What Happened?
On the Hyper-V driver, the Minikube VM’s Linux kernel is missing the IPv6 netfilter pieces that Kubernetes needs to program Service VIPs/NodePorts. Both stacks that kube-proxy/Calico can use are unavailable:
ip6tables (legacy): filter and mangle exist, but raw and nat are missing
nftables: nf_tables and related modules don’t exist at all
Because kube-proxy and Calico program IPv6 Service rules through these tables, IPv6 Services cannot function on this VM. Calico Felix never becomes Ready and panics while trying to save v6 tables.
Attach the log file
Minimal reproduction
Any cluster on Hyper-V is enough (dual-stack not strictly required to observe the missing tables). For example:
# Windows PowerShell (Admin), Hyper-V switch already configured
$env:MINIKUBE_START_HOST_TIMEOUT = "10m"
minikube start --driver=hyperv --memory=2048 --alsologtostderr -v=1
Then confirm inside the VM that IPv6 is enabled and the tables/backends are missing:
# IPv6 is enabled (so the problem isn’t sysctl)
minikube ssh -- 'sysctl -n net.ipv6.conf.all.disable_ipv6; sysctl -n net.ipv6.conf.default.disable_ipv6'
# Output:
# 0
# 0
# ip6tables (legacy): filter/mangle exist; raw/nat are missing
# Exit code 0 = OK; 3 = “can’t initialize table”
minikube ssh -- 'for t in filter mangle raw nat; do printf "%s: " $t; sudo -n ip6tables -t $t -S >/dev/null 2>&1; echo $?; done'
# Output:
# filter:0
# mangle:0
# raw:3
# nat:3
# Attempt to load usual IPv6 netfilter modules — still missing raw/nat
minikube ssh -- 'sudo modprobe ip6_tables ip6table_filter ip6table_mangle ip6table_raw ip6table_nat nf_conntrack nf_nat || true'
minikube ssh -- 'for t in filter mangle raw nat; do printf "%s: " $t; sudo -n ip6tables -t $t -S >/dev/null 2>&1; echo $?; done'
# Output remains:
# filter:0
# mangle:0
# raw:3
# nat:3
# nftables stack: modules don’t exist in the kernel
minikube ssh -- 'for m in nf_tables nfnetlink nft_chain_nat nft_masq nft_ct nft_reject_ipv6 nf_conntrack nf_nat; do sudo modprobe $m || true; done'
# Example output:
# modprobe: FATAL: Module nf_tables not found in directory /lib/modules/6.6.95
# modprobe: FATAL: Module nft_chain_nat not found in directory /lib/modules/6.6.95
# modprobe: FATAL: Module nft_masq not found in directory /lib/modules/6.6.95
# modprobe: FATAL: Module nft_ct not found in directory /lib/modules/6.6.95
# modprobe: FATAL: Module nft_reject_ipv6 not found in directory /lib/modules/6.6.95
# ip6tables-nft backend also fails (no nftables in kernel)
minikube ssh -- 'for t in filter raw nat; do printf "%s: " $t; sudo -n ip6tables-nft -t $t -S >/dev/null 2>&1; echo $?; done'
# Output:
# filter:1
# raw:1
# nat:1
With Calico, Felix corroborates this (both backends):
ip6tables-nft-save command failed ... table="raw"
ip6tables-legacy-save command failed ... table="raw"
PANIC ... command failed after retries ... table="raw"
Readiness probe failed: felix is not ready
Operating System
Windows
Driver
Hyper-V
What Happened?
On the Hyper-V driver, the Minikube VM’s Linux kernel is missing the IPv6 netfilter pieces that Kubernetes needs to program Service VIPs/NodePorts. Both stacks that kube-proxy/Calico can use are unavailable:
Because kube-proxy and Calico program IPv6 Service rules through these tables, IPv6 Services cannot function on this VM. Calico Felix never becomes Ready and panics while trying to save v6 tables.
Attach the log file
Minimal reproduction
Any cluster on Hyper-V is enough (dual-stack not strictly required to observe the missing tables). For example:
Operating System
Windows
Driver
Hyper-V