canal should mount xtables.lock to share the lock with other processes like kube-proxy
parent
f876c89081
commit
ac4ef719cc
|
@ -51,6 +51,10 @@ spec:
|
|||
- name: "canal-certs"
|
||||
hostPath:
|
||||
path: "{{ canal_cert_dir }}"
|
||||
- name: xtables-lock
|
||||
hostPath:
|
||||
path: /run/xtables.lock
|
||||
type: FileOrCreate
|
||||
containers:
|
||||
# Runs the flannel daemon to enable vxlan networking between
|
||||
# container hosts.
|
||||
|
@ -128,6 +132,9 @@ spec:
|
|||
- name: "canal-certs"
|
||||
mountPath: "{{ canal_cert_dir }}"
|
||||
readOnly: true
|
||||
- name: xtables-lock
|
||||
mountPath: /run/xtables.lock
|
||||
readOnly: false
|
||||
# Runs calico/node container on each Kubernetes node. This
|
||||
# container programs network policy and local routes on each
|
||||
# host.
|
||||
|
|
Loading…
Reference in New Issue