Merge pull request #52003 from vfreex/mount-lib-modules

Automatic merge from submit-queue (batch tested with PRs 52003, 54559, 54518). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Load kernel modules automatically inside a kube-proxy pod **What this PR does / why we need it**: This change will mount `/lib/modules` on host to the kube-proxy pod, so that a kube-proxy pod can load kernel modules by need or when `modprobe <kmod>` is run inside the pod. This will be convenient for kube-proxy running in IPVS mode. Users will don't have to run `modprobe ip_vs` on nodes before starting a kube-proxy pod. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: The kube-proxy IPVS proxier will check if the kernel supports IPVS, or it will fallback to iptables or userspace modes. There is a false negative condition in the check, #51874 addressed that issue. **Release note**: ```release-note Load kernel modules automatically inside a kube-proxy pod ```
2017-10-25 11:38:36 -07:00 · 2017-10-25 11:38:36 -07:00 · ef100b12f6
parent 197a7d7f85 eeab4a60f7
commit ef100b12f6
2 changed files with 12 additions and 0 deletions
--- a/cluster/addons/kube-proxy/kube-proxy-ds.yaml
+++ b/cluster/addons/kube-proxy/kube-proxy-ds.yaml
@ -52,6 +52,9 @@ spec:
        - mountPath: /run/xtables.lock
          name: xtables-lock
          readOnly: false
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
      volumes:
      - name: varlog
        hostPath:
@ -60,4 +63,7 @@ spec:
        hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
      serviceAccountName: kube-proxy
--- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
+++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
@ -96,6 +96,9 @@ spec:
    - mountPath: /run/xtables.lock
      name: iptableslock
      readOnly: false
+    - mountPath: /lib/modules
+      name: lib-modules
+      readOnly: true
  volumes:
  - hostPath:
      path: /usr/share/ca-certificates
@ -114,3 +117,6 @@ spec:
      path: /run/xtables.lock
      type: FileOrCreate
    name: iptableslock
+  - name: lib-modules
+    hostPath:
+      path: /lib/modules