commit 0fa831afd0035e324739354a7929d2345bced4c4
author Hyunsun Moon <hyunsun@opennetworking.org> Fri Sep 27 18:01:26 2019 -0500
committer Hyunsun Moon <hyunsun@opennetworking.org> Wed Oct 02 18:20:10 2019 -0700
tree c9afdddf0114134ff4ae318d7515e8b90ae2fce1
parent 7a707fe6318e240519559d5e2c36afd41105a9c2

COMAC-193 Load nf_conntrack_proto_sctp module for comac CU

Change-Id: I462e104e025e9474328afb30e71ffba1d6b16edd

comac-cu/templates/statefulset-accelleran.yaml

diff --git a/comac-cu/templates/statefulset-accelleran.yaml b/comac-cu/templates/statefulset-accelleran.yaml
index f0a88f0..71f22dd 100644
--- a/comac-cu/templates/statefulset-accelleran.yaml
+++ b/comac-cu/templates/statefulset-accelleran.yaml
@@ -31,17 +31,23 @@
       labels:
         app: {{ .Values.cu.name }}
     spec:
+      terminationGracePeriodSeconds: 1
       initContainers:
-      - name: init-iptables
+      - name: cu-init
         image: {{ .Values.cu.accelleran.images.init }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
         command: [ "sh", "-c"]
         args:
-        - iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
-        securityContext:
-          capabilities:
-            add:
-              - NET_ADMIN
-      terminationGracePeriodSeconds: 1
+        - >
+          iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
+          if chroot /mnt/host-rootfs modinfo nf_conntrack_proto_sctp > /dev/null 2>&1; then \
+              chroot /mnt/host-rootfs modprobe nf_conntrack_proto_sctp; \
+          fi; \
+        volumeMounts:
+        - name: host-rootfs
+          mountPath: /mnt/host-rootfs
       containers:
       - name: nats
         image: {{ .Values.cu.accelleran.images.nats }}
@@ -127,3 +133,6 @@
             items:
               - key: bootstrap.txt
                 path: bootstrap.txt
+        - name: host-rootfs
+          hostPath:
+            path: /