canal should mount xtables.lock to share the lock with other processes like kube-proxy

pull/3191/head
Fernando Crespo Grávalos 2018-08-29 11:42:11 +02:00 committed by Fernando Crespo
parent f876c89081
commit ac4ef719cc
1 changed files with 7 additions and 0 deletions

View File

@ -51,6 +51,10 @@ spec:
- name: "canal-certs"
hostPath:
path: "{{ canal_cert_dir }}"
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
containers:
# Runs the flannel daemon to enable vxlan networking between
# container hosts.
@ -128,6 +132,9 @@ spec:
- name: "canal-certs"
mountPath: "{{ canal_cert_dir }}"
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and local routes on each
# host.