From eb2628874c197837d1849f422c3dd6f6f39e5e9c Mon Sep 17 00:00:00 2001 From: Aaron U'Ren Date: Fri, 8 Dec 2023 16:35:49 -0600 Subject: [PATCH] fix(manifests): add hostPID for hairpin This is needed because #1582 which was recently merged relies upon finding the correct veth interface via /proc/ which isn't available unless kube-router is in the same process namespace. hostPID and hostIPC was always required for DSR functionality, but now hostPID is needed for hairpin to be available. --- daemonset/generic-kuberouter-all-features-advertise-routes.yaml | 1 + daemonset/generic-kuberouter-all-features.yaml | 1 + daemonset/generic-kuberouter-only-advertise-routes.yaml | 1 + daemonset/generic-kuberouter.yaml | 1 + .../kube-router-all-service-daemonset-advertise-routes.yaml | 1 + daemonset/kube-router-all-service-daemonset.yaml | 1 + daemonset/kube-router-firewall-daemonset.yaml | 1 + daemonset/kube-router-proxy-daemonset.yaml | 1 + daemonset/kubeadm-kuberouter-all-features-hostport.yaml | 1 + daemonset/kubeadm-kuberouter-all-features.yaml | 1 + daemonset/kubeadm-kuberouter.yaml | 1 + 11 files changed, 11 insertions(+) diff --git a/daemonset/generic-kuberouter-all-features-advertise-routes.yaml b/daemonset/generic-kuberouter-all-features-advertise-routes.yaml index 157d82aa..86f133ae 100644 --- a/daemonset/generic-kuberouter-all-features-advertise-routes.yaml +++ b/daemonset/generic-kuberouter-all-features-advertise-routes.yaml @@ -143,6 +143,7 @@ spec: - name: kubeconfig mountPath: /var/lib/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/generic-kuberouter-all-features.yaml b/daemonset/generic-kuberouter-all-features.yaml index cd0e0db1..d58d10d1 100644 --- a/daemonset/generic-kuberouter-all-features.yaml +++ b/daemonset/generic-kuberouter-all-features.yaml @@ -139,6 +139,7 @@ spec: - name: kubeconfig mountPath: /var/lib/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/generic-kuberouter-only-advertise-routes.yaml b/daemonset/generic-kuberouter-only-advertise-routes.yaml index d905604b..4d593312 100644 --- a/daemonset/generic-kuberouter-only-advertise-routes.yaml +++ b/daemonset/generic-kuberouter-only-advertise-routes.yaml @@ -64,6 +64,7 @@ spec: mountPath: /run/xtables.lock readOnly: false hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/generic-kuberouter.yaml b/daemonset/generic-kuberouter.yaml index a44dd61d..8e09054e 100644 --- a/daemonset/generic-kuberouter.yaml +++ b/daemonset/generic-kuberouter.yaml @@ -109,6 +109,7 @@ spec: - mountPath: /etc/kube-router name: kube-router-cfg hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml index f519cb7d..70624d3b 100644 --- a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml +++ b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml @@ -104,6 +104,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kube-router-all-service-daemonset.yaml b/daemonset/kube-router-all-service-daemonset.yaml index cb8e9c0a..c8200524 100644 --- a/daemonset/kube-router-all-service-daemonset.yaml +++ b/daemonset/kube-router-all-service-daemonset.yaml @@ -100,6 +100,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kube-router-firewall-daemonset.yaml b/daemonset/kube-router-firewall-daemonset.yaml index a763740c..54237eab 100644 --- a/daemonset/kube-router-firewall-daemonset.yaml +++ b/daemonset/kube-router-firewall-daemonset.yaml @@ -99,6 +99,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kube-router-proxy-daemonset.yaml b/daemonset/kube-router-proxy-daemonset.yaml index 1fb44f16..bb864efd 100644 --- a/daemonset/kube-router-proxy-daemonset.yaml +++ b/daemonset/kube-router-proxy-daemonset.yaml @@ -99,6 +99,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kubeadm-kuberouter-all-features-hostport.yaml b/daemonset/kubeadm-kuberouter-all-features-hostport.yaml index 72e8b196..17eb1ea1 100644 --- a/daemonset/kubeadm-kuberouter-all-features-hostport.yaml +++ b/daemonset/kubeadm-kuberouter-all-features-hostport.yaml @@ -120,6 +120,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kubeadm-kuberouter-all-features.yaml b/daemonset/kubeadm-kuberouter-all-features.yaml index a91f8785..67767995 100644 --- a/daemonset/kubeadm-kuberouter-all-features.yaml +++ b/daemonset/kubeadm-kuberouter-all-features.yaml @@ -113,6 +113,7 @@ spec: - name: kube-router-cfg mountPath: /etc/kube-router hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists diff --git a/daemonset/kubeadm-kuberouter.yaml b/daemonset/kubeadm-kuberouter.yaml index b5df7b47..c30e1e04 100644 --- a/daemonset/kubeadm-kuberouter.yaml +++ b/daemonset/kubeadm-kuberouter.yaml @@ -112,6 +112,7 @@ spec: - mountPath: /etc/kube-router name: kube-router-cfg hostNetwork: true + hostPID: true tolerations: - effect: NoSchedule operator: Exists