A dual-stack TKGm cluster node deployed using TCA fails to reach the Kubernetes service IP after a reboot. The failure is confirmed by a curl attempt to the Kubernetes service IP from other nodes.

3.x

kube-proxy fails to install ip6tables rules after a node reboot. The ip6tables-restore error "unknown option --xor-mark" suggests the iptables version is incompatible with the node's old kernel (6.1.114).

2025-00-00T00:00:00.894360984Z stderr F E0821 16:36:22.894312 1 proxier.go:1511] "Failed to execute iptables-restore" err=<
2025-00-00T00:00:00.894372909Z stderr F exit status 2: Warning: Extension MARK revision 0 not supported, missing kernel module?
2025-00-00T00:00:00.894375405Z stderr F ip6tables-restore v1.8.9 (nf_tables): unknown option "--xor-mark"
2025-00-00T00:00:00.894377434Z stderr F Error occurred at line: 185
2025-00-00T00:00:00.894379379Z stderr F Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2025-00-00T00:00:00.894381779Z stderr F >
2025-00-00T00:00:00.894383721Z stderr F I0821 16:36:22.894330 1 proxier.go:810] "Sync failed" retryingTime="30s"

Work with the CNF vendor to update the kernel version on the worker nodes from 6.1.114-1.ph5 to 6.1.130-1.ph5 by enforcing it via CSAR