Merge pull request kubernetes#46372 from cmluciano/cml/updateproxykub…

…eadm Automatic merge from submit-queue (batch tested with PRs 47084, 46016, 46372) Enable iptables -w in kubeadm selfhosted Currently containerized kube-proxy cannot support iptables -w unless the xtables.lock is mounted. Related: kubernetes#46103 Signed-off-by: Christopher M. Luciano <[email protected]> **Special notes for your reviewer**: - I need to figure out how to do some pre-setup to touch the file if it does not exist. **Release note**: ``` support iptables -w in kubeadm containerized kube-proxy ```
cloud-architecture · Jun 13, 2017 · 0a1b7d9 · 0a1b7d9
2 parents 03c5fd4 + 289c37a
commit 0a1b7d9
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/cmd/kubeadm/app/phases/addons/manifests.go b/cmd/kubeadm/app/phases/addons/manifests.go
@@ -72,11 +72,15 @@ spec:
         - /usr/local/bin/kube-proxy
         - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
         {{ .ClusterCIDR }}
-        securityContext:
-          privileged: true
         volumeMounts:
         - mountPath: /var/lib/kube-proxy
           name: kube-proxy
+        # TODO: Make this a file hostpath mount
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+          readOnly: false
+      securityContext:
+        privileged: true
       hostNetwork: true
       serviceAccountName: kube-proxy
       # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
@@ -87,6 +91,9 @@ spec:
       - name: kube-proxy
         configMap:
           name: kube-proxy
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
 `
 
 	KubeDNSVersion = "1.14.2"