Feat: add nftable mode in calico (#12255)

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

roles/network_plugin/calico/templates/calico-node.yml.j2

@@ -275,6 +275,10 @@ spec:
             # Enable or disable usage report
             - name: FELIX_USAGEREPORTINGENABLED
               value: "{{ calico_usage_reporting }}"
+{% if calico_version is version('3.29.0', '>=') %}
+            - name: FELIX_NFTABLESMODE
+              value: "{{ calico_nftable_mode }}"
+{% endif %}
             # Set MTU for tunnel device used if ipip is enabled
 {% if calico_mtu is defined %}
             # Set MTU for tunnel device used if ipip is enabled

roles/network_plugin/calico_defaults/defaults/main.yml

@@ -101,6 +101,10 @@ calico_iptables_lock_timeout_secs: 10
 # Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
 calico_iptables_backend: "Auto"
 
+# Calico NFTable Mode Support (tech preview 3.29)
+# Valid option: Disabled (default), Enabled
+calico_nftable_mode: "Disabled"
+
 # Calico Wireguard support
 calico_wireguard_enabled: false
 calico_wireguard_packages: []