support kube-proxy nftables (#12060)

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -202,13 +202,20 @@
     - dashboard_enabled
     - not ignore_assert_errors
 
-- name: Stop if kernel version is too low
+- name: Stop if kernel version is too low for cilium
   assert:
     that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
   when:
     - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     - not ignore_assert_errors
 
+- name: Stop if kernel version is too low for nftables
+  assert:
+    that: ansible_kernel.split('-')[0] is version('5.13', '>=')
+  when:
+    - kube_proxy_mode == 'nftables'
+    - not ignore_assert_errors
+
 - name: Stop if bad hostname
   assert:
     that: inventory_hostname is match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
@@ -314,7 +321,7 @@
     that:
       - kube_network_plugin in ['calico', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'kube-ovn', 'kube-router', 'macvlan', 'custom_cni', 'none']
       - dns_mode in ['coredns', 'coredns_dual', 'manual', 'none']
-      - kube_proxy_mode in ['iptables', 'ipvs']
+      - kube_proxy_mode in ['iptables', 'ipvs', 'nftables']
       - cert_management in ['script', 'none']
       - resolvconf_mode in ['docker_dns', 'host_resolvconf', 'none']
       - etcd_deployment_type in ['host', 'docker', 'kubeadm']