Skip to content

fix: add iptables kernel module MachineConfig for Kagenti proxy-init#103

Draft
usize wants to merge 1 commit intosallyom:mainfrom
usize:fix/iptables-kernel-modules
Draft

fix: add iptables kernel module MachineConfig for Kagenti proxy-init#103
usize wants to merge 1 commit intosallyom:mainfrom
usize:fix/iptables-kernel-modules

Conversation

@usize
Copy link
Copy Markdown

@usize usize commented Apr 6, 2026

Summary

  • Adds a MachineConfig (99-worker-kagenti-iptables-modules) to setup-kagenti.sh that loads xt_mark, xt_owner, and xt_REDIRECT kernel modules on RHCOS 9 worker nodes
  • These modules are required by the Kagenti proxy-init init container which uses iptables-nft
  • Adds --skip-iptables-modules flag to skip this step when modules are already loaded
  • Documents the new step in the prereq README

Fixes #96

Test plan

  • npm run build passes
  • npm test passes (280/280)
  • Verify MachineConfig applies correctly on an OpenShift cluster with RHCOS 9 workers

Generated with agent.sh

@usize @claude
fix: add iptables kernel module MachineConfig for Kagenti proxy-init
bd31e83 
The Kagenti proxy-init init container uses iptables-nft which requires
xt_mark, xt_owner, and xt_REDIRECT kernel modules that are not loaded
by default on RHCOS 9. This adds a new setup step that applies a
MachineConfig to persistently load these modules on worker nodes.

A --skip-iptables-modules flag is provided to skip this step when the
modules are already available.

Fixes sallyom#96

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

proxy-init init container fails on RHCOS nodes missing xt_mark/xt_owner/xt_REDIRECT modules

1 participant

@usize