canal should mount xtables.lock to share the lock with other processes like kube-proxy
This commit is contained in:
parent
f876c89081
commit
ac4ef719cc
1 changed files with 7 additions and 0 deletions
|
@ -51,6 +51,10 @@ spec:
|
||||||
- name: "canal-certs"
|
- name: "canal-certs"
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "{{ canal_cert_dir }}"
|
path: "{{ canal_cert_dir }}"
|
||||||
|
- name: xtables-lock
|
||||||
|
hostPath:
|
||||||
|
path: /run/xtables.lock
|
||||||
|
type: FileOrCreate
|
||||||
containers:
|
containers:
|
||||||
# Runs the flannel daemon to enable vxlan networking between
|
# Runs the flannel daemon to enable vxlan networking between
|
||||||
# container hosts.
|
# container hosts.
|
||||||
|
@ -128,6 +132,9 @@ spec:
|
||||||
- name: "canal-certs"
|
- name: "canal-certs"
|
||||||
mountPath: "{{ canal_cert_dir }}"
|
mountPath: "{{ canal_cert_dir }}"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: xtables-lock
|
||||||
|
mountPath: /run/xtables.lock
|
||||||
|
readOnly: false
|
||||||
# Runs calico/node container on each Kubernetes node. This
|
# Runs calico/node container on each Kubernetes node. This
|
||||||
# container programs network policy and local routes on each
|
# container programs network policy and local routes on each
|
||||||
# host.
|
# host.
|
||||||
|
|
Loading…
Reference in a new issue