parametrize APIServer arguments

closes sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster#169 (closed)

s-c-c MR - sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster!529 (merged)

Tests have been done with deployment of rke2 and kubeadm where kubepaiserver.yaml manisfest contains the args as :

kubeadm

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 172.20.131.21:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --etcd-servers=https://127.0.0.1:2379
    - --feature-gates=ValidatingAdmissionPolicy=true
    - --runtime-config=admissionregistration.k8s.io/v1beta1

rke2

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
  uid: 8c209e7c4c34b228950aff153cc77944
spec:
  containers:
  - args:
    - --etcd-keyfile=/var/lib/rancher/rke2/server/tls/etcd/client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --feature-gates=ValidatingAdmissionPolicy=true
    - --runtime-config=admissionregistration.k8s.io/v1beta1

CK8s (helm template)

apiVersion: controlplane.cluster.x-k8s.io/v1beta2
kind: CK8sControlPlane
metadata:
  name: management-cluster-control-plane
  namespace: sylva-system
spec:
  machineTemplate:
    infrastructureTemplate:
      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
      kind: Metal3MachineTemplate
      name: management-cluster-cp-17c227c595
    nodeDeletionTimeout: 0s
  replicas: 1
  spec:
    controlPlane:
      extraKubeAPIServerArgs:
        --feature-gates: ValidatingAdmissionPolicy=true
        --runtime-config: admissionregistration.k8s.io/v1beta1
      extraSANs:
      - k8s.local
    extraKubeletArgs:
      --anonymous-auth: "false"
      --provider-id: metal3://{{ ds.meta_data.providerid }}

CI configuration

CI pipelines perform an update for both management and workload clusters, this update will NOT perform a ClusterAPI rolling update (deletion and creation of new K8s nodes) by default.

For some cases, it may be relevant to perform more complex tests.

Theses features can be activated in an MR by adding one of these labels to the MR and will apply to the next pipelines.

• adding the label ci-featuretest-rolling-update pipelines will perform a node rolling update in the -update jobs (without version upgrades)
• adding the label ci-featuretest-upgrade-from-1.1.1 pipelines will perform an upgrade from Sylva 1.1.1 to your dev branch (including a k8s version upgrade resulting in a node rolling update)