canal should mount xtables.lock to share the lock with other processes like kube-proxy

This commit is contained in:
Fernando Crespo Grávalos 2018-08-29 11:42:11 +02:00 committed by Fernando Crespo
parent f876c89081
commit ac4ef719cc

View file

@ -51,6 +51,10 @@ spec:
- name: "canal-certs" - name: "canal-certs"
hostPath: hostPath:
path: "{{ canal_cert_dir }}" path: "{{ canal_cert_dir }}"
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
containers: containers:
# Runs the flannel daemon to enable vxlan networking between # Runs the flannel daemon to enable vxlan networking between
# container hosts. # container hosts.
@ -128,6 +132,9 @@ spec:
- name: "canal-certs" - name: "canal-certs"
mountPath: "{{ canal_cert_dir }}" mountPath: "{{ canal_cert_dir }}"
readOnly: true readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
# Runs calico/node container on each Kubernetes node. This # Runs calico/node container on each Kubernetes node. This
# container programs network policy and local routes on each # container programs network policy and local routes on each
# host. # host.