manifests: cilium: Allow to manage kernel modules

This change add the /lib/modules volume and SYS_MODULE capability which allow Cilium to manage kernel modules. Fixes: bsc#1136406 Signed-off-by: Michal Rostecki <[email protected]>
SUSE · Jun 18, 2019 · e96f703 · e96f703
1 parent 05ec602
commit e96f703
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/pkg/skuba/actions/cluster/init/manifests.go b/pkg/skuba/actions/cluster/init/manifests.go
@@ -413,10 +413,14 @@ spec:
             readOnly: true
           - name: cilium-etcd-secret-mount
             mountPath: /tmp/cilium-etcd
+          - name: lib-modules
+            mountPath: /lib/modules
+            readOnly: true
         securityContext:
           capabilities:
             add:
               - "NET_ADMIN"
+              - "SYS_MODULE"
           privileged: true
       hostNetwork: true
       volumes:
@@ -436,7 +440,11 @@ spec:
           # To install cilium cni configuration in the host
         - name: host-cni-conf
           hostPath:
-              path: /etc/cni/net.d
+            path: /etc/cni/net.d
+          # To be able to load kernel modules
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
           # To read the etcd config stored in config maps
         - name: etcd-config-path
           configMap: