k3s: Add additional required kernel modules

Adds the following kernel modules for k3s:

* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log

Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.

Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

2 files changed, 10 insertions, 2 deletions

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index 1a43a533..32706852 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -96,6 +96,10 @@ RRECOMMENDS:${PN} = "\
                      kernel-module-vxlan \
                      kernel-module-xt-masquerade \
                      kernel-module-xt-statistic \
+                     kernel-module-xt-physdev \
+                     kernel-module-xt-nflog \
+                     kernel-module-xt-limit \
+                     kernel-module-nfnetlink-log \
                      "
 
 RCONFLICTS:${PN} = "kubectl"
diff --git a/recipes-kernel/linux/linux-yocto/kubernetes.cfg b/recipes-kernel/linux/linux-yocto/kubernetes.cfg
index 2d4e1f54..84fa8c57 100644
--- a/recipes-kernel/linux/linux-yocto/kubernetes.cfg
+++ b/recipes-kernel/linux/linux-yocto/kubernetes.cfg
@@ -13,9 +13,14 @@ CONFIG_IP_VS_NFCT=y
 CONFIG_IP_VS_PROTO_TCP=y
 CONFIG_IP_VS_PROTO_UDP=y
 CONFIG_IP_VS_RR=m
+CONFIG_NETFILTER_NETLINK_LOG=m
+CONFIG_NETFILTER_XT_CONNMARK=m
 CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
 CONFIG_NETFILTER_XT_MATCH_MARK=m
-CONFIG_NETFILTER_XT_CONNMARK=m
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_TARGET_NFLOG=m
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
 CONFIG_NAMESPACES=y
 CONFIG_NET_NS=y
 CONFIG_PID_NS=y
@@ -32,4 +37,3 @@ CONFIG_MEMCG=y
 CONFIG_INET=y
 CONFIG_EXT4_FS=y
 CONFIG_PROC_FS=y
-CONFIG_NETFILTER_XT_TARGET_REDIRECT=m