Skip to content

Commit

Permalink
fix(host-preflights): disable kernel modules host preflights
Browse files Browse the repository at this point in the history
  • Loading branch information
@emosbaugh
emosbaugh committed Feb 17, 2025
1 parent aa8ed4c commit 31986f8
Showing 1 changed file with 49 additions and 49 deletions.
98 changes: 49 additions & 49 deletions pkg/preflights/host-preflight.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
- cpu: {}
- time: {}
- ipv4Interfaces: {}
- kernelModules: {}
# - kernelModules: {}
- run:
collectorName: 'ip-route-table'
command: 'ip'
Expand Down Expand Up @@ -1008,54 +1008,54 @@ spec:
- pass:
when: 'net.bridge.bridge-nf-call-iptables == 1'
message: "Bridge netfilter call iptables is enabled."
- kernelModules:
checkName: "Overlay kernel module"
outcomes:
- pass:
when: "rosetta == loaded"
message: The kernel is likely linuxkit, skipping kernel module check
- pass:
when: "overlay == loaded,loadable"
message: The 'overlay' kernel module is loaded or loadable
- fail:
when: ""
message: The 'overlay' kernel module is not loaded or loadable
- kernelModules:
checkName: "IP tables kernel module"
outcomes:
- pass:
when: "rosetta == loaded"
message: The kernel is likely linuxkit, skipping kernel module check
- pass:
when: "ip_tables == loaded,loadable"
message: The 'ip_tables' kernel module is loaded or loadable
- fail:
when: ""
message: The 'ip_tables' kernel module is not loaded or loadable
- kernelModules:
checkName: "BR Netfilter kernel module"
outcomes:
- pass:
when: "rosetta == loaded"
message: The kernel is likely linuxkit, skipping kernel module check
- pass:
when: "br_netfilter == loaded,loadable"
message: The 'br_netfilter' kernel module is loaded or loadable
- fail:
when: ""
message: The 'br_netfilter' kernel module is not loaded or loadable
- kernelModules:
checkName: "NF Conntrack kernel module"
outcomes:
- pass:
when: "rosetta == loaded"
message: The kernel is likely linuxkit, skipping kernel module check
- pass:
when: "nf_conntrack == loaded,loadable"
message: The 'nf_conntrack' kernel module is loaded or loadable
- fail:
when: ""
message: The 'nf_conntrack' kernel module is not loaded or loadable
# - kernelModules:
# checkName: "Overlay kernel module"
# outcomes:
# - pass:
# when: "rosetta == loaded"
# message: The kernel is likely linuxkit, skipping kernel module check
# - pass:
# when: "overlay == loaded,loadable"
# message: The 'overlay' kernel module is loaded or loadable
# - fail:
# when: ""
# message: The 'overlay' kernel module is not loaded or loadable
# - kernelModules:
# checkName: "IP tables kernel module"
# outcomes:
# - pass:
# when: "rosetta == loaded"
# message: The kernel is likely linuxkit, skipping kernel module check
# - pass:
# when: "ip_tables == loaded,loadable"
# message: The 'ip_tables' kernel module is loaded or loadable
# - fail:
# when: ""
# message: The 'ip_tables' kernel module is not loaded or loadable
# - kernelModules:
# checkName: "BR Netfilter kernel module"
# outcomes:
# - pass:
# when: "rosetta == loaded"
# message: The kernel is likely linuxkit, skipping kernel module check
# - pass:
# when: "br_netfilter == loaded,loadable"
# message: The 'br_netfilter' kernel module is loaded or loadable
# - fail:
# when: ""
# message: The 'br_netfilter' kernel module is not loaded or loadable
# - kernelModules:
# checkName: "NF Conntrack kernel module"
# outcomes:
# - pass:
# when: "rosetta == loaded"
# message: The kernel is likely linuxkit, skipping kernel module check
# - pass:
# when: "nf_conntrack == loaded,loadable"
# message: The 'nf_conntrack' kernel module is loaded or loadable
# - fail:
# when: ""
# message: The 'nf_conntrack' kernel module is not loaded or loadable
- networkNamespaceConnectivity:
collectorName: check-network-namespace-connectivity
outcomes:
Expand Down

0 comments on commit 31986f8

Please sign in to comment.