hostPath:
@ -64,4 +67,7 @@ spec:
        hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
      serviceAccountName: kube-proxy
--- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
+++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
@ -96,6 +96,9 @@ spec:
    - mountPath: /run/xtables.lock
      name: iptableslock
      readOnly: false
+    - mountPath: /lib/modules
+      name: lib-modules
+      readOnly: true
  volumes:
  - hostPath:
      path: /usr/share/ca-certificates
@ -114,3 +117,6 @@ spec:
      path: /run/xtables.lock
      type: FileOrCreate
    name: iptableslock
+  - name: lib-modules
+    hostPath:
+      path: /lib/modules