From cee6cba990cea42e3c2884128d8447a93fbafa91 Mon Sep 17 00:00:00 2001
From: Jason Witkowski <jwitkowski@zscaler.com>
Date: Mon, 26 Feb 2024 17:30:17 -0500
Subject: [PATCH] fix: kube-apiserver extra args override

---
 api/v1alpha1/tenantcontrolplane_types.go               |  4 +++-
 charts/kamaji/Chart.yaml                               |  4 ++--
 charts/kamaji/README.md                                |  2 +-
 .../bases/kamaji.clastix.io_tenantcontrolplanes.yaml   |  5 ++++-
 config/install.yaml                                    |  2 +-
 internal/builders/controlplane/deployment.go           |  2 +-
 internal/resources/konnectivity/agent.go               | 10 ++++++++--
 7 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/api/v1alpha1/tenantcontrolplane_types.go b/api/v1alpha1/tenantcontrolplane_types.go
index 265443a3..5f1a959f 100644
--- a/api/v1alpha1/tenantcontrolplane_types.go
+++ b/api/v1alpha1/tenantcontrolplane_types.go
@@ -138,7 +138,9 @@ type DeploymentSpec struct {
 	// (kube-apiserver, controller-manager, and scheduler).
 	Resources *ControlPlaneComponentsResources `json:"resources,omitempty"`
 	// ExtraArgs allows adding additional arguments to the Control Plane components,
-	// such as kube-apiserver, controller-manager, and scheduler.
+	// such as kube-apiserver, controller-manager, and scheduler. WARNING - This option
+	// can override existing parameters and cause components to misbehave in unxpected ways.
+	// Only modify if you know what you are doing.
 	ExtraArgs          *ControlPlaneExtraArgs `json:"extraArgs,omitempty"`
 	AdditionalMetadata AdditionalMetadata     `json:"additionalMetadata,omitempty"`
 	// AdditionalInitContainers allows adding additional init containers to the Control Plane deployment.
diff --git a/charts/kamaji/Chart.yaml b/charts/kamaji/Chart.yaml
index e8985df8..b4ca1ef3 100644
--- a/charts/kamaji/Chart.yaml
+++ b/charts/kamaji/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.4.0
+appVersion: v0.4.1
 description: Kamaji is a Kubernetes Control Plane Manager.
 home: https://github.com/clastix/kamaji
 icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png
@@ -15,7 +15,7 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.14.0
+version: 0.14.1
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/release-name: kamaji
diff --git a/charts/kamaji/README.md b/charts/kamaji/README.md
index 8a79a014..70e77a0b 100644
--- a/charts/kamaji/README.md
+++ b/charts/kamaji/README.md
@@ -1,6 +1,6 @@
 # kamaji
 
-![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.0](https://img.shields.io/badge/AppVersion-v0.4.0-informational?style=flat-square)
+![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.1](https://img.shields.io/badge/AppVersion-v0.4.1-informational?style=flat-square)
 
 Kamaji is a Kubernetes Control Plane Manager.
 
diff --git a/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml b/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
index 3bd3749f..f949257c 100644
--- a/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
+++ b/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
@@ -6052,7 +6052,10 @@ spec:
                       extraArgs:
                         description: ExtraArgs allows adding additional arguments
                           to the Control Plane components, such as kube-apiserver,
-                          controller-manager, and scheduler.
+                          controller-manager, and scheduler. WARNING - This option
+                          can override existing parameters and cause components to
+                          misbehave in unxpected ways. Only modify if you know what
+                          you are doing.
                         properties:
                           apiServer:
                             items:
diff --git a/config/install.yaml b/config/install.yaml
index 3d72db95..02291014 100644
--- a/config/install.yaml
+++ b/config/install.yaml
@@ -3722,7 +3722,7 @@ spec:
                             type: object
                         type: object
                       extraArgs:
-                        description: ExtraArgs allows adding additional arguments to the Control Plane components, such as kube-apiserver, controller-manager, and scheduler.
+                        description: ExtraArgs allows adding additional arguments to the Control Plane components, such as kube-apiserver, controller-manager, and scheduler. WARNING - This option can override existing parameters and cause components to misbehave in unxpected ways. Only modify if you know what you are doing.
                         properties:
                           apiServer:
                             items:
diff --git a/internal/builders/controlplane/deployment.go b/internal/builders/controlplane/deployment.go
index 56355eb9..56dd91f7 100644
--- a/internal/builders/controlplane/deployment.go
+++ b/internal/builders/controlplane/deployment.go
@@ -727,7 +727,7 @@ func (d Deployment) buildKubeAPIServerCommand(tenantControlPlane kamajiv1alpha1.
 
 	// Order matters, here: extraArgs could try to overwrite some arguments managed by Kamaji and that would be crucial.
 	// Adding as first element of the array of maps, we're sure that these overrides will be sanitized by our configuration.
-	return utilities.MergeMaps(extraArgs, current, desiredArgs)
+	return utilities.MergeMaps(current, desiredArgs, extraArgs)
 }
 
 func (d Deployment) secretProjection(secretName, certKeyName, keyName string) *corev1.SecretProjection {
diff --git a/internal/resources/konnectivity/agent.go b/internal/resources/konnectivity/agent.go
index c99113bf..e30d906c 100644
--- a/internal/resources/konnectivity/agent.go
+++ b/internal/resources/konnectivity/agent.go
@@ -103,6 +103,7 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 		logger := log.FromContext(ctx, "resource", r.GetName())
 
 		address, _, err := tenantControlPlane.AssignedControlPlaneAddress()
+
 		if err != nil {
 			logger.Error(err, "unable to retrieve the Tenant Control Plane address")
 
@@ -164,8 +165,7 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 		r.resource.Spec.Template.Spec.Containers[0].Name = AgentName
 		r.resource.Spec.Template.Spec.Containers[0].Command = []string{"/proxy-agent"}
 
-		args := utilities.ArgsFromSliceToMap(tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.ExtraArgs)
-
+		args := make(map[string]string)
 		args["-v"] = "8"
 		args["--logtostderr"] = "true"
 		args["--ca-cert"] = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
@@ -175,6 +175,12 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 		args["--health-server-port"] = "8134"
 		args["--service-account-token-path"] = "/var/run/secrets/tokens/konnectivity-agent-token"
 
+		extraArgs := utilities.ArgsFromSliceToMap(tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.ExtraArgs)
+
+		for k, v := range extraArgs {
+			args[k] = v
+		}
+
 		r.resource.Spec.Template.Spec.Containers[0].Args = utilities.ArgsFromMapToSlice(args)
 		r.resource.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
 			{