diff --git a/meta-dstack/recipes-core/images/dstack-rootfs-base.inc b/meta-dstack/recipes-core/images/dstack-rootfs-base.inc index af3dd65..496fc6c 100644 --- a/meta-dstack/recipes-core/images/dstack-rootfs-base.inc +++ b/meta-dstack/recipes-core/images/dstack-rootfs-base.inc @@ -47,6 +47,19 @@ IMAGE_INSTALL = "\ kernel-module-nft-reject \ kernel-module-nft-reject-inet \ kernel-module-nft-hash \ + kernel-module-ip-set \ + kernel-module-ip-set-hash-ip \ + kernel-module-ip-set-hash-net \ + kernel-module-ip-set-hash-ipport \ + kernel-module-ip-set-hash-ipportip \ + kernel-module-ip-set-hash-ipportnet \ + kernel-module-ip-set-hash-netiface \ + kernel-module-ip-set-bitmap-ip \ + kernel-module-ip-set-bitmap-port \ + kernel-module-ip-set-list-set \ + kernel-module-xt-set \ + kernel-module-xt-nflog \ + kernel-module-xt-physdev \ fuse3 \ fuse3-utils \ pigz \ diff --git a/meta-dstack/recipes-kernel/linux/files/dstack-docker.cfg b/meta-dstack/recipes-kernel/linux/files/dstack-docker.cfg index 015be74..cb71c50 100644 --- a/meta-dstack/recipes-kernel/linux/files/dstack-docker.cfg +++ b/meta-dstack/recipes-kernel/linux/files/dstack-docker.cfg @@ -40,6 +40,20 @@ CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y CONFIG_VXLAN=y CONFIG_CGROUP_BPF=y +# ipset support (required by kube-router network policy controller) +CONFIG_IP_SET=m +CONFIG_IP_SET_HASH_IP=m +CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_IPPORT=m +CONFIG_IP_SET_HASH_IPPORTIP=m +CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_NETIFACE=m +CONFIG_IP_SET_BITMAP_IP=m +CONFIG_IP_SET_BITMAP_PORT=m +CONFIG_IP_SET_LIST_SET=m +CONFIG_NETFILTER_XT_SET=m +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m + # BLK IO throttling support CONFIG_BLK_CGROUP=y CONFIG_BLK_DEV_THROTTLING=y