This is similar to #2068, but a different environment.

We have a user space kubernetes install on our HPC cluster, and we were using a Usernetes version from May 2024, with kind (Kubernetes) version 1.30.x and flannel 1.25.x. That version of flannel doesn't do the check for br_netfilter and kubeadm doesn't either (that's the version it was removed). We updated to latest usernetes, which also updated the flannel install, and this broke our setup.

And logically, because the bridge directory does not exist in the usernetes node (a podman rootless container)

I've reported to Usernetes because the flannel pods for newer versions are in CrashLoopBackoff, and that prevents the setup from working. In the meantime I fell back to the previous version we were using, and everything works great! This is OSU benchmarks, point to point latency between two nodes with an Infiniband fabric:

The reason it works is because we have it enabled on the host:

And I suspect the layer of the stack that needs it is outside of our podman node. The TLDR:

Although br_netfilter does not exist (is not seen) in our rootless podman node (this is where the kubelet is) it is enabled on the host, and so the setup can work without it. The check is not needed, and actually breaks the setup.

Understandably, if the kubelet == the physical node, you'd want the check.

I was wondering if there could be a parameter or flag to disable the check? It would be for niche cases like this. Without such a flag, we'll either need to use an old version or build a custom one. Ideally we could use the latest.

Thank you for your help! If you'd like me to open a PR for this, just point me to where things are, how you'd like naming / design, and I can take a first shot.