Merge pull request #46372 from cmluciano/cml/updateproxykubeadm

Automatic merge from submit-queue (batch tested with PRs 47084, 46016, 46372) Enable iptables -w in kubeadm selfhosted Currently containerized kube-proxy cannot support iptables -w unless the xtables.lock is mounted. Related: #46103 Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com> **Special notes for your reviewer**: - I need to figure out how to do some pre-setup to touch the file if it does not exist. **Release note**: ``` support iptables -w in kubeadm containerized kube-proxy ```
2017-06-13 16:53:43 -07:00 · 2017-06-13 16:53:43 -07:00 · 0a1b7d94b4
parent 03c5fd4b2a 289c37ae21
commit 0a1b7d94b4
1 changed files with 9 additions and 2 deletions
--- a/cmd/kubeadm/app/phases/addons/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/manifests.go
@ -72,11 +72,15 @@ spec:
        - /usr/local/bin/kube-proxy
        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
        {{ .ClusterCIDR }}
-        securityContext:
-          privileged: true
        volumeMounts:
        - mountPath: /var/lib/kube-proxy
          name: kube-proxy
+        # TODO: Make this a file hostpath mount
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+          readOnly: false
+      securityContext:
+        privileged: true
      hostNetwork: true
      serviceAccountName: kube-proxy
      # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
@ -87,6 +91,9 @@ spec:
      - name: kube-proxy
        configMap:
          name: kube-proxy
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
 `

 	KubeDNSVersion = "1.14.2"