Mount /run/xtables.lock in flannel Daemonset

* Mount xtables.lock (like Calico and Cilium) since iptables may be called by other processes (kube-proxy)
2026-01-27 18:20:40 +00:00 · 2020-07-17 14:23:44 +02:00
parent f2dd897d67
commit 016d4ebd0c
2 changed files with 14 additions and 0 deletions
--- a/resources/flannel/daemonset.yaml
+++ b/resources/flannel/daemonset.yaml
@@ -75,6 +75,8 @@ spec:
              mountPath: /etc/kube-flannel/
            - name: run-flannel
              mountPath: /run/flannel
+            - name: xtables-lock
+              mountPath: /run/xtables.lock
      volumes:
        - name: flannel-config
          configMap:
@@ -89,3 +91,8 @@ spec:
        - name: cni-conf-dir
          hostPath:
            path: /etc/kubernetes/cni/net.d
+        # Access iptables concurrently
+        - name: xtables-lock
+          hostPath:
+            type: FileOrCreate
+            path: /run/xtables.lock
--- a/resources/manifests/kube-proxy.yaml
+++ b/resources/manifests/kube-proxy.yaml
@@ -74,6 +74,8 @@ spec:
        - name: ssl-certs-host
          mountPath: /etc/ssl/certs
          readOnly: true
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
      volumes:
      - name: kubeconfig
        configMap:
@@ -84,3 +86,8 @@ spec:
      - name: ssl-certs-host
        hostPath:
          path: ${trusted_certs_dir}
+      # Access iptables concurrently
+      - name: xtables-lock
+        hostPath:
+          type: FileOrCreate
+          path: /run/xtables.lock