Fix Fedora CoreOS support for flannel CNI

* Explicitly load the `nf_conntrack` and `br_netfilter` kernel
modules that are needed for flannel CNI setups
* Specifically, flannel needs `br_netfilter` and kube-proxy (used
in flannel setups) needs `nf_conntrack`. Previously these kernel
modules were loaded by default but no longer seem to be

CHANGES.md

@@ -13,6 +13,11 @@ Notable changes between versions.
   * Remove `network_mtu`, `network_encapsulation`, and `network_ip_autodetection_method` variables (Calico-specific)
   * Remove Calico-specific Kubelet mounts
 
+### Fedora CoreOS
+
+* Fix Fedora CoreOS support for flannel CNI ([#1557](https://github.com/poseidon/typhoon/pull/1557))
+  * Explicitly load the `nf_conntrack` and `br_netfilter` kernel modules flannel needs
+
 # v1.31.4
 
 * Kubernetes [v1.31.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1314)

aws/fedora-coreos/kubernetes/butane/controller.yaml

@@ -157,6 +157,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:

aws/fedora-coreos/kubernetes/workers/butane/worker.yaml

@@ -112,6 +112,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |

azure/fedora-coreos/kubernetes/butane/controller.yaml

@@ -152,6 +152,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:

azure/fedora-coreos/kubernetes/workers/butane/worker.yaml

@@ -107,6 +107,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |

bare-metal/fedora-coreos/kubernetes/butane/controller.yaml

@@ -162,6 +162,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:

bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml

@@ -116,6 +116,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |

digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml

@@ -159,6 +159,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:

digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml

@@ -112,6 +112,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |

google-cloud/fedora-coreos/kubernetes/butane/controller.yaml

@@ -151,6 +151,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:

google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml

@@ -106,6 +106,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |