kubermatic · rajaSahil · Aug 20, 2025
diff --git a/deploy/osps/default/osp-rockylinux.yaml b/deploy/osps/default/osp-rockylinux.yaml
@@ -19,7 +19,7 @@ metadata:
   namespace: kube-system
 spec:
   osName: "rockylinux"
-  osVersion: "9.6"
+  osVersion: "10.0"
   version: "v1.7.0"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
@@ -61,6 +61,19 @@ spec:
         update-ca-trust
         {{- end }}
 
+      configureNetwork: |-
+        #cloud-config
+        DEFAULT_IFC_NAME=$(ip -o route get 1 | awk '{print $5}')
+        cat >/etc/cloud/cloud.cfg.d/99-network.cfg <<EOF
+        network:
+          version: 2
+          ethernets:
+            ${DEFAULT_IFC_NAME}:
+              dhcp4: true
+              dhcp6: true
+              accept-ra: true
+        EOF
+
     files:
       - path: /opt/bin/supervise.sh
         permissions: 755
@@ -106,8 +119,13 @@ spec:
                   cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
               fi
 
+              OS_MAJOR_VERSION=$(grep "^VERSION_ID=" /etc/os-release | cut -d '"' -f2 | cut -d '.' -f1)
+              if [ "$OS_MAJOR_VERSION" = "10" ]; then
+                  {{- template "configureNetwork" }}
+              fi
+
               {{- /* Prevent cloud-init from generating network files. */}}
-              {{- if (eq .CloudProviderName "hetzner") }}
+              {{- if (eq .CloudProviderName "hetzner") and "$OS_MAJOR_VERSION" = "9" }}
               echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
 
               # Let NetworkManager manage resolv.conf
@@ -179,7 +197,13 @@ spec:
         templates:
           containerRuntimeInstallation: |-
             yum install -y yum-utils
-            yum-config-manager --add-repo=https://download.docker.com/linux/rhel/docker-ce.repo
+            OS_MAJOR_VERSION=$(grep "^VERSION_ID=" /etc/os-release | cut -d '"' -f2 | cut -d '.' -f1)
+
+            if [ "$OS_MAJOR_VERSION" = "10" ]; then
+              yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+            else
+              yum-config-manager --add-repo=https://download.docker.com/linux/rhel/docker-ce.repo
+            fi
 
             yum install -y containerd.io-1.7* yum-plugin-versionlock
             yum versionlock add containerd.io
@@ -444,7 +468,13 @@ spec:
               #!/usr/bin/env bash
               set -euo pipefail
 
-              modprobe ip_tables
+              OS_MAJOR_VERSION=$(grep "^VERSION_ID=" /etc/os-release | cut -d '"' -f2 | cut -d '.' -f1)
+              if [ "$OS_MAJOR_VERSION" = "10" ]; then
+                modprobe nf_tables
+              else
+                modprobe ip_tables
+              fi
+
               modprobe ip_vs
               modprobe ip_vs_rr
               modprobe ip_vs_wrr
@@ -536,6 +566,26 @@ spec:
                 {{- end }}
                 ipvsadm
 
+              OS_MAJOR_VERSION=$(grep "^VERSION_ID=" /etc/os-release | cut -d '"' -f2 | cut -d '.' -f1)
+              if [ "$OS_MAJOR_VERSION" = "10" ]; then
+                yum install -y \
+                kernel-modules-extra-$(uname -r) \
+                nftables
+
+                sudo systemctl enable --now nftables
+              else
+                DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
+                IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
+                # Enable IPv6 and DHCPv6 on the default interface
+                grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
+                grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
+                grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
+                # Restart NetworkManager to apply for IPv6 configs
+                systemctl restart NetworkManager
+                # Let NetworkManager apply the DHCPv6 configs
+                sleep 3
+              fi
+
               systemctl disable --now firewalld || true
 
               {{- /* iscsid service is required on Nutanix machines for CSI driver to attach volumes. */}}
@@ -547,17 +597,6 @@ spec:
 
               {{- template "safeDownloadBinariesScript" }}
 
-              DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-              IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-              # Enable IPv6 and DHCPv6 on the default interface
-              grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-              grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-              grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-              # Restart NetworkManager to apply for IPv6 configs
-              systemctl restart NetworkManager
-              # Let NetworkManager apply the DHCPv6 configs
-              sleep 3
-
               mkdir -p /etc/systemd/system/kubelet.service.d/
               # set kubelet nodeip environment variable
               /opt/bin/setup_net_env.sh