Enabling xt_u32 in Openshift Container Platform 4

Solution Verified - Updated -

Issue

Module xt_u32 is not available out of the box on rhcos nodes and can't be used in a pod definition such as the following one:

apiVersion: v1
kind: Pod
metadata:
  name: centos-pod
  labels:
    name: centos-pod
spec:
  containers:
  - name: centos-pod
    command: ["/bin/sh", "-c"]
    args:
        ["yum install -y iptables && sleep inf"]
    image: centos:latest
    securityContext:
      capabilities:
        add: ["NET_ADMIN"]

Environment

OpenShift Container Platform 4.4(RHEL7.6 base) - 4.10 (RHEL8.4 base)

Note: This knowledge applies only to older versions of the OpenShift Container Platform (OCP). The xt_u32 module is no longer available starting from at least OCP 4.13 (which is based on RHEL 9), as it was deprecated in Red Hat Enterprise Linux (RHEL) 8.6 and removed in RHEL 9."

https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html-single/release_notes/index#ocp-4-7-insights-operator

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/8.6_release_notes/index#deprecated-functionality_networking

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content