Merge pull request #4742 from justinsb/mount_xtables_lockfile

Mount the iptables lock file
kubernetes · Mar 21, 2018 · 5c7f974 · 5c7f974
2 parents efcae92 + e93d88e
commit 5c7f974
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/nodeup/pkg/model/kube_proxy.go b/nodeup/pkg/model/kube_proxy.go
@@ -217,6 +217,19 @@ func (b *KubeProxyBuilder) buildPod() (*v1.Pod, error) {
 		addHostPathMapping(pod, container, "etchosts", "/etc/hosts")
 	}
 
+	// Mount the iptables lock file
+	if b.IsKubernetesGTE("1.9") {
+		addHostPathMapping(pod, container, "iptableslock", "/run/xtables.lock").ReadOnly = false
+
+		vol := pod.Spec.Volumes[len(pod.Spec.Volumes)-1]
+		if vol.Name != "iptableslock" {
+			// Sanity check
+			glog.Fatalf("expected volume to be last volume added")
+		}
+		hostPathType := v1.HostPathFileOrCreate
+		vol.HostPath.Type = &hostPathType
+	}
+
 	pod.Spec.Containers = append(pod.Spec.Containers, *container)
 
 	// Note that e.g. kubeadm has this as a daemonset, but this doesn't have a lot of test coverage AFAICT