Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
---
recipes-containers/k3s/k3s_git.bb | 4 ++++
recipes-kernel/linux/linux-yocto/kubernetes.cfg | 8 ++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index e341ad7..4e1cf64 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -96,6 +96,10 @@ RRECOMMENDS:${PN} = "\
kernel-module-vxlan \
kernel-module-xt-masquerade \
kernel-module-xt-statistic \
+ kernel-module-xt-physdev \
+ kernel-module-xt-nflog \
+ kernel-module-xt-limit \
+ kernel-module-nfnetlink-log \
"
RCONFLICTS:${PN} = "kubectl"
diff --git a/recipes-kernel/linux/linux-yocto/kubernetes.cfg b/recipes-kernel/linux/linux-yocto/kubernetes.cfg
index 2d4e1f5..84fa8c5 100644
--- a/recipes-kernel/linux/linux-yocto/kubernetes.cfg
+++ b/recipes-kernel/linux/linux-yocto/kubernetes.cfg
@@ -13,9 +13,14 @@ CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_RR=m
+CONFIG_NETFILTER_NETLINK_LOG=m
+CONFIG_NETFILTER_XT_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
-CONFIG_NETFILTER_XT_CONNMARK=m
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_TARGET_NFLOG=m
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NAMESPACES=y
CONFIG_NET_NS=y
CONFIG_PID_NS=y
@@ -32,4 +37,3 @@ CONFIG_MEMCG=y
CONFIG_INET=y
CONFIG_EXT4_FS=y
CONFIG_PROC_FS=y
-CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
--
2.25.1