Merge pull request kubernetes-sigs#977 from BenTheElder/xtables-lock

mount xtables lock file and lib/modules in kindnetd
iguoyr · Oct 21, 2019 · 3fbac93 · 3fbac93
2 parents 35fab05 + 284323a
commit 3fbac93
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/pkg/build/node/cni.go b/pkg/build/node/cni.go
@@ -51,6 +51,8 @@ spec:
     - hostPath
   allowedHostPaths:
     - pathPrefix: "/etc/cni/net.d"
+    - pathPrefix: "/run"
+    - pathPrefix: "/lib"
   readOnlyRootFilesystem: false
   # Users and groups
   runAsUser:
@@ -159,6 +161,12 @@ spec:
         volumeMounts:
         - name: cni-cfg
           mountPath: /etc/cni/net.d
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
+          readOnly: false
+        - name: lib-modules
+          mountPath: /lib/modules
+          readOnly: true
         resources:
           requests:
             cpu: "100m"
@@ -171,8 +179,15 @@ spec:
           capabilities:
             add: ["NET_RAW", "NET_ADMIN"]
       volumes:
-        - name: cni-cfg
-          hostPath:
-            path: /etc/cni/net.d
+      - name: cni-cfg
+        hostPath:
+          path: /etc/cni/net.d
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
 ---
 `