fix(cluster): revert nftables kube-proxy mode detection

[maxamillion]

Summary

Reverts the nftables kube-proxy mode detection added in PR #18. The detection breaks NodePort routing on hosts where nft is available, causing the gateway health check to time out on Fedora 43.

Related Issue

Follow-up fix to PR #18 (fix(rpm): resolve Fedora 43 install and runtime failures).

Changes

• Removed the KUBE_PROXY_MODE detection block from deploy/docker/cluster-entrypoint.sh
• Removed $KUBE_PROXY_MODE from the final exec /bin/k3s line

Root cause: When the entrypoint detects nft list tables succeeds, it sets --kube-proxy-arg=proxy-mode=nftables. While kube-proxy nftables mode is GA in Kubernetes 1.35, it does not correctly set up NodePort rules in the k3s + flannel configuration used by openshell. The gateway service NodePort (30051) becomes unreachable, so curl https://localhost:30051/health fails and the CLI times out waiting for the health check.

The /etc/modules-load.d/openshell.conf config shipped by the RPM (also from PR #18) already solves the original iptables problem by ensuring legacy kernel modules are loaded at boot. That fix remains in place and is the correct approach.

Testing

Verified on a fresh Fedora 43 (x86_64) instance with Podman 5.8.1:

Test	Result
RPM install from COPR	PASS
All CLI self-contained tests	PASS
Rootful: gateway start (no workarounds)	PASS
Rootful: sandbox create/list/logs/delete	PASS
Rootful: gateway stop/destroy	PASS
Rootless: gateway start	PASS
Rootless: sandbox create/list/logs/delete	PASS
Rootless: gateway stop/destroy	PASS
Server version reporting	PASS (0.0.22-dev.71+g5085967e2)

• mise run pre-commit passes
• Unit tests added/updated (shell script change only)
• E2E tests added/updated

Checklist

• Follows Conventional Commits
• Architecture docs updated (if applicable)

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 08ff69b5-5190-4c2d-814e-544f605223f9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/revert-nftables-kube-proxy

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}