Expose EnableNFTables in flannel config

rifelpet · rifelpet · commit d4c604e8bc2a · 2026-04-14T17:33:52.000-05:00
diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
@@ -173,6 +173,8 @@ type FlannelNetworkingSpec struct {
 	Backend string `json:"backend,omitempty"`
 	// IptablesResyncSeconds sets resync period for iptables rules, in seconds
 	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
+	// EnableNFTables makes flannel use nftables instead of iptables.
+	EnableNFTables bool `json:"enableNFTables,omitempty"`
 }
 
 // CalicoNetworkingSpec declares that we want Calico networking
diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
@@ -128,6 +128,8 @@ type FlannelNetworkingSpec struct {
 	DisableTxChecksumOffloading bool `json:"disableTxChecksumOffloading,omitempty"`
 	// IptablesResyncSeconds sets resync period for iptables rules, in seconds
 	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
+	// EnableNFTables makes flannel use nftables instead of iptables.
+	EnableNFTables bool `json:"enableNFTables,omitempty"`
 }
 
 // CalicoNetworkingSpec declares that we want Calico networking
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go
@@ -137,6 +137,8 @@ type FlannelNetworkingSpec struct {
 	Backend string `json:"backend,omitempty"`
 	// IptablesResyncSeconds sets resync period for iptables rules, in seconds
 	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
+	// EnableNFTables makes flannel use nftables instead of iptables.
+	EnableNFTables bool `json:"enableNFTables,omitempty"`
 }
 
 // CalicoNetworkingSpec declares that we want Calico networking
diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
diff --git a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.25.yaml.template b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.25.yaml.template
@@ -92,7 +92,7 @@ data:
   net-conf.json: |
     {
       "Network": "{{ .Networking.NonMasqueradeCIDR }}",
-      "EnableNFTables": false,
+      "EnableNFTables": {{ .Networking.Flannel.EnableNFTables }},
       "Backend": {
         "Type": "{{ FlannelBackendType }}"
       }

Original file line number	Diff line number	Diff line change
`@@ -173,6 +173,8 @@ type FlannelNetworkingSpec struct {`
`173`	`173`	Backend string `json:"backend,omitempty"`
`174`	`174`	`// IptablesResyncSeconds sets resync period for iptables rules, in seconds`
`175`	`175`	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
	`176`	`+ // EnableNFTables makes flannel use nftables instead of iptables.`
	`177`	+ EnableNFTables bool `json:"enableNFTables,omitempty"`
`176`	`178`	`}`
`177`	`179`
`178`	`180`	`// CalicoNetworkingSpec declares that we want Calico networking`
Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,8 @@ type FlannelNetworkingSpec struct {`
`128`	`128`	DisableTxChecksumOffloading bool `json:"disableTxChecksumOffloading,omitempty"`
`129`	`129`	`// IptablesResyncSeconds sets resync period for iptables rules, in seconds`
`130`	`130`	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
	`131`	`+ // EnableNFTables makes flannel use nftables instead of iptables.`
	`132`	+ EnableNFTables bool `json:"enableNFTables,omitempty"`
`131`	`133`	`}`
`132`	`134`
`133`	`135`	`// CalicoNetworkingSpec declares that we want Calico networking`
Original file line number	Diff line number	Diff line change
`@@ -137,6 +137,8 @@ type FlannelNetworkingSpec struct {`
`137`	`137`	Backend string `json:"backend,omitempty"`
`138`	`138`	`// IptablesResyncSeconds sets resync period for iptables rules, in seconds`
`139`	`139`	IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"`
	`140`	`+ // EnableNFTables makes flannel use nftables instead of iptables.`
	`141`	+ EnableNFTables bool `json:"enableNFTables,omitempty"`
`140`	`142`	`}`
`141`	`143`
`142`	`144`	`// CalicoNetworkingSpec declares that we want Calico networking`
Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ data:`
`92`	`92`	`net-conf.json: \|`
`93`	`93`	`{`
`94`	`94`	`"Network": "{{ .Networking.NonMasqueradeCIDR }}",`
`95`		`- "EnableNFTables": false,`
	`95`	`+ "EnableNFTables": {{ .Networking.Flannel.EnableNFTables }},`
`96`	`96`	`"Backend": {`
`97`	`97`	`"Type": "{{ FlannelBackendType }}"`
`98`	`98`	`}`