From 9b8d73061c2bd6a188880e07c39e61ab620fe8ab Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Wed, 20 Sep 2023 13:56:39 +0200
Subject: [PATCH] Create xtables.lock as a file if it doesn't already exist

Default host path mounts create a directory if the mounted path
doesn't correspond to anything, which ends up breaking iptables. This
fixes that by ensuring that xtables.lock is created as a file if it
doesn't already exist; subsequent invocations of iptables on the host
(if any) will then be able to use the new file for locking.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
---
 controllers/submariner/globalnet_resources.go   | 2 +-
 controllers/submariner/route_agent_resources.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/submariner/globalnet_resources.go b/controllers/submariner/globalnet_resources.go
index 01885e4f9..858c9f1d4 100644
--- a/controllers/submariner/globalnet_resources.go
+++ b/controllers/submariner/globalnet_resources.go
@@ -72,7 +72,7 @@ func newGlobalnetDaemonSet(cr *v1alpha1.Submariner, name string) *appsv1.DaemonS
 				Spec: corev1.PodSpec{
 					Volumes: []corev1.Volume{
 						{Name: "host-run-xtables-lock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{
-							Path: "/run/xtables.lock",
+							Path: "/run/xtables.lock", Type: ptr.To(corev1.HostPathFileOrCreate),
 						}}},
 					},
 					Containers: []corev1.Container{
diff --git a/controllers/submariner/route_agent_resources.go b/controllers/submariner/route_agent_resources.go
index c8bc344fb..809428fc8 100644
--- a/controllers/submariner/route_agent_resources.go
+++ b/controllers/submariner/route_agent_resources.go
@@ -75,7 +75,7 @@ func newRouteAgentDaemonSet(cr *v1alpha1.Submariner, name string) *appsv1.Daemon
 					Volumes: []corev1.Volume{
 						// We need to share /run/xtables.lock with the host for iptables
 						{Name: "host-run-xtables-lock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{
-							Path: "/run/xtables.lock",
+							Path: "/run/xtables.lock", Type: ptr.To(corev1.HostPathFileOrCreate),
 						}}},
 						// We need to share /run/openvswitch/db.sock with the host for OVS
 						{Name: "host-run-openvswitch-db-sock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{