Mount /run/xtables.lock as FileOrCreate in Helm chart

[kwohlfahrt]

trafficstars

What type of PR is this? bug

Which issue does this PR fix?: fixes #2840

What does this PR do / Why do we need it?: This PR updates the Helm chart, to specify that /run/xtables.lock must be mounted as a file. See the issue for why this is a problem.

Testing done on this change: Forked the chart, and applied the change. After this, no nodes got stuck in NotReady state on startup.

Will this PR introduce any new dependencies?: No

Will this break upgrades or downgrades? Has updating a running cluster been tested?: Possibly - if /run/xtables.lock has already been created as a directory, the CNI pod will fail to start. However, if this occurs, kube-proxy will also fail to start, so the node will already not be functional.

I'm not sure there is any way to avoid this potential breakage though, but am open to suggestions!

Does this change require updates to the CNI daemonset config files to work?: No

Does this PR introduce any user-facing change?: No

Always mount `/run/xtables.lock` as a file, even if it does not already exist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.