Skip to content

Commit f9c51a3

Browse files
OrangeBaoOrangeBao
committed
fix: cannot create iptable chain in some environment
Signed-off-by: OrangeBao <[email protected]>
1 parent 99bf98a commit f9c51a3

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

deploy/clusterlink-agent.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,12 @@ spec:
4646
- mountPath: /etc/clusterlink/kubeconfig
4747
name: proxy-config
4848
readOnly: true
49+
- mountPath: /run/xtables.lock
50+
name: iptableslock
51+
readOnly: false
52+
- mountPath: /lib/modules
53+
name: lib-modules
54+
readOnly: true
4955
terminationGracePeriodSeconds: 30
5056
securityContext:
5157
privileged: true
@@ -55,3 +61,12 @@ spec:
5561
configMap:
5662
defaultMode: 420
5763
name: proxy-config
64+
- hostPath:
65+
path: /run/xtables.lock
66+
type: FileOrCreate
67+
name: iptableslock
68+
- name: lib-modules
69+
hostPath:
70+
path: /lib/modules
71+
72+

pkg/operator/clusterlink/agent/manifests.go

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,13 +56,25 @@ spec:
5656
- mountPath: /etc/clusterlink
5757
name: proxy-config
5858
readOnly: true
59+
- mountPath: /run/xtables.lock
60+
name: iptableslock
61+
readOnly: false
62+
- mountPath: /lib/modules
63+
name: lib-modules
64+
readOnly: true
5965
terminationGracePeriodSeconds: 30
6066
hostNetwork: true
6167
volumes:
6268
- name: proxy-config
6369
secret:
6470
secretName: {{ .ProxyConfigMapName }}
65-
71+
- hostPath:
72+
path: /run/xtables.lock
73+
type: FileOrCreate
74+
name: iptableslock
75+
- name: lib-modules
76+
hostPath:
77+
path: /lib/modules
6678
`
6779

6880
// DaemonSetReplace is a struct to help to concrete

0 commit comments

Comments
 (0)