Skip to content

Enable nf_conntrack kernel module on Rocky 9#17968

Merged
k8s-ci-robot merged 1 commit into
kubernetes:masterfrom
rifelpet:nf_conntrack
Feb 16, 2026
Merged

Enable nf_conntrack kernel module on Rocky 9#17968
k8s-ci-robot merged 1 commit into
kubernetes:masterfrom
rifelpet:nf_conntrack

Conversation

@rifelpet
Copy link
Copy Markdown
Member

@rifelpet rifelpet commented Feb 16, 2026

Rocky 9 disables this by default, causing kube-proxy to fail to be come healthy.

https://storage.googleapis.com/kubernetes-ci-logs/logs/e2e-kops-grid-kubenet-rocky9-k34/2022582081854377984/artifacts/cluster-info/kube-system/kube-proxy-i-055bfe0498b9d2084/kube-proxy.log

https://storage.googleapis.com/kubernetes-ci-logs/logs/e2e-kops-grid-kopeio-rocky9-k33/2020996617997389824/artifacts/cluster-info/kube-system/kube-proxy-i-0cab5b7a433a4752c/kube-proxy.log

I0214 08:27:13.607072      11 conntrack.go:121] "Set sysctl" entry="net/netfilter/nf_conntrack_max" value=262144
E0214 08:27:13.607103      11 server.go:135] "Error running ProxyServer" err="open /proc/sys/net/netfilter/nf_conntrack_max: no such file or directory"
E0214 08:27:13.607120      11 run.go:72] "command failed" err="open /proc/sys/net/netfilter/nf_conntrack_max: no such file or directory"
2026/02/14 08:27:13 running command: exit status 1

List of kernel modules in Rocky9:

https://storage.googleapis.com/kubernetes-ci-logs/logs/e2e-kops-grid-kubenet-rocky9-k34/2022582081854377984/artifacts/i-055bfe0498b9d2084/modules

This is the only distro i could find that has this problem. Rocky10 has it enabled by default:

https://storage.googleapis.com/kubernetes-ci-logs/logs/e2e-kops-aws-nftables-rocky10arm64/2023390069586399232/artifacts/i-07843a6f3ac28d1db/modules

nf_conntrack 188416 6 nf_conntrack_netlink,nft_nat,nft_masq,nft_ct,nf_nat,ip_vs, Live 0x0000000000000000

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Feb 16, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2026
@k8s-ci-robot k8s-ci-robot requested a review from zetaab February 16, 2026 15:35
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 16, 2026
@rifelpet
Copy link
Copy Markdown
Member Author

rifelpet commented Feb 16, 2026

/test pull-kops-aws-kindnet-rocky9

@rifelpet rifelpet marked this pull request as ready for review February 16, 2026 18:11
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2026
@ameukam
Copy link
Copy Markdown
Member

ameukam commented Feb 16, 2026

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 16, 2026
@rifelpet
Copy link
Copy Markdown
Member Author

rifelpet commented Feb 16, 2026

/approve

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Feb 16, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2026
@k8s-ci-robot k8s-ci-robot merged commit 7b714f7 into kubernetes:master Feb 16, 2026
27 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.36 milestone Feb 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olemarkus olemarkus Awaiting requested review from olemarkus

@zetaab zetaab Awaiting requested review from zetaab

@hakman hakman Awaiting requested review from hakman

@johngmyers johngmyers Awaiting requested review from johngmyers

Assignees

@ameukam ameukam

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/nodeup cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

v1.36

Development

Successfully merging this pull request may close these issues.

3 participants

@rifelpet @k8s-ci-robot @ameukam