feat(t8s-cluster/management-cluster): enable MutatingAdmissionPolicy

[cwrau]

Summary by CodeRabbit

• Chores
  • Updated Kubernetes feature gate compatibility requirements for cluster management templates
  • Refined version gating for KubeletEnsureSecretPulledImages (now 1.33.0 - 1.35.0)
  • Added support for MutatingAdmissionPolicy feature gate (Kubernetes 1.32.0+)
  • Enabled API server admissions registration runtime configuration (Kubernetes 1.32.0+)

[coderabbitai]

📝 Walkthrough

Walkthrough

Helm template updates for t8s-cluster that refine Kubernetes feature gate version constraints. Modifies version gating for KubeletEnsureSecretPulledImages to restrict to versions 1.33.0-1.35.0, adds MutatingAdmissionPolicy feature gate gating for versions ≥1.32.0, and includes apiserver runtime-config for admissionregistration when Kubernetes ≥1.32.0.

Changes

Cohort / File(s)	Summary
t8s-cluster Helpers Template charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl	Updated feature gate version constraints: bounded KubeletEnsureSecretPulledImages to k8s ≥1.33.0 and <1.35.0; added MutatingAdmissionPolicy gate for k8s ≥1.32.0; added apiserver runtime-config for admissionregistration.k8s.io/v1beta1 when k8s ≥1.32.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat(t8s-cluster/management-cluster): use new KubeletEnsureSecretPulledImages feature gate #1858 — Addresses related featureGates and KubeletEnsureSecretPulledImages gating logic in the same template.
• feat(t8s-cluster/management-cluster): enable ImageVolume feature flag #1786 — Modifies the same clusterClass/_helpers.tpl file for feature-gates and apiserver argument assembly.

Suggested labels

t8s-cluster

Suggested reviewers

• tasches
• marvinWolff
• teutonet-bot

Poem

🐰 A rabbit hops through version gates with care,
1.33 to 1.35, secrets flutter through the air,
MutatingAdmissions now gated tight,
Runtime configs adjusted just right! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'feat(t8s-cluster/management-cluster): enable MutatingAdmissionPolicy' directly and clearly reflects the primary change—enabling MutatingAdmissionPolicy when k8s-version >= 1.32.0.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/enable-mutating-admission-policies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces support for the MutatingAdmissionPolicy feature gate and its corresponding runtime-config for Kubernetes versions 1.32.0 and later. It also adds a version upper bound to the KubeletEnsureSecretPulledImages feature gate. Feedback focuses on ensuring the MutatingAdmissionPolicy admission plugin is also enabled, improving the runtime-config logic to append values instead of overwriting them, and questioning the necessity of the speculative version upper bound.

[Copilot]

Pull request overview

Enables Kubernetes MutatingAdmissionPolicy support in the t8s-cluster management-cluster ClusterClass by adjusting feature-gate handling and apiserver arguments based on Kubernetes version.

Changes:

• Add MutatingAdmissionPolicy to apiserver feature gates for Kubernetes >= 1.32.0.
• Constrain KubeletEnsureSecretPulledImages feature gate to a bounded Kubernetes version range.
• Add an apiserver runtime-config setting gated on Kubernetes >= 1.32.0.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.