While testing Image Mode on aarch64, it was discovered that making kernel-modules-extra a dependency of iptables (see RHEL-65224) causes some unforeseen consequences.

The details are in BIFROST-666, but essentially libvirt (specifically its nwfilter driver) depend on iptables, which in turn depends on kernel-modules-extra. However we have an additional kernel build available on aarch64, kernel-64k, and due to this dependency switching between the two results in libvirt getting uninstalled.

More generally, depending on the kernel is not great when containers are involved.

My suggestion is to turn the Requires into a Recommends, making it possible to avoid the installation of the additional package or at least to remove it after the fact; additionally, kernel-64k-modules-extra should explicitly be allowed to satisfy the dependency.