k3s check-config requires CONFIG_NF_NAT_IPV4 which is not possible to enable on 5.3.0 kernel
Version:
k3s version v1.17.0+k3s.1 (0f644650)
Describe the bug
After installing ubuntu server for raspberry pi 4 (from here https://ubuntu.com/download/raspberry-pi) I discovered that k3s requires CONFIG_NF_NAT_IPV4, it's problematic as kernel module nf_nat_ipv4.c no longer exists in Linux ubuntu 5.3.0-1015-raspi2 #17-Ubuntu SMP Thu Dec 5 04:58:47 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux, It was merged to nf_nat.c. I enabled the new module but I'm still getting the warning:
ubuntu@ubuntu:~$ k3s check-config
Verifying binaries in /var/lib/rancher/k3s/data/2a58638d251cf65ebf94516fcca3b1d7a21798908a56b368aac0431cd49d0a3a/bin:
- sha256sum: good
- links: good
System:
- /usr/sbin iptables v1.8.3 (legacy): ok
- swap: disabled
- routes: ok
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
info: reading kernel config from /proc/config.gz ...
Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- /usr/sbin/apparmor_parser
apparmor: enabled and tools installed
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: missing (fail)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: missing (fail)
- CONFIG_POSIX_MQUEUE: enabled
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: enabled
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled (as module)
- CONFIG_XFRM_ALGO: enabled (as module)
- CONFIG_INET_ESP: enabled (as module)
- CONFIG_INET_XFRM_MODE_TRANSPORT: missing
- Storage Drivers:
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
STATUS: 2 (fail)
lsmod:
ubuntu@ubuntu:~$ lsmod
Module Size Used by
iptable_nat 16384 0
configs 65536 0
overlay 143360 0
br_netfilter 28672 0
bridge 221184 1 br_netfilter
stp 16384 1 bridge
llc 16384 2 bridge,stp
dm_multipath 40960 0
scsi_dh_rdac 16384 0
scsi_dh_emc 16384 0
scsi_dh_alua 24576 0
nls_ascii 16384 1
btsdio 20480 0
bluetooth 651264 1 btsdio
ecdh_generic 16384 1 bluetooth
ecc 36864 1 ecdh_generic
bcm2835_v4l2 49152 0
brcmfmac 413696 0
bcm2835_mmal_vchiq 45056 1 bcm2835_v4l2
vc_sm_cma 45056 1 bcm2835_mmal_vchiq
v4l2_common 20480 1 bcm2835_v4l2
videobuf2_vmalloc 20480 1 bcm2835_v4l2
brcmutil 28672 1 brcmfmac
input_leds 16384 0
videobuf2_memops 20480 1 videobuf2_vmalloc
videobuf2_v4l2 32768 1 bcm2835_v4l2
videobuf2_common 61440 2 videobuf2_v4l2,bcm2835_v4l2
cfg80211 815104 1 brcmfmac
videodev 278528 4 v4l2_common,videobuf2_v4l2,bcm2835_v4l2,videobuf2_common
mc 69632 3 videodev,videobuf2_v4l2,videobuf2_common
raspberrypi_hwmon 16384 0
spidev 28672 0
rpivid_mem 16384 0
uio_pdrv_genirq 16384 0
uio 20480 1 uio_pdrv_genirq
sch_fq_codel 20480 6
nf_nat 53248 1 iptable_nat
nf_conntrack 167936 1 nf_nat
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
ip_tables 32768 1 iptable_nat
x_tables 57344 1 ip_tables
autofs4 53248 2
btrfs 1429504 0
zstd_compress 163840 1 btrfs
raid10 73728 0
raid456 192512 0
async_raid6_recov 20480 1 raid456
async_memcpy 20480 2 raid456,async_raid6_recov
async_pq 20480 2 raid456,async_raid6_recov
async_xor 20480 3 async_pq,raid456,async_raid6_recov
async_tx 20480 5 async_pq,async_memcpy,async_xor,raid456,async_raid6_recov
xor 20480 2 async_xor,btrfs
xor_neon 16384 1 xor
raid6_pq 114688 4 async_pq,btrfs,raid456,async_raid6_recov
libcrc32c 16384 4 nf_conntrack,nf_nat,btrfs,raid456
raid1 53248 0
raid0 24576 0
multipath 24576 0
linear 20480 0
broadcom 24576 1
bcm_phy_lib 16384 1 broadcom
hid_apple 16384 0
hid_generic 16384 0
mdio_bcm_unimac 20480 0
crct10dif_ce 16384 1
usbhid 69632 0
sdhci_iproc 20480 0
genet 65536 0
gpio_regulator 16384 1
phy_generic 20480 0
fixed 20480 0
aes_neon_bs 28672 1
aes_neon_blk 28672 1 aes_neon_bs
crypto_simd 20480 2 aes_neon_bs,aes_neon_blk
cryptd 24576 1 crypto_simd
aes_arm64 16384 2 aes_neon_bs,aes_neon_blk
kamilgregorczyk
👍4
All 5 comments
Surprisingly, everything works perfectly
kamilgregorczyk
on 14 Jan 2020
The same as Fedora 31:
root@william  /home/fedora  cat /etc/redhat-release  ✔  ⚡  4595  19:14:24
Fedora release 31 (Thirty One)
root@william  /home/fedora  uname -a  ✔  ⚡  4596  19:14:26
Linux william 5.5.13-200.fc31.x86_64 #1 SMP Wed Mar 25 21:55:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@william  /home/fedora   ✔  ⚡  4597  19:14:30
k3s check:
root@william  /home/fedora  k3s --version  ✔  ⚡  4597  19:14:57
k3s version v1.17.3+k3s1 (5b17a175)
root@william  /home/fedora   ✔  ⚡  4598  19:15:02
root@william  /home/fedora  k3s check-config  ✔  ⚡  4598  19:15:03
Verifying binaries in /var/lib/rancher/k3s/data/ca752b211ccbacb1b66df2ec0bc203a9511c0ec045ef5566b31c297958d46a3a/bin:
- sha256sum: good
- links: good
System:
- /usr/sbin iptables v1.8.3 (legacy): ok
- swap: disabled
- routes: default CIDRs 10.42.0.0/16 or 10.43.0.0/16 already routed
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
modprobe: module configs not found in modules.dep
info: reading kernel config from /boot/config-5.5.13-200.fc31.x86_64 ...
Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: missing (fail)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: missing (fail)
- CONFIG_POSIX_MQUEUE: enabled
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_SET: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: enabled
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled
- CONFIG_XFRM_ALGO: enabled
- CONFIG_INET_ESP: enabled (as module)
- CONFIG_INET_XFRM_MODE_TRANSPORT: missing
- Storage Drivers:
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
STATUS: 2 (fail)
root@william  /home/fedora   3 ↵  ⚡  4599  19:15:08
root@william  /home/fedora  lsmod  3 ↵  ⚡  4599  19:15:09
Module Size Used by
binfmt_misc 24576 1
xt_multiport 20480 1
ipt_REJECT 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
veth 32768 0
vxlan 69632 0
ip6_udp_tunnel 16384 1 vxlan
udp_tunnel 16384 1 vxlan
ip6table_nat 16384 0
ip6_tables 36864 1 ip6table_nat
nf_conntrack_netlink 53248 0
xt_addrtype 16384 3
xt_nat 16384 12
xt_conntrack 16384 7
xt_MASQUERADE 20480 6
xt_comment 16384 45
xt_mark 16384 7
iptable_nat 16384 2
nf_nat 53248 4 ip6table_nat,xt_nat,iptable_nat,xt_MASQUERADE
nf_conntrack 163840 5 xt_conntrack,nf_nat,xt_nat,nf_conntrack_netlink,xt_MASQUERADE
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
libcrc32c 16384 2 nf_conntrack,nf_nat
iptable_mangle 16384 1
iptable_filter 16384 1
ip_set 57344 0
nfnetlink 16384 2 nf_conntrack_netlink,ip_set
overlay 135168 17
br_netfilter 28672 0
bridge 208896 1 br_netfilter
stp 16384 1 bridge
llc 16384 2 bridge,stp
intel_rapl_msr 20480 0
intel_rapl_common 32768 1 intel_rapl_msr
cirrus 16384 0
drm_kms_helper 233472 3 cirrus
drm 585728 3 drm_kms_helper,cirrus
virtio_net 57344 0
intel_rapl_perf 20480 0
net_failover 20480 1 virtio_net
virtio_balloon 24576 0
i2c_piix4 28672 0
joydev 28672 0
failover 16384 1 net_failover
ip_tables 32768 3 iptable_filter,iptable_nat,iptable_mangle
crct10dif_pclmul 16384 1
crc32_pclmul 16384 0
crc32c_intel 24576 3
ghash_clmulni_intel 16384 0
serio_raw 20480 0
virtio_console 40960 0
virtio_scsi 24576 0
virtio_blk 20480 2
ata_generic 16384 0
pata_acpi 16384 0
root@william  /home/fedora   ✔  ⚡  4600  19:15:11
warmchang
on 16 Apr 2020
Same on Ubuntu 20.04 LTS:
root@vps:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"
root@vps:~# uname -a
Linux vps 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@vps:~# k3s check-config
Verifying binaries in /var/lib/rancher/k3s/data/6a3098e6644f5f0dbfe14e5efa99bb8fdf60d63cae89fdffd71b7de11a1f1430/bin:
- sha256sum: good
- links: good
System:
- /usr/sbin iptables v1.8.4 (legacy): ok
- swap: should be disabled
- routes: ok
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
modprobe: module configs not found in modules.dep
info: reading kernel config from /boot/config-5.4.0-26-generic ...
Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- /usr/sbin/apparmor_parser
apparmor: enabled and tools installed
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: missing (fail)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: missing (fail)
- CONFIG_POSIX_MQUEUE: enabled
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_SET: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: enabled
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled (as module)
- CONFIG_XFRM_ALGO: enabled (as module)
- CONFIG_INET_ESP: enabled (as module)
- CONFIG_INET_XFRM_MODE_TRANSPORT: missing
- Storage Drivers:
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
STATUS: 2 (fail)
ryanschwartz
on 30 Apr 2020
👍10
davidnuzik
on 5 Aug 2020
Validated on master k3s commit: v1.19.3+k3s-03f05f93 (03f05f93)
- The checks for
CONFIG_NF_NAT_NEEDEDandCONFIG_NF_NAT_IPV4are no longer present - Validated this is working on both ubuntu and centos systems with selinux enabled
rancher-max
on 26 Oct 2020
🚀2
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ashrafgt
·
3Comments
wpwoodjr
·
3Comments
VictorRobellini
·
3Comments
giminni
·
3Comments
Moep90
·
3Comments
Most helpful comment
Same on Ubuntu 20.04 LTS: