From cc790bfc4576c02ce4af63a8e653fc1f58fa0d72 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Fri, 27 Dec 2024 19:36:34 -0800
Subject: [PATCH] Fix Fedora CoreOS support for flannel CNI

* Explicitly load the `nf_conntrack` and `br_netfilter` kernel
modules that are needed for flannel CNI setups
* Specifically, flannel needs `br_netfilter` and kube-proxy (used
in flannel setups) needs `nf_conntrack`. Previously these kernel
modules were loaded by default but no longer seem to be
---
 CHANGES.md                                                 | 5 +++++
 aws/fedora-coreos/kubernetes/butane/controller.yaml        | 7 +++++++
 aws/fedora-coreos/kubernetes/workers/butane/worker.yaml    | 7 +++++++
 azure/fedora-coreos/kubernetes/butane/controller.yaml      | 7 +++++++
 azure/fedora-coreos/kubernetes/workers/butane/worker.yaml  | 7 +++++++
 bare-metal/fedora-coreos/kubernetes/butane/controller.yaml | 7 +++++++
 .../fedora-coreos/kubernetes/worker/butane/worker.yaml     | 7 +++++++
 .../fedora-coreos/kubernetes/butane/controller.yaml        | 7 +++++++
 digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml  | 7 +++++++
 .../fedora-coreos/kubernetes/butane/controller.yaml        | 7 +++++++
 .../fedora-coreos/kubernetes/workers/butane/worker.yaml    | 7 +++++++
 11 files changed, 75 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 8529961c..1cb7c08b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -13,6 +13,11 @@ Notable changes between versions.
   * Remove `network_mtu`, `network_encapsulation`, and `network_ip_autodetection_method` variables (Calico-specific)
   * Remove Calico-specific Kubelet mounts
 
+### Fedora CoreOS
+
+* Fix Fedora CoreOS support for flannel CNI ([#1557](https://github.com/poseidon/typhoon/pull/1557))
+  * Explicitly load the `nf_conntrack` and `br_netfilter` kernel modules flannel needs
+
 # v1.31.4
 
 * Kubernetes [v1.31.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1314)
diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml
index 00475925..35c861d2 100644
--- a/aws/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml
@@ -157,6 +157,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:
diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml
index 49f92e8c..a299ad6f 100644
--- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml
+++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml
@@ -112,6 +112,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |
diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml
index 9beb852d..d826cf4d 100644
--- a/azure/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml
@@ -152,6 +152,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:
diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml
index 21dca19e..5c86053b 100644
--- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml
+++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml
@@ -107,6 +107,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |
diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml
index 03b08f76..355fa0ab 100644
--- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml
@@ -162,6 +162,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:
diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml
index ee65bd9b..98bf9edd 100644
--- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml
+++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml
@@ -116,6 +116,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |
diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml
index 9e130f53..e0c2dabc 100644
--- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml
@@ -159,6 +159,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:
diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml
index 003974b3..dad1291e 100644
--- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml
+++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml
@@ -112,6 +112,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |
diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml
index 8ab40743..81a3cfeb 100644
--- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml
@@ -151,6 +151,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /opt/bootstrap/layout
       mode: 0544
       contents:
diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml
index ebc19899..edb52dc0 100644
--- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml
+++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml
@@ -106,6 +106,13 @@ storage:
           readOnlyPort: 0
           resolvConf: /run/systemd/resolve/resolv.conf
           volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/modules-load.d/typhoon.conf
+      mode: 0644
+      contents:
+        inline: |
+          # https://github.com/flannel-io/flannel/tree/master
+          nf_conntrack
+          br_netfilter
     - path: /etc/systemd/logind.conf.d/inhibitors.conf
       contents:
         inline: |