kubernetes-sigs · k8s-ci-robot · Apr 19, 2024 · Apr 11, 2024 · Apr 19, 2024
diff --git a/pkg/apis/config/v1alpha4/types.go b/pkg/apis/config/v1alpha4/types.go
@@ -186,7 +186,7 @@ type Networking struct {
 	// If DisableDefaultCNI is true, kind will not install the default CNI setup.
 	// Instead the user should install their own CNI after creating the cluster.
 	DisableDefaultCNI bool `yaml:"disableDefaultCNI,omitempty" json:"disableDefaultCNI,omitempty"`
-	// KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode
+	// KubeProxyMode defines if kube-proxy should operate in iptables, ipvs or nftables mode
 	// Defaults to 'iptables' mode
 	KubeProxyMode ProxyMode `yaml:"kubeProxyMode,omitempty" json:"kubeProxyMode,omitempty"`
 	// DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host.
@@ -213,6 +213,8 @@ const (
 	IPTablesProxyMode ProxyMode = "iptables"
 	// IPVSProxyMode sets ProxyMode to ipvs
 	IPVSProxyMode ProxyMode = "ipvs"
+	// NFTablesProxyMode sets ProxyMode to nftables
+	NFTablesProxyMode ProxyMode = "nftables"
 )
 
 // PatchJSON6902 represents an inline kustomize json 6902 patch

diff --git a/pkg/cluster/internal/kubeadm/config.go b/pkg/cluster/internal/kubeadm/config.go
@@ -57,7 +57,7 @@ type ConfigData struct {
 	// The Token for TLS bootstrap
 	Token string
 
-	// KubeProxyMode defines the kube-proxy mode between iptables or ipvs
+	// KubeProxyMode defines the kube-proxy mode between iptables, ipvs or nftables
 	KubeProxyMode string
 	// The subnet used for pods
 	PodSubnet string

diff --git a/pkg/internal/apis/config/types.go b/pkg/internal/apis/config/types.go
@@ -148,7 +148,7 @@ type Networking struct {
 	// If DisableDefaultCNI is true, kind will not install the default CNI setup.
 	// Instead the user should install their own CNI after creating the cluster.
 	DisableDefaultCNI bool
-	// KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode
+	// KubeProxyMode defines if kube-proxy should operate in iptables, ipvs or nftables mode
 	KubeProxyMode ProxyMode
 	// DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host.
 	DNSSearch *[]string
@@ -174,6 +174,8 @@ const (
 	IPTablesProxyMode ProxyMode = "iptables"
 	// IPVSProxyMode sets ProxyMode to ipvs
 	IPVSProxyMode ProxyMode = "ipvs"
+	// NFTablesProxyMode sets ProxyMode to nftables
+	NFTablesProxyMode ProxyMode = "nftables"
 	// NoneProxyMode disables kube-proxy
 	NoneProxyMode ProxyMode = "none"
 )

diff --git a/pkg/internal/apis/config/validate.go b/pkg/internal/apis/config/validate.go
@@ -69,7 +69,7 @@ func (c *Cluster) Validate() error {
 
 	// KubeProxyMode should be iptables or ipvs
 	if c.Networking.KubeProxyMode != IPTablesProxyMode && c.Networking.KubeProxyMode != IPVSProxyMode &&
-		c.Networking.KubeProxyMode != NoneProxyMode {
+		c.Networking.KubeProxyMode != NoneProxyMode && c.Networking.KubeProxyMode != NFTablesProxyMode {
 		errs = append(errs, errors.Errorf("invalid kubeProxyMode: %s", c.Networking.KubeProxyMode))
 	}
 

diff --git a/site/content/docs/user/configuration.md b/site/content/docs/user/configuration.md
@@ -217,14 +217,14 @@ networking:
 
 #### kube-proxy mode
 
-You can configure the kube-proxy mode that will be used, between iptables and ipvs. By
-default iptables is used
+You can configure the kube-proxy mode that will be used, between iptables, nftables (Kubernetes v1.31+), and ipvs.
+By default iptables is used
 
 {{< codeFromInline lang="yaml" >}}
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 networking:
-  kubeProxyMode: "ipvs"
+  kubeProxyMode: "nftables"
 {{< /codeFromInline >}}
 
 To disable kube-proxy, set the mode to `"none"`.