# Kernel modules loaded at boot by init (ARM64 / Raspberry Pi)
# One module per line. Lines starting with # are ignored.
# Modules are loaded in order listed — dependencies must come first.

# Network device drivers (loaded early so interfaces are available)
# Note: no e1000/e1000e on ARM64 — those are x86 Intel NIC drivers
virtio_net

# Virtio support (for QEMU VMs — block, entropy)
virtio_blk
virtio_rng

# Raspberry Pi specific (USB Ethernet on Pi 4 is built-in, no module needed)
# Pi 5 uses PCIe ethernet, also typically built-in

# Filesystem — overlay (required for containerd)
overlay

# Netfilter dependencies (must load before conntrack)
nf_defrag_ipv4
nf_defrag_ipv6

# Netfilter / connection tracking (required for kube-proxy)
nf_conntrack
nf_nat
nf_conntrack_netlink

# nftables (modern iptables backend)
nf_tables
nft_compat
nft_chain_nat
nft_ct
nft_masq
nft_nat
nft_redir

# Netfilter xt match/target modules (used by kube-proxy iptables rules via nft_compat)
xt_conntrack
xt_MASQUERADE
xt_mark
xt_comment
xt_multiport
xt_nat
xt_addrtype
xt_connmark
xt_REDIRECT
xt_recent
xt_statistic
xt_set

# nft extras (reject, fib — used by kube-proxy nf_tables rules)
nft_reject
nft_reject_ipv4
nft_reject_ipv6
nft_fib
nft_fib_ipv4
nft_fib_ipv6

# Reject targets (used by kube-proxy iptables-restore rules)
nf_reject_ipv4
nf_reject_ipv6
ipt_REJECT
ip6t_REJECT

# nfacct extension (kube-proxy probes for it)
xt_nfacct

# Networking — bridge and netfilter (required for K8s pod networking)
# Load order: llc → stp → bridge → br_netfilter
llc
stp
bridge
br_netfilter
veth
vxlan

# IPVS — useful for kube-proxy IPVS mode and CNI plugins
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh