Calico plugin deployment fails with Atomic image.

Deployment details:
template:
cluster_distro: fedora-atomic
network_driver: calico
image:
Fedora-Atomic-27-2018041
labels:
{'kube_tag': 'v1.15.4', 'kube_allow_priv': 'true', 'ingress': 'nginx', 'tiller_enabled': 'true', 'tiller_tag': 'v2.13.1'} |

Issue:

The calico deployment fails and I see the following in the system logs:

Unable to update cni config: No networks found in /etc/cni/net.d
Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

The directory /etc/cni/net.d is empty.

When I try to deploy calico manually with the following commands:
CALICO_DEPLOY=/srv/magnum/kubernetes/manifests/calico-deploy.yaml
/usr/local/bin/kubectl apply -f ${CALICO_DEPLOY} --namespace=kube-system

I get the following:
The DaemonSet "calico-node" is invalid: spec.template.spec.containers[0].securityContext.privileged: Forbidden: disallowed by cluster policy

I believe this is caused by missing --allow-privileged=true flag in kube apiserver config.

This is a workaround that fixed it for me, along with label: 'kube_allow_priv': 'true':

--- /usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh.orig 2019-09-24 21:13:02.947882594 +0000
+++ /usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh 2019-09-24 21:13:16.291766370 +0000
@@ -60,7 +60,7 @@

-KUBE_API_ARGS="--runtime-config=api/all=true"
+KUBE_API_ARGS="--runtime-config=api/all=true --allow-privileged=$KUBE_ALLOW_PRIV"

Not sure if I missed any config options but I could not find if the flag was added anywhere else.

Henro