search

cybozu-go / coil

CNI plugin for Kubernetes designed for scalability and extensibility
Apache License 2.0
164 stars 20 forks source link

egress: mount emptyDir on /run in egress pods #141

Closed ymmt2005 closed 3 years ago

ymmt2005 commented 3 years ago

coil-egress uses iptables which locks /run/xtables.lock file. Until iptables version 1.6.2, the lock was optional.

However, iptables now requires the successful lock of the file, so we should mount an emptyDir on /run directory.