From 3940478b9a1ca55c105e1262373010273233f56b Mon Sep 17 00:00:00 2001
From: Arnaud Meukam <ameukam@gmail.com>
Date: Thu, 28 Aug 2025 17:49:33 +0200
Subject: [PATCH] Add nftables package

NFtables proxy mode is GA in Kubernetes 1.33. See: https://kubernetes.io/blog/2025/02/28/nftables-kube-proxy/
We ensure the nftables package is installed if the cluster is created if
kube-proxy mode is `nftables`.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
---
 nodeup/pkg/model/packages.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nodeup/pkg/model/packages.go b/nodeup/pkg/model/packages.go
index 42411d5734..340a6c8edb 100644
--- a/nodeup/pkg/model/packages.go
+++ b/nodeup/pkg/model/packages.go
@@ -50,6 +50,9 @@ func (b *PackagesBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 		c.AddTask(&nodetasks.Package{Name: "libapparmor1"})
 		c.AddTask(&nodetasks.Package{Name: "libseccomp2"})
 		c.AddTask(&nodetasks.Package{Name: "libltdl7"})
+		if b.NodeupConfig.KubeProxy != nil && fi.ValueOf(b.NodeupConfig.KubeProxy.Enabled) && b.NodeupConfig.KubeProxy.ProxyMode == "nftables" {
+			c.AddTask(&nodetasks.Package{Name: "nftables"})
+		}
 		c.AddTask(&nodetasks.Package{Name: "pigz"})
 		c.AddTask(&nodetasks.Package{Name: "socat"})
 		c.AddTask(&nodetasks.Package{Name: "util-linux"})
@@ -70,6 +73,9 @@ func (b *PackagesBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 		}
 		c.AddTask(&nodetasks.Package{Name: "libseccomp"})
 		c.AddTask(&nodetasks.Package{Name: "libtool-ltdl"})
+		if b.NodeupConfig.KubeProxy != nil && fi.ValueOf(b.NodeupConfig.KubeProxy.Enabled) && b.NodeupConfig.KubeProxy.ProxyMode == "nftables" {
+			c.AddTask(&nodetasks.Package{Name: "nftables"})
+		}
 		c.AddTask(&nodetasks.Package{Name: "socat"})
 		c.AddTask(&nodetasks.Package{Name: "util-linux"})
 		// Handle some packages differently for each distro