CRI-O runs but not tested yet
This commit is contained in:
@@ -96,7 +96,7 @@ CONFIG_TMPFS_XATTR=y
|
||||
CONFIG_TMPFS_POSIX_ACL=y
|
||||
# POSIX ACLs on tmpfs. Good compatibility feature for userland.
|
||||
|
||||
CONFIG_OVERLAY_FS=m
|
||||
CONFIG_OVERLAY_FS=y
|
||||
# Overlay filesystem. This is the big one for container image/layer storage.
|
||||
# Module is fine; CRI-O can load/use it after boot. No need to bloat FIT image.
|
||||
|
||||
@@ -131,34 +131,34 @@ CONFIG_DUMMY=m
|
||||
# This is where container networking gets messy. Better to enable a sane baseline.
|
||||
###############################################################################
|
||||
|
||||
CONFIG_NETFILTER=m
|
||||
CONFIG_NETFILTER=y
|
||||
# Netfilter core framework. Module is okay if your setup loads it before use.
|
||||
|
||||
CONFIG_NETFILTER_ADVANCED=y
|
||||
# Exposes more advanced netfilter options and modules.
|
||||
|
||||
CONFIG_NF_CONNTRACK=m
|
||||
CONFIG_NF_CONNTRACK=y
|
||||
# Connection tracking. Critical for NAT, Kubernetes service traffic, and many CNIs.
|
||||
|
||||
CONFIG_NF_NAT=m
|
||||
CONFIG_NF_NAT=y
|
||||
# NAT framework. Required for masquerading and pod egress in many setups.
|
||||
|
||||
CONFIG_NF_TABLES=m
|
||||
CONFIG_NF_TABLES=y
|
||||
# nftables framework. Modern Linux packet filtering backend.
|
||||
|
||||
CONFIG_NFT_CT=m
|
||||
# nftables conntrack expressions.
|
||||
|
||||
CONFIG_NFT_CHAIN_NAT=m
|
||||
CONFIG_NFT_CHAIN_NAT=y
|
||||
# nftables NAT chain support.
|
||||
|
||||
CONFIG_NFT_MASQ=m
|
||||
CONFIG_NFT_MASQ=y
|
||||
# nftables masquerade support. Often needed for pod egress NAT.
|
||||
|
||||
CONFIG_NFT_REDIR=m
|
||||
CONFIG_NFT_REDIR=y
|
||||
# nftables redirect target.
|
||||
|
||||
CONFIG_NFT_NAT=m
|
||||
CONFIG_NFT_NAT=y
|
||||
# nftables NAT support.
|
||||
|
||||
CONFIG_NF_NAT_IPV4=m
|
||||
@@ -216,14 +216,14 @@ CONFIG_NETFILTER_XT_TARGET_CT=m
|
||||
# Bridge / container interface plumbing
|
||||
###############################################################################
|
||||
|
||||
CONFIG_VETH=m
|
||||
CONFIG_VETH=y
|
||||
# Virtual Ethernet pairs. This is how container interfaces are commonly connected
|
||||
# to the host/network namespace.
|
||||
|
||||
CONFIG_BRIDGE=m
|
||||
CONFIG_BRIDGE=y
|
||||
# Ethernet bridge support. Needed by bridge-based CNIs.
|
||||
|
||||
CONFIG_BRIDGE_NETFILTER=m
|
||||
CONFIG_BRIDGE_NETFILTER=y
|
||||
# Allows bridged traffic to pass through netfilter/iptables/nftables hooks.
|
||||
# Important for Kubernetes networking behavior.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user