From f0862fbc91403b77a4e86fe1fbb695dff41bfc6f Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Wed, 15 Apr 2026 10:54:22 +0200
Subject: [PATCH] feat(t8s-cluster/management-cluster): enable
 MutatingAdmissionPolicy

---
 .../management-cluster/clusterClass/_helpers.tpl          | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
index a3d10ea8e0..c0e49901de 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
@@ -80,9 +80,12 @@ server = {{ printf "https://%s" .registry | quote }}
 
 {{- define "t8s-cluster.featureGates" -}}
   {{- $featureGates := (dict "ImageVolume" (list "apiserver" "kubelet")) -}}
-  {{- if semverCompare ">=1.33.0" (include "t8s-cluster.k8s-version" .context) -}}
+  {{- if semverCompare ">=1.33.0 <1.35.0" (include "t8s-cluster.k8s-version" .context) -}}
     {{- $featureGates = set $featureGates "KubeletEnsureSecretPulledImages" (list "kubelet") -}}
   {{- end -}}
+  {{- if semverCompare ">=1.32.0" (include "t8s-cluster.k8s-version" .context) -}}
+    {{- $featureGates = set $featureGates "MutatingAdmissionPolicy" (list "apiserver") -}}
+  {{- end -}}
   {{- toYaml $featureGates -}}
 {{- end -}}
 
@@ -211,6 +214,9 @@ admission-control-config.yaml
   {{- $args = set $args "enable-admission-plugins" (include "t8s-cluster.clusterClass.apiServer.admissionPlugins" (dict "context" .context) | fromYamlArray | join ",") -}}
   {{- $args = set $args "event-ttl" "4h" -}}
   {{- $args = set $args "tls-cipher-suites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray | join ",") -}}
+  {{- if semverCompare ">=1.32.0" (include "t8s-cluster.k8s-version" .context) -}}
+    {{- $args = set $args "runtime-config" "admissionregistration.k8s.io/v1beta1=true" -}}
+  {{- end -}}
   {{- $featureFlags := list -}}
   {{- range $featureFlag, $enabled := include "t8s-cluster.featureGates.forComponent" (dict "component" "apiserver" "context" .context) | fromYaml -}}
     {{- $featureFlags = append $featureFlags (printf "%s=%t" $featureFlag $enabled) -}}