From 4982b1b059be33c1deaef0e6916865aef9ace1dc Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Thu, 7 Mar 2024 09:37:22 -0300
Subject: [PATCH 01/88] CKS Enhancements - Phase 1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Ability to specify different compute or service offerings for different types of CKS cluster nodes – worker, master or etcd

* Ability to use CKS ready custom templates for CKS cluster nodes

---------

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
---
 .../cluster/KubernetesClusterHelper.java      |   9 +
 .../template/VirtualMachineTemplate.java      |   2 +
 .../java/com/cloud/vm/VmDetailConstants.java  |   3 +
 .../apache/cloudstack/api/ApiConstants.java   |  10 +
 .../GetUploadParamsForTemplateCmd.java        |   9 +
 .../user/template/ListTemplatesCmd.java       |   7 +
 .../user/template/RegisterTemplateCmd.java    |   9 +
 .../api/response/TemplateResponse.java        |   9 +
 .../java/com/cloud/storage/VMTemplateVO.java  |  11 +
 .../META-INF/db/schema-41810to41900.sql       |  20 +
 .../META-INF/db/views/cloud.template_view.sql |   1 +
 .../storage/image/store/TemplateObject.java   |   5 +
 .../kubernetes/cluster/KubernetesCluster.java |   7 +
 .../cluster/KubernetesClusterHelperImpl.java  | 138 +++++++
 .../cluster/KubernetesClusterManagerImpl.java | 331 +++++++++++++----
 .../cluster/KubernetesClusterVO.java          |  79 +++-
 .../cluster/KubernetesClusterVmMapVO.java     |  11 +
 .../KubernetesClusterActionWorker.java        |  43 ++-
 ...esClusterResourceModifierActionWorker.java |  42 ++-
 .../KubernetesClusterScaleWorker.java         | 208 ++++++++---
 .../KubernetesClusterStartWorker.java         |  24 +-
 .../dao/KubernetesClusterVmMapDao.java        |   3 +
 .../dao/KubernetesClusterVmMapDaoImpl.java    |  23 ++
 .../cluster/CreateKubernetesClusterCmd.java   |  34 +-
 .../cluster/ScaleKubernetesClusterCmd.java    |  13 +
 .../response/KubernetesClusterResponse.java   |  84 +++++
 .../KubernetesClusterHelperImplTest.java      | 145 ++++++++
 .../KubernetesClusterManagerImplTest.java     | 129 +++++++
 .../KubernetesClusterScaleWorkerTest.java     | 130 +++++++
 .../com/cloud/api/query/QueryManagerImpl.java |  15 +-
 .../api/query/dao/TemplateJoinDaoImpl.java    |   1 +
 .../cloud/api/query/vo/TemplateJoinVO.java    |   7 +
 .../com/cloud/storage/TemplateProfile.java    |   9 +
 .../upload/params/TemplateUploadParams.java   |   4 +-
 .../upload/params/UploadParamsBase.java       |   7 +-
 .../template/HypervisorTemplateAdapter.java   |   1 +
 .../com/cloud/template/TemplateAdapter.java   |   2 +-
 .../cloud/template/TemplateAdapterBase.java   |  17 +-
 systemvm/debian/opt/cloud/bin/cs/CsDhcp.py    |  10 +-
 .../cks/ubuntu/22.04/cks-ubuntu-2204.json     |  54 +++
 .../appliance/cks/ubuntu/22.04/http/meta-data |  16 +
 .../appliance/cks/ubuntu/22.04/http/user-data | 103 ++++++
 .../cks/ubuntu/22.04/scripts/apt_upgrade.sh   |  37 ++
 .../cks/ubuntu/22.04/scripts/cleanup.sh       |  80 ++++
 .../22.04/scripts/configure-cloud-init.sh     |  52 +++
 .../22.04/scripts/configure_networking.sh     |  73 ++++
 tools/appliance/cks/ubuntu/build.sh           | 346 ++++++++++++++++++
 ui/public/locales/en.json                     |  12 +
 ui/src/components/view/InfoCard.vue           |  33 ++
 .../views/compute/CreateKubernetesCluster.vue | 192 +++++++++-
 .../views/compute/ScaleKubernetesCluster.vue  | 146 +++++++-
 .../views/image/RegisterOrUploadTemplate.vue  |   5 +
 52 files changed, 2595 insertions(+), 166 deletions(-)
 create mode 100644 plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java
 create mode 100644 plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
 create mode 100644 tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
 create mode 100644 tools/appliance/cks/ubuntu/22.04/http/meta-data
 create mode 100644 tools/appliance/cks/ubuntu/22.04/http/user-data
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/cleanup.sh
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/configure_networking.sh
 create mode 100755 tools/appliance/cks/ubuntu/build.sh

diff --git a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelper.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelper.java
index e160227749db..9bc9cd386326 100644
--- a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelper.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelper.java
@@ -19,8 +19,17 @@
 import com.cloud.utils.component.Adapter;
 import org.apache.cloudstack.acl.ControlledEntity;
 
+import java.util.Map;
+
 public interface KubernetesClusterHelper extends Adapter {
 
+    enum KubernetesClusterNodeType {
+        CONTROL, WORKER, ETCD, DEFAULT
+    }
+
     ControlledEntity findByUuid(String uuid);
     ControlledEntity findByVmId(long vmId);
+    boolean isValidNodeType(String nodeType);
+    Map<String, Long> getServiceOfferingNodeTypeMap(Map<String, Map<String, String>> serviceOfferingNodeTypeMap);
+    Map<String, Long> getTemplateNodeTypeMap(Map<String, Map<String, String>> templateNodeTypeMap);
 }
diff --git a/api/src/main/java/com/cloud/template/VirtualMachineTemplate.java b/api/src/main/java/com/cloud/template/VirtualMachineTemplate.java
index 1f8cef0365b1..6ed6ae0932d9 100644
--- a/api/src/main/java/com/cloud/template/VirtualMachineTemplate.java
+++ b/api/src/main/java/com/cloud/template/VirtualMachineTemplate.java
@@ -144,6 +144,8 @@ public enum TemplateFilter {
 
     boolean isDeployAsIs();
 
+    boolean isForCks();
+
     Long getUserDataId();
 
     UserData.UserDataOverridePolicy getUserDataOverridePolicy();
diff --git a/api/src/main/java/com/cloud/vm/VmDetailConstants.java b/api/src/main/java/com/cloud/vm/VmDetailConstants.java
index 603948d76cfc..c21f6d23485a 100644
--- a/api/src/main/java/com/cloud/vm/VmDetailConstants.java
+++ b/api/src/main/java/com/cloud/vm/VmDetailConstants.java
@@ -88,6 +88,9 @@ public interface VmDetailConstants {
     String DEPLOY_AS_IS_CONFIGURATION = "configurationId";
     String KEY_PAIR_NAMES = "keypairnames";
     String CKS_CONTROL_NODE_LOGIN_USER = "controlNodeLoginUser";
+    String CKS_NODE_TYPE = "node";
+    String OFFERING = "offering";
+    String TEMPLATE = "template";
 
     // VMware to KVM VM migrations specific
     String VMWARE_TO_KVM_PREFIX = "vmware-to-kvm";
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 6dfcf6561244..b148d0ccbeac 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -496,6 +496,12 @@ public class ApiConstants {
 
     public static final String VLAN = "vlan";
     public static final String VLAN_RANGE = "vlanrange";
+    public static final String WORKER_SERVICE_OFFERING_ID = "workerofferingid";
+    public static final String WORKER_SERVICE_OFFERING_NAME = "workerofferingname";
+    public static final String CONTROL_SERVICE_OFFERING_ID = "controlofferingid";
+    public static final String CONTROL_SERVICE_OFFERING_NAME = "controlofferingname";
+    public static final String ETCD_SERVICE_OFFERING_ID = "etcdofferingid";
+    public static final String ETCD_SERVICE_OFFERING_NAME = "etcdofferingname";
     public static final String REMOVE_VLAN = "removevlan";
     public static final String VLAN_ID = "vlanid";
     public static final String ISOLATED_PVLAN = "isolatedpvlan";
@@ -837,6 +843,7 @@ public class ApiConstants {
     public static final String SPLIT_CONNECTIONS = "splitconnections";
     public static final String FOR_VPC = "forvpc";
     public static final String FOR_NSX = "fornsx";
+    public static final String FOR_CKS = "forcks";
     public static final String NSX_SUPPORT_LB = "nsxsupportlb";
     public static final String NSX_SUPPORTS_INTERNAL_LB = "nsxsupportsinternallb";
     public static final String FOR_TUNGSTEN = "fortungsten";
@@ -1043,6 +1050,7 @@ public class ApiConstants {
     public static final String MASTER_NODES = "masternodes";
     public static final String NODE_IDS = "nodeids";
     public static final String CONTROL_NODES = "controlnodes";
+    public static final String ETCD_NODES = "etcdnodes";
     public static final String MIN_SEMANTIC_VERSION = "minimumsemanticversion";
     public static final String MIN_KUBERNETES_VERSION_ID = "minimumkubernetesversionid";
     public static final String NODE_ROOT_DISK_SIZE = "noderootdisksize";
@@ -1051,6 +1059,8 @@ public class ApiConstants {
     public static final String AUTOSCALING_ENABLED = "autoscalingenabled";
     public static final String MIN_SIZE = "minsize";
     public static final String MAX_SIZE = "maxsize";
+    public static final String NODE_TYPE_OFFERING_MAP = "nodeofferings";
+    public static final String NODE_TYPE_TEMPLATE_MAP = "nodetemplates";
 
     public static final String BOOT_TYPE = "boottype";
     public static final String BOOT_MODE = "bootmode";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
index c878fda82409..eef5c74bc407 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
@@ -93,6 +93,11 @@ public class GetUploadParamsForTemplateCmd extends AbstractGetUploadParamsCmd {
             description = "(VMware only) true if VM deployments should preserve all the configurations defined for this template", since = "4.15.1")
     private Boolean deployAsIs;
 
+    @Parameter(name=ApiConstants.FOR_CKS,
+            type = CommandType.BOOLEAN,
+            description = "if true, the templates would be available for deploying CKS clusters", since = "4.20.0")
+    protected Boolean forCks;
+
     public String getDisplayText() {
         return StringUtils.isBlank(displayText) ? getName() : displayText;
     }
@@ -162,6 +167,10 @@ public boolean isDeployAsIs() {
                 Boolean.TRUE.equals(deployAsIs);
     }
 
+    public boolean isForCks() {
+        return Boolean.TRUE.equals(forCks);
+    }
+
     @Override
     public void execute() throws ServerApiException {
         validateRequest();
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
index 113080257d02..e9fdc2d14273 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
@@ -104,6 +104,11 @@ public class ListTemplatesCmd extends BaseListTaggedResourcesCmd implements User
             since = "4.19.0")
     private Boolean isVnf;
 
+    @Parameter(name = ApiConstants.FOR_CKS, type = CommandType.BOOLEAN,
+            description = "list templates that can be used to deploy CKS clusters",
+            since = "4.20.0")
+    private Boolean forCks;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -191,6 +196,8 @@ public Boolean getVnf() {
         return isVnf;
     }
 
+    public Boolean getForCks() { return forCks; }
+
     @Override
     public String getCommandName() {
         return s_name;
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
index 1e5c4af9c154..d1192dbc608a 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
@@ -167,6 +167,11 @@ public class RegisterTemplateCmd extends BaseCmd implements UserCmd {
             description = "(VMware only) true if VM deployments should preserve all the configurations defined for this template", since = "4.15.1")
     protected Boolean deployAsIs;
 
+    @Parameter(name=ApiConstants.FOR_CKS,
+            type = CommandType.BOOLEAN,
+            description = "if true, the templates would be available for deploying CKS clusters", since = "4.20.0")
+    protected Boolean forCks;
+
     @Parameter(name = ApiConstants.TEMPLATE_TYPE, type = CommandType.STRING,
             description = "the type of the template. Valid options are: USER/VNF (for all users) and SYSTEM/ROUTING/BUILTIN (for admins only).",
             since = "4.19.0")
@@ -289,6 +294,10 @@ public boolean isDeployAsIs() {
                 Boolean.TRUE.equals(deployAsIs);
     }
 
+    public boolean isForCks() {
+        return Boolean.TRUE.equals(forCks);
+    }
+
     public String getTemplateType() {
         return templateType;
     }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
index 3abd44941d94..6a2d17d28fe9 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
@@ -200,6 +200,11 @@ public class TemplateResponse extends BaseResponseWithTagInformation implements
             since = "4.15")
     private Boolean deployAsIs;
 
+    @SerializedName(ApiConstants.FOR_CKS)
+    @Param(description = "If true it indicates that the template can be used for CKS cluster deployments",
+            since = "4.20")
+    private Boolean forCks;
+
     @SerializedName(ApiConstants.DEPLOY_AS_IS_DETAILS)
     @Param(description = "VMware only: additional key/value details tied with deploy-as-is template",
             since = "4.15")
@@ -440,6 +445,10 @@ public void setDeployAsIs(Boolean deployAsIs) {
         this.deployAsIs = deployAsIs;
     }
 
+    public void setForCks(Boolean forCks) {
+        this.forCks = forCks;
+    }
+
     public void setParentTemplateId(String parentTemplateId) {
         this.parentTemplateId = parentTemplateId;
     }
diff --git a/engine/schema/src/main/java/com/cloud/storage/VMTemplateVO.java b/engine/schema/src/main/java/com/cloud/storage/VMTemplateVO.java
index 25b02db64791..87bbe233e3b1 100644
--- a/engine/schema/src/main/java/com/cloud/storage/VMTemplateVO.java
+++ b/engine/schema/src/main/java/com/cloud/storage/VMTemplateVO.java
@@ -160,6 +160,9 @@ public class VMTemplateVO implements VirtualMachineTemplate {
     @Column(name = "deploy_as_is")
     private boolean deployAsIs;
 
+    @Column(name = "for_cks")
+    private boolean forCks;
+
     @Column(name = "user_data_id")
     private Long userDataId;
 
@@ -655,6 +658,14 @@ public void setDeployAsIs(boolean deployAsIs) {
         this.deployAsIs = deployAsIs;
     }
 
+    public boolean isForCks() {
+        return forCks;
+    }
+
+    public void setForCks(boolean forCks) {
+        this.forCks = forCks;
+    }
+
     @Override
     public Long getUserDataId() {
         return userDataId;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index a6f45c261ce2..1fe43a20a5c9 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -323,3 +323,23 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.quarantined_ips', 'remover_account_i
 -- Explicitly add support for VMware 8.0b (8.0.0.2), 8.0c (8.0.0.3)
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities` (uuid, hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_data_volumes_limit, max_hosts_per_cluster, storage_motion_supported, vm_snapshot_enabled) values (UUID(), 'VMware', '8.0.0.2', 1024, 0, 59, 64, 1, 1);
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities` (uuid, hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_data_volumes_limit, max_hosts_per_cluster, storage_motion_supported, vm_snapshot_enabled) values (UUID(), 'VMware', '8.0.0.3', 1024, 0, 59, 64, 1, 1);
+
+-- Add for_cks column to the vm_template table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
+
+-- Add support for different node types service offerings on CKS clusters
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
+
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
diff --git a/engine/schema/src/main/resources/META-INF/db/views/cloud.template_view.sql b/engine/schema/src/main/resources/META-INF/db/views/cloud.template_view.sql
index 40b416b16de4..15789d6b9dcd 100644
--- a/engine/schema/src/main/resources/META-INF/db/views/cloud.template_view.sql
+++ b/engine/schema/src/main/resources/META-INF/db/views/cloud.template_view.sql
@@ -99,6 +99,7 @@ SELECT
            IFNULL(`data_center`.`id`, 0)) AS `temp_zone_pair`,
     `vm_template`.`direct_download` AS `direct_download`,
     `vm_template`.`deploy_as_is` AS `deploy_as_is`,
+    `vm_template`.`for_cks` AS `for_cks`,
     `user_data`.`id` AS `user_data_id`,
     `user_data`.`uuid` AS `user_data_uuid`,
     `user_data`.`name` AS `user_data_name`,
diff --git a/engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/store/TemplateObject.java b/engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/store/TemplateObject.java
index fdb4fe6753a2..c5de70b21752 100644
--- a/engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/store/TemplateObject.java
+++ b/engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/store/TemplateObject.java
@@ -417,6 +417,11 @@ public boolean isDeployAsIs() {
         return this.imageVO.isDeployAsIs();
     }
 
+    @Override
+    public boolean isForCks() {
+        return imageVO.isForCks();
+    }
+
     public void setInstallPath(String installPath) {
         this.installPath = installPath;
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
index 591da077aec6..d4545589ced8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
@@ -142,4 +142,11 @@ enum State {
     Long getMaxSize();
     Long getSecurityGroupId();
     ClusterType getClusterType();
+    Long getControlServiceOfferingId();
+    Long getWorkerServiceOfferingId();
+    Long getEtcdServiceOfferingId();
+    Long getControlTemplateId();
+    Long getWorkerTemplateId();
+    Long getEtcdTemplateId();
+    Long getEtcdNodeCount();
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
index 60bd81c7c5a5..b9fe40c0589c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
@@ -16,24 +16,41 @@
 // under the License.
 package com.cloud.kubernetes.cluster;
 
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
+import com.cloud.offering.ServiceOffering;
+import com.cloud.service.dao.ServiceOfferingDao;
+import com.cloud.storage.VMTemplateVO;
+import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.utils.component.AdapterBase;
+import com.cloud.vm.VmDetailConstants;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.framework.config.Configurable;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 
 import javax.inject.Inject;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Objects;
 
 @Component
 public class KubernetesClusterHelperImpl extends AdapterBase implements KubernetesClusterHelper, Configurable {
 
+    public static final Logger LOGGER = Logger.getLogger(KubernetesClusterHelperImpl.class.getName());
+
     @Inject
     private KubernetesClusterDao kubernetesClusterDao;
     @Inject
     private KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
+    @Inject
+    protected ServiceOfferingDao serviceOfferingDao;
+    @Inject
+    protected VMTemplateDao vmTemplateDao;
 
     @Override
     public ControlledEntity findByUuid(String uuid) {
@@ -49,6 +66,127 @@ public ControlledEntity findByVmId(long vmId) {
         return kubernetesClusterDao.findById(clusterVmMapVO.getClusterId());
     }
 
+    @Override
+    public boolean isValidNodeType(String nodeType) {
+        if (StringUtils.isBlank(nodeType)) {
+            return false;
+        }
+        try {
+            KubernetesClusterNodeType.valueOf(nodeType.toUpperCase());
+            return true;
+        } catch (IllegalArgumentException e) {
+            return false;
+        }
+    }
+
+    protected void checkNodeTypeOfferingEntryCompleteness(String nodeTypeStr, String serviceOfferingUuid) {
+        if (StringUtils.isAnyEmpty(nodeTypeStr, serviceOfferingUuid)) {
+            String error = String.format("Incomplete Node Type to Service Offering ID mapping: '%s' -> '%s'", nodeTypeStr, serviceOfferingUuid);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected void checkNodeTypeTemplateEntryCompleteness(String nodeTypeStr, String templateUuid) {
+        if (StringUtils.isAnyEmpty(nodeTypeStr, templateUuid)) {
+            String error = String.format("Incomplete Node Type to template ID mapping: '%s' -> '%s'", nodeTypeStr, templateUuid);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected void checkNodeTypeOfferingEntryValues(String nodeTypeStr, ServiceOffering serviceOffering, String serviceOfferingUuid) {
+        if (!isValidNodeType(nodeTypeStr)) {
+            String error = String.format("The provided value '%s' for Node Type is invalid", nodeTypeStr);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(String.format(error));
+        }
+        if (serviceOffering == null) {
+            String error = String.format("Cannot find a service offering with ID %s", serviceOfferingUuid);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected void checkNodeTypeTemplateEntryValues(String nodeTypeStr, VMTemplateVO template, String templateUuid) {
+        if (!isValidNodeType(nodeTypeStr)) {
+            String error = String.format("The provided value '%s' for Node Type is invalid", nodeTypeStr);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(String.format(error));
+        }
+        if (template == null) {
+            String error = String.format("Cannot find a template with ID %s", templateUuid);
+            LOGGER.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected void addNodeTypeOfferingEntry(String nodeTypeStr, String serviceOfferingUuid, ServiceOffering serviceOffering, Map<String, Long> mapping) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(String.format("Node Type: '%s' should use Service Offering ID: '%s'", nodeTypeStr, serviceOfferingUuid));
+        }
+        KubernetesClusterNodeType nodeType = KubernetesClusterNodeType.valueOf(nodeTypeStr.toUpperCase());
+        mapping.put(nodeType.name(), serviceOffering.getId());
+    }
+
+    protected void addNodeTypeTemplateEntry(String nodeTypeStr, String templateUuid, VMTemplateVO template, Map<String, Long> mapping) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(String.format("Node Type: '%s' should use template ID: '%s'", nodeTypeStr, templateUuid));
+        }
+        KubernetesClusterNodeType nodeType = KubernetesClusterNodeType.valueOf(nodeTypeStr.toUpperCase());
+        mapping.put(nodeType.name(), template.getId());
+    }
+
+    protected void processNodeTypeOfferingEntryAndAddToMappingIfValid(Map<String, String> entry, Map<String, Long> mapping) {
+        if (MapUtils.isEmpty(entry)) {
+            return;
+        }
+        String nodeTypeStr = entry.get(VmDetailConstants.CKS_NODE_TYPE);
+        String serviceOfferingUuid = entry.get(VmDetailConstants.OFFERING);
+        checkNodeTypeOfferingEntryCompleteness(nodeTypeStr, serviceOfferingUuid);
+
+        ServiceOffering serviceOffering = serviceOfferingDao.findByUuid(serviceOfferingUuid);
+        checkNodeTypeOfferingEntryValues(nodeTypeStr, serviceOffering, serviceOfferingUuid);
+
+        addNodeTypeOfferingEntry(nodeTypeStr, serviceOfferingUuid, serviceOffering, mapping);
+    }
+
+    protected void processNodeTypeTemplateEntryAndAddToMappingIfValid(Map<String, String> entry, Map<String, Long> mapping) {
+        if (MapUtils.isEmpty(entry)) {
+            return;
+        }
+        String nodeTypeStr = entry.get(VmDetailConstants.CKS_NODE_TYPE);
+        String templateUuid = entry.get(VmDetailConstants.TEMPLATE);
+        checkNodeTypeTemplateEntryCompleteness(nodeTypeStr, templateUuid);
+
+        VMTemplateVO template = vmTemplateDao.findByUuid(templateUuid);
+        checkNodeTypeTemplateEntryValues(nodeTypeStr, template, templateUuid);
+
+        addNodeTypeTemplateEntry(nodeTypeStr, templateUuid, template, mapping);
+    }
+
+    @Override
+    public Map<String, Long> getServiceOfferingNodeTypeMap(Map<String, Map<String, String>> serviceOfferingNodeTypeMap) {
+        Map<String, Long> mapping = new HashMap<>();
+        if (MapUtils.isNotEmpty(serviceOfferingNodeTypeMap)) {
+            for (Map<String, String> entry : serviceOfferingNodeTypeMap.values()) {
+                processNodeTypeOfferingEntryAndAddToMappingIfValid(entry, mapping);
+            }
+        }
+        return mapping;
+    }
+
+    @Override
+    public Map<String, Long> getTemplateNodeTypeMap(Map<String, Map<String, String>> templateNodeTypeMap) {
+        Map<String, Long> mapping = new HashMap<>();
+        if (MapUtils.isNotEmpty(templateNodeTypeMap)) {
+            for (Map<String, String> entry : templateNodeTypeMap.values()) {
+                processNodeTypeTemplateEntryAndAddToMappingIfValid(entry, mapping);
+            }
+        }
+        return mapping;
+    }
+
     @Override
     public String getConfigComponentName() {
         return KubernetesClusterHelper.class.getSimpleName();
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 834d6d333305..41bd63ad7eec 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -16,6 +16,10 @@
 // under the License.
 package com.cloud.kubernetes.cluster;
 
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.DEFAULT;
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
 import static com.cloud.vm.UserVmManager.AllowUserExpungeRecoverVm;
 
@@ -40,6 +44,9 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.network.dao.NsxProviderDao;
+import com.cloud.network.element.NsxProviderVO;
 import com.cloud.uservm.UserVm;
 import com.cloud.vm.UserVmService;
 import org.apache.cloudstack.acl.ControlledEntity;
@@ -72,6 +79,7 @@
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.StringUtils;
 
 import com.cloud.api.ApiDBUtils;
@@ -190,6 +198,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
 
     protected StateMachine2<KubernetesCluster.State, KubernetesCluster.Event, KubernetesCluster> _stateMachine = KubernetesCluster.State.getStateMachine();
 
+    protected final static List<String> CLUSTER_NODES_TYPES_LIST = Arrays.asList(WORKER.name(), CONTROL.name(), ETCD.name());
+
     ScheduledExecutorService _gcExecutor;
     ScheduledExecutorService _stateScanner;
 
@@ -259,6 +269,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     public SecurityGroupService securityGroupService;
     @Inject
     public NetworkHelper networkHelper;
+    @Inject
+    private NsxProviderDao nsxProviderDao;
 
     @Inject
     private UserVmService userVmService;
@@ -364,16 +376,32 @@ private IpAddress getSourceNatIp(Network network) {
         return null;
     }
 
-    public VMTemplateVO getKubernetesServiceTemplate(DataCenter dataCenter, Hypervisor.HypervisorType hypervisorType) {
+    public VMTemplateVO getKubernetesServiceTemplate(DataCenter dataCenter, Hypervisor.HypervisorType hypervisorType, Map<String, Long> templateNodeTypeMap, KubernetesClusterNodeType nodeType) {
         VMTemplateVO template = templateDao.findSystemVMReadyTemplate(dataCenter.getId(), hypervisorType);
         if (DataCenter.Type.Edge.equals(dataCenter.getType()) && template != null && !template.isDirectDownload()) {
             logger.debug(String.format("Template %s can not be used for edge zone %s", template, dataCenter));
             template = templateDao.findRoutingTemplate(hypervisorType, networkHelper.getHypervisorRouterTemplateConfigMap().get(hypervisorType).valueIn(dataCenter.getId()));
         }
-        if (template == null) {
-            throw new CloudRuntimeException("Not able to find the System or Routing template in ready state for the zone " + dataCenter.getUuid());
+        switch (nodeType) {
+            case CONTROL:
+            case ETCD:
+            case WORKER:
+                VMTemplateVO nodeTemplate = Objects.nonNull(templateNodeTypeMap) ? templateDao.findById(templateNodeTypeMap.getOrDefault(nodeType.name(), 0L)) : template;
+                template = Objects.nonNull(nodeTemplate) ? nodeTemplate : template;
+                if (Objects.isNull(template)) {
+                    throwDefaultCksTemplateNotFound(dataCenter.getUuid());
+                }
+                return template;
+            default:
+                if (Objects.isNull(template)) {
+                    throwDefaultCksTemplateNotFound(dataCenter.getUuid());
+                }
+                return template;
         }
-        return  template;
+    }
+
+    public void throwDefaultCksTemplateNotFound(String datacenterId) {
+        throw new CloudRuntimeException("Not able to find the System or Routing template in ready state for the zone " + datacenterId);
     }
 
     protected void validateIsolatedNetworkIpRules(long ipId, FirewallRule.Purpose purpose, Network network, int clusterTotalNodeCount) {
@@ -444,7 +472,7 @@ private void validateNetwork(Network network, int clusterTotalNodeCount) {
         validateIsolatedNetwork(network, clusterTotalNodeCount);
     }
 
-    private boolean validateServiceOffering(final ServiceOffering serviceOffering, final KubernetesSupportedVersion version) {
+    protected void validateServiceOffering(final ServiceOffering serviceOffering, final KubernetesSupportedVersion version) throws InvalidParameterValueException {
         if (serviceOffering.isDynamic()) {
             throw new InvalidParameterValueException(String.format("Custom service offerings are not supported for creating clusters, service offering ID: %s", serviceOffering.getUuid()));
         }
@@ -457,7 +485,6 @@ private boolean validateServiceOffering(final ServiceOffering serviceOffering, f
         if (serviceOffering.getRamSize() < version.getMinimumRamSize()) {
             throw new InvalidParameterValueException(String.format("Kubernetes cluster cannot be created with service offering ID: %s, associated Kubernetes version ID: %s needs minimum %d MB RAM", serviceOffering.getUuid(), version.getUuid(), version.getMinimumRamSize()));
         }
-        return true;
     }
 
     private void validateDockerRegistryParams(final String dockerRegistryUserName,
@@ -543,6 +570,33 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
+    protected void setNodeTypeServiceOfferingResponse(KubernetesClusterResponse response,
+                                                      KubernetesClusterNodeType nodeType,
+                                                      Long offeringId) {
+        if (offeringId == null) {
+            return;
+        }
+        ServiceOfferingVO offering = serviceOfferingDao.findById(offeringId);
+        if (offering != null) {
+            setServiceOfferingResponseForNodeType(response, offering, nodeType);
+        }
+    }
+
+    protected void setServiceOfferingResponseForNodeType(KubernetesClusterResponse response,
+                                                         ServiceOfferingVO offering,
+                                                         KubernetesClusterNodeType nodeType) {
+        if (CONTROL == nodeType) {
+            response.setControlOfferingId(offering.getUuid());
+            response.setControlOfferingName(offering.getName());
+        } else if (WORKER == nodeType) {
+            response.setWorkerOfferingId(offering.getUuid());
+            response.setWorkerOfferingName(offering.getName());
+        } else if (ETCD == nodeType) {
+            response.setEtcdOfferingId(offering.getUuid());
+            response.setEtcdOfferingName(offering.getName());
+        }
+    }
+
     @Override
     public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetesClusterId) {
         KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(kubernetesClusterId);
@@ -566,6 +620,14 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
             response.setServiceOfferingId(offering.getUuid());
             response.setServiceOfferingName(offering.getName());
         }
+
+        setNodeTypeServiceOfferingResponse(response, WORKER, kubernetesCluster.getWorkerServiceOfferingId());
+        setNodeTypeServiceOfferingResponse(response, CONTROL, kubernetesCluster.getControlServiceOfferingId());
+        setNodeTypeServiceOfferingResponse(response, ETCD, kubernetesCluster.getEtcdServiceOfferingId());
+
+        if (kubernetesCluster.getEtcdNodeCount() != null) {
+            response.setEtcdNodes(kubernetesCluster.getEtcdNodeCount());
+        }
         KubernetesSupportedVersionVO version = kubernetesSupportedVersionDao.findById(kubernetesCluster.getKubernetesVersionId());
         if (version != null) {
             response.setKubernetesVersionId(version.getUuid());
@@ -734,7 +796,6 @@ private void validateManagedKubernetesClusterCreateParameters(final CreateKubern
         final String name = cmd.getName();
         final Long zoneId = cmd.getZoneId();
         final Long kubernetesVersionId = cmd.getKubernetesVersionId();
-        final Long serviceOfferingId = cmd.getServiceOfferingId();
         final Account owner = accountService.getActiveAccountById(cmd.getEntityOwnerId());
         final Long networkId = cmd.getNetworkId();
         final String sshKeyPair = cmd.getSSHKeyPairName();
@@ -745,6 +806,8 @@ private void validateManagedKubernetesClusterCreateParameters(final CreateKubern
         final String dockerRegistryUrl = cmd.getDockerRegistryUrl();
         final Long nodeRootDiskSize = cmd.getNodeRootDiskSize();
         final String externalLoadBalancerIpAddress = cmd.getExternalLoadBalancerIpAddress();
+        final Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
+        final Long defaultServiceOfferingId = cmd.getServiceOfferingId();
 
         if (name == null || name.isEmpty()) {
             throw new InvalidParameterValueException("Invalid name for the Kubernetes cluster name: " + name);
@@ -802,10 +865,7 @@ private void validateManagedKubernetesClusterCreateParameters(final CreateKubern
             throw new InvalidParameterValueException(String.format("ISO associated with version ID: %s is not in Ready state for datacenter ID: %s",  clusterKubernetesVersion.getUuid(), zone.getUuid()));
         }
 
-        ServiceOffering serviceOffering = serviceOfferingDao.findById(serviceOfferingId);
-        if (serviceOffering == null) {
-            throw new InvalidParameterValueException("No service offering with ID: " + serviceOfferingId);
-        }
+        validateServiceOfferingsForNodeTypes(serviceOfferingNodeTypeMap, defaultServiceOfferingId, cmd.getEtcdNodes(), clusterKubernetesVersion);
 
         validateSshKeyPairForKubernetesCreateParameters(sshKeyPair, owner);
 
@@ -813,15 +873,15 @@ private void validateManagedKubernetesClusterCreateParameters(final CreateKubern
             throw new InvalidParameterValueException(String.format("Invalid value for %s", ApiConstants.NODE_ROOT_DISK_SIZE));
         }
 
-        if (!validateServiceOffering(serviceOffering, clusterKubernetesVersion)) {
-            throw new InvalidParameterValueException("Given service offering ID: %s is not suitable for Kubernetes cluster");
-        }
-
         validateDockerRegistryParams(dockerRegistryUserName, dockerRegistryPassword, dockerRegistryUrl);
 
         Network network = validateAndGetNetworkForKubernetesCreateParameters(networkId);
 
         if (StringUtils.isNotEmpty(externalLoadBalancerIpAddress)) {
+            NsxProviderVO nsxProviderVO = nsxProviderDao.findByZoneId(zone.getId());
+            if (Objects.nonNull(nsxProviderVO)) {
+                throw new InvalidParameterValueException("External load balancer IP address is not supported on NSX-enabled zones");
+            }
             if (!NetUtils.isValidIp4(externalLoadBalancerIpAddress) && !NetUtils.isValidIp6(externalLoadBalancerIpAddress)) {
                 throw new InvalidParameterValueException("Invalid external load balancer IP address");
             }
@@ -838,6 +898,37 @@ private void validateManagedKubernetesClusterCreateParameters(final CreateKubern
         }
     }
 
+    protected void validateServiceOfferingsForNodeTypes(Map<String, Long> map,
+                                                        Long defaultServiceOfferingId,
+                                                        Long etcdNodes,
+                                                        KubernetesSupportedVersion clusterKubernetesVersion) {
+        for (String key : CLUSTER_NODES_TYPES_LIST) {
+            validateServiceOfferingForNode(map, defaultServiceOfferingId, key, etcdNodes, clusterKubernetesVersion);
+        }
+    }
+
+    protected void validateServiceOfferingForNode(Map<String, Long> map,
+                                                  Long defaultServiceOfferingId,
+                                                  String key, Long etcdNodes,
+                                                  KubernetesSupportedVersion clusterKubernetesVersion) {
+        if (ETCD.name().equalsIgnoreCase(key) && (etcdNodes == null || etcdNodes == 0)) {
+            return;
+        }
+        Long serviceOfferingId = map.getOrDefault(key, defaultServiceOfferingId);
+        ServiceOffering serviceOffering = serviceOfferingId != null ? serviceOfferingDao.findById(serviceOfferingId) : null;
+        if (serviceOffering == null) {
+            throw new InvalidParameterValueException("No service offering found with ID: " + serviceOfferingId);
+        }
+        try {
+            validateServiceOffering(serviceOffering, clusterKubernetesVersion);
+        } catch (InvalidParameterValueException e) {
+            String msg = String.format("Given service offering ID: %s for %s nodes is not suitable for the Kubernetes cluster version %s - %s",
+                    serviceOffering, key, clusterKubernetesVersion, e.getMessage());
+            LOGGER.error(msg);
+            throw new InvalidParameterValueException(msg);
+        }
+    }
+
     private Network getKubernetesClusterNetworkIfMissing(final String clusterName, final DataCenter zone,  final Account owner, final int controlNodesCount,
                          final int nodesCount, final String externalLoadBalancerIpAddress, final Long networkId) throws CloudRuntimeException {
         Network network = null;
@@ -941,12 +1032,13 @@ protected void validateKubernetesClusterScaleSize(final KubernetesClusterVO kube
 
     private void validateKubernetesClusterScaleParameters(ScaleKubernetesClusterCmd cmd) {
         final Long kubernetesClusterId = cmd.getId();
-        final Long serviceOfferingId = cmd.getServiceOfferingId();
         final Long clusterSize = cmd.getClusterSize();
         final List<Long> nodeIds = cmd.getNodeIds();
         final Boolean isAutoscalingEnabled = cmd.isAutoscalingEnabled();
         final Long minSize = cmd.getMinSize();
         final Long maxSize = cmd.getMaxSize();
+        final Long defaultServiceOfferingId = cmd.getServiceOfferingId();
+        final Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
 
         if (kubernetesClusterId == null || kubernetesClusterId < 1L) {
             throw new InvalidParameterValueException("Invalid Kubernetes cluster ID");
@@ -962,7 +1054,8 @@ private void validateKubernetesClusterScaleParameters(ScaleKubernetesClusterCmd
             logAndThrow(Level.WARN, String.format("Unable to find zone for Kubernetes cluster : %s", kubernetesCluster.getName()));
         }
 
-        if (serviceOfferingId == null && clusterSize == null && nodeIds == null && isAutoscalingEnabled == null) {
+        if (defaultServiceOfferingId == null && isAnyNodeOfferingEmpty(serviceOfferingNodeTypeMap)
+                && clusterSize == null && nodeIds == null && isAutoscalingEnabled == null) {
             throw new InvalidParameterValueException(String.format("Kubernetes cluster %s cannot be scaled, either service offering or cluster size or nodeids to be removed or autoscaling must be passed", kubernetesCluster.getName()));
         }
 
@@ -1009,8 +1102,9 @@ private void validateKubernetesClusterScaleParameters(ScaleKubernetesClusterCmd
             }
         }
 
+        Long workerOfferingId = serviceOfferingNodeTypeMap != null ? serviceOfferingNodeTypeMap.getOrDefault(WORKER.name(), null) : null;
         if (nodeIds != null) {
-            if (clusterSize != null || serviceOfferingId != null) {
+            if (clusterSize != null || defaultServiceOfferingId != null || workerOfferingId != null) {
                 throw new InvalidParameterValueException("nodeids can not be passed along with clustersize or service offering");
             }
             List<KubernetesClusterVmMapVO> nodes = kubernetesClusterVmMapDao.listByClusterIdAndVmIdsIn(kubernetesCluster.getId(), nodeIds);
@@ -1030,37 +1124,53 @@ private void validateKubernetesClusterScaleParameters(ScaleKubernetesClusterCmd
             }
         }
 
-        ServiceOffering serviceOffering = null;
-        if (serviceOfferingId != null) {
-            serviceOffering = serviceOfferingDao.findById(serviceOfferingId);
-            if (serviceOffering == null) {
-                throw new InvalidParameterValueException("Failed to find service offering ID: " + serviceOfferingId);
-            } else {
-                if (serviceOffering.isDynamic()) {
-                    throw new InvalidParameterValueException(String.format("Custom service offerings are not supported for Kubernetes clusters. Kubernetes cluster : %s, service offering : %s", kubernetesCluster.getName(), serviceOffering.getName()));
-                }
-                if (serviceOffering.getCpu() < MIN_KUBERNETES_CLUSTER_NODE_CPU || serviceOffering.getRamSize() < MIN_KUBERNETES_CLUSTER_NODE_RAM_SIZE) {
-                    throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, Kubernetes cluster template(CoreOS) needs minimum %d vCPUs and %d MB RAM",
-                            kubernetesCluster.getName(), serviceOffering.getName(), MIN_KUBERNETES_CLUSTER_NODE_CPU, MIN_KUBERNETES_CLUSTER_NODE_RAM_SIZE));
-                }
-                if (serviceOffering.getCpu() < clusterVersion.getMinimumCpu()) {
-                    throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, associated Kubernetes version : %s needs minimum %d vCPUs",
-                            kubernetesCluster.getName(), serviceOffering.getName(), clusterVersion.getName(), clusterVersion.getMinimumCpu()));
+        validateServiceOfferingsForNodeTypesScale(serviceOfferingNodeTypeMap, defaultServiceOfferingId, kubernetesCluster, clusterVersion);
+
+        validateKubernetesClusterScaleSize(kubernetesCluster, clusterSize, maxClusterSize, zone);
+    }
+
+    protected void validateServiceOfferingsForNodeTypesScale(Map<String, Long> map, Long defaultServiceOfferingId, KubernetesClusterVO kubernetesCluster, KubernetesSupportedVersion clusterVersion) {
+        for (String key : CLUSTER_NODES_TYPES_LIST) {
+            Long serviceOfferingId = map.getOrDefault(key, defaultServiceOfferingId);
+            if (serviceOfferingId != null) {
+                ServiceOffering serviceOffering = serviceOfferingDao.findById(serviceOfferingId);
+                if (serviceOffering == null) {
+                    throw new InvalidParameterValueException("Failed to find service offering ID: " + serviceOfferingId);
                 }
-                if (serviceOffering.getRamSize() < clusterVersion.getMinimumRamSize()) {
-                    throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, associated Kubernetes version : %s needs minimum %d MB RAM",
-                            kubernetesCluster.getName(), serviceOffering.getName(), clusterVersion.getName(), clusterVersion.getMinimumRamSize()));
+                checkServiceOfferingForNodesScale(serviceOffering, kubernetesCluster, clusterVersion);
+                final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+                if (KubernetesCluster.State.Running.equals(kubernetesCluster.getState()) && (serviceOffering.getRamSize() < existingServiceOffering.getRamSize() ||
+                        serviceOffering.getCpu() * serviceOffering.getSpeed() < existingServiceOffering.getCpu() * existingServiceOffering.getSpeed())) {
+                    logAndThrow(Level.WARN, String.format("Kubernetes cluster cannot be scaled down for service offering. Service offering : %s offers lesser resources as compared to service offering : %s of Kubernetes cluster : %s",
+                            serviceOffering.getName(), existingServiceOffering.getName(), kubernetesCluster.getName()));
                 }
             }
-            final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
-            if (KubernetesCluster.State.Running.equals(kubernetesCluster.getState()) && (serviceOffering.getRamSize() < existingServiceOffering.getRamSize() ||
-                    serviceOffering.getCpu() * serviceOffering.getSpeed() < existingServiceOffering.getCpu() * existingServiceOffering.getSpeed())) {
-                logAndThrow(Level.WARN, String.format("Kubernetes cluster cannot be scaled down for service offering. Service offering : %s offers lesser resources as compared to service offering : %s of Kubernetes cluster : %s",
-                        serviceOffering.getName(), existingServiceOffering.getName(), kubernetesCluster.getName()));
-            }
         }
+    }
 
-        validateKubernetesClusterScaleSize(kubernetesCluster, clusterSize, maxClusterSize, zone);
+    protected void checkServiceOfferingForNodesScale(ServiceOffering serviceOffering, KubernetesClusterVO kubernetesCluster, KubernetesSupportedVersion clusterVersion) {
+        if (serviceOffering.isDynamic()) {
+            throw new InvalidParameterValueException(String.format("Custom service offerings are not supported for Kubernetes clusters. Kubernetes cluster : %s, service offering : %s", kubernetesCluster.getName(), serviceOffering.getName()));
+        }
+        if (serviceOffering.getCpu() < MIN_KUBERNETES_CLUSTER_NODE_CPU || serviceOffering.getRamSize() < MIN_KUBERNETES_CLUSTER_NODE_RAM_SIZE) {
+            throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, Kubernetes cluster template(CoreOS) needs minimum %d vCPUs and %d MB RAM",
+                    kubernetesCluster.getName(), serviceOffering.getName(), MIN_KUBERNETES_CLUSTER_NODE_CPU, MIN_KUBERNETES_CLUSTER_NODE_RAM_SIZE));
+        }
+        if (serviceOffering.getCpu() < clusterVersion.getMinimumCpu()) {
+            throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, associated Kubernetes version : %s needs minimum %d vCPUs",
+                    kubernetesCluster.getName(), serviceOffering.getName(), clusterVersion.getName(), clusterVersion.getMinimumCpu()));
+        }
+        if (serviceOffering.getRamSize() < clusterVersion.getMinimumRamSize()) {
+            throw new InvalidParameterValueException(String.format("Kubernetes cluster : %s cannot be scaled with service offering : %s, associated Kubernetes version : %s needs minimum %d MB RAM",
+                    kubernetesCluster.getName(), serviceOffering.getName(), clusterVersion.getName(), clusterVersion.getMinimumRamSize()));
+        }
+    }
+
+    protected boolean isAnyNodeOfferingEmpty(Map<String, Long> map) {
+        if (MapUtils.isEmpty(map)) {
+            return false;
+        }
+        return map.values().stream().anyMatch(Objects::isNull);
     }
 
     private void validateKubernetesClusterUpgradeParameters(UpgradeKubernetesClusterCmd cmd) {
@@ -1152,6 +1262,7 @@ public KubernetesCluster createUnmanagedKubernetesCluster(CreateKubernetesCluste
         final long controlNodeCount = cmd.getControlNodes();
         final long clusterSize = Objects.requireNonNullElse(cmd.getClusterSize(), 0L);
         final ServiceOffering serviceOffering = serviceOfferingDao.findById(cmd.getServiceOfferingId());
+        Map<String, Long> nodeTypeOfferingMap = cmd.getServiceOfferingNodeTypeMap();
         final Account owner = accountService.getActiveAccountById(cmd.getEntityOwnerId());
         final KubernetesSupportedVersion clusterKubernetesVersion = kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId());
 
@@ -1201,39 +1312,65 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         final DataCenter zone = dataCenterDao.findById(cmd.getZoneId());
         final long controlNodeCount = cmd.getControlNodes();
         final long clusterSize = cmd.getClusterSize();
-        final long totalNodeCount = controlNodeCount + clusterSize;
-        final ServiceOffering serviceOffering = serviceOfferingDao.findById(cmd.getServiceOfferingId());
+        final long etcdNodes = cmd.getEtcdNodes();
+        final Map<String, Long> nodeTypeCount = Map.of(WORKER.name(), clusterSize,
+                CONTROL.name(), controlNodeCount, ETCD.name(), etcdNodes);
         final Account owner = accountService.getActiveAccountById(cmd.getEntityOwnerId());
         final KubernetesSupportedVersion clusterKubernetesVersion = kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId());
 
-        DeployDestination deployDestination = null;
-        try {
-            deployDestination = plan(totalNodeCount, zone, serviceOffering);
-        } catch (InsufficientCapacityException e) {
-            logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to insufficient capacity for %d nodes cluster in zone : %s with service offering : %s", totalNodeCount, zone.getName(), serviceOffering.getName()));
-        }
-        if (deployDestination == null || deployDestination.getCluster() == null) {
-            logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to error while finding suitable deployment plan for cluster in zone : %s", zone.getName()));
-        }
+        Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
+        Long defaultServiceOfferingId = cmd.getServiceOfferingId();
+        Hypervisor.HypervisorType hypervisorType = getHypervisorTypeAndValidateNodeDeployments(serviceOfferingNodeTypeMap, defaultServiceOfferingId, nodeTypeCount, zone);
 
         SecurityGroup securityGroup = null;
         if (zone.isSecurityGroupEnabled()) {
             securityGroup = getOrCreateSecurityGroupForAccount(owner);
         }
 
+        Map<String, Long> templateNodeTypeMap = cmd.getTemplateNodeTypeMap();
         final Network defaultNetwork = getKubernetesClusterNetworkIfMissing(cmd.getName(), zone, owner, (int)controlNodeCount, (int)clusterSize, cmd.getExternalLoadBalancerIpAddress(), cmd.getNetworkId());
-        final VMTemplateVO finalTemplate = getKubernetesServiceTemplate(zone, deployDestination.getCluster().getHypervisorType());
-        final long cores = serviceOffering.getCpu() * (controlNodeCount + clusterSize);
-        final long memory = serviceOffering.getRamSize() * (controlNodeCount + clusterSize);
+        VMTemplateVO finalTemplate = null;
+        VMTemplateVO controlNodeTemplate = null;
+        VMTemplateVO workerNodeTemplate = null;
+        VMTemplateVO etcdNodeTemplate = null;
+        finalTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, DEFAULT);
+        controlNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, CONTROL);
+        workerNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, WORKER);
+        etcdNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, ETCD);
+
+        final ServiceOffering defaultServiceOffering = serviceOfferingDao.findById(defaultServiceOfferingId);
+        Pair<Long, Long> capacityPair = calculateClusterCapacity(serviceOfferingNodeTypeMap, nodeTypeCount, defaultServiceOfferingId);
+        final long cores = capacityPair.first();
+        final long memory = capacityPair.second();
 
         final SecurityGroup finalSecurityGroup = securityGroup;
+        VMTemplateVO finalDefaultTemplate = finalTemplate;
+        VMTemplateVO finalControlNodeTemplate = controlNodeTemplate;
+        VMTemplateVO finalEtcdNodeTemplate = etcdNodeTemplate;
+        VMTemplateVO finalWorkerNodeTemplate = workerNodeTemplate;
         final KubernetesClusterVO cluster = Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
             @Override
             public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                 KubernetesClusterVO newCluster = new KubernetesClusterVO(cmd.getName(), cmd.getDisplayName(), zone.getId(), clusterKubernetesVersion.getId(),
-                        serviceOffering.getId(), finalTemplate.getId(), defaultNetwork.getId(), owner.getDomainId(),
-                        owner.getAccountId(), controlNodeCount, clusterSize, KubernetesCluster.State.Created, cmd.getSSHKeyPairName(), cores, memory,
+                        defaultServiceOffering.getId(), Objects.nonNull(finalDefaultTemplate) ? finalDefaultTemplate.getId() : null,
+                        defaultNetwork.getId(), owner.getDomainId(), owner.getAccountId(), controlNodeCount, clusterSize,
+                        KubernetesCluster.State.Created, cmd.getSSHKeyPairName(), cores, memory,
                         cmd.getNodeRootDiskSize(), "", KubernetesCluster.ClusterType.CloudManaged);
+                if (serviceOfferingNodeTypeMap.containsKey(WORKER.name())) {
+                    newCluster.setWorkerServiceOfferingId(serviceOfferingNodeTypeMap.get(WORKER.name()));
+                }
+                if (serviceOfferingNodeTypeMap.containsKey(CONTROL.name())) {
+                    newCluster.setControlServiceOfferingId(serviceOfferingNodeTypeMap.get(CONTROL.name()));
+                }
+                if (etcdNodes > 0) {
+                    newCluster.setEtcdTemplateId(finalEtcdNodeTemplate.getId());
+                    newCluster.setEtcdNodeCount(etcdNodes);
+                    if (serviceOfferingNodeTypeMap.containsKey(ETCD.name())) {
+                        newCluster.setEtcdServiceOfferingId(serviceOfferingNodeTypeMap.get(ETCD.name()));
+                    }
+                }
+                newCluster.setWorkerTemplateId(finalWorkerNodeTemplate.getId());
+                newCluster.setControlTemplateId(finalControlNodeTemplate.getId());
                 if (zone.isSecurityGroupEnabled()) {
                     newCluster.setSecurityGroupId(finalSecurityGroup.getId());
                 }
@@ -1250,6 +1387,52 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
         return cluster;
     }
 
+    protected Pair<Long, Long> calculateClusterCapacity(Map<String, Long> map, Map<String, Long> nodeTypeCount, Long defaultServiceOfferingId) {
+        long cores = 0L;
+        long memory = 0L;
+        for (String key : CLUSTER_NODES_TYPES_LIST) {
+            if (nodeTypeCount.getOrDefault(key, 0L) == 0) {
+                continue;
+            }
+            Long serviceOfferingId = map.getOrDefault(key, defaultServiceOfferingId);
+            ServiceOffering serviceOffering = serviceOfferingDao.findById(serviceOfferingId);
+            Long nodes = nodeTypeCount.get(key);
+            cores = cores + (serviceOffering.getCpu() * nodes);
+            memory = memory + (serviceOffering.getRamSize() * nodes);
+        }
+        return new Pair<>(cores, memory);
+    }
+
+    protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(Map<String, Long> serviceOfferingNodeTypeMap,
+                                                                                    Long defaultServiceOfferingId,
+                                                                                    Map<String, Long> nodeTypeCount, DataCenter zone) {
+        Hypervisor.HypervisorType hypervisorType = null;
+        for (String nodeType : CLUSTER_NODES_TYPES_LIST) {
+            if (!nodeTypeCount.containsKey(nodeType)) {
+                continue;
+            }
+            Long serviceOfferingId = serviceOfferingNodeTypeMap.getOrDefault(nodeType, defaultServiceOfferingId);
+            ServiceOffering serviceOffering = serviceOfferingDao.findById(serviceOfferingId);
+            Long nodes = nodeTypeCount.getOrDefault(nodeType, defaultServiceOfferingId);
+            try {
+                if (nodeType.equalsIgnoreCase(ETCD.name()) &&
+                        (!serviceOfferingNodeTypeMap.containsKey(ETCD.name()) || nodes == 0)) {
+                    continue;
+                }
+                DeployDestination deployDestination = plan(nodes, zone, serviceOffering);
+                if (deployDestination.getCluster() == null) {
+                    logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to error while finding suitable deployment plan for cluster in zone : %s", zone.getName()));
+                }
+                if (hypervisorType == null) {
+                    hypervisorType = deployDestination.getCluster().getHypervisorType();
+                }
+            } catch (InsufficientCapacityException e) {
+                logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to insufficient capacity for %d nodes cluster in zone : %s with service offering : %s", nodes, zone.getName(), serviceOffering.getName()));
+            }
+        }
+        return hypervisorType;
+    }
+
     private SecurityGroup getOrCreateSecurityGroupForAccount(Account owner) {
         String securityGroupName = String.format("%s-%s", KubernetesClusterActionWorker.CKS_CLUSTER_SECURITY_GROUP_NAME, owner.getUuid());
         String securityGroupDesc = String.format("%s and account %s", KubernetesClusterActionWorker.CKS_SECURITY_GROUP_DESCRIPTION, owner.getName());
@@ -1534,12 +1717,13 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
         validateKubernetesClusterScaleParameters(cmd);
-
         KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(cmd.getId());
+        Map<String, ServiceOffering> nodeToOfferingMap = createNodeTypeToServiceOfferingMap(cmd.getServiceOfferingNodeTypeMap(), cmd.getServiceOfferingId(), kubernetesCluster);
+
         String[] keys = getServiceUserKeys(kubernetesCluster);
         KubernetesClusterScaleWorker scaleWorker =
             new KubernetesClusterScaleWorker(kubernetesClusterDao.findById(cmd.getId()),
-                serviceOfferingDao.findById(cmd.getServiceOfferingId()),
+                nodeToOfferingMap,
                 cmd.getClusterSize(),
                 cmd.getNodeIds(),
                 cmd.isAutoscalingEnabled(),
@@ -1551,6 +1735,29 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
         return scaleWorker.scaleCluster();
     }
 
+    /**
+     * Creates a map for the requested node type service offering
+     * For the node type ALL: Every node is scaled to the same offering
+     */
+    protected Map<String, ServiceOffering> createNodeTypeToServiceOfferingMap(Map<String, Long> idsMapping,
+                                                                              Long serviceOfferingId, KubernetesClusterVO kubernetesCluster) {
+        Map<String, ServiceOffering> map = new HashMap<>();
+        if (MapUtils.isEmpty(idsMapping)) {
+            ServiceOfferingVO offering = serviceOfferingId != null ?
+                    serviceOfferingDao.findById(serviceOfferingId) :
+                    serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+            map.put(DEFAULT.name(), offering);
+            return map;
+        }
+        for (String key : CLUSTER_NODES_TYPES_LIST) {
+            if (!idsMapping.containsKey(key)) {
+                continue;
+            }
+            map.put(key, serviceOfferingDao.findById(idsMapping.get(key)));
+        }
+        return map;
+    }
+
     @Override
     public boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws CloudRuntimeException {
         if (!KubernetesServiceEnabled.value()) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
index 270916aab7e4..0b4f7f60ac28 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
@@ -117,6 +117,27 @@ public class KubernetesClusterVO implements KubernetesCluster {
     @Column(name = "cluster_type")
     private ClusterType clusterType;
 
+    @Column(name = "control_service_offering_id")
+    private Long controlServiceOfferingId;
+
+    @Column(name = "worker_service_offering_id")
+    private Long workerServiceOfferingId;
+
+    @Column(name = "etcd_service_offering_id")
+    private Long etcdServiceOfferingId;
+
+    @Column(name = "etcd_node_count")
+    private Long etcdNodeCount;
+
+    @Column(name = "control_template_id")
+    private Long controlTemplateId;
+
+    @Column(name = "worker_template_id")
+    private Long workerTemplateId;
+
+    @Column(name = "etcd_template_id")
+    private Long etcdTemplateId;
+
     @Override
     public long getId() {
         return id;
@@ -236,7 +257,7 @@ public void setNodeCount(long nodeCount) {
 
     @Override
     public long getTotalNodeCount() {
-        return this.controlNodeCount + this.nodeCount;
+        return this.controlNodeCount + this.nodeCount + this.getEtcdNodeCount();
     }
 
     @Override
@@ -406,4 +427,60 @@ public KubernetesClusterVO(String name, String description, long zoneId, long ku
     public Class<?> getEntityType() {
         return KubernetesCluster.class;
     }
+
+    public Long getControlServiceOfferingId() {
+        return controlServiceOfferingId;
+    }
+
+    public void setControlServiceOfferingId(Long controlServiceOfferingId) {
+        this.controlServiceOfferingId = controlServiceOfferingId;
+    }
+
+    public Long getWorkerServiceOfferingId() {
+        return workerServiceOfferingId;
+    }
+
+    public void setWorkerServiceOfferingId(Long workerServiceOfferingId) {
+        this.workerServiceOfferingId = workerServiceOfferingId;
+    }
+
+    public Long getEtcdServiceOfferingId() {
+        return etcdServiceOfferingId;
+    }
+
+    public void setEtcdServiceOfferingId(Long etcdServiceOfferingId) {
+        this.etcdServiceOfferingId = etcdServiceOfferingId;
+    }
+
+    public Long getEtcdNodeCount() {
+        return etcdNodeCount != null ? etcdNodeCount : 0L;
+    }
+
+    public void setEtcdNodeCount(Long etcdNodeCount) {
+        this.etcdNodeCount = etcdNodeCount;
+    }
+
+    public Long getEtcdTemplateId() {
+        return etcdTemplateId;
+    }
+
+    public void setEtcdTemplateId(Long etcdTemplateId) {
+        this.etcdTemplateId = etcdTemplateId;
+    }
+
+    public Long getWorkerTemplateId() {
+        return workerTemplateId;
+    }
+
+    public void setWorkerTemplateId(Long workerTemplateId) {
+        this.workerTemplateId = workerTemplateId;
+    }
+
+    public Long getControlTemplateId() {
+        return controlTemplateId;
+    }
+
+    public void setControlTemplateId(Long controlTemplateId) {
+        this.controlTemplateId = controlTemplateId;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
index f6126f01be5b..565d7233f3dc 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
@@ -42,6 +42,9 @@ public class KubernetesClusterVmMapVO implements KubernetesClusterVmMap {
     @Column(name = "control_node")
     boolean controlNode;
 
+    @Column(name = "etcd_node")
+    boolean etcdNode;
+
     public KubernetesClusterVmMapVO() {
     }
 
@@ -83,4 +86,12 @@ public boolean isControlNode() {
     public void setControlNode(boolean controlNode) {
         this.controlNode = controlNode;
     }
+
+    public boolean isEtcdNode() {
+        return etcdNode;
+    }
+
+    public void setEtcdNode(boolean etcdNode) {
+        this.etcdNode = etcdNode;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index f9a1d5dd48f6..58ec18848a1a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -22,6 +22,7 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -34,6 +35,8 @@
 import org.apache.logging.log4j.Level;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.offering.ServiceOffering;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.ca.CAManager;
 import org.apache.cloudstack.config.ApiServiceConfiguration;
@@ -166,6 +169,9 @@ public class KubernetesClusterActionWorker {
     protected KubernetesCluster kubernetesCluster;
     protected Account owner;
     protected VirtualMachineTemplate clusterTemplate;
+    protected VirtualMachineTemplate controlNodeTemplate;
+    protected VirtualMachineTemplate workerNodeTemplate;
+    protected VirtualMachineTemplate etcdTemplate;
     protected File sshKeyFile;
     protected String publicIpAddress;
     protected int sshPort;
@@ -197,7 +203,10 @@ protected void init() {
         DataCenterVO dataCenterVO = dataCenterDao.findById(zoneId);
         VMTemplateVO template = templateDao.findById(templateId);
         Hypervisor.HypervisorType type = template.getHypervisorType();
-        this.clusterTemplate = manager.getKubernetesServiceTemplate(dataCenterVO, type);
+        this.clusterTemplate = manager.getKubernetesServiceTemplate(dataCenterVO, type, null, KubernetesClusterNodeType.DEFAULT);
+        this.controlNodeTemplate = templateDao.findById(this.kubernetesCluster.getControlTemplateId());
+        this.workerNodeTemplate = templateDao.findById(this.kubernetesCluster.getWorkerTemplateId());
+        this.etcdTemplate = templateDao.findById(this.kubernetesCluster.getEtcdTemplateId());
         this.sshKeyFile = getManagementServerSshPublicKeyFile();
     }
 
@@ -270,7 +279,7 @@ protected void logTransitStateDetachIsoAndThrow(final Level logLevel, final Stri
     }
 
     protected void deleteTemplateLaunchPermission() {
-        if (clusterTemplate != null && owner != null) {
+        if (isDefaultTemplateUsed() && owner != null) {
             logger.info("Revoking launch permission for systemVM template");
             launchPermissionDao.removePermissions(clusterTemplate.getId(), Collections.singletonList(owner.getId()));
         }
@@ -690,4 +699,34 @@ protected boolean deployProvider() {
     public void setKeys(String[] keys) {
         this.keys = keys;
     }
+
+    protected ServiceOffering getServiceOfferingForNodeTypeOnCluster(KubernetesClusterNodeType nodeType,
+                                                                     KubernetesCluster cluster) {
+        Long offeringId = null;
+        Long defaultOfferingId = cluster.getServiceOfferingId();
+        Long controlOfferingId = cluster.getControlServiceOfferingId();
+        Long workerOfferingId = cluster.getWorkerServiceOfferingId();
+        Long etcdOfferingId = cluster.getEtcdServiceOfferingId();
+        if (KubernetesClusterNodeType.CONTROL == nodeType) {
+            offeringId = controlOfferingId != null ? controlOfferingId : defaultOfferingId;
+        } else if (KubernetesClusterNodeType.WORKER == nodeType) {
+            offeringId = workerOfferingId != null ? workerOfferingId : defaultOfferingId;
+        } else if (KubernetesClusterNodeType.ETCD == nodeType && cluster.getEtcdNodeCount() != null && cluster.getEtcdNodeCount() > 0) {
+            offeringId = etcdOfferingId != null ? etcdOfferingId : defaultOfferingId;
+        }
+
+        if (offeringId == null) {
+            String msg = String.format("Cannot find a service offering for the %s nodes on the Kubernetes cluster %s", nodeType.name(), cluster.getName());
+            logger.error(msg);
+            throw new CloudRuntimeException(msg);
+        }
+        return serviceOfferingDao.findById(offeringId);
+    }
+
+    protected boolean isDefaultTemplateUsed() {
+        if (Arrays.asList(kubernetesCluster.getControlTemplateId(), kubernetesCluster.getWorkerTemplateId(), kubernetesCluster.getEtcdTemplateId()).contains(kubernetesCluster.getTemplateId())) {
+            return true;
+        }
+        return false;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index e8bc8e2851ed..afc7382eae8f 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -17,6 +17,9 @@
 
 package com.cloud.kubernetes.cluster.actionworkers;
 
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
 
 import java.io.File;
@@ -31,6 +34,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.network.rules.FirewallManager;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.dao.NetworkOfferingDao;
 import org.apache.cloudstack.api.ApiConstants;
@@ -136,6 +141,8 @@ public class KubernetesClusterResourceModifierActionWorker extends KubernetesClu
     @Inject
     protected RulesService rulesService;
     @Inject
+    protected FirewallManager firewallManager;
+    @Inject
     protected PortForwardingRulesDao portForwardingRulesDao;
     @Inject
     protected ResourceManager resourceManager;
@@ -376,7 +383,7 @@ protected UserVm createKubernetesNode(String joinIp) throws ManagementServerExce
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm nodeVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
-        ServiceOffering serviceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+        ServiceOffering serviceOffering = getServiceOfferingForNodeTypeOnCluster(WORKER, kubernetesCluster);
         List<Long> networkIds = new ArrayList<Long>();
         networkIds.add(kubernetesCluster.getNetworkId());
         Account owner = accountDao.findById(kubernetesCluster.getAccountId());
@@ -406,12 +413,12 @@ protected UserVm createKubernetesNode(String joinIp) throws ManagementServerExce
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
-            nodeVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, securityGroupIds, owner,
+            nodeVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
                     null, addrs, null, null, null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
-            nodeVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, owner,
+            nodeVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
                     null, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
@@ -532,16 +539,22 @@ protected FirewallRule removeSshFirewallRule(final IpAddress publicIp) {
 
     protected void removePortForwardingRules(final IpAddress publicIp, final Network network, final Account account, final List<Long> removedVMIds) throws ResourceUnavailableException {
         if (!CollectionUtils.isEmpty(removedVMIds)) {
+            List<PortForwardingRuleVO> pfRules = new ArrayList<>();
+            List<PortForwardingRuleVO> revokedRules = new ArrayList<>();
             for (Long vmId : removedVMIds) {
-                List<PortForwardingRuleVO> pfRules = portForwardingRulesDao.listByNetwork(network.getId());
+                pfRules.addAll(portForwardingRulesDao.listByNetwork(network.getId()));
                 for (PortForwardingRuleVO pfRule : pfRules) {
                     if (pfRule.getVirtualMachineId() == vmId) {
                         portForwardingRulesDao.remove(pfRule.getId());
+                        LOGGER.trace("Marking PF rule " + pfRule + " with Revoke state");
+                        pfRule.setState(FirewallRule.State.Revoke);
+                        revokedRules.add(pfRule);
                         break;
                     }
                 }
             }
-            rulesService.applyPortForwardingRules(publicIp.getId(), account);
+
+            firewallManager.applyRules(revokedRules, false, true);
         }
     }
 
@@ -784,7 +797,11 @@ protected String getKubernetesClusterNodeNamePrefix() {
     }
 
     protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, final Long memory, final Long size,
-               final Long serviceOfferingId, final Boolean autoscaleEnabled, final Long minSize, final Long maxSize) {
+                                                               final Long serviceOfferingId, final Boolean autoscaleEnabled,
+                                                               final Long minSize, final Long maxSize,
+                                                               final KubernetesClusterNodeType nodeType,
+                                                               final boolean updateNodeOffering,
+                                                               final boolean updateClusterOffering) {
         return Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
                 @Override
                 public KubernetesClusterVO doInTransaction(TransactionStatus status) {
@@ -798,7 +815,16 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                 if (size != null) {
                     updatedCluster.setNodeCount(size);
                 }
-                if (serviceOfferingId != null) {
+                if (updateNodeOffering && serviceOfferingId != null && nodeType != null) {
+                    if (WORKER == nodeType) {
+                        updatedCluster.setWorkerServiceOfferingId(serviceOfferingId);
+                    } else if (CONTROL == nodeType) {
+                        updatedCluster.setControlServiceOfferingId(serviceOfferingId);
+                    } else if (ETCD == nodeType) {
+                        updatedCluster.setEtcdServiceOfferingId(serviceOfferingId);
+                    }
+                }
+                if (updateClusterOffering && serviceOfferingId != null) {
                     updatedCluster.setServiceOfferingId(serviceOfferingId);
                 }
                 if (autoscaleEnabled != null) {
@@ -812,7 +838,7 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
     }
 
     private KubernetesClusterVO updateKubernetesClusterEntry(final Boolean autoscaleEnabled, final Long minSize, final Long maxSize) throws CloudRuntimeException {
-        KubernetesClusterVO kubernetesClusterVO = updateKubernetesClusterEntry(null, null, null, null, autoscaleEnabled, minSize, maxSize);
+        KubernetesClusterVO kubernetesClusterVO = updateKubernetesClusterEntry(null, null, null, null, autoscaleEnabled, minSize, maxSize, null, false, false);
         if (kubernetesClusterVO == null) {
             logTransitStateAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster %s failed, unable to update Kubernetes cluster",
                     kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index ec04907cf9d4..60085e0c909b 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -19,13 +19,17 @@
 
 import java.io.File;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.service.ServiceOfferingVO;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -58,12 +62,17 @@
 import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.logging.log4j.Level;
 
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.DEFAULT;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
+
 public class KubernetesClusterScaleWorker extends KubernetesClusterResourceModifierActionWorker {
 
     @Inject
     protected VMInstanceDao vmInstanceDao;
 
-    private ServiceOffering serviceOffering;
+    private Map<String, ServiceOffering> serviceOfferingNodeTypeMap;
     private Long clusterSize;
     private List<Long> nodeIds;
     private KubernetesCluster.State originalState;
@@ -73,8 +82,12 @@ public class KubernetesClusterScaleWorker extends KubernetesClusterResourceModif
     private Boolean isAutoscalingEnabled;
     private long scaleTimeoutTime;
 
+    protected KubernetesClusterScaleWorker(final KubernetesCluster kubernetesCluster, final KubernetesClusterManagerImpl clusterManager) {
+        super(kubernetesCluster, clusterManager);
+    }
+
     public KubernetesClusterScaleWorker(final KubernetesCluster kubernetesCluster,
-                                        final ServiceOffering serviceOffering,
+                                        final Map<String, ServiceOffering> serviceOfferingNodeTypeMap,
                                         final Long clusterSize,
                                         final List<Long> nodeIds,
                                         final Boolean isAutoscalingEnabled,
@@ -82,7 +95,7 @@ public KubernetesClusterScaleWorker(final KubernetesCluster kubernetesCluster,
                                         final Long maxSize,
                                         final KubernetesClusterManagerImpl clusterManager) {
         super(kubernetesCluster, clusterManager);
-        this.serviceOffering = serviceOffering;
+        this.serviceOfferingNodeTypeMap = serviceOfferingNodeTypeMap;
         this.nodeIds = nodeIds;
         this.isAutoscalingEnabled = isAutoscalingEnabled;
         this.minSize = minSize;
@@ -174,15 +187,19 @@ private void scaleKubernetesClusterNetworkRules(final List<Long> clusterVMIds) t
         scaleKubernetesClusterIsolatedNetworkRules(clusterVMIds);
     }
 
-    private KubernetesClusterVO updateKubernetesClusterEntry(final Long newSize, final ServiceOffering newServiceOffering) throws CloudRuntimeException {
+    private KubernetesClusterVO updateKubernetesClusterEntryForNodeType(final Long newWorkerSize, final KubernetesClusterNodeType nodeType,
+                                                                        final ServiceOffering newServiceOffering,
+                                                                        final boolean updateNodeOffering, boolean updateClusterOffering) throws CloudRuntimeException {
         final ServiceOffering serviceOffering = newServiceOffering == null ?
                 serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId()) : newServiceOffering;
         final Long serviceOfferingId = newServiceOffering == null ? null : serviceOffering.getId();
-        final long size = newSize == null ? kubernetesCluster.getTotalNodeCount() : (newSize + kubernetesCluster.getControlNodeCount());
-        final long cores = serviceOffering.getCpu() * size;
-        final long memory = serviceOffering.getRamSize() * size;
-        KubernetesClusterVO kubernetesClusterVO = updateKubernetesClusterEntry(cores, memory, newSize, serviceOfferingId,
-            kubernetesCluster.getAutoscalingEnabled(), kubernetesCluster.getMinSize(), kubernetesCluster.getMaxSize());
+
+        Pair<Long, Long> clusterCountAndCapacity = calculateNewClusterCountAndCapacity(newWorkerSize, nodeType, serviceOffering);
+        long cores = clusterCountAndCapacity.first();
+        long memory = clusterCountAndCapacity.second();
+
+        KubernetesClusterVO kubernetesClusterVO = updateKubernetesClusterEntry(cores, memory, newWorkerSize, serviceOfferingId,
+            kubernetesCluster.getAutoscalingEnabled(), kubernetesCluster.getMinSize(), kubernetesCluster.getMaxSize(), nodeType, updateNodeOffering, updateClusterOffering);
         if (kubernetesClusterVO == null) {
             logTransitStateAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster %s failed, unable to update Kubernetes cluster",
                     kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
@@ -190,6 +207,55 @@ private KubernetesClusterVO updateKubernetesClusterEntry(final Long newSize, fin
         return kubernetesClusterVO;
     }
 
+    protected Pair<Long, Long> calculateNewClusterCountAndCapacity(Long newWorkerSize, KubernetesClusterNodeType nodeType, ServiceOffering serviceOffering) {
+        long cores;
+        long memory;
+        long totalClusterSize = newWorkerSize == null ? kubernetesCluster.getTotalNodeCount() : (newWorkerSize + kubernetesCluster.getControlNodeCount() + kubernetesCluster.getEtcdNodeCount());
+
+        if (nodeType == DEFAULT) {
+            cores = serviceOffering.getCpu() * totalClusterSize;
+            memory = serviceOffering.getRamSize() * totalClusterSize;
+        } else {
+            long nodeCount = getNodeCountForType(nodeType, kubernetesCluster);
+            Long existingOfferingId = getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
+            ServiceOfferingVO previousOffering = serviceOfferingDao.findById(existingOfferingId);
+            Pair<Long, Long> previousNodesCapacity = calculateNodesCapacity(previousOffering, nodeCount);
+            if (WORKER == nodeType) {
+                nodeCount = newWorkerSize == null ? kubernetesCluster.getNodeCount() : newWorkerSize;
+            }
+            Pair<Long, Long> newNodesCapacity = calculateNodesCapacity(serviceOffering, nodeCount);
+            Pair<Long, Long> newClusterCapacity = calculateClusterNewCapacity(kubernetesCluster, previousNodesCapacity, newNodesCapacity);
+            cores = newClusterCapacity.first();
+            memory = newClusterCapacity.second();
+        }
+        return new Pair<>(cores, memory);
+    }
+
+    private long getNodeCountForType(KubernetesClusterNodeType nodeType, KubernetesCluster kubernetesCluster) {
+        if (WORKER == nodeType) {
+            return kubernetesCluster.getNodeCount();
+        } else if (CONTROL == nodeType) {
+            return kubernetesCluster.getControlNodeCount();
+        } else if (ETCD == nodeType) {
+            return kubernetesCluster.getEtcdNodeCount();
+        }
+        return kubernetesCluster.getTotalNodeCount();
+    }
+
+    protected Pair<Long, Long> calculateClusterNewCapacity(KubernetesCluster kubernetesCluster,
+                                                           Pair<Long, Long> previousNodeTypeCapacity,
+                                                           Pair<Long, Long> newNodeTypeCapacity) {
+        long previousCores = kubernetesCluster.getCores();
+        long previousMemory = kubernetesCluster.getMemory();
+        long newCores = previousCores - previousNodeTypeCapacity.first() + newNodeTypeCapacity.first();
+        long newMemory = previousMemory - previousNodeTypeCapacity.second() + newNodeTypeCapacity.second();
+        return new Pair<>(newCores, newMemory);
+    }
+
+    protected Pair<Long, Long> calculateNodesCapacity(ServiceOffering offering, long nodeCount) {
+        return new Pair<>(offering.getCpu() * nodeCount, offering.getRamSize() * nodeCount);
+    }
+
     private boolean removeKubernetesClusterNode(final String ipAddress, final int port, final UserVm userVm, final int retries, final int waitDuration) {
         File pkFile = getManagementServerSshPublicKeyFile();
         int retryCounter = 0;
@@ -280,17 +346,18 @@ private void validateKubernetesClusterScaleSizeParameters() throws CloudRuntimeE
         }
     }
 
-    private void scaleKubernetesClusterOffering() throws CloudRuntimeException {
+    private void scaleKubernetesClusterOffering(KubernetesClusterNodeType nodeType, ServiceOffering serviceOffering,
+                                                boolean updateNodeOffering, boolean updateClusterOffering) throws CloudRuntimeException {
         validateKubernetesClusterScaleOfferingParameters();
         if (!kubernetesCluster.getState().equals(KubernetesCluster.State.Scaling)) {
             stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.ScaleUpRequested);
         }
         if (KubernetesCluster.State.Created.equals(originalState)) {
-            kubernetesCluster = updateKubernetesClusterEntry(null, serviceOffering);
+            kubernetesCluster = updateKubernetesClusterEntryForNodeType(null, nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
             return;
         }
-        final long size = kubernetesCluster.getTotalNodeCount();
-        List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
+        final long size = getNodeCountForType(nodeType, kubernetesCluster);
+        List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterIdAndVmType(kubernetesCluster.getId(), nodeType);
         final long tobeScaledVMCount =  Math.min(vmList.size(), size);
         for (long i = 0; i < tobeScaledVMCount; i++) {
             KubernetesClusterVmMapVO vmMapVO = vmList.get((int) i);
@@ -308,7 +375,7 @@ private void scaleKubernetesClusterOffering() throws CloudRuntimeException {
                 logTransitStateAndThrow(Level.WARN, String.format("Scaling Kubernetes cluster : %s failed, scaling action timed out", kubernetesCluster.getName()),kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
             }
         }
-        kubernetesCluster = updateKubernetesClusterEntry(null, serviceOffering);
+        kubernetesCluster = updateKubernetesClusterEntryForNodeType(null, nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
     }
 
     private void removeNodesFromCluster(List<KubernetesClusterVmMapVO> vmMaps) throws CloudRuntimeException {
@@ -363,8 +430,10 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
             stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.ScaleUpRequested);
         }
         List<UserVm> clusterVMs = new ArrayList<>();
-        LaunchPermissionVO launchPermission =  new LaunchPermissionVO(clusterTemplate.getId(), owner.getId());
-        launchPermissionDao.persist(launchPermission);
+        if (isDefaultTemplateUsed()) {
+            LaunchPermissionVO launchPermission = new LaunchPermissionVO(clusterTemplate.getId(), owner.getId());
+            launchPermissionDao.persist(launchPermission);
+        }
         try {
             clusterVMs = provisionKubernetesClusterNodeVms((int)(newVmCount + kubernetesCluster.getNodeCount()), (int)kubernetesCluster.getNodeCount(), publicIpAddress);
             updateLoginUserDetails(clusterVMs.stream().map(InternalIdentity::getId).collect(Collectors.toList()));
@@ -389,7 +458,7 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
         }
     }
 
-    private void scaleKubernetesClusterSize() throws CloudRuntimeException {
+    private void scaleKubernetesClusterSize(KubernetesClusterNodeType nodeType) throws CloudRuntimeException {
         validateKubernetesClusterScaleSizeParameters();
         final long originalClusterSize = kubernetesCluster.getNodeCount();
         final long newVmRequiredCount = clusterSize - originalClusterSize;
@@ -397,7 +466,7 @@ private void scaleKubernetesClusterSize() throws CloudRuntimeException {
             if (!kubernetesCluster.getState().equals(KubernetesCluster.State.Scaling)) {
                 stateTransitTo(kubernetesCluster.getId(), newVmRequiredCount > 0 ? KubernetesCluster.Event.ScaleUpRequested : KubernetesCluster.Event.ScaleDownRequested);
             }
-            kubernetesCluster = updateKubernetesClusterEntry(null, serviceOffering);
+            kubernetesCluster = updateKubernetesClusterEntryForNodeType(null, nodeType, serviceOfferingNodeTypeMap.get(nodeType.name()), false, false);
             return;
         }
         Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
@@ -411,7 +480,7 @@ private void scaleKubernetesClusterSize() throws CloudRuntimeException {
         } else { // upscale, same node count handled above
             scaleUpKubernetesClusterSize(newVmRequiredCount);
         }
-        kubernetesCluster = updateKubernetesClusterEntry(clusterSize, null);
+        kubernetesCluster = updateKubernetesClusterEntryForNodeType(clusterSize, nodeType, null, false, false);
     }
 
     private boolean isAutoscalingChanged() {
@@ -434,37 +503,88 @@ public boolean scaleCluster() throws CloudRuntimeException {
         }
         scaleTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterScaleTimeout.value() * 1000;
         final long originalClusterSize = kubernetesCluster.getNodeCount();
-        final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
-        if (existingServiceOffering == null) {
-            logAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster : %s failed, service offering for the Kubernetes cluster not found!", kubernetesCluster.getName()));
+        if (serviceOfferingNodeTypeMap.containsKey(DEFAULT.name())) {
+            final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+            if (existingServiceOffering == null) {
+                logAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster : %s failed, service offering for the Kubernetes cluster not found!", kubernetesCluster.getName()));
+            }
         }
-        final boolean autscalingChanged = isAutoscalingChanged();
-        final boolean serviceOfferingScalingNeeded = serviceOffering != null && serviceOffering.getId() != existingServiceOffering.getId();
 
-        if (autscalingChanged) {
-            boolean autoScaled = autoscaleCluster(this.isAutoscalingEnabled, minSize, maxSize);
-            if (autoScaled && serviceOfferingScalingNeeded) {
-                scaleKubernetesClusterOffering();
+        final boolean autoscalingChanged = isAutoscalingChanged();
+        boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
+        Long existingDefaultOfferingId = kubernetesCluster.getServiceOfferingId();
+        ServiceOffering defaultServiceOffering = serviceOfferingNodeTypeMap.getOrDefault(DEFAULT.name(), null);
+
+        for (KubernetesClusterNodeType nodeType : Arrays.asList(CONTROL, ETCD, WORKER)) {
+            if (!hasDefaultOffering && !serviceOfferingNodeTypeMap.containsKey(nodeType.name())) {
+                continue;
             }
-            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
-            return autoScaled;
-        }
-        final boolean clusterSizeScalingNeeded = clusterSize != null && clusterSize != originalClusterSize;
-        final long newVMRequired = clusterSize == null ? 0 : clusterSize - originalClusterSize;
-        if (serviceOfferingScalingNeeded && clusterSizeScalingNeeded) {
-            if (newVMRequired > 0) {
-                scaleKubernetesClusterOffering();
-                scaleKubernetesClusterSize();
-            } else {
-                scaleKubernetesClusterSize();
-                scaleKubernetesClusterOffering();
+            boolean isWorkerNodeOrAllNodes = WORKER == nodeType;
+            boolean serviceOfferingScalingNeeded = isServiceOfferingScalingNeededForNodeType(nodeType, serviceOfferingNodeTypeMap, kubernetesCluster, existingDefaultOfferingId);
+            ServiceOffering serviceOffering = serviceOfferingNodeTypeMap.getOrDefault(nodeType.name(), defaultServiceOffering);
+            boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name());
+            boolean updateClusterOffering = isWorkerNodeOrAllNodes && hasDefaultOffering;
+            if (isWorkerNodeOrAllNodes && autoscalingChanged) {
+                boolean autoScaled = autoscaleCluster(this.isAutoscalingEnabled, minSize, maxSize);
+                if (autoScaled && serviceOfferingScalingNeeded) {
+                    scaleKubernetesClusterOffering(nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
+                }
+                stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
+                return autoScaled;
+            }
+            final boolean clusterSizeScalingNeeded = isWorkerNodeOrAllNodes && clusterSize != null && clusterSize != originalClusterSize;
+            final long newVMRequired = (!isWorkerNodeOrAllNodes || clusterSize == null) ? 0 : clusterSize - originalClusterSize;
+            if (serviceOfferingScalingNeeded && clusterSizeScalingNeeded) {
+                if (newVMRequired > 0) {
+                    scaleKubernetesClusterOffering(nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
+                    scaleKubernetesClusterSize(nodeType);
+                } else {
+                    scaleKubernetesClusterSize(nodeType);
+                    scaleKubernetesClusterOffering(nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
+                }
+            } else if (serviceOfferingScalingNeeded) {
+                scaleKubernetesClusterOffering(nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
+            } else if (clusterSizeScalingNeeded) {
+                scaleKubernetesClusterSize(nodeType);
             }
-        } else if (serviceOfferingScalingNeeded) {
-            scaleKubernetesClusterOffering();
-        } else if (clusterSizeScalingNeeded) {
-            scaleKubernetesClusterSize();
         }
+
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
         return true;
     }
+
+    protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNodeType nodeType,
+                                                                Map<String, ServiceOffering> map, KubernetesCluster kubernetesCluster,
+                                                                Long existingDefaultOfferingId) {
+        Long existingOfferingId = map.containsKey(DEFAULT.name()) ?
+                existingDefaultOfferingId :
+                getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
+        if (existingOfferingId == null) {
+            logAndThrow(Level.ERROR, String.format("The Kubernetes cluster %s does not have a global service offering set", kubernetesCluster.getName()));
+        }
+        ServiceOffering existingOffering = serviceOfferingDao.findById(existingOfferingId);
+        if (existingOffering == null) {
+            logAndThrow(Level.ERROR, String.format("Cannot find the global service offering with ID %s set on the Kubernetes cluster %s", existingOfferingId, kubernetesCluster.getName()));
+        }
+        ServiceOffering newOffering = map.containsKey(DEFAULT.name()) ? map.get(DEFAULT.name()) : map.get(nodeType.name());
+        if (newOffering == null) {
+            logAndThrow(Level.ERROR, String.format("Cannot find the requested service offering with ID %s", newOffering));
+        }
+        return newOffering != null && newOffering.getId() != existingOffering.getId();
+    }
+
+    protected Long getExistingOfferingIdForNodeType(KubernetesClusterNodeType nodeType, KubernetesCluster kubernetesCluster) {
+        Long offeringId = null;
+        if (WORKER == nodeType) {
+            offeringId = kubernetesCluster.getWorkerServiceOfferingId();
+        } else if (CONTROL == nodeType) {
+            offeringId = kubernetesCluster.getControlServiceOfferingId();
+        } else if (ETCD == nodeType) {
+            offeringId = kubernetesCluster.getEtcdServiceOfferingId();
+        }
+        if (offeringId == null) {
+            offeringId = kubernetesCluster.getServiceOfferingId();
+        }
+        return offeringId;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index a7cea8093c83..9f83d0ed0b96 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -75,6 +75,8 @@
 import com.cloud.vm.VmDetailConstants;
 import org.apache.logging.log4j.Level;
 
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+
 public class KubernetesClusterStartWorker extends KubernetesClusterResourceModifierActionWorker {
 
     private KubernetesSupportedVersion kubernetesClusterVersion;
@@ -183,7 +185,7 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm controlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
-        ServiceOffering serviceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+        ServiceOffering serviceOffering = getServiceOfferingForNodeTypeOnCluster(CONTROL, kubernetesCluster);
         List<Long> networkIds = new ArrayList<Long>();
         networkIds.add(kubernetesCluster.getNetworkId());
         Pair<String, Map<Long, Network.IpAddresses>> ipAddresses = getKubernetesControlNodeIpAddresses(zone, network, owner);
@@ -215,15 +217,16 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
+
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
-            controlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, securityGroupIds, owner,
+            controlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
             hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
                     requestedIps, addrs, null, null, null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
-            controlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, owner,
+            controlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
                     requestedIps, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
@@ -263,7 +266,7 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm additionalControlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
-        ServiceOffering serviceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+        ServiceOffering serviceOffering = getServiceOfferingForNodeTypeOnCluster(CONTROL, kubernetesCluster);
         List<Long> networkIds = new ArrayList<Long>();
         networkIds.add(kubernetesCluster.getNetworkId());
         Network.IpAddresses addrs = new Network.IpAddresses(null, null);
@@ -289,15 +292,16 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
+
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
-            additionalControlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, securityGroupIds, owner,
+            additionalControlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
                     null, addrs, null, null, null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
-            additionalControlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, clusterTemplate, networkIds, owner,
+            additionalControlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
                     null, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
@@ -493,8 +497,10 @@ public boolean startKubernetesClusterOnCreate() {
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to start Kubernetes cluster : %s as no public IP found for the cluster" , kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed);
         }
         // Allow account creating the kubernetes cluster to access systemVM template
-        LaunchPermissionVO launchPermission =  new LaunchPermissionVO(clusterTemplate.getId(), owner.getId());
-        launchPermissionDao.persist(launchPermission);
+        if (isDefaultTemplateUsed()) {
+            LaunchPermissionVO launchPermission = new LaunchPermissionVO(kubernetesCluster.getTemplateId(), owner.getId());
+            launchPermissionDao.persist(launchPermission);
+        }
 
         List<UserVm> clusterVMs = new ArrayList<>();
         UserVm k8sControlVM = null;
@@ -568,6 +574,8 @@ public boolean startKubernetesClusterOnCreate() {
         return true;
     }
 
+
+
     public boolean startStoppedKubernetesCluster() throws CloudRuntimeException {
         init();
         if (logger.isInfoEnabled()) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDao.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDao.java
index 45c0b79485c0..57d0a45277e0 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDao.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDao.java
@@ -16,6 +16,7 @@
 // under the License.
 package com.cloud.kubernetes.cluster.dao;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
 import com.cloud.utils.db.GenericDao;
 
@@ -30,4 +31,6 @@ public interface KubernetesClusterVmMapDao extends GenericDao<KubernetesClusterV
     int removeByClusterIdAndVmIdsIn(long clusterId, List<Long> vmIds);
 
     public int removeByClusterId(long clusterId);
+
+    List<KubernetesClusterVmMapVO> listByClusterIdAndVmType(long clusterId, KubernetesClusterNodeType nodeType);
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDaoImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDaoImpl.java
index 0d90a4cdaca9..967be2214e02 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDaoImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterVmMapDaoImpl.java
@@ -18,6 +18,7 @@
 
 import java.util.List;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper;
 import org.springframework.stereotype.Component;
 
 import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
@@ -26,6 +27,9 @@
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+
 
 @Component
 public class KubernetesClusterVmMapDaoImpl extends GenericDaoBase<KubernetesClusterVmMapVO, Long> implements KubernetesClusterVmMapDao {
@@ -37,6 +41,8 @@ public KubernetesClusterVmMapDaoImpl() {
         clusterIdSearch = createSearchBuilder();
         clusterIdSearch.and("clusterId", clusterIdSearch.entity().getClusterId(), SearchCriteria.Op.EQ);
         clusterIdSearch.and("vmIdsIN", clusterIdSearch.entity().getVmId(), SearchCriteria.Op.IN);
+        clusterIdSearch.and("controlNode", clusterIdSearch.entity().isControlNode(), SearchCriteria.Op.EQ);
+        clusterIdSearch.and("etcdNode", clusterIdSearch.entity().isEtcdNode(), SearchCriteria.Op.EQ);
         clusterIdSearch.done();
 
         vmIdSearch = createSearchBuilder();
@@ -81,4 +87,21 @@ public int removeByClusterId(long clusterId) {
         sc.setParameters("clusterId", clusterId);
         return remove(sc);
     }
+
+    @Override
+    public List<KubernetesClusterVmMapVO> listByClusterIdAndVmType(long clusterId, KubernetesClusterHelper.KubernetesClusterNodeType nodeType) {
+        SearchCriteria<KubernetesClusterVmMapVO> sc = clusterIdSearch.create();
+        sc.setParameters("clusterId", clusterId);
+        if (CONTROL == nodeType) {
+            sc.setParameters("controlNode", true);
+            sc.setParameters("etcdNode", false);
+        } else if (ETCD == nodeType) {
+            sc.setParameters("controlNode", false);
+            sc.setParameters("etcdNode", true);
+        } else {
+            sc.setParameters("controlNode", false);
+            sc.setParameters("etcdNode", false);
+        }
+        return listBy(sc);
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index c55510217721..08097fa53616 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -17,10 +17,12 @@
 package org.apache.cloudstack.api.command.user.kubernetes.cluster;
 
 import java.security.InvalidParameterException;
+import java.util.Map;
 
 import javax.inject.Inject;
 
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
@@ -60,6 +62,8 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
 
     @Inject
     public KubernetesClusterService kubernetesClusterService;
+    @Inject
+    protected KubernetesClusterHelper kubernetesClusterHelper;
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -83,7 +87,23 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.SERVICE_OFFERING_ID, type = CommandType.UUID, entityType = ServiceOfferingResponse.class,
             description = "the ID of the service offering for the virtual machines in the cluster.")
-    private Long serviceOfferingId;
+    protected Long serviceOfferingId;
+
+    @ACL(accessType = AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_OFFERING_MAP, type = CommandType.MAP,
+            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter")
+    protected Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
+
+    @ACL(accessType = AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_TEMPLATE_MAP, type = CommandType.MAP,
+            description = "(Optional) Node Type to Template ID mapping. If provided, it overrides the default template: System VM template")
+    protected Map<String, Map<String, String>> templateNodeTypeMap;
+
+    @ACL(accessType = AccessType.UseEntry)
+    @Parameter(name = ApiConstants.ETCD_NODES, type = CommandType.LONG,
+            description = "(Optional) Number of Kubernetes cluster etcd nodes, default is 0." +
+                    "In case the number is greater than 0, etcd nodes are separate from master nodes and are provisioned accordingly")
+    protected Long etcdNodes;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the" +
@@ -204,6 +224,10 @@ public Long getControlNodes() {
         return controlNodes;
     }
 
+    public long getEtcdNodes() {
+        return etcdNodes == null ? 0 : etcdNodes;
+    }
+
     public String getExternalLoadBalancerIpAddress() {
         return externalLoadBalancerIpAddress;
     }
@@ -242,6 +266,14 @@ public String getClusterType() {
         return clusterType;
     }
 
+    public Map<String, Long> getServiceOfferingNodeTypeMap() {
+        return kubernetesClusterHelper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+    }
+
+    public Map<String, Long> getTemplateNodeTypeMap() {
+        return kubernetesClusterHelper.getTemplateNodeTypeMap(templateNodeTypeMap);
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
index 02865357b8a5..bc9f32e40ad1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
@@ -17,9 +17,11 @@
 package org.apache.cloudstack.api.command.user.kubernetes.cluster;
 
 import java.util.List;
+import java.util.Map;
 
 import javax.inject.Inject;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterHelper;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.ACL;
@@ -53,6 +55,8 @@ public class ScaleKubernetesClusterCmd extends BaseAsyncCmd {
 
     @Inject
     public KubernetesClusterService kubernetesClusterService;
+    @Inject
+    protected KubernetesClusterHelper kubernetesClusterHelper;
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -67,6 +71,11 @@ public class ScaleKubernetesClusterCmd extends BaseAsyncCmd {
         description = "the ID of the service offering for the virtual machines in the cluster.")
     private Long serviceOfferingId;
 
+    @ACL(accessType = SecurityChecker.AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_OFFERING_MAP, type = CommandType.MAP,
+            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter")
+    protected Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
+
     @Parameter(name=ApiConstants.SIZE, type = CommandType.LONG,
         description = "number of Kubernetes cluster nodes")
     private Long clusterSize;
@@ -102,6 +111,10 @@ public Long getServiceOfferingId() {
         return serviceOfferingId;
     }
 
+    public Map<String, Long> getServiceOfferingNodeTypeMap() {
+        return kubernetesClusterHelper.getServiceOfferingNodeTypeMap(this.serviceOfferingNodeTypeMap);
+    }
+
     public Long getClusterSize() {
         return clusterSize;
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
index 168dfaf60913..c14fd9812f51 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
@@ -58,6 +58,34 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "the name of the service offering of the Kubernetes cluster")
     private String serviceOfferingName;
 
+    @SerializedName(ApiConstants.WORKER_SERVICE_OFFERING_ID)
+    @Param(description = "the ID of the service offering of the worker nodes on the Kubernetes cluster")
+    private String workerOfferingId;
+
+    @SerializedName(ApiConstants.WORKER_SERVICE_OFFERING_NAME)
+    @Param(description = "the name of the service offering of the worker nodes on the Kubernetes cluster")
+    private String workerOfferingName;
+
+    @SerializedName(ApiConstants.CONTROL_SERVICE_OFFERING_ID)
+    @Param(description = "the ID of the service offering of the control nodes on the Kubernetes cluster")
+    private String controlOfferingId;
+
+    @SerializedName(ApiConstants.CONTROL_SERVICE_OFFERING_NAME)
+    @Param(description = "the name of the service offering of the control nodes on the Kubernetes cluster")
+    private String controlOfferingName;
+
+    @SerializedName(ApiConstants.ETCD_SERVICE_OFFERING_ID)
+    @Param(description = "the ID of the service offering of the etcd nodes on the Kubernetes cluster")
+    private String etcdOfferingId;
+
+    @SerializedName(ApiConstants.ETCD_SERVICE_OFFERING_NAME)
+    @Param(description = "the name of the service offering of the etcd nodes on the Kubernetes cluster")
+    private String etcdOfferingName;
+
+    @SerializedName(ApiConstants.ETCD_NODES)
+    @Param(description = "the number of the etcd nodes on the Kubernetes cluster")
+    private Long etcdNodes;
+
     @SerializedName(ApiConstants.TEMPLATE_ID)
     @Param(description = "the ID of the template of the Kubernetes cluster")
     private String templateId;
@@ -359,6 +387,62 @@ public void setServiceOfferingName(String serviceOfferingName) {
         this.serviceOfferingName = serviceOfferingName;
     }
 
+    public String getWorkerOfferingId() {
+        return workerOfferingId;
+    }
+
+    public void setWorkerOfferingId(String workerOfferingId) {
+        this.workerOfferingId = workerOfferingId;
+    }
+
+    public String getWorkerOfferingName() {
+        return workerOfferingName;
+    }
+
+    public void setWorkerOfferingName(String workerOfferingName) {
+        this.workerOfferingName = workerOfferingName;
+    }
+
+    public String getControlOfferingId() {
+        return controlOfferingId;
+    }
+
+    public void setControlOfferingId(String controlOfferingId) {
+        this.controlOfferingId = controlOfferingId;
+    }
+
+    public String getControlOfferingName() {
+        return controlOfferingName;
+    }
+
+    public void setControlOfferingName(String controlOfferingName) {
+        this.controlOfferingName = controlOfferingName;
+    }
+
+    public String getEtcdOfferingId() {
+        return etcdOfferingId;
+    }
+
+    public void setEtcdOfferingId(String etcdOfferingId) {
+        this.etcdOfferingId = etcdOfferingId;
+    }
+
+    public String getEtcdOfferingName() {
+        return etcdOfferingName;
+    }
+
+    public void setEtcdOfferingName(String etcdOfferingName) {
+        this.etcdOfferingName = etcdOfferingName;
+    }
+
+    public Long getEtcdNodes() {
+        return etcdNodes;
+    }
+
+    public void setEtcdNodes(Long etcdNodes) {
+        this.etcdNodes = etcdNodes;
+    }
+
     public void setVirtualMachines(List<UserVmResponse> virtualMachines) {
         this.virtualMachines = virtualMachines;
     }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java
new file mode 100644
index 000000000000..ba54ff38d38c
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java
@@ -0,0 +1,145 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.service.dao.ServiceOfferingDao;
+import com.cloud.vm.VmDetailConstants;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
+
+@RunWith(MockitoJUnitRunner.class)
+public class KubernetesClusterHelperImplTest {
+
+    @Mock
+    private ServiceOfferingDao serviceOfferingDao;
+    @Mock
+    private ServiceOfferingVO workerServiceOffering;
+    @Mock
+    private ServiceOfferingVO controlServiceOffering;
+    @Mock
+    private ServiceOfferingVO etcdServiceOffering;
+
+    private static final String workerNodesOfferingId = UUID.randomUUID().toString();
+    private static final String controlNodesOfferingId = UUID.randomUUID().toString();
+    private static final String etcdNodesOfferingId = UUID.randomUUID().toString();
+    private static final Long workerOfferingId = 1L;
+    private static final Long controlOfferingId = 2L;
+    private static final Long etcdOfferingId = 3L;
+
+    private final KubernetesClusterHelperImpl helper = new KubernetesClusterHelperImpl();
+
+    @Before
+    public void setUp() {
+        helper.serviceOfferingDao = serviceOfferingDao;
+        Mockito.when(serviceOfferingDao.findByUuid(workerNodesOfferingId)).thenReturn(workerServiceOffering);
+        Mockito.when(serviceOfferingDao.findByUuid(controlNodesOfferingId)).thenReturn(controlServiceOffering);
+        Mockito.when(serviceOfferingDao.findByUuid(etcdNodesOfferingId)).thenReturn(etcdServiceOffering);
+        Mockito.when(workerServiceOffering.getId()).thenReturn(workerOfferingId);
+        Mockito.when(controlServiceOffering.getId()).thenReturn(controlOfferingId);
+        Mockito.when(etcdServiceOffering.getId()).thenReturn(etcdOfferingId);
+    }
+
+    @Test
+    public void testIsValidNodeTypeEmptyNodeType() {
+        Assert.assertFalse(helper.isValidNodeType(null));
+    }
+
+    @Test
+    public void testIsValidNodeTypeInvalidNodeType() {
+        String nodeType = "invalidNodeType";
+        Assert.assertFalse(helper.isValidNodeType(nodeType));
+    }
+
+    @Test
+    public void testIsValidNodeTypeValidNodeTypeLowercase() {
+        String nodeType = KubernetesClusterHelper.KubernetesClusterNodeType.WORKER.name().toLowerCase();
+        Assert.assertTrue(helper.isValidNodeType(nodeType));
+    }
+
+    private Map<String, String> createMapEntry(KubernetesClusterHelper.KubernetesClusterNodeType nodeType,
+                                               String nodeTypeOfferingUuid) {
+        Map<String, String> map = new HashMap<>();
+        map.put(VmDetailConstants.CKS_NODE_TYPE, nodeType.name().toLowerCase());
+        map.put(VmDetailConstants.OFFERING, nodeTypeOfferingUuid);
+        return map;
+    }
+
+    @Test
+    public void testNodeOfferingMap() {
+        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
+        Map<String, String> firstMap = createMapEntry(WORKER, workerNodesOfferingId);
+        Map<String, String> secondMap = createMapEntry(CONTROL, controlNodesOfferingId);
+        serviceOfferingNodeTypeMap.put("map1", firstMap);
+        serviceOfferingNodeTypeMap.put("map2", secondMap);
+        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+        Assert.assertNotNull(map);
+        Assert.assertEquals(2, map.size());
+        Assert.assertTrue(map.containsKey(WORKER.name()) && map.containsKey(CONTROL.name()));
+        Assert.assertEquals(workerOfferingId, map.get(WORKER.name()));
+        Assert.assertEquals(controlOfferingId, map.get(CONTROL.name()));
+    }
+
+    @Test
+    public void testNodeOfferingMapNullMap() {
+        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(null);
+        Assert.assertTrue(map.isEmpty());
+    }
+
+    @Test
+    public void testNodeOfferingMapEtcdNodes() {
+        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
+        Map<String, String> firstMap = createMapEntry(ETCD, etcdNodesOfferingId);
+        serviceOfferingNodeTypeMap.put("map1", firstMap);
+        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+        Assert.assertNotNull(map);
+        Assert.assertEquals(1, map.size());
+        Assert.assertTrue(map.containsKey(ETCD.name()));
+        Assert.assertEquals(etcdOfferingId, map.get(ETCD.name()));
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryCompletenessInvalidParameters() {
+        helper.checkNodeTypeOfferingEntryCompleteness(WORKER.name(), null);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryValuesInvalidNodeType() {
+        String invalidNodeType = "invalidNodeTypeName";
+        helper.checkNodeTypeOfferingEntryValues(invalidNodeType, workerServiceOffering, workerNodesOfferingId);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryValuesEmptyOffering() {
+        String nodeType = WORKER.name();
+        helper.checkNodeTypeOfferingEntryValues(nodeType, null, workerNodesOfferingId);
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
index a6d46ffc9aa1..a76cbd3400fd 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
@@ -27,16 +27,21 @@
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterActionWorker;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
+import com.cloud.kubernetes.version.KubernetesSupportedVersion;
 import com.cloud.network.Network;
 import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.vpc.NetworkACL;
+import com.cloud.offering.ServiceOffering;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.User;
+import com.cloud.utils.Pair;
 import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.cloudstack.api.BaseCmd;
@@ -44,6 +49,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveVirtualMachinesFromKubernetesClusterCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.commons.collections.MapUtils;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -59,7 +65,14 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.DEFAULT;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
 
 @RunWith(MockitoJUnitRunner.class)
 public class KubernetesClusterManagerImplTest {
@@ -85,6 +98,9 @@ public class KubernetesClusterManagerImplTest {
     @Mock
     private AccountManager accountManager;
 
+    @Mock
+    private ServiceOfferingDao serviceOfferingDao;
+
     @Spy
     @InjectMocks
     KubernetesClusterManagerImpl kubernetesClusterManager;
@@ -292,4 +308,117 @@ public void removeVmsFromCluster() {
         Mockito.when(kubernetesClusterDao.findById(Mockito.anyLong())).thenReturn(cluster);
         Assert.assertTrue(kubernetesClusterManager.removeVmsFromCluster(cmd).size() > 0);
     }
+
+    @Test
+    public void testValidateServiceOfferingNodeType() {
+        Map<String, Long> map = new HashMap<>();
+        map.put(WORKER.name(), 1L);
+        map.put(CONTROL.name(), 2L);
+        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(1L)).thenReturn(serviceOffering);
+        Mockito.when(serviceOffering.isDynamic()).thenReturn(false);
+        Mockito.when(serviceOffering.getCpu()).thenReturn(2);
+        Mockito.when(serviceOffering.getRamSize()).thenReturn(2048);
+        KubernetesSupportedVersion version = Mockito.mock(KubernetesSupportedVersion.class);
+        Mockito.when(version.getMinimumCpu()).thenReturn(2);
+        Mockito.when(version.getMinimumRamSize()).thenReturn(2048);
+        kubernetesClusterManager.validateServiceOfferingForNode(map, 1L, WORKER.name(), null, version);
+        Mockito.verify(kubernetesClusterManager).validateServiceOffering(serviceOffering, version);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateServiceOfferingNodeTypeInvalidOffering() {
+        Map<String, Long> map = new HashMap<>();
+        map.put(WORKER.name(), 1L);
+        map.put(CONTROL.name(), 2L);
+        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(1L)).thenReturn(serviceOffering);
+        Mockito.when(serviceOffering.isDynamic()).thenReturn(true);
+        kubernetesClusterManager.validateServiceOfferingForNode(map, 1L, WORKER.name(), null, null);
+    }
+
+    @Test
+    public void testClusterCapacity() {
+        long workerOfferingId = 1L;
+        long controlOfferingId = 2L;
+        long workerCount = 2L;
+        long controlCount = 2L;
+
+        int workerOfferingCpus = 4;
+        int workerOfferingMemory = 4096;
+        int controlOfferingCpus = 2;
+        int controlOfferingMemory = 2048;
+
+        Map<String, Long> map = Map.of(WORKER.name(), workerOfferingId, CONTROL.name(), controlOfferingId);
+        Map<String, Long> nodeCount = Map.of(WORKER.name(), workerCount, CONTROL.name(), controlCount);
+
+        ServiceOfferingVO workerOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(workerOfferingId)).thenReturn(workerOffering);
+        ServiceOfferingVO controlOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(controlOfferingId)).thenReturn(controlOffering);
+        Mockito.when(workerOffering.getCpu()).thenReturn(workerOfferingCpus);
+        Mockito.when(workerOffering.getRamSize()).thenReturn(workerOfferingMemory);
+        Mockito.when(controlOffering.getCpu()).thenReturn(controlOfferingCpus);
+        Mockito.when(controlOffering.getRamSize()).thenReturn(controlOfferingMemory);
+
+        Pair<Long, Long> pair = kubernetesClusterManager.calculateClusterCapacity(map, nodeCount, 1L);
+        Long expectedCpu = (workerOfferingCpus * workerCount) + (controlOfferingCpus * controlCount);
+        Long expectedMemory = (workerOfferingMemory * workerCount) + (controlOfferingMemory * controlCount);
+        Assert.assertEquals(expectedCpu, pair.first());
+        Assert.assertEquals(expectedMemory, pair.second());
+    }
+
+    @Test
+    public void testIsAnyNodeOfferingEmptyNullMap() {
+        Assert.assertFalse(kubernetesClusterManager.isAnyNodeOfferingEmpty(null));
+    }
+
+    @Test
+    public void testIsAnyNodeOfferingEmptyNullValue() {
+        Map<String, Long> map = new HashMap<>();
+        map.put(WORKER.name(), 1L);
+        map.put(CONTROL.name(), null);
+        map.put(ETCD.name(), 2L);
+        Assert.assertTrue(kubernetesClusterManager.isAnyNodeOfferingEmpty(map));
+    }
+
+    @Test
+    public void testIsAnyNodeOfferingEmpty() {
+        Map<String, Long> map = new HashMap<>();
+        map.put(WORKER.name(), 1L);
+        map.put(CONTROL.name(), 2L);
+        Assert.assertFalse(kubernetesClusterManager.isAnyNodeOfferingEmpty(map));
+    }
+
+    @Test
+    public void testCreateNodeTypeToServiceOfferingMapNullMap() {
+        KubernetesClusterVO clusterVO = Mockito.mock(KubernetesClusterVO.class);
+        Mockito.when(clusterVO.getServiceOfferingId()).thenReturn(1L);
+        ServiceOfferingVO offering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(1L)).thenReturn(offering);
+        Map<String, ServiceOffering> mapping = kubernetesClusterManager.createNodeTypeToServiceOfferingMap(new HashMap<>(), null, clusterVO);
+        Assert.assertFalse(MapUtils.isEmpty(mapping));
+        Assert.assertTrue(mapping.containsKey(DEFAULT.name()));
+        Assert.assertEquals(offering, mapping.get(DEFAULT.name()));
+    }
+
+    @Test
+    public void testCreateNodeTypeToServiceOfferingMap() {
+        Map<String, Long> idsMap = new HashMap<>();
+        long workerOfferingId = 1L;
+        long controlOfferingId = 2L;
+        idsMap.put(WORKER.name(), workerOfferingId);
+        idsMap.put(CONTROL.name(), controlOfferingId);
+
+        ServiceOfferingVO workerOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(workerOfferingId)).thenReturn(workerOffering);
+        ServiceOfferingVO controlOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOfferingDao.findById(controlOfferingId)).thenReturn(controlOffering);
+
+        Map<String, ServiceOffering> mapping = kubernetesClusterManager.createNodeTypeToServiceOfferingMap(idsMap, null, null);
+        Assert.assertEquals(2, mapping.size());
+        Assert.assertTrue(mapping.containsKey(WORKER.name()) && mapping.containsKey(CONTROL.name()));
+        Assert.assertEquals(workerOffering, mapping.get(WORKER.name()));
+        Assert.assertEquals(controlOffering, mapping.get(CONTROL.name()));
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
new file mode 100644
index 000000000000..8be9f345cfef
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
@@ -0,0 +1,130 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster.actionworkers;
+
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.offering.ServiceOffering;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.service.dao.ServiceOfferingDao;
+import com.cloud.utils.Pair;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.Map;
+
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.DEFAULT;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+
+@RunWith(MockitoJUnitRunner.class)
+public class KubernetesClusterScaleWorkerTest {
+
+    @Mock
+    private KubernetesCluster kubernetesCluster;
+    @Mock
+    private KubernetesClusterManagerImpl clusterManager;
+    @Mock
+    private ServiceOfferingDao serviceOfferingDao;
+
+    private KubernetesClusterScaleWorker worker;
+
+    private static final Long defaultOfferingId = 1L;
+
+    @Before
+    public void setUp() {
+        worker = new KubernetesClusterScaleWorker(kubernetesCluster, clusterManager);
+        worker.serviceOfferingDao = serviceOfferingDao;
+    }
+
+    @Test
+    public void testIsServiceOfferingScalingNeededForNodeTypeAllNodesSameOffering() {
+        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
+        Map<String, ServiceOffering> map = Map.of(DEFAULT.name(), serviceOffering);
+        Mockito.when(serviceOfferingDao.findById(defaultOfferingId)).thenReturn(serviceOffering);
+        Assert.assertFalse(worker.isServiceOfferingScalingNeededForNodeType(DEFAULT, map, kubernetesCluster, defaultOfferingId));
+    }
+
+    @Test
+    public void testIsServiceOfferingScalingNeededForNodeTypeAllNodesDifferentOffering() {
+        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(serviceOffering.getId()).thenReturn(defaultOfferingId);
+        ServiceOfferingVO newOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(newOffering.getId()).thenReturn(4L);
+        Map<String, ServiceOffering> map = Map.of(DEFAULT.name(), newOffering);
+        Mockito.when(serviceOfferingDao.findById(defaultOfferingId)).thenReturn(serviceOffering);
+        Assert.assertTrue(worker.isServiceOfferingScalingNeededForNodeType(DEFAULT, map, kubernetesCluster, defaultOfferingId));
+    }
+
+    @Test
+    public void testCalculateNewClusterCountAndCapacityAllNodesScaleSize() {
+        long controlNodes = 3L;
+        long etcdNodes = 2L;
+        Mockito.when(kubernetesCluster.getControlNodeCount()).thenReturn(controlNodes);
+        Mockito.when(kubernetesCluster.getEtcdNodeCount()).thenReturn(etcdNodes);
+
+        ServiceOffering newOffering = Mockito.mock(ServiceOffering.class);
+        int newCores = 4;
+        int newMemory = 4096;
+        Mockito.when(newOffering.getCpu()).thenReturn(newCores);
+        Mockito.when(newOffering.getRamSize()).thenReturn(newMemory);
+
+        long newWorkerSize = 4L;
+        Pair<Long, Long> newClusterCapacity = worker.calculateNewClusterCountAndCapacity(newWorkerSize, DEFAULT, newOffering);
+
+        long expectedCores = (newCores * newWorkerSize) + (newCores * controlNodes) + (newCores * etcdNodes);
+        long expectedMemory = (newMemory * newWorkerSize) + (newMemory * controlNodes) + (newMemory * etcdNodes);
+        Assert.assertEquals(expectedCores, newClusterCapacity.first().longValue());
+        Assert.assertEquals(expectedMemory, newClusterCapacity.second().longValue());
+    }
+
+    @Test
+    public void testCalculateNewClusterCountAndCapacityNodeTypeScaleControlOffering() {
+        long controlNodes = 2L;
+        Mockito.when(kubernetesCluster.getControlNodeCount()).thenReturn(controlNodes);
+
+        ServiceOfferingVO existingOffering = Mockito.mock(ServiceOfferingVO.class);
+        int existingCores = 2;
+        int existingMemory = 2048;
+        Mockito.when(existingOffering.getCpu()).thenReturn(existingCores);
+        Mockito.when(existingOffering.getRamSize()).thenReturn(existingMemory);
+        int remainingClusterCpu = 8;
+        int remainingClusterMemory = 12288;
+        Mockito.when(kubernetesCluster.getCores()).thenReturn(remainingClusterCpu + (controlNodes * existingCores));
+        Mockito.when(kubernetesCluster.getMemory()).thenReturn(remainingClusterMemory + (controlNodes * existingMemory));
+
+        Mockito.when(kubernetesCluster.getControlServiceOfferingId()).thenReturn(1L);
+        Mockito.when(serviceOfferingDao.findById(1L)).thenReturn(existingOffering);
+
+        ServiceOfferingVO newOffering = Mockito.mock(ServiceOfferingVO.class);
+        int newCores = 4;
+        int newMemory = 2048;
+        Mockito.when(newOffering.getCpu()).thenReturn(newCores);
+        Mockito.when(newOffering.getRamSize()).thenReturn(newMemory);
+
+        Pair<Long, Long> newClusterCapacity = worker.calculateNewClusterCountAndCapacity(null, CONTROL, newOffering);
+
+        long expectedCores = remainingClusterCpu + (controlNodes * newCores);
+        long expectedMemory = remainingClusterMemory + (controlNodes * newMemory);
+        Assert.assertEquals(expectedCores, newClusterCapacity.first().longValue());
+        Assert.assertEquals(expectedMemory, newClusterCapacity.second().longValue());
+    }
+}
diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
index 0d0bf7c3fe28..250a6968a2a6 100644
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -4385,12 +4385,13 @@ private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(ListTempl
             }
         }
         Boolean isVnf = cmd.getVnf();
+        Boolean forCks = cmd.getForCks();
 
         return searchForTemplatesInternal(id, cmd.getTemplateName(), cmd.getKeyword(), templateFilter, false,
                 null, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), cmd.getStoragePoolId(),
                 cmd.getImageStoreId(), hypervisorType, showDomr, cmd.listInReadyState(), permittedAccounts, caller,
                 listProjectResourcesCriteria, tags, showRemovedTmpl, cmd.getIds(), parentTemplateId, cmd.getShowUnique(),
-                templateType, isVnf);
+                templateType, isVnf, forCks);
     }
 
     private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(Long templateId, String name, String keyword,
@@ -4399,7 +4400,7 @@ private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(Long temp
             boolean showDomr, boolean onlyReady, List<Account> permittedAccounts, Account caller,
             ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags,
             boolean showRemovedTmpl, List<Long> ids, Long parentTemplateId, Boolean showUnique, String templateType,
-            Boolean isVnf) {
+            Boolean isVnf, Boolean forCks) {
 
         // check if zone is configured, if not, just return empty list
         List<HypervisorType> hypers = null;
@@ -4581,7 +4582,7 @@ else if (!template.isPublicTemplate() && caller.getType() != Account.Type.ADMIN)
         applyPublicTemplateSharingRestrictions(sc, caller);
 
         return templateChecks(isIso, hypers, tags, name, keyword, hyperType, onlyReady, bootable, zoneId, showDomr, caller,
-                showRemovedTmpl, parentTemplateId, showUnique, templateType, isVnf, searchFilter, sc);
+                showRemovedTmpl, parentTemplateId, showUnique, templateType, isVnf, forCks, searchFilter, sc);
     }
 
     /**
@@ -4635,7 +4636,7 @@ protected boolean checkIfDomainSharesTemplates(Long domainId) {
 
     private Pair<List<TemplateJoinVO>, Integer> templateChecks(boolean isIso, List<HypervisorType> hypers, Map<String, String> tags, String name, String keyword,
                                                                HypervisorType hyperType, boolean onlyReady, Boolean bootable, Long zoneId, boolean showDomr, Account caller,
-                                                               boolean showRemovedTmpl, Long parentTemplateId, Boolean showUnique, String templateType, Boolean isVnf,
+                                                               boolean showRemovedTmpl, Long parentTemplateId, Boolean showUnique, String templateType, Boolean isVnf, Boolean forCks,
                                                                Filter searchFilter, SearchCriteria<TemplateJoinVO> sc) {
         if (!isIso) {
             // add hypervisor criteria for template case
@@ -4729,6 +4730,10 @@ private Pair<List<TemplateJoinVO>, Integer> templateChecks(boolean isIso, List<H
             }
         }
 
+        if (forCks != null) {
+            sc.addAnd("forCks", SearchCriteria.Op.EQ, forCks);
+        }
+
         // don't return removed template, this should not be needed since we
         // changed annotation for removed field in TemplateJoinVO.
         // sc.addAnd("removed", SearchCriteria.Op.NULL);
@@ -4822,7 +4827,7 @@ private Pair<List<TemplateJoinVO>, Integer> searchForIsosInternal(ListIsosCmd cm
         return searchForTemplatesInternal(cmd.getId(), cmd.getIsoName(), cmd.getKeyword(), isoFilter, true, cmd.isBootable(),
                 cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), cmd.getStoragePoolId(), cmd.getImageStoreId(),
                 hypervisorType, true, cmd.listInReadyState(), permittedAccounts, caller, listProjectResourcesCriteria,
-                tags, showRemovedISO, null, null, cmd.getShowUnique(), null, null);
+                tags, showRemovedISO, null, null, cmd.getShowUnique(), null, null, null);
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/api/query/dao/TemplateJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
index 0aa51021a65a..f43fd1a98716 100644
--- a/server/src/main/java/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
@@ -317,6 +317,7 @@ public TemplateResponse newTemplateResponse(EnumSet<ApiConstants.DomainDetails>
             templateResponse.setDetails(details);
 
             setDeployAsIsDetails(template, templateResponse);
+            templateResponse.setForCks(template.isForCks());
         }
 
         // update tag information
diff --git a/server/src/main/java/com/cloud/api/query/vo/TemplateJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/TemplateJoinVO.java
index babc5ac55676..d04fc88765c3 100644
--- a/server/src/main/java/com/cloud/api/query/vo/TemplateJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/TemplateJoinVO.java
@@ -238,6 +238,9 @@ public class TemplateJoinVO extends BaseViewWithTagInformationVO implements Cont
     @Column(name = "deploy_as_is")
     private boolean deployAsIs;
 
+    @Column(name = "for_cks")
+    private boolean forCks;
+
     @Column(name = "user_data_id")
     private Long userDataId;
 
@@ -516,6 +519,10 @@ public boolean isDeployAsIs() {
         return deployAsIs;
     }
 
+    public boolean isForCks() {
+        return forCks;
+    }
+
     public Object getParentTemplateId() {
         return parentTemplateId;
     }
diff --git a/server/src/main/java/com/cloud/storage/TemplateProfile.java b/server/src/main/java/com/cloud/storage/TemplateProfile.java
index b90409480bca..9f92d49c3a30 100644
--- a/server/src/main/java/com/cloud/storage/TemplateProfile.java
+++ b/server/src/main/java/com/cloud/storage/TemplateProfile.java
@@ -53,6 +53,7 @@ public class TemplateProfile {
     TemplateType templateType;
     Boolean directDownload;
     Boolean deployAsIs;
+    Boolean forCks;
     Long size;
 
     public TemplateProfile(Long templateId, Long userId, String name, String displayText, Integer bits, Boolean passwordEnabled, Boolean requiresHvm, String url,
@@ -337,4 +338,12 @@ public void setSize(Long size) {
     public boolean isDeployAsIs() {
         return this.deployAsIs;
     }
+
+    public Boolean isForCks() {
+        return forCks;
+    }
+
+    public void setForCks(Boolean forCks) {
+        this.forCks = forCks;
+    }
 }
diff --git a/server/src/main/java/com/cloud/storage/upload/params/TemplateUploadParams.java b/server/src/main/java/com/cloud/storage/upload/params/TemplateUploadParams.java
index 31206ca31b31..086038cf1c77 100644
--- a/server/src/main/java/com/cloud/storage/upload/params/TemplateUploadParams.java
+++ b/server/src/main/java/com/cloud/storage/upload/params/TemplateUploadParams.java
@@ -29,10 +29,10 @@ public TemplateUploadParams(long userId, String name, String displayText,
                                 Long zoneId, Hypervisor.HypervisorType hypervisorType, String chksum,
                                 String templateTag, long templateOwnerId,
                                 Map details, Boolean sshkeyEnabled,
-                                Boolean isDynamicallyScalable, Boolean isRoutingType, boolean deployAsIs) {
+                                Boolean isDynamicallyScalable, Boolean isRoutingType, boolean deployAsIs, boolean forCks) {
         super(userId, name, displayText, bits, passwordEnabled, requiresHVM, isPublic, featured, isExtractable,
                 format, guestOSId, zoneId, hypervisorType, chksum, templateTag, templateOwnerId, details,
-                sshkeyEnabled, isDynamicallyScalable, isRoutingType, deployAsIs);
+                sshkeyEnabled, isDynamicallyScalable, isRoutingType, deployAsIs, forCks);
         setBootable(true);
     }
 }
diff --git a/server/src/main/java/com/cloud/storage/upload/params/UploadParamsBase.java b/server/src/main/java/com/cloud/storage/upload/params/UploadParamsBase.java
index 60ccc27a48fc..11fec78d8e75 100644
--- a/server/src/main/java/com/cloud/storage/upload/params/UploadParamsBase.java
+++ b/server/src/main/java/com/cloud/storage/upload/params/UploadParamsBase.java
@@ -45,6 +45,7 @@ public abstract class UploadParamsBase implements UploadParams {
     private boolean isDynamicallyScalable;
     private boolean isRoutingType;
     private boolean deployAsIs;
+    private boolean forCks;
 
     UploadParamsBase(long userId, String name, String displayText,
                                Integer bits, boolean passwordEnabled, boolean requiresHVM,
@@ -53,7 +54,7 @@ public abstract class UploadParamsBase implements UploadParams {
                                Long zoneId, Hypervisor.HypervisorType hypervisorType, String checksum,
                                String templateTag, long templateOwnerId,
                                Map details, boolean sshkeyEnabled,
-                               boolean isDynamicallyScalable, boolean isRoutingType, boolean deployAsIs) {
+                               boolean isDynamicallyScalable, boolean isRoutingType, boolean deployAsIs, boolean forCks) {
         this.userId = userId;
         this.name = name;
         this.displayText = displayText;
@@ -229,6 +230,10 @@ void setBootable(boolean bootable) {
         this.bootable = bootable;
     }
 
+    void setForCks(boolean forCks) {
+        this.forCks = forCks;
+    }
+
     void setBits(Integer bits) {
         this.bits = bits;
     }
diff --git a/server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java
index 365f0202c877..99ef3a950929 100644
--- a/server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java
@@ -244,6 +244,7 @@ public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocatio
             Long templateSize = performDirectDownloadUrlValidation(cmd.getFormat(),
                     hypervisor, url, cmd.getZoneIds(), followRedirects);
             profile.setSize(templateSize);
+            profile.setForCks(cmd.isForCks());
         }
         profile.setUrl(url);
         // Check that the resource limit for secondary storage won't be exceeded
diff --git a/server/src/main/java/com/cloud/template/TemplateAdapter.java b/server/src/main/java/com/cloud/template/TemplateAdapter.java
index 86dd0d3cad5d..7962f552251b 100644
--- a/server/src/main/java/com/cloud/template/TemplateAdapter.java
+++ b/server/src/main/java/com/cloud/template/TemplateAdapter.java
@@ -78,6 +78,6 @@ TemplateProfile prepare(boolean isIso, Long userId, String name, String displayT
 
     TemplateProfile prepare(boolean isIso, long userId, String name, String displayText, Integer bits, Boolean passwordEnabled, Boolean requiresHVM, String url, Boolean isPublic,
                             Boolean featured, Boolean isExtractable, String format, Long guestOSId, List<Long> zoneId, HypervisorType hypervisorType, String chksum, Boolean bootable, String templateTag, Account templateOwner, Map details, Boolean sshKeyEnabled, String imageStoreUuid, Boolean isDynamicallyScalable,
-                            TemplateType templateType, boolean directDownload, boolean deployAsIs) throws ResourceAllocationException;
+                            TemplateType templateType, boolean directDownload, boolean deployAsIs, boolean forCks) throws ResourceAllocationException;
 
 }
diff --git a/server/src/main/java/com/cloud/template/TemplateAdapterBase.java b/server/src/main/java/com/cloud/template/TemplateAdapterBase.java
index d663a9ae0b71..a46fe0a5412a 100644
--- a/server/src/main/java/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/main/java/com/cloud/template/TemplateAdapterBase.java
@@ -134,14 +134,14 @@ public TemplateProfile prepare(boolean isIso, Long userId, String name, String d
         Boolean isPublic, Boolean featured, Boolean isExtractable, String format, Long guestOSId, List<Long> zoneId, HypervisorType hypervisorType, String accountName,
         Long domainId, String chksum, Boolean bootable, Map details, boolean directDownload, boolean deployAsIs) throws ResourceAllocationException {
         return prepare(isIso, userId, name, displayText, bits, passwordEnabled, requiresHVM, url, isPublic, featured, isExtractable, format, guestOSId, zoneId,
-            hypervisorType, chksum, bootable, null, null, details, false, null, false, TemplateType.USER, directDownload, deployAsIs);
+            hypervisorType, chksum, bootable, null, null, details, false, null, false, TemplateType.USER, directDownload, deployAsIs, false);
     }
 
     @Override
     public TemplateProfile prepare(boolean isIso, long userId, String name, String displayText, Integer bits, Boolean passwordEnabled, Boolean requiresHVM, String url,
         Boolean isPublic, Boolean featured, Boolean isExtractable, String format, Long guestOSId, List<Long> zoneIdList, HypervisorType hypervisorType, String chksum,
         Boolean bootable, String templateTag, Account templateOwner, Map details, Boolean sshkeyEnabled, String imageStoreUuid, Boolean isDynamicallyScalable,
-        TemplateType templateType, boolean directDownload, boolean deployAsIs) throws ResourceAllocationException {
+        TemplateType templateType, boolean directDownload, boolean deployAsIs, boolean forCks) throws ResourceAllocationException {
         //Long accountId = null;
         // parameters verification
 
@@ -262,9 +262,11 @@ public TemplateProfile prepare(boolean isIso, long userId, String name, String d
 
         Long id = _tmpltDao.getNextInSequence(Long.class, "id");
         CallContext.current().setEventDetails("Id: " + id + " name: " + name);
-        return new TemplateProfile(id, userId, name, displayText, bits, passwordEnabled, requiresHVM, url, isPublic, featured, isExtractable, imgfmt, guestOSId, zoneIdList,
+        TemplateProfile profile = new TemplateProfile(id, userId, name, displayText, bits, passwordEnabled, requiresHVM, url, isPublic, featured, isExtractable, imgfmt, guestOSId, zoneIdList,
             hypervisorType, templateOwner.getAccountName(), templateOwner.getDomainId(), templateOwner.getAccountId(), chksum, bootable, templateTag, details,
             sshkeyEnabled, null, isDynamicallyScalable, templateType, directDownload, deployAsIs);
+        profile.setForCks(forCks);
+        return profile;
 
     }
 
@@ -309,7 +311,7 @@ public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocatio
         return prepare(false, CallContext.current().getCallingUserId(), cmd.getTemplateName(), cmd.getDisplayText(), cmd.getBits(), cmd.isPasswordEnabled(), cmd.getRequiresHvm(),
                 cmd.getUrl(), cmd.isPublic(), cmd.isFeatured(), cmd.isExtractable(), cmd.getFormat(), cmd.getOsTypeId(), zoneId, hypervisorType, cmd.getChecksum(), true,
                 cmd.getTemplateTag(), owner, details, cmd.isSshKeyEnabled(), null, cmd.isDynamicallyScalable(), templateType,
-                cmd.isDirectDownload(), cmd.isDeployAsIs());
+                cmd.isDirectDownload(), cmd.isDeployAsIs(), cmd.isForCks());
 
     }
 
@@ -342,7 +344,7 @@ private TemplateProfile prepareUploadParamsInternal(UploadParams params) throws
                 params.isExtractable(), params.getFormat(), params.getGuestOSId(), zoneList,
                 params.getHypervisorType(), params.getChecksum(), params.isBootable(), params.getTemplateTag(), owner,
                 params.getDetails(), params.isSshKeyEnabled(), params.getImageStoreUuid(),
-                params.isDynamicallyScalable(), params.isRoutingType() ? TemplateType.ROUTING : TemplateType.USER, params.isDirectDownload(), params.isDeployAsIs());
+                params.isDynamicallyScalable(), params.isRoutingType() ? TemplateType.ROUTING : TemplateType.USER, params.isDirectDownload(), params.isDeployAsIs(), false);
     }
 
     private Long getDefaultDeployAsIsGuestOsId() {
@@ -363,7 +365,7 @@ public TemplateProfile prepare(GetUploadParamsForTemplateCmd cmd) throws Resourc
                 BooleanUtils.toBoolean(cmd.isFeatured()), BooleanUtils.toBoolean(cmd.isExtractable()), cmd.getFormat(), osTypeId,
                 cmd.getZoneId(), HypervisorType.getType(cmd.getHypervisor()), cmd.getChecksum(),
                 cmd.getTemplateTag(), cmd.getEntityOwnerId(), cmd.getDetails(), BooleanUtils.toBoolean(cmd.isSshKeyEnabled()),
-                BooleanUtils.toBoolean(cmd.isDynamicallyScalable()), BooleanUtils.toBoolean(cmd.isRoutingType()), cmd.isDeployAsIs());
+                BooleanUtils.toBoolean(cmd.isDynamicallyScalable()), BooleanUtils.toBoolean(cmd.isRoutingType()), cmd.isDeployAsIs(), cmd.isForCks());
         return prepareUploadParamsInternal(params);
     }
 
@@ -394,7 +396,7 @@ public TemplateProfile prepare(RegisterIsoCmd cmd) throws ResourceAllocationExce
 
         return prepare(true, CallContext.current().getCallingUserId(), cmd.getIsoName(), cmd.getDisplayText(), 64, cmd.isPasswordEnabled(), true, cmd.getUrl(), cmd.isPublic(),
             cmd.isFeatured(), cmd.isExtractable(), ImageFormat.ISO.toString(), cmd.getOsTypeId(), zoneList, HypervisorType.None, cmd.getChecksum(), cmd.isBootable(), null,
-            owner, null, false, cmd.getImageStoreUuid(), cmd.isDynamicallyScalable(), TemplateType.USER, cmd.isDirectDownload(), false);
+            owner, null, false, cmd.getImageStoreUuid(), cmd.isDynamicallyScalable(), TemplateType.USER, cmd.isDirectDownload(), false, false);
     }
 
     protected VMTemplateVO persistTemplate(TemplateProfile profile, VirtualMachineTemplate.State initialState) {
@@ -405,6 +407,7 @@ protected VMTemplateVO persistTemplate(TemplateProfile profile, VirtualMachineTe
                 profile.getDisplayText(), profile.isPasswordEnabled(), profile.getGuestOsId(), profile.isBootable(), profile.getHypervisorType(),
                 profile.getTemplateTag(), profile.getDetails(), profile.isSshKeyEnabled(), profile.IsDynamicallyScalable(), profile.isDirectDownload(), profile.isDeployAsIs());
         template.setState(initialState);
+        template.setForCks(profile.isForCks());
 
         if (profile.isDirectDownload()) {
             template.setSize(profile.getSize());
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index 46259dcb356c..b3bcdd21e3d6 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -110,7 +110,11 @@ def configure_server(self):
             if gn.get_dns() and device:
                 sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx)
                 dns_list = [x for x in gn.get_dns() if x]
-                if self.config.is_dhcp() and not self.config.use_extdns():
+                if (self.config.is_vpc() or self.config.is_router()) and ('is_vr_guest_gateway' in gn.data and gn.data['is_vr_guest_gateway']):
+                  if gateway in dns_list:
+                    dns_list.remove(gateway)
+                  dns_list.insert(0, ip)
+                elif self.config.is_dhcp() and not self.config.use_extdns():
                     guest_ip = self.config.address().get_guest_ip()
                     if guest_ip and guest_ip in dns_list and ip not in dns_list:
                         # Replace the default guest IP in VR with the ip in additional IP ranges, if shared network has multiple IP ranges.
@@ -142,9 +146,9 @@ def configure_server(self):
             else:
                 listen_address.append(ip)
             # Add localized "data-server" records in /etc/hosts for VPC routers
-            if self.config.is_vpc() or self.config.is_router():
+            if (self.config.is_vpc() or self.config.is_router()) and ('is_vr_guest_gateway' not in gn.data or (not gn.data['is_vr_guest_gateway'])):
                 self.add_host(gateway, "%s data-server" % CsHelper.get_hostname())
-            elif self.config.is_dhcp():
+            elif self.config.is_dhcp() or (self.config.is_vpc() or self.config.is_router() and gn.data['is_vr_guest_gateway']) :
                 self.add_host(ip, "%s data-server" % CsHelper.get_hostname())
             idx += 1
 
diff --git a/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
new file mode 100644
index 000000000000..3cf0bd80641a
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
@@ -0,0 +1,54 @@
+{
+  "_license": "Apache License 2.0",
+  "builders": [
+    {
+      "accelerator": "kvm",
+      "boot_command": [
+        "c<wait>linux /casper/vmlinuz --- autoinstall ds='nocloud-net;seedfrom=http://{{ .HTTPIP }}:{{ .HTTPPort }}/'",
+        "<enter><wait>",
+        "initrd /casper/initrd",
+        "<enter><wait><wait><wait>",
+        "boot",
+        "<enter>"
+      ],
+      "vm_name": "cks-ubuntu-2204",
+      "iso_checksum": "sha256:5e38b55d57d94ff029719342357325ed3bda38fa80054f9330dc789cd2d43931",
+      "iso_url": "https://old-releases.ubuntu.com/releases/jammy/ubuntu-22.04.2-live-server-amd64.iso",
+      "shutdown_command": "sudo shutdown -P now",
+      "net_device": "virtio-net",
+      "output_directory": "../dist",
+      "format": "qcow2",
+      "headless": true,
+      "http_directory": "http",
+      "ssh_password": "cloud",
+      "ssh_timeout": "30m",
+      "ssh_username": "cloud",
+      "type": "qemu",
+      "disk_interface": "virtio",
+      "disk_size": "5000M",
+      "qemuargs": [
+        [
+          "-m",
+          "2048M"
+        ],
+        [
+          "-smp",
+          "1"
+        ]
+      ]
+    }
+  ],
+  "description": "CloudStack SystemVM template",
+  "provisioners": [
+    {
+      "execute_command": "echo 'cloud' | sudo -u root -S bash {{.Path}}",
+      "scripts": [
+        "scripts/apt_upgrade.sh",
+        "scripts/configure_networking.sh",
+        "scripts/configure-cloud-init.sh",
+        "scripts/cleanup.sh"
+      ],
+      "type": "shell"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tools/appliance/cks/ubuntu/22.04/http/meta-data b/tools/appliance/cks/ubuntu/22.04/http/meta-data
new file mode 100644
index 000000000000..d216be4ddc94
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/http/meta-data
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
\ No newline at end of file
diff --git a/tools/appliance/cks/ubuntu/22.04/http/user-data b/tools/appliance/cks/ubuntu/22.04/http/user-data
new file mode 100644
index 000000000000..341af6701b72
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/http/user-data
@@ -0,0 +1,103 @@
+#cloud-config
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+autoinstall:
+  version: 1
+  # Disable ssh server during installation, otherwise packer tries to connect and exceed max attempts
+  early-commands:
+    - systemctl stop ssh
+  # Configure the locale
+  locale: en_US
+  keyboard:
+    layout: us
+  refresh-installer:
+      update: yes
+      channel: stable
+  # Create a single-partition with no swap space. Kubernetes
+  # really dislikes the idea of anyone else managing memory.
+  # For more information on how partitioning is configured,
+  # please refer to https://curtin.readthedocs.io/en/latest/topics/storage.html.
+  storage:
+    swap:
+      size: 0
+    grub:
+      replace_linux_default: false
+    config:
+      - type: disk
+        id: disk-0
+        size: smallest
+        grub_device: true
+        preserve: false
+        ptable: msdos
+        wipe: superblock
+      - type: partition
+        id: partition-0
+        device: disk-0
+        size: -1
+        number: 1
+        preserve: false
+        flag: boot
+      - type: format
+        id: format-0
+        volume: partition-0
+        fstype: ext4
+        preserve: false
+      - type: mount
+        id: mount-0
+        device: format-0
+        path: /
+  updates: 'all'
+  ssh:
+    install-server: true
+    allow-pw: true
+  # Customize the list of packages installed.
+  packages:
+    - open-vm-tools
+    - openssh-server
+    - cloud-init
+    - wget
+    - tasksel
+  # Create the default user.
+  # Ensures the "cloud" user doesn't require a password to use sudo.
+  user-data:
+    disable_root: false
+    timezone: UTC
+    users:
+      - name: cloud
+        # openssl passwd -6 -stdin <<< cloud
+        passwd: $6$pAFEBhaCDzN4ZmrO$kMmUuxhPMx447lJ8Mtas8n6uqkojh94nQ7I8poI6Kl4vRGeZKE57utub1cudS1fGyG8HUxK9YHIygd7vCpRFN0
+        groups: [adm, cdrom, dip, plugdev, lxd, sudo]
+        lock-passwd: false
+        sudo: ALL=(ALL) NOPASSWD:ALL
+        shell: /bin/bash
+
+  # This command runs after all other steps; it:
+  # 1. Disables swapfiles
+  # 2. Removes the existing swapfile
+  # 3. Removes the swapfile entry from /etc/fstab
+  # 4. Removes snapd, https://bugs.launchpad.net/subiquity/+bug/1946609
+  # 5. Cleans up any packages that are no longer required
+  # 6. Removes the cached list of packages
+  late-commands:
+    - curtin in-target --target=/target -- swapoff -a
+    - curtin in-target --target=/target -- rm -f /swap.img
+    - curtin in-target --target=/target -- sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
+    - chroot /target apt-get purge -y snapd
+    - curtin in-target --target=/target -- apt-get purge --auto-remove -y
+    - curtin in-target --target=/target -- apt-get clean
+    - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/*
\ No newline at end of file
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh b/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
new file mode 100644
index 000000000000..4551be4f485a
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -e
+set -x
+
+function apt_upgrade() {
+  DEBIAN_FRONTEND=noninteractive
+  DEBIAN_PRIORITY=critical
+
+  rm -fv /root/*.iso
+  apt-get -q -y update
+
+  apt-get -q -y upgrade
+  apt-get -q -y dist-upgrade
+
+  apt-get -y autoremove --purge
+  apt-get autoclean
+  apt-get clean
+}
+
+return 2>/dev/null || apt_upgrade
\ No newline at end of file
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/cleanup.sh b/tools/appliance/cks/ubuntu/22.04/scripts/cleanup.sh
new file mode 100644
index 000000000000..ab0ceb628611
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/cleanup.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -e
+
+function cleanup_apt() {
+  export DEBIAN_FRONTEND=noninteractive
+  apt-get -y remove --purge dictionaries-common busybox \
+    task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican sharutils \
+    nano util-linux-locales krb5-locales
+
+  apt-get -y autoremove --purge
+  apt-get autoclean
+  apt-get clean
+}
+
+# Removing leftover leases and persistent rules
+function cleanup_dhcp() {
+  rm -f /var/lib/dhcp/*
+}
+
+# Make sure Udev doesn't block our network
+function cleanup_dev() {
+  echo "cleaning up udev rules"
+  rm -f /etc/udev/rules.d/70-persistent-net.rules
+  rm -rf /dev/.udev/
+  rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
+}
+
+function cleanup_misc() {
+  # Scripts
+  rm -fr /home/cloud/cloud_scripts*
+  rm -f /usr/share/cloud/cloud-scripts.tar
+  rm -f /root/.rnd
+  rm -f /var/www/html/index.html
+  # Logs
+  rm -f /var/log/*.log
+  rm -f /var/log/apache2/*
+  rm -f /var/log/messages
+  rm -f /var/log/syslog
+  rm -f /var/log/messages
+  rm -fr /var/log/apt
+  rm -fr /var/log/installer
+  # Docs and data files
+  rm -fr /var/lib/apt/*
+  rm -fr /var/cache/apt/*
+  rm -fr /var/cache/debconf/*old
+  rm -fr /usr/share/doc
+  rm -fr /usr/share/man
+  rm -fr /usr/share/info
+  rm -fr /usr/share/lintian
+  rm -fr /usr/share/apache2/icons
+  find /usr/share/locale -type f | grep -v en_US | xargs rm -fr
+  find /usr/share/zoneinfo -type f | grep -v UTC | xargs rm -fr
+  rm -fr /tmp/*
+}
+
+function cleanup() {
+  cleanup_apt
+  cleanup_dhcp
+  cleanup_dev
+  cleanup_misc
+}
+
+return 2>/dev/null || cleanup
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
new file mode 100644
index 000000000000..cc26fd162d02
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+function install_packages() {
+    apt-get install -y rsyslog logrotate cron net-tools ifupdown cloud-guest-utils conntrack apt-transport-https ca-certificates curl \
+     gnupg gnupg-agent software-properties-common gnupg lsb-release
+    apt-get install -y python3-json-pointer python3-jsonschema cloud-init
+
+    sudo mkdir -p /etc/apt/keyrings
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+    echo \
+      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+      $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+      apt update
+      apt install containerd.io
+
+      systemctl start containerd
+      systemctl enable containerd
+}
+
+function configure_services() {
+  install_packages
+
+  systemctl daemon-reload
+cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
+datasource_list: ['CloudStack']
+datasource:
+  CloudStack:
+    max_wait: 120
+    timeout: 50
+EOF
+}
+
+configure_services
+
+
+
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure_networking.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure_networking.sh
new file mode 100644
index 000000000000..a5e4179a4416
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure_networking.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -e
+set -x
+
+HOSTNAME=cksnode
+
+function configure_resolv_conf() {
+  grep 8.8.8.8 /etc/resolv.conf && grep 8.8.4.4 /etc/resolv.conf && return
+
+  cat > /etc/resolv.conf << EOF
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+EOF
+}
+
+# Delete entry in /etc/hosts derived from dhcp
+function delete_dhcp_ip() {
+  result=$(grep 127.0.1.1 /etc/hosts || true)
+  [ "${result}" == "" ] && return
+
+  sed -i '/127.0.1.1/d' /etc/hosts
+}
+
+function configure_hostname() {
+  sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
+
+  echo "$HOSTNAME" > /etc/hostname
+  hostname $HOSTNAME
+}
+
+function configure_interfaces() {
+  cat > /etc/network/interfaces << EOF
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto ens35
+iface ens35 inet dhcp
+
+EOF
+
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+}
+
+function configure_networking() {
+  configure_interfaces
+  configure_resolv_conf
+  delete_dhcp_ip
+  configure_hostname
+}
+
+return 2>/dev/null || configure_networking
diff --git a/tools/appliance/cks/ubuntu/build.sh b/tools/appliance/cks/ubuntu/build.sh
new file mode 100755
index 000000000000..8ac0e6f84cc7
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/build.sh
@@ -0,0 +1,346 @@
+#!/bin/bash -l
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# build script which wraps around packer and virtualbox to create the systemvm template
+
+function usage() {
+  cat <<END
+Usage:
+   ./build.sh [template] [version] [BUILD_NUMBER]
+
+   * Set \$appliance to provide definition name to build
+     (or use command line arg, default systemvmtemplate)
+   * Set \$version to provide version to apply to built appliance
+     (or use command line arg, default empty)
+   * Set \$BUILD_NUMBER to provide build number to apply to built appliance
+     (or use command line arg, default empty)
+   * Set \$DEBUG=1 to enable debug logging
+   * Set \$TRACE=1 to enable trace logging
+END
+  exit 0
+}
+
+for i in $@; do
+    if [ "$i" == "-h" -o "$i" == "--help" -o "$i" == "help" ]; then
+        usage
+    fi
+done
+
+# requires 32-bit vhd-util and faketime binaries to be available (even for 64 bit builds)
+# Something like (on centos 6.5)...
+# * faketime
+#    wget -q http://bits.xensource.com/oss-xen/release/4.2.0/xen-4.2.0.tar.gz
+#    sudo yum -y install libuuid.i686
+#    cd repo/libfaketime/
+#    vim Makefile
+#    # (tune 32 bit)
+#    make
+#    sudo make install
+# * vhd-util
+#    Install on yum-based:
+#    sudo yum -y install python-devel dev86 iasl iasl-devel libuuid libuuid-devel \
+#        glib-devel glib2 glib2-devel yajl yajl-devel
+#    Install on apt-based:
+#    sudo apt-get install -y python python-dev bcc bin86 iasl uuid-dev \
+#        libglib2.0-dev libyajl-dev build-essential libc6-dev zlib1g-dev libncurses5-dev \
+#        patch iasl libbz2-dev e2fslibs-dev xz-utils gettext
+#    wget -q http://bits.xensource.com/oss-xen/release/4.2.0/xen-4.2.0.tar.gz
+#    tar xzvf xen-4.2.0.tar.gz
+#    cd xen-4.2.0/tools/
+#    wget https://github.com/citrix-openstack/xenserver-utils/raw/master/blktap2.patch -qO - | patch -p0
+#    ./configure --disable-monitors --disable-ocamltools --disable-rombios --disable-seabios
+#    make
+#    sudo cp ./blktap2/vhd/lib/libvhd.so.1.0 /usr/lib64/
+#    ldconfig
+#    sudo ldconfig
+#    sudo cp blktap2/vhd/vhd-util /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver
+#    faketime 2010-01-01 vhd-util convert
+#
+set -e
+
+###
+### Configuration
+###
+# whether to show DEBUG logs
+DEBUG="${DEBUG:-}"
+# whether to have other commands trace their actions
+TRACE="${TRACE:-0}"
+JENKINS_HOME=${JENKINS_HOME:-}
+if [[ ! -z "${JENKINS_HOME}" ]]; then
+  DEBUG=1
+fi
+
+# which packer definition to use
+appliance="${1:-${appliance:-ckstemplate}}"
+
+# optional version tag to put into the image filename
+version="${2:-${version:-}}"
+
+# optional (jenkins) build number tag to put into the image filename
+BUILD_NUMBER="${4:-${BUILD_NUMBER:-}}"
+
+version_tag=
+if [ ! -z "${version}" ]; then
+  if [ ! -z "${BUILD_NUMBER}" ]; then
+    version="${version}.${BUILD_NUMBER}"
+  fi
+  version_tag="-${version}"
+elif [ ! -z "${BUILD_NUMBER}" ]; then
+  version="${BUILD_NUMBER}"
+  version_tag="-${BUILD_NUMBER}"
+fi
+
+appliance_build_name=${appliance}${version_tag}
+
+###
+### Generic helper functions
+###
+
+# how to tell sed to use extended regular expressions
+os=`uname`
+sed_regex_option="-E"
+if [ "${os}" == "Linux" ]; then
+  sed_regex_option="-r"
+fi
+
+# logging support
+if [[ "${DEBUG}" == "1" ]]; then
+  set -x
+fi
+
+function log() {
+  local level=${1?}
+  shift
+
+  if [[ "${DEBUG}" != "1" && "${level}" == "DEBUG" ]]; then
+    return
+  fi
+
+  local code=
+  local line="[$(date '+%F %T')] $level: $*"
+  if [ -t 2 ]
+  then
+    case "$level" in
+      INFO) code=36 ;;
+      DEBUG) code=30 ;;
+      WARN) code=33 ;;
+      ERROR) code=31 ;;
+      *) code=37 ;;
+    esac
+    echo -e "\033[${code}m${line}\033[0m"
+  else
+    echo "$line"
+  fi >&2
+}
+
+function error() {
+  log ERROR $@
+  exit 1
+}
+
+# cleanup code support
+declare -a on_exit_items
+
+function on_exit() {
+  for (( i=${#on_exit_items[@]}-1 ; i>=0 ; i-- )) ; do
+    sleep 2
+    log DEBUG "on_exit: ${on_exit_items[i]}"
+    eval ${on_exit_items[i]}
+  done
+}
+
+function add_on_exit() {
+  local n=${#on_exit_items[*]}
+  on_exit_items[${n}]="$*"
+  if [ ${n} -eq 0 ]; then
+    log DEBUG "Setting trap"
+    trap on_exit EXIT
+  fi
+}
+
+# retry code support
+function retry() {
+  local times=$1
+  shift
+  local count=0
+  while [ ${count} -lt ${times} ]; do
+    "$@" && break
+    count=$(( $count +  1 ))
+    sleep ${count}
+  done
+
+  if [ ${count} -eq ${times} ]; then
+    error "Failed ${times} times: $@"
+  fi
+}
+
+###
+### Script logic
+###
+
+function prepare() {
+  log INFO "preparing for build"
+  rm -rf dist *.ova *.vhd *.vdi *.qcow* *.bz2 *.vmdk *.ovf
+}
+
+function packer_build() {
+  log INFO "building new image with packer"
+  #cd ${appliance_build_name} && packer build template.json && cd ..
+  cd 22.04 && packer build ${appliance_build_name}.json && cd .. 
+}
+
+function stage_vmx() {
+  cat << VMXFILE > "${1}.vmx"
+.encoding = "UTF-8"
+displayname = "${1}"
+annotation = "${1}"
+guestos = "otherlinux-64"
+virtualHW.version = "11"
+config.version = "8"
+numvcpus = "1"
+cpuid.coresPerSocket = "1"
+memsize = "256"
+pciBridge0.present = "TRUE"
+pciBridge4.present = "TRUE"
+pciBridge4.virtualDev = "pcieRootPort"
+pciBridge4.functions = "8"
+pciBridge5.present = "TRUE"
+pciBridge5.virtualDev = "pcieRootPort"
+pciBridge5.functions = "8"
+pciBridge6.present = "TRUE"
+pciBridge6.virtualDev = "pcieRootPort"
+pciBridge6.functions = "8"
+pciBridge7.present = "TRUE"
+pciBridge7.virtualDev = "pcieRootPort"
+pciBridge7.functions = "8"
+vmci0.present = "TRUE"
+floppy0.present = "FALSE"
+ide0:0.clientDevice = "FALSE"
+ide0:0.present = "TRUE"
+ide0:0.deviceType = "atapi-cdrom"
+ide0:0.autodetect = "TRUE"
+ide0:0.startConnected = "FALSE"
+mks.enable3d = "false"
+svga.autodetect = "false"
+svga.vramSize = "4194304"
+scsi0:0.present = "TRUE"
+scsi0:0.deviceType = "disk"
+scsi0:0.fileName = "$2"
+scsi0:0.mode = "persistent"
+scsi0:0.writeThrough = "false"
+scsi0.virtualDev = "lsilogic"
+scsi0.present = "TRUE"
+vmci0.unrestricted = "false"
+vcpu.hotadd = "false"
+vcpu.hotremove = "false"
+firmware = "bios"
+mem.hotadd = "false"
+VMXFILE
+}
+
+function xen_server_export() {
+  log INFO "creating xen server export"
+  set +e
+  which faketime >/dev/null 2>&1 && which vhd-util >/dev/null 2>&1
+  local result=$?
+  set -e
+  if [ ${result} == 0 ]; then
+    qemu-img convert -f qcow2 -O raw "dist/${appliance}" img.raw
+    vhd-util convert -s 0 -t 1 -i img.raw -o stagefixed.vhd
+    faketime '2010-01-01' vhd-util convert -s 1 -t 2 -i stagefixed.vhd -o "${appliance_build_name}-xen.vhd"
+    rm -f *.bak
+    bzip2 "${appliance_build_name}-xen.vhd"
+    mv "${appliance_build_name}-xen.vhd.bz2" dist/
+    log INFO "${appliance} exported for XenServer: dist/${appliance_build_name}-xen.vhd.bz2"
+  else
+    log WARN "** Skipping ${appliance_build_name} export for XenServer: faketime or vhd-util command is missing. **"
+    log WARN "** faketime source code is available from https://github.com/wolfcw/libfaketime **"
+  fi
+}
+
+function ovm_export() {
+  log INFO "creating OVM export"
+  qemu-img convert -f qcow2 -O raw "dist/${appliance}" "dist/${appliance_build_name}-ovm.raw"
+  cd dist && bzip2 "${appliance_build_name}-ovm.raw" && cd ..
+  log INFO "${appliance} exported for OracleVM: dist/${appliance_build_name}-ovm.raw.bz2"
+}
+
+function kvm_export() {
+  log INFO "creating kvm export"
+  set +e
+  qemu-img convert -o compat=0.10 -f qcow2 -c -O qcow2 "dist/${appliance}" "dist/${appliance_build_name}-kvm.qcow2"
+  local qemuresult=$?
+  cd dist && bzip2 "${appliance_build_name}-kvm.qcow2" && cd ..
+  log INFO "${appliance} exported for KVM: dist/${appliance_build_name}-kvm.qcow2.bz2"
+}
+
+function vmware_export() {
+  log INFO "creating vmware export"
+  qemu-img convert -f qcow2 -O vmdk "dist/${appliance}" "dist/${appliance_build_name}-vmware.vmdk"
+
+  if ! ovftool_loc="$(type -p "ovftool")" || [ -z "$ovftool_loc" ]; then
+    log INFO "ovftool not found, skipping ova generation for VMware"
+    return
+  fi
+
+  log INFO "ovftool found, using it to export ova file"
+  CDIR=$PWD
+  cd dist
+  chmod 666 ${appliance_build_name}-vmware.vmdk
+  stage_vmx ${appliance_build_name}-vmware ${appliance_build_name}-vmware.vmdk
+  ovftool ${appliance_build_name}-vmware.vmx ${appliance_build_name}-vmware.ova
+  rm -f *vmx *vmdk
+  cd $CDIR
+  log INFO "${appliance} exported for VMWare: dist/${appliance_build_name}-vmware.ova"
+}
+
+function hyperv_export() {
+  log INFO "creating hyperv export"
+  qemu-img convert -f qcow2 -O vpc "dist/${appliance}" "dist/${appliance_build_name}-hyperv.vhd"
+  CDIR=$PWD
+  cd dist
+  zip "${appliance_build_name}-hyperv.vhd.zip" "${appliance_build_name}-hyperv.vhd"
+  rm -f *vhd
+  cd $CDIR
+  log INFO "${appliance} exported for HyperV: dist/${appliance_build_name}-hyperv.vhd.zip"
+}
+
+###
+### Main invocation
+###
+
+function main() {
+  prepare
+
+  packer_build
+
+  # process the disk at dist
+  kvm_export
+  ovm_export
+  xen_server_export
+  vmware_export
+  hyperv_export
+  rm -f "dist/${appliance}"
+  cd dist && chmod +r * && cd ..
+  cd dist && md5sum * > md5sum.txt && cd ..
+  cd dist && sha512sum * > sha512sum.txt && cd ..
+  add_on_exit log INFO "BUILD SUCCESSFUL"
+}
+
+# we only run main() if not source-d
+return 2>/dev/null || main
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 8ff510865a60..a49b1dee5838 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -459,9 +459,16 @@
 "label.cisco.nexus1000v.password": "Nexus 1000v password",
 "label.cisco.nexus1000v.username": "Nexus 1000v username",
 "label.cks.cluster.autoscalingenabled": "Enable auto scaling on this cluster",
+"label.cks.cluster.control.nodes.offeringid": "Service Offering for Control Nodes",
+"label.cks.cluster.control.nodes.templateid": "Template for Control Nodes",
+"label.cks.cluster.etcd.nodes": "Etcd Nodes",
+"label.cks.cluster.etcd.nodes.offeringid": "Service Offering for etcd Nodes",
+"label.cks.cluster.etcd.nodes.templateid": "Template for etcd Nodes",
 "label.cks.cluster.maxsize": "Maximum cluster size (Worker nodes)",
 "label.cks.cluster.minsize": "Minimum cluster size (Worker nodes)",
 "label.cks.cluster.size": "Cluster size (Worker nodes)",
+"label.cks.cluster.worker.nodes.offeringid": "Service Offering for Worker Nodes",
+"label.cks.cluster.worker.nodes.templateid": "Template for Worker Nodes",
 "label.cleanup": "Clean up",
 "label.clear": "Clear",
 "label.clear.list": "Clear list",
@@ -915,6 +922,7 @@
 "label.fix.errors": "Fix errors",
 "label.fixed": "Fixed offering",
 "label.for": "for",
+"label.for.cks": "For CKS",
 "label.forbidden": "Forbidden",
 "label.forced": "Force",
 "label.force.stop": "Force stop",
@@ -1901,6 +1909,9 @@
 "label.service.lb.netscaler.servicepackages": "Netscaler service packages",
 "label.service.lb.netscaler.servicepackages.description": "Service package description",
 "label.service.offering": "Service offering",
+"label.service.offering.controlnodes": "Compute offering for Control Nodes",
+"label.service.offering.etcdnodes": "Compute offering for etcd Nodes",
+"label.service.offering.workernodes": "Compute offering for Worker Nodes",
 "label.service.staticnat.associatepublicip": "Associate public IP",
 "label.service.staticnat.elasticipcheckbox": "Elastic IP",
 "label.servicegroupuuid": "Service Group",
@@ -2420,6 +2431,7 @@
 "label.bucket.delete": "Delete Bucket",
 "label.quotagb": "Quota in GB",
 "label.encryption": "Encryption",
+"label.etcdnodes": "Number of etcd nodes",
 "label.versioning": "Versioning",
 "label.objectlocking": "Object Lock",
 "label.bucket.policy": "Bucket Policy",
diff --git a/ui/src/components/view/InfoCard.vue b/ui/src/components/view/InfoCard.vue
index 66c878da0f81..0bd20cd4409c 100644
--- a/ui/src/components/view/InfoCard.vue
+++ b/ui/src/components/view/InfoCard.vue
@@ -544,6 +544,39 @@
             <span v-else>{{ resource.serviceofferingname || resource.serviceofferingid }}</span>
           </div>
         </div>
+        <div class="resource-detail-item" v-if="resource.controlofferingname && resource.controlofferingid">
+          <div class="resource-detail-item__label">{{ $t('label.service.offering.controlnodes') }}</div>
+          <div class="resource-detail-item__details">
+            <cloud-outlined />
+            <router-link v-if="!isStatic && ($route.meta.name === 'router' || $route.meta.name === 'systemvm')" :to="{ path: '/systemoffering/' + resource.controlofferingid}">{{ resource.controlofferingname || resource.controlofferingid }} </router-link>
+            <router-link v-else-if="$router.resolve('/computeoffering/' + resource.controlofferingid).matched[0].redirect !== '/exception/404'" :to="{ path: '/computeoffering/' + resource.controlofferingid }">{{ resource.controlofferingname || resource.controlofferingid }} </router-link>
+            <span v-else>{{ resource.controlofferingname || resource.controlofferingid }}</span>
+          </div>
+        </div>
+        <div class="resource-detail-item" v-if="resource.workerofferingname && resource.workerofferingid">
+          <div class="resource-detail-item__label">{{ $t('label.service.offering.workernodes') }}</div>
+          <div class="resource-detail-item__details">
+            <cloud-outlined />
+            <router-link v-if="!isStatic && ($route.meta.name === 'router' || $route.meta.name === 'systemvm')" :to="{ path: '/systemoffering/' + resource.workerofferingid}">{{ resource.workerofferingname || resource.workerofferingid }} </router-link>
+            <router-link v-else-if="$router.resolve('/computeoffering/' + resource.workerofferingid).matched[0].redirect !== '/exception/404'" :to="{ path: '/computeoffering/' + resource.workerofferingid }">{{ resource.workerofferingname || resource.workerofferingid }} </router-link>
+            <span v-else>{{ resource.workerofferingname || resource.workerofferingid }}</span>
+          </div>
+        </div>
+        <div class="resource-detail-item" v-if="resource.etcdofferingname && resource.etcdofferingid">
+          <div class="resource-detail-item__label">{{ $t('label.service.offering.etcdnodes') }}</div>
+          <div class="resource-detail-item__details">
+            <cloud-outlined />
+            <router-link v-if="!isStatic && ($route.meta.name === 'router' || $route.meta.name === 'systemvm')" :to="{ path: '/systemoffering/' + resource.etcdofferingid}">{{ resource.etcdofferingname || resource.etcdofferingid }} </router-link>
+            <router-link v-else-if="$router.resolve('/computeoffering/' + resource.etcdfferingid).matched[0].redirect !== '/exception/404'" :to="{ path: '/computeoffering/' + resource.etcdofferingid }">{{ resource.etcdofferingname || resource.etcdofferingid }} </router-link>
+            <span v-else>{{ resource.etcdofferingname || resource.etcdofferingid }}</span>
+          </div>
+        </div>
+        <div class="resource-detail-item" v-if="resource.etcdnodes">
+          <div class="resource-detail-item__label">{{ $t('label.etcdnodes') }}</div>
+          <div class="resource-detail-item__details">
+            <bulb-outlined />{{ resource.etcdnodes }}
+          </div>
+        </div>
         <div class="resource-detail-item" v-if="resource.diskofferingname && resource.diskofferingid">
           <div class="resource-detail-item__label">{{ $t('label.diskoffering') }}</div>
           <div class="resource-detail-item__details">
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index ca1e424cca4f..12e49f955d5f 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -145,7 +145,7 @@
             v-model:value="form.controlnodes"
             :placeholder="apiParams.controlnodes.description"/>
         </a-form-item>
-        <a-form-item v-if="form.haenable" name="externalloadbalanceripaddress" ref="externalloadbalanceripaddress">
+        <a-form-item v-if="form.haenable && !selectedZone.isnsxenabled" name="externalloadbalanceripaddress" ref="externalloadbalanceripaddress">
           <template #label>
             <tooltip-label :title="$t('label.externalloadbalanceripaddress')" :tooltip="apiParams.externalloadbalanceripaddress.description"/>
           </template>
@@ -180,6 +180,138 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+
+        <!-- Advanced configurations -->
+        <a-form-item name="advancedmode" ref="advancedmode">
+          <template #label>
+            <tooltip-label :title="$t('label.isadvanced')" />
+          </template>
+          <a-switch v-model:checked="form.advancedmode" />
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="controlofferingid" ref="controlofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.control.nodes.offeringid')" :tooltip="$t('label.cks.cluster.control.nodes.offeringid')"/>
+          </template>
+          <a-select
+            id="control-offering-selection"
+            v-model:value="form.controlofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.control.nodes.offeringid')">
+            <a-select-option v-for="(opt, optIndex) in serviceOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="controltemplateid" ref="controltemplateid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.control.nodes.templateid')" :tooltip="$t('label.cks.cluster.control.nodes.templateid')"/>
+          </template>
+          <a-select
+            id="control-template-selection"
+            v-model:value="form.controltemplateid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.control.nodes.templateid')">
+            <a-select-option v-for="(opt, optIndex) in templates" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="workerofferingid" ref="workerofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.worker.nodes.offeringid')" :tooltip="$t('label.cks.cluster.worker.nodes.offeringid')"/>
+          </template>
+          <a-select
+            id="worker-offering-selection"
+            v-model:value="form.workerofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.worker.nodes.offeringid')">
+            <a-select-option v-for="(opt, optIndex) in serviceOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="workertemplateid" ref="workertemplateid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.worker.nodes.templateid')" :tooltip="$t('label.cks.cluster.worker.nodes.templateid')"/>
+          </template>
+          <a-select
+            id="worker-template-selection"
+            v-model:value="form.workertemplateid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.worker.nodes.templateid')">
+            <a-select-option v-for="(opt, optIndex) in templates" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="etcdnodes" ref="etcdnodes">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes')" :tooltip="apiParams.controlnodes.description"/>
+          </template>
+          <a-input
+            v-model:value="form.etcdnodes"
+            :placeholder="apiParams.controlnodes.description"/>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode && form.etcdnodes && form.etcdnodes > 0" name="etcdofferingid" ref="etcdofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.offeringid')" :tooltip="$t('label.cks.cluster.etcd.nodes.offeringid')"/>
+          </template>
+          <a-select
+            id="etcd-offering-selection"
+            v-model:value="form.etcdofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.etcd.nodes.offeringid')">
+            <a-select-option v-for="(opt, optIndex) in serviceOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode && form?.etcdnodes > 0" name="controltemplateid" ref="controltemplateid">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.templateid')" :tooltip="$t('label.cks.cluster.etcd.nodes.templateid')"/>
+          </template>
+          <a-select
+            id="etcd-template-selection"
+            v-model:value="form.etcdtemplateid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="$t('label.cks.cluster.etcd.nodes.templateid')">
+            <a-select-option v-for="(opt, optIndex) in templates" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+
+        <!-- Experimentation Features -->
         <div v-if="$store.getters.features.kubernetesclusterexperimentalfeaturesenabled">
           <a-form-item name="privateregistry" ref="privateregistry" :label="$t('label.private.registry')">
             <template #label>
@@ -252,7 +384,9 @@ export default {
       networkLoading: false,
       keyPairs: [],
       keyPairLoading: false,
-      loading: false
+      loading: false,
+      templates: [],
+      templateLoading: false
     }
   },
   beforeCreate () {
@@ -317,6 +451,7 @@ export default {
     fetchData () {
       this.fetchZoneData()
       this.fetchKeyPairData()
+      this.fetchCksTemplates()
     },
     isValidValueForKey (obj, key) {
       return key in obj && obj[key] != null
@@ -401,9 +536,24 @@ export default {
         this.serviceOfferingLoading = false
         if (this.arrayHasItems(this.serviceOfferings)) {
           this.form.serviceofferingid = 0
+          this.form.controlofferingid = undefined
+          this.form.workerofferingid = undefined
+          this.form.etcdofferingid = undefined
         }
       })
     },
+    fetchCksTemplates () {
+      const params = {
+        templatefilter: 'all',
+        forcks: true
+      }
+      this.templateLoading = true
+      api('listTemplates', params).then(json => {
+        this.templates = json?.listtemplatesresponse?.template || []
+      }).finally(() => {
+        this.templateLoading = false
+      })
+    },
     fetchNetworkData () {
       const params = {}
       if (!this.isObjectEmpty(this.selectedZone)) {
@@ -461,6 +611,44 @@ export default {
           size: values.size,
           clustertype: 'CloudManaged'
         }
+        var advancedOfferings = 0
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'controlofferingid') && this.arrayHasItems(this.serviceOfferings) && this.serviceOfferings[values.controlofferingid].id != null) {
+          params['nodeofferings[' + advancedOfferings + '].node'] = 'control'
+          params['nodeofferings[' + advancedOfferings + '].offering'] = this.serviceOfferings[values.controlofferingid].id
+          advancedOfferings++
+        }
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'workerofferingid') && this.arrayHasItems(this.serviceOfferings) && this.serviceOfferings[values.workerofferingid].id != null) {
+          params['nodeofferings[' + advancedOfferings + '].node'] = 'worker'
+          params['nodeofferings[' + advancedOfferings + '].offering'] = this.serviceOfferings[values.workerofferingid].id
+          advancedOfferings++
+        }
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'etcdnodes') && values.etcdnodes > 0) {
+          params.etcdnodes = values.etcdnodes
+          if (this.isValidValueForKey(values, 'etcdofferingid') && this.arrayHasItems(this.serviceOfferings) && this.serviceOfferings[values.etcdofferingid].id != null) {
+            params['nodeofferings[' + advancedOfferings + '].node'] = 'etcd'
+            params['nodeofferings[' + advancedOfferings + '].offering'] = this.serviceOfferings[values.etcdofferingid].id
+            advancedOfferings++
+          }
+        }
+        var advancedTemplates = 0
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'controltemplateid') && this.arrayHasItems(this.templates) && this.templates[values.controltemplateid].id != null) {
+          params['nodetemplates[' + advancedTemplates + '].node'] = 'control'
+          params['nodetemplates[' + advancedTemplates + '].template'] = this.templates[values.controltemplateid].id
+          advancedTemplates++
+        }
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'workertemplateid') && this.arrayHasItems(this.templates) && this.templates[values.workertemplateid].id != null) {
+          params['nodetemplates[' + advancedTemplates + '].node'] = 'worker'
+          params['nodetemplates[' + advancedTemplates + '].template'] = this.templates[values.workertemplateid].id
+          advancedTemplates++
+        }
+        if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'etcdnodes') && values.etcdnodes > 0) {
+          params.etcdnodes = values.etcdnodes
+          if (this.isValidValueForKey(values, 'etcdtemplateid') && this.arrayHasItems(this.templates) && this.templates[values.etcdtemplateid].id != null) {
+            params['nodetemplates[' + advancedTemplates + '].node'] = 'etcd'
+            params['nodetemplates[' + advancedTemplates + '].template'] = this.templates[values.etcdtemplateid].id
+            advancedTemplates++
+          }
+        }
         if (this.isValidValueForKey(values, 'noderootdisksize') && values.noderootdisksize > 0) {
           params.noderootdisksize = values.noderootdisksize
         }
diff --git a/ui/src/views/compute/ScaleKubernetesCluster.vue b/ui/src/views/compute/ScaleKubernetesCluster.vue
index 8d73ac861d70..3fe552004f75 100644
--- a/ui/src/views/compute/ScaleKubernetesCluster.vue
+++ b/ui/src/views/compute/ScaleKubernetesCluster.vue
@@ -28,7 +28,7 @@
         :rules="rules"
         @finish="handleSubmit"
         layout="vertical">
-        <a-form-item name="serviceofferingid" ref="serviceofferingid">
+        <a-form-item name="serviceofferingid" ref="serviceofferingid" v-if="!this.resource.workerofferingid && !this.resource.controlofferingid && !this.resource.etcdofferingid">
           <template #label>
             <tooltip-label :title="$t('label.serviceofferingid')" :tooltip="apiParams.serviceofferingid.description"/>
           </template>
@@ -47,6 +47,63 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item name="workerofferingid" ref="workerofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.service.offering.workernodes')" :tooltip="apiParams.serviceofferingid.description"/>
+          </template>
+          <a-select
+            id="offering-selection-worker"
+            v-model:value="form.workerofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.children.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="apiParams.serviceofferingid.description">
+            <a-select-option v-for="(opt, optIndex) in workerOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="controlofferingid" ref="controlofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.service.offering.controlnodes')" :tooltip="apiParams.serviceofferingid.description"/>
+          </template>
+          <a-select
+            id="offering-selection-control"
+            v-model:value="form.controlofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.children.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="apiParams.serviceofferingid.description">
+            <a-select-option v-for="(opt, optIndex) in controlOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="etcdofferingid" ref="etcdofferingid" v-if="this.resource.etcdnodes && this.resource.etcdnodes > 0 && this.resource.etcdofferingid">
+          <template #label>
+            <tooltip-label :title="$t('label.service.offering.etcdnodes')" :tooltip="apiParams.serviceofferingid.description"/>
+          </template>
+          <a-select
+            id="offering-selection-etcd"
+            v-model:value="form.etcdofferingid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.children.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="apiParams.serviceofferingid.description">
+            <a-select-option v-for="(opt, optIndex) in etcdOfferings" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
         <a-form-item name="autoscalingenabled" ref="autoscalingenabled" v-if="apiParams.autoscalingenabled">
           <template #label>
             <tooltip-label :title="$t('label.cks.cluster.autoscalingenabled')" :tooltip="apiParams.autoscalingenabled.description"/>
@@ -118,7 +175,10 @@ export default {
       originalSize: 1,
       autoscalingenabled: null,
       minsize: null,
-      maxsize: null
+      maxsize: null,
+      controlOfferings: [],
+      workerOfferings: [],
+      etcdOfferings: []
     }
   },
   beforeCreate () {
@@ -153,7 +213,12 @@ export default {
     },
     fetchData () {
       if (this.resource.state === 'Running') {
-        this.fetchKubernetesClusterServiceOfferingData()
+        this.fetchKubernetesClusterServiceOfferingData(this.resource.serviceofferingid, 'default')
+        this.fetchKubernetesClusterServiceOfferingData(this.resource.workerofferingid, 'worker')
+        this.fetchKubernetesClusterServiceOfferingData(this.resource.controlofferingid, 'control')
+        if (this.resource.etcdofferingid && this.resource.etcdnodes && this.resource.etcdnodes > 0) {
+          this.fetchKubernetesClusterServiceOfferingData(this.resource.controlofferingid, 'etcd')
+        }
         return
       }
       this.fetchKubernetesVersionData()
@@ -167,19 +232,21 @@ export default {
     isObjectEmpty (obj) {
       return !(obj !== null && obj !== undefined && Object.keys(obj).length > 0 && obj.constructor === Object)
     },
-    fetchKubernetesClusterServiceOfferingData () {
+    fetchKubernetesClusterServiceOfferingData (offeringId, type) {
       const params = {}
       if (!this.isObjectEmpty(this.resource)) {
-        params.id = this.resource.serviceofferingid
+        params.id = offeringId
       }
+      var minCpu = 0
+      var minMemory = 0
       api('listServiceOfferings', params).then(json => {
         var items = json?.listserviceofferingsresponse?.serviceoffering || []
         if (this.arrayHasItems(items) && !this.isObjectEmpty(items[0])) {
-          this.minCpu = items[0].cpunumber
-          this.minMemory = items[0].memory
+          minCpu = items[0].cpunumber
+          minMemory = items[0].memory
         }
       }).finally(() => {
-        this.fetchServiceOfferingData()
+        this.fetchServiceOfferingData(minCpu, minMemory, type)
       })
     },
     fetchKubernetesVersionData () {
@@ -187,21 +254,28 @@ export default {
       if (!this.isObjectEmpty(this.resource)) {
         params.id = this.resource.kubernetesversionid
       }
+      var minCpu = 0
+      var minMemory = 0
       api('listKubernetesSupportedVersions', params).then(json => {
         const versionObjs = json?.listkubernetessupportedversionsresponse?.kubernetessupportedversion || []
         if (this.arrayHasItems(versionObjs) && !this.isObjectEmpty(versionObjs[0])) {
-          this.minCpu = versionObjs[0].mincpunumber
-          this.minMemory = versionObjs[0].minmemory
+          minCpu = versionObjs[0].mincpunumber
+          minMemory = versionObjs[0].minmemory
         }
       }).finally(() => {
-        this.fetchServiceOfferingData()
+        this.fetchServiceOfferingData(minCpu, minMemory, 'default')
+        this.fetchServiceOfferingData(minCpu, minMemory, 'worker')
+        this.fetchServiceOfferingData(minCpu, minMemory, 'control')
+        if (this.resource.etcdofferingid && this.resource.etcdnodes && this.resource.etcdnodes > 0) {
+          this.fetchServiceOfferingData(minCpu, minMemory, 'etcd')
+        }
       })
     },
-    fetchServiceOfferingData () {
-      this.serviceOfferings = []
+    fetchServiceOfferingData (minCpu, minMemory, type) {
+      var offerings = []
       const params = {
-        cpunumber: this.minCpu,
-        memory: this.minMemory
+        cpunumber: minCpu,
+        memory: minMemory
       }
       this.serviceOfferingLoading = true
       api('listServiceOfferings', params).then(json => {
@@ -209,17 +283,35 @@ export default {
         if (this.arrayHasItems(items)) {
           for (var i = 0; i < items.length; i++) {
             if (items[i].iscustomized === false) {
-              this.serviceOfferings.push(items[i])
+              offerings.push(items[i])
             }
           }
         }
       }).finally(() => {
         this.serviceOfferingLoading = false
-        if (this.arrayHasItems(this.serviceOfferings)) {
-          for (var i = 0; i < this.serviceOfferings.length; i++) {
-            if (this.serviceOfferings[i].id === this.resource.serviceofferingid) {
+        if (this.arrayHasItems(offerings)) {
+          if (type === 'default') {
+            this.serviceOfferings = offerings
+          } else if (type === 'worker') {
+            this.workerOfferings = offerings
+          } else if (type === 'control') {
+            this.controlOfferings = offerings
+          } else if (type === 'etcd') {
+            this.etcdOfferings = offerings
+          }
+          for (var i = 0; i < offerings.length; i++) {
+            if (type === 'default' && offerings[i].id === this.resource.serviceofferingid) {
               this.form.serviceofferingid = i
               break
+            } else if (type === 'worker' && offerings[i].id === this.resource.workerofferingid) {
+              this.form.workerofferingid = i
+              break
+            } else if (type === 'control' && offerings[i].id === this.resource.controlofferingid) {
+              this.form.controlofferingid = i
+              break
+            } else if (type === 'etcd' && offerings[i].id === this.resource.etcdofferingid) {
+              this.form.etcdofferingid = i
+              break
             }
           }
         }
@@ -250,6 +342,22 @@ export default {
         if (this.isValidValueForKey(values, 'maxsize')) {
           params.maxsize = values.maxsize
         }
+        var advancedOfferings = 0
+        if (this.isValidValueForKey(values, 'controlofferingid') && this.arrayHasItems(this.controlOfferings) && this.controlOfferings[values.controlofferingid].id != null) {
+          params['nodeofferings[' + advancedOfferings + '].node'] = 'control'
+          params['nodeofferings[' + advancedOfferings + '].offering'] = this.controlOfferings[values.controlofferingid].id
+          advancedOfferings++
+        }
+        if (this.isValidValueForKey(values, 'workerofferingid') && this.arrayHasItems(this.workerOfferings) && this.workerOfferings[values.workerofferingid].id != null) {
+          params['nodeofferings[' + advancedOfferings + '].node'] = 'worker'
+          params['nodeofferings[' + advancedOfferings + '].offering'] = this.workerOfferings[values.workerofferingid].id
+          advancedOfferings++
+        }
+        if (this.isValidValueForKey(values, 'etcdofferingid') && this.arrayHasItems(this.etcdOfferings) && this.etcdOfferings[values.etcdofferingid].id != null) {
+          params['nodeofferings[' + advancedOfferings + '].node'] = 'etcd'
+          params['nodeofferings[' + advancedOfferings + '].offering'] = this.etcdOfferings[values.etcdofferingid].id
+          advancedOfferings++
+        }
         api('scaleKubernetesCluster', params).then(json => {
           const jobId = json.scalekubernetesclusterresponse.jobid
           this.$pollJob({
diff --git a/ui/src/views/image/RegisterOrUploadTemplate.vue b/ui/src/views/image/RegisterOrUploadTemplate.vue
index 27f60eeeb5d7..b28fe9ed821b 100644
--- a/ui/src/views/image/RegisterOrUploadTemplate.vue
+++ b/ui/src/views/image/RegisterOrUploadTemplate.vue
@@ -433,6 +433,11 @@
                       {{ $t('label.ispublic') }}
                     </a-checkbox>
                   </a-col>
+                  <a-col :span="12">
+                    <a-checkbox value="forCks" v-if="currentForm === 'Create'">
+                      {{ $t('label.for.cks') }}
+                    </a-checkbox>
+                  </a-col>
                 </a-row>
               </a-checkbox-group>
             </a-form-item>

From 20c40298e609fcee9364506b3b430a06b2e61035 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 10 Apr 2024 09:47:56 -0400
Subject: [PATCH 02/88] CKS Enhancements - Phase 2: Add and Remove external
 nodes to and from a kubernetes cluster

---------

Co-authored-by: nvazquez <nicovazquez90@gmail.com>
---
 .../kubernetes/cluster/KubernetesCluster.java |  15 +
 .../com/cloud/network/NetworkService.java     |   2 +
 .../cloud/template/TemplateApiService.java    |  19 +-
 .../api/ApiCommandResourceType.java           |   3 +-
 .../apache/cloudstack/api/ApiConstants.java   |   3 +
 .../api/command/user/iso/DetachIsoCmd.java    |   2 +-
 .../user/template/UpdateTemplateCmd.java      |   9 +
 .../response/KubernetesUserVmResponse.java    |  24 ++
 .../cloud/agent/api/HandleCksIsoCommand.java  |  34 ++
 .../resource/virtualnetwork/VRScripts.java    |   3 +
 .../VirtualRoutingResource.java               |  12 +
 .../cloud/network/dao/FirewallRulesDao.java   |   2 +
 .../network/dao/FirewallRulesDaoImpl.java     |  17 +
 .../rules/dao/PortForwardingRulesDao.java     |   2 +
 .../rules/dao/PortForwardingRulesDaoImpl.java |  11 +
 .../META-INF/db/schema-41810to41900.sql       |   1 +
 .../cluster/KubernetesClusterEventTypes.java  |   2 +
 .../cluster/KubernetesClusterManagerImpl.java | 107 ++++++-
 .../cluster/KubernetesClusterService.java     |  18 ++
 .../cluster/KubernetesClusterVmMapVO.java     |  11 +
 .../KubernetesClusterActionWorker.java        | 272 ++++++++++++++--
 .../KubernetesClusterAddWorker.java           | 301 ++++++++++++++++++
 .../KubernetesClusterDestroyWorker.java       |   2 +-
 .../KubernetesClusterRemoveWorker.java        | 166 ++++++++++
 ...esClusterResourceModifierActionWorker.java | 133 ++------
 .../KubernetesClusterScaleWorker.java         |  14 +-
 .../KubernetesClusterStartWorker.java         |   4 +-
 .../AddNodesToKubernetesClusterCmd.java       | 132 ++++++++
 .../RemoveNodesFromKubernetesClusterCmd.java  | 109 +++++++
 .../response/KubernetesClusterResponse.java   |  18 +-
 .../src/main/resources/conf/k8s-node.yml      |  13 +
 .../resources/script/remove-node-from-cluster |  27 ++
 .../main/resources/script/validate-cks-node   |  45 +++
 .../com/cloud/network/NetworkServiceImpl.java |  21 ++
 .../network/router/CommandSetupHelper.java    |   8 +
 .../cloud/template/TemplateManagerImpl.java   |  61 ++--
 .../com/cloud/vpc/MockNetworkManagerImpl.java |   5 +
 systemvm/debian/opt/cloud/bin/cks_iso.sh      |  34 ++
 .../debian/opt/cloud/bin/cs/CsGuestNetwork.py |   3 +-
 .../ubuntu/22.04/scripts/setup_template.sh    |  27 ++
 ui/public/locales/en.json                     |  18 +-
 ui/src/config/section/compute.js              |  20 ++
 ui/src/config/section/image.js                |   2 +-
 ui/src/utils/plugins.js                       |  18 +-
 ui/src/views/compute/KubernetesAddNodes.vue   | 177 ++++++++++
 .../views/compute/KubernetesRemoveNodes.vue   | 151 +++++++++
 ui/src/views/compute/RegisterUserData.vue     |   9 +-
 .../views/image/RegisterOrUploadTemplate.vue  |   2 +-
 ui/src/views/image/UpdateTemplate.vue         |   8 +-
 49 files changed, 1918 insertions(+), 179 deletions(-)
 rename {plugins/integrations/kubernetes-service => api}/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java (86%)
 create mode 100644 api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
 create mode 100644 core/src/main/java/com/cloud/agent/api/HandleCksIsoCommand.java
 create mode 100644 plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
 create mode 100644 plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
 create mode 100644 plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
 create mode 100644 plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
 create mode 100644 plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
 create mode 100644 plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
 create mode 100644 systemvm/debian/opt/cloud/bin/cks_iso.sh
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
 create mode 100644 ui/src/views/compute/KubernetesAddNodes.vue
 create mode 100644 ui/src/views/compute/KubernetesRemoveNodes.vue

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
similarity index 86%
rename from plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
rename to api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
index d4545589ced8..c01d8f82a265 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
@@ -44,6 +44,8 @@ enum Event {
         AutoscaleRequested,
         ScaleUpRequested,
         ScaleDownRequested,
+        AddNodeRequested,
+        RemoveNodeRequested,
         UpgradeRequested,
         OperationSucceeded,
         OperationFailed,
@@ -59,6 +61,8 @@ enum State {
         Stopped("All resources for the Kubernetes cluster are destroyed, Kubernetes cluster may still have ephemeral resource like persistent volumes provisioned"),
         Scaling("Transient state in which resources are either getting scaled up/down"),
         Upgrading("Transient state in which cluster is getting upgraded"),
+        Importing("Transient state in which additional nodes are added as worker nodes to a cluster"),
+        RemovingNodes("Transient state in which additional nodes are removed from a cluster"),
         Alert("State to represent Kubernetes clusters which are not in expected desired state (operationally in active control place, stopped cluster VM's etc)."),
         Recovering("State in which Kubernetes cluster is recovering from alert state"),
         Destroyed("End state of Kubernetes cluster in which all resources are destroyed, cluster will not be usable further"),
@@ -96,6 +100,17 @@ enum State {
             s_fsm.addTransition(State.Upgrading, Event.OperationSucceeded, State.Running);
             s_fsm.addTransition(State.Upgrading, Event.OperationFailed, State.Alert);
 
+            s_fsm.addTransition(State.Running, Event.AddNodeRequested, State.Importing);
+            s_fsm.addTransition(State.Alert, Event.AddNodeRequested, State.Importing);
+            s_fsm.addTransition(State.Importing, Event.OperationSucceeded, State.Running);
+            s_fsm.addTransition(State.Importing, Event.OperationFailed, State.Running);
+            s_fsm.addTransition(State.Alert, Event.OperationSucceeded, State.Running);
+
+            s_fsm.addTransition(State.Running, Event.RemoveNodeRequested, State.RemovingNodes);
+            s_fsm.addTransition(State.Alert, Event.RemoveNodeRequested, State.RemovingNodes);
+            s_fsm.addTransition(State.RemovingNodes, Event.OperationSucceeded, State.Running);
+            s_fsm.addTransition(State.RemovingNodes, Event.OperationFailed, State.Running);
+
             s_fsm.addTransition(State.Alert, Event.RecoveryRequested, State.Recovering);
             s_fsm.addTransition(State.Recovering, Event.OperationSucceeded, State.Running);
             s_fsm.addTransition(State.Recovering, Event.OperationFailed, State.Alert);
diff --git a/api/src/main/java/com/cloud/network/NetworkService.java b/api/src/main/java/com/cloud/network/NetworkService.java
index 51799e25cda6..02ca13cb9a4d 100644
--- a/api/src/main/java/com/cloud/network/NetworkService.java
+++ b/api/src/main/java/com/cloud/network/NetworkService.java
@@ -263,4 +263,6 @@ Network createPrivateNetwork(String networkName, String displayText, long physic
     InternalLoadBalancerElementService getInternalLoadBalancerElementByNetworkServiceProviderId(long networkProviderId);
     InternalLoadBalancerElementService getInternalLoadBalancerElementById(long providerId);
     List<InternalLoadBalancerElementService> getInternalLoadBalancerElements();
+
+    boolean handleCksIsoOnNetworkVirtualRouter(Long virtualRouterId, boolean mount) throws ResourceUnavailableException;
 }
diff --git a/api/src/main/java/com/cloud/template/TemplateApiService.java b/api/src/main/java/com/cloud/template/TemplateApiService.java
index 5b494c308c3c..6138f24c92b0 100644
--- a/api/src/main/java/com/cloud/template/TemplateApiService.java
+++ b/api/src/main/java/com/cloud/template/TemplateApiService.java
@@ -58,10 +58,23 @@ public interface TemplateApiService {
     VirtualMachineTemplate prepareTemplate(long templateId, long zoneId, Long storageId);
 
 
+    /**
+     * Detach ISO from VM
+     * @param vmId id of the VM
+     * @param isoId id of the ISO (when passed). If it is not passed, it will get it from user_vm table
+     * @param extraParams forced, isVirtualRouter
+     * @return true when operation succeeds, false if not
+     */
+    boolean detachIso(long vmId, Long isoId, Boolean... extraParams);
 
-    boolean detachIso(long vmId, boolean forced);
-
-    boolean attachIso(long isoId, long vmId, boolean forced);
+    /**
+     * Attach ISO to a VM
+     * @param isoId id of the ISO to attach
+     * @param vmId id of the VM to attach the ISO to
+     * @param extraParams: forced, isVirtualRouter
+     * @return true when operation succeeds, false if not
+     */
+    boolean attachIso(long isoId, long vmId, Boolean... extraParams);
 
     /**
      * Deletes a template
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiCommandResourceType.java b/api/src/main/java/org/apache/cloudstack/api/ApiCommandResourceType.java
index aafc039b36b5..38efa428726b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiCommandResourceType.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiCommandResourceType.java
@@ -81,7 +81,8 @@ public enum ApiCommandResourceType {
     ManagementServer(org.apache.cloudstack.management.ManagementServerHost.class),
     ObjectStore(org.apache.cloudstack.storage.object.ObjectStore.class),
     Bucket(org.apache.cloudstack.storage.object.Bucket.class),
-    QuotaTariff(org.apache.cloudstack.quota.QuotaTariff.class);
+    QuotaTariff(org.apache.cloudstack.quota.QuotaTariff.class),
+    KubernetesCluster(com.cloud.kubernetes.cluster.KubernetesCluster.class);
 
     private final Class<?> clazz;
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index b148d0ccbeac..72b2d466dd35 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -305,6 +305,7 @@ public class ApiConstants {
     public static final String MIGRATIONS = "migrations";
     public static final String MEMORY = "memory";
     public static final String MODE = "mode";
+    public static final String MOUNT_CKS_ISO_ON_VR = "mountcksisoonvr";
     public static final String NSX_MODE = "nsxmode";
     public static final String NSX_ENABLED = "isnsxenabled";
     public static final String NAME = "name";
@@ -1051,6 +1052,8 @@ public class ApiConstants {
     public static final String NODE_IDS = "nodeids";
     public static final String CONTROL_NODES = "controlnodes";
     public static final String ETCD_NODES = "etcdnodes";
+    public static final String EXTERNAL_NODES = "externalnodes";
+    public static final String IS_EXTERNAL_NODE = "isexternalnode";
     public static final String MIN_SEMANTIC_VERSION = "minimumsemanticversion";
     public static final String MIN_KUBERNETES_VERSION_ID = "minimumkubernetesversionid";
     public static final String NODE_ROOT_DISK_SIZE = "noderootdisksize";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
index 292e1c6f099b..78f1a4bcdee6 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/iso/DetachIsoCmd.java
@@ -104,7 +104,7 @@ public ApiCommandResourceType getApiResourceType() {
 
     @Override
     public void execute() {
-        boolean result = _templateService.detachIso(virtualMachineId, isForced());
+        boolean result = _templateService.detachIso(virtualMachineId, null, isForced());
         if (result) {
             UserVm userVm = _entityMgr.findById(UserVm.class, virtualMachineId);
             UserVmResponse response = _responseGenerator.createUserVmResponse(getResponseView(), "virtualmachine", userVm).get(0);
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
index dbbd771293a4..93c860a7bf87 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
@@ -46,6 +46,11 @@ public class UpdateTemplateCmd extends BaseUpdateTemplateOrIsoCmd implements Use
     @Parameter(name = ApiConstants.TEMPLATE_TAG, type = CommandType.STRING, description = "the tag for this template.", since = "4.20.0")
     private String templateTag;
 
+    @Parameter(name = ApiConstants.FOR_CKS, type = CommandType.BOOLEAN,
+    description = "indicates that the template can be used for deployment of CKS clusters",
+    since = "4.20.0")
+    private Boolean forCks;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -63,6 +68,10 @@ public String getTemplateTag() {
         return templateTag;
     }
 
+    public boolean getForCks() {
+        return Boolean.TRUE.equals(forCks);
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
new file mode 100644
index 000000000000..61edbafd48f9
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
@@ -0,0 +1,24 @@
+package org.apache.cloudstack.api.response;
+
+import com.cloud.network.router.VirtualRouter;
+import com.cloud.serializer.Param;
+import com.cloud.uservm.UserVm;
+import com.cloud.vm.VirtualMachine;
+import com.google.gson.annotations.SerializedName;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.EntityReference;
+
+@EntityReference(value = {VirtualMachine.class, UserVm.class, VirtualRouter.class})
+public class KubernetesUserVmResponse extends UserVmResponse {
+    @SerializedName(ApiConstants.IS_EXTERNAL_NODE)
+    @Param(description = "If the VM is an externally added node")
+    private boolean isExternalNode;
+
+    public boolean isExternalNode() {
+        return isExternalNode;
+    }
+
+    public void setExternalNode(boolean externalNode) {
+        isExternalNode = externalNode;
+    }
+}
diff --git a/core/src/main/java/com/cloud/agent/api/HandleCksIsoCommand.java b/core/src/main/java/com/cloud/agent/api/HandleCksIsoCommand.java
new file mode 100644
index 000000000000..16942bb05d44
--- /dev/null
+++ b/core/src/main/java/com/cloud/agent/api/HandleCksIsoCommand.java
@@ -0,0 +1,34 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+package com.cloud.agent.api;
+
+import com.cloud.agent.api.routing.NetworkElementCommand;
+
+public class HandleCksIsoCommand extends NetworkElementCommand {
+
+    private boolean mountCksIso;
+
+    public HandleCksIsoCommand(boolean mountCksIso) {
+        this.mountCksIso = mountCksIso;
+    }
+
+    public boolean isMountCksIso() {
+        return mountCksIso;
+    }
+}
diff --git a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VRScripts.java b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VRScripts.java
index ebe5e9a7ec94..1396a2aa0021 100644
--- a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VRScripts.java
+++ b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VRScripts.java
@@ -81,4 +81,7 @@ public class VRScripts {
     public static final String VR_UPDATE_INTERFACE_CONFIG = "update_interface_config.sh";
 
     public static final String ROUTER_FILESYSTEM_WRITABLE_CHECK = "filesystem_writable_check.py";
+
+    // CKS ISO mount
+    public static final String CKS_ISO_MOUNT_SERVE = "cks_iso.sh";
 }
diff --git a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
index 3c86b3a0dcc4..cbce8cbc39d2 100644
--- a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
+++ b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
@@ -34,6 +34,7 @@
 
 import javax.naming.ConfigurationException;
 
+import com.cloud.agent.api.HandleCksIsoCommand;
 import com.cloud.agent.api.routing.UpdateNetworkCommand;
 import com.cloud.agent.api.to.IpAddressTO;
 import com.cloud.network.router.VirtualRouter;
@@ -144,6 +145,10 @@ public Answer executeRequest(final NetworkElementCommand cmd) {
                 return execute((UpdateNetworkCommand) cmd);
             }
 
+            if (cmd instanceof HandleCksIsoCommand) {
+                return execute((HandleCksIsoCommand) cmd);
+            }
+
             if (_vrAggregateCommandsSet.containsKey(routerName)) {
                 _vrAggregateCommandsSet.get(routerName).add(cmd);
                 aggregated = true;
@@ -171,6 +176,13 @@ public Answer executeRequest(final NetworkElementCommand cmd) {
         }
     }
 
+    protected Answer execute(final HandleCksIsoCommand cmd) {
+        String routerIp = getRouterSshControlIp(cmd);
+        s_logger.info("Attempting to mount CKS ISO on Virtual Router");
+        ExecutionResult result = _vrDeployer.executeInVR(routerIp, VRScripts.CKS_ISO_MOUNT_SERVE, String.valueOf(cmd.isMountCksIso()));
+        return new Answer(cmd, result.isSuccess(), result.getDetails());
+    }
+
     private Answer execute(final SetupKeyStoreCommand cmd) {
         final String args = String.format("/usr/local/cloud/systemvm/conf/agent.properties " +
                         "/usr/local/cloud/systemvm/conf/%s " +
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
index 21200dbf9b58..0c59d10c80b7 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
@@ -72,4 +72,6 @@ public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
     void loadSourceCidrs(FirewallRuleVO rule);
 
     void loadDestinationCidrs(FirewallRuleVO rule);
+
+    FirewallRuleVO findByNetworkIdAndPorts(long networkId, int startPort, int endPort);
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java
index 3ac860b08c5f..78d86ced32f4 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java
@@ -48,6 +48,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
     protected final SearchBuilder<FirewallRuleVO> NotRevokedSearch;
     protected final SearchBuilder<FirewallRuleVO> ReleaseSearch;
     protected SearchBuilder<FirewallRuleVO> VmSearch;
+    protected SearchBuilder<FirewallRuleVO> FirewallByPortsAndNetwork;
     protected final SearchBuilder<FirewallRuleVO> SystemRuleSearch;
     protected final GenericSearchBuilder<FirewallRuleVO, Long> RulesByIpCount;
 
@@ -104,6 +105,12 @@ protected FirewallRulesDaoImpl() {
         RulesByIpCount.and("ipAddressId", RulesByIpCount.entity().getSourceIpAddressId(), Op.EQ);
         RulesByIpCount.and("state", RulesByIpCount.entity().getState(), Op.EQ);
         RulesByIpCount.done();
+
+        FirewallByPortsAndNetwork = createSearchBuilder();
+        FirewallByPortsAndNetwork.and("networkId", FirewallByPortsAndNetwork.entity().getNetworkId(), Op.EQ);
+        FirewallByPortsAndNetwork.and("sourcePortStart", FirewallByPortsAndNetwork.entity().getSourcePortStart(), Op.EQ);
+        FirewallByPortsAndNetwork.and("sourcePortEnd", FirewallByPortsAndNetwork.entity().getSourcePortEnd(), Op.EQ);
+        FirewallByPortsAndNetwork.done();
     }
 
     @Override
@@ -386,4 +393,14 @@ public void loadDestinationCidrs(FirewallRuleVO rule){
         rule.setDestinationCidrsList(destCidrs);
     }
 
+    @Override
+    public FirewallRuleVO findByNetworkIdAndPorts(long networkId, int startPort, int endPort) {
+        SearchCriteria<FirewallRuleVO> sc = FirewallByPortsAndNetwork.create();
+        sc.setParameters("networkId", networkId);
+        sc.setParameters("sourcePortStart", startPort);
+        sc.setParameters("sourcePortEnd", endPort);
+
+        return findOneBy(sc);
+    }
+
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDao.java b/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDao.java
index b89d04ad15a0..622665fc0033 100644
--- a/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDao.java
+++ b/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDao.java
@@ -47,4 +47,6 @@ public interface PortForwardingRulesDao extends GenericDao<PortForwardingRuleVO,
     PortForwardingRuleVO findByIdAndIp(long id, String secondaryIp);
 
     List<PortForwardingRuleVO> listByNetworkAndDestIpAddr(String ip4Address, long networkId);
+
+    PortForwardingRuleVO findByNetworkAndPorts(long networkId, int startPort, int endPort);
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java b/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
index 29cba516d720..2653515596b4 100644
--- a/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
@@ -54,6 +54,8 @@ protected PortForwardingRulesDaoImpl() {
         AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ);
         AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
         AllFieldsSearch.and("dstIp", AllFieldsSearch.entity().getDestinationIpAddress(), Op.EQ);
+        AllFieldsSearch.and("sourcePortStart", AllFieldsSearch.entity().getSourcePortStart(), Op.EQ);
+        AllFieldsSearch.and("sourcePortEnd", AllFieldsSearch.entity().getSourcePortEnd(), Op.EQ);
         AllFieldsSearch.done();
 
         ApplicationSearch = createSearchBuilder();
@@ -170,4 +172,13 @@ public PortForwardingRuleVO findByIdAndIp(long id, String secondaryIp) {
         sc.setParameters("dstIp", secondaryIp);
         return findOneBy(sc);
     }
+
+    @Override
+    public PortForwardingRuleVO findByNetworkAndPorts(long networkId, int startPort, int endPort) {
+        SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
+        sc.setParameters("networkId", networkId);
+        sc.setParameters("sourcePortStart", startPort);
+        sc.setParameters("sourcePortEnd", endPort);
+        return findOneBy(sc);
+    }
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index 1fe43a20a5c9..c1eff3f8a2d2 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -336,6 +336,7 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_templat
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
 
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
index a947e4273be0..486a093e4ad4 100755
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
@@ -23,4 +23,6 @@ public class KubernetesClusterEventTypes {
     public static final String EVENT_KUBERNETES_CLUSTER_STOP = "KUBERNETES.CLUSTER.STOP";
     public static final String EVENT_KUBERNETES_CLUSTER_SCALE = "KUBERNETES.CLUSTER.SCALE";
     public static final String EVENT_KUBERNETES_CLUSTER_UPGRADE = "KUBERNETES.CLUSTER.UPGRADE";
+    public static final String EVENT_KUBERNETES_CLUSTER_NODES_ADD = "KUBERNETES.CLUSTER.NODES.ADD";
+    public static final String EVENT_KUBERNETES_CLUSTER_NODES_REMOVE = "KUBERNETES.CLUSTER.NODES.REMOVE";
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 41bd63ad7eec..6d4b013298ad 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -23,10 +23,12 @@
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
 import static com.cloud.vm.UserVmManager.AllowUserExpungeRecoverVm;
 
+import java.lang.reflect.InvocationTargetException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Date;
 import java.util.EnumSet;
 import java.util.HashMap;
@@ -45,23 +47,33 @@
 import javax.naming.ConfigurationException;
 
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterRemoveWorker;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.element.NsxProviderVO;
+import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterAddWorker;
+import com.cloud.template.TemplateApiService;
 import com.cloud.uservm.UserVm;
+import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmService;
+import com.cloud.vm.dao.NicDao;
+import com.cloud.vm.dao.UserVmDetailsDao;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiConstants.VMDetails;
+import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddNodesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddVirtualMachinesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.DeleteKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.GetKubernetesClusterConfigCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ListKubernetesClustersCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveNodesFromKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveVirtualMachinesFromKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StartKubernetesClusterCmd;
@@ -69,6 +81,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpgradeKubernetesClusterCmd;
 import org.apache.cloudstack.api.response.KubernetesClusterConfigResponse;
 import org.apache.cloudstack.api.response.KubernetesClusterResponse;
+import org.apache.cloudstack.api.response.KubernetesUserVmResponse;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.RemoveVirtualMachinesFromKubernetesClusterResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
@@ -77,6 +90,7 @@
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.commons.beanutils.BeanUtils;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
@@ -234,6 +248,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected UserDao userDao;
     @Inject
+    protected UserVmDetailsDao userVmDetailsDao;
+    @Inject
     protected VMInstanceDao vmInstanceDao;
     @Inject
     protected UserVmJoinDao userVmJoinDao;
@@ -271,9 +287,12 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     public NetworkHelper networkHelper;
     @Inject
     private NsxProviderDao nsxProviderDao;
-
+    @Inject
+    private NicDao nicDao;
     @Inject
     private UserVmService userVmService;
+    @Inject
+    private TemplateApiService templateService;
 
     private void logMessage(final Level logLevel, final String message, final Exception e) {
         if (logLevel == Level.WARN) {
@@ -662,7 +681,7 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
             }
         }
 
-        List<UserVmResponse> vmResponses = new ArrayList<UserVmResponse>();
+        List<KubernetesUserVmResponse> vmResponses = new ArrayList<>();
         List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
         ResponseView respView = ResponseView.Restricted;
         Account caller = CallContext.current().getCallingAccount();
@@ -676,9 +695,17 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
                 if (userVM != null) {
                     UserVmResponse vmResponse = ApiDBUtils.newUserVmResponse(respView, responseName, userVM,
                         EnumSet.of(VMDetails.nics), caller);
-                    vmResponses.add(vmResponse);
+                    KubernetesUserVmResponse kubernetesUserVmResponse = new KubernetesUserVmResponse();
+                    try {
+                        BeanUtils.copyProperties(kubernetesUserVmResponse, vmResponse);
+                    } catch (IllegalAccessException | InvocationTargetException e) {
+                        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to generate zone metrics response");
+                    }
+                    kubernetesUserVmResponse.setExternalNode(vmMapVO.isExternalNode());
+                    vmResponses.add(kubernetesUserVmResponse);
                 }
             }
+            response.setExternalNodes(vmList.stream().filter(KubernetesClusterVmMapVO::isEtcdNode).count());
         }
         response.setHasAnnotation(annotationDao.hasAnnotations(kubernetesCluster.getUuid(),
                 AnnotationService.EntityType.KUBERNETES_CLUSTER.name(), accountService.isRootAdmin(caller.getId())));
@@ -776,7 +803,9 @@ public boolean isCommandSupported(KubernetesCluster cluster, String cmdName) {
                         BaseCmd.getCommandNameByClass(ScaleKubernetesClusterCmd.class),
                         BaseCmd.getCommandNameByClass(StartKubernetesClusterCmd.class),
                         BaseCmd.getCommandNameByClass(StopKubernetesClusterCmd.class),
-                        BaseCmd.getCommandNameByClass(UpgradeKubernetesClusterCmd.class)
+                        BaseCmd.getCommandNameByClass(UpgradeKubernetesClusterCmd.class),
+                        BaseCmd.getCommandNameByClass(AddNodesToKubernetesClusterCmd.class),
+                        BaseCmd.getCommandNameByClass(RemoveNodesFromKubernetesClusterCmd.class)
                 ).contains(cmdName);
             case ExternalManaged:
                 return Arrays.asList(
@@ -924,7 +953,7 @@ protected void validateServiceOfferingForNode(Map<String, Long> map,
         } catch (InvalidParameterValueException e) {
             String msg = String.format("Given service offering ID: %s for %s nodes is not suitable for the Kubernetes cluster version %s - %s",
                     serviceOffering, key, clusterKubernetesVersion, e.getMessage());
-            LOGGER.error(msg);
+            logger.error(msg);
             throw new InvalidParameterValueException(msg);
         }
     }
@@ -1824,6 +1853,71 @@ public boolean addVmsToCluster(AddVirtualMachinesToKubernetesClusterCmd cmd) {
         return true;
     }
 
+    @Override
+    public boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd) {
+        KubernetesClusterVO kubernetesCluster = validateCluster(cmd.getClusterId());
+        long networkId = kubernetesCluster.getNetworkId();
+        NetworkVO networkVO = networkDao.findById(networkId);
+        List<Long> validNodeIds = validateNodes(cmd.getNodeIds(), networkId, networkVO.getName(), kubernetesCluster, false);
+        if (validNodeIds.isEmpty()) {
+            throw new CloudRuntimeException("No valid nodes found to be added to the Kubernetes cluster");
+        }
+        KubernetesClusterAddWorker addWorker = new KubernetesClusterAddWorker(kubernetesCluster, KubernetesClusterManagerImpl.this);
+        addWorker = ComponentContext.inject(addWorker);
+        return addWorker.addNodesToCluster(validNodeIds, cmd.isMountCksIsoOnVr());
+    }
+
+    @Override
+    public boolean removeNodesFromKubernetesCluster(RemoveNodesFromKubernetesClusterCmd cmd) throws Exception {
+        KubernetesClusterVO kubernetesCluster = validateCluster(cmd.getClusterId());
+        List<Long> validNodeIds = validateNodes(cmd.getNodeIds(), null, null, kubernetesCluster, true);
+        if (validNodeIds.isEmpty()) {
+            throw new CloudRuntimeException("No valid nodes found to be removed from the Kubernetes cluster");
+        }
+        KubernetesClusterRemoveWorker removeWorker = new KubernetesClusterRemoveWorker(kubernetesCluster, KubernetesClusterManagerImpl.this);
+        removeWorker = ComponentContext.inject(removeWorker);
+        return removeWorker.removeNodesFromCluster(validNodeIds);
+    }
+
+    private KubernetesClusterVO validateCluster(long clusterId) {
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(clusterId);
+        if (kubernetesCluster == null) {
+            throw new InvalidParameterValueException("Invalid Kubernetes cluster ID specified");
+        }
+        return kubernetesCluster;
+    }
+
+    private List<Long> validateNodes(List<Long> nodeIds, Long networkId, String networkName, KubernetesCluster cluster,  boolean removeNodes) {
+        List<Long> validNodeIds = new ArrayList<>(nodeIds);
+        for (Long id : nodeIds) {
+            VMInstanceVO node = vmInstanceDao.findById(id);
+            if (Objects.isNull(node)) {
+                logger.error(String.format("Failed to find node (physical or virtual machine) with ID: %s", id));
+                validNodeIds.remove(id);
+            } else if (!removeNodes) {
+                VMTemplateVO template = templateDao.findById(node.getTemplateId());
+                if (Objects.isNull(template)) {
+                    logger.error((String.format("Failed to find template with ID: %s", id)));
+                    validNodeIds.remove(id);
+                } else if (!template.isForCks()) {
+                    logger.error(String.format("Node: %s is deployed with a template that is not marked to be used for CKS", node.getId()));
+                    validNodeIds.remove(id);
+                }
+                NicVO nicVO = nicDao.findDefaultNicForVM(id);
+                if (networkId != nicVO.getNetworkId()) {
+                    logger.error(String.format("Node: %s does not have its default NIC in the kubernetes cluster network: %s", node.getId(), networkName));
+                    validNodeIds.remove(id);
+                }
+                List<KubernetesClusterVmMapVO> clusterVmMapVO = kubernetesClusterVmMapDao.listByClusterIdAndVmIdsIn(cluster.getId(), Collections.singletonList(id));
+                if (Objects.nonNull(clusterVmMapVO) && !clusterVmMapVO.isEmpty()) {
+                    logger.warn(String.format("Node: %s is already part of the cluster %s", node.getId(), cluster.getName()));
+                    validNodeIds.remove(id);
+                }
+            }
+        }
+        return validNodeIds;
+    }
+
     @Override
     public List<RemoveVirtualMachinesFromKubernetesClusterResponse> removeVmsFromCluster(RemoveVirtualMachinesFromKubernetesClusterCmd cmd) {
         if (!KubernetesServiceEnabled.value()) {
@@ -1898,6 +1992,8 @@ public List<Class<?>> getCommands() {
         cmdList.add(UpgradeKubernetesClusterCmd.class);
         cmdList.add(AddVirtualMachinesToKubernetesClusterCmd.class);
         cmdList.add(RemoveVirtualMachinesFromKubernetesClusterCmd.class);
+        cmdList.add(AddNodesToKubernetesClusterCmd.class);
+        cmdList.add(RemoveNodesFromKubernetesClusterCmd.class);
         return cmdList;
     }
 
@@ -2190,6 +2286,7 @@ public ConfigKey<?>[] getConfigKeys() {
             KubernetesClusterScaleTimeout,
             KubernetesClusterUpgradeTimeout,
             KubernetesClusterUpgradeRetries,
+            KubernetesClusterAddNodeTimeout,
             KubernetesClusterExperimentalFeaturesEnabled,
             KubernetesMaxClusterSize
         };
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index 39b926537f55..9512a0563cb8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -16,11 +16,13 @@
 // under the License.
 package com.cloud.kubernetes.cluster;
 
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddNodesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddVirtualMachinesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.DeleteKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.GetKubernetesClusterConfigCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ListKubernetesClustersCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveNodesFromKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveVirtualMachinesFromKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StopKubernetesClusterCmd;
@@ -78,6 +80,18 @@ public interface KubernetesClusterService extends PluggableService, Configurable
             "The number of retries if fail to upgrade kubernetes cluster due to some reasons (e.g. drain node, etcdserver leader changed)",
             true,
             KubernetesServiceEnabled.key());
+    static final ConfigKey<Long> KubernetesClusterAddNodeTimeout = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.cluster.add.node.timeout",
+            "3600",
+            "Timeout interval (in seconds) in which an external node(VM / baremetal host) addition to a cluster should be completed",
+            true,
+            KubernetesServiceEnabled.key());
+    static final ConfigKey<Long> KubernetesClusterRemoveNodeTimeout = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.cluster.add.node.timeout",
+            "900",
+            "Timeout interval (in seconds) in which an external node(VM / baremetal host) removal from a cluster should be completed",
+            true,
+            KubernetesServiceEnabled.key());
     static final ConfigKey<Boolean> KubernetesClusterExperimentalFeaturesEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class,
             "cloud.kubernetes.cluster.experimental.features.enabled",
             "false",
@@ -118,5 +132,9 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     boolean addVmsToCluster(AddVirtualMachinesToKubernetesClusterCmd cmd);
 
+    boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd);
+
+    boolean removeNodesFromKubernetesCluster(RemoveNodesFromKubernetesClusterCmd cmd) throws Exception;
+
     List<RemoveVirtualMachinesFromKubernetesClusterResponse> removeVmsFromCluster(RemoveVirtualMachinesFromKubernetesClusterCmd cmd);
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
index 565d7233f3dc..804d5b016f85 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
@@ -45,6 +45,9 @@ public class KubernetesClusterVmMapVO implements KubernetesClusterVmMap {
     @Column(name = "etcd_node")
     boolean etcdNode;
 
+    @Column(name = "external_node")
+    boolean externalNode;
+
     public KubernetesClusterVmMapVO() {
     }
 
@@ -94,4 +97,12 @@ public boolean isEtcdNode() {
     public void setEtcdNode(boolean etcdNode) {
         this.etcdNode = etcdNode;
     }
+
+    public boolean isExternalNode() {
+        return externalNode;
+    }
+
+    public void setExternalNode(boolean externalNode) {
+        this.externalNode = externalNode;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 58ec18848a1a..39d9261b5c46 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -1,19 +1,4 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
+
 
 package com.cloud.kubernetes.cluster.actionworkers;
 
@@ -21,13 +6,17 @@
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
 
 import javax.inject.Inject;
@@ -36,12 +25,32 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.network.dao.NetworkVO;
 import com.cloud.offering.ServiceOffering;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.kubernetes.cluster.utils.KubernetesClusterUtil;
+import com.cloud.network.firewall.FirewallService;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.network.rules.RulesService;
+import com.cloud.network.rules.dao.PortForwardingRulesDao;
+import com.cloud.user.SSHKeyPairVO;
+import com.cloud.utils.component.ComponentContext;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.net.Ip;
+import com.cloud.vm.Nic;
+import com.cloud.vm.NicVO;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.dao.NicDao;
+import com.cloud.vm.UserVmManager;
 import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.ca.CAManager;
 import org.apache.cloudstack.config.ApiServiceConfiguration;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -151,6 +160,8 @@ public class KubernetesClusterActionWorker {
     @Inject
     protected UserVmService userVmService;
     @Inject
+    protected UserVmManager userVmManager;
+    @Inject
     protected VlanDao vlanDao;
     @Inject
     protected VirtualMachineManager itMgr;
@@ -160,6 +171,14 @@ public class KubernetesClusterActionWorker {
     public ProjectService projectService;
     @Inject
     public VpcService vpcService;
+    @Inject
+    public PortForwardingRulesDao portForwardingRulesDao;
+    @Inject
+    protected RulesService rulesService;
+    @Inject
+    protected FirewallService firewallService;
+    @Inject
+    private NicDao nicDao;
 
     protected KubernetesClusterDao kubernetesClusterDao;
     protected KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
@@ -180,6 +199,8 @@ public class KubernetesClusterActionWorker {
     protected final String deploySecretsScriptFilename = "deploy-cloudstack-secret";
     protected final String deployProviderScriptFilename = "deploy-provider";
     protected final String autoscaleScriptFilename = "autoscale-kube-cluster";
+    protected final String validateNodeScript = "validate-cks-node";
+    protected final String removeNodeFromClusterScript = "remove-node-from-cluster";
     protected final String scriptPath = "/opt/bin/";
     protected File deploySecretsScriptFile;
     protected File deployProviderScriptFile;
@@ -318,11 +339,12 @@ protected File getManagementServerSshPublicKeyFile() {
         return new File(keyFile);
     }
 
-    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId, boolean isControlNode) {
+    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId, boolean isControlNode, boolean isExternalNode) {
         return Transaction.execute(new TransactionCallback<KubernetesClusterVmMapVO>() {
             @Override
             public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
                 KubernetesClusterVmMapVO newClusterVmMap = new KubernetesClusterVmMapVO(kubernetesClusterId, vmId, isControlNode);
+                newClusterVmMap.setExternalNode(isExternalNode);
                 kubernetesClusterVmMapDao.persist(newClusterVmMap);
                 return newClusterVmMap;
             }
@@ -377,6 +399,22 @@ protected IpAddress getVpcTierKubernetesPublicIp(Network network) {
         return address;
     }
 
+    protected IpAddress getPublicIp(Network network) throws ManagementServerException {
+        if (network.getVpcId() != null) {
+            IpAddress publicIp = getVpcTierKubernetesPublicIp(network);
+            if (publicIp == null) {
+                throw new ManagementServerException(String.format("No public IP addresses found for VPC tier : %s, Kubernetes cluster : %s", network.getName(), kubernetesCluster.getName()));
+            }
+            return publicIp;
+        }
+        IpAddress publicIp = getNetworkSourceNatIp(network);
+        if (publicIp == null) {
+            throw new ManagementServerException(String.format("No source NAT IP addresses found for network : %s, Kubernetes cluster : %s",
+                    network.getName(), kubernetesCluster.getName()));
+        }
+        return publicIp;
+    }
+
     protected IpAddress acquireVpcTierKubernetesPublicIp(Network network) throws
             InsufficientAddressCapacityException, ResourceAllocationException, ResourceUnavailableException {
         IpAddress ip = networkService.allocateIP(owner, kubernetesCluster.getZoneId(), network.getId(), null, null);
@@ -503,7 +541,7 @@ protected void detachIsoKubernetesVMs(List<UserVm> clusterVMs) {
         for (UserVm vm : clusterVMs) {
             boolean result = false;
             try {
-                result = templateService.detachIso(vm.getId(), true);
+                result = templateService.detachIso(vm.getId(), null, true);
             } catch (CloudRuntimeException ex) {
                 logger.warn(String.format("Failed to detach binaries ISO from VM : %s in the Kubernetes cluster : %s ", vm.getDisplayName(), kubernetesCluster.getName()), ex);
             }
@@ -613,12 +651,15 @@ protected void copyScripts(String nodeAddress, final int sshPort) {
         copyScriptFile(nodeAddress, sshPort, autoscaleScriptFile, autoscaleScriptFilename);
     }
 
-    protected void copyScriptFile(String nodeAddress, final int sshPort, File file, String desitnation) {
+    protected void copyScriptFile(String nodeAddress, final int sshPort, File file, String destination) {
         try {
+            if (Objects.isNull(sshKeyFile)) {
+                sshKeyFile = getManagementServerSshPublicKeyFile();
+            }
             SshHelper.scpTo(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
-                "~/", file.getAbsolutePath(), "0755");
-            String cmdStr = String.format("sudo mv ~/%s %s/%s", file.getName(), scriptPath, desitnation);
-            SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
+                "~/", file.getAbsolutePath(), "0755", 20000, 30 * 60 * 1000);
+            String cmdStr = String.format("sudo mv ~/%s %s/%s", file.getName(), scriptPath, destination);
+            SshHelper.sshExecute(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
                 cmdStr, 10000, 10000, 10 * 60 * 1000);
         } catch (Exception e) {
             throw new CloudRuntimeException(e);
@@ -729,4 +770,191 @@ protected boolean isDefaultTemplateUsed() {
         }
         return false;
     }
+
+    protected void provisionPublicIpPortForwardingRule(IpAddress publicIp, Network network, Account account,
+                                                       final long vmId, final int sourcePort, final int destPort) throws NetworkRuleConflictException, ResourceUnavailableException {
+        final long publicIpId = publicIp.getId();
+        final long networkId = network.getId();
+        final long accountId = account.getId();
+        final long domainId = account.getDomainId();
+        Nic vmNic = networkModel.getNicInNetwork(vmId, networkId);
+        final Ip vmIp = new Ip(vmNic.getIPv4Address());
+        PortForwardingRuleVO pfRule = Transaction.execute((TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>) status -> {
+            PortForwardingRuleVO newRule =
+                    new PortForwardingRuleVO(null, publicIpId,
+                            sourcePort, sourcePort,
+                            vmIp,
+                            destPort, destPort,
+                            "tcp", networkId, accountId, domainId, vmId);
+            newRule.setDisplay(true);
+            newRule.setState(FirewallRule.State.Add);
+            newRule = portForwardingRulesDao.persist(newRule);
+            return newRule;
+        });
+        rulesService.applyPortForwardingRules(publicIp.getId(), account);
+        if (logger.isInfoEnabled()) {
+            logger.info(String.format("Provisioned SSH port forwarding rule: %s from port %d to %d on %s to the VM IP : %s in Kubernetes cluster : %s", pfRule.getUuid(), sourcePort, destPort, publicIp.getAddress().addr(), vmIp.toString(), kubernetesCluster.getName()));
+        }
+    }
+
+    public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
+        String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
+        final String sshPubKey = "{{ k8s.ssh.pub.key }}";
+        final String joinIpKey = "{{ k8s_control_node.join_ip }}";
+        final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
+        final String ejectIsoKey = "{{ k8s.eject.iso }}";
+        final String routerIpKey = "{{ k8s.vr.iso.mounted.ip }}";
+        NicVO routerNicOnNetwork = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster);
+        String routerIp = routerNicOnNetwork.getIPv4Address();
+        String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
+//        if (Objects.isNull(owner)) {
+//            owner = accountDao.findById(kubernetesCluster.getAccountId());
+//        }
+        String sshKeyPair = kubernetesCluster.getKeyPair();
+        if (StringUtils.isNotEmpty(sshKeyPair)) {
+            SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
+            if (sshkp != null) {
+                pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
+            }
+        }
+        k8sNodeConfig = k8sNodeConfig.replace(sshPubKey, pubKey);
+        k8sNodeConfig = k8sNodeConfig.replace(joinIpKey, joinIp);
+        k8sNodeConfig = k8sNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
+        k8sNodeConfig = k8sNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
+        k8sNodeConfig = k8sNodeConfig.replace(routerIpKey, routerIp);
+
+        k8sNodeConfig = updateKubeConfigWithRegistryDetails(k8sNodeConfig);
+
+        return k8sNodeConfig;
+    }
+
+    protected String updateKubeConfigWithRegistryDetails(String k8sConfig) {
+        /* genarate /etc/containerd/config.toml file on the nodes only if Kubernetes cluster is created to
+         * use docker private registry */
+        String registryUsername = null;
+        String registryPassword = null;
+        String registryUrl = null;
+
+        List<KubernetesClusterDetailsVO> details = kubernetesClusterDetailsDao.listDetails(kubernetesCluster.getId());
+        for (KubernetesClusterDetailsVO detail : details) {
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_USER_NAME)) {
+                registryUsername = detail.getValue();
+            }
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_PASSWORD)) {
+                registryPassword = detail.getValue();
+            }
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_URL)) {
+                registryUrl = detail.getValue();
+            }
+        }
+
+        if (StringUtils.isNoneEmpty(registryUsername, registryPassword, registryUrl)) {
+            // Update runcmd in the cloud-init configuration to run a script that updates the containerd config with provided registry details
+            String runCmd = "- bash -x /opt/bin/setup-containerd";
+
+            String registryEp = registryUrl.split("://")[1];
+            k8sConfig = k8sConfig.replace("- containerd config default > /etc/containerd/config.toml", runCmd);
+            final String registryUrlKey = "{{registry.url}}";
+            final String registryUrlEpKey = "{{registry.url.endpoint}}";
+            final String registryAuthKey = "{{registry.token}}";
+            final String registryUname = "{{registry.username}}";
+            final String registryPsswd = "{{registry.password}}";
+
+            final String usernamePasswordKey = registryUsername + ":" + registryPassword;
+            String base64Auth = Base64.encodeBase64String(usernamePasswordKey.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+            k8sConfig = k8sConfig.replace(registryUrlKey,   registryUrl);
+            k8sConfig = k8sConfig.replace(registryUrlEpKey, registryEp);
+            k8sConfig = k8sConfig.replace(registryUname, registryUsername);
+            k8sConfig = k8sConfig.replace(registryPsswd, registryPassword);
+            k8sConfig = k8sConfig.replace(registryAuthKey, base64Auth);
+        }
+        return k8sConfig;
+    }
+
+    public Map<Long, Integer> addFirewallRulesForNodes(IpAddress publicIp, int size) throws ManagementServerException {
+        Map<Long, Integer> vmIdPortMap = new HashMap<>();
+        try {
+            List<KubernetesClusterVmMapVO> clusterVmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
+            List<KubernetesClusterVmMapVO> externalNodes = clusterVmList.stream().filter(KubernetesClusterVmMapVO::isExternalNode).collect(Collectors.toList());
+            int endPort = (CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVmList.size() - externalNodes.size() - 1);
+            provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort);
+            if (logger.isInfoEnabled()) {
+                logger.info(String.format("Provisioned firewall rule to open up port %d to %d on %s for Kubernetes cluster : %s", CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort, publicIp.getAddress().addr(), kubernetesCluster.getName()));
+            }
+            if (!externalNodes.isEmpty()) {
+                AtomicInteger additionalNodes = new AtomicInteger(1);
+                externalNodes.forEach(externalNode -> {
+                    int port = endPort + additionalNodes.get();
+                    try {
+                        provisionFirewallRules(publicIp, owner, port, port);
+                        vmIdPortMap.put(externalNode.getVmId(), port);
+                    } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | NetworkRuleConflictException e) {
+                        throw new CloudRuntimeException(String.format("Failed to provision firewall rules for SSH access for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
+                    }
+                    additionalNodes.addAndGet(1);
+                });
+            }
+        } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | NetworkRuleConflictException e) {
+            throw new ManagementServerException(String.format("Failed to provision firewall rules for SSH access for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
+        }
+        return vmIdPortMap;
+    }
+
+    protected void provisionFirewallRules(final IpAddress publicIp, final Account account, int startPort, int endPort) throws NoSuchFieldException,
+            IllegalAccessException, ResourceUnavailableException, NetworkRuleConflictException {
+        List<String> sourceCidrList = new ArrayList<String>();
+        sourceCidrList.add("0.0.0.0/0");
+
+        CreateFirewallRuleCmd rule = new CreateFirewallRuleCmd();
+        rule = ComponentContext.inject(rule);
+
+        Field addressField = rule.getClass().getDeclaredField("ipAddressId");
+        addressField.setAccessible(true);
+        addressField.set(rule, publicIp.getId());
+
+        Field protocolField = rule.getClass().getDeclaredField("protocol");
+        protocolField.setAccessible(true);
+        protocolField.set(rule, "TCP");
+
+        Field startPortField = rule.getClass().getDeclaredField("publicStartPort");
+        startPortField.setAccessible(true);
+        startPortField.set(rule, startPort);
+
+        Field endPortField = rule.getClass().getDeclaredField("publicEndPort");
+        endPortField.setAccessible(true);
+        endPortField.set(rule, endPort);
+
+        Field cidrField = rule.getClass().getDeclaredField("cidrlist");
+        cidrField.setAccessible(true);
+        cidrField.set(rule, sourceCidrList);
+
+        firewallService.createIngressFirewallRule(rule);
+        firewallService.applyIngressFwRules(publicIp.getId(), account);
+    }
+
+    protected NicVO getVirtualRouterNicOnKubernetesClusterNetwork(KubernetesCluster kubernetesCluster) {
+        long networkId = kubernetesCluster.getNetworkId();
+        NetworkVO kubernetesClusterNetwork = networkDao.findById(networkId);
+        if (kubernetesClusterNetwork == null) {
+            logAndThrow(Level.ERROR, String.format("Cannot find network %s set on Kubernetes Cluster %s", networkId, kubernetesCluster.getName()));
+        }
+        NicVO routerNicOnNetwork = nicDao.findByNetworkIdAndType(networkId, VirtualMachine.Type.DomainRouter);
+        if (routerNicOnNetwork == null) {
+            logAndThrow(Level.ERROR, String.format("Cannot find a Virtual Router on Kubernetes Cluster %s network %s", kubernetesCluster.getName(), kubernetesClusterNetwork.getName()));
+        }
+        return routerNicOnNetwork;
+    }
+
+    protected Map<Long, Integer> getVmPortMap() {
+        List<KubernetesClusterVmMapVO> clusterVmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
+        List<KubernetesClusterVmMapVO> externalNodes = clusterVmList.stream().filter(KubernetesClusterVmMapVO::isExternalNode).collect(Collectors.toList());
+        Map<Long, Integer> vmIdPortMap = new HashMap<>();
+        int defaultNodesCount = clusterVmList.size() - externalNodes.size();
+        AtomicInteger i = new AtomicInteger(0);
+        externalNodes.forEach(node -> {
+            vmIdPortMap.put(node.getVmId(), CLUSTER_NODES_DEFAULT_START_SSH_PORT + defaultNodesCount + i.get());
+            i.addAndGet(1);
+        });
+        return vmIdPortMap;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
new file mode 100644
index 000000000000..0f59e6bcf454
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -0,0 +1,301 @@
+package com.cloud.kubernetes.cluster.actionworkers;
+
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventVO;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.hypervisor.Hypervisor;
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
+import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import com.cloud.kubernetes.cluster.KubernetesClusterVO;
+import com.cloud.kubernetes.cluster.utils.KubernetesClusterUtil;
+import com.cloud.network.IpAddress;
+import com.cloud.network.Network;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.user.Account;
+import com.cloud.uservm.UserVm;
+import com.cloud.utils.Pair;
+import com.cloud.utils.Ternary;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.ssh.SshHelper;
+import com.cloud.vm.UserVmVO;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.command.user.vm.RebootVMCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Level;
+
+import javax.inject.Inject;
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+public class KubernetesClusterAddWorker extends KubernetesClusterActionWorker {
+
+    @Inject
+    private FirewallRulesDao firewallRulesDao;
+    private long addNodeTimeoutTime;
+
+    List<Long> finalNodeIds = new ArrayList<>();
+
+    public KubernetesClusterAddWorker(KubernetesCluster kubernetesCluster, KubernetesClusterManagerImpl clusterManager) {
+        super(kubernetesCluster, clusterManager);
+    }
+
+    public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr) throws CloudRuntimeException {
+        try {
+            init();
+            addNodeTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterAddNodeTimeout.value() * 1000;
+            Long networkId = kubernetesCluster.getNetworkId();
+            Network network = networkDao.findById(networkId);
+            if (Objects.isNull(network)) {
+                throw new CloudRuntimeException(String.format("Failed to find network with id: %s", networkId));
+            }
+            templateDao.findById(kubernetesCluster.getTemplateId());
+            IpAddress publicIp = null;
+            try {
+                publicIp = getPublicIp(network);
+            } catch (ManagementServerException e) {
+                throw new CloudRuntimeException(String.format("Failed to retrieve public IP for the network: %s ", network.getName()));
+            }
+            attachCksIsoForNodesAdditionToCluster(nodeIds, kubernetesCluster.getId(), mountCksIsoOnVr);
+            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.AddNodeRequested);
+            Ternary<Integer, Long, Long> nodesAddedAndMemory = importNodeToCluster(nodeIds, network, publicIp, mountCksIsoOnVr);
+            int nodesAdded = nodesAddedAndMemory.first();
+            updateKubernetesCluster(kubernetesCluster.getId(), nodesAddedAndMemory);
+            if (nodeIds.size() != nodesAdded) {
+                String msg = String.format("Not every node was added to the CKS cluster %s, nodes added: %s out of %s", kubernetesCluster.getUuid(), nodesAdded, nodeIds.size());
+                LOGGER.info(msg);
+                detachCksIsoFromNodesAddedToCluster(nodeIds, kubernetesCluster.getId(), mountCksIsoOnVr);
+                stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
+                ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
+                        EventVO.LEVEL_ERROR, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_ADD,
+                        msg, kubernetesCluster.getId(), ApiCommandResourceType.KubernetesCluster.toString(), 0);
+                return false;
+            }
+            Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
+            KubernetesClusterUtil.validateKubernetesClusterReadyNodesCount(kubernetesCluster, publicIpSshPort.first(), publicIpSshPort.second(),
+                    getControlNodeLoginUser(), sshKeyFile, addNodeTimeoutTime, 15000);
+            detachCksIsoFromNodesAddedToCluster(nodeIds, kubernetesCluster.getId(), mountCksIsoOnVr);
+            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
+            String description = String.format("Successfully added %s nodes to Kubernetes Cluster %s", nodesAdded, kubernetesCluster.getUuid());
+            ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
+                    EventVO.LEVEL_INFO, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_ADD,
+                    description, kubernetesCluster.getId(), ApiCommandResourceType.KubernetesCluster.toString(), 0);
+            return true;
+        } catch (Exception e) {
+            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
+            throw new CloudRuntimeException(e);
+        }
+    }
+
+    private void detachCksIsoFromNodesAddedToCluster(List<Long> nodeIds, long kubernetesClusterId, boolean mountCksIsoOnVr) {
+        if (mountCksIsoOnVr) {
+            detachIsoOnVirtualRouter(kubernetesClusterId);
+        } else {
+            LOGGER.info("Detaching CKS ISO from the nodes");
+            List<UserVm> vms = nodeIds.stream().map(nodeId -> userVmDao.findById(nodeId)).collect(Collectors.toList());
+            detachIsoKubernetesVMs(vms);
+        }
+    }
+
+    public void detachIsoOnVirtualRouter(Long kubernetesClusterId) {
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(kubernetesClusterId);
+        Long virtualRouterId = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster).getInstanceId();
+        long isoId = kubernetesSupportedVersionDao.findById(kubernetesCluster.getKubernetesVersionId()).getIsoId();
+
+        try {
+            networkService.handleCksIsoOnNetworkVirtualRouter(virtualRouterId, false);
+        } catch (ResourceUnavailableException e) {
+            String err = String.format("Error trying to handle ISO %s on virtual router %s", isoId, virtualRouterId);
+            LOGGER.error(err);
+            throw new CloudRuntimeException(err);
+        }
+
+        try {
+            templateService.detachIso(virtualRouterId, isoId, true, true);
+        } catch (CloudRuntimeException e) {
+            String err = String.format("Error trying to detach ISO %s from virtual router %s", isoId, virtualRouterId);
+            LOGGER.error(err, e);
+        }
+    }
+
+    public void attachCksIsoForNodesAdditionToCluster(List<Long> nodeIds, Long kubernetesClusterId, boolean mountCksIsoOnVr) {
+        if (mountCksIsoOnVr) {
+            attachAndServeIsoOnVirtualRouter(kubernetesClusterId);
+        } else {
+            LOGGER.info("Attaching CKS ISO to the nodes");
+            List<UserVm> vms = nodeIds.stream().map(nodeId -> userVmDao.findById(nodeId)).collect(Collectors.toList());
+            attachIsoKubernetesVMs(vms);
+        }
+    }
+
+    public void attachAndServeIsoOnVirtualRouter(Long kubernetesClusterId) {
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(kubernetesClusterId);
+        Long virtualRouterId = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster).getInstanceId();
+        long isoId = kubernetesSupportedVersionDao.findById(kubernetesCluster.getKubernetesVersionId()).getIsoId();
+
+        try {
+            templateService.attachIso(isoId, virtualRouterId, true, true);
+        } catch (CloudRuntimeException e) {
+            String err = String.format("Error trying to attach ISO %s to virtual router %s", isoId, virtualRouterId);
+            LOGGER.error(err);
+            throw new CloudRuntimeException(err);
+        }
+
+        try {
+            networkService.handleCksIsoOnNetworkVirtualRouter(virtualRouterId, true);
+        } catch (ResourceUnavailableException e) {
+            String err = String.format("Error trying to handle ISO %s on virtual router %s", isoId, virtualRouterId);
+            LOGGER.error(err);
+            throw new CloudRuntimeException(err);
+        }
+    }
+
+    private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Network network, IpAddress publicIp, boolean mountCksIsoOnVr) {
+        int nodeIndex = 0;
+        Long additionalMemory = 0L;
+        Long additionalCores = 0L;
+        for (Long nodeId : nodeIds) {
+            UserVmVO vm = userVmDao.findById(nodeId);
+            String k8sControlNodeConfig = null;
+            try {
+                k8sControlNodeConfig = getKubernetesNodeConfig(publicIp.getAddress().addr(), Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            } catch (IOException e) {
+                logAndThrow(Level.ERROR, "Failed to read Kubernetes control node configuration file", e);
+            }
+            if (Objects.isNull(k8sControlNodeConfig)) {
+                logAndThrow(Level.ERROR, "Error generating worker node configuration");
+            }
+            String base64UserData = Base64.encodeBase64String(k8sControlNodeConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+
+            Pair<Boolean, Integer> result = validateAndSetupNode(network, publicIp, owner, nodeId,  nodeIndex, base64UserData);
+            if (Boolean.TRUE.equals(result.first())) {
+                ServiceOfferingVO offeringVO = serviceOfferingDao.findById(vm.getId(), vm.getServiceOfferingId());
+                additionalMemory += offeringVO.getRamSize();
+                additionalCores += offeringVO.getCpu();
+                String msg = String.format("VM %s added as a node on the Kubernetes Cluster %s", vm.getUuid(), kubernetesCluster.getUuid());
+                ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
+                        EventVO.LEVEL_INFO, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_ADD,
+                        msg, vm.getId(), ApiCommandResourceType.VirtualMachine.toString(), 0);
+            }
+            if (Boolean.FALSE.equals(result.first())) {
+                LOGGER.error(String.format("Failed to add node %s [%s] to Kubernetes cluster : %s", vm.getName(), vm.getUuid(), kubernetesCluster.getName()));
+            }
+            if (System.currentTimeMillis() > addNodeTimeoutTime) {
+                LOGGER.error(String.format("Failed to add node %s to Kubernetes cluster : %s", nodeId, kubernetesCluster.getName()));
+            }
+            nodeIndex = result.second();
+        }
+        return new Ternary<>(nodeIndex, additionalMemory, additionalCores);
+    }
+
+    private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress publicIp, Account account,
+                                   Long nodeId, int nodeIndex, String base64UserData) {
+        int startSshPortNumber = KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT + (int) kubernetesCluster.getTotalNodeCount();
+        int sshStartPort = startSshPortNumber + nodeIndex;
+        try {
+            if (Objects.isNull(network.getVpcId())) {
+                provisionFirewallRules(publicIp, owner, sshStartPort, sshStartPort);
+            }
+            provisionPublicIpPortForwardingRule(publicIp, network, account, nodeId, sshStartPort, DEFAULT_SSH_PORT);
+            boolean isCompatible = validateNodeCompatibility(publicIp, nodeId, sshStartPort);
+            if (!isCompatible) {
+                revertNetworkRules(network, nodeId, sshStartPort);
+                return new Pair<>(false, nodeIndex);
+            }
+
+            userVmManager.updateVirtualMachine(nodeId, null, null, null, null,
+                    null, base64UserData, null, null, null,
+                    BaseCmd.HTTPMethod.POST, null, null, null, null, null);
+
+            RebootVMCmd rebootVMCmd = new RebootVMCmd();
+            Field idField = rebootVMCmd.getClass().getDeclaredField("id");
+            idField.setAccessible(true);
+            idField.set(rebootVMCmd, nodeId);
+            userVmService.rebootVirtualMachine(rebootVMCmd);
+            finalNodeIds.add(nodeId);
+        } catch (ResourceUnavailableException | NetworkRuleConflictException | NoSuchFieldException |
+                 InsufficientCapacityException | IllegalAccessException e) {
+            LOGGER.error(String.format("Failed to activate API port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()));
+            // remove added Firewall and PF rules
+            revertNetworkRules(network, nodeId, sshStartPort);
+            return new Pair<>( false, nodeIndex);
+        } catch (Exception e) {
+            throw new CloudRuntimeException(e);
+        }
+        return new Pair<>(true, ++nodeIndex);
+    }
+
+    private void updateKubernetesCluster(long clusterId, Ternary<Integer, Long, Long> additionalNodesDetails) {
+        int additionalNodeCount = additionalNodesDetails.first();
+        KubernetesClusterVO kubernetesClusterVO = kubernetesClusterDao.findById(clusterId);
+        kubernetesClusterVO.setNodeCount(kubernetesClusterVO.getNodeCount() + additionalNodeCount);
+        kubernetesClusterVO.setMemory(kubernetesClusterVO.getMemory() + additionalNodesDetails.second());
+        kubernetesClusterVO.setCores(kubernetesClusterVO.getCores() + additionalNodesDetails.third());
+        kubernetesClusterDao.update(clusterId, kubernetesClusterVO);
+        kubernetesCluster = kubernetesClusterVO;
+
+        finalNodeIds.forEach(id -> addKubernetesClusterVm(clusterId, id, false, true));
+    }
+
+
+    private boolean validateNodeCompatibility(IpAddress publicIp, long nodeId, int nodeSshPort) throws CloudRuntimeException {
+        File pkFile = getManagementServerSshPublicKeyFile();
+        try {
+            File validateNodeScriptFile = retrieveScriptFile(validateNodeScript);
+            Thread.sleep(15*1000);
+            copyScriptFile(publicIp.getAddress().addr(), nodeSshPort, validateNodeScriptFile, validateNodeScript);
+            String command = String.format("%s%s", scriptPath, validateNodeScript);
+            Pair<Boolean, String> result = SshHelper.sshExecute(publicIp.getAddress().addr(), nodeSshPort, getControlNodeLoginUser(),
+                    pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
+            if (Boolean.FALSE.equals(result.first())) {
+                LOGGER.error(String.format("Node with ID: %s cannot be added as a worker node as it does not have " +
+                        "the following dependencies: %s ", nodeId, result.second()));
+                return false;
+            }
+        } catch (Exception e) {
+            LOGGER.error(String.format("Failed to validate node with ID: %s", nodeId), e);
+            return false;
+        }
+        UserVmVO userVm = userVmDao.findById(nodeId);
+        cleanupCloudInitSemFolder(userVm, publicIp, pkFile, nodeSshPort);
+        return true;
+    }
+
+    private void cleanupCloudInitSemFolder(UserVm userVm, IpAddress publicIp, File pkFile, int nodeSshPort) {
+        try {
+            String command = String.format("sudo rm -rf /var/lib/cloud/instances/%s/sem/*", userVm.getUuid());
+            Pair<Boolean, String> result = SshHelper.sshExecute(publicIp.getAddress().addr(), nodeSshPort, getControlNodeLoginUser(),
+                    pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
+            if (Boolean.FALSE.equals(result.first())) {
+                LOGGER.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()));
+            }
+        } catch (Exception e) {
+            LOGGER.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()), e);
+        }
+    }
+
+    private void revertNetworkRules(Network network, long vmId, int port) {
+        FirewallRuleVO ruleVO = firewallRulesDao.findByNetworkIdAndPorts(network.getId(), port, port);
+        if (Objects.isNull(network.getVpcId())) {
+            firewallService.revokeIngressFirewallRule(ruleVO.getId(), true);
+        }
+        List<PortForwardingRuleVO> pfRules = portForwardingRulesDao.listByVm(vmId);
+        for (PortForwardingRuleVO pfRule : pfRules) {
+            rulesService.revokePortForwardingRule(pfRule.getId(), true);
+        }
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index 6e87d2071cdc..f8ed5df0cd04 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -151,7 +151,7 @@ protected void deleteKubernetesClusterIsolatedNetworkRules(Network network, List
         if (firewallRule == null) {
             logMessage(Level.WARN, "Firewall rule for API access can't be removed", null);
         }
-        firewallRule = removeSshFirewallRule(publicIp);
+        firewallRule = removeSshFirewallRule(publicIp, network.getId());
         if (firewallRule == null) {
             logMessage(Level.WARN, "Firewall rule for SSH access can't be removed", null);
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
new file mode 100644
index 000000000000..bb783f1a0875
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
@@ -0,0 +1,166 @@
+package com.cloud.kubernetes.cluster.actionworkers;
+
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventVO;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
+import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import com.cloud.kubernetes.cluster.KubernetesClusterVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.Network;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.utils.Pair;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.ssh.SshHelper;
+import com.cloud.vm.UserVmVO;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.context.CallContext;
+
+import javax.inject.Inject;
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+
+public class KubernetesClusterRemoveWorker extends KubernetesClusterActionWorker {
+
+    @Inject
+    private FirewallRulesDao firewallRulesDao;
+
+    private long removeNodeTimeoutTime;
+
+    public KubernetesClusterRemoveWorker(KubernetesCluster kubernetesCluster, KubernetesClusterManagerImpl clusterManager) {
+        super(kubernetesCluster, clusterManager);
+    }
+
+    public boolean removeNodesFromCluster(List<Long> nodeIds) {
+        init();
+        removeNodeTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterAddNodeTimeout.value() * 1000;
+        Long networkId = kubernetesCluster.getNetworkId();
+        Network network = networkDao.findById(networkId);
+        if (Objects.isNull(network)) {
+            throw new CloudRuntimeException(String.format("Failed to find network with id: %s", networkId));
+        }
+        IpAddress publicIp = null;
+        try {
+            publicIp = getPublicIp(network);
+        } catch (ManagementServerException e) {
+            throw new CloudRuntimeException(String.format("Failed to retrieve public IP for the network: %s ", network.getName()));
+        }
+        stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.RemoveNodeRequested);
+        boolean result = removeNodesFromCluster(nodeIds, network, publicIp);
+        if (!result) {
+            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
+        } else {
+            stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
+        }
+        String description = String.format("Successfully removed %s nodes from the Kubernetes Cluster %s", nodeIds.size(), kubernetesCluster.getUuid());
+        ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
+                EventVO.LEVEL_INFO, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_REMOVE,
+                description, kubernetesCluster.getId(), ApiCommandResourceType.KubernetesCluster.toString(), 0);
+        return result;
+    }
+
+    private boolean removeNodesFromCluster(List<Long> nodeIds, Network network, IpAddress publicIp) {
+        boolean result = true;
+        List<Long> removedNodeIds = new ArrayList<>();
+        long removedMemory = 0L;
+        long removedCores = 0L;
+        for (Long nodeId : nodeIds) {
+            UserVmVO vm = userVmDao.findById(nodeId);
+            if (vm == null) {
+                LOGGER.debug(String.format("Couldn't find a VM with ID %s, skipping removal from Kubernetes cluster", nodeId));
+                continue;
+            }
+            try {
+                removeNodeVmFromCluster(nodeId, vm.getDisplayName(), publicIp.getAddress().addr());
+                result &= removeNodePortForwardingRules(nodeId, network, vm);
+                if (System.currentTimeMillis() > removeNodeTimeoutTime) {
+                    LOGGER.error(String.format("Removal of node %s from Kubernetes cluster %s timed out", vm.getName(), kubernetesCluster.getName()));
+                    result = false;
+                    continue;
+                }
+                ServiceOfferingVO offeringVO = serviceOfferingDao.findById(vm.getId(), vm.getServiceOfferingId());
+                removedNodeIds.add(nodeId);
+                removedMemory += offeringVO.getRamSize();
+                removedCores += offeringVO.getCpu();
+                String description = String.format("Successfully removed the node %s from Kubernetes cluster %s", vm.getUuid(), kubernetesCluster.getUuid());
+                LOGGER.info(description);
+                ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
+                        EventVO.LEVEL_INFO, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_REMOVE,
+                        description, vm.getId(), ApiCommandResourceType.VirtualMachine.toString(), 0);
+            } catch (Exception e) {
+                String err = String.format("Error trying to remove node %s from Kubernetes Cluster %s: %s", vm.getUuid(), kubernetesCluster.getUuid(), e.getMessage());
+                LOGGER.error(err, e);
+                result = false;
+            }
+        }
+        updateKubernetesCluster(kubernetesCluster.getId(), removedNodeIds, removedMemory, removedCores);
+        return result;
+    }
+
+    protected boolean removeNodePortForwardingRules(Long nodeId, Network network, UserVmVO vm) {
+        List<PortForwardingRuleVO> pfRules = portForwardingRulesDao.listByVm(nodeId);
+        boolean result = true;
+        for (PortForwardingRuleVO pfRule : pfRules) {
+            try {
+                result &= rulesService.revokePortForwardingRule(pfRule.getId(), true);
+                if (Objects.isNull(network.getVpcId())) {
+                    FirewallRuleVO ruleVO = firewallRulesDao.findByNetworkIdAndPorts(network.getId(), pfRule.getSourcePortStart(), pfRule.getSourcePortEnd());
+                    result &= firewallService.revokeIngressFirewallRule(ruleVO.getId(), true);
+                }
+            } catch (Exception e) {
+                String err = String.format("Failed to cleanup network rules for node %s, due to: %s", vm.getName(), e.getMessage());
+                LOGGER.error(err, e);
+            }
+        }
+        return result;
+    }
+
+    private void removeNodeVmFromCluster(Long nodeId, String nodeName, String publicIp) throws Exception {
+        File removeNodeScriptFile = retrieveScriptFile(removeNodeFromClusterScript);
+        copyScriptFile(publicIp, CLUSTER_NODES_DEFAULT_START_SSH_PORT, removeNodeScriptFile, removeNodeFromClusterScript);
+        File pkFile = getManagementServerSshPublicKeyFile();
+        String command = String.format("%s%s %s %s %s", scriptPath, removeNodeFromClusterScript, nodeName, "control", "remove");
+        Pair<Boolean, String> result = SshHelper.sshExecute(publicIp, CLUSTER_NODES_DEFAULT_START_SSH_PORT, getControlNodeLoginUser(),
+                pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
+        if (Boolean.FALSE.equals(result.first())) {
+            LOGGER.error(String.format("Node: %s failed to be gracefully drained as a worker node from cluster %s ", nodeName, kubernetesCluster.getName()));
+        }
+        List<PortForwardingRuleVO> nodePfRules = portForwardingRulesDao.listByVm(nodeId);
+        Optional<PortForwardingRuleVO> nodeSshPort = nodePfRules.stream().filter(rule -> rule.getDestinationPortStart() == DEFAULT_SSH_PORT
+                && rule.getVirtualMachineId() == nodeId && rule.getSourcePortStart() >= CLUSTER_NODES_DEFAULT_START_SSH_PORT).findFirst();
+        if (nodeSshPort.isPresent()) {
+            copyScriptFile(publicIp, nodeSshPort.get().getSourcePortStart(), removeNodeScriptFile, removeNodeFromClusterScript);
+            command = String.format("sudo %s%s %s %s %s", scriptPath, removeNodeFromClusterScript, nodeName, "worker", "remove");
+            result = SshHelper.sshExecute(publicIp, nodeSshPort.get().getSourcePortStart(), getControlNodeLoginUser(),
+                    pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
+            if (Boolean.FALSE.equals(result.first())) {
+                LOGGER.error(String.format("Failed to reset node: %s from cluster %s ", nodeName, kubernetesCluster.getName()));
+            }
+            command = String.format("%s%s %s %s %s", scriptPath, removeNodeFromClusterScript, nodeName, "control", "delete");
+            result = SshHelper.sshExecute(publicIp, CLUSTER_NODES_DEFAULT_START_SSH_PORT, getControlNodeLoginUser(),
+                    pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
+            if (Boolean.FALSE.equals(result.first())) {
+                LOGGER.error(String.format("Node: %s failed to be gracefully delete node from cluster %s ", nodeName, kubernetesCluster.getName()));
+            }
+
+        }
+    }
+
+    private void updateKubernetesCluster(long clusterId, List<Long> nodesRemoved, long deallocatedRam, long deallocatedCores) {
+        KubernetesClusterVO kubernetesClusterVO = kubernetesClusterDao.findById(clusterId);
+        kubernetesClusterVO.setNodeCount(kubernetesClusterVO.getNodeCount() - nodesRemoved.size());
+        kubernetesClusterVO.setMemory(kubernetesClusterVO.getMemory() - deallocatedRam);
+        kubernetesClusterVO.setCores(kubernetesClusterVO.getCores() - deallocatedCores);
+        kubernetesClusterDao.update(clusterId, kubernetesClusterVO);
+
+        nodesRemoved.forEach(id -> kubernetesClusterVmMapDao.removeByClusterIdAndVmIdsIn(clusterId, nodesRemoved));
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index afc7382eae8f..6657d4268ec8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -21,6 +21,7 @@
 import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
 import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.WORKER;
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
+import static com.cloud.utils.db.Transaction.execute;
 
 import java.io.File;
 import java.io.IOException;
@@ -29,6 +30,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 
@@ -36,9 +38,12 @@
 
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
 import com.cloud.network.rules.FirewallManager;
+import com.cloud.network.rules.RulesService;
+import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.dao.NetworkOfferingDao;
-import org.apache.cloudstack.api.ApiConstants;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.net.Ip;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@@ -69,23 +74,18 @@
 import com.cloud.host.dao.HostDao;
 import com.cloud.hypervisor.Hypervisor;
 import com.cloud.kubernetes.cluster.KubernetesCluster;
-import com.cloud.kubernetes.cluster.KubernetesClusterDetailsVO;
 import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
 import com.cloud.kubernetes.cluster.KubernetesClusterVO;
-import com.cloud.kubernetes.cluster.utils.KubernetesClusterUtil;
 import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.LoadBalancerVO;
-import com.cloud.network.firewall.FirewallService;
 import com.cloud.network.lb.LoadBalancingRulesService;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.network.rules.PortForwardingRuleVO;
-import com.cloud.network.rules.RulesService;
-import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.network.vpc.NetworkACL;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.NetworkACLItemDao;
@@ -99,16 +99,12 @@
 import com.cloud.storage.dao.LaunchPermissionDao;
 import com.cloud.storage.dao.VolumeDao;
 import com.cloud.user.Account;
-import com.cloud.user.SSHKeyPairVO;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.ComponentContext;
-import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.TransactionCallback;
-import com.cloud.utils.db.TransactionCallbackWithException;
 import com.cloud.utils.db.TransactionStatus;
 import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.utils.ssh.SshHelper;
 import com.cloud.vm.Nic;
@@ -131,8 +127,6 @@ public class KubernetesClusterResourceModifierActionWorker extends KubernetesClu
     @Inject
     protected FirewallRulesDao firewallRulesDao;
     @Inject
-    protected FirewallService firewallService;
-    @Inject
     protected NetworkACLService networkACLService;
     @Inject
     protected  NetworkACLItemDao networkACLItemDao;
@@ -172,72 +166,6 @@ protected void init() {
         kubernetesClusterNodeNamePrefix = getKubernetesClusterNodeNamePrefix();
     }
 
-    private String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
-        String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
-        final String sshPubKey = "{{ k8s.ssh.pub.key }}";
-        final String joinIpKey = "{{ k8s_control_node.join_ip }}";
-        final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
-        final String ejectIsoKey = "{{ k8s.eject.iso }}";
-        String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
-        String sshKeyPair = kubernetesCluster.getKeyPair();
-        if (StringUtils.isNotEmpty(sshKeyPair)) {
-            SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
-            if (sshkp != null) {
-                pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
-            }
-        }
-        k8sNodeConfig = k8sNodeConfig.replace(sshPubKey, pubKey);
-        k8sNodeConfig = k8sNodeConfig.replace(joinIpKey, joinIp);
-        k8sNodeConfig = k8sNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
-        k8sNodeConfig = k8sNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
-
-        k8sNodeConfig = updateKubeConfigWithRegistryDetails(k8sNodeConfig);
-
-        return k8sNodeConfig;
-    }
-
-    protected String updateKubeConfigWithRegistryDetails(String k8sConfig) {
-        /* genarate /etc/containerd/config.toml file on the nodes only if Kubernetes cluster is created to
-         * use docker private registry */
-        String registryUsername = null;
-        String registryPassword = null;
-        String registryUrl = null;
-
-        List<KubernetesClusterDetailsVO> details = kubernetesClusterDetailsDao.listDetails(kubernetesCluster.getId());
-        for (KubernetesClusterDetailsVO detail : details) {
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_USER_NAME)) {
-                registryUsername = detail.getValue();
-            }
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_PASSWORD)) {
-                registryPassword = detail.getValue();
-            }
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_URL)) {
-                registryUrl = detail.getValue();
-            }
-        }
-
-        if (StringUtils.isNoneEmpty(registryUsername, registryPassword, registryUrl)) {
-            // Update runcmd in the cloud-init configuration to run a script that updates the containerd config with provided registry details
-            String runCmd = "- bash -x /opt/bin/setup-containerd";
-
-            String registryEp = registryUrl.split("://")[1];
-            k8sConfig = k8sConfig.replace("- containerd config default > /etc/containerd/config.toml", runCmd);
-            final String registryUrlKey = "{{registry.url}}";
-            final String registryUrlEpKey = "{{registry.url.endpoint}}";
-            final String registryAuthKey = "{{registry.token}}";
-            final String registryUname = "{{registry.username}}";
-            final String registryPsswd = "{{registry.password}}";
-
-            final String usernamePasswordKey = registryUsername + ":" + registryPassword;
-            String base64Auth = Base64.encodeBase64String(usernamePasswordKey.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
-            k8sConfig = k8sConfig.replace(registryUrlKey,   registryUrl);
-            k8sConfig = k8sConfig.replace(registryUrlEpKey, registryEp);
-            k8sConfig = k8sConfig.replace(registryUname, registryUsername);
-            k8sConfig = k8sConfig.replace(registryPsswd, registryPassword);
-            k8sConfig = k8sConfig.replace(registryAuthKey, base64Auth);
-        }
-        return k8sConfig;
-    }
     protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
@@ -357,7 +285,7 @@ protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, f
         List<UserVm> nodes = new ArrayList<>();
         for (int i = offset + 1; i <= nodeCount; i++) {
             UserVm vm = createKubernetesNode(publicIpAddress);
-            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false);
+            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false);
             if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                 resizeNodeVolume(vm);
             }
@@ -469,7 +397,7 @@ protected void provisionPublicIpPortForwardingRule(IpAddress publicIp, Network n
         final long domainId = account.getDomainId();
         Nic vmNic = networkModel.getNicInNetwork(vmId, networkId);
         final Ip vmIp = new Ip(vmNic.getIPv4Address());
-        PortForwardingRuleVO pfRule = Transaction.execute((TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>) status -> {
+        PortForwardingRuleVO pfRule = execute((TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>) status -> {
             PortForwardingRuleVO newRule =
                     new PortForwardingRuleVO(null, publicIpId,
                             sourcePort, sourcePort,
@@ -501,11 +429,18 @@ protected void provisionPublicIpPortForwardingRule(IpAddress publicIp, Network n
      * @throws NetworkRuleConflictException
      */
     protected void provisionSshPortForwardingRules(IpAddress publicIp, Network network, Account account,
-                                                   List<Long> clusterVMIds) throws ResourceUnavailableException,
+                                                   List<Long> clusterVMIds, Map<Long, Integer> vmIdPortMap) throws ResourceUnavailableException,
             NetworkRuleConflictException {
         if (!CollectionUtils.isEmpty(clusterVMIds)) {
-            for (int i = 0; i < clusterVMIds.size(); ++i) {
-                provisionPublicIpPortForwardingRule(publicIp, network, account, clusterVMIds.get(i), CLUSTER_NODES_DEFAULT_START_SSH_PORT + i, DEFAULT_SSH_PORT);
+            int defaultNodesCount = clusterVMIds.size() - vmIdPortMap.size();
+            int sourcePort = CLUSTER_NODES_DEFAULT_START_SSH_PORT;
+            for (int i = 0; i < defaultNodesCount; ++i) {
+                sourcePort = CLUSTER_NODES_DEFAULT_START_SSH_PORT + i;
+                provisionPublicIpPortForwardingRule(publicIp, network, account, clusterVMIds.get(i), sourcePort, DEFAULT_SSH_PORT);
+            }
+            for (int i = defaultNodesCount; i < clusterVMIds.size(); ++i) {
+                sourcePort += 1;
+                provisionPublicIpPortForwardingRule(publicIp, network, account, clusterVMIds.get(i), sourcePort, DEFAULT_SSH_PORT);
             }
         }
     }
@@ -524,14 +459,14 @@ protected FirewallRule removeApiFirewallRule(final IpAddress publicIp) {
         return rule;
     }
 
-    protected FirewallRule removeSshFirewallRule(final IpAddress publicIp) {
+    protected FirewallRule removeSshFirewallRule(final IpAddress publicIp, final long networkId) {
         FirewallRule rule = null;
         List<FirewallRuleVO> firewallRules = firewallRulesDao.listByIpAndPurposeAndNotRevoked(publicIp.getId(), FirewallRule.Purpose.Firewall);
         for (FirewallRuleVO firewallRule : firewallRules) {
-            if (firewallRule.getSourcePortStart() == CLUSTER_NODES_DEFAULT_START_SSH_PORT) {
+            PortForwardingRuleVO pfRule = portForwardingRulesDao.findByNetworkAndPorts(networkId, firewallRule.getSourcePortStart(), firewallRule.getSourcePortEnd());
+            if (firewallRule.getSourcePortStart() == CLUSTER_NODES_DEFAULT_START_SSH_PORT || (Objects.nonNull(pfRule) && pfRule.getDestinationPortStart() == DEFAULT_SSH_PORT) ) {
                 rule = firewallRule;
                 firewallService.revokeIngressFwRule(firewallRule.getId(), true);
-                break;
             }
         }
         return rule;
@@ -546,7 +481,7 @@ protected void removePortForwardingRules(final IpAddress publicIp, final Network
                 for (PortForwardingRuleVO pfRule : pfRules) {
                     if (pfRule.getVirtualMachineId() == vmId) {
                         portForwardingRulesDao.remove(pfRule.getId());
-                        LOGGER.trace("Marking PF rule " + pfRule + " with Revoke state");
+                        logger.trace("Marking PF rule " + pfRule + " with Revoke state");
                         pfRule.setState(FirewallRule.State.Revoke);
                         revokedRules.add(pfRule);
                         break;
@@ -643,19 +578,11 @@ protected void provisionLoadBalancerRule(final IpAddress publicIp, final Network
         lbService.assignToLoadBalancer(lb.getId(), null, vmIdIpMap, false);
     }
 
-    protected void createFirewallRules(IpAddress publicIp, List<Long> clusterVMIds, boolean apiRule) throws ManagementServerException {
+    protected Map<Long, Integer> createFirewallRules(IpAddress publicIp, List<Long> clusterVMIds, boolean apiRule) throws ManagementServerException {
         // Firewall rule for SSH access on each node VM
-        try {
-            int endPort = CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVMIds.size() - 1;
-            provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort);
-            if (logger.isInfoEnabled()) {
-                logger.info(String.format("Provisioned firewall rule to open up port %d to %d on %s for Kubernetes cluster : %s", CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort, publicIp.getAddress().addr(), kubernetesCluster.getName()));
-            }
-        } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | NetworkRuleConflictException e) {
-            throw new ManagementServerException(String.format("Failed to provision firewall rules for SSH access for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
-        }
+        Map<Long, Integer> vmIdPortMap = addFirewallRulesForNodes(publicIp, clusterVMIds.size());
         if (!apiRule) {
-            return;
+            return vmIdPortMap;
         }
         // Firewall rule for API access for control node VMs
         try {
@@ -667,6 +594,7 @@ protected void createFirewallRules(IpAddress publicIp, List<Long> clusterVMIds,
         } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | NetworkRuleConflictException e) {
             throw new ManagementServerException(String.format("Failed to provision firewall rules for API access for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
         }
+        return vmIdPortMap;
     }
 
     /**
@@ -681,11 +609,11 @@ protected void createFirewallRules(IpAddress publicIp, List<Long> clusterVMIds,
      * @throws ManagementServerException
      */
     protected void setupKubernetesClusterIsolatedNetworkRules(IpAddress publicIp, Network network, List<Long> clusterVMIds, boolean apiRule) throws ManagementServerException {
-        createFirewallRules(publicIp, clusterVMIds, apiRule);
+        Map<Long, Integer> vmIdPortMap = createFirewallRules(publicIp, clusterVMIds, apiRule);
 
         // Port forwarding rule for SSH access on each node VM
         try {
-            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds);
+            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds, vmIdPortMap);
         } catch (ResourceUnavailableException | NetworkRuleConflictException e) {
             throw new ManagementServerException(String.format("Failed to activate SSH port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
         }
@@ -775,7 +703,8 @@ protected void setupKubernetesClusterVpcTierRules(IpAddress publicIp, Network ne
 
         // Add port forwarding rule for SSH access on each node VM
         try {
-            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds);
+            Map<Long, Integer> vmIdPortMap = getVmPortMap();
+            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds, vmIdPortMap);
         } catch (ResourceUnavailableException | NetworkRuleConflictException e) {
             throw new ManagementServerException(String.format("Failed to activate SSH port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
         }
@@ -802,7 +731,7 @@ protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, fin
                                                                final KubernetesClusterNodeType nodeType,
                                                                final boolean updateNodeOffering,
                                                                final boolean updateClusterOffering) {
-        return Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
+        return execute(new TransactionCallback<KubernetesClusterVO>() {
                 @Override
                 public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                 KubernetesClusterVO updatedCluster = kubernetesClusterDao.findById(kubernetesCluster.getId());
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 60085e0c909b..1e672c7a2ffa 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -134,7 +134,7 @@ private void scaleKubernetesClusterIsolatedNetworkRules(final List<Long> cluster
         }
 
         // Remove existing SSH firewall rules
-        FirewallRule firewallRule = removeSshFirewallRule(publicIp);
+        FirewallRule firewallRule = removeSshFirewallRule(publicIp, network.getId());
         if (firewallRule == null) {
             throw new ManagementServerException("Firewall rule for node SSH access can't be provisioned");
         }
@@ -159,7 +159,8 @@ private void scaleKubernetesClusterVpcTierRules(final List<Long> clusterVMIds) t
         }
         // Add port forwarding rule for SSH access on each node VM
         try {
-            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds);
+           Map<Long, Integer> vmIdPortMap = getVmPortMap();
+            provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds, vmIdPortMap);
         } catch (ResourceUnavailableException | NetworkRuleConflictException e) {
             throw new ManagementServerException(String.format("Failed to activate SSH port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
         }
@@ -416,10 +417,11 @@ private void scaleDownKubernetesClusterSize() throws CloudRuntimeException {
         }
         List<KubernetesClusterVmMapVO> vmList;
         if (this.nodeIds != null) {
-            vmList = getKubernetesClusterVMMapsForNodes(this.nodeIds);
+            vmList = getKubernetesClusterVMMapsForNodes(this.nodeIds).stream().filter(vm -> !vm.isExternalNode()).collect(Collectors.toList());
         } else {
             vmList  = getKubernetesClusterVMMaps();
-            vmList = vmList.subList((int) (kubernetesCluster.getControlNodeCount() + clusterSize), vmList.size());
+            vmList  = vmList.stream().filter(vm -> !vm.isExternalNode()).collect(Collectors.toList());
+            vmList = vmList.subList((int) (kubernetesCluster.getControlNodeCount() + clusterSize - 1), vmList.size());
         }
         Collections.reverse(vmList);
         removeNodesFromCluster(vmList);
@@ -441,7 +443,9 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to provision node VM in the cluster", kubernetesCluster.getName()), e);
         }
         try {
-            List<Long> clusterVMIds = getKubernetesClusterVMMaps().stream().map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            List<Long> externalNodeIds = getKubernetesClusterVMMaps().stream().filter(KubernetesClusterVmMapVO::isExternalNode).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            List<Long> clusterVMIds = getKubernetesClusterVMMaps().stream().filter(vm -> !vm.isExternalNode()).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            clusterVMIds.addAll(externalNodeIds);
             scaleKubernetesClusterNetworkRules(clusterVMIds);
         } catch (ManagementServerException e) {
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to update network rules", kubernetesCluster.getName()), e);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 9f83d0ed0b96..97bd51fb7802 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -317,7 +317,7 @@ private UserVm provisionKubernetesClusterControlVm(final Network network, final
             ManagementServerException, InsufficientCapacityException, ResourceUnavailableException {
         UserVm k8sControlVM = null;
         k8sControlVM = createKubernetesControlNode(network, publicIpAddress);
-        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true);
+        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false);
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
         }
@@ -339,7 +339,7 @@ private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String
             for (int i = 1; i < kubernetesCluster.getControlNodeCount(); i++) {
                 UserVm vm = null;
                 vm = createKubernetesAdditionalControlNode(publicIpAddress, i);
-                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true);
+                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false);
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
new file mode 100644
index 000000000000..3392928d225d
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -0,0 +1,132 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.kubernetes.cluster;
+
+import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+
+import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.KubernetesClusterResponse;
+import org.apache.cloudstack.api.response.UserVmResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import javax.inject.Inject;
+
+import java.util.List;
+
+@APICommand(name = "addNodesToKubernetesCluster",
+        description = "Add nodes as workers to an existing CKS cluster. ",
+        responseObject = KubernetesClusterResponse.class,
+        since = "4.20.0",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
+
+    @Inject
+    public KubernetesClusterService kubernetesClusterService;
+
+    public static final Logger LOGGER = Logger.getLogger(AddNodesToKubernetesClusterCmd.class.getName());
+
+    @Parameter(name = ApiConstants.NODE_IDS,
+            type = CommandType.LIST,
+            collectionType = CommandType.UUID,
+            entityType= UserVmResponse.class,
+            description = "comma separated list of (external) node (physical or virtual machines) IDs that need to be" +
+                    "added as worker nodes to an existing managed Kubernetes cluster (CKS)",
+            required = true,
+            since = "4.20.0")
+    private List<Long> nodeIds;
+
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
+            entityType = KubernetesClusterResponse.class,
+            description = "the ID of the Kubernetes cluster", since = "4.20.0")
+    private Long clusterId;
+
+    @Parameter(name = ApiConstants.MOUNT_CKS_ISO_ON_VR, type = CommandType.BOOLEAN,
+            description = "(optional) Vmware only, uses the CKS cluster network VR to mount the CKS ISO",
+            since = "4.20.0")
+    private Boolean mountCksIsoOnVr;
+
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public List<Long> getNodeIds() {
+        return nodeIds;
+    }
+
+    public Long getClusterId() {
+        return clusterId;
+    }
+
+    public boolean isMountCksIsoOnVr() {
+        return mountCksIsoOnVr != null && mountCksIsoOnVr;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public String getEventType() {
+        return KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_ADD;
+    }
+
+    @Override
+    public String getEventDescription() {
+        return String.format("Adding %s nodes to the Kubernetes cluster with ID: %s", nodeIds.size(), clusterId);
+    }
+
+    @Override
+    public void execute() {
+        try {
+            if (!kubernetesClusterService.addNodesToKubernetesCluster(this)) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, String.format("Failed to add node(s) Kubernetes cluster ID: %d", getClusterId()));
+            }
+            final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getClusterId());
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (Exception e) {
+            throw new CloudRuntimeException(String.format("Failed to add nodes to cluster due to: %s", e.getLocalizedMessage()), e);
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    @Override
+    public ApiCommandResourceType getApiResourceType() {
+        return ApiCommandResourceType.KubernetesCluster;
+    }
+
+    @Override
+    public Long getApiResourceId() {
+        return getClusterId();
+    }
+
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
new file mode 100644
index 000000000000..c0b569778fe2
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
@@ -0,0 +1,109 @@
+package org.apache.cloudstack.api.command.user.kubernetes.cluster;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.KubernetesClusterResponse;
+import org.apache.cloudstack.api.response.UserVmResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import javax.inject.Inject;
+import java.util.List;
+
+@APICommand(name = "removeNodesFromKubernetesCluster",
+        description = "Removes external nodes from a CKS cluster. ",
+        responseObject = KubernetesClusterResponse.class,
+        since = "4.20.0",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class RemoveNodesFromKubernetesClusterCmd extends BaseAsyncCmd {
+
+    @Inject
+    public KubernetesClusterService kubernetesClusterService;
+
+    protected static final Logger LOGGER = Logger.getLogger(RemoveNodesFromKubernetesClusterCmd.class);
+
+    @Parameter(name = ApiConstants.NODE_IDS,
+            type = CommandType.LIST,
+            collectionType = CommandType.UUID,
+            entityType= UserVmResponse.class,
+            description = "comma separated list of node (physical or virtual machines) IDs that need to be" +
+                    "removed from the Kubernetes cluster (CKS)",
+            required = true,
+            since = "4.20.0")
+    private List<Long> nodeIds;
+
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
+            entityType = KubernetesClusterResponse.class,
+            description = "the ID of the Kubernetes cluster", since = "4.20.0")
+    private Long clusterId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public List<Long> getNodeIds() {
+        return nodeIds;
+    }
+
+    public Long getClusterId() {
+        return clusterId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public String getEventType() {
+        return KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_REMOVE;
+    }
+
+    @Override
+    public String getEventDescription() {
+        return String.format("Removing %s nodes from the Kubernetes Cluster with ID: %s", nodeIds.size(), clusterId);
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        try {
+            if (!kubernetesClusterService.removeNodesFromKubernetesCluster(this)) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, String.format("Failed to remove node(s) from Kubernetes cluster ID: %d", getClusterId()));
+            }
+            final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getClusterId());
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (Exception e) {
+            String err = String.format("Failed to remove node(s) from Kubernetes cluster ID: %d due to: %s", getClusterId(), e.getMessage());
+            LOGGER.error(err, e);
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, err);
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    @Override
+    public ApiCommandResourceType getApiResourceType() {
+        return ApiCommandResourceType.KubernetesCluster;
+    }
+
+    @Override
+    public Long getApiResourceId() {
+        return getClusterId();
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
index c14fd9812f51..48f5bab471b9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
@@ -86,6 +86,10 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "the number of the etcd nodes on the Kubernetes cluster")
     private Long etcdNodes;
 
+    @SerializedName(ApiConstants.EXTERNAL_NODES)
+    @Param(description = "the number of the externally added worker nodes to the Kubernetes cluster")
+    private Long externalNodes;
+
     @SerializedName(ApiConstants.TEMPLATE_ID)
     @Param(description = "the ID of the template of the Kubernetes cluster")
     private String templateId;
@@ -165,7 +169,7 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
 
     @SerializedName(ApiConstants.VIRTUAL_MACHINES)
     @Param(description = "the list of virtualmachine associated with this Kubernetes cluster")
-    private List<UserVmResponse> virtualMachines;
+    private List<KubernetesUserVmResponse> virtualMachines;
 
     @SerializedName(ApiConstants.IP_ADDRESS)
     @Param(description = "Public IP Address of the cluster")
@@ -443,11 +447,19 @@ public void setEtcdNodes(Long etcdNodes) {
         this.etcdNodes = etcdNodes;
     }
 
-    public void setVirtualMachines(List<UserVmResponse> virtualMachines) {
+    public Long getExternalNodes() {
+        return externalNodes;
+    }
+
+    public void setExternalNodes(Long externalNodes) {
+        this.externalNodes = externalNodes;
+    }
+
+    public void setVirtualMachines(List<KubernetesUserVmResponse> virtualMachines) {
         this.virtualMachines = virtualMachines;
     }
 
-    public List<UserVmResponse> getVirtualMachines() {
+    public List<KubernetesUserVmResponse> getVirtualMachines() {
         return virtualMachines;
     }
 
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index de1f4c9ffc70..0dba6fa7f5b8 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -76,6 +76,19 @@ write_files:
               fi
             fi
           done <<< "$output"
+        else
+          ### Download from VR ###
+          ROUTER_IP="{{ k8s.vr.iso.mounted.ip }}"
+          echo "Downloading CKS binaries from the VR $ROUTER_IP"
+          if [ ! -d "${ISO_MOUNT_DIR}" ]; then
+            mkdir "${ISO_MOUNT_DIR}"
+          fi
+          ### Download from ROUTER_IP/cks-iso into ISO_MOUNT_DIR
+          AUX_DOWNLOAD_DIR=/aux-dwnld
+          mkdir -p $AUX_DOWNLOAD_DIR
+          wget -r -R "index.html*" $ROUTER_IP/cks-iso -P $AUX_DOWNLOAD_DIR
+          mv $AUX_DOWNLOAD_DIR/$ROUTER_IP/cks-iso/* $ISO_MOUNT_DIR
+          rm -rf $AUX_DOWNLOAD_DIR
         fi
         if [ -d "$BINARIES_DIR" ]; then
           break
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster b/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
new file mode 100644
index 000000000000..1d2788bdd870
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+export PATH=$PATH:/opt/bin
+node_name=$1
+node_type=$2
+operation=$3
+
+if [ $operation == "remove" ]; then
+  if [ $node_type == "control" ]; then
+    # get the specific node
+    kubectl get nodes $node_name >/dev/null 2>&1
+    if [[ $(echo $?) -eq 1 ]]; then
+       echo "No node with name $node_name present in the cluster, exiting..."
+       exit 0
+    else
+       # Drain the node
+       kubectl drain $node_name --delete-local-data --force --ignore-daemonsets
+    fi
+  else
+    kubeadm reset -f
+  fi
+else
+  sudo mkdir -p /home/cloud/.kube
+  sudo cp /root/.kube/config /home/cloud/.kube/
+  sudo chown -R cloud:cloud /home/cloud/.kube
+  kubectl delete node $node_name
+fi
\ No newline at end of file
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node b/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
new file mode 100644
index 000000000000..a6d38414b0a7
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+OS=`awk -F= '/^NAME/{print $2}' /etc/os-release`
+REQUIRED_PACKAGES=(cloud-init cloud-guest-utils conntrack apt-transport-https ca-certificates curl gnupg gnupg-agent \
+                    software-properties-common gnupg lsb-release python3-json-pointer python3-jsonschema cloud-init containerd.io)
+declare -a MISSING_PACKAGES
+if [[ $OS == *"Ubuntu"* || $OS == *"Debian"* ]]; then
+  for package in ${REQUIRED_PACKAGES[@]}; do
+    dpkg -s $package >/dev/null 2>&1
+    if [ $? -eq 1 ]; then
+      MISSING_PACKAGES+="$package"
+    fi
+  done
+else
+  for package in ${REQUIRED_PACKAGES[@]}; do
+    rpm -qa | grep $package >/dev/null 2>&1
+    if [ $? -eq 1 ]; then
+      MISSING_PACKAGES[${#MISSING_PACKAGES[@]}]=$package
+    fi
+  done
+fi
+
+echo ${#MISSING_PACKAGES[@]}
+if (( ${#MISSING_PACKAGES[@]} )); then
+  echo "Following packages are missing in the node template: ${MISSING_PACKAGES[@]}"
+  exit 1
+else
+  echo 0
+fi
\ No newline at end of file
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 1314d7dd574f..e1fc14aeb724 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -6144,6 +6144,27 @@ public List<InternalLoadBalancerElementService> getInternalLoadBalancerElements(
         return new ArrayList<>(this.internalLoadBalancerElementServiceMap.values());
     }
 
+    @Override
+    public boolean handleCksIsoOnNetworkVirtualRouter(Long virtualRouterId, boolean mount) throws ResourceUnavailableException {
+        DomainRouterVO router = routerDao.findById(virtualRouterId);
+        if (router == null) {
+            String err = String.format("Cannot find VR with ID %s", virtualRouterId);
+            s_logger.error(err);
+            throw new CloudRuntimeException(err);
+        }
+        Commands commands = new Commands(Command.OnError.Stop);
+        commandSetupHelper.createHandleCksIsoCommand(router, mount, commands);
+        if (!networkHelper.sendCommandsToRouter(router, commands)) {
+            throw new CloudRuntimeException(String.format("Unable to send commands to virtual router: %s", router.getHostId()));
+        }
+        Answer answer = commands.getAnswer("handleCksIso");
+        if (answer == null || !answer.getResult()) {
+            s_logger.error(String.format("Could not handle the CKS ISO properly: %s", answer.getDetails()));
+            return false;
+        }
+        return true;
+    }
+
     /**
      * Retrieves the active quarantine for the given public IP address. It can find by the ID of the quarantine or the address of the public IP.
      * @throws CloudRuntimeException if it does not find an active quarantine for the given public IP.
diff --git a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
index ce5024a5e1b4..691921005147 100644
--- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
@@ -28,6 +28,7 @@
 
 import javax.inject.Inject;
 
+import com.cloud.agent.api.HandleCksIsoCommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -1404,4 +1405,11 @@ public void setupUpdateNetworkCommands(final VirtualRouter router, final Set<IpA
             cmds.addCommand("updateNetwork", cmd);
         }
     }
+
+    public void createHandleCksIsoCommand(final VirtualRouter router, final boolean mount, Commands cmds) {
+        HandleCksIsoCommand command = new HandleCksIsoCommand(mount);
+        command.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
+        command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
+        cmds.addCommand("handleCksIso", command);
+    }
 }
diff --git a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
index c4692ce62d61..7c15c8e369f8 100755
--- a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
@@ -34,6 +34,7 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.vm.VirtualMachine;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
@@ -1141,35 +1142,33 @@ public boolean templateIsDeleteable(long templateId) {
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ISO_DETACH, eventDescription = "detaching ISO", async = true)
-    public boolean detachIso(long vmId, boolean forced) {
+    public boolean detachIso(long vmId, Long isoParamId, Boolean... extraParams) {
         Account caller = CallContext.current().getCallingAccount();
         Long userId = CallContext.current().getCallingUserId();
 
-        // Verify input parameters
-        UserVmVO vmInstanceCheck = _userVmDao.findById(vmId);
-        if (vmInstanceCheck == null) {
-            throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId);
-        }
+        boolean forced = extraParams != null && extraParams.length > 0 ? extraParams[0] : false;
+        boolean isVirtualRouter = extraParams != null && extraParams.length > 1 ? extraParams[1] : false;
 
-        UserVm userVM = _userVmDao.findById(vmId);
-        if (userVM == null) {
+        // Verify input parameters
+        VirtualMachine virtualMachine = !isVirtualRouter ? _userVmDao.findById(vmId) : _vmInstanceDao.findById(vmId);
+        if (virtualMachine == null || (isVirtualRouter && virtualMachine.getType() != VirtualMachine.Type.DomainRouter)) {
             throw new InvalidParameterValueException("Please specify a valid VM.");
         }
 
-        _accountMgr.checkAccess(caller, null, true, userVM);
+        _accountMgr.checkAccess(caller, null, true, virtualMachine);
 
-        Long isoId = userVM.getIsoId();
+        Long isoId = !isVirtualRouter ? ((UserVm) virtualMachine).getIsoId() : isoParamId;
         if (isoId == null) {
             throw new InvalidParameterValueException("The specified VM has no ISO attached to it.");
         }
-        CallContext.current().setEventDetails("Vm Id: " + userVM.getUuid() + " ISO Id: " + isoId);
+        CallContext.current().setEventDetails("Vm Id: " + virtualMachine.getUuid() + " ISO Id: " + isoId);
 
-        State vmState = userVM.getState();
+        State vmState = virtualMachine.getState();
         if (vmState != State.Running && vmState != State.Stopped) {
             throw new InvalidParameterValueException("Please specify a VM that is either Stopped or Running.");
         }
 
-        boolean result = attachISOToVM(vmId, userId, isoId, false, forced); // attach=false
+        boolean result = attachISOToVM(vmId, userId, isoId, false, forced, isVirtualRouter); // attach=false
         // => detach
         if (result) {
             return result;
@@ -1180,14 +1179,26 @@ public boolean detachIso(long vmId, boolean forced) {
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ISO_ATTACH, eventDescription = "attaching ISO", async = true)
-    public boolean attachIso(long isoId, long vmId, boolean forced) {
+    public boolean attachIso(long isoId, long vmId, Boolean... extraParams) {
         Account caller = CallContext.current().getCallingAccount();
         Long userId = CallContext.current().getCallingUserId();
 
+        boolean forced = extraParams != null && extraParams.length > 0 ? extraParams[0] : false;
+        boolean isVirtualRouter = extraParams != null && extraParams.length > 1 ? extraParams[1] : false;
+
         // Verify input parameters
-        UserVmVO vm = _userVmDao.findById(vmId);
+        VirtualMachine vm = _userVmDao.findById(vmId);
         if (vm == null) {
-            throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId);
+            if (isVirtualRouter) {
+                vm = _vmInstanceDao.findById(vmId);
+                if (vm == null) {
+                    throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId);
+                } else if (vm.getType() != VirtualMachine.Type.DomainRouter) {
+                    throw new InvalidParameterValueException("Unable to find a virtual router with id " + vmId);
+                }
+            } else {
+                throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId);
+            }
         }
 
         VMTemplateVO iso = _tmpltDao.findById(isoId);
@@ -1223,7 +1234,7 @@ public boolean attachIso(long isoId, long vmId, boolean forced) {
         if (VMWARE_TOOLS_ISO.equals(iso.getUniqueName()) && vm.getHypervisorType() != Hypervisor.HypervisorType.VMware) {
             throw new InvalidParameterValueException("Cannot attach VMware tools drivers to incompatible hypervisor " + vm.getHypervisorType());
         }
-        boolean result = attachISOToVM(vmId, userId, isoId, true, forced);
+        boolean result = attachISOToVM(vmId, userId, isoId, true, forced, isVirtualRouter);
         if (result) {
             return result;
         } else {
@@ -1262,10 +1273,10 @@ public TemplateInfo prepareIso(long isoId, long dcId, Long hostId, Long poolId)
         }
     }
 
-    private boolean attachISOToVM(long vmId, long isoId, boolean attach, boolean forced) {
-        UserVmVO vm = _userVmDao.findById(vmId);
+    private boolean attachISOToVM(long vmId, long isoId, boolean attach, boolean forced, boolean isVirtualRouter) {
+        VirtualMachine vm = !isVirtualRouter ? _userVmDao.findById(vmId) : _vmInstanceDao.findById(vmId);
 
-        if (vm == null) {
+        if (vm == null || (isVirtualRouter && vm.getType() != VirtualMachine.Type.DomainRouter)) {
             return false;
         } else if (vm.getState() != State.Running) {
             return true;
@@ -1304,16 +1315,16 @@ private boolean attachISOToVM(long vmId, long isoId, boolean attach, boolean for
         return (a != null && a.getResult());
     }
 
-    private boolean attachISOToVM(long vmId, long userId, long isoId, boolean attach, boolean forced) {
+    private boolean attachISOToVM(long vmId, long userId, long isoId, boolean attach, boolean forced, boolean isVirtualRouter) {
         UserVmVO vm = _userVmDao.findById(vmId);
         VMTemplateVO iso = _tmpltDao.findById(isoId);
 
-        boolean success = attachISOToVM(vmId, isoId, attach, forced);
-        if (success && attach) {
+        boolean success = attachISOToVM(vmId, isoId, attach, forced, isVirtualRouter);
+        if (success && attach && !isVirtualRouter) {
             vm.setIsoId(iso.getId());
             _userVmDao.update(vmId, vm);
         }
-        if (success && !attach) {
+        if (success && !attach && !isVirtualRouter) {
             vm.setIsoId(null);
             _userVmDao.update(vmId, vm);
         }
@@ -2113,6 +2124,7 @@ private VMTemplateVO updateTemplateOrIso(BaseUpdateTemplateOrIsoCmd cmd) {
         Map details = cmd.getDetails();
         Account account = CallContext.current().getCallingAccount();
         boolean cleanupDetails = cmd.isCleanupDetails();
+        boolean forCks = cmd instanceof UpdateTemplateCmd && ((UpdateTemplateCmd) cmd).getForCks();
 
         // verify that template exists
         VMTemplateVO template = _tmpltDao.findById(id);
@@ -2260,6 +2272,7 @@ else if (details != null && !details.isEmpty()) {
             template.setDetails(details);
             _tmpltDao.saveDetails(template);
         }
+        template.setForCks(forCks);
 
         _tmpltDao.update(id, template);
 
diff --git a/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
index 106fc7fa5439..4eaf31e6bb80 100644
--- a/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
@@ -1108,4 +1108,9 @@ public InternalLoadBalancerElementService getInternalLoadBalancerElementById(lon
     public List<InternalLoadBalancerElementService> getInternalLoadBalancerElements() {
         return null;
     }
+
+    @Override
+    public boolean handleCksIsoOnNetworkVirtualRouter(Long virtualRouterId, boolean mount) {
+        return false;
+    }
 }
diff --git a/systemvm/debian/opt/cloud/bin/cks_iso.sh b/systemvm/debian/opt/cloud/bin/cks_iso.sh
new file mode 100644
index 000000000000..7cbcbc040d59
--- /dev/null
+++ b/systemvm/debian/opt/cloud/bin/cks_iso.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+BASE_DIR=/var/www/html
+CKS_ISO_DIR=$BASE_DIR/cks-iso
+if [ "$1" == "true" ]
+then
+  mkdir -p $CKS_ISO_DIR
+  echo "Options +Indexes" > $BASE_DIR/.htaccess
+  echo "Mounting CKS ISO into $CKS_ISO_DIR"
+  mount /dev/cdrom $CKS_ISO_DIR
+else
+  echo "Unmounting CKS ISO from $CKS_ISO_DIR"
+  umount $CKS_ISO_DIR
+  echo "Options -Indexes" > $BASE_DIR/.htaccess
+  rm -rf $CKS_ISO_DIR
+fi
+echo "Restarting apache2 service"
+service apache2 restart
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
index 41b8b6441867..fe8737208c4b 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
@@ -15,7 +15,6 @@
 # specific language governing permissions and limitations
 # under the License.
 from merge import DataBag
-from . import CsHelper
 
 
 class CsGuestNetwork:
@@ -40,7 +39,7 @@ def get_dns(self):
             return self.config.get_dns()
 
         dns = []
-        if 'router_guest_gateway' in self.data and not self.config.use_extdns() and 'is_vr_guest_gateway' not in self.data:
+        if 'router_guest_gateway' in self.data and not self.config.use_extdns() and ('is_vr_guest_gateway' not in self.data or not self.data['is_vr_guest_gateway']):
             dns.append(self.data['router_guest_gateway'])
 
         if 'dns' in self.data:
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh b/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
new file mode 100644
index 000000000000..0326b128daa0
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+function create_user() {
+    username=$1
+    password=$2
+
+    # Create the user with the specified username
+    sudo useradd -m -s /bin/bash $username
+
+    # Set the user's password
+    echo "$username:$password" | sudo chpasswd
+
+    echo "User '$username' has been created with the password '$password'"
+}
+
+sudo mkdir -p /opt/bin
+create_user cloud password
+
+echo $SSHKEY
+if [[ ! -z "$SSHKEY" ]]; then
+  mkdir -p /home/cloud/.ssh/
+  mkdir .ssh
+  echo $SSHKEY > ~/.ssh/authorized_keys
+else
+  echo "Please place Management server public key in the variables"
+  exit 1
+fi
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index a49b1dee5838..7e52486aa3d6 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -47,6 +47,8 @@
 "label.acquiring.ip": "Acquiring IP",
 "label.associated.resource": "Associated resource",
 "label.action": "Action",
+"label.action.add.nodes.to.kubernetes.cluster": "Add nodes to Kubernetes cluster",
+"label.action.remove.nodes.from.kubernetes.cluster": "Remove nodes from Kubernetes cluster",
 "label.action.attach.disk": "Attach disk",
 "label.action.attach.iso": "Attach ISO",
 "label.action.bulk.delete.egress.firewall.rules": "Bulk delete egress firewall rules",
@@ -245,6 +247,7 @@
 "label.add.list.name": "ACL List name",
 "label.add.logical.router": "Add Logical Router to this Network",
 "label.add.more": "Add more",
+"label.add.nodes": "Add Nodes to Kubernetes Cluster",
 "label.add.netscaler.device": "Add Netscaler device",
 "label.add.network": "Add Network",
 "label.add.network.acl": "Add Network ACL",
@@ -922,7 +925,7 @@
 "label.fix.errors": "Fix errors",
 "label.fixed": "Fixed offering",
 "label.for": "for",
-"label.for.cks": "For CKS",
+"label.forcks": "For CKS",
 "label.forbidden": "Forbidden",
 "label.forced": "Force",
 "label.force.stop": "Force stop",
@@ -1119,6 +1122,7 @@
 "label.ipv6.subnets": "IPv6 Subnets",
 "label.ip.addresses": "IP Addresses",
 "label.iqn": "Target IQN",
+"label.is.base64.encoded": "Base64 encoded",
 "label.is.in.progress": "is in progress",
 "label.is.shared": "Is shared",
 "label.is2faenabled": "Is 2FA enabled",
@@ -1176,11 +1180,13 @@
 "label.kubernetes": "Kubernetes",
 "label.kubernetes.access.details": "The kubernetes nodes can be accessed via ssh using: <br> <code><b> ssh -i [ssh_key] -p [port_number] cloud@[public_ip_address] </b></code> <br><br> where, <br> <code><b>ssh_key:</b></code> points to the ssh private key file corresponding to the key that was associated while creating the Kubernetes cluster. If no ssh key was provided during Kubernetes cluster creation, use the ssh private key of the management server. <br> <code><b>port_number:</b></code> can be obtained from the Port Forwarding Tab (Public Port column)",
 "label.kubernetes.cluster": "Kubernetes cluster",
+"label.kubernetes.cluster.add.nodes.to.cluster": "Add nodes to Kubernetes cluster",
 "label.kubernetes.cluster.create": "Create Kubernetes cluster",
 "label.kubernetes.cluster.delete": "Delete Kubernetes cluster",
 "label.kubernetes.cluster.scale": "Scale Kubernetes cluster",
 "label.kubernetes.cluster.start": "Start Kubernetes cluster",
 "label.kubernetes.cluster.stop": "Stop Kubernetes cluster",
+"label.kubernetes.cluster.remove.nodes.from.cluster": "Remove nodes from Kubernetes cluster",
 "label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster",
 "label.kubernetes.dashboard": "Kubernetes dashboard UI",
 "label.kubernetes.dashboard.create.token": "Create token for Kubernetes dashboard",
@@ -1374,6 +1380,7 @@
 "label.monitor.url": "URL Path",
 "label.monthly": "Monthly",
 "label.more.access.dashboard.ui": "More about accessing dashboard UI",
+"label.mount.cks.iso.on.vr": "Mount and serve CKS ISO on the CKS cluster's network Virtual Router",
 "label.move.down.row": "Move down one row",
 "label.move.to.bottom": "Move to bottom",
 "label.move.to.top": "Move to top",
@@ -1741,6 +1748,7 @@
 "label.remove.logical.router": "Remove logical router",
 "label.remove.network.offering": "Remove Network offering",
 "label.remove.network.route.table": "Remove Tungsten Fabric Network routing table",
+"label.remove.nodes": "Remove nodes from Kubernetes cluster",
 "label.remove.pf": "Remove port forwarding rule",
 "label.remove.policy": "Remove policy",
 "label.remove.project.account": "Remove Account from project",
@@ -2353,6 +2361,8 @@
 "label.vnmc": "VNMC",
 "label.volgroup": "Volume group",
 "label.volume": "Volume",
+"label.vms.empty": "No VMs available to be added to the Kubernetes cluster",
+"label.vms.remove.empty": "No external VMs present in the Kubernetes cluster to be removed",
 "label.volume.empty": "No data volumes attached to this Instance",
 "label.volume.volumefileupload.description": "Click or drag file to this area to upload.",
 "label.volume.encryption.support": "Volume Encryption Supported",
@@ -2590,6 +2600,8 @@
 "message.adding.host": "Adding host",
 "message.adding.netscaler.device": "Adding Netscaler device",
 "message.adding.netscaler.provider": "Adding Netscaler provider",
+"message.adding.nodes.to.cluster": "Adding nodes to Kubernetes cluster",
+"message.removing.nodes.from.cluster": "Removing nodes from Kubernetes cluster",
 "message.advanced.security.group": "Choose this if you wish to use security groups to provide guest Instance isolation.",
 "message.allowed": "Allowed",
 "message.alert.show.all.stats.data": "This may return a lot of data depending on VM statistics and retention settings",
@@ -3008,10 +3020,12 @@
 "message.ip.v6.prefix.delete": "IPv6 prefix deleted",
 "message.iso.desc": "Disc image containing data or bootable media for OS.",
 "message.kubeconfig.cluster.not.available": "Kubernetes cluster kubeconfig not available currently.",
+"message.kubernetes.cluster.add.nodes": "Please confirm that you want to add the following nodes to the cluster",
 "message.kubernetes.cluster.delete": "Please confirm that you want to destroy the cluster.",
 "message.kubernetes.cluster.scale": "Please select desired cluster configuration.",
 "message.kubernetes.cluster.start": "Please confirm that you want to start the cluster.",
 "message.kubernetes.cluster.stop": "Please confirm that you want to stop the cluster.",
+"message.kubernetes.cluster.remove.nodes": "Please confirm that you want to remove the following nodes from the cluster",
 "message.kubernetes.cluster.upgrade": "Please select new Kubernetes version.",
 "message.kubernetes.version.delete": "Please confirm that you want to delete this Kubernetes version.",
 "message.l2.network.unsupported.for.nsx": "L2 networks aren't supported for NSX enabled zones",
@@ -3189,6 +3203,8 @@
 "message.success.add.network.acl": "Successfully added Network ACL list",
 "message.success.add.network.static.route": "Successfully added Network Static Route",
 "message.success.add.network.permissions": "Successfully added Network permissions",
+"message.success.add.nodes.to.cluster": "Successfully added nodes to Kubernetes cluster",
+"message.success.remove.nodes.from.cluster": "Successfully removed nodes from Kubernetes cluster",
 "message.success.add.physical.network": "Successfully added Physical Network",
 "message.success.add.object.storage": "Successfully added Object Storage",
 "message.success.add.policy.rule": "Successfully added Policy rule",
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index 7a0644ba98f3..a952f515b955 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -601,6 +601,26 @@ export default {
           popup: true,
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/UpgradeKubernetesCluster.vue')))
         },
+        {
+          api: 'addNodesToKubernetesCluster',
+          icon: 'plus-outlined',
+          label: 'label.kubernetes.cluster.add.nodes.to.cluster',
+          message: 'message.kubernetes.cluster.add.nodes',
+          dataView: true,
+          show: (record) => { return ['Running', 'Alert'].includes(record.state) && record.clustertype === 'CloudManaged' },
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/KubernetesAddNodes.vue')))
+        },
+        {
+          api: 'removeNodesFromKubernetesCluster',
+          icon: 'minus-outlined',
+          label: 'label.kubernetes.cluster.remove.nodes.from.cluster',
+          message: 'message.kubernetes.cluster.remove.nodes',
+          dataView: true,
+          show: (record) => { return ['Running', 'Alert'].includes(record.state) && record.clustertype === 'CloudManaged' && (record.virtualmachines.filter(vm => vm.isexternalnode) || []).length > 0 },
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/KubernetesRemoveNodes.vue')))
+        },
         {
           api: 'deleteKubernetesCluster',
           icon: 'delete-outlined',
diff --git a/ui/src/config/section/image.js b/ui/src/config/section/image.js
index e6095c4aba10..7ac200eed2b5 100644
--- a/ui/src/config/section/image.js
+++ b/ui/src/config/section/image.js
@@ -59,7 +59,7 @@ export default {
       details: () => {
         var fields = ['name', 'id', 'displaytext', 'checksum', 'hypervisor', 'format', 'ostypename', 'size', 'physicalsize', 'isready', 'passwordenabled',
           'crossZones', 'templatetype', 'directdownload', 'deployasis', 'ispublic', 'isfeatured', 'isextractable', 'isdynamicallyscalable', 'crosszones', 'type',
-          'account', 'domain', 'created', 'userdatadetails', 'userdatapolicy']
+          'account', 'domain', 'created', 'userdatadetails', 'userdatapolicy', 'forcks']
         if (['Admin'].includes(store.getters.userInfo.roletype)) {
           fields.push('templatetag', 'templatetype', 'url')
         }
diff --git a/ui/src/utils/plugins.js b/ui/src/utils/plugins.js
index 3e829bdb8dda..67dfa8366fea 100644
--- a/ui/src/utils/plugins.js
+++ b/ui/src/utils/plugins.js
@@ -390,6 +390,8 @@ export const resourceTypePlugin = {
           return 'publicip'
         case 'NetworkAcl':
           return 'acllist'
+        case 'KubernetesCluster':
+          return 'kubernetes'
         case 'SystemVm':
         case 'PhysicalNetwork':
         case 'Backup':
@@ -427,6 +429,9 @@ export const resourceTypePlugin = {
       var routePath = this.$getRouteFromResourceType(resourceType)
       if (!routePath) return ''
       var route = this.$router.resolve('/' + routePath)
+      if (routePath === 'kubernetes') {
+        return route?.meta?.icon[0]
+      }
       return route?.meta?.icon || ''
     }
   }
@@ -488,6 +493,15 @@ export const fileSizeUtilPlugin = {
   }
 }
 
+function isBase64 (str) {
+  try {
+    const decoded = new TextDecoder().decode(Uint8Array.from(atob(str), c => c.charCodeAt(0)))
+    return btoa(decoded) === str
+  } catch (err) {
+    return false
+  }
+}
+
 export const genericUtilPlugin = {
   install (app) {
     app.config.globalProperties.$isValidUuid = function (uuid) {
@@ -496,8 +510,8 @@ export const genericUtilPlugin = {
     }
 
     app.config.globalProperties.$toBase64AndURIEncoded = function (text) {
-      const base64regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/
-      if (base64regex.test(text)) {
+      console.log(isBase64(text))
+      if (isBase64(text)) {
         return text
       }
       return encodeURIComponent(btoa(unescape(encodeURIComponent(text))))
diff --git a/ui/src/views/compute/KubernetesAddNodes.vue b/ui/src/views/compute/KubernetesAddNodes.vue
new file mode 100644
index 000000000000..d6d8dc727318
--- /dev/null
+++ b/ui/src/views/compute/KubernetesAddNodes.vue
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <a-spin :spinning="loading">
+    <a-form
+      :model="form"
+      :ref="formRef"
+      :rules="rules"
+      @finish="handleSubmit"
+      layout="vertical">
+      <div v-if="vms.length > 0">
+        <a-form-item name="nodeids" ref="nodeids">
+          <template #label>
+            <tooltip-label :title="$t('label.add.nodes')" :tooltip="apiParams.nodeids.description"/>
+          </template>
+          <a-select
+            v-model:value="form.nodeids"
+            :placeholder="$t('label.add.nodes')"
+            mode="multiple"
+            :loading="loading"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }" >
+            <a-select-option v-for="vm in vms" :key="vm.id" :label="vm.name">
+              {{ vm.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="mountcksiso" ref="mountcksiso">
+          <a-checkbox v-model:checked="form.mountcksiso">
+            {{ $t('label.mount.cks.iso.on.vr') }}
+          </a-checkbox>
+        </a-form-item>
+      </div>
+      <p v-else v-html="$t('label.vms.empty')" />
+
+      <div :span="24" class="action-button">
+        <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+        <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+      </div>
+    </a-form>
+  </a-spin>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { api } from '@/api'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+
+export default {
+  name: 'AddNodesToKubernetesCluster',
+  components: {
+    TooltipLabel
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      vms: [],
+      loading: false
+    }
+  },
+  inject: ['parentFetchData'],
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('addNodesToKubernetesCluster')
+  },
+  created () {
+    this.formRef = ref()
+    this.form = reactive({})
+    this.rules = reactive({
+      nodeids: [{ type: 'array' }]
+    })
+    this.fetchData()
+  },
+  methods: {
+    fetchData () {
+      this.fetchVms()
+    },
+    async fetchVms () {
+      this.loading = true
+      this.vms = await this.callListVms(this.resource.accountid, this.resource.domainid)
+      const cksVms = this.resource.virtualmachines.map(vm => vm.id)
+      this.vms = this.vms.filter(vm => !cksVms.includes(vm.id))
+      this.loading = false
+    },
+    callListVms (accountId, domainId) {
+      return new Promise((resolve) => {
+        this.volumes = []
+        api('listVirtualMachines', {
+          accountId: accountId,
+          domainId: domainId,
+          details: 'min',
+          listall: 'true'
+        }).then(json => {
+          const vms = json.listvirtualmachinesresponse.virtualmachine || []
+          resolve(vms)
+        })
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    },
+    handleSubmit (e) {
+      e.preventDefault()
+      if (this.loading) return
+      this.formRef.value.validate().then(async () => {
+        const values = toRaw(this.form)
+        const params = {
+          id: this.resource.id
+        }
+        if (values.nodeids) {
+          params.nodeids = values.nodeids.join(',')
+        }
+        if (values.mountcksiso) {
+          params.mountcksisoonvr = values.mountcksiso
+        }
+        this.loading = true
+        try {
+          const jobId = await this.addNodesToKubernetesCluster(params)
+          await this.$pollJob({
+            jobId,
+            title: this.$t('label.action.add.nodes.to.kubernetes.cluster'),
+            description: this.resource.name,
+            loadingMessage: `${this.$t('message.adding.nodes.to.cluster')} ${this.resource.name}`,
+            catchMessage: this.$t('error.fetching.async.job.result'),
+            successMessage: `${this.$t('message.success.add.nodes.to.cluster')} ${this.resource.name}`,
+            successMethod: () => {
+              this.parentFetchData()
+            },
+            action: {
+              isFetchData: false
+            }
+          })
+          this.closeAction()
+          this.loading = false
+        } catch (error) {
+          await this.$notifyError(error)
+          this.closeAction()
+          this.loading = false
+        }
+      })
+    },
+    addNodesToKubernetesCluster (params) {
+      return new Promise((resolve, reject) => {
+        api('addNodesToKubernetesCluster', params).then(json => {
+          const jobId = json.addnodestokubernetesclusterresponse.jobid
+          return resolve(jobId)
+        }).catch(error => {
+          return reject(error)
+        })
+      })
+    }
+  }
+}
+</script>
+<style lang="scss" scoped></style>
diff --git a/ui/src/views/compute/KubernetesRemoveNodes.vue b/ui/src/views/compute/KubernetesRemoveNodes.vue
new file mode 100644
index 000000000000..57d6409b7841
--- /dev/null
+++ b/ui/src/views/compute/KubernetesRemoveNodes.vue
@@ -0,0 +1,151 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+<a-spin :spinning="loading">
+  <a-form
+    :model="form"
+    :ref="formRef"
+    :rules="rules"
+    @finish="handleSubmit"
+    layout="vertical">
+    <a-form-item v-if="vms.length > 0" name="nodeids" ref="nodeids">
+      <template #label>
+        <tooltip-label :title="$t('label.remove.nodes')" :tooltip="apiParams.nodeids.description"/>
+      </template>
+      <a-select
+        v-model:value="form.nodeids"
+        :placeholder="$t('label.remove.nodes')"
+        mode="multiple"
+        :loading="loading"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => {
+          return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+        }" >
+        <a-select-option v-for="vm in vms" :key="vm.id" :label="vm.name">
+          {{ vm.name }}
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+    <p v-else v-html="$t('label.vms.remove.empty')" />
+
+    <div :span="24" class="action-button">
+      <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+      <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+    </div>
+  </a-form>
+</a-spin>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { api } from '@/api'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+
+export default {
+  name: 'AddNodesToKubernetesCluster',
+  components: {
+    TooltipLabel
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      vms: [],
+      loading: false
+    }
+  },
+  inject: ['parentFetchData'],
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('removeNodesFromKubernetesCluster')
+  },
+  created () {
+    this.formRef = ref()
+    this.form = reactive({})
+    this.rules = reactive({
+      nodeids: [{ type: 'array' }]
+    })
+    this.fetchData()
+  },
+  methods: {
+    fetchData () {
+      this.fetchClusterVms()
+    },
+    async fetchClusterVms () {
+      this.loading = true
+      this.vms = this.resource.virtualmachines.filter(vm => vm.isexternalnode === true) || []
+      this.loading = false
+    },
+    closeAction () {
+      this.$emit('close-action')
+    },
+    handleSubmit (e) {
+      e.preventDefault()
+      if (this.loading) return
+      this.formRef.value.validate().then(async () => {
+        const values = toRaw(this.form)
+        const params = {
+          id: this.resource.id
+        }
+        if (values.nodeids) {
+          params.nodeids = values.nodeids.join(',')
+        }
+        this.loading = true
+        try {
+          const jobId = await this.removeNodesFromKubernetesCluster(params)
+          await this.$pollJob({
+            jobId,
+            title: this.$t('label.action.remove.nodes.from.kubernetes.cluster'),
+            description: this.resource.name,
+            loadingMessage: `${this.$t('message.removing.nodes.from.cluster')} ${this.resource.name}`,
+            catchMessage: this.$t('error.fetching.async.job.result'),
+            successMessage: `${this.$t('message.success.remove.nodes.from.cluster')} ${this.resource.name}`,
+            successMethod: () => {
+              this.parentFetchData()
+            },
+            action: {
+              isFetchData: false
+            }
+          })
+          this.closeAction()
+          this.loading = false
+        } catch (error) {
+          await this.$notifyError(error)
+          this.closeAction()
+          this.loading = false
+        }
+      })
+    },
+    removeNodesFromKubernetesCluster (params) {
+      return new Promise((resolve, reject) => {
+        api('removeNodesFromKubernetesCluster', params).then(json => {
+          const jobId = json.removenodesfromkubernetesclusterresponse.jobid
+          return resolve(jobId)
+        }).catch(error => {
+          return reject(error)
+        })
+      })
+    }
+  }
+}
+</script>
+<style lang="scss" scoped></style>
diff --git a/ui/src/views/compute/RegisterUserData.vue b/ui/src/views/compute/RegisterUserData.vue
index 990e59ff2772..9e4b3623f6f4 100644
--- a/ui/src/views/compute/RegisterUserData.vue
+++ b/ui/src/views/compute/RegisterUserData.vue
@@ -43,6 +43,9 @@
             v-model:value="form.userdata"
             :placeholder="apiParams.userdata.description"/>
         </a-form-item>
+        <a-form-item name="isbase64" ref="isbase64" :label="$t('label.is.base64.encoded')">
+          <a-checkbox v-model:checked="form.isbase64"></a-checkbox>
+        </a-form-item>
         <a-form-item name="params" ref="params">
           <template #label>
             <tooltip-label :title="$t('label.userdataparams')" :tooltip="apiParams.params.description"/>
@@ -147,7 +150,9 @@ export default {
   methods: {
     initForm () {
       this.formRef = ref()
-      this.form = reactive({})
+      this.form = reactive({
+        isbase64: false
+      })
       this.rules = reactive({
         name: [{ required: true, message: this.$t('message.error.name') }],
         userdata: [{ required: true, message: this.$t('message.error.userdata') }]
@@ -204,8 +209,8 @@ export default {
         if (this.isValidValueForKey(values, 'account') && values.account.length > 0) {
           params.account = values.account
         }
-        params.userdata = this.$toBase64AndURIEncoded(values.userdata)
 
+        params.userdata = values.isbase64 ? values.userdata : this.$toBase64AndURIEncoded(values.userdata)
         if (values.params != null && values.params.length > 0) {
           var userdataparams = values.params.join(',')
           params.params = userdataparams
diff --git a/ui/src/views/image/RegisterOrUploadTemplate.vue b/ui/src/views/image/RegisterOrUploadTemplate.vue
index b28fe9ed821b..87b4805cbe31 100644
--- a/ui/src/views/image/RegisterOrUploadTemplate.vue
+++ b/ui/src/views/image/RegisterOrUploadTemplate.vue
@@ -435,7 +435,7 @@
                   </a-col>
                   <a-col :span="12">
                     <a-checkbox value="forCks" v-if="currentForm === 'Create'">
-                      {{ $t('label.for.cks') }}
+                      {{ $t('label.forcks') }}
                     </a-checkbox>
                   </a-col>
                 </a-row>
diff --git a/ui/src/views/image/UpdateTemplate.vue b/ui/src/views/image/UpdateTemplate.vue
index 340505094255..d43727faabb0 100644
--- a/ui/src/views/image/UpdateTemplate.vue
+++ b/ui/src/views/image/UpdateTemplate.vue
@@ -151,6 +151,12 @@
           </template>
           <a-switch v-model:checked="form.isdynamicallyscalable" />
         </a-form-item>
+        <a-form-item name="forcks" ref="forcks">
+          <template #label>
+            <tooltip-label :title="$t('label.forcks')" :tooltip="apiParams.forcks.description"/>
+          </template>
+          <a-switch v-model:checked="form.forcks" />
+        </a-form-item>
         <a-form-item name="templatetype" ref="templatetype" v-if="isAdmin">
           <template #label>
             <tooltip-label :title="$t('label.templatetype')" :tooltip="apiParams.templatetype.description"/>
@@ -254,7 +260,7 @@ export default {
         displaytext: [{ required: true, message: this.$t('message.error.required.input') }],
         ostypeid: [{ required: true, message: this.$t('message.error.select') }]
       })
-      const resourceFields = ['name', 'displaytext', 'passwordenabled', 'ostypeid', 'isdynamicallyscalable', 'userdataid', 'userdatapolicy']
+      const resourceFields = ['name', 'displaytext', 'passwordenabled', 'ostypeid', 'isdynamicallyscalable', 'userdataid', 'userdatapolicy', 'forcks']
       if (this.isAdmin) {
         resourceFields.push('templatetype')
         resourceFields.push('templatetag')

From d4500eae8cca7aacaa10ace19dcb67e0fb84348b Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 10 Apr 2024 14:04:49 -0400
Subject: [PATCH 03/88] Update remove node timeout global setting

---
 .../cluster/actionworkers/KubernetesClusterRemoveWorker.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
index bb783f1a0875..f478d0c141d2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
@@ -41,7 +41,7 @@ public KubernetesClusterRemoveWorker(KubernetesCluster kubernetesCluster, Kubern
 
     public boolean removeNodesFromCluster(List<Long> nodeIds) {
         init();
-        removeNodeTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterAddNodeTimeout.value() * 1000;
+        removeNodeTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterRemoveNodeTimeout.value() * 1000;
         Long networkId = kubernetesCluster.getNetworkId();
         Network network = networkDao.findById(networkId);
         if (Objects.isNull(network)) {

From 2d0981100bf9b9674db25275b5030bd17f85465d Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 11 Apr 2024 13:51:35 -0400
Subject: [PATCH 04/88] CKS/NSX : Missing variables in worker nodes

---
 .../actionworkers/KubernetesClusterActionWorker.java  | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 39d9261b5c46..240c0a3c70ca 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -25,6 +25,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
 import com.cloud.network.dao.NetworkVO;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.exception.ManagementServerException;
@@ -804,12 +805,14 @@ public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIs
         final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
         final String routerIpKey = "{{ k8s.vr.iso.mounted.ip }}";
+        final String installWaitTime = "{{ k8s.install.wait.time }}";
+        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+
+        final Long waitTime = KubernetesClusterService.KubernetesWorkerNodeInstallAttemptWait.value();
+        final Long reattempts = KubernetesClusterService.KubernetesWorkerNodeInstallReattempts.value();
         NicVO routerNicOnNetwork = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster);
         String routerIp = routerNicOnNetwork.getIPv4Address();
         String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
-//        if (Objects.isNull(owner)) {
-//            owner = accountDao.findById(kubernetesCluster.getAccountId());
-//        }
         String sshKeyPair = kubernetesCluster.getKeyPair();
         if (StringUtils.isNotEmpty(sshKeyPair)) {
             SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
@@ -822,6 +825,8 @@ public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIs
         k8sNodeConfig = k8sNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
         k8sNodeConfig = k8sNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
         k8sNodeConfig = k8sNodeConfig.replace(routerIpKey, routerIp);
+        k8sNodeConfig = k8sNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
+        k8sNodeConfig = k8sNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
 
         k8sNodeConfig = updateKubeConfigWithRegistryDetails(k8sNodeConfig);
 

From 9d0e79d5bd77a3fb91c3ed145bc1409864a7874a Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 18 Apr 2024 09:44:53 -0400
Subject: [PATCH 05/88] CKS: Fix ISO attach logic

* CKS: Fix ISO attach logic

* address comment
---
 .../KubernetesClusterActionWorker.java        | 11 +++++++---
 .../KubernetesClusterAddWorker.java           |  2 +-
 ...esClusterResourceModifierActionWorker.java |  2 +-
 .../src/main/resources/conf/k8s-node.yml      | 20 ++++++++++---------
 4 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 240c0a3c70ca..9728310b54d2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -798,7 +798,7 @@ protected void provisionPublicIpPortForwardingRule(IpAddress publicIp, Network n
         }
     }
 
-    public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
+    public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso, final boolean mountCksIsoOnVR) throws IOException {
         String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
         final String sshPubKey = "{{ k8s.ssh.pub.key }}";
         final String joinIpKey = "{{ k8s_control_node.join_ip }}";
@@ -810,8 +810,13 @@ public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIs
 
         final Long waitTime = KubernetesClusterService.KubernetesWorkerNodeInstallAttemptWait.value();
         final Long reattempts = KubernetesClusterService.KubernetesWorkerNodeInstallReattempts.value();
-        NicVO routerNicOnNetwork = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster);
-        String routerIp = routerNicOnNetwork.getIPv4Address();
+        String routerIp = "";
+        if (mountCksIsoOnVR) {
+            NicVO routerNicOnNetwork = getVirtualRouterNicOnKubernetesClusterNetwork(kubernetesCluster);
+            if (Objects.nonNull(routerNicOnNetwork)) {
+                routerIp = routerNicOnNetwork.getIPv4Address();
+            }
+        }
         String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
         String sshKeyPair = kubernetesCluster.getKeyPair();
         if (StringUtils.isNotEmpty(sshKeyPair)) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 0f59e6bcf454..8ce10dd0d831 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -172,7 +172,7 @@ private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Net
             UserVmVO vm = userVmDao.findById(nodeId);
             String k8sControlNodeConfig = null;
             try {
-                k8sControlNodeConfig = getKubernetesNodeConfig(publicIp.getAddress().addr(), Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+                k8sControlNodeConfig = getKubernetesNodeConfig(publicIp.getAddress().addr(), Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()), mountCksIsoOnVr);
             } catch (IOException e) {
                 logAndThrow(Level.ERROR, "Failed to read Kubernetes control node configuration file", e);
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 6657d4268ec8..fd40efad9e3a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -328,7 +328,7 @@ protected UserVm createKubernetesNode(String joinIp) throws ManagementServerExce
         String hostName = String.format("%s-node-%s", kubernetesClusterNodeNamePrefix, suffix);
         String k8sNodeConfig = null;
         try {
-            k8sNodeConfig = getKubernetesNodeConfig(joinIp, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            k8sNodeConfig = getKubernetesNodeConfig(joinIp, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()), false);
         } catch (IOException e) {
             logAndThrow(Level.ERROR, "Failed to read Kubernetes node configuration file", e);
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index 0dba6fa7f5b8..4d34c2f7f1d9 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -79,16 +79,18 @@ write_files:
         else
           ### Download from VR ###
           ROUTER_IP="{{ k8s.vr.iso.mounted.ip }}"
-          echo "Downloading CKS binaries from the VR $ROUTER_IP"
-          if [ ! -d "${ISO_MOUNT_DIR}" ]; then
-            mkdir "${ISO_MOUNT_DIR}"
+          if [ "$ROUTER_IP" != "" ]; then
+            echo "Downloading CKS binaries from the VR $ROUTER_IP"
+            if [ ! -d "${ISO_MOUNT_DIR}" ]; then
+              mkdir "${ISO_MOUNT_DIR}"
+            fi
+            ### Download from ROUTER_IP/cks-iso into ISO_MOUNT_DIR
+            AUX_DOWNLOAD_DIR=/aux-dwnld
+            mkdir -p $AUX_DOWNLOAD_DIR
+            wget -r -R "index.html*" $ROUTER_IP/cks-iso -P $AUX_DOWNLOAD_DIR
+            mv $AUX_DOWNLOAD_DIR/$ROUTER_IP/cks-iso/* $ISO_MOUNT_DIR
+            rm -rf $AUX_DOWNLOAD_DIR
           fi
-          ### Download from ROUTER_IP/cks-iso into ISO_MOUNT_DIR
-          AUX_DOWNLOAD_DIR=/aux-dwnld
-          mkdir -p $AUX_DOWNLOAD_DIR
-          wget -r -R "index.html*" $ROUTER_IP/cks-iso -P $AUX_DOWNLOAD_DIR
-          mv $AUX_DOWNLOAD_DIR/$ROUTER_IP/cks-iso/* $ISO_MOUNT_DIR
-          rm -rf $AUX_DOWNLOAD_DIR
         fi
         if [ -d "$BINARIES_DIR" ]; then
           break

From 67c75e13c723c24c6b83ba42b619efb3a29b18a7 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 2 May 2024 07:33:43 -0400
Subject: [PATCH 06/88] Phase2: Fix Port - Node mapping when cluster is scaled
 in the presence of external node(s)

---
 ui/src/views/compute/KubernetesServiceTab.vue | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index 9632846ef372..4f0966343404 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -382,7 +382,9 @@ export default {
     },
     fetchInstances () {
       this.instanceLoading = true
-      this.virtualmachines = this.resource.virtualmachines || []
+      var defaultNodes = this.resource.virtualmachines.filter(x => !x.isexternalnode)
+      var externalNodes = this.resource.virtualmachines.filter(x => x.isexternalnode)
+      this.virtualmachines = defaultNodes.concat(externalNodes)
       this.virtualmachines.map(x => { x.ipaddress = x.nic[0].ipaddress })
       this.instanceLoading = false
     },

From 535219897df1e5912fa2fb56aee0c63e36958552 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 10 Apr 2024 10:06:40 -0400
Subject: [PATCH 07/88] CKS: Externalize control and worker node setup wait
 time and installation attempts

---
 .../cluster/KubernetesClusterManagerImpl.java |  6 +-
 .../cluster/KubernetesClusterService.java     | 24 ++++++
 ...esClusterResourceModifierActionWorker.java | 78 +++++++++++++++++++
 .../KubernetesClusterStartWorker.java         | 14 ++++
 .../resources/conf/k8s-control-node-add.yml   | 10 ++-
 .../main/resources/conf/k8s-control-node.yml  | 10 ++-
 .../src/main/resources/conf/k8s-node.yml      | 10 ++-
 7 files changed, 145 insertions(+), 7 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 6d4b013298ad..53a6a3670e59 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -2288,7 +2288,11 @@ public ConfigKey<?>[] getConfigKeys() {
             KubernetesClusterUpgradeRetries,
             KubernetesClusterAddNodeTimeout,
             KubernetesClusterExperimentalFeaturesEnabled,
-            KubernetesMaxClusterSize
+            KubernetesMaxClusterSize,
+            KubernetesControlNodeInstallAttemptWait,
+            KubernetesControlNodeInstallReattempts,
+            KubernetesWorkerNodeInstallAttemptWait,
+            KubernetesWorkerNodeInstallReattempts
         };
     }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index 9512a0563cb8..fc47cc0943a1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -105,6 +105,30 @@ public interface KubernetesClusterService extends PluggableService, Configurable
             true,
             ConfigKey.Scope.Account,
             KubernetesServiceEnabled.key());
+    static final ConfigKey<Long> KubernetesControlNodeInstallAttemptWait = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.control.node.install.attempt.wait.duration",
+            "15",
+            "Time in seconds for the installation process to wait before it re-attempts",
+            true,
+            KubernetesServiceEnabled.key());
+    static final ConfigKey<Long> KubernetesControlNodeInstallReattempts = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.control.node.install.reattempt.count",
+            "100",
+            "Number of times the offline installation of K8S will be re-attempted",
+            true,
+            KubernetesServiceEnabled.key());
+    final ConfigKey<Long> KubernetesWorkerNodeInstallAttemptWait = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.worker.node.install.attempt.wait.duration",
+            "30",
+            "Time in seconds for the installation process to wait before it re-attempts",
+            true,
+            KubernetesServiceEnabled.key());
+    static final ConfigKey<Long> KubernetesWorkerNodeInstallReattempts = new ConfigKey<Long>("Advanced", Long.class,
+            "cloud.kubernetes.worker.node.install.reattempt.count",
+            "40",
+            "Number of times the offline installation of K8S will be re-attempted",
+            true,
+            KubernetesServiceEnabled.key());
 
     KubernetesCluster findById(final Long id);
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index fd40efad9e3a..df5a58f7bdfe 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -36,14 +36,19 @@
 
 import javax.inject.Inject;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterDetailsVO;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import com.cloud.kubernetes.cluster.utils.KubernetesClusterUtil;
 import com.cloud.network.rules.FirewallManager;
 import com.cloud.network.rules.RulesService;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.SSHKeyPairVO;
 import com.cloud.utils.db.TransactionCallbackWithException;
 import com.cloud.utils.net.Ip;
+import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@@ -166,6 +171,79 @@ protected void init() {
         kubernetesClusterNodeNamePrefix = getKubernetesClusterNodeNamePrefix();
     }
 
+    private String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
+        String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
+        final String sshPubKey = "{{ k8s.ssh.pub.key }}";
+        final String joinIpKey = "{{ k8s_control_node.join_ip }}";
+        final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
+        final String ejectIsoKey = "{{ k8s.eject.iso }}";
+        final String installWaitTime = "{{ k8s.install.wait.time }}";
+        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+
+        final Long waitTime = KubernetesClusterService.KubernetesWorkerNodeInstallAttemptWait.value();
+        final Long reattempts = KubernetesClusterService.KubernetesWorkerNodeInstallReattempts.value();
+        String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
+        String sshKeyPair = kubernetesCluster.getKeyPair();
+        if (StringUtils.isNotEmpty(sshKeyPair)) {
+            SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
+            if (sshkp != null) {
+                pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
+            }
+        }
+        k8sNodeConfig = k8sNodeConfig.replace(sshPubKey, pubKey);
+        k8sNodeConfig = k8sNodeConfig.replace(joinIpKey, joinIp);
+        k8sNodeConfig = k8sNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
+        k8sNodeConfig = k8sNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
+        k8sNodeConfig = k8sNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
+        k8sNodeConfig = k8sNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
+        k8sNodeConfig = updateKubeConfigWithRegistryDetails(k8sNodeConfig);
+
+        return k8sNodeConfig;
+    }
+
+    protected String updateKubeConfigWithRegistryDetails(String k8sConfig) {
+        /* genarate /etc/containerd/config.toml file on the nodes only if Kubernetes cluster is created to
+         * use docker private registry */
+        String registryUsername = null;
+        String registryPassword = null;
+        String registryUrl = null;
+
+        List<KubernetesClusterDetailsVO> details = kubernetesClusterDetailsDao.listDetails(kubernetesCluster.getId());
+        for (KubernetesClusterDetailsVO detail : details) {
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_USER_NAME)) {
+                registryUsername = detail.getValue();
+            }
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_PASSWORD)) {
+                registryPassword = detail.getValue();
+            }
+            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_URL)) {
+                registryUrl = detail.getValue();
+            }
+        }
+
+        if (StringUtils.isNoneEmpty(registryUsername, registryPassword, registryUrl)) {
+            // Update runcmd in the cloud-init configuration to run a script that updates the containerd config with provided registry details
+            String runCmd = "- bash -x /opt/bin/setup-containerd";
+
+            String registryEp = registryUrl.split("://")[1];
+            k8sConfig = k8sConfig.replace("- containerd config default > /etc/containerd/config.toml", runCmd);
+            final String registryUrlKey = "{{registry.url}}";
+            final String registryUrlEpKey = "{{registry.url.endpoint}}";
+            final String registryAuthKey = "{{registry.token}}";
+            final String registryUname = "{{registry.username}}";
+            final String registryPsswd = "{{registry.password}}";
+
+            final String usernamePasswordKey = registryUsername + ":" + registryPassword;
+            String base64Auth = Base64.encodeBase64String(usernamePasswordKey.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+            k8sConfig = k8sConfig.replace(registryUrlKey,   registryUrl);
+            k8sConfig = k8sConfig.replace(registryUrlEpKey, registryEp);
+            k8sConfig = k8sConfig.replace(registryUname, registryUsername);
+            k8sConfig = k8sConfig.replace(registryPsswd, registryPassword);
+            k8sConfig = k8sConfig.replace(registryAuthKey, base64Auth);
+        }
+        return k8sConfig;
+    }
+
     protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 97bd51fb7802..8a4685251d2c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -141,6 +141,9 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         final String clusterToken = "{{ k8s_control_node.cluster.token }}";
         final String clusterInitArgsKey = "{{ k8s_control_node.cluster.initargs }}";
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
+        final String installWaitTime = "{{ k8s.install.wait.time }}";
+        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+
         final List<String> addresses = new ArrayList<>();
         addresses.add(controlNodeIp);
         if (!serverIp.equals(controlNodeIp)) {
@@ -152,6 +155,8 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         final String tlsClientCert = CertUtils.x509CertificateToPem(certificate.getClientCertificate());
         final String tlsPrivateKey = CertUtils.privateKeyToPem(certificate.getPrivateKey());
         final String tlsCaCert = CertUtils.x509CertificatesToPem(certificate.getCaCertificates());
+        final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
+        final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
         k8sControlNodeConfig = k8sControlNodeConfig.replace(apiServerCert, tlsClientCert.replace("\n", "\n      "));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(apiServerKey, tlsPrivateKey.replace("\n", "\n      "));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(caCert, tlsCaCert.replace("\n", "\n      "));
@@ -163,6 +168,8 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
                 pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
             }
         }
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(sshPubKey, pubKey);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterToken, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
         String initArgs = "";
@@ -244,6 +251,11 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         final String sshPubKey = "{{ k8s.ssh.pub.key }}";
         final String clusterHACertificateKey = "{{ k8s_control_node.cluster.ha.certificate.key }}";
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
+        final String installWaitTime = "{{ k8s.install.wait.time }}";
+        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+
+        final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
+        final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
         String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
         String sshKeyPair = kubernetesCluster.getKeyPair();
         if (StringUtils.isNotEmpty(sshKeyPair)) {
@@ -252,6 +264,8 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
                 pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
             }
         }
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(sshPubKey, pubKey);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(joinIpKey, joinIp);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
index 2c18efa01891..35134bd1e164 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
@@ -42,8 +42,14 @@ write_files:
       ATTEMPT_ONLINE_INSTALL=false
       setup_complete=false
 
-      OFFLINE_INSTALL_ATTEMPT_SLEEP=15
-      MAX_OFFLINE_INSTALL_ATTEMPTS=100
+      OFFLINE_INSTALL_ATTEMPT_SLEEP={{ k8s.install.wait.time }}
+      MAX_OFFLINE_INSTALL_ATTEMPTS={{ k8s.install.reattempts.count }}
+      if [[ -z $OFFLINE_INSTALL_ATTEMPT_SLEEP || $OFFLINE_INSTALL_ATTEMPT_SLEEP -eq 0 ]]; then
+        OFFLINE_INSTALL_ATTEMPT_SLEEP=15
+      fi
+      if [[ -z $MAX_OFFLINE_INSTALL_ATTEMPTS || $MAX_OFFLINE_INSTALL_ATTEMPTS -eq 0 ]]; then
+        MAX_OFFLINE_INSTALL_ATTEMPTS=100
+      fi
       offline_attempts=1
       MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       EJECT_ISO_FROM_OS={{ k8s.eject.iso }}
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index aa7eec97ac82..3154fb20251c 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -62,8 +62,14 @@ write_files:
       ATTEMPT_ONLINE_INSTALL=false
       setup_complete=false
 
-      OFFLINE_INSTALL_ATTEMPT_SLEEP=15
-      MAX_OFFLINE_INSTALL_ATTEMPTS=100
+      OFFLINE_INSTALL_ATTEMPT_SLEEP={{ k8s.install.wait.time }}
+      MAX_OFFLINE_INSTALL_ATTEMPTS={{ k8s.install.reattempts.count }}
+      if [[ -z $OFFLINE_INSTALL_ATTEMPT_SLEEP || $OFFLINE_INSTALL_ATTEMPT_SLEEP -eq 0 ]]; then
+        OFFLINE_INSTALL_ATTEMPT_SLEEP=15
+      fi
+      if [[ -z $MAX_OFFLINE_INSTALL_ATTEMPTS || $MAX_OFFLINE_INSTALL_ATTEMPTS -eq 0 ]]; then
+        MAX_OFFLINE_INSTALL_ATTEMPTS=100
+      fi
       offline_attempts=1
       MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       EJECT_ISO_FROM_OS={{ k8s.eject.iso }}
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index 4d34c2f7f1d9..c3db5da7921d 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -42,8 +42,14 @@ write_files:
       ATTEMPT_ONLINE_INSTALL=false
       setup_complete=false
 
-      OFFLINE_INSTALL_ATTEMPT_SLEEP=30
-      MAX_OFFLINE_INSTALL_ATTEMPTS=40
+      OFFLINE_INSTALL_ATTEMPT_SLEEP={{ k8s.install.wait.time }}
+      MAX_OFFLINE_INSTALL_ATTEMPTS={{ k8s.install.reattempts.count }}
+      if [[ -z $OFFLINE_INSTALL_ATTEMPT_SLEEP || $OFFLINE_INSTALL_ATTEMPT_SLEEP -eq 0 ]]; then
+        OFFLINE_INSTALL_ATTEMPT_SLEEP=30
+      fi
+      if [[ -z $MAX_OFFLINE_INSTALL_ATTEMPTS || $MAX_OFFLINE_INSTALL_ATTEMPTS -eq 0 ]]; then
+        MAX_OFFLINE_INSTALL_ATTEMPTS=40
+      fi
       offline_attempts=1
       MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       EJECT_ISO_FROM_OS={{ k8s.eject.iso }}

From 033a63636097a12a0ff28b8ca62998f9b9fb2395 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 21 May 2024 19:59:17 -0300
Subject: [PATCH 08/88] Fix logger

---
 .../VirtualRoutingResource.java               |  2 +-
 .../KubernetesClusterAddWorker.java           | 30 +++++++++----------
 .../KubernetesClusterRemoveWorker.java        | 16 +++++-----
 .../com/cloud/network/NetworkServiceImpl.java |  4 +--
 4 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
index cbce8cbc39d2..91ba7066fe76 100644
--- a/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
+++ b/core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
@@ -178,7 +178,7 @@ public Answer executeRequest(final NetworkElementCommand cmd) {
 
     protected Answer execute(final HandleCksIsoCommand cmd) {
         String routerIp = getRouterSshControlIp(cmd);
-        s_logger.info("Attempting to mount CKS ISO on Virtual Router");
+        logger.info("Attempting to mount CKS ISO on Virtual Router");
         ExecutionResult result = _vrDeployer.executeInVR(routerIp, VRScripts.CKS_ISO_MOUNT_SERVE, String.valueOf(cmd.isMountCksIso()));
         return new Answer(cmd, result.isSuccess(), result.getDetails());
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 8ce10dd0d831..68d9810d80a5 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -31,7 +31,7 @@
 import org.apache.cloudstack.api.command.user.vm.RebootVMCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Level;
+import org.apache.logging.log4j.Level;
 
 import javax.inject.Inject;
 import java.io.File;
@@ -77,7 +77,7 @@ public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr) th
             updateKubernetesCluster(kubernetesCluster.getId(), nodesAddedAndMemory);
             if (nodeIds.size() != nodesAdded) {
                 String msg = String.format("Not every node was added to the CKS cluster %s, nodes added: %s out of %s", kubernetesCluster.getUuid(), nodesAdded, nodeIds.size());
-                LOGGER.info(msg);
+                logger.info(msg);
                 detachCksIsoFromNodesAddedToCluster(nodeIds, kubernetesCluster.getId(), mountCksIsoOnVr);
                 stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
                 ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
@@ -105,7 +105,7 @@ private void detachCksIsoFromNodesAddedToCluster(List<Long> nodeIds, long kubern
         if (mountCksIsoOnVr) {
             detachIsoOnVirtualRouter(kubernetesClusterId);
         } else {
-            LOGGER.info("Detaching CKS ISO from the nodes");
+            logger.info("Detaching CKS ISO from the nodes");
             List<UserVm> vms = nodeIds.stream().map(nodeId -> userVmDao.findById(nodeId)).collect(Collectors.toList());
             detachIsoKubernetesVMs(vms);
         }
@@ -120,7 +120,7 @@ public void detachIsoOnVirtualRouter(Long kubernetesClusterId) {
             networkService.handleCksIsoOnNetworkVirtualRouter(virtualRouterId, false);
         } catch (ResourceUnavailableException e) {
             String err = String.format("Error trying to handle ISO %s on virtual router %s", isoId, virtualRouterId);
-            LOGGER.error(err);
+            logger.error(err);
             throw new CloudRuntimeException(err);
         }
 
@@ -128,7 +128,7 @@ public void detachIsoOnVirtualRouter(Long kubernetesClusterId) {
             templateService.detachIso(virtualRouterId, isoId, true, true);
         } catch (CloudRuntimeException e) {
             String err = String.format("Error trying to detach ISO %s from virtual router %s", isoId, virtualRouterId);
-            LOGGER.error(err, e);
+            logger.error(err, e);
         }
     }
 
@@ -136,7 +136,7 @@ public void attachCksIsoForNodesAdditionToCluster(List<Long> nodeIds, Long kuber
         if (mountCksIsoOnVr) {
             attachAndServeIsoOnVirtualRouter(kubernetesClusterId);
         } else {
-            LOGGER.info("Attaching CKS ISO to the nodes");
+            logger.info("Attaching CKS ISO to the nodes");
             List<UserVm> vms = nodeIds.stream().map(nodeId -> userVmDao.findById(nodeId)).collect(Collectors.toList());
             attachIsoKubernetesVMs(vms);
         }
@@ -151,7 +151,7 @@ public void attachAndServeIsoOnVirtualRouter(Long kubernetesClusterId) {
             templateService.attachIso(isoId, virtualRouterId, true, true);
         } catch (CloudRuntimeException e) {
             String err = String.format("Error trying to attach ISO %s to virtual router %s", isoId, virtualRouterId);
-            LOGGER.error(err);
+            logger.error(err);
             throw new CloudRuntimeException(err);
         }
 
@@ -159,7 +159,7 @@ public void attachAndServeIsoOnVirtualRouter(Long kubernetesClusterId) {
             networkService.handleCksIsoOnNetworkVirtualRouter(virtualRouterId, true);
         } catch (ResourceUnavailableException e) {
             String err = String.format("Error trying to handle ISO %s on virtual router %s", isoId, virtualRouterId);
-            LOGGER.error(err);
+            logger.error(err);
             throw new CloudRuntimeException(err);
         }
     }
@@ -192,10 +192,10 @@ private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Net
                         msg, vm.getId(), ApiCommandResourceType.VirtualMachine.toString(), 0);
             }
             if (Boolean.FALSE.equals(result.first())) {
-                LOGGER.error(String.format("Failed to add node %s [%s] to Kubernetes cluster : %s", vm.getName(), vm.getUuid(), kubernetesCluster.getName()));
+                logger.error(String.format("Failed to add node %s [%s] to Kubernetes cluster : %s", vm.getName(), vm.getUuid(), kubernetesCluster.getName()));
             }
             if (System.currentTimeMillis() > addNodeTimeoutTime) {
-                LOGGER.error(String.format("Failed to add node %s to Kubernetes cluster : %s", nodeId, kubernetesCluster.getName()));
+                logger.error(String.format("Failed to add node %s to Kubernetes cluster : %s", nodeId, kubernetesCluster.getName()));
             }
             nodeIndex = result.second();
         }
@@ -229,7 +229,7 @@ private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress p
             finalNodeIds.add(nodeId);
         } catch (ResourceUnavailableException | NetworkRuleConflictException | NoSuchFieldException |
                  InsufficientCapacityException | IllegalAccessException e) {
-            LOGGER.error(String.format("Failed to activate API port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()));
+            logger.error(String.format("Failed to activate API port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()));
             // remove added Firewall and PF rules
             revertNetworkRules(network, nodeId, sshStartPort);
             return new Pair<>( false, nodeIndex);
@@ -262,12 +262,12 @@ private boolean validateNodeCompatibility(IpAddress publicIp, long nodeId, int n
             Pair<Boolean, String> result = SshHelper.sshExecute(publicIp.getAddress().addr(), nodeSshPort, getControlNodeLoginUser(),
                     pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
             if (Boolean.FALSE.equals(result.first())) {
-                LOGGER.error(String.format("Node with ID: %s cannot be added as a worker node as it does not have " +
+                logger.error(String.format("Node with ID: %s cannot be added as a worker node as it does not have " +
                         "the following dependencies: %s ", nodeId, result.second()));
                 return false;
             }
         } catch (Exception e) {
-            LOGGER.error(String.format("Failed to validate node with ID: %s", nodeId), e);
+            logger.error(String.format("Failed to validate node with ID: %s", nodeId), e);
             return false;
         }
         UserVmVO userVm = userVmDao.findById(nodeId);
@@ -281,10 +281,10 @@ private void cleanupCloudInitSemFolder(UserVm userVm, IpAddress publicIp, File p
             Pair<Boolean, String> result = SshHelper.sshExecute(publicIp.getAddress().addr(), nodeSshPort, getControlNodeLoginUser(),
                     pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
             if (Boolean.FALSE.equals(result.first())) {
-                LOGGER.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()));
+                logger.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()));
             }
         } catch (Exception e) {
-            LOGGER.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()), e);
+            logger.error(String.format("Failed to cleanup previous applied userdata on node: %s; This may hamper to addition of the node to the cluster ", userVm.getName()), e);
         }
     }
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
index f478d0c141d2..f39d81d7304c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
@@ -75,14 +75,14 @@ private boolean removeNodesFromCluster(List<Long> nodeIds, Network network, IpAd
         for (Long nodeId : nodeIds) {
             UserVmVO vm = userVmDao.findById(nodeId);
             if (vm == null) {
-                LOGGER.debug(String.format("Couldn't find a VM with ID %s, skipping removal from Kubernetes cluster", nodeId));
+                logger.debug(String.format("Couldn't find a VM with ID %s, skipping removal from Kubernetes cluster", nodeId));
                 continue;
             }
             try {
                 removeNodeVmFromCluster(nodeId, vm.getDisplayName(), publicIp.getAddress().addr());
                 result &= removeNodePortForwardingRules(nodeId, network, vm);
                 if (System.currentTimeMillis() > removeNodeTimeoutTime) {
-                    LOGGER.error(String.format("Removal of node %s from Kubernetes cluster %s timed out", vm.getName(), kubernetesCluster.getName()));
+                    logger.error(String.format("Removal of node %s from Kubernetes cluster %s timed out", vm.getName(), kubernetesCluster.getName()));
                     result = false;
                     continue;
                 }
@@ -91,13 +91,13 @@ private boolean removeNodesFromCluster(List<Long> nodeIds, Network network, IpAd
                 removedMemory += offeringVO.getRamSize();
                 removedCores += offeringVO.getCpu();
                 String description = String.format("Successfully removed the node %s from Kubernetes cluster %s", vm.getUuid(), kubernetesCluster.getUuid());
-                LOGGER.info(description);
+                logger.info(description);
                 ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), CallContext.current().getCallingAccountId(),
                         EventVO.LEVEL_INFO, KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_NODES_REMOVE,
                         description, vm.getId(), ApiCommandResourceType.VirtualMachine.toString(), 0);
             } catch (Exception e) {
                 String err = String.format("Error trying to remove node %s from Kubernetes Cluster %s: %s", vm.getUuid(), kubernetesCluster.getUuid(), e.getMessage());
-                LOGGER.error(err, e);
+                logger.error(err, e);
                 result = false;
             }
         }
@@ -117,7 +117,7 @@ protected boolean removeNodePortForwardingRules(Long nodeId, Network network, Us
                 }
             } catch (Exception e) {
                 String err = String.format("Failed to cleanup network rules for node %s, due to: %s", vm.getName(), e.getMessage());
-                LOGGER.error(err, e);
+                logger.error(err, e);
             }
         }
         return result;
@@ -131,7 +131,7 @@ private void removeNodeVmFromCluster(Long nodeId, String nodeName, String public
         Pair<Boolean, String> result = SshHelper.sshExecute(publicIp, CLUSTER_NODES_DEFAULT_START_SSH_PORT, getControlNodeLoginUser(),
                 pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
         if (Boolean.FALSE.equals(result.first())) {
-            LOGGER.error(String.format("Node: %s failed to be gracefully drained as a worker node from cluster %s ", nodeName, kubernetesCluster.getName()));
+            logger.error(String.format("Node: %s failed to be gracefully drained as a worker node from cluster %s ", nodeName, kubernetesCluster.getName()));
         }
         List<PortForwardingRuleVO> nodePfRules = portForwardingRulesDao.listByVm(nodeId);
         Optional<PortForwardingRuleVO> nodeSshPort = nodePfRules.stream().filter(rule -> rule.getDestinationPortStart() == DEFAULT_SSH_PORT
@@ -142,13 +142,13 @@ private void removeNodeVmFromCluster(Long nodeId, String nodeName, String public
             result = SshHelper.sshExecute(publicIp, nodeSshPort.get().getSourcePortStart(), getControlNodeLoginUser(),
                     pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
             if (Boolean.FALSE.equals(result.first())) {
-                LOGGER.error(String.format("Failed to reset node: %s from cluster %s ", nodeName, kubernetesCluster.getName()));
+                logger.error(String.format("Failed to reset node: %s from cluster %s ", nodeName, kubernetesCluster.getName()));
             }
             command = String.format("%s%s %s %s %s", scriptPath, removeNodeFromClusterScript, nodeName, "control", "delete");
             result = SshHelper.sshExecute(publicIp, CLUSTER_NODES_DEFAULT_START_SSH_PORT, getControlNodeLoginUser(),
                     pkFile, null, command, 10000, 10000, 10 * 60 * 1000);
             if (Boolean.FALSE.equals(result.first())) {
-                LOGGER.error(String.format("Node: %s failed to be gracefully delete node from cluster %s ", nodeName, kubernetesCluster.getName()));
+                logger.error(String.format("Node: %s failed to be gracefully delete node from cluster %s ", nodeName, kubernetesCluster.getName()));
             }
 
         }
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index e1fc14aeb724..7cf3bf5ac470 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -6149,7 +6149,7 @@ public boolean handleCksIsoOnNetworkVirtualRouter(Long virtualRouterId, boolean
         DomainRouterVO router = routerDao.findById(virtualRouterId);
         if (router == null) {
             String err = String.format("Cannot find VR with ID %s", virtualRouterId);
-            s_logger.error(err);
+            logger.error(err);
             throw new CloudRuntimeException(err);
         }
         Commands commands = new Commands(Command.OnError.Stop);
@@ -6159,7 +6159,7 @@ public boolean handleCksIsoOnNetworkVirtualRouter(Long virtualRouterId, boolean
         }
         Answer answer = commands.getAnswer("handleCksIso");
         if (answer == null || !answer.getResult()) {
-            s_logger.error(String.format("Could not handle the CKS ISO properly: %s", answer.getDetails()));
+            logger.error(String.format("Could not handle the CKS ISO properly: %s", answer.getDetails()));
             return false;
         }
         return true;

From 469c08d1c25af5a8953706d05c4c9297ed42abc6 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 21 May 2024 21:31:00 -0300
Subject: [PATCH 09/88] Add missing headers and fix end of line on files

---
 .../api/response/KubernetesUserVmResponse.java | 16 ++++++++++++++++
 .../KubernetesClusterActionWorker.java         | 18 ++++++++++++++++--
 .../KubernetesClusterAddWorker.java            | 16 ++++++++++++++++
 .../KubernetesClusterRemoveWorker.java         | 16 ++++++++++++++++
 .../RemoveNodesFromKubernetesClusterCmd.java   | 16 ++++++++++++++++
 .../resources/script/remove-node-from-cluster  | 18 +++++++++++++++++-
 .../main/resources/script/validate-cks-node    |  2 +-
 .../cks/ubuntu/22.04/cks-ubuntu-2204.json      |  2 +-
 .../appliance/cks/ubuntu/22.04/http/meta-data  |  2 +-
 .../appliance/cks/ubuntu/22.04/http/user-data  |  2 +-
 .../cks/ubuntu/22.04/scripts/apt_upgrade.sh    |  2 +-
 .../22.04/scripts/configure-cloud-init.sh      |  3 ---
 .../cks/ubuntu/22.04/scripts/setup_template.sh | 16 ++++++++++++++++
 13 files changed, 118 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
index 61edbafd48f9..2285547ab773 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
 package org.apache.cloudstack.api.response;
 
 import com.cloud.network.router.VirtualRouter;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 9728310b54d2..df3e7675ce80 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -1,5 +1,19 @@
-
-
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
 package com.cloud.kubernetes.cluster.actionworkers;
 
 import java.io.BufferedWriter;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 68d9810d80a5..935d206e4893 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
 package com.cloud.kubernetes.cluster.actionworkers;
 
 import com.cloud.event.ActionEventUtils;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
index f39d81d7304c..c76609686a6c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
 package com.cloud.kubernetes.cluster.actionworkers;
 
 import com.cloud.event.ActionEventUtils;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
index c0b569778fe2..72a5c1144409 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
@@ -1,3 +1,19 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
 package org.apache.cloudstack.api.command.user.kubernetes.cluster;
 
 import com.cloud.exception.ConcurrentOperationException;
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster b/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
index 1d2788bdd870..f852a0fd4ddd 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
+++ b/plugins/integrations/kubernetes-service/src/main/resources/script/remove-node-from-cluster
@@ -1,4 +1,20 @@
 #!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
 export PATH=$PATH:/opt/bin
 node_name=$1
@@ -24,4 +40,4 @@ else
   sudo cp /root/.kube/config /home/cloud/.kube/
   sudo chown -R cloud:cloud /home/cloud/.kube
   kubectl delete node $node_name
-fi
\ No newline at end of file
+fi
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node b/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
index a6d38414b0a7..e28614e05afe 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
+++ b/plugins/integrations/kubernetes-service/src/main/resources/script/validate-cks-node
@@ -42,4 +42,4 @@ if (( ${#MISSING_PACKAGES[@]} )); then
   exit 1
 else
   echo 0
-fi
\ No newline at end of file
+fi
diff --git a/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
index 3cf0bd80641a..c7ee09f03547 100644
--- a/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
+++ b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
@@ -51,4 +51,4 @@
       "type": "shell"
     }
   ]
-}
\ No newline at end of file
+}
diff --git a/tools/appliance/cks/ubuntu/22.04/http/meta-data b/tools/appliance/cks/ubuntu/22.04/http/meta-data
index d216be4ddc94..13a83393a912 100644
--- a/tools/appliance/cks/ubuntu/22.04/http/meta-data
+++ b/tools/appliance/cks/ubuntu/22.04/http/meta-data
@@ -13,4 +13,4 @@
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
-# under the License.
\ No newline at end of file
+# under the License.
diff --git a/tools/appliance/cks/ubuntu/22.04/http/user-data b/tools/appliance/cks/ubuntu/22.04/http/user-data
index 341af6701b72..15a7f8f32354 100644
--- a/tools/appliance/cks/ubuntu/22.04/http/user-data
+++ b/tools/appliance/cks/ubuntu/22.04/http/user-data
@@ -100,4 +100,4 @@ autoinstall:
     - chroot /target apt-get purge -y snapd
     - curtin in-target --target=/target -- apt-get purge --auto-remove -y
     - curtin in-target --target=/target -- apt-get clean
-    - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/*
\ No newline at end of file
+    - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/*
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh b/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
index 4551be4f485a..22d25d628efa 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/apt_upgrade.sh
@@ -34,4 +34,4 @@ function apt_upgrade() {
   apt-get clean
 }
 
-return 2>/dev/null || apt_upgrade
\ No newline at end of file
+return 2>/dev/null || apt_upgrade
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
index cc26fd162d02..ca58d43f4478 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
@@ -47,6 +47,3 @@ EOF
 }
 
 configure_services
-
-
-
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh b/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
index 0326b128daa0..be8577cf4e85 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/setup_template.sh
@@ -1,4 +1,20 @@
 #!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
 function create_user() {
     username=$1

From f103c43f0984e4e89c21cc751061f3fc3979889e Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Thu, 2 May 2024 08:41:28 -0300
Subject: [PATCH 10/88] CKS Mark Nodes for Manual Upgrade and Filter Nodes to
 add to CKS cluster from the same network

---
 .../apache/cloudstack/api/ApiConstants.java   |  1 +
 .../META-INF/db/schema-41810to41900.sql       |  1 +
 .../cluster/KubernetesClusterManagerImpl.java |  8 +-
 .../cluster/KubernetesClusterVmMapVO.java     | 11 +++
 .../KubernetesClusterActionWorker.java        |  4 +-
 .../KubernetesClusterAddWorker.java           |  8 +-
 ...esClusterResourceModifierActionWorker.java |  2 +-
 .../KubernetesClusterStartWorker.java         |  4 +-
 .../KubernetesClusterUpgradeWorker.java       | 15 +++-
 .../AddNodesToKubernetesClusterCmd.java       | 11 ++-
 .../KubernetesClusterUpgradeWorkerTest.java   | 83 +++++++++++++++++++
 ui/public/locales/en.json                     |  3 +-
 ui/src/views/compute/KubernetesAddNodes.vue   | 11 ++-
 13 files changed, 149 insertions(+), 13 deletions(-)
 create mode 100644 plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorkerTest.java

diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 72b2d466dd35..c31160ead844 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -295,6 +295,7 @@ public class ApiConstants {
     public static final String LBID = "lbruleid";
     public static final String LB_PROVIDER = "lbprovider";
     public static final String MAC_ADDRESS = "macaddress";
+    public static final String MANUAL_UPGRADE = "manualupgrade";
     public static final String MAX = "max";
     public static final String MAX_SNAPS = "maxsnaps";
     public static final String MAX_CPU_NUMBER = "maxcpunumber";
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index c1eff3f8a2d2..59e3d8c9e392 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -337,6 +337,7 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
 
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 53a6a3670e59..db49ba272525 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1855,6 +1855,9 @@ public boolean addVmsToCluster(AddVirtualMachinesToKubernetesClusterCmd cmd) {
 
     @Override
     public boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd) {
+        if (!KubernetesServiceEnabled.value()) {
+            logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
+        }
         KubernetesClusterVO kubernetesCluster = validateCluster(cmd.getClusterId());
         long networkId = kubernetesCluster.getNetworkId();
         NetworkVO networkVO = networkDao.findById(networkId);
@@ -1864,11 +1867,14 @@ public boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd) {
         }
         KubernetesClusterAddWorker addWorker = new KubernetesClusterAddWorker(kubernetesCluster, KubernetesClusterManagerImpl.this);
         addWorker = ComponentContext.inject(addWorker);
-        return addWorker.addNodesToCluster(validNodeIds, cmd.isMountCksIsoOnVr());
+        return addWorker.addNodesToCluster(validNodeIds, cmd.isMountCksIsoOnVr(), cmd.isManualUpgrade());
     }
 
     @Override
     public boolean removeNodesFromKubernetesCluster(RemoveNodesFromKubernetesClusterCmd cmd) throws Exception {
+        if (!KubernetesServiceEnabled.value()) {
+            logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
+        }
         KubernetesClusterVO kubernetesCluster = validateCluster(cmd.getClusterId());
         List<Long> validNodeIds = validateNodes(cmd.getNodeIds(), null, null, kubernetesCluster, true);
         if (validNodeIds.isEmpty()) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
index 804d5b016f85..eace72540810 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
@@ -48,6 +48,9 @@ public class KubernetesClusterVmMapVO implements KubernetesClusterVmMap {
     @Column(name = "external_node")
     boolean externalNode;
 
+    @Column(name = "manual_upgrade")
+    boolean manualUpgrade;
+
     public KubernetesClusterVmMapVO() {
     }
 
@@ -105,4 +108,12 @@ public boolean isExternalNode() {
     public void setExternalNode(boolean externalNode) {
         this.externalNode = externalNode;
     }
+
+    public boolean isManualUpgrade() {
+        return manualUpgrade;
+    }
+
+    public void setManualUpgrade(boolean manualUpgrade) {
+        this.manualUpgrade = manualUpgrade;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index df3e7675ce80..553245b90751 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -354,12 +354,14 @@ protected File getManagementServerSshPublicKeyFile() {
         return new File(keyFile);
     }
 
-    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId, boolean isControlNode, boolean isExternalNode) {
+    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId, boolean isControlNode,
+                                                              boolean isExternalNode, boolean markForManualUpgrade) {
         return Transaction.execute(new TransactionCallback<KubernetesClusterVmMapVO>() {
             @Override
             public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
                 KubernetesClusterVmMapVO newClusterVmMap = new KubernetesClusterVmMapVO(kubernetesClusterId, vmId, isControlNode);
                 newClusterVmMap.setExternalNode(isExternalNode);
+                newClusterVmMap.setManualUpgrade(markForManualUpgrade);
                 kubernetesClusterVmMapDao.persist(newClusterVmMap);
                 return newClusterVmMap;
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 935d206e4893..8abfc66e23ef 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -70,7 +70,7 @@ public KubernetesClusterAddWorker(KubernetesCluster kubernetesCluster, Kubernete
         super(kubernetesCluster, clusterManager);
     }
 
-    public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr) throws CloudRuntimeException {
+    public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr, boolean manualUpgrade) throws CloudRuntimeException {
         try {
             init();
             addNodeTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterAddNodeTimeout.value() * 1000;
@@ -90,7 +90,7 @@ public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr) th
             stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.AddNodeRequested);
             Ternary<Integer, Long, Long> nodesAddedAndMemory = importNodeToCluster(nodeIds, network, publicIp, mountCksIsoOnVr);
             int nodesAdded = nodesAddedAndMemory.first();
-            updateKubernetesCluster(kubernetesCluster.getId(), nodesAddedAndMemory);
+            updateKubernetesCluster(kubernetesCluster.getId(), nodesAddedAndMemory, manualUpgrade);
             if (nodeIds.size() != nodesAdded) {
                 String msg = String.format("Not every node was added to the CKS cluster %s, nodes added: %s out of %s", kubernetesCluster.getUuid(), nodesAdded, nodeIds.size());
                 logger.info(msg);
@@ -255,7 +255,7 @@ private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress p
         return new Pair<>(true, ++nodeIndex);
     }
 
-    private void updateKubernetesCluster(long clusterId, Ternary<Integer, Long, Long> additionalNodesDetails) {
+    private void updateKubernetesCluster(long clusterId, Ternary<Integer, Long, Long> additionalNodesDetails, boolean manualUpgrade) {
         int additionalNodeCount = additionalNodesDetails.first();
         KubernetesClusterVO kubernetesClusterVO = kubernetesClusterDao.findById(clusterId);
         kubernetesClusterVO.setNodeCount(kubernetesClusterVO.getNodeCount() + additionalNodeCount);
@@ -264,7 +264,7 @@ private void updateKubernetesCluster(long clusterId, Ternary<Integer, Long, Long
         kubernetesClusterDao.update(clusterId, kubernetesClusterVO);
         kubernetesCluster = kubernetesClusterVO;
 
-        finalNodeIds.forEach(id -> addKubernetesClusterVm(clusterId, id, false, true));
+        finalNodeIds.forEach(id -> addKubernetesClusterVm(clusterId, id, false, true, manualUpgrade));
     }
 
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index df5a58f7bdfe..b4a2bd363b56 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -363,7 +363,7 @@ protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, f
         List<UserVm> nodes = new ArrayList<>();
         for (int i = offset + 1; i <= nodeCount; i++) {
             UserVm vm = createKubernetesNode(publicIpAddress);
-            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false);
+            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, false);
             if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                 resizeNodeVolume(vm);
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 8a4685251d2c..160d8869adbb 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -331,7 +331,7 @@ private UserVm provisionKubernetesClusterControlVm(final Network network, final
             ManagementServerException, InsufficientCapacityException, ResourceUnavailableException {
         UserVm k8sControlVM = null;
         k8sControlVM = createKubernetesControlNode(network, publicIpAddress);
-        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false);
+        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false, false);
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
         }
@@ -353,7 +353,7 @@ private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String
             for (int i = 1; i < kubernetesCluster.getControlNodeCount(); i++) {
                 UserVm vm = null;
                 vm = createKubernetesAdditionalControlNode(publicIpAddress, i);
-                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false);
+                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false, false);
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
index 4fefa54a6d98..f80a5f0a16d6 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
@@ -20,7 +20,9 @@
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.stream.Collectors;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Level;
@@ -40,7 +42,7 @@
 
 public class KubernetesClusterUpgradeWorker extends KubernetesClusterActionWorker {
 
-    private List<UserVm> clusterVMs = new ArrayList<>();
+    protected List<UserVm> clusterVMs = new ArrayList<>();
     private KubernetesSupportedVersion upgradeVersion;
     private final String upgradeScriptFilename = "upgrade-kubernetes.sh";
     private File upgradeScriptFile;
@@ -171,6 +173,7 @@ public boolean upgradeCluster() throws CloudRuntimeException {
         if (CollectionUtils.isEmpty(clusterVMs)) {
             logAndThrow(Level.ERROR, String.format("Upgrade failed for Kubernetes cluster : %s, unable to retrieve VMs for cluster", kubernetesCluster.getName()));
         }
+        filterOutManualUpgradeNodesFromClusterUpgrade();
         retrieveScriptFiles();
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.UpgradeRequested);
         attachIsoKubernetesVMs(clusterVMs, upgradeVersion);
@@ -186,4 +189,14 @@ public boolean upgradeCluster() throws CloudRuntimeException {
         }
         return updated;
     }
+
+    protected void filterOutManualUpgradeNodesFromClusterUpgrade() {
+        if (CollectionUtils.isEmpty(clusterVMs)) {
+            return;
+        }
+        clusterVMs = clusterVMs.stream().filter(x -> {
+            KubernetesClusterVmMapVO mapVO = kubernetesClusterVmMapDao.getClusterMapFromVmId(x.getId());
+            return mapVO != null && !mapVO.isManualUpgrade();
+        }).collect(Collectors.toList());
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
index 3392928d225d..f8bea80e67b9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -31,6 +31,7 @@
 import org.apache.cloudstack.api.response.KubernetesClusterResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
 import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.log4j.Logger;
 
 import javax.inject.Inject;
@@ -69,6 +70,10 @@ public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
             since = "4.20.0")
     private Boolean mountCksIsoOnVr;
 
+    @Parameter(name = ApiConstants.MANUAL_UPGRADE, type = CommandType.BOOLEAN,
+            description = "(optional) indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation",
+            since = "4.20.0")
+    private Boolean manualUpgrade;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
@@ -83,7 +88,11 @@ public Long getClusterId() {
     }
 
     public boolean isMountCksIsoOnVr() {
-        return mountCksIsoOnVr != null && mountCksIsoOnVr;
+        return BooleanUtils.isTrue(mountCksIsoOnVr);
+    }
+
+    public boolean isManualUpgrade() {
+        return BooleanUtils.isTrue(manualUpgrade);
     }
 
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorkerTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorkerTest.java
new file mode 100644
index 000000000000..ff8f875d06e1
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorkerTest.java
@@ -0,0 +1,83 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster.actionworkers;
+
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
+import com.cloud.kubernetes.version.KubernetesSupportedVersion;
+import com.cloud.uservm.UserVm;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@RunWith(MockitoJUnitRunner.class)
+public class KubernetesClusterUpgradeWorkerTest {
+
+    @Mock
+    private KubernetesCluster kubernetesCluster;
+    @Mock
+    private KubernetesSupportedVersion kubernetesSupportedVersion;
+    @Mock
+    private KubernetesClusterManagerImpl clusterManager;
+    @Mock
+    private KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
+
+    private KubernetesClusterUpgradeWorker worker;
+
+    @Before
+    public void setUp() {
+        String[] keys = {};
+        worker = new KubernetesClusterUpgradeWorker(kubernetesCluster, kubernetesSupportedVersion, clusterManager, keys);
+        worker.kubernetesClusterVmMapDao = kubernetesClusterVmMapDao;
+    }
+
+    @Test
+    public void testFilterOutManualUpgradeNodesFromClusterUpgrade() {
+        long controlNodeId = 1L;
+        long workerNode1Id = 2L;
+        long workerNode2Id = 3L;
+        UserVm controlNode = Mockito.mock(UserVm.class);
+        Mockito.when(controlNode.getId()).thenReturn(controlNodeId);
+        UserVm workerNode1 = Mockito.mock(UserVm.class);
+        Mockito.when(workerNode1.getId()).thenReturn(workerNode1Id);
+        UserVm workerNode2 = Mockito.mock(UserVm.class);
+        Mockito.when(workerNode2.getId()).thenReturn(workerNode2Id);
+        KubernetesClusterVmMapVO controlNodeMap = Mockito.mock(KubernetesClusterVmMapVO.class);
+        KubernetesClusterVmMapVO workerNode1Map = Mockito.mock(KubernetesClusterVmMapVO.class);
+        KubernetesClusterVmMapVO workerNode2Map = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(workerNode2Map.isManualUpgrade()).thenReturn(true);
+        Mockito.when(kubernetesClusterVmMapDao.getClusterMapFromVmId(controlNodeId)).thenReturn(controlNodeMap);
+        Mockito.when(kubernetesClusterVmMapDao.getClusterMapFromVmId(workerNode1Id)).thenReturn(workerNode1Map);
+        Mockito.when(kubernetesClusterVmMapDao.getClusterMapFromVmId(workerNode2Id)).thenReturn(workerNode2Map);
+        worker.clusterVMs = Arrays.asList(controlNode, workerNode1, workerNode2);
+        worker.filterOutManualUpgradeNodesFromClusterUpgrade();
+        Assert.assertEquals(2, worker.clusterVMs.size());
+        List<Long> ids = worker.clusterVMs.stream().map(UserVm::getId).collect(Collectors.toList());
+        Assert.assertTrue(ids.contains(controlNodeId) && ids.contains(workerNode1Id));
+        Assert.assertFalse(ids.contains(workerNode2Id));
+    }
+}
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 7e52486aa3d6..65b44209b382 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -469,6 +469,7 @@
 "label.cks.cluster.etcd.nodes.templateid": "Template for etcd Nodes",
 "label.cks.cluster.maxsize": "Maximum cluster size (Worker nodes)",
 "label.cks.cluster.minsize": "Minimum cluster size (Worker nodes)",
+"label.cks.cluster.node.manual.upgrade": "Mark nodes for manual upgrade",
 "label.cks.cluster.size": "Cluster size (Worker nodes)",
 "label.cks.cluster.worker.nodes.offeringid": "Service Offering for Worker Nodes",
 "label.cks.cluster.worker.nodes.templateid": "Template for Worker Nodes",
@@ -1380,7 +1381,7 @@
 "label.monitor.url": "URL Path",
 "label.monthly": "Monthly",
 "label.more.access.dashboard.ui": "More about accessing dashboard UI",
-"label.mount.cks.iso.on.vr": "Mount and serve CKS ISO on the CKS cluster's network Virtual Router",
+"label.mount.cks.iso.on.vr": "Use CKS packages from Virtual Router",
 "label.move.down.row": "Move down one row",
 "label.move.to.bottom": "Move to bottom",
 "label.move.to.top": "Move to top",
diff --git a/ui/src/views/compute/KubernetesAddNodes.vue b/ui/src/views/compute/KubernetesAddNodes.vue
index d6d8dc727318..dddcc90be252 100644
--- a/ui/src/views/compute/KubernetesAddNodes.vue
+++ b/ui/src/views/compute/KubernetesAddNodes.vue
@@ -48,6 +48,11 @@
             {{ $t('label.mount.cks.iso.on.vr') }}
           </a-checkbox>
         </a-form-item>
+        <a-form-item name="manualupgrade" ref="manualupgrade">
+          <a-checkbox v-model:checked="form.manualupgrade">
+            {{ $t('label.cks.cluster.node.manual.upgrade') }}
+          </a-checkbox>
+        </a-form-item>
       </div>
       <p v-else v-html="$t('label.vms.empty')" />
 
@@ -111,7 +116,8 @@ export default {
           accountId: accountId,
           domainId: domainId,
           details: 'min',
-          listall: 'true'
+          listall: 'true',
+          networkid: this.resource.networkid
         }).then(json => {
           const vms = json.listvirtualmachinesresponse.virtualmachine || []
           resolve(vms)
@@ -135,6 +141,9 @@ export default {
         if (values.mountcksiso) {
           params.mountcksisoonvr = values.mountcksiso
         }
+        if (values.manualupgrade) {
+          params.manualupgrade = values.manualupgrade
+        }
         this.loading = true
         try {
           const jobId = await this.addNodesToKubernetesCluster(params)

From b72a7cd020d09ed1019762a6e7b909545ae34684 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Thu, 2 May 2024 10:19:43 -0300
Subject: [PATCH 11/88] Add support to deploy CKS cluster nodes on hosts
 dedicated to a domain

---------

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
---
 .../cluster/KubernetesClusterManagerImpl.java |  81 ++++++++-
 .../cluster/KubernetesClusterService.java     |   2 +-
 .../KubernetesClusterActionWorker.java        |  18 ++
 ...esClusterResourceModifierActionWorker.java | 159 ++++++++----------
 .../KubernetesClusterScaleWorker.java         |   6 +-
 .../KubernetesClusterStartWorker.java         |  52 +++---
 .../cluster/CreateKubernetesClusterCmd.java   |   5 +-
 .../cluster/StartKubernetesClusterCmd.java    |   4 +-
 8 files changed, 200 insertions(+), 127 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index db49ba272525..1272eb9e27c3 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -46,12 +46,16 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.dc.DedicatedResourceVO;
+import com.cloud.dc.dao.DedicatedResourceDao;
+import com.cloud.host.Host;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterRemoveWorker;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.element.NsxProviderVO;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterAddWorker;
 import com.cloud.template.TemplateApiService;
+import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmService;
@@ -59,6 +63,8 @@
 import com.cloud.vm.dao.UserVmDetailsDao;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiConstants;
@@ -118,7 +124,6 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceAllocationException;
-import com.cloud.host.Host.Type;
 import com.cloud.host.HostVO;
 import com.cloud.host.dao.HostDao;
 import com.cloud.hypervisor.Hypervisor;
@@ -236,12 +241,18 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected HostDao hostDao;
     @Inject
+    protected AffinityGroupDao affinityGroupDao;
+    @Inject
     protected ServiceOfferingDao serviceOfferingDao;
     @Inject
     protected VMTemplateDao templateDao;
     @Inject
     protected TemplateJoinDao templateJoinDao;
     @Inject
+    protected DedicatedResourceDao dedicatedResourceDao;
+    @Inject
+    protected AccountDao accountDao;
+    @Inject
     protected AccountService accountService;
     @Inject
     protected AccountManager accountManager;
@@ -531,16 +542,43 @@ private void validateDockerRegistryParams(final String dockerRegistryUserName,
         }
     }
 
-    private DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering) throws InsufficientServerCapacityException {
+    public Long getExplicitAffinityGroup(Long domainId) {
+        AffinityGroupVO groupVO = affinityGroupDao.findDomainLevelGroupByType(domainId, "ExplicitDedication");
+        if (Objects.nonNull(groupVO)) {
+            return groupVO.getId();
+        }
+        return null;
+    }
+
+    private DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering,
+                                   final Long domainId, final Long accountId) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
-        List<HostVO> hosts = resourceManager.listAllHostsInOneZoneByType(Type.Routing, zone.getId());
+        boolean useDedicatedHosts = false;
+        Long group = getExplicitAffinityGroup(domainId);
+        List<HostVO> hosts = new ArrayList<>();
+        if (Objects.nonNull(group)) {
+            List<DedicatedResourceVO> dedicatedHosts = new ArrayList<>();
+            if (Objects.nonNull(accountId)) {
+                dedicatedHosts = dedicatedResourceDao.listByAccountId(accountId);
+            } else if (Objects.nonNull(domainId)) {
+                dedicatedHosts = dedicatedResourceDao.listByDomainId(domainId);
+            }
+            for (DedicatedResourceVO dedicatedHost : dedicatedHosts) {
+                hosts.add(hostDao.findById(dedicatedHost.getHostId()));
+                useDedicatedHosts = true;
+            }
+        }
+        if (hosts.isEmpty()) {
+            hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
+        }
         final Map<String, Pair<HostVO, Integer>> hosts_with_resevered_capacity = new ConcurrentHashMap<String, Pair<HostVO, Integer>>();
         for (HostVO h : hosts) {
             hosts_with_resevered_capacity.put(h.getUuid(), new Pair<HostVO, Integer>(h, 0));
         }
         boolean suitable_host_found = false;
         Cluster planCluster = null;
+        HostVO suitableHost = null;
         for (int i = 1; i <= nodesCount; i++) {
             suitable_host_found = false;
             for (Map.Entry<String, Pair<HostVO, Integer>> hostEntry : hosts_with_resevered_capacity.entrySet()) {
@@ -566,6 +604,7 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
                     }
                     hostEntry.setValue(new Pair<HostVO, Integer>(hostVO, reserved));
                     suitable_host_found = true;
+                    suitableHost = hostVO;
                     planCluster = cluster;
                     break;
                 }
@@ -581,6 +620,10 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
             if (logger.isInfoEnabled()) {
                 logger.info(String.format("Suitable hosts found in datacenter ID: %s, creating deployment destination", zone.getUuid()));
             }
+            if (useDedicatedHosts) {
+                planCluster = clusterDao.findById(suitableHost.getClusterId());
+                return new DeployDestination(zone, null, planCluster, suitableHost);
+            }
             return new DeployDestination(zone, null, planCluster, null);
         }
         String msg = String.format("Cannot find enough capacity for Kubernetes cluster(requested cpu=%d memory=%s) with offering ID: %s",
@@ -1349,7 +1392,16 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
 
         Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
         Long defaultServiceOfferingId = cmd.getServiceOfferingId();
-        Hypervisor.HypervisorType hypervisorType = getHypervisorTypeAndValidateNodeDeployments(serviceOfferingNodeTypeMap, defaultServiceOfferingId, nodeTypeCount, zone);
+        String accountName = cmd.getAccountName();
+        Long domainId = cmd.getDomainId();
+        Long accountId = null;
+        if (Objects.nonNull(accountName) && Objects.nonNull(domainId)) {
+            Account account = accountDao.findActiveAccount(accountName, domainId);
+            if (Objects.nonNull(account)) {
+                accountId = account.getId();
+            }
+        }
+        Hypervisor.HypervisorType hypervisorType = getHypervisorTypeAndValidateNodeDeployments(serviceOfferingNodeTypeMap, defaultServiceOfferingId, nodeTypeCount, zone, domainId, accountId);
 
         SecurityGroup securityGroup = null;
         if (zone.isSecurityGroupEnabled()) {
@@ -1434,7 +1486,8 @@ protected Pair<Long, Long> calculateClusterCapacity(Map<String, Long> map, Map<S
 
     protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(Map<String, Long> serviceOfferingNodeTypeMap,
                                                                                     Long defaultServiceOfferingId,
-                                                                                    Map<String, Long> nodeTypeCount, DataCenter zone) {
+                                                                                    Map<String, Long> nodeTypeCount,
+                                                                                    DataCenter zone, Long domainId, Long accountId) {
         Hypervisor.HypervisorType hypervisorType = null;
         for (String nodeType : CLUSTER_NODES_TYPES_LIST) {
             if (!nodeTypeCount.containsKey(nodeType)) {
@@ -1448,7 +1501,7 @@ protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(
                         (!serviceOfferingNodeTypeMap.containsKey(ETCD.name()) || nodes == 0)) {
                     continue;
                 }
-                DeployDestination deployDestination = plan(nodes, zone, serviceOffering);
+                DeployDestination deployDestination = plan(nodes, zone, serviceOffering, domainId, accountId);
                 if (deployDestination.getCluster() == null) {
                     logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to error while finding suitable deployment plan for cluster in zone : %s", zone.getName()));
                 }
@@ -1491,14 +1544,17 @@ private SecurityGroup getOrCreateSecurityGroupForAccount(Account owner) {
      * are provisioned from scratch. Second kind of start, happens on  Stopped Kubernetes cluster, in which all resources
      * are provisioned (like volumes, nics, networks etc). It just that VM's are not in running state. So just
      * start the VM's (which can possibly implicitly start the network also).
+     *
      * @param kubernetesClusterId
+     * @param domainId
+     * @param accountName
      * @param onCreate
      * @return
      * @throws CloudRuntimeException
      */
 
     @Override
-    public boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate) throws CloudRuntimeException {
+    public boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate) throws CloudRuntimeException {
         if (!KubernetesServiceEnabled.value()) {
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
@@ -1526,6 +1582,13 @@ public boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate
         if (zone == null) {
             logAndThrow(Level.WARN, String.format("Unable to find zone for Kubernetes cluster : %s", kubernetesCluster.getName()));
         }
+        Long accountId = null;
+        if (Objects.nonNull(accountName) && Objects.nonNull(domainId)) {
+            Account account = accountDao.findActiveAccount(accountName, domainId);
+            if (Objects.nonNull(account)) {
+                accountId = account.getId();
+            }
+        }
         KubernetesClusterStartWorker startWorker =
             new KubernetesClusterStartWorker(kubernetesCluster, this);
         startWorker = ComponentContext.inject(startWorker);
@@ -1533,10 +1596,10 @@ public boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate
             // Start for Kubernetes cluster in 'Created' state
             String[] keys = getServiceUserKeys(kubernetesCluster);
             startWorker.setKeys(keys);
-            return startWorker.startKubernetesClusterOnCreate();
+            return startWorker.startKubernetesClusterOnCreate(domainId, accountId);
         } else {
             // Start for Kubernetes cluster in 'Stopped' state. Resources are already provisioned, just need to be started
-            return startWorker.startStoppedKubernetesCluster();
+            return startWorker.startStoppedKubernetesCluster(domainId, accountId);
         }
     }
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index fc47cc0943a1..e6b35f29da8a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -136,7 +136,7 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
-    boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate) throws CloudRuntimeException;
+    boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate) throws CloudRuntimeException;
 
     boolean stopKubernetesCluster(StopKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 553245b90751..095ec66aba17 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -59,6 +59,8 @@
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.NicDao;
 import com.cloud.vm.UserVmManager;
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.ca.CAManager;
@@ -194,6 +196,8 @@ public class KubernetesClusterActionWorker {
     protected FirewallService firewallService;
     @Inject
     private NicDao nicDao;
+    @Inject
+    protected AffinityGroupDao affinityGroupDao;
 
     protected KubernetesClusterDao kubernetesClusterDao;
     protected KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
@@ -983,4 +987,18 @@ protected Map<Long, Integer> getVmPortMap() {
         });
         return vmIdPortMap;
     }
+
+    public Long getExplicitAffinityGroup(Long domainId, Long accountId) {
+        AffinityGroupVO groupVO = null;
+        if (Objects.nonNull(accountId)) {
+            groupVO = affinityGroupDao.findByAccountAndType(accountId, "ExplicitDedication");
+        }
+        if (Objects.isNull(groupVO)) {
+            groupVO = affinityGroupDao.findDomainLevelGroupByType(domainId, "ExplicitDedication");
+        }
+        if (Objects.nonNull(groupVO)) {
+            return groupVO.getId();
+        }
+        return null;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index b4a2bd363b56..37d280510d10 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -27,6 +27,7 @@
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -36,19 +37,18 @@
 
 import javax.inject.Inject;
 
-import com.cloud.kubernetes.cluster.KubernetesClusterDetailsVO;
+import com.cloud.dc.DedicatedResourceVO;
+import com.cloud.dc.dao.DedicatedResourceDao;
+import com.cloud.deploy.DataCenterDeployment;
+import com.cloud.deploy.DeploymentPlan;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
-import com.cloud.kubernetes.cluster.KubernetesClusterService;
-import com.cloud.kubernetes.cluster.utils.KubernetesClusterUtil;
 import com.cloud.network.rules.FirewallManager;
 import com.cloud.network.rules.RulesService;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.dao.NetworkOfferingDao;
-import com.cloud.user.SSHKeyPairVO;
 import com.cloud.utils.db.TransactionCallbackWithException;
 import com.cloud.utils.net.Ip;
-import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd;
@@ -146,6 +146,8 @@ public class KubernetesClusterResourceModifierActionWorker extends KubernetesClu
     @Inject
     protected ResourceManager resourceManager;
     @Inject
+    protected DedicatedResourceDao dedicatedResourceDao;
+    @Inject
     protected LoadBalancerDao loadBalancerDao;
     @Inject
     protected VMInstanceDao vmInstanceDao;
@@ -171,88 +173,34 @@ protected void init() {
         kubernetesClusterNodeNamePrefix = getKubernetesClusterNodeNamePrefix();
     }
 
-    private String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
-        String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
-        final String sshPubKey = "{{ k8s.ssh.pub.key }}";
-        final String joinIpKey = "{{ k8s_control_node.join_ip }}";
-        final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
-        final String ejectIsoKey = "{{ k8s.eject.iso }}";
-        final String installWaitTime = "{{ k8s.install.wait.time }}";
-        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
-
-        final Long waitTime = KubernetesClusterService.KubernetesWorkerNodeInstallAttemptWait.value();
-        final Long reattempts = KubernetesClusterService.KubernetesWorkerNodeInstallReattempts.value();
-        String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
-        String sshKeyPair = kubernetesCluster.getKeyPair();
-        if (StringUtils.isNotEmpty(sshKeyPair)) {
-            SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
-            if (sshkp != null) {
-                pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
-            }
-        }
-        k8sNodeConfig = k8sNodeConfig.replace(sshPubKey, pubKey);
-        k8sNodeConfig = k8sNodeConfig.replace(joinIpKey, joinIp);
-        k8sNodeConfig = k8sNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
-        k8sNodeConfig = k8sNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
-        k8sNodeConfig = k8sNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
-        k8sNodeConfig = k8sNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
-        k8sNodeConfig = updateKubeConfigWithRegistryDetails(k8sNodeConfig);
-
-        return k8sNodeConfig;
-    }
-
-    protected String updateKubeConfigWithRegistryDetails(String k8sConfig) {
-        /* genarate /etc/containerd/config.toml file on the nodes only if Kubernetes cluster is created to
-         * use docker private registry */
-        String registryUsername = null;
-        String registryPassword = null;
-        String registryUrl = null;
-
-        List<KubernetesClusterDetailsVO> details = kubernetesClusterDetailsDao.listDetails(kubernetesCluster.getId());
-        for (KubernetesClusterDetailsVO detail : details) {
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_USER_NAME)) {
-                registryUsername = detail.getValue();
-            }
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_PASSWORD)) {
-                registryPassword = detail.getValue();
+    protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering,
+                                     final Long domainId, final Long accountId) throws InsufficientServerCapacityException {
+        final int cpu_requested = offering.getCpu() * offering.getSpeed();
+        final long ram_requested = offering.getRamSize() * 1024L * 1024L;
+        boolean useDedicatedHosts = false;
+        List<HostVO> hosts = new ArrayList<>();
+        Long group = getExplicitAffinityGroup(domainId, accountId);
+        if (Objects.nonNull(group)) {
+            List<DedicatedResourceVO> dedicatedHosts = new ArrayList<>();
+            if (Objects.nonNull(accountId)) {
+                dedicatedHosts = dedicatedResourceDao.listByAccountId(accountId);
+            } else if (Objects.nonNull(domainId)) {
+                dedicatedHosts = dedicatedResourceDao.listByDomainId(domainId);
             }
-            if (detail.getName().equals(ApiConstants.DOCKER_REGISTRY_URL)) {
-                registryUrl = detail.getValue();
+            for (DedicatedResourceVO dedicatedHost : dedicatedHosts) {
+                hosts.add(hostDao.findById(dedicatedHost.getHostId()));
+                useDedicatedHosts = true;
             }
         }
-
-        if (StringUtils.isNoneEmpty(registryUsername, registryPassword, registryUrl)) {
-            // Update runcmd in the cloud-init configuration to run a script that updates the containerd config with provided registry details
-            String runCmd = "- bash -x /opt/bin/setup-containerd";
-
-            String registryEp = registryUrl.split("://")[1];
-            k8sConfig = k8sConfig.replace("- containerd config default > /etc/containerd/config.toml", runCmd);
-            final String registryUrlKey = "{{registry.url}}";
-            final String registryUrlEpKey = "{{registry.url.endpoint}}";
-            final String registryAuthKey = "{{registry.token}}";
-            final String registryUname = "{{registry.username}}";
-            final String registryPsswd = "{{registry.password}}";
-
-            final String usernamePasswordKey = registryUsername + ":" + registryPassword;
-            String base64Auth = Base64.encodeBase64String(usernamePasswordKey.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
-            k8sConfig = k8sConfig.replace(registryUrlKey,   registryUrl);
-            k8sConfig = k8sConfig.replace(registryUrlEpKey, registryEp);
-            k8sConfig = k8sConfig.replace(registryUname, registryUsername);
-            k8sConfig = k8sConfig.replace(registryPsswd, registryPassword);
-            k8sConfig = k8sConfig.replace(registryAuthKey, base64Auth);
+        if (hosts.isEmpty()) {
+            hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
         }
-        return k8sConfig;
-    }
-
-    protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering) throws InsufficientServerCapacityException {
-        final int cpu_requested = offering.getCpu() * offering.getSpeed();
-        final long ram_requested = offering.getRamSize() * 1024L * 1024L;
-        List<HostVO> hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
         final Map<String, Pair<HostVO, Integer>> hosts_with_resevered_capacity = new ConcurrentHashMap<String, Pair<HostVO, Integer>>();
         for (HostVO h : hosts) {
             hosts_with_resevered_capacity.put(h.getUuid(), new Pair<HostVO, Integer>(h, 0));
         }
         boolean suitable_host_found = false;
+        HostVO suitableHost = null;
         for (int i = 1; i <= nodesCount; i++) {
             suitable_host_found = false;
             for (Map.Entry<String, Pair<HostVO, Integer>> hostEntry : hosts_with_resevered_capacity.entrySet()) {
@@ -281,6 +229,7 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
                     }
                     hostEntry.setValue(new Pair<HostVO, Integer>(h, reserved));
                     suitable_host_found = true;
+                    suitableHost = h;
                     break;
                 }
             }
@@ -296,6 +245,9 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
             if (logger.isInfoEnabled()) {
                 logger.info(String.format("Suitable hosts found in datacenter : %s, creating deployment destination", zone.getName()));
             }
+            if (useDedicatedHosts) {
+                return new DeployDestination(zone, null, null, suitableHost);
+            }
             return new DeployDestination(zone, null, null, null);
         }
         String msg = String.format("Cannot find enough capacity for Kubernetes cluster(requested cpu=%d memory=%s) with offering : %s and hypervisor: %s",
@@ -305,13 +257,13 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
-    protected DeployDestination plan() throws InsufficientServerCapacityException {
+    protected DeployDestination plan(Long domainId, Long accountId) throws InsufficientServerCapacityException {
         ServiceOffering offering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
         if (logger.isDebugEnabled()) {
             logger.debug(String.format("Checking deployment destination for Kubernetes cluster : %s in zone : %s", kubernetesCluster.getName(), zone.getName()));
         }
-        return plan(kubernetesCluster.getTotalNodeCount(), zone, offering);
+        return plan(kubernetesCluster.getTotalNodeCount(), zone, offering, domainId, accountId);
     }
 
     protected void resizeNodeVolume(final UserVm vm) throws ManagementServerException {
@@ -337,14 +289,33 @@ protected void resizeNodeVolume(final UserVm vm) throws ManagementServerExceptio
         }
     }
 
-    protected void startKubernetesVM(final UserVm vm) throws ManagementServerException {
+    protected void startKubernetesVM(final UserVm vm, final Long domainId, final Long accountId) throws ManagementServerException {
         try {
             StartVMCmd startVm = new StartVMCmd();
             startVm = ComponentContext.inject(startVm);
             Field f = startVm.getClass().getDeclaredField("id");
             f.setAccessible(true);
             f.set(startVm, vm.getId());
-            itMgr.advanceStart(vm.getUuid(), null, null);
+            DeploymentPlan planner = null;
+            if (Objects.nonNull(domainId) && !listDedicatedHostsInDomain(domainId).isEmpty()) {
+                DeployDestination dest = null;
+                try {
+                     dest = plan(domainId, accountId);
+                } catch (InsufficientCapacityException e) {
+                    logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
+                }
+                if (dest != null) {
+                    planner = new DataCenterDeployment(
+                            Objects.nonNull(dest.getDataCenter()) ? dest.getDataCenter().getId() : 0,
+                            Objects.nonNull(dest.getPod()) ? dest.getPod().getId() : null,
+                            Objects.nonNull(dest.getCluster()) ? dest.getCluster().getId() : null,
+                            Objects.nonNull(dest.getHost()) ? dest.getHost().getId() : null,
+                            null,
+                            null);
+                }
+            }
+
+            itMgr.advanceStart(vm.getUuid(), null, planner, null);
             if (logger.isInfoEnabled()) {
                 logger.info(String.format("Started VM : %s in the Kubernetes cluster : %s", vm.getDisplayName(), kubernetesCluster.getName()));
             }
@@ -358,16 +329,17 @@ protected void startKubernetesVM(final UserVm vm) throws ManagementServerExcepti
         }
     }
 
-    protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, final int offset, final String publicIpAddress) throws ManagementServerException,
+    protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, final int offset,
+                                                             final String publicIpAddress, final Long domainId, final Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         List<UserVm> nodes = new ArrayList<>();
         for (int i = offset + 1; i <= nodeCount; i++) {
-            UserVm vm = createKubernetesNode(publicIpAddress);
+            UserVm vm = createKubernetesNode(publicIpAddress, domainId, accountId);
             addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, false);
             if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                 resizeNodeVolume(vm);
             }
-            startKubernetesVM(vm);
+            startKubernetesVM(vm, domainId, accountId);
             vm = userVmDao.findById(vm.getId());
             if (vm == null) {
                 throw new ManagementServerException(String.format("Failed to provision worker VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -380,12 +352,12 @@ protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, f
         return nodes;
     }
 
-    protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, final String publicIpAddress) throws ManagementServerException,
+    protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, final String publicIpAddress, final Long domainId, final Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
-        return provisionKubernetesClusterNodeVms(nodeCount, 0, publicIpAddress);
+        return provisionKubernetesClusterNodeVms(nodeCount, 0, publicIpAddress, domainId, accountId);
     }
 
-    protected UserVm createKubernetesNode(String joinIp) throws ManagementServerException,
+    protected UserVm createKubernetesNode(String joinIp, Long domainId, Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm nodeVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
@@ -416,18 +388,21 @@ protected UserVm createKubernetesNode(String joinIp) throws ManagementServerExce
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
+        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             nodeVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    null, addrs, null, null, null, customParameterMap, null, null, null,
+                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
             nodeVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    null, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
+                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
         }
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Created node VM : %s, %s in the Kubernetes cluster : %s", hostName, nodeVm.getUuid(), kubernetesCluster.getName()));
@@ -908,4 +883,8 @@ protected boolean autoscaleCluster(boolean enable, Long minSize, Long maxSize) {
             updateLoginUserDetails(null);
         }
     }
+
+    protected List<DedicatedResourceVO> listDedicatedHostsInDomain(Long domainId) {
+        return dedicatedResourceDao.listByDomainId(domainId);
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 1e672c7a2ffa..eaf5c3731e8e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -333,9 +333,9 @@ private void validateKubernetesClusterScaleSizeParameters() throws CloudRuntimeE
             final DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
             try {
                 if (originalState.equals(KubernetesCluster.State.Running)) {
-                    plan(newVmRequiredCount, zone, clusterServiceOffering);
+                    plan(newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
                 } else {
-                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering);
+                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
                 }
             } catch (InsufficientCapacityException e) {
                 logTransitStateToFailedIfNeededAndThrow(Level.WARN, String.format("Scaling failed for Kubernetes cluster : %s in zone : %s, insufficient capacity", kubernetesCluster.getName(), zone.getName()));
@@ -437,7 +437,7 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
             launchPermissionDao.persist(launchPermission);
         }
         try {
-            clusterVMs = provisionKubernetesClusterNodeVms((int)(newVmCount + kubernetesCluster.getNodeCount()), (int)kubernetesCluster.getNodeCount(), publicIpAddress);
+            clusterVMs = provisionKubernetesClusterNodeVms((int)(newVmCount + kubernetesCluster.getNodeCount()), (int)kubernetesCluster.getNodeCount(), publicIpAddress, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
             updateLoginUserDetails(clusterVMs.stream().map(InternalIdentity::getId).collect(Collectors.toList()));
         } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to provision node VM in the cluster", kubernetesCluster.getName()), e);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 160d8869adbb..cfe6657f1e8f 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -24,9 +24,11 @@
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.stream.Collectors;
 
 import org.apache.cloudstack.api.BaseCmd;
@@ -188,7 +190,7 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         return k8sControlNodeConfig;
     }
 
-    private UserVm createKubernetesControlNode(final Network network, String serverIp) throws ManagementServerException,
+    private UserVm createKubernetesControlNode(final Network network, String serverIp, Long domainId, Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm controlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
@@ -225,18 +227,21 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
             keypairs.add(kubernetesCluster.getKeyPair());
         }
 
+        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             controlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
             hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    requestedIps, addrs, null, null, null, customParameterMap, null, null, null,
+                    requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
             controlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    requestedIps, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
+                    requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
         }
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Created control VM ID: %s, %s in the Kubernetes cluster : %s", controlVm.getUuid(), hostName, kubernetesCluster.getName()));
@@ -276,7 +281,8 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         return k8sControlNodeConfig;
     }
 
-    private UserVm createKubernetesAdditionalControlNode(final String joinIp, final int additionalControlNodeInstance) throws ManagementServerException,
+    private UserVm createKubernetesAdditionalControlNode(final String joinIp, final int additionalControlNodeInstance,
+                                                         final Long domainId, final Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm additionalControlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
@@ -307,18 +313,21 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
             keypairs.add(kubernetesCluster.getKeyPair());
         }
 
+        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
         if (zone.isSecurityGroupEnabled()) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             additionalControlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    null, addrs, null, null, null, customParameterMap, null, null, null,
+                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
             additionalControlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    null, addrs, null, null, null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
+                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
         }
 
         if (logger.isInfoEnabled()) {
@@ -327,15 +336,16 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
         return additionalControlVm;
     }
 
-    private UserVm provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress) throws
+    private UserVm provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress,
+                                                       final Long domainId, final Long accountId) throws
             ManagementServerException, InsufficientCapacityException, ResourceUnavailableException {
         UserVm k8sControlVM = null;
-        k8sControlVM = createKubernetesControlNode(network, publicIpAddress);
+        k8sControlVM = createKubernetesControlNode(network, publicIpAddress, domainId, accountId);
         addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false, false);
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
         }
-        startKubernetesVM(k8sControlVM);
+        startKubernetesVM(k8sControlVM, domainId, accountId);
         k8sControlVM = userVmDao.findById(k8sControlVM.getId());
         if (k8sControlVM == null) {
             throw new ManagementServerException(String.format("Failed to provision control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -346,18 +356,18 @@ private UserVm provisionKubernetesClusterControlVm(final Network network, final
         return k8sControlVM;
     }
 
-    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String publicIpAddress) throws
+    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String publicIpAddress, final Long domainId, final Long accountId) throws
             InsufficientCapacityException, ManagementServerException, ResourceUnavailableException {
         List<UserVm> additionalControlVms = new ArrayList<>();
         if (kubernetesCluster.getControlNodeCount() > 1) {
             for (int i = 1; i < kubernetesCluster.getControlNodeCount(); i++) {
                 UserVm vm = null;
-                vm = createKubernetesAdditionalControlNode(publicIpAddress, i);
+                vm = createKubernetesAdditionalControlNode(publicIpAddress, i, domainId, accountId);
                 addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false, false);
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
-                startKubernetesVM(vm);
+                startKubernetesVM(vm, domainId, accountId);
                 vm = userVmDao.findById(vm.getId());
                 if (vm == null) {
                     throw new ManagementServerException(String.format("Failed to provision additional control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -418,7 +428,7 @@ protected void setupKubernetesClusterNetworkRules(Network network, List<UserVm>
         setupKubernetesClusterIsolatedNetworkRules(publicIp, network, clusterVMIds, true);
     }
 
-    private void startKubernetesClusterVMs() {
+    private void startKubernetesClusterVMs(Long domainId, Long accountId) {
         List <UserVm> clusterVms = getKubernetesClusterVMs();
         for (final UserVm vm : clusterVms) {
             if (vm == null) {
@@ -426,7 +436,7 @@ private void startKubernetesClusterVMs() {
             }
             try {
                 resizeNodeVolume(vm);
-                startKubernetesVM(vm);
+                startKubernetesVM(vm, domainId, accountId);
             } catch (ManagementServerException ex) {
                 logger.warn(String.format("Failed to start VM : %s in Kubernetes cluster : %s due to ", vm.getDisplayName(), kubernetesCluster.getName()) + ex);
                 // don't bail out here. proceed further to stop the reset of the VM's
@@ -480,7 +490,7 @@ private void updateKubernetesClusterEntryEndpoint() {
         kubernetesClusterDao.update(kubernetesCluster.getId(), kubernetesClusterVO);
     }
 
-    public boolean startKubernetesClusterOnCreate() {
+    public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) {
         init();
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Starting Kubernetes cluster : %s", kubernetesCluster.getName()));
@@ -489,7 +499,7 @@ public boolean startKubernetesClusterOnCreate() {
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.StartRequested);
         DeployDestination dest = null;
         try {
-            dest = plan();
+            dest = plan(domainId, accountId);
         } catch (InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
@@ -519,7 +529,7 @@ public boolean startKubernetesClusterOnCreate() {
         List<UserVm> clusterVMs = new ArrayList<>();
         UserVm k8sControlVM = null;
         try {
-            k8sControlVM = provisionKubernetesClusterControlVm(network, publicIpAddress);
+            k8sControlVM = provisionKubernetesClusterControlVm(network, publicIpAddress, domainId, accountId);
         } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the control VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
@@ -532,13 +542,13 @@ public boolean startKubernetesClusterOnCreate() {
             }
         }
         try {
-            List<UserVm> additionalControlVMs = provisionKubernetesClusterAdditionalControlVms(publicIpAddress);
+            List<UserVm> additionalControlVMs = provisionKubernetesClusterAdditionalControlVms(publicIpAddress, domainId, accountId);
             clusterVMs.addAll(additionalControlVMs);
         }  catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning additional control VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
         try {
-            List<UserVm> nodeVMs = provisionKubernetesClusterNodeVms(kubernetesCluster.getNodeCount(), publicIpAddress);
+            List<UserVm> nodeVMs = provisionKubernetesClusterNodeVms(kubernetesCluster.getNodeCount(), publicIpAddress, domainId, accountId);
             clusterVMs.addAll(nodeVMs);
         }  catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning node VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
@@ -590,14 +600,14 @@ public boolean startKubernetesClusterOnCreate() {
 
 
 
-    public boolean startStoppedKubernetesCluster() throws CloudRuntimeException {
+    public boolean startStoppedKubernetesCluster(Long domainId, Long accountId) throws CloudRuntimeException {
         init();
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Starting Kubernetes cluster : %s", kubernetesCluster.getName()));
         }
         final long startTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterStartTimeout.value() * 1000;
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.StartRequested);
-        startKubernetesClusterVMs();
+        startKubernetesClusterVMs(domainId, accountId);
         try {
             InetAddress address = InetAddress.getByName(new URL(kubernetesCluster.getEndpoint()).getHost());
         } catch (MalformedURLException | UnknownHostException ex) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 08097fa53616..56e130fd25a5 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -112,7 +112,8 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class,
-            description = "an optional domainId for the virtual machine. If the account parameter is used, domainId must also be used.")
+            description = "an optional domainId for the virtual machine. If the account parameter is used, domainId must also be used. " +
+                    "Hosts dedicated to the specified domain will be used for deploying the cluster")
     private Long domainId;
 
     @ACL(accessType = AccessType.UseEntry)
@@ -321,7 +322,7 @@ public ApiCommandResourceType getApiResourceType() {
     public void execute() {
         try {
             if (KubernetesCluster.ClusterType.valueOf(getClusterType()) == KubernetesCluster.ClusterType.CloudManaged
-                    && !kubernetesClusterService.startKubernetesCluster(getEntityId(), true)) {
+                    && !kubernetesClusterService.startKubernetesCluster(getEntityId(), getDomainId(), getAccountName(), true)) {
                 throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to start Kubernetes cluster");
             }
             KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getEntityId());
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
index bb0111af2328..9c83c3c83e04 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
@@ -18,6 +18,7 @@
 
 import javax.inject.Inject;
 
+import com.cloud.user.Account;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -108,7 +109,8 @@ public KubernetesCluster validateRequest() {
     public void execute() throws ServerApiException, ConcurrentOperationException {
         final KubernetesCluster kubernetesCluster = validateRequest();
         try {
-            if (!kubernetesClusterService.startKubernetesCluster(kubernetesCluster.getId(), false)) {
+            Account account = _accountService.getAccount(kubernetesCluster.getAccountId());
+            if (!kubernetesClusterService.startKubernetesCluster(kubernetesCluster.getId(), kubernetesCluster.getDomainId(), account.getAccountName(), false)) {
                 throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, String.format("Failed to start Kubernetes cluster ID: %d", getId()));
             }
             final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(kubernetesCluster.getId());

From 1e40aed085eb05f675b546f84c3d787e6b553121 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 2 May 2024 15:54:09 -0400
Subject: [PATCH 12/88] Support unstacked ETCD

---------

Co-authored-by: nvazquez <nicovazquez90@gmail.com>
---
 .../apache/cloudstack/api/ApiConstants.java   |   2 +
 .../response/KubernetesUserVmResponse.java    |  10 +-
 .../cluster/KubernetesClusterManagerImpl.java |  31 ++-
 .../cluster/KubernetesClusterService.java     |  11 +-
 .../KubernetesClusterActionWorker.java        |  26 +-
 .../KubernetesClusterAddWorker.java           |   2 +-
 ...esClusterResourceModifierActionWorker.java |  17 +-
 .../KubernetesClusterStartWorker.java         | 245 +++++++++++++++++-
 .../cluster/utils/KubernetesClusterUtil.java  |   4 +-
 .../cluster/CreateKubernetesClusterCmd.java   |   5 +-
 .../cluster/StartKubernetesClusterCmd.java    |   6 +-
 .../response/KubernetesClusterResponse.java   |  21 +-
 .../src/main/resources/conf/etcd-node.yml     | 134 ++++++++++
 .../main/resources/conf/k8s-control-node.yml  |  34 ++-
 .../util/create-kubernetes-binaries-iso.sh    |  12 +-
 ui/public/locales/en.json                     |   1 +
 ui/src/components/view/InfoCard.vue           |  18 ++
 ui/src/views/compute/KubernetesServiceTab.vue |  19 +-
 18 files changed, 551 insertions(+), 47 deletions(-)
 create mode 100644 plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml

diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index c31160ead844..4da80278f543 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -120,6 +120,7 @@ public class ApiConstants {
     public static final String ENCRYPT_FORMAT = "encryptformat";
     public static final String ENCRYPT_ROOT = "encryptroot";
     public static final String ENCRYPTION_SUPPORTED = "encryptionsupported";
+    public static final String ETCD_IPS = "etcdips";
     public static final String MIN_IOPS = "miniops";
     public static final String MAX_IOPS = "maxiops";
     public static final String HYPERVISOR_SNAPSHOT_RESERVE = "hypervisorsnapshotreserve";
@@ -1055,6 +1056,7 @@ public class ApiConstants {
     public static final String ETCD_NODES = "etcdnodes";
     public static final String EXTERNAL_NODES = "externalnodes";
     public static final String IS_EXTERNAL_NODE = "isexternalnode";
+    public static final String IS_ETCD_NODE = "isetcdnode";
     public static final String MIN_SEMANTIC_VERSION = "minimumsemanticversion";
     public static final String MIN_KUBERNETES_VERSION_ID = "minimumkubernetesversionid";
     public static final String NODE_ROOT_DISK_SIZE = "noderootdisksize";
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
index 2285547ab773..a25d25d650f0 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
@@ -30,11 +30,15 @@ public class KubernetesUserVmResponse extends UserVmResponse {
     @Param(description = "If the VM is an externally added node")
     private boolean isExternalNode;
 
-    public boolean isExternalNode() {
-        return isExternalNode;
-    }
+    @SerializedName(ApiConstants.IS_ETCD_NODE)
+    @Param(description = "If the VM is an etcd node")
+    private boolean isEtcdNode;
 
     public void setExternalNode(boolean externalNode) {
         isExternalNode = externalNode;
     }
+
+    public void setEtcdNode(boolean etcdNode) {
+        isEtcdNode = etcdNode;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 1272eb9e27c3..8e2b72529df1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -42,18 +42,23 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
 import com.cloud.dc.DedicatedResourceVO;
 import com.cloud.dc.dao.DedicatedResourceDao;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.host.Host;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterRemoveWorker;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.element.NsxProviderVO;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterAddWorker;
+import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.template.TemplateApiService;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
@@ -304,6 +309,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     private UserVmService userVmService;
     @Inject
     private TemplateApiService templateService;
+    @Inject
+    private PortForwardingRulesDao pfRuleDao;
 
     private void logMessage(final Level logLevel, final String message, final Exception e) {
         if (logLevel == Level.WARN) {
@@ -745,10 +752,23 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
                         throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to generate zone metrics response");
                     }
                     kubernetesUserVmResponse.setExternalNode(vmMapVO.isExternalNode());
+                    kubernetesUserVmResponse.setEtcdNode(vmMapVO.isEtcdNode());
                     vmResponses.add(kubernetesUserVmResponse);
                 }
             }
-            response.setExternalNodes(vmList.stream().filter(KubernetesClusterVmMapVO::isEtcdNode).count());
+            List<Long> etcdNodeIds = vmList.stream().filter(KubernetesClusterVmMapVO::isEtcdNode).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            List<Long> etcdIpIds = new ArrayList<>();
+            Map<String, String> etcdIps = new HashMap<>();
+            int etcdNodeSshPort = KubernetesClusterService.KubernetesEtcdNodeStartPort.value();
+            etcdNodeIds.forEach(id -> {
+               etcdIpIds.addAll(pfRuleDao.listByVm(id).stream().filter(rule -> rule.getSourcePortStart() == etcdNodeSshPort)
+                       .map(PortForwardingRuleVO::getSourceIpAddressId).collect(Collectors.toList()));
+            });
+            etcdIpIds.forEach(id -> {
+                IPAddressVO ipAddress = ipAddressDao.findById(id);
+                etcdIps.put(ipAddress.getUuid(), ipAddress.getAddress().addr());
+            });
+            response.setEtcdIps(etcdIps);
         }
         response.setHasAnnotation(annotationDao.hasAnnotations(kubernetesCluster.getUuid(),
                 AnnotationService.EntityType.KUBERNETES_CLUSTER.name(), accountService.isRootAdmin(caller.getId())));
@@ -758,6 +778,9 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
         response.setMaxSize(kubernetesCluster.getMaxSize());
         response.setClusterType(kubernetesCluster.getClusterType());
         response.setCreated(kubernetesCluster.getCreated());
+
+
+
         return response;
     }
 
@@ -1554,7 +1577,8 @@ private SecurityGroup getOrCreateSecurityGroupForAccount(Account owner) {
      */
 
     @Override
-    public boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate) throws CloudRuntimeException {
+    public boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate)
+            throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException {
         if (!KubernetesServiceEnabled.value()) {
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
@@ -2361,7 +2385,8 @@ public ConfigKey<?>[] getConfigKeys() {
             KubernetesControlNodeInstallAttemptWait,
             KubernetesControlNodeInstallReattempts,
             KubernetesWorkerNodeInstallAttemptWait,
-            KubernetesWorkerNodeInstallReattempts
+            KubernetesWorkerNodeInstallReattempts,
+            KubernetesEtcdNodeStartPort
         };
     }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index e6b35f29da8a..23be9edb58a9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -16,6 +16,9 @@
 // under the License.
 package com.cloud.kubernetes.cluster;
 
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.ResourceUnavailableException;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddNodesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddVirtualMachinesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd;
@@ -129,6 +132,12 @@ public interface KubernetesClusterService extends PluggableService, Configurable
             "Number of times the offline installation of K8S will be re-attempted",
             true,
             KubernetesServiceEnabled.key());
+    static final ConfigKey<Integer> KubernetesEtcdNodeStartPort = new ConfigKey<Integer>("Advanced", Integer.class,
+            "cloud.kubernetes.etcd.node.start.port",
+            "50000",
+            "Start port for Port forwarding rules for etcd nodes",
+            true,
+            KubernetesServiceEnabled.key());
 
     KubernetesCluster findById(final Long id);
 
@@ -136,7 +145,7 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
-    boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate) throws CloudRuntimeException;
+    boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, boolean onCreate) throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException;
 
     boolean stopKubernetesCluster(StopKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 095ec66aba17..b916e22bde4f 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -133,6 +133,8 @@ public class KubernetesClusterActionWorker {
     public static final int CLUSTER_API_PORT = 6443;
     public static final int DEFAULT_SSH_PORT = 22;
     public static final int CLUSTER_NODES_DEFAULT_START_SSH_PORT = 2222;
+    public static final int ETCD_NODE_CLIENT_REQUEST_PORT = 2379;
+    public static final int ETCD_NODE_PEER_COMM_PORT = 2380;
     public static final int CLUSTER_NODES_DEFAULT_SSH_PORT_SG = DEFAULT_SSH_PORT;
 
     public static final String CKS_CLUSTER_SECURITY_GROUP_NAME = "CKSSecurityGroup";
@@ -358,14 +360,16 @@ protected File getManagementServerSshPublicKeyFile() {
         return new File(keyFile);
     }
 
-    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId, boolean isControlNode,
-                                                              boolean isExternalNode, boolean markForManualUpgrade) {
+    protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId,
+                                                              boolean isControlNode, boolean isExternalNode,
+                                                              boolean isEtcdNode,  boolean markForManualUpgrade) {
         return Transaction.execute(new TransactionCallback<KubernetesClusterVmMapVO>() {
             @Override
             public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
                 KubernetesClusterVmMapVO newClusterVmMap = new KubernetesClusterVmMapVO(kubernetesClusterId, vmId, isControlNode);
                 newClusterVmMap.setExternalNode(isExternalNode);
                 newClusterVmMap.setManualUpgrade(markForManualUpgrade);
+                newClusterVmMap.setEtcdNode(isEtcdNode);
                 kubernetesClusterVmMapDao.persist(newClusterVmMap);
                 return newClusterVmMap;
             }
@@ -436,7 +440,7 @@ protected IpAddress getPublicIp(Network network) throws ManagementServerExceptio
         return publicIp;
     }
 
-    protected IpAddress acquireVpcTierKubernetesPublicIp(Network network) throws
+    protected IpAddress acquireVpcTierKubernetesPublicIp(Network network, boolean forEtcd) throws
             InsufficientAddressCapacityException, ResourceAllocationException, ResourceUnavailableException {
         IpAddress ip = networkService.allocateIP(owner, kubernetesCluster.getZoneId(), network.getId(), null, null);
         if (ip == null) {
@@ -444,7 +448,19 @@ protected IpAddress acquireVpcTierKubernetesPublicIp(Network network) throws
         }
         ip = vpcService.associateIPToVpc(ip.getId(), network.getVpcId());
         ip = ipAddressManager.associateIPToGuestNetwork(ip.getId(), network.getId(), false);
-        kubernetesClusterDetailsDao.addDetail(kubernetesCluster.getId(), ApiConstants.PUBLIC_IP_ID, ip.getUuid(), false);
+        if (!forEtcd) {
+            kubernetesClusterDetailsDao.addDetail(kubernetesCluster.getId(), ApiConstants.PUBLIC_IP_ID, ip.getUuid(), false);
+        }
+        return ip;
+    }
+
+    protected IpAddress acquirePublicIpForIsolatedNetwork(Network network) throws
+            InsufficientAddressCapacityException, ResourceAllocationException, ResourceUnavailableException {
+        IpAddress ip = networkService.allocateIP(owner, kubernetesCluster.getZoneId(), network.getId(), null, null);
+        if (ip == null) {
+            return null;
+        }
+        ip = networkService.associateIPToNetwork(ip.getId(), network.getId());
         return ip;
     }
 
@@ -476,7 +492,7 @@ protected Pair<String, Integer> getKubernetesClusterServerIpSshPortForVpcTier(Ne
             return new Pair<>(address.getAddress().addr(), port);
         }
         if (acquireNewPublicIpForVpcTierIfNeeded) {
-            address = acquireVpcTierKubernetesPublicIp(network);
+            address = acquireVpcTierKubernetesPublicIp(network, false);
             if (address != null) {
                 return new Pair<>(address.getAddress().addr(), port);
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 8abfc66e23ef..df63c5a1bb09 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -264,7 +264,7 @@ private void updateKubernetesCluster(long clusterId, Ternary<Integer, Long, Long
         kubernetesClusterDao.update(clusterId, kubernetesClusterVO);
         kubernetesCluster = kubernetesClusterVO;
 
-        finalNodeIds.forEach(id -> addKubernetesClusterVm(clusterId, id, false, true, manualUpgrade));
+        finalNodeIds.forEach(id -> addKubernetesClusterVm(clusterId, id, false, true, false, manualUpgrade));
     }
 
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 37d280510d10..94e8fedce022 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -335,7 +335,7 @@ protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, f
         List<UserVm> nodes = new ArrayList<>();
         for (int i = offset + 1; i <= nodeCount; i++) {
             UserVm vm = createKubernetesNode(publicIpAddress, domainId, accountId);
-            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, false);
+            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, false, false);
             if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                 resizeNodeVolume(vm);
             }
@@ -778,6 +778,21 @@ protected String getKubernetesClusterNodeNamePrefix() {
         return prefix;
     }
 
+    protected String getEtcdNodeNameForCluster() {
+        String prefix = kubernetesCluster.getName();
+        if (!NetUtils.verifyDomainNameLabel(prefix, true)) {
+            prefix = prefix.replaceAll("[^a-zA-Z0-9-]", "");
+            if (prefix.isEmpty()) {
+                prefix = kubernetesCluster.getUuid();
+            }
+        }
+        prefix = "etcd-" + prefix;
+        if (prefix.length() > 40) {
+            prefix = prefix.substring(0, 40);
+        }
+        return prefix;
+    }
+
     protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, final Long memory, final Long size,
                                                                final Long serviceOfferingId, final Boolean autoscaleEnabled,
                                                                final Long minSize, final Long maxSize,
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index cfe6657f1e8f..d5a580e05d01 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -31,6 +31,8 @@
 import java.util.Objects;
 import java.util.stream.Collectors;
 
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.utils.Ternary;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.framework.ca.Certificate;
@@ -78,6 +80,7 @@
 import org.apache.logging.log4j.Level;
 
 import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType.ETCD;
 
 public class KubernetesClusterStartWorker extends KubernetesClusterResourceModifierActionWorker {
 
@@ -133,7 +136,7 @@ private boolean isKubernetesVersionSupportsHA() {
     }
 
     private String getKubernetesControlNodeConfig(final String controlNodeIp, final String serverIp,
-                                                  final String hostName, final boolean haSupported,
+                                                  final List<Network.IpAddresses> etcdIps, final String hostName, final boolean haSupported,
                                                   final boolean ejectIso) throws IOException {
         String k8sControlNodeConfig = readResourceFile("/conf/k8s-control-node.yml");
         final String apiServerCert = "{{ k8s_control_node.apiserver.crt }}";
@@ -145,12 +148,20 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
         final String installWaitTime = "{{ k8s.install.wait.time }}";
         final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+        final String externalEtcdNodes = "{{ etcd.unstacked_etcd }}";
+        final String etcdEndpointList = "{{ etcd.etcd_endpoint_list }}";
+        final String k8sServerIp = "{{ k8s_control.server_ip }}";
+        final String k8sApiPort = "{{ k8s.api_server_port }}";
+        final String certSans = "{{ k8s_control.server_ips }}";
+        final String k8sCertificate = "{{ k8s_control.certificate_key }}";
 
         final List<String> addresses = new ArrayList<>();
         addresses.add(controlNodeIp);
         if (!serverIp.equals(controlNodeIp)) {
             addresses.add(serverIp);
         }
+
+        boolean externalEtcd = !etcdIps.isEmpty();
         final Certificate certificate = caManager.issueCertificate(null, Arrays.asList(hostName, "kubernetes",
                 "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local"),
                 addresses, 3650, null);
@@ -159,6 +170,8 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         final String tlsCaCert = CertUtils.x509CertificatesToPem(certificate.getCaCertificates());
         final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
         final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
+        String endpointList = getEtcdEndpointList(etcdIps);
+
         k8sControlNodeConfig = k8sControlNodeConfig.replace(apiServerCert, tlsClientCert.replace("\n", "\n      "));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(apiServerKey, tlsPrivateKey.replace("\n", "\n      "));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(caCert, tlsCaCert.replace("\n", "\n      "));
@@ -174,6 +187,7 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         k8sControlNodeConfig = k8sControlNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(sshPubKey, pubKey);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterToken, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(externalEtcdNodes, String.valueOf(externalEtcd));
         String initArgs = "";
         if (haSupported) {
             initArgs = String.format("--control-plane-endpoint %s:%d --upload-certs --certificate-key %s ",
@@ -185,12 +199,18 @@ private String getKubernetesControlNodeConfig(final String controlNodeIp, final
         initArgs += String.format(" --kubernetes-version=%s", getKubernetesClusterVersion().getSemanticVersion());
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterInitArgsKey, initArgs);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(etcdEndpointList, endpointList);
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sServerIp, serverIp);
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sApiPort, String.valueOf(CLUSTER_API_PORT));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(certSans, String.format("- %s", serverIp));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sCertificate, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
+
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
         return k8sControlNodeConfig;
     }
 
-    private UserVm createKubernetesControlNode(final Network network, String serverIp, Long domainId, Long accountId) throws ManagementServerException,
+    private UserVm createKubernetesControlNode(final Network network, String serverIp, List<Network.IpAddresses> etcdIps, Long domainId, Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm controlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
@@ -217,7 +237,7 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
         boolean haSupported = isKubernetesVersionSupportsHA();
         String k8sControlNodeConfig = null;
         try {
-            k8sControlNodeConfig = getKubernetesControlNodeConfig(controlNodeIp, serverIp, hostName, haSupported, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            k8sControlNodeConfig = getKubernetesControlNodeConfig(controlNodeIp, serverIp, etcdIps, hostName, haSupported, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
         } catch (IOException e) {
             logAndThrow(Level.ERROR, "Failed to read Kubernetes control node configuration file", e);
         }
@@ -281,6 +301,78 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         return k8sControlNodeConfig;
     }
 
+    private String getInitialEtcdClusterDetails(List<String> ipAddresses, List<String> hostnames) {
+        String initialCluster = "%s=http://%s:2380";
+        StringBuilder clusterInfo = new StringBuilder();
+            for (int i = 0; i < ipAddresses.size(); i++) {
+                clusterInfo.append(String.format(initialCluster, hostnames.get(i), ipAddresses.get(i)));
+                if (i < ipAddresses.size()-1) {
+                    clusterInfo.append(",");
+                }
+            }
+            return clusterInfo.toString();
+    }
+
+    /**
+     *
+     * @param ipAddresses list of etcd node guest IPs
+     * @return a formatted list of etcd endpoints adhering to YAML syntax
+     */
+    private String getEtcdEndpointList(List<Network.IpAddresses> ipAddresses) {
+        StringBuilder endpoints = new StringBuilder();
+        for (int i = 0; i < ipAddresses.size(); i++) {
+            endpoints.append(String.format("- http://%s:2379", ipAddresses.get(i).getIp4Address()));
+            if (i < ipAddresses.size()-1) {
+                endpoints.append("\n          ");
+            }
+        }
+        return endpoints.toString();
+    }
+
+
+    private List<String> getEtcdNodeHostnames() {
+        List<String> hostnames = new ArrayList<>();
+        for (int etcdNodeIndex = 0; etcdNodeIndex <= kubernetesCluster.getEtcdNodeCount(); etcdNodeIndex++) {
+            String suffix = Long.toHexString(System.currentTimeMillis());
+            hostnames.add(String.format("%s-%s-%s", getEtcdNodeNameForCluster(), etcdNodeIndex, suffix));
+        }
+        return hostnames;
+    }
+
+    private String getEtcdNodeConfig(final List<String> ipAddresses, final List<String> hostnames, final int etcdNodeIndex,
+                                     final boolean ejectIso) throws IOException {
+        String k8sEtcdNodeConfig = readResourceFile("/conf/etcd-node.yml");
+        final String sshPubKey = "{{ k8s.ssh.pub.key }}";
+        final String ejectIsoKey = "{{ k8s.eject.iso }}";
+        final String installWaitTime = "{{ k8s.install.wait.time }}";
+        final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+        final String etcdNodeName = "{{ etcd.node_name }}";
+        final String etcdNodeIp = "{{ etcd.node_ip }}";
+        final String etcdInitialClusterNodes = "{{ etcd.initial_cluster_nodes }}";
+
+        final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
+        final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
+        String pubKey = "- \"" + configurationDao.getValue("ssh.publickey") + "\"";
+        String sshKeyPair = kubernetesCluster.getKeyPair();
+        if (StringUtils.isNotEmpty(sshKeyPair)) {
+            SSHKeyPairVO sshkp = sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), sshKeyPair);
+            if (sshkp != null) {
+                pubKey += "\n      - \"" + sshkp.getPublicKey() + "\"";
+            }
+        }
+        String initialClusterDetails = getInitialEtcdClusterDetails(ipAddresses, hostnames);
+
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(installWaitTime, String.valueOf(waitTime));
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(installReattemptsCount, String.valueOf(reattempts));
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(sshPubKey, pubKey);
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(etcdNodeName, hostnames.get(etcdNodeIndex));
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(etcdNodeIp, ipAddresses.get(etcdNodeIndex));
+        k8sEtcdNodeConfig = k8sEtcdNodeConfig.replace(etcdInitialClusterNodes, initialClusterDetails);
+
+        return k8sEtcdNodeConfig;
+    }
+
     private UserVm createKubernetesAdditionalControlNode(final String joinIp, final int additionalControlNodeInstance,
                                                          final Long domainId, final Long accountId) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
@@ -336,12 +428,56 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
         return additionalControlVm;
     }
 
-    private UserVm provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress,
+    private UserVm createEtcdNode(List<Network.IpAddresses> requestedIps, List<String> etcdNodeHostnames, int etcdNodeIndex, Long domainId, Long accountId) throws ResourceUnavailableException, InsufficientCapacityException, ResourceAllocationException {
+        UserVm etcdNode = null;
+        DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
+        ServiceOffering serviceOffering = getServiceOfferingForNodeTypeOnCluster(ETCD, kubernetesCluster);
+        List<Long> networkIds = Collections.singletonList(kubernetesCluster.getNetworkId());
+        Network.IpAddresses addrs = new Network.IpAddresses(null, null);
+        List<String> guestIps = requestedIps.stream().map(Network.IpAddresses::getIp4Address).collect(Collectors.toList());
+        String k8sControlNodeConfig = null;
+        try {
+            k8sControlNodeConfig = getEtcdNodeConfig(guestIps, etcdNodeHostnames, etcdNodeIndex, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+        } catch (IOException e) {
+            logAndThrow(Level.ERROR, "Failed to read Kubernetes control configuration file", e);
+        }
+
+        String base64UserData = Base64.encodeBase64String(k8sControlNodeConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+        List<String> keypairs = new ArrayList<String>();
+        if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
+            keypairs.add(kubernetesCluster.getKeyPair());
+        }
+        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        String hostName = etcdNodeHostnames.get(etcdNodeIndex);
+        Map<String, String> customParameterMap = new HashMap<String, String>();
+        if (zone.isSecurityGroupEnabled()) {
+            List<Long> securityGroupIds = new ArrayList<>();
+            securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
+            etcdNode = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, etcdTemplate, networkIds, securityGroupIds, owner,
+                    hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
+                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
+                    null, true, null, null);
+        } else {
+            etcdNode = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, etcdTemplate, networkIds, owner,
+                    hostName, hostName, null, null, null,
+                    Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
+                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, Objects.nonNull(affinityGroupId) ?
+                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
+        }
+
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info(String.format("Created control VM ID : %s, %s in the Kubernetes cluster : %s", etcdNode.getUuid(), hostName, kubernetesCluster.getName()));
+        }
+        return etcdNode;
+    }
+
+    private UserVm provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress, final List<Network.IpAddresses> etcdIps,
                                                        final Long domainId, final Long accountId) throws
             ManagementServerException, InsufficientCapacityException, ResourceUnavailableException {
         UserVm k8sControlVM = null;
-        k8sControlVM = createKubernetesControlNode(network, publicIpAddress, domainId, accountId);
-        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false, false);
+        k8sControlVM = createKubernetesControlNode(network, publicIpAddress, etcdIps, domainId, accountId);
+        addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false, false, false);
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
         }
@@ -356,14 +492,15 @@ private UserVm provisionKubernetesClusterControlVm(final Network network, final
         return k8sControlVM;
     }
 
-    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String publicIpAddress, final Long domainId, final Long accountId) throws
+    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String publicIpAddress, final Long domainId,
+                                                                        final Long accountId) throws
             InsufficientCapacityException, ManagementServerException, ResourceUnavailableException {
         List<UserVm> additionalControlVms = new ArrayList<>();
         if (kubernetesCluster.getControlNodeCount() > 1) {
             for (int i = 1; i < kubernetesCluster.getControlNodeCount(); i++) {
                 UserVm vm = null;
                 vm = createKubernetesAdditionalControlNode(publicIpAddress, i, domainId, accountId);
-                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false, false);
+                addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false, false, false);
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
@@ -381,6 +518,55 @@ private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String
         return additionalControlVms;
     }
 
+    private Ternary<List<UserVm>, List<Network.IpAddresses>, List<IpAddress>> provisionEtcdCluster(final Network network, final Long domainId, final Long accountId)
+            throws InsufficientCapacityException, ResourceUnavailableException, ManagementServerException {
+        List<UserVm> etcdNodeVms = new ArrayList<>();
+        List<IpAddress> etcdNodeIps = getEtcdNodePublicIpAddresses(network, kubernetesCluster.getEtcdNodeCount());
+        List<Network.IpAddresses>  etcdNodeGuestIps = getEtcdNodeGuestIps(network, kubernetesCluster.getEtcdNodeCount());
+        List<String> etcdHostnames = getEtcdNodeHostnames();
+        for (int i = 0; i < kubernetesCluster.getEtcdNodeCount(); i++) {
+            IpAddress ip = etcdNodeIps.get(i);
+            if (Objects.isNull(ip)) {
+                String errMsg = String.format("No public IP found for the network: %s, to create Etcd node for " +
+                        "Kubernetes cluster: %s", network, kubernetesCluster.getName());
+                LOGGER.error(errMsg);
+                logAndThrow(Level.ERROR, errMsg);
+            }
+            UserVm vm = createEtcdNode(etcdNodeGuestIps, etcdHostnames, i, domainId, accountId);
+            addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, true, true);
+            startKubernetesVM(vm, domainId, accountId);
+            vm = userVmDao.findById(vm.getId());
+            if (vm == null) {
+                throw new ManagementServerException(String.format("Failed to provision additional control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
+            }
+            etcdNodeVms.add(vm);
+            if (LOGGER.isInfoEnabled()) {
+                LOGGER.info(String.format("Provisioned additional control VM : %s in to the Kubernetes cluster : %s", vm.getDisplayName(), kubernetesCluster.getName()));
+            }
+        }
+        return new Ternary<>(etcdNodeVms, etcdNodeGuestIps, etcdNodeIps);
+    }
+
+    private List<IpAddress> getEtcdNodePublicIpAddresses(final Network network, final long etcdNodeCount) throws InsufficientAddressCapacityException, ResourceUnavailableException, ResourceAllocationException {
+        List<IpAddress> ipAddresses = new ArrayList<>();
+        for (int i = 1; i <= etcdNodeCount; i++) {
+            if (network.getVpcId() == null) {
+                ipAddresses.add(acquirePublicIpForIsolatedNetwork(network));
+            } else {
+                ipAddresses.add(acquireVpcTierKubernetesPublicIp(network, true));
+            }
+        }
+        return ipAddresses;
+    }
+
+    private List<Network.IpAddresses> getEtcdNodeGuestIps(final Network network, final long etcdNodeCount) {
+       List<Network.IpAddresses> guestIps = new ArrayList<>();
+        for (int i = 1; i <= etcdNodeCount; i++) {
+            guestIps.add(new Network.IpAddresses(ipAddressManager.acquireGuestIpAddress(network, null), null));
+        }
+        return guestIps;
+    }
+
     private Network startKubernetesClusterNetwork(final DeployDestination destination) throws ManagementServerException {
         final ReservationContext context = new ReservationContextImpl(null, null, null, owner);
         Network network = networkDao.findById(kubernetesCluster.getNetworkId());
@@ -428,6 +614,29 @@ protected void setupKubernetesClusterNetworkRules(Network network, List<UserVm>
         setupKubernetesClusterIsolatedNetworkRules(publicIp, network, clusterVMIds, true);
     }
 
+    protected void setupKubernetesEtcdNetworkRules(List<IpAddress> etcdNodeIps, List<UserVm> etcdVms, Network network) throws ManagementServerException, ResourceUnavailableException {
+        if (!Network.GuestType.Isolated.equals(network.getGuestType())) {
+            if (LOGGER.isDebugEnabled()) {
+                LOGGER.debug(String.format("Network : %s for Kubernetes cluster : %s is not an isolated network, therefore, no need for network rules", network.getName(), kubernetesCluster.getName()));
+            }
+        }
+        List<Long> etcdVmIds = etcdVms.stream().map(UserVm::getId).collect(Collectors.toList());
+        Integer startPort = KubernetesClusterService.KubernetesEtcdNodeStartPort.value();
+        for (int i = 0; i < etcdVmIds.size(); i++) {
+            IpAddress publicIp = etcdNodeIps.get(i);
+            try {
+                provisionFirewallRules(publicIp, owner, startPort, startPort);
+                provisionFirewallRules(publicIp, owner, ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_PEER_COMM_PORT);
+            } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException |
+                     NetworkRuleConflictException e) {
+                throw new ManagementServerException(String.format("Failed to provision firewall rules for etcd nodes for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
+            }
+            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), startPort, DEFAULT_SSH_PORT);
+            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_CLIENT_REQUEST_PORT);
+            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), ETCD_NODE_PEER_COMM_PORT, ETCD_NODE_PEER_COMM_PORT);
+        }
+    }
+
     private void startKubernetesClusterVMs(Long domainId, Long accountId) {
         List <UserVm> clusterVms = getKubernetesClusterVMs();
         for (final UserVm vm : clusterVms) {
@@ -490,7 +699,7 @@ private void updateKubernetesClusterEntryEndpoint() {
         kubernetesClusterDao.update(kubernetesCluster.getId(), kubernetesClusterVO);
     }
 
-    public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) {
+    public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) throws ManagementServerException, ResourceUnavailableException, InsufficientCapacityException {
         init();
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Starting Kubernetes cluster : %s", kubernetesCluster.getName()));
@@ -526,10 +735,20 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) {
             launchPermissionDao.persist(launchPermission);
         }
 
+        List<UserVm> etcdVms = new ArrayList<>();
+        List<Network.IpAddresses> etcdGuestNodeIps = new ArrayList<>();
+        List<IpAddress> etcdPublicNodeIps = new ArrayList<>();
+        if (kubernetesCluster.getEtcdNodeCount() > 0) {
+            Ternary<List<UserVm>, List<Network.IpAddresses>, List<IpAddress>> etcdNodesAndIps = provisionEtcdCluster(network, domainId, accountId);
+            etcdVms = etcdNodesAndIps.first();
+            etcdGuestNodeIps = etcdNodesAndIps.second();
+            etcdPublicNodeIps = etcdNodesAndIps.third();
+        }
+
         List<UserVm> clusterVMs = new ArrayList<>();
         UserVm k8sControlVM = null;
         try {
-            k8sControlVM = provisionKubernetesClusterControlVm(network, publicIpAddress, domainId, accountId);
+            k8sControlVM = provisionKubernetesClusterControlVm(network, publicIpAddress, etcdGuestNodeIps, domainId, accountId);
         } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the control VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
@@ -561,6 +780,12 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) {
         } catch (ManagementServerException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup Kubernetes cluster : %s, unable to setup network rules", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
+        try {
+            setupKubernetesEtcdNetworkRules(etcdPublicNodeIps, etcdVms, network);
+        } catch (ManagementServerException e) {
+            logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup Kubernetes cluster : %s, unable to setup network rules for etcd nodes", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
+        }
+        attachIsoKubernetesVMs(etcdVms);
         attachIsoKubernetesVMs(clusterVMs);
         if (!KubernetesClusterUtil.isKubernetesClusterControlVmRunning(kubernetesCluster, publicIpAddress, publicIpSshPort.second(), startTimeoutTime)) {
             String msg = String.format("Failed to setup Kubernetes cluster : %s in usable state as unable to access control node VMs of the cluster", kubernetesCluster.getName());
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
index 77f785d27473..3ed8b3eb68aa 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
@@ -217,8 +217,8 @@ public static int getKubernetesClusterReadyNodesCount(final KubernetesCluster ku
                 user, sshKeyFile, null,
                 "sudo /opt/bin/kubectl get nodes | awk '{if ($2 == \"Ready\") print $1}' | wc -l",
                 10000, 10000, 20000);
-        if (result.first()) {
-            return Integer.parseInt(result.second().trim().replace("\"", ""));
+        if (Boolean.TRUE.equals(result.first())) {
+            return Integer.parseInt(result.second().trim().replace("\"", "")) + kubernetesCluster.getEtcdNodeCount().intValue();
         } else {
             if (LOGGER.isDebugEnabled()) {
                 LOGGER.debug(String.format("Failed to retrieve ready nodes for Kubernetes cluster : %s. Output: %s", kubernetesCluster.getName(), result.second()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 56e130fd25a5..f3e557579f2a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -21,7 +21,10 @@
 
 import javax.inject.Inject;
 
+import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -328,7 +331,7 @@ public void execute() {
             KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getEntityId());
             response.setResponseName(getCommandName());
             setResponseObject(response);
-        } catch (CloudRuntimeException e) {
+        } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
         }
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
index 9c83c3c83e04..f615ca4440f3 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/StartKubernetesClusterCmd.java
@@ -18,6 +18,9 @@
 
 import javax.inject.Inject;
 
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ManagementServerException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.user.Account;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
@@ -116,7 +119,8 @@ public void execute() throws ServerApiException, ConcurrentOperationException {
             final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(kubernetesCluster.getId());
             response.setResponseName(getCommandName());
             setResponseObject(response);
-        } catch (CloudRuntimeException ex) {
+        } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException |
+                 InsufficientCapacityException ex) {
             throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage());
         }
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
index 48f5bab471b9..63c7bb5b1363 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
@@ -18,6 +18,7 @@
 
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseResponseWithAnnotations;
@@ -86,10 +87,6 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "the number of the etcd nodes on the Kubernetes cluster")
     private Long etcdNodes;
 
-    @SerializedName(ApiConstants.EXTERNAL_NODES)
-    @Param(description = "the number of the externally added worker nodes to the Kubernetes cluster")
-    private Long externalNodes;
-
     @SerializedName(ApiConstants.TEMPLATE_ID)
     @Param(description = "the ID of the template of the Kubernetes cluster")
     private String templateId;
@@ -179,6 +176,10 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "Public IP Address ID of the cluster")
     private String ipAddressId;
 
+    @SerializedName(ApiConstants.ETCD_IPS)
+    @Param(description = "Public IP Addresses of the etcd nodes")
+    private Map<String, String> etcdIps;
+
     @SerializedName(ApiConstants.AUTOSCALING_ENABLED)
     @Param(description = "Whether autoscaling is enabled for the cluster")
     private boolean isAutoscalingEnabled;
@@ -447,14 +448,6 @@ public void setEtcdNodes(Long etcdNodes) {
         this.etcdNodes = etcdNodes;
     }
 
-    public Long getExternalNodes() {
-        return externalNodes;
-    }
-
-    public void setExternalNodes(Long externalNodes) {
-        this.externalNodes = externalNodes;
-    }
-
     public void setVirtualMachines(List<KubernetesUserVmResponse> virtualMachines) {
         this.virtualMachines = virtualMachines;
     }
@@ -471,6 +464,10 @@ public void setIpAddressId(String ipAddressId) {
         this.ipAddressId = ipAddressId;
     }
 
+    public void setEtcdIps(Map<String, String> etcdIps) {
+        this.etcdIps = etcdIps;
+    }
+
     public void setAutoscalingEnabled(boolean isAutoscalingEnabled) {
         this.isAutoscalingEnabled = isAutoscalingEnabled;
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
new file mode 100644
index 000000000000..e5ec6ab70a98
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
@@ -0,0 +1,134 @@
+#cloud-config
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+---
+users:
+  - name: cloud
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      {{ k8s.ssh.pub.key }}
+
+write_files:
+  - path: /opt/bin/setup-etcd-node
+    permissions: '0700'
+    owner: root:root
+    content: |
+      #!/bin/bash -e
+      
+      if [[ -f "/home/cloud/success" ]]; then
+        echo "Already provisioned!"
+        exit 0
+      fi
+      
+      ISO_MOUNT_DIR=/mnt/etcddisk
+      BINARIES_DIR=${ISO_MOUNT_DIR}/
+      ATTEMPT_ONLINE_INSTALL=false
+      setup_complete=false
+      
+      OFFLINE_INSTALL_ATTEMPT_SLEEP={{ k8s.install.wait.time }}
+      MAX_OFFLINE_INSTALL_ATTEMPTS={{ k8s.install.reattempts.count }}
+      if [[ -z $OFFLINE_INSTALL_ATTEMPT_SLEEP || $OFFLINE_INSTALL_ATTEMPT_SLEEP -eq 0 ]]; then
+        OFFLINE_INSTALL_ATTEMPT_SLEEP=15
+      fi
+      if [[ -z $MAX_OFFLINE_INSTALL_ATTEMPTS || $MAX_OFFLINE_INSTALL_ATTEMPTS -eq 0 ]]; then
+        MAX_OFFLINE_INSTALL_ATTEMPTS=100
+      fi
+      offline_attempts=1
+      MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
+      EJECT_ISO_FROM_OS={{ k8s.eject.iso }}
+      crucial_cmd_attempts=1
+      iso_drive_path=""
+      while true; do
+        if (( "$offline_attempts" > "$MAX_OFFLINE_INSTALL_ATTEMPTS" )); then
+          echo "Warning: Offline install timed out!"
+          break
+        fi
+        set +e
+        output=`blkid -o device -t TYPE=iso9660`
+        set -e
+        if [ "$output" != "" ]; then
+          while read -r line; do
+            if [ ! -d "${ISO_MOUNT_DIR}" ]; then
+              mkdir "${ISO_MOUNT_DIR}"
+            fi
+            retval=0
+            set +e
+            mount -o ro "${line}" "${ISO_MOUNT_DIR}"
+            retval=$?
+            set -e
+            if [ $retval -eq 0 ]; then
+              if [ -d "$BINARIES_DIR" ]; then
+                iso_drive_path="${line}"
+                break
+              else
+                umount "${line}" && rmdir "${ISO_MOUNT_DIR}"
+              fi
+            fi
+          done <<< "$output"
+        fi
+        if [ -d "$BINARIES_DIR" ]; then
+          break
+        fi
+        echo "Waiting for Binaries directory $BINARIES_DIR to be available, sleeping for $OFFLINE_INSTALL_ATTEMPT_SLEEP seconds, attempt: $offline_attempts"
+        sleep $OFFLINE_INSTALL_ATTEMPT_SLEEP
+        offline_attempts=$[$offline_attempts + 1]
+      done
+      
+      if [[ "$PATH" != *:/opt/bin && "$PATH" != *:/opt/bin:* ]]; then
+        export PATH=$PATH:/opt/bin
+      fi
+
+      if [ -d "$BINARIES_DIR" ]; then
+        ### Binaries available offline ###
+        echo "Installing binaries from ${BINARIES_DIR}"
+        mkdir -p /opt/bin/
+        tar -zxf ${BINARIES_DIR}/etcd/etcd-linux-amd64.tar.gz -C /opt/bin/
+        mv /opt/bin/etcd*/etcd* /opt/bin/
+        sudo rm -rf /opt/bin/etcd-*
+      fi
+
+  - path: /etc/systemd/system/etcd.service
+    permissions: '0755'
+    owner: root:root
+    content: |
+      [Unit]
+      Description=etcd
+
+      [Service]
+      Type=exec
+      ExecStart=/opt/bin/etcd \
+        --name {{ etcd.node_name }} \
+        --initial-advertise-peer-urls http://{{ etcd.node_ip }}:2380 \
+        --listen-peer-urls http://{{ etcd.node_ip }}:2380 \
+        --advertise-client-urls http://{{ etcd.node_ip }}:2379 \
+        --listen-client-urls http://{{ etcd.node_ip }}:2379,http://127.0.0.1:2379 \
+        --initial-cluster-token etcd-cluster-1 \
+        --initial-cluster {{ etcd.initial_cluster_nodes }} \
+        --initial-cluster-state new
+      Restart=on-failure
+      RestartSec=5
+
+      [Install]
+      WantedBy=multi-user.target
+
+runcmd:
+  - chown -R cloud:cloud /home/cloud/.ssh
+  - /opt/bin/setup-etcd-node
+  - systemctl daemon-reload
+  - systemctl enable --now etcd
\ No newline at end of file
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 3154fb20251c..26a09ee26ae0 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -225,6 +225,33 @@ write_files:
         done
       fi
 
+  - path: /etc/kubernetes/kubeadm-config.yaml
+    permissions: '0644'
+    owner: root:root
+    content: |
+      apiVersion: kubeadm.k8s.io/v1beta3
+      kind: ClusterConfiguration
+      apiServer:
+        certSANs:
+        {{ k8s_control.server_ips }}
+      controlPlaneEndpoint: {{ k8s_control.server_ip }}:{{ k8s.api_server_port }}
+      etcd:
+        external:
+          endpoints:
+          {{ etcd.etcd_endpoint_list }}  
+      ---
+      apiVersion: kubeadm.k8s.io/v1beta3
+      kind: InitConfiguration
+      bootstrapTokens:
+        - token: "{{ k8s_control_node.cluster.token }}"
+      nodeRegistration:
+        criSocket: /run/containerd/containerd.sock
+      localAPIEndpoint:
+        advertiseAddress: {{ k8s_control.server_ip }}
+        bindPort: {{ k8s.api_server_port }}
+      certificateKey: {{ k8s_control.certificate_key }}
+      
+
   - path: /opt/bin/deploy-kube-system
     permissions: '0700'
     owner: root:root
@@ -240,6 +267,7 @@ write_files:
         export PATH=$PATH:/opt/bin
       fi
 
+      EXTERNAL_ETCD_NODES={{ etcd.unstacked_etcd }}
       MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       crucial_cmd_attempts=1
       while true; do
@@ -249,7 +277,11 @@ write_files:
         fi
         retval=0
         set +e
-        kubeadm init --token {{ k8s_control_node.cluster.token }} --token-ttl 0 {{ k8s_control_node.cluster.initargs }} --cri-socket /run/containerd/containerd.sock
+        if [[ ${EXTERNAL_ETCD_NODES} == true ]]; then
+          kubeadm init --config /etc/kubernetes/kubeadm-config.yaml --upload-certs
+        else
+          kubeadm init --token {{ k8s_control_node.cluster.token }} --token-ttl 0 {{ k8s_control_node.cluster.initargs }} --cri-socket /run/containerd/containerd.sock
+        fi
         retval=$?
         set -e
         if [ $retval -eq 0 ]; then
diff --git a/scripts/util/create-kubernetes-binaries-iso.sh b/scripts/util/create-kubernetes-binaries-iso.sh
index d5fb014f220b..265c0ce5ce2d 100755
--- a/scripts/util/create-kubernetes-binaries-iso.sh
+++ b/scripts/util/create-kubernetes-binaries-iso.sh
@@ -19,8 +19,8 @@
 set -e
 
 if [ $# -lt 6 ]; then
-    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG BUILD_NAME"
-    echo "eg: ./create-kubernetes-binaries-iso.sh ./ 1.11.4 0.7.1 1.11.1 https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml setup-v1.11.4"
+    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG ETCD_VER BUILD_NAME"
+    echo "eg: ./create-kubernetes-binaries-iso.sh ./ 1.11.4 0.7.1 1.11.1 https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml 3.5.1 setup-v1.11.4"
     exit 1
 fi
 
@@ -31,7 +31,7 @@ start_dir="$PWD"
 iso_dir="/tmp/iso"
 working_dir="${iso_dir}/"
 mkdir -p "${working_dir}"
-build_name="${7}.iso"
+build_name="${8}.iso"
 [ -z "${build_name}" ] && build_name="setup-${RELEASE}.iso"
 
 CNI_VERSION="v${3}"
@@ -148,6 +148,12 @@ chmod ${kubeadm_file_permissions} "${working_dir}/k8s/kubeadm"
 echo "Updating imagePullPolicy to IfNotPresent in yaml files..."
 sed -i "s/imagePullPolicy:.*/imagePullPolicy: IfNotPresent/g" ${working_dir}/*.yaml
 
+# Install etcd dependencies
+etcd_dir="${working_dir}/etcd"
+mkdir -p "${etcd_dir}"
+ETCD_VER=v${7}
+wget -q --show-progress "https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz" -O ${etcd_dir}/etcd-linux-amd64.tar.gz
+
 mkisofs -o "${output_dir}/${build_name}" -J -R -l "${iso_dir}"
 
 rm -rf "${iso_dir}"
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 65b44209b382..803565313ef1 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2443,6 +2443,7 @@
 "label.quotagb": "Quota in GB",
 "label.encryption": "Encryption",
 "label.etcdnodes": "Number of etcd nodes",
+"label.etcd.ips": "etcd Node(s) IP address(es)",
 "label.versioning": "Versioning",
 "label.objectlocking": "Object Lock",
 "label.bucket.policy": "Bucket Policy",
diff --git a/ui/src/components/view/InfoCard.vue b/ui/src/components/view/InfoCard.vue
index 0bd20cd4409c..5d34fad586cd 100644
--- a/ui/src/components/view/InfoCard.vue
+++ b/ui/src/components/view/InfoCard.vue
@@ -188,6 +188,24 @@
             </span>
           </div>
         </div>
+        <div class="resource-detail-item" v-if="resource.etcdips">
+          <div class="resource-detail-item__label">{{ $t('label.etcd.ips') }}</div>
+          <div class="resource-detail-item__details resource-detail-item__details--start">
+            <div>
+              <div
+                v-for="(address, index) in resource.etcdips"
+                :key="index">
+                <environment-outlined
+                  @click="$message.success(`${$t('label.copied.clipboard')} : ${ address }`)"
+                  v-clipboard:copy="address"
+                />
+                <router-link v-if="address" :to="{ path: '/publicip/' + index }">
+                  <copy-label :label="address" />&nbsp;
+                </router-link>
+              </div>
+            </div>
+          </div>
+        </div>
         <div class="resource-detail-item" v-if="('cpunumber' in resource && 'cpuspeed' in resource) || resource.cputotal">
           <div class="resource-detail-item__label">{{ $t('label.cpu') }}</div>
           <div class="resource-detail-item__details">
diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index 4f0966343404..15bcb8ba2ccb 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -114,7 +114,8 @@
               <status :text="text ? text : ''" displayText />
             </template>
             <template v-if="column.key === 'port'" :name="text" :record="record">
-              {{ cksSshStartingPort + index }}
+              <span v-if="record.isexternalnode || (!record.isexternalnode && !record.isetcdnode)"> {{ cksSshStartingPort + index }} </span>
+              <span v-else> {{ etcdSshPort }} </span>
             </template>
             <template v-if="column.key === 'actions'">
               <a-tooltip placement="bottom" >
@@ -209,6 +210,7 @@ export default {
       publicIpAddress: null,
       currentTab: 'details',
       cksSshStartingPort: 2222,
+      etcdSshPort: 50000,
       annotations: []
     }
   },
@@ -280,6 +282,7 @@ export default {
         dataIndex: 'actions'
       })
     }
+    this.fetchEtcdSshPort()
     this.handleFetchData()
     this.setCurrentTab()
   },
@@ -382,9 +385,10 @@ export default {
     },
     fetchInstances () {
       this.instanceLoading = true
-      var defaultNodes = this.resource.virtualmachines.filter(x => !x.isexternalnode)
+      var defaultNodes = this.resource.virtualmachines.filter(x => !x.isexternalnode && !x.isetcdnode)
       var externalNodes = this.resource.virtualmachines.filter(x => x.isexternalnode)
-      this.virtualmachines = defaultNodes.concat(externalNodes)
+      var etcdNodes = this.resource.virtualmachines.filter(x => x.isetcdnode)
+      this.virtualmachines = defaultNodes.concat(externalNodes).concat(etcdNodes)
       this.virtualmachines.map(x => { x.ipaddress = x.nic[0].ipaddress })
       this.instanceLoading = false
     },
@@ -435,6 +439,15 @@ export default {
         this.networkLoading = false
       })
     },
+    fetchEtcdSshPort () {
+      const params = {}
+      params.name = 'cloud.kubernetes.etcd.node.start.port'
+      var apiName = 'listConfigurations'
+      api(apiName, params).then(json => {
+        const configResponse = json.listconfigurationsresponse.configuration
+        this.etcdSshPort = configResponse[0]?.value
+      })
+    },
     downloadKubernetesClusterConfig () {
       var blob = new Blob([this.clusterConfig], { type: 'text/plain' })
       var filename = 'kube.conf'

From 8cfa6e6273e76afa008793f80843328954f87428 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 7 May 2024 12:04:20 -0300
Subject: [PATCH 13/88] Fix CKS cluster scaling and minor UI improvement

---
 .../actionworkers/KubernetesClusterScaleWorker.java   | 11 ++++++++---
 ui/src/components/view/InfoCard.vue                   |  6 ------
 ui/src/config/section/compute.js                      |  2 +-
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index eaf5c3731e8e..61d54e7dcf7d 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -404,7 +404,10 @@ private void removeNodesFromCluster(List<KubernetesClusterVmMapVO> vmMaps) throw
 
         // Scale network rules to update firewall rule
         try {
-            List<Long> clusterVMIds = getKubernetesClusterVMMaps().stream().map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            List<Long> clusterVMIds = getKubernetesClusterVMMaps()
+                    .stream()
+                    .filter(x -> !x.isEtcdNode())
+                    .map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
             scaleKubernetesClusterNetworkRules(clusterVMIds);
         } catch (ManagementServerException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to update network rules", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed, e);
@@ -420,7 +423,9 @@ private void scaleDownKubernetesClusterSize() throws CloudRuntimeException {
             vmList = getKubernetesClusterVMMapsForNodes(this.nodeIds).stream().filter(vm -> !vm.isExternalNode()).collect(Collectors.toList());
         } else {
             vmList  = getKubernetesClusterVMMaps();
-            vmList  = vmList.stream().filter(vm -> !vm.isExternalNode()).collect(Collectors.toList());
+            vmList  = vmList.stream()
+                        .filter(vm -> !vm.isExternalNode() && !vm.isControlNode() && !vm.isEtcdNode())
+                        .collect(Collectors.toList());
             vmList = vmList.subList((int) (kubernetesCluster.getControlNodeCount() + clusterSize - 1), vmList.size());
         }
         Collections.reverse(vmList);
@@ -444,7 +449,7 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
         }
         try {
             List<Long> externalNodeIds = getKubernetesClusterVMMaps().stream().filter(KubernetesClusterVmMapVO::isExternalNode).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
-            List<Long> clusterVMIds = getKubernetesClusterVMMaps().stream().filter(vm -> !vm.isExternalNode()).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
+            List<Long> clusterVMIds = getKubernetesClusterVMMaps().stream().filter(vm -> !vm.isExternalNode() && !vm.isEtcdNode()).map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toList());
             clusterVMIds.addAll(externalNodeIds);
             scaleKubernetesClusterNetworkRules(clusterVMIds);
         } catch (ManagementServerException e) {
diff --git a/ui/src/components/view/InfoCard.vue b/ui/src/components/view/InfoCard.vue
index 5d34fad586cd..07d6058126cd 100644
--- a/ui/src/components/view/InfoCard.vue
+++ b/ui/src/components/view/InfoCard.vue
@@ -589,12 +589,6 @@
             <span v-else>{{ resource.etcdofferingname || resource.etcdofferingid }}</span>
           </div>
         </div>
-        <div class="resource-detail-item" v-if="resource.etcdnodes">
-          <div class="resource-detail-item__label">{{ $t('label.etcdnodes') }}</div>
-          <div class="resource-detail-item__details">
-            <bulb-outlined />{{ resource.etcdnodes }}
-          </div>
-        </div>
         <div class="resource-detail-item" v-if="resource.diskofferingname && resource.diskofferingid">
           <div class="resource-detail-item__label">{{ $t('label.diskoffering') }}</div>
           <div class="resource-detail-item__details">
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index a952f515b955..3db6bd0cd882 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -539,7 +539,7 @@ export default {
         const filters = ['cloud.managed', 'external.managed']
         return filters
       },
-      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'cpunumber', 'memory', 'keypair', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
+      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'etcdnodes', 'cpunumber', 'memory', 'keypair', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
       tabs: [{
         name: 'k8s',
         component: shallowRef(defineAsyncComponent(() => import('@/views/compute/KubernetesServiceTab.vue')))

From fe81ae0af332ef91d09d081561a0fa0aa9f5d537 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 7 May 2024 11:46:48 -0400
Subject: [PATCH 14/88] Reuse k8s cluster public IP for etcd nodes and rename
 etcd nodes

---
 ...esClusterResourceModifierActionWorker.java |  2 +-
 .../KubernetesClusterStartWorker.java         | 39 ++++---------------
 ui/public/locales/en.json                     |  1 -
 ui/src/components/view/InfoCard.vue           | 18 ---------
 4 files changed, 8 insertions(+), 52 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 94e8fedce022..07195b04c1a7 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -786,7 +786,7 @@ protected String getEtcdNodeNameForCluster() {
                 prefix = kubernetesCluster.getUuid();
             }
         }
-        prefix = "etcd-" + prefix;
+        prefix = prefix + "-etcd" ;
         if (prefix.length() > 40) {
             prefix = prefix.substring(0, 40);
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index d5a580e05d01..e2949aaec37a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -32,7 +32,6 @@
 import java.util.stream.Collectors;
 
 import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.utils.Ternary;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.framework.ca.Certificate;
@@ -518,20 +517,12 @@ private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String
         return additionalControlVms;
     }
 
-    private Ternary<List<UserVm>, List<Network.IpAddresses>, List<IpAddress>> provisionEtcdCluster(final Network network, final Long domainId, final Long accountId)
+    private Pair<List<UserVm>, List<Network.IpAddresses>> provisionEtcdCluster(final Network network, final Long domainId, final Long accountId)
             throws InsufficientCapacityException, ResourceUnavailableException, ManagementServerException {
         List<UserVm> etcdNodeVms = new ArrayList<>();
-        List<IpAddress> etcdNodeIps = getEtcdNodePublicIpAddresses(network, kubernetesCluster.getEtcdNodeCount());
         List<Network.IpAddresses>  etcdNodeGuestIps = getEtcdNodeGuestIps(network, kubernetesCluster.getEtcdNodeCount());
         List<String> etcdHostnames = getEtcdNodeHostnames();
         for (int i = 0; i < kubernetesCluster.getEtcdNodeCount(); i++) {
-            IpAddress ip = etcdNodeIps.get(i);
-            if (Objects.isNull(ip)) {
-                String errMsg = String.format("No public IP found for the network: %s, to create Etcd node for " +
-                        "Kubernetes cluster: %s", network, kubernetesCluster.getName());
-                LOGGER.error(errMsg);
-                logAndThrow(Level.ERROR, errMsg);
-            }
             UserVm vm = createEtcdNode(etcdNodeGuestIps, etcdHostnames, i, domainId, accountId);
             addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, true, true);
             startKubernetesVM(vm, domainId, accountId);
@@ -544,19 +535,7 @@ private Ternary<List<UserVm>, List<Network.IpAddresses>, List<IpAddress>> provis
                 LOGGER.info(String.format("Provisioned additional control VM : %s in to the Kubernetes cluster : %s", vm.getDisplayName(), kubernetesCluster.getName()));
             }
         }
-        return new Ternary<>(etcdNodeVms, etcdNodeGuestIps, etcdNodeIps);
-    }
-
-    private List<IpAddress> getEtcdNodePublicIpAddresses(final Network network, final long etcdNodeCount) throws InsufficientAddressCapacityException, ResourceUnavailableException, ResourceAllocationException {
-        List<IpAddress> ipAddresses = new ArrayList<>();
-        for (int i = 1; i <= etcdNodeCount; i++) {
-            if (network.getVpcId() == null) {
-                ipAddresses.add(acquirePublicIpForIsolatedNetwork(network));
-            } else {
-                ipAddresses.add(acquireVpcTierKubernetesPublicIp(network, true));
-            }
-        }
-        return ipAddresses;
+        return new Pair<>(etcdNodeVms, etcdNodeGuestIps);
     }
 
     private List<Network.IpAddresses> getEtcdNodeGuestIps(final Network network, final long etcdNodeCount) {
@@ -614,7 +593,7 @@ protected void setupKubernetesClusterNetworkRules(Network network, List<UserVm>
         setupKubernetesClusterIsolatedNetworkRules(publicIp, network, clusterVMIds, true);
     }
 
-    protected void setupKubernetesEtcdNetworkRules(List<IpAddress> etcdNodeIps, List<UserVm> etcdVms, Network network) throws ManagementServerException, ResourceUnavailableException {
+    protected void setupKubernetesEtcdNetworkRules(List<UserVm> etcdVms, Network network) throws ManagementServerException, ResourceUnavailableException {
         if (!Network.GuestType.Isolated.equals(network.getGuestType())) {
             if (LOGGER.isDebugEnabled()) {
                 LOGGER.debug(String.format("Network : %s for Kubernetes cluster : %s is not an isolated network, therefore, no need for network rules", network.getName(), kubernetesCluster.getName()));
@@ -622,18 +601,16 @@ protected void setupKubernetesEtcdNetworkRules(List<IpAddress> etcdNodeIps, List
         }
         List<Long> etcdVmIds = etcdVms.stream().map(UserVm::getId).collect(Collectors.toList());
         Integer startPort = KubernetesClusterService.KubernetesEtcdNodeStartPort.value();
+        IpAddress publicIp = ipAddressDao.findByIpAndDcId(kubernetesCluster.getZoneId(), publicIpAddress);
         for (int i = 0; i < etcdVmIds.size(); i++) {
-            IpAddress publicIp = etcdNodeIps.get(i);
+            startPort += i;
             try {
                 provisionFirewallRules(publicIp, owner, startPort, startPort);
-                provisionFirewallRules(publicIp, owner, ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_PEER_COMM_PORT);
             } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException |
                      NetworkRuleConflictException e) {
                 throw new ManagementServerException(String.format("Failed to provision firewall rules for etcd nodes for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
             }
             provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), startPort, DEFAULT_SSH_PORT);
-            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_CLIENT_REQUEST_PORT);
-            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), ETCD_NODE_PEER_COMM_PORT, ETCD_NODE_PEER_COMM_PORT);
         }
     }
 
@@ -737,12 +714,10 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) thr
 
         List<UserVm> etcdVms = new ArrayList<>();
         List<Network.IpAddresses> etcdGuestNodeIps = new ArrayList<>();
-        List<IpAddress> etcdPublicNodeIps = new ArrayList<>();
         if (kubernetesCluster.getEtcdNodeCount() > 0) {
-            Ternary<List<UserVm>, List<Network.IpAddresses>, List<IpAddress>> etcdNodesAndIps = provisionEtcdCluster(network, domainId, accountId);
+            Pair<List<UserVm>, List<Network.IpAddresses>> etcdNodesAndIps = provisionEtcdCluster(network, domainId, accountId);
             etcdVms = etcdNodesAndIps.first();
             etcdGuestNodeIps = etcdNodesAndIps.second();
-            etcdPublicNodeIps = etcdNodesAndIps.third();
         }
 
         List<UserVm> clusterVMs = new ArrayList<>();
@@ -781,7 +756,7 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) thr
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup Kubernetes cluster : %s, unable to setup network rules", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
         try {
-            setupKubernetesEtcdNetworkRules(etcdPublicNodeIps, etcdVms, network);
+            setupKubernetesEtcdNetworkRules(etcdVms, network);
         } catch (ManagementServerException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup Kubernetes cluster : %s, unable to setup network rules for etcd nodes", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 803565313ef1..65b44209b382 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2443,7 +2443,6 @@
 "label.quotagb": "Quota in GB",
 "label.encryption": "Encryption",
 "label.etcdnodes": "Number of etcd nodes",
-"label.etcd.ips": "etcd Node(s) IP address(es)",
 "label.versioning": "Versioning",
 "label.objectlocking": "Object Lock",
 "label.bucket.policy": "Bucket Policy",
diff --git a/ui/src/components/view/InfoCard.vue b/ui/src/components/view/InfoCard.vue
index 07d6058126cd..2720f960b991 100644
--- a/ui/src/components/view/InfoCard.vue
+++ b/ui/src/components/view/InfoCard.vue
@@ -188,24 +188,6 @@
             </span>
           </div>
         </div>
-        <div class="resource-detail-item" v-if="resource.etcdips">
-          <div class="resource-detail-item__label">{{ $t('label.etcd.ips') }}</div>
-          <div class="resource-detail-item__details resource-detail-item__details--start">
-            <div>
-              <div
-                v-for="(address, index) in resource.etcdips"
-                :key="index">
-                <environment-outlined
-                  @click="$message.success(`${$t('label.copied.clipboard')} : ${ address }`)"
-                  v-clipboard:copy="address"
-                />
-                <router-link v-if="address" :to="{ path: '/publicip/' + index }">
-                  <copy-label :label="address" />&nbsp;
-                </router-link>
-              </div>
-            </div>
-          </div>
-        </div>
         <div class="resource-detail-item" v-if="('cpunumber' in resource && 'cpuspeed' in resource) || resource.cputotal">
           <div class="resource-detail-item__label">{{ $t('label.cpu') }}</div>
           <div class="resource-detail-item__details">

From b09c11f447957d9fbf1da624111d94547e59aca0 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 20 May 2024 17:40:13 -0400
Subject: [PATCH 15/88] Fix DNS resolver issue

---
 systemvm/debian/opt/cloud/bin/cs/CsDhcp.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index b3bcdd21e3d6..ce9493c5e695 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -113,7 +113,8 @@ def configure_server(self):
                 if (self.config.is_vpc() or self.config.is_router()) and ('is_vr_guest_gateway' in gn.data and gn.data['is_vr_guest_gateway']):
                   if gateway in dns_list:
                     dns_list.remove(gateway)
-                  dns_list.insert(0, ip)
+                  if gn.data['router_guest_ip'] != ip:
+                    dns_list.insert(0, ip)
                 elif self.config.is_dhcp() and not self.config.use_extdns():
                     guest_ip = self.config.address().get_guest_ip()
                     if guest_ip and guest_ip in dns_list and ip not in dns_list:

From 44991773b921a3b08bf5eacbdad1fbbe7aded0e0 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 20 May 2024 17:40:47 -0400
Subject: [PATCH 16/88] Update UDP active monitor to ICMP

---
 .../org/apache/cloudstack/service/NsxApiClient.java   | 11 ++++-------
 .../apache/cloudstack/utils/NsxControllerUtils.java   |  3 +++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
index d443b0e14e79..a24d881a706f 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
@@ -45,13 +45,13 @@
 import com.vmware.nsx_policy.model.ICMPTypeServiceEntry;
 import com.vmware.nsx_policy.model.L4PortSetServiceEntry;
 import com.vmware.nsx_policy.model.LBAppProfileListResult;
+import com.vmware.nsx_policy.model.LBIcmpMonitorProfile;
 import com.vmware.nsx_policy.model.LBMonitorProfileListResult;
 import com.vmware.nsx_policy.model.LBPool;
 import com.vmware.nsx_policy.model.LBPoolListResult;
 import com.vmware.nsx_policy.model.LBPoolMember;
 import com.vmware.nsx_policy.model.LBService;
 import com.vmware.nsx_policy.model.LBTcpMonitorProfile;
-import com.vmware.nsx_policy.model.LBUdpMonitorProfile;
 import com.vmware.nsx_policy.model.LBVirtualServer;
 import com.vmware.nsx_policy.model.LBVirtualServerListResult;
 import com.vmware.nsx_policy.model.LocaleServicesListResult;
@@ -123,7 +123,7 @@ public class NsxApiClient {
     // TODO: Pass as global / zone-level setting?
     protected static final String NSX_LB_PASSIVE_MONITOR = "/infra/lb-monitor-profiles/default-passive-lb-monitor";
     protected static final String TCP_MONITOR_PROFILE = "LBTcpMonitorProfile";
-    protected static final String UDP_MONITOR_PROFILE = "LBUdpMonitorProfile";
+    protected static final String ICMP_MONITOR_PROFILE = "LBIcmpMonitorProfile";
     protected static final String NAT_ID = "USER";
 
     private enum PoolAllocation { ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE }
@@ -637,13 +637,10 @@ private String getLbActiveMonitorPath(String lbServerPoolName, String port, Stri
                     .build();
             lbActiveMonitor.patch(lbMonitorProfileId, lbTcpMonitorProfile);
         } else if ("UDP".equals(protocol.toUpperCase(Locale.ROOT))) {
-            LBUdpMonitorProfile lbUdpMonitorProfile = new LBUdpMonitorProfile.Builder(UDP_MONITOR_PROFILE)
+            LBIcmpMonitorProfile icmpMonitorProfile = new LBIcmpMonitorProfile.Builder(ICMP_MONITOR_PROFILE)
                     .setDisplayName(lbMonitorProfileId)
-                    .setMonitorPort(Long.parseLong(port))
-                    .setSend("")
-                    .setReceive("")
                     .build();
-            lbActiveMonitor.patch(lbMonitorProfileId, lbUdpMonitorProfile);
+            lbActiveMonitor.patch(lbMonitorProfileId, icmpMonitorProfile);
         }
 
         LBMonitorProfileListResult listResult = listLBActiveMonitors(lbActiveMonitor);
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
index e064a6b62916..f44364f34c8b 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
@@ -124,6 +124,9 @@ public static String getServerPoolName(String tier1GatewayName, long lbId) {
     }
 
     public static String getActiveMonitorProfileName(String lbServerPoolName, String port, String protocol) {
+        if (protocol.equalsIgnoreCase("udp")) {
+            protocol =  "ICMP";
+        }
         return lbServerPoolName + "-" + protocol + "-" + port + "-AM";
     }
 

From 98389a116dd9ed6f3ea5d8893199286b7b07f424 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Mon, 20 May 2024 18:41:15 -0300
Subject: [PATCH 17/88] Add hypervisor type to CKS cluster creation to fix CKS
 cluster creation when External hosts added

---
 .../cluster/KubernetesClusterManagerImpl.java | 26 ++++++----
 ...esClusterResourceModifierActionWorker.java | 11 +++--
 .../KubernetesClusterScaleWorker.java         |  6 ++-
 .../KubernetesClusterStartWorker.java         |  4 +-
 .../cluster/CreateKubernetesClusterCmd.java   |  8 ++++
 .../views/compute/CreateKubernetesCluster.vue | 48 ++++++++++++++++++-
 6 files changed, 86 insertions(+), 17 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 8e2b72529df1..d54c81ba7ff9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -558,7 +558,7 @@ public Long getExplicitAffinityGroup(Long domainId) {
     }
 
     private DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering,
-                                   final Long domainId, final Long accountId) throws InsufficientServerCapacityException {
+                                   final Long domainId, final Long accountId, Hypervisor.HypervisorType hypervisorType) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
         boolean useDedicatedHosts = false;
@@ -579,6 +579,9 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
         if (hosts.isEmpty()) {
             hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
         }
+        if (hypervisorType != null) {
+            hosts = hosts.stream().filter(x -> x.getHypervisorType() == hypervisorType).collect(Collectors.toList());
+        }
         final Map<String, Pair<HostVO, Integer>> hosts_with_resevered_capacity = new ConcurrentHashMap<String, Pair<HostVO, Integer>>();
         for (HostVO h : hosts) {
             hosts_with_resevered_capacity.put(h.getUuid(), new Pair<HostVO, Integer>(h, 0));
@@ -1412,6 +1415,7 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
                 CONTROL.name(), controlNodeCount, ETCD.name(), etcdNodes);
         final Account owner = accountService.getActiveAccountById(cmd.getEntityOwnerId());
         final KubernetesSupportedVersion clusterKubernetesVersion = kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId());
+        final Hypervisor.HypervisorType hypervisor = cmd.getHypervisorType();
 
         Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
         Long defaultServiceOfferingId = cmd.getServiceOfferingId();
@@ -1424,7 +1428,7 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
                 accountId = account.getId();
             }
         }
-        Hypervisor.HypervisorType hypervisorType = getHypervisorTypeAndValidateNodeDeployments(serviceOfferingNodeTypeMap, defaultServiceOfferingId, nodeTypeCount, zone, domainId, accountId);
+        Hypervisor.HypervisorType hypervisorType = getHypervisorTypeAndValidateNodeDeployments(serviceOfferingNodeTypeMap, defaultServiceOfferingId, nodeTypeCount, zone, domainId, accountId, hypervisor);
 
         SecurityGroup securityGroup = null;
         if (zone.isSecurityGroupEnabled()) {
@@ -1510,8 +1514,9 @@ protected Pair<Long, Long> calculateClusterCapacity(Map<String, Long> map, Map<S
     protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(Map<String, Long> serviceOfferingNodeTypeMap,
                                                                                     Long defaultServiceOfferingId,
                                                                                     Map<String, Long> nodeTypeCount,
-                                                                                    DataCenter zone, Long domainId, Long accountId) {
-        Hypervisor.HypervisorType hypervisorType = null;
+                                                                                    DataCenter zone, Long domainId, Long accountId,
+                                                                                    Hypervisor.HypervisorType hypervisorType) {
+        Hypervisor.HypervisorType deploymentHypervisor = null;
         for (String nodeType : CLUSTER_NODES_TYPES_LIST) {
             if (!nodeTypeCount.containsKey(nodeType)) {
                 continue;
@@ -1524,18 +1529,23 @@ protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(
                         (!serviceOfferingNodeTypeMap.containsKey(ETCD.name()) || nodes == 0)) {
                     continue;
                 }
-                DeployDestination deployDestination = plan(nodes, zone, serviceOffering, domainId, accountId);
+                DeployDestination deployDestination = plan(nodes, zone, serviceOffering, domainId, accountId, hypervisorType);
                 if (deployDestination.getCluster() == null) {
                     logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to error while finding suitable deployment plan for cluster in zone : %s", zone.getName()));
                 }
-                if (hypervisorType == null) {
-                    hypervisorType = deployDestination.getCluster().getHypervisorType();
+                if (deploymentHypervisor == null) {
+                    deploymentHypervisor = deployDestination.getCluster().getHypervisorType();
+                    if (hypervisorType != deploymentHypervisor) {
+                        String msg = String.format("The hypervisor type planned for the CKS cluster deployment %s is different " +
+                                "from the selected hypervisor %s", deployDestination.getCluster().getHypervisorType(), hypervisorType);
+                        LOGGER.warn(msg);
+                    }
                 }
             } catch (InsufficientCapacityException e) {
                 logAndThrow(Level.ERROR, String.format("Creating Kubernetes cluster failed due to insufficient capacity for %d nodes cluster in zone : %s with service offering : %s", nodes, zone.getName(), serviceOffering.getName()));
             }
         }
-        return hypervisorType;
+        return deploymentHypervisor;
     }
 
     private SecurityGroup getOrCreateSecurityGroupForAccount(Account owner) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 07195b04c1a7..fcd04716cc31 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -174,7 +174,7 @@ protected void init() {
     }
 
     protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering,
-                                     final Long domainId, final Long accountId) throws InsufficientServerCapacityException {
+                                     final Long domainId, final Long accountId, final Hypervisor.HypervisorType hypervisorType) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
         boolean useDedicatedHosts = false;
@@ -195,6 +195,9 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
         if (hosts.isEmpty()) {
             hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
         }
+        if (hypervisorType != null) {
+            hosts = hosts.stream().filter(x -> x.getHypervisorType() == hypervisorType).collect(Collectors.toList());
+        }
         final Map<String, Pair<HostVO, Integer>> hosts_with_resevered_capacity = new ConcurrentHashMap<String, Pair<HostVO, Integer>>();
         for (HostVO h : hosts) {
             hosts_with_resevered_capacity.put(h.getUuid(), new Pair<HostVO, Integer>(h, 0));
@@ -257,13 +260,13 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
-    protected DeployDestination plan(Long domainId, Long accountId) throws InsufficientServerCapacityException {
+    protected DeployDestination plan(Long domainId, Long accountId, Hypervisor.HypervisorType hypervisorType) throws InsufficientServerCapacityException {
         ServiceOffering offering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
         if (logger.isDebugEnabled()) {
             logger.debug(String.format("Checking deployment destination for Kubernetes cluster : %s in zone : %s", kubernetesCluster.getName(), zone.getName()));
         }
-        return plan(kubernetesCluster.getTotalNodeCount(), zone, offering, domainId, accountId);
+        return plan(kubernetesCluster.getTotalNodeCount(), zone, offering, domainId, accountId, hypervisorType);
     }
 
     protected void resizeNodeVolume(final UserVm vm) throws ManagementServerException {
@@ -300,7 +303,7 @@ protected void startKubernetesVM(final UserVm vm, final Long domainId, final Lon
             if (Objects.nonNull(domainId) && !listDedicatedHostsInDomain(domainId).isEmpty()) {
                 DeployDestination dest = null;
                 try {
-                     dest = plan(domainId, accountId);
+                     dest = plan(domainId, accountId, vm.getHypervisorType());
                 } catch (InsufficientCapacityException e) {
                     logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
                 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 61d54e7dcf7d..c8e133283339 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -30,6 +30,7 @@
 
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper.KubernetesClusterNodeType;
 import com.cloud.service.ServiceOfferingVO;
+import com.cloud.storage.VMTemplateVO;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -331,11 +332,12 @@ private void validateKubernetesClusterScaleSizeParameters() throws CloudRuntimeE
         }
         if (newVmRequiredCount > 0) {
             final DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
+            VMTemplateVO clusterTemplate = templateDao.findById(kubernetesCluster.getTemplateId());
             try {
                 if (originalState.equals(KubernetesCluster.State.Running)) {
-                    plan(newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
+                    plan(newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType());
                 } else {
-                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
+                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType());
                 }
             } catch (InsufficientCapacityException e) {
                 logTransitStateToFailedIfNeededAndThrow(Level.WARN, String.format("Scaling failed for Kubernetes cluster : %s in zone : %s, insufficient capacity", kubernetesCluster.getName(), zone.getName()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index e2949aaec37a..855c4446a1eb 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -32,6 +32,7 @@
 import java.util.stream.Collectors;
 
 import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.storage.VMTemplateVO;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.framework.ca.Certificate;
@@ -685,7 +686,8 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId) thr
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.StartRequested);
         DeployDestination dest = null;
         try {
-            dest = plan(domainId, accountId);
+            VMTemplateVO clusterTemplate = templateDao.findById(kubernetesCluster.getTemplateId());
+            dest = plan(domainId, accountId, clusterTemplate.getHypervisorType());
         } catch (InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index f3e557579f2a..0c5bca9405d8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -25,6 +25,7 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ManagementServerException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.hypervisor.Hypervisor;
 import com.cloud.kubernetes.cluster.KubernetesClusterHelper;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -170,6 +171,9 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.CLUSTER_TYPE, type = CommandType.STRING, description = "type of the cluster: CloudManaged, ExternalManaged. The default value is CloudManaged.", since="4.19.0")
     private String clusterType;
 
+    @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "(optional) the hypervisor on which to deploy the CKS cluster nodes.")
+    private String hypervisor;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -278,6 +282,10 @@ public Map<String, Long> getTemplateNodeTypeMap() {
         return kubernetesClusterHelper.getTemplateNodeTypeMap(templateNodeTypeMap);
     }
 
+    public Hypervisor.HypervisorType getHypervisorType() {
+        return hypervisor == null ? null : Hypervisor.HypervisorType.getType(hypervisor);
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 12e49f955d5f..4f11816089b3 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -65,6 +65,25 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item ref="hypervisor" name="hypervisor">
+          <template #label>
+            <tooltip-label :title="$t('label.hypervisor')" :tooltip="apiParams.hypervisor.description"/>
+          </template>
+          <a-select
+            v-model:value="form.hypervisor"
+            :loading="hypervisorLoading"
+            :placeholder="apiParams.hypervisor.description"
+            showSearch
+            optionFilterProp="label"
+            @change="val => { handleZoneHypervisorChange(val) }">
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }" >
+            <a-select-option v-for="(opt, optIndex) in selectedZoneHypervisors" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
         <a-form-item name="kubernetesversionid" ref="kubernetesversionid">
           <template #label>
             <tooltip-label :title="$t('label.kubernetesversionid')" :tooltip="apiParams.kubernetesversionid.description"/>
@@ -386,7 +405,9 @@ export default {
       keyPairLoading: false,
       loading: false,
       templates: [],
-      templateLoading: false
+      templateLoading: false,
+      selectedZoneHypervisors: [],
+      hypervisorLoading: false
     }
   },
   beforeCreate () {
@@ -408,7 +429,8 @@ export default {
       this.form = reactive({
         controlnodes: 3,
         size: 1,
-        noderootdisksize: 8
+        noderootdisksize: 8,
+        hypervisor: null
       })
       this.rules = reactive({
         name: [{ required: true, message: this.$t('message.error.kubecluster.name') }],
@@ -483,6 +505,7 @@ export default {
       this.selectedZone = zone
       this.fetchKubernetesVersionData()
       this.fetchNetworkData()
+      this.fetchZoneHypervisors()
     },
     fetchKubernetesVersionData () {
       this.kubernetesVersions = []
@@ -595,6 +618,24 @@ export default {
         }
       })
     },
+    fetchZoneHypervisors () {
+      const params = {
+        zoneid: this.selectedZone.id
+      }
+      this.hypervisorLoading = true
+
+      api('listHypervisors', params).then(json => {
+        const listResponse = json.listhypervisorsresponse.hypervisor || []
+        if (listResponse) {
+          this.selectedZoneHypervisors = listResponse
+        }
+      }).finally(() => {
+        this.hypervisorLoading = false
+      })
+    },
+    handleZoneHypervisorChange (index) {
+      this.form.hypervisor = index
+    },
     handleSubmit (e) {
       e.preventDefault()
       if (this.loading) return
@@ -611,6 +652,9 @@ export default {
           size: values.size,
           clustertype: 'CloudManaged'
         }
+        if (values.hypervisor !== null) {
+          params.hypervisor = this.selectedZoneHypervisors[values.hypervisor].name.toLowerCase()
+        }
         var advancedOfferings = 0
         if (this.isValidValueForKey(values, 'advancedmode') && values.advancedmode && this.isValidValueForKey(values, 'controlofferingid') && this.arrayHasItems(this.serviceOfferings) && this.serviceOfferings[values.controlofferingid].id != null) {
           params['nodeofferings[' + advancedOfferings + '].node'] = 'control'

From a490dbbca7c749e064d5a3e33b73b3de69030ba0 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 21 May 2024 22:46:15 -0300
Subject: [PATCH 18/88] Fix build

---
 .../cluster/KubernetesClusterManagerImpl.java        |  2 +-
 .../actionworkers/KubernetesClusterStartWorker.java  | 12 ++++++------
 .../src/main/resources/conf/etcd-node.yml            |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index d54c81ba7ff9..d75b009103ad 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1538,7 +1538,7 @@ protected Hypervisor.HypervisorType getHypervisorTypeAndValidateNodeDeployments(
                     if (hypervisorType != deploymentHypervisor) {
                         String msg = String.format("The hypervisor type planned for the CKS cluster deployment %s is different " +
                                 "from the selected hypervisor %s", deployDestination.getCluster().getHypervisorType(), hypervisorType);
-                        LOGGER.warn(msg);
+                        logger.warn(msg);
                     }
                 }
             } catch (InsufficientCapacityException e) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 855c4446a1eb..1553c554d14b 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -466,8 +466,8 @@ private UserVm createEtcdNode(List<Network.IpAddresses> requestedIps, List<Strin
                             Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
         }
 
-        if (LOGGER.isInfoEnabled()) {
-            LOGGER.info(String.format("Created control VM ID : %s, %s in the Kubernetes cluster : %s", etcdNode.getUuid(), hostName, kubernetesCluster.getName()));
+        if (logger.isInfoEnabled()) {
+            logger.info(String.format("Created control VM ID : %s, %s in the Kubernetes cluster : %s", etcdNode.getUuid(), hostName, kubernetesCluster.getName()));
         }
         return etcdNode;
     }
@@ -532,8 +532,8 @@ private Pair<List<UserVm>, List<Network.IpAddresses>> provisionEtcdCluster(final
                 throw new ManagementServerException(String.format("Failed to provision additional control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
             }
             etcdNodeVms.add(vm);
-            if (LOGGER.isInfoEnabled()) {
-                LOGGER.info(String.format("Provisioned additional control VM : %s in to the Kubernetes cluster : %s", vm.getDisplayName(), kubernetesCluster.getName()));
+            if (logger.isInfoEnabled()) {
+                logger.info(String.format("Provisioned additional control VM : %s in to the Kubernetes cluster : %s", vm.getDisplayName(), kubernetesCluster.getName()));
             }
         }
         return new Pair<>(etcdNodeVms, etcdNodeGuestIps);
@@ -596,8 +596,8 @@ protected void setupKubernetesClusterNetworkRules(Network network, List<UserVm>
 
     protected void setupKubernetesEtcdNetworkRules(List<UserVm> etcdVms, Network network) throws ManagementServerException, ResourceUnavailableException {
         if (!Network.GuestType.Isolated.equals(network.getGuestType())) {
-            if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug(String.format("Network : %s for Kubernetes cluster : %s is not an isolated network, therefore, no need for network rules", network.getName(), kubernetesCluster.getName()));
+            if (logger.isDebugEnabled()) {
+                logger.debug(String.format("Network : %s for Kubernetes cluster : %s is not an isolated network, therefore, no need for network rules", network.getName(), kubernetesCluster.getName()));
             }
         }
         List<Long> etcdVmIds = etcdVms.stream().map(UserVm::getId).collect(Collectors.toList());
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
index e5ec6ab70a98..c380151f49d2 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
@@ -131,4 +131,4 @@ runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - /opt/bin/setup-etcd-node
   - systemctl daemon-reload
-  - systemctl enable --now etcd
\ No newline at end of file
+  - systemctl enable --now etcd

From c9097eedcc4d8c347c6656a4d2db05fb55cfe8e5 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 22 May 2024 19:14:49 -0300
Subject: [PATCH 19/88] Fix logger

---
 .../kubernetes/cluster/KubernetesClusterHelperImpl.java      | 5 +++--
 .../kubernetes/cluster/AddNodesToKubernetesClusterCmd.java   | 3 ---
 .../cluster/RemoveNodesFromKubernetesClusterCmd.java         | 5 +++--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
index b9fe40c0589c..d665b8c0c8e9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImpl.java
@@ -30,7 +30,8 @@
 import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.stereotype.Component;
 
 import javax.inject.Inject;
@@ -41,7 +42,7 @@
 @Component
 public class KubernetesClusterHelperImpl extends AdapterBase implements KubernetesClusterHelper, Configurable {
 
-    public static final Logger LOGGER = Logger.getLogger(KubernetesClusterHelperImpl.class.getName());
+    public static final Logger LOGGER = LogManager.getLogger(KubernetesClusterHelperImpl.class.getName());
 
     @Inject
     private KubernetesClusterDao kubernetesClusterDao;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
index f8bea80e67b9..9dc7ad06957a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -32,7 +32,6 @@
 import org.apache.cloudstack.api.response.UserVmResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.commons.lang3.BooleanUtils;
-import org.apache.log4j.Logger;
 
 import javax.inject.Inject;
 
@@ -48,8 +47,6 @@ public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
     @Inject
     public KubernetesClusterService kubernetesClusterService;
 
-    public static final Logger LOGGER = Logger.getLogger(AddNodesToKubernetesClusterCmd.class.getName());
-
     @Parameter(name = ApiConstants.NODE_IDS,
             type = CommandType.LIST,
             collectionType = CommandType.UUID,
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
index 72a5c1144409..2aeb9d940b05 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
@@ -34,7 +34,8 @@
 import org.apache.cloudstack.api.response.KubernetesClusterResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import javax.inject.Inject;
 import java.util.List;
@@ -49,7 +50,7 @@ public class RemoveNodesFromKubernetesClusterCmd extends BaseAsyncCmd {
     @Inject
     public KubernetesClusterService kubernetesClusterService;
 
-    protected static final Logger LOGGER = Logger.getLogger(RemoveNodesFromKubernetesClusterCmd.class);
+    protected static final Logger LOGGER = LogManager.getLogger(RemoveNodesFromKubernetesClusterCmd.class);
 
     @Parameter(name = ApiConstants.NODE_IDS,
             type = CommandType.LIST,

From 4be1d33abe7abcf77f7a3030fda8c74f93ccbc3c Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 23 May 2024 11:46:52 -0400
Subject: [PATCH 20/88] Modify hypervisor param description in the create CKS
 cluster API

---
 .../user/kubernetes/cluster/CreateKubernetesClusterCmd.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 0c5bca9405d8..308b7cb57fc8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -171,7 +171,7 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.CLUSTER_TYPE, type = CommandType.STRING, description = "type of the cluster: CloudManaged, ExternalManaged. The default value is CloudManaged.", since="4.19.0")
     private String clusterType;
 
-    @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "(optional) the hypervisor on which to deploy the CKS cluster nodes.")
+    @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "the hypervisor on which the CKS cluster is to be deployed. This is required if the zone in which the CKS cluster is being deployed has clusters with different hypervisor types.")
     private String hypervisor;
 
     /////////////////////////////////////////////////////

From 4b4a6757880d549e22d7ab88d5b2a996622eef94 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 23 May 2024 11:47:15 -0400
Subject: [PATCH 21/88] CKS delete fails when external nodes are present

* CKS delete fails when external nodes are present

* address comment
---
 .../actionworkers/KubernetesClusterDestroyWorker.java       | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index f8ed5df0cd04..99d894b2e926 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -246,6 +246,12 @@ public boolean destroy() throws CloudRuntimeException {
         }
         if (cleanupNetwork) { // if network has additional VM, cannot proceed with cluster destroy
             NetworkVO network = networkDao.findById(kubernetesCluster.getNetworkId());
+            List<KubernetesClusterVmMapVO> externalNodes = clusterVMs.stream().filter(KubernetesClusterVmMapVO::isExternalNode).collect(Collectors.toList());
+            if (!externalNodes.isEmpty()) {
+                String errMsg = String.format("Failed to delete kubernetes cluster %s as there are %s external node(s) present. Please remove the external node(s) from the cluster (and network) or delete them before deleting the cluster.", kubernetesCluster.getName(), externalNodes.size());
+                LOGGER.error(errMsg);
+                throw new CloudRuntimeException(errMsg);
+            }
             if (network != null) {
                 List<VMInstanceVO> networkVMs = vmInstanceDao.listNonRemovedVmsByTypeAndNetwork(network.getId(), VirtualMachine.Type.User);
                 if (networkVMs.size() > clusterVMs.size()) {

From aca606e51062b4d4a7a7402437852884893c8ade Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Thu, 23 May 2024 12:47:45 -0300
Subject: [PATCH 22/88] Improve network rules cleanup on failure adding
 external nodes to CKS cluster

---
 .../cluster/actionworkers/KubernetesClusterAddWorker.java | 7 +++++++
 .../cluster/AddNodesToKubernetesClusterCmd.java           | 8 +++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index df63c5a1bb09..2d22d295aabd 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -250,6 +250,10 @@ private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress p
             revertNetworkRules(network, nodeId, sshStartPort);
             return new Pair<>( false, nodeIndex);
         } catch (Exception e) {
+            String errMsg = String.format("Unexpected exception while trying to add the external node %s to the Kubernetes cluster %s: %s",
+                    nodeId, kubernetesCluster.getName(), e.getMessage());
+            LOGGER.error(errMsg, e);
+            revertNetworkRules(network, nodeId, sshStartPort);
             throw new CloudRuntimeException(e);
         }
         return new Pair<>(true, ++nodeIndex);
@@ -305,12 +309,15 @@ private void cleanupCloudInitSemFolder(UserVm userVm, IpAddress publicIp, File p
     }
 
     private void revertNetworkRules(Network network, long vmId, int port) {
+        LOGGER.debug(String.format("Reverting network rules for VM ID %s on network %s", vmId, network.getName()));
         FirewallRuleVO ruleVO = firewallRulesDao.findByNetworkIdAndPorts(network.getId(), port, port);
         if (Objects.isNull(network.getVpcId())) {
+            LOGGER.debug(String.format("Removing firewall rule %s", ruleVO.getId()));
             firewallService.revokeIngressFirewallRule(ruleVO.getId(), true);
         }
         List<PortForwardingRuleVO> pfRules = portForwardingRulesDao.listByVm(vmId);
         for (PortForwardingRuleVO pfRule : pfRules) {
+            LOGGER.debug(String.format("Removing port forwarding rule %s", pfRule.getId()));
             rulesService.revokePortForwardingRule(pfRule.getId(), true);
         }
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
index 9dc7ad06957a..296bbc820992 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -19,7 +19,6 @@
 import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
 import com.cloud.kubernetes.cluster.KubernetesClusterService;
 
-import com.cloud.utils.exception.CloudRuntimeException;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -109,14 +108,13 @@ public String getEventDescription() {
     @Override
     public void execute() {
         try {
-            if (!kubernetesClusterService.addNodesToKubernetesCluster(this)) {
-                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, String.format("Failed to add node(s) Kubernetes cluster ID: %d", getClusterId()));
-            }
+            kubernetesClusterService.addNodesToKubernetesCluster(this);
             final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getClusterId());
             response.setResponseName(getCommandName());
             setResponseObject(response);
         } catch (Exception e) {
-            throw new CloudRuntimeException(String.format("Failed to add nodes to cluster due to: %s", e.getLocalizedMessage()), e);
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, String.format("Failed to add nodes to cluster ID %s due to: %s",
+                    getClusterId(), e.getLocalizedMessage()), e);
         }
     }
 

From 589adae770d276fb847d081735093156183d467f Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Thu, 23 May 2024 12:48:56 -0300
Subject: [PATCH 23/88] UI: Fix etcd template was not honoured

* UI: Fix etcd template was not honoured

* Refactor
---
 ui/src/views/compute/CreateKubernetesCluster.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 4f11816089b3..5970906d2ed2 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -310,7 +310,7 @@
             </a-select-option>
           </a-select>
         </a-form-item>
-        <a-form-item v-if="form.advancedmode && form?.etcdnodes > 0" name="controltemplateid" ref="controltemplateid">
+        <a-form-item v-if="form.advancedmode && form?.etcdnodes > 0" name="etcdtemplateid" ref="etcdtemplateid">
           <template #label>
             <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.templateid')" :tooltip="$t('label.cks.cluster.etcd.nodes.templateid')"/>
           </template>

From bac0a2e64e894183db0a7b9e2cabdfc0467a8b39 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 28 May 2024 11:14:58 -0400
Subject: [PATCH 24/88] CKS: Exclude etcd nodes when calculating port numbers

---
 .../cluster/actionworkers/KubernetesClusterActionWorker.java    | 2 +-
 .../cluster/actionworkers/KubernetesClusterAddWorker.java       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index b916e22bde4f..b02504560eae 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -922,7 +922,7 @@ public Map<Long, Integer> addFirewallRulesForNodes(IpAddress publicIp, int size)
         try {
             List<KubernetesClusterVmMapVO> clusterVmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
             List<KubernetesClusterVmMapVO> externalNodes = clusterVmList.stream().filter(KubernetesClusterVmMapVO::isExternalNode).collect(Collectors.toList());
-            int endPort = (CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVmList.size() - externalNodes.size() - 1);
+            int endPort = (CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVmList.size() - externalNodes.size() - kubernetesCluster.getEtcdNodeCount().intValue() - 1);
             provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort);
             if (logger.isInfoEnabled()) {
                 logger.info(String.format("Provisioned firewall rule to open up port %d to %d on %s for Kubernetes cluster : %s", CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort, publicIp.getAddress().addr(), kubernetesCluster.getName()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 2d22d295aabd..13dc4d8ba38e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -220,7 +220,7 @@ private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Net
 
     private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress publicIp, Account account,
                                    Long nodeId, int nodeIndex, String base64UserData) {
-        int startSshPortNumber = KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT + (int) kubernetesCluster.getTotalNodeCount();
+        int startSshPortNumber = KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT + (int) kubernetesCluster.getTotalNodeCount() - kubernetesCluster.getEtcdNodeCount().intValue();
         int sshStartPort = startSshPortNumber + nodeIndex;
         try {
             if (Objects.isNull(network.getVpcId())) {

From 90db24f28935f590fccdbc135fa59d1b04428bf2 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 28 May 2024 12:15:32 -0300
Subject: [PATCH 25/88] Fix network cleanup in case of CKS cluster failure

---
 .../cluster/KubernetesClusterManagerImpl.java | 38 +++++++------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index d75b009103ad..b301347e5496 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1436,31 +1436,22 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         }
 
         Map<String, Long> templateNodeTypeMap = cmd.getTemplateNodeTypeMap();
+        final VMTemplateVO finalTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, DEFAULT);
+        final VMTemplateVO controlNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, CONTROL);
+        final VMTemplateVO workerNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, WORKER);
+        final VMTemplateVO etcdNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, ETCD);
         final Network defaultNetwork = getKubernetesClusterNetworkIfMissing(cmd.getName(), zone, owner, (int)controlNodeCount, (int)clusterSize, cmd.getExternalLoadBalancerIpAddress(), cmd.getNetworkId());
-        VMTemplateVO finalTemplate = null;
-        VMTemplateVO controlNodeTemplate = null;
-        VMTemplateVO workerNodeTemplate = null;
-        VMTemplateVO etcdNodeTemplate = null;
-        finalTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, DEFAULT);
-        controlNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, CONTROL);
-        workerNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, WORKER);
-        etcdNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, ETCD);
-
-        final ServiceOffering defaultServiceOffering = serviceOfferingDao.findById(defaultServiceOfferingId);
-        Pair<Long, Long> capacityPair = calculateClusterCapacity(serviceOfferingNodeTypeMap, nodeTypeCount, defaultServiceOfferingId);
-        final long cores = capacityPair.first();
-        final long memory = capacityPair.second();
-
         final SecurityGroup finalSecurityGroup = securityGroup;
-        VMTemplateVO finalDefaultTemplate = finalTemplate;
-        VMTemplateVO finalControlNodeTemplate = controlNodeTemplate;
-        VMTemplateVO finalEtcdNodeTemplate = etcdNodeTemplate;
-        VMTemplateVO finalWorkerNodeTemplate = workerNodeTemplate;
         final KubernetesClusterVO cluster = Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
             @Override
             public KubernetesClusterVO doInTransaction(TransactionStatus status) {
+                final ServiceOffering defaultServiceOffering = serviceOfferingDao.findById(defaultServiceOfferingId);
+                Pair<Long, Long> capacityPair = calculateClusterCapacity(serviceOfferingNodeTypeMap, nodeTypeCount, defaultServiceOfferingId);
+                final long cores = capacityPair.first();
+                final long memory = capacityPair.second();
+
                 KubernetesClusterVO newCluster = new KubernetesClusterVO(cmd.getName(), cmd.getDisplayName(), zone.getId(), clusterKubernetesVersion.getId(),
-                        defaultServiceOffering.getId(), Objects.nonNull(finalDefaultTemplate) ? finalDefaultTemplate.getId() : null,
+                        defaultServiceOffering.getId(), Objects.nonNull(finalTemplate) ? finalTemplate.getId() : null,
                         defaultNetwork.getId(), owner.getDomainId(), owner.getAccountId(), controlNodeCount, clusterSize,
                         KubernetesCluster.State.Created, cmd.getSSHKeyPairName(), cores, memory,
                         cmd.getNodeRootDiskSize(), "", KubernetesCluster.ClusterType.CloudManaged);
@@ -1471,24 +1462,23 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                     newCluster.setControlServiceOfferingId(serviceOfferingNodeTypeMap.get(CONTROL.name()));
                 }
                 if (etcdNodes > 0) {
-                    newCluster.setEtcdTemplateId(finalEtcdNodeTemplate.getId());
+                    newCluster.setEtcdTemplateId(etcdNodeTemplate.getId());
                     newCluster.setEtcdNodeCount(etcdNodes);
                     if (serviceOfferingNodeTypeMap.containsKey(ETCD.name())) {
                         newCluster.setEtcdServiceOfferingId(serviceOfferingNodeTypeMap.get(ETCD.name()));
                     }
                 }
-                newCluster.setWorkerTemplateId(finalWorkerNodeTemplate.getId());
-                newCluster.setControlTemplateId(finalControlNodeTemplate.getId());
+                newCluster.setWorkerTemplateId(workerNodeTemplate.getId());
+                newCluster.setControlTemplateId(controlNodeTemplate.getId());
                 if (zone.isSecurityGroupEnabled()) {
                     newCluster.setSecurityGroupId(finalSecurityGroup.getId());
                 }
                 kubernetesClusterDao.persist(newCluster);
+                addKubernetesClusterDetails(newCluster, defaultNetwork, cmd);
                 return newCluster;
             }
         });
 
-        addKubernetesClusterDetails(cluster, defaultNetwork, cmd);
-
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Kubernetes cluster name: %s and ID: %s has been created", cluster.getName(), cluster.getUuid()));
         }

From 00a98ea944bf7be130b2beb7ae4407468fd1477f Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 28 May 2024 12:24:21 -0300
Subject: [PATCH 26/88] Externalize retries and inverval for NSX segment
 deletion

---
 .../com/cloud/network/nsx/NsxService.java     | 10 ++++++++
 .../cloudstack/service/NsxApiClient.java      | 23 +++++++++++--------
 .../cloudstack/service/NsxServiceImpl.java    | 19 +++++++++++----
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/nsx/NsxService.java b/api/src/main/java/com/cloud/network/nsx/NsxService.java
index 79ad9547c736..bc4e6aafbfec 100644
--- a/api/src/main/java/com/cloud/network/nsx/NsxService.java
+++ b/api/src/main/java/com/cloud/network/nsx/NsxService.java
@@ -18,9 +18,19 @@
 
 import com.cloud.network.IpAddress;
 import com.cloud.network.vpc.Vpc;
+import org.apache.cloudstack.framework.config.ConfigKey;
 
 public interface NsxService {
 
+    ConfigKey<Integer> NSX_API_FAILURE_RETRIES = new ConfigKey<>("Advanced", Integer.class,
+            "nsx.api.failure.retries", "30",
+            "Number of retries for NSX API operations in case of failures",
+            true, ConfigKey.Scope.Zone);
+    ConfigKey<Integer> NSX_API_FAILURE_INTERVAL = new ConfigKey<>("Advanced", Integer.class,
+            "nsx.api.failure.interval", "60",
+            "Waiting time (in seconds) before retrying an NSX API operation in case of failure",
+            true, ConfigKey.Scope.Zone);
+
     boolean createVpcNetwork(Long zoneId, long accountId, long domainId, Long vpcId, String vpcName, boolean sourceNatEnabled);
     boolean updateVpcSourceNatIp(Vpc vpc, IpAddress address);
 }
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
index a24d881a706f..2d5bb9fa9f5d 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
@@ -17,6 +17,7 @@
 package org.apache.cloudstack.service;
 
 import com.cloud.network.Network;
+import com.cloud.network.nsx.NsxService;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.vmware.nsx.model.TransportZone;
 import com.vmware.nsx.model.TransportZoneListResult;
@@ -435,7 +436,7 @@ public void deleteSegment(long zoneId, long domainId, long accountId, Long vpcId
                 String t1GatewayName = getTier1GatewayName(domainId, accountId, zoneId, networkId, false);
                 deleteLoadBalancer(getLoadBalancerName(t1GatewayName));
             }
-            removeSegment(segmentName);
+            removeSegment(segmentName, zoneId);
             DhcpRelayConfigs dhcpRelayConfig = (DhcpRelayConfigs) nsxService.apply(DhcpRelayConfigs.class);
             String dhcpRelayConfigId = NsxControllerUtils.getNsxDhcpRelayConfigId(zoneId, domainId, accountId, vpcId, networkId);
             logger.debug(String.format("Removing the DHCP relay config with ID %s", dhcpRelayConfigId));
@@ -448,7 +449,7 @@ public void deleteSegment(long zoneId, long domainId, long accountId, Long vpcId
         }
     }
 
-    protected void removeSegment(String segmentName) {
+    protected void removeSegment(String segmentName, long zoneId) {
         logger.debug(String.format("Removing the segment with ID %s", segmentName));
         Segments segmentService = (Segments) nsxService.apply(Segments.class);
         String errMsg = String.format("The segment with ID %s is not found, skipping removal", segmentName);
@@ -467,15 +468,16 @@ protected void removeSegment(String segmentName) {
         SegmentPorts segmentPortsService = (SegmentPorts) nsxService.apply(SegmentPorts.class);
         PolicyGroupMembersListResult segmentPortsList = getSegmentPortList(segmentPortsService, segmentName, enforcementPointPath);
         Long portCount = segmentPortsList.getResultCount();
-        portCount = retrySegmentDeletion(segmentPortsService, portCount, segmentName, enforcementPointPath);
-        logger.info("Port count: " + portCount);
+        if (portCount > 0L) {
+            portCount = retrySegmentDeletion(segmentPortsService, segmentName, enforcementPointPath, zoneId);
+        }
         if (portCount == 0L) {
             logger.debug(String.format("Removing the segment with ID %s", segmentName));
             removeGroupForSegment(segmentName);
             segmentService.delete(segmentName);
         } else {
             String msg = String.format("Cannot remove the NSX segment %s because there are still %s port group(s) attached to it", segmentName, portCount);
-            logger.debug(msg);
+            logger.error(msg);
             throw new CloudRuntimeException(msg);
         }
     }
@@ -485,13 +487,16 @@ private PolicyGroupMembersListResult getSegmentPortList(SegmentPorts segmentPort
                 false, null, 50L, false, null);
     }
 
-    private Long retrySegmentDeletion(SegmentPorts segmentPortsService, Long portCount, String segmentName, String enforcementPointPath) {
-        int retries = 20;
+    private Long retrySegmentDeletion(SegmentPorts segmentPortsService, String segmentName, String enforcementPointPath, long zoneId) {
+        int retries = NsxService.NSX_API_FAILURE_RETRIES.valueIn(zoneId);
+        int waitingSecs = NsxService.NSX_API_FAILURE_INTERVAL.valueIn(zoneId);
         int count = 1;
+        Long portCount;
         do {
             try {
-                logger.info("Waiting for all port groups to be unlinked from the segment - Attempt: " + count++ + " Waiting for 5 secs");
-                Thread.sleep(5000);
+                logger.info(String.format("Waiting for all port groups to be unlinked from the segment %s - " +
+                        "Attempt: %s. Waiting for %s secs", segmentName, count++, waitingSecs));
+                Thread.sleep(waitingSecs * 1000L);
                 portCount = getSegmentPortList(segmentPortsService, segmentName, enforcementPointPath).getResultCount();
                 retries--;
             } catch (InterruptedException e) {
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
index f8880826a3f8..33c75845fb19 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
@@ -19,7 +19,6 @@
 import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.nsx.NsxService;
-import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcVO;
@@ -37,6 +36,8 @@
 import org.apache.cloudstack.agent.api.DeleteNsxSegmentCommand;
 import org.apache.cloudstack.agent.api.DeleteNsxNatRuleCommand;
 import org.apache.cloudstack.agent.api.DeleteNsxTier1GatewayCommand;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.cloudstack.resource.NsxNetworkRule;
 import org.apache.cloudstack.utils.NsxControllerUtils;
 import org.apache.cloudstack.utils.NsxHelper;
@@ -47,13 +48,11 @@
 import java.util.List;
 import java.util.Objects;
 
-public class NsxServiceImpl implements NsxService {
+public class NsxServiceImpl implements NsxService, Configurable {
     @Inject
     NsxControllerUtils nsxControllerUtils;
     @Inject
     VpcDao vpcDao;
-    @Inject
-    NetworkDao networkDao;
 
     protected Logger logger = LogManager.getLogger(getClass());
 
@@ -190,4 +189,16 @@ public boolean deleteFirewallRules(Network network, List<NsxNetworkRule> netRule
         NsxAnswer result = nsxControllerUtils.sendNsxCommand(command, network.getDataCenterId());
         return result.getResult();
     }
+
+    @Override
+    public String getConfigComponentName() {
+        return NsxApiClient.class.getSimpleName();
+    }
+
+    @Override
+    public ConfigKey<?>[] getConfigKeys() {
+        return new ConfigKey<?>[] {
+            NSX_API_FAILURE_RETRIES, NSX_API_FAILURE_INTERVAL
+        };
+    }
 }

From 7483da21f291a24ca8184c8fb4b83a6f66754009 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 28 May 2024 11:30:56 -0400
Subject: [PATCH 27/88] Fix CKS scaling when external node(s) present in the
 cluster

---
 .../actionworkers/KubernetesClusterScaleWorker.java    | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index c8e133283339..b63d5f00952c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -527,10 +527,12 @@ public boolean scaleCluster() throws CloudRuntimeException {
         ServiceOffering defaultServiceOffering = serviceOfferingNodeTypeMap.getOrDefault(DEFAULT.name(), null);
 
         for (KubernetesClusterNodeType nodeType : Arrays.asList(CONTROL, ETCD, WORKER)) {
-            if (!hasDefaultOffering && !serviceOfferingNodeTypeMap.containsKey(nodeType.name())) {
+            boolean isWorkerNodeOrAllNodes = WORKER == nodeType;
+            final long newVMRequired = (!isWorkerNodeOrAllNodes || clusterSize == null) ? 0 : clusterSize - originalClusterSize;
+            if (!hasDefaultOffering && !serviceOfferingNodeTypeMap.containsKey(nodeType.name()) && newVMRequired == 0) {
                 continue;
             }
-            boolean isWorkerNodeOrAllNodes = WORKER == nodeType;
+
             boolean serviceOfferingScalingNeeded = isServiceOfferingScalingNeededForNodeType(nodeType, serviceOfferingNodeTypeMap, kubernetesCluster, existingDefaultOfferingId);
             ServiceOffering serviceOffering = serviceOfferingNodeTypeMap.getOrDefault(nodeType.name(), defaultServiceOffering);
             boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name());
@@ -544,7 +546,6 @@ public boolean scaleCluster() throws CloudRuntimeException {
                 return autoScaled;
             }
             final boolean clusterSizeScalingNeeded = isWorkerNodeOrAllNodes && clusterSize != null && clusterSize != originalClusterSize;
-            final long newVMRequired = (!isWorkerNodeOrAllNodes || clusterSize == null) ? 0 : clusterSize - originalClusterSize;
             if (serviceOfferingScalingNeeded && clusterSizeScalingNeeded) {
                 if (newVMRequired > 0) {
                     scaleKubernetesClusterOffering(nodeType, serviceOffering, updateNodeOffering, updateClusterOffering);
@@ -578,9 +579,6 @@ protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNod
             logAndThrow(Level.ERROR, String.format("Cannot find the global service offering with ID %s set on the Kubernetes cluster %s", existingOfferingId, kubernetesCluster.getName()));
         }
         ServiceOffering newOffering = map.containsKey(DEFAULT.name()) ? map.get(DEFAULT.name()) : map.get(nodeType.name());
-        if (newOffering == null) {
-            logAndThrow(Level.ERROR, String.format("Cannot find the requested service offering with ID %s", newOffering));
-        }
         return newOffering != null && newOffering.getId() != existingOffering.getId();
     }
 

From 5a11451ce375a69da2df6d9d70452b76faac84d8 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 28 May 2024 11:50:17 -0400
Subject: [PATCH 28/88] CKS: Fix port numbers displayed against ETCD nodes

---
 ui/src/views/compute/KubernetesServiceTab.vue | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index 15bcb8ba2ccb..8e6954c89c9c 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -115,7 +115,7 @@
             </template>
             <template v-if="column.key === 'port'" :name="text" :record="record">
               <span v-if="record.isexternalnode || (!record.isexternalnode && !record.isetcdnode)"> {{ cksSshStartingPort + index }} </span>
-              <span v-else> {{ etcdSshPort }} </span>
+              <span v-else> {{ parseInt(etcdSshPort) + parseInt(getEtcdIndex(record.name)) }} </span>
             </template>
             <template v-if="column.key === 'actions'">
               <a-tooltip placement="bottom" >
@@ -490,6 +490,14 @@ export default {
       }).finally(() => {
         this.parentFetchData()
       })
+    },
+    getEtcdIndex (name) {
+      const lastIndex = name.lastIndexOf('-')
+      if (lastIndex > 0) {
+        return name.charAt(lastIndex - 1)
+      } else {
+        return null
+      }
     }
   }
 }

From 97aa35a7053d12bfd43b02cfa22d4fbb7287e50e Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 28 May 2024 11:50:50 -0400
Subject: [PATCH 29/88] Add node version details to every node of k8s cluster -
 as we now support manual upgrade

* Add node version details to every node of k8s cluster - as we now support manual upgrade

* update column name

* CKS: Exclude etcd nodes when calculating port numbers

* update param name

* update param
---
 .../org/apache/cloudstack/api/ApiConstants.java   |  1 +
 .../api/response/KubernetesUserVmResponse.java    |  7 +++++++
 .../resources/META-INF/db/schema-41810to41900.sql |  1 +
 .../cluster/KubernetesClusterManagerImpl.java     |  1 +
 .../cluster/KubernetesClusterVmMapVO.java         | 11 +++++++++++
 .../KubernetesClusterActionWorker.java            |  2 ++
 .../KubernetesClusterUpgradeWorker.java           |  2 +-
 .../cluster/utils/KubernetesClusterUtil.java      | 15 ++++++++++-----
 .../cluster/utils/KubernetesClusterUtilTest.java  |  8 ++++----
 ui/public/locales/en.json                         |  1 +
 ui/src/views/compute/KubernetesServiceTab.vue     |  8 ++++++++
 11 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 4da80278f543..046121f4cb7a 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -322,6 +322,7 @@ public class ApiConstants {
     public static final String NIC_PACKED_VIRTQUEUES_ENABLED = "nicpackedvirtqueuesenabled";
     public static final String NEW_START_IP = "newstartip";
     public static final String NEW_END_IP = "newendip";
+    public static final String KUBERNETES_NODE_VERSION = "kubernetesnodeversion";
     public static final String NUM_RETRIES = "numretries";
     public static final String OFFER_HA = "offerha";
     public static final String OS_DISTRIBUTION = "osdistribution";
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
index a25d25d650f0..cef5cdae2f45 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/KubernetesUserVmResponse.java
@@ -34,6 +34,11 @@ public class KubernetesUserVmResponse extends UserVmResponse {
     @Param(description = "If the VM is an etcd node")
     private boolean isEtcdNode;
 
+    @SerializedName(ApiConstants.KUBERNETES_NODE_VERSION)
+    @Param(description = "Kubernetes version of the node")
+    private String nodeVersion;
+
+
     public void setExternalNode(boolean externalNode) {
         isExternalNode = externalNode;
     }
@@ -41,4 +46,6 @@ public void setExternalNode(boolean externalNode) {
     public void setEtcdNode(boolean etcdNode) {
         isEtcdNode = etcdNode;
     }
+
+    public void setNodeVersion(String nodeVersion) { this.nodeVersion = nodeVersion;}
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index 59e3d8c9e392..3fb0909831aa 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -338,6 +338,7 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_i
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
 
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index b301347e5496..7dffa72403e0 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -756,6 +756,7 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
                     }
                     kubernetesUserVmResponse.setExternalNode(vmMapVO.isExternalNode());
                     kubernetesUserVmResponse.setEtcdNode(vmMapVO.isEtcdNode());
+                    kubernetesUserVmResponse.setNodeVersion(vmMapVO.getNodeVersion());
                     vmResponses.add(kubernetesUserVmResponse);
                 }
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
index eace72540810..6c45c63e16d8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVmMapVO.java
@@ -51,6 +51,9 @@ public class KubernetesClusterVmMapVO implements KubernetesClusterVmMap {
     @Column(name = "manual_upgrade")
     boolean manualUpgrade;
 
+    @Column(name = "kubernetes_node_version")
+    String nodeVersion;
+
     public KubernetesClusterVmMapVO() {
     }
 
@@ -116,4 +119,12 @@ public boolean isManualUpgrade() {
     public void setManualUpgrade(boolean manualUpgrade) {
         this.manualUpgrade = manualUpgrade;
     }
+
+    public String getNodeVersion() {
+        return nodeVersion;
+    }
+
+    public void setNodeVersion(String nodeVersion) {
+        this.nodeVersion = nodeVersion;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index b02504560eae..961ae1050ce6 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -363,6 +363,7 @@ protected File getManagementServerSshPublicKeyFile() {
     protected KubernetesClusterVmMapVO addKubernetesClusterVm(final long kubernetesClusterId, final long vmId,
                                                               boolean isControlNode, boolean isExternalNode,
                                                               boolean isEtcdNode,  boolean markForManualUpgrade) {
+        KubernetesSupportedVersion kubernetesVersion = kubernetesSupportedVersionDao.findById(kubernetesCluster.getKubernetesVersionId());
         return Transaction.execute(new TransactionCallback<KubernetesClusterVmMapVO>() {
             @Override
             public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
@@ -370,6 +371,7 @@ public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
                 newClusterVmMap.setExternalNode(isExternalNode);
                 newClusterVmMap.setManualUpgrade(markForManualUpgrade);
                 newClusterVmMap.setEtcdNode(isEtcdNode);
+                newClusterVmMap.setNodeVersion(kubernetesVersion.getSemanticVersion());
                 kubernetesClusterVmMapDao.persist(newClusterVmMap);
                 return newClusterVmMap;
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
index f80a5f0a16d6..d8ef426d3f04 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
@@ -147,7 +147,7 @@ private void upgradeKubernetesClusterNodes() {
                     logTransitStateDetachIsoAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster : %s, unable to get control Kubernetes node on VM : %s in ready state", kubernetesCluster.getName(), vm.getDisplayName()), kubernetesCluster, clusterVMs, KubernetesCluster.Event.OperationFailed, null);
                 }
             }
-            if (!KubernetesClusterUtil.clusterNodeVersionMatches(upgradeVersion.getSemanticVersion(), publicIpAddress, sshPort, getControlNodeLoginUser(), getManagementServerSshPublicKeyFile(), hostName, upgradeTimeoutTime, 15000)) {
+            if (!KubernetesClusterUtil.clusterNodeVersionMatches(upgradeVersion.getSemanticVersion(), publicIpAddress, sshPort, getControlNodeLoginUser(), getManagementServerSshPublicKeyFile(), hostName, upgradeTimeoutTime, 15000, vm.getId(), kubernetesClusterVmMapDao)) {
                 logTransitStateDetachIsoAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster : %s, unable to get Kubernetes node on VM : %s upgraded to version %s", kubernetesCluster.getName(), vm.getDisplayName(), upgradeVersion.getSemanticVersion()), kubernetesCluster, clusterVMs, KubernetesCluster.Event.OperationFailed, null);
             }
             if (logger.isInfoEnabled()) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
index 3ed8b3eb68aa..4b4e3f40b5ad 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
@@ -31,6 +31,8 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 
+import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
 import org.apache.cloudstack.utils.security.SSLUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
@@ -333,7 +335,7 @@ public static boolean clusterNodeVersionMatches(final String version,
                                                     final String ipAddress, final int port,
                                                     final String user, final File sshKeyFile,
                                                     final String hostName,
-                                                    final long timeoutTime, final long waitDuration) {
+                                                    final long timeoutTime, final long waitDuration, final long vmId, KubernetesClusterVmMapDao vmMapDao) {
         int retry = 10;
         while (System.currentTimeMillis() < timeoutTime && retry-- > 0) {
             if (LOGGER.isDebugEnabled()) {
@@ -345,7 +347,10 @@ public static boolean clusterNodeVersionMatches(final String version,
                         user, sshKeyFile, null,
                         String.format(CLUSTER_NODE_VERSION_COMMAND, hostName.toLowerCase()),
                         10000, 10000, 20000);
-                if (clusterNodeVersionMatches(result, version)) {
+                Pair<Boolean, String> clusterVersionMatchesAndValue = clusterNodeVersionMatches(result, version);
+                if (Boolean.TRUE.equals(clusterVersionMatchesAndValue.first())) {
+                    KubernetesClusterVmMapVO vmMapVO = vmMapDao.findById(vmId);
+                    vmMapVO.setNodeVersion(clusterVersionMatchesAndValue.second());
                     return true;
                 }
             } catch (Exception e) {
@@ -362,11 +367,11 @@ public static boolean clusterNodeVersionMatches(final String version,
         return false;
     }
 
-    protected static boolean clusterNodeVersionMatches(final Pair<Boolean, String> result, final String version) {
+    protected static Pair<Boolean, String> clusterNodeVersionMatches(final Pair<Boolean, String> result, final String version) {
         if (result == null || Boolean.FALSE.equals(result.first()) || StringUtils.isBlank(result.second())) {
-            return false;
+            return new Pair<>(false, null);
         }
         String response = result.second();
-        return response.contains(String.format("v%s", version));
+        return new Pair<>(response.contains(String.format("v%s", version)), response);
     }
 }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtilTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtilTest.java
index 31363dbd1a1d..329f9b0e42ad 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtilTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtilTest.java
@@ -27,14 +27,14 @@ public class KubernetesClusterUtilTest {
 
     private void executeThrowAndTestVersionMatch() {
         Pair<Boolean, String> resultPair = null;
-        boolean result = KubernetesClusterUtil.clusterNodeVersionMatches(resultPair, "1.24.0");
-        Assert.assertFalse(result);
+        Pair<Boolean, String> result = KubernetesClusterUtil.clusterNodeVersionMatches(resultPair, "1.24.0");
+        Assert.assertFalse(result.first());
     }
 
     private void executeAndTestVersionMatch(boolean status, String response, boolean expectedResult) {
         Pair<Boolean, String> resultPair = new Pair<>(status, response);
-        boolean result = KubernetesClusterUtil.clusterNodeVersionMatches(resultPair, "1.24.0");
-        Assert.assertEquals(expectedResult, result);
+        Pair<Boolean, String> result = KubernetesClusterUtil.clusterNodeVersionMatches(resultPair, "1.24.0");
+        Assert.assertEquals(expectedResult, result.first());
     }
 
     @Test
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 65b44209b382..76ca32b69993 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1458,6 +1458,7 @@
 "label.no.items": "No available Items",
 "label.no.matching.offering": "No matching offering found",
 "label.no.matching.network": "No matching Networks found",
+"label.node.version": "Node version",
 "label.noderootdisksize": "Node root disk size (in GB)",
 "label.nodiskcache": "No disk cache",
 "label.none": "None",
diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index 8e6954c89c9c..25e8699c570f 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -117,6 +117,9 @@
               <span v-if="record.isexternalnode || (!record.isexternalnode && !record.isetcdnode)"> {{ cksSshStartingPort + index }} </span>
               <span v-else> {{ parseInt(etcdSshPort) + parseInt(getEtcdIndex(record.name)) }} </span>
             </template>
+            <template v-if="column.key === 'kubernetesnodeversion'">
+              <span> {{ text ? text : '' }} </span>
+            </template>
             <template v-if="column.key === 'actions'">
               <a-tooltip placement="bottom" >
                 <template #title>
@@ -239,6 +242,11 @@ export default {
         title: this.$t('label.ssh.port'),
         dataIndex: 'port'
       },
+      {
+        key: 'kubernetesnodeversion',
+        title: this.$t('label.node.version'),
+        dataIndex: 'kubernetesnodeversion'
+      },
       {
         title: this.$t('label.zonename'),
         dataIndex: 'zonename'

From 7cf7f1f1b85ccfedfb99db5a8f99716b2923f08a Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 28 May 2024 12:51:31 -0300
Subject: [PATCH 30/88] UI: Fix CKS cluster creation templates listing for non
 admins

---
 ui/src/views/compute/CreateKubernetesCluster.vue | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 5970906d2ed2..33b459d61ad3 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -565,9 +565,12 @@ export default {
         }
       })
     },
+    isAdminOrDomainAdmin () {
+      return ['Admin', 'DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+    },
     fetchCksTemplates () {
       const params = {
-        templatefilter: 'all',
+        templatefilter: this.isAdminOrDomainAdmin() ? 'all' : 'self',
         forcks: true
       }
       this.templateLoading = true

From 2eae6a92c83fd6c1ab1310c705b003c9429601cf Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 29 May 2024 19:42:27 +0100
Subject: [PATCH 31/88] CKS: Prevent etcd node start port number to coincide
 with k8s cluster start port numbers

---
 .../configuration/ConfigurationManagerImpl.java     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index a5f119000809..21e0620cb0ff 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -308,6 +308,7 @@
 public class ConfigurationManagerImpl extends ManagerBase implements ConfigurationManager, ConfigurationService, Configurable {
     public static final String PERACCOUNT = "peraccount";
     public static final String PERZONE = "perzone";
+    public static final String CLUSTER_NODES_DEFAULT_START_SSH_PORT = "2222";
 
     @Inject
     EntityManager _entityMgr;
@@ -644,6 +645,17 @@ protected void validateIpAddressRelatedConfigValues(final String configName, fin
         }
     }
 
+    protected void validateConflictingConfigValue(final String configName, final String value) {
+        if (configName.equals("cloud.kubernetes.etcd.node.start.port")) {
+            if (value.equals(CLUSTER_NODES_DEFAULT_START_SSH_PORT)) {
+                String errorMessage = "This range is reserved for Kubernetes cluster nodes." +
+                        "Please choose a value in a higher range would does not conflict with a kubernetes cluster deployed";
+                logger.error(errorMessage);
+                throw new InvalidParameterValueException(errorMessage);
+            }
+        }
+    }
+
     @Override
     public boolean start() {
 
@@ -945,6 +957,7 @@ public Configuration updateConfiguration(final UpdateCfgCmd cmd) throws InvalidP
         }
 
         validateIpAddressRelatedConfigValues(name, value);
+        validateConflictingConfigValue(name, value);
 
         if (value == null) {
             return _configDao.findByName(name);

From 1d6d5d2fa981b5b3842a23cd2f9e5773a72c1485 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 29 May 2024 22:08:19 +0100
Subject: [PATCH 32/88] CKS: Set default kubernetes cluster node version to the
 kubernetes cluster version on upgrade

* CKS: Set default kubernetes cluster node version to the kubernetes cluster version on upgrade

* consolidate query

* Fix upgrade logic

---------

Co-authored-by: nvazquez <nicovazquez90@gmail.com>
---
 .../upgrade/dao/Upgrade41810to41900.java      | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
index e2b1ae1399b6..46e33f2ce30b 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
@@ -27,7 +27,9 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -76,6 +78,7 @@ public void performDataMigration(Connection conn) {
         migrateBackupDates(conn);
         addIndexes(conn);
         addRemoverAccountIdForeignKeyToQuarantinedIps(conn);
+        updateKubernetesClusterNodeVersions(conn);
     }
 
     @Override
@@ -264,4 +267,93 @@ private void addIndexes(Connection conn) {
     private void addRemoverAccountIdForeignKeyToQuarantinedIps(Connection conn) {
         DbUpgradeUtils.addForeignKey(conn, "quarantined_ips", "remover_account_id", "account", "id");
     }
+
+    private Map<Long, String> getKubernetesClusterIdsAndVersion(Connection conn) {
+        String listKubernetesClusters = "SELECT c.id, v.semantic_version FROM `cloud`.`kubernetes_cluster` c JOIN `cloud`.`kubernetes_supported_version` v ON (c.kubernetes_version_id = v.id) WHERE c.removed is NULL;";
+        Map<Long, String> clusterAndVersion = new HashMap<>();
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(listKubernetesClusters);
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                clusterAndVersion.put(rs.getLong(1), rs.getString(2));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get all the kubernetes cluster ids due to: %s", e.getMessage());
+            LOG.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return clusterAndVersion;
+    }
+
+    private List<Long> getKubernetesClusterVmMapIds(Connection conn, Long cksClusterId) {
+        List<Long> kubernetesClusterVmIds = new ArrayList<>();
+        String getKubernetesClustersVmMap = "SELECT id FROM `cloud`.`kubernetes_cluster_vm_map` WHERE cluster_id = %s;";
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(String.format(getKubernetesClustersVmMap, cksClusterId));
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                kubernetesClusterVmIds.add(rs.getLong(1));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get the kubernetes cluster vm map IDs for kubernetes cluster with id: %s," +
+                    " due to: %s", cksClusterId, e.getMessage());
+            LOG.error(errMsg, e);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return kubernetesClusterVmIds;
+    }
+
+    private void updateKubernetesNodeVersion(Connection conn, List<Long> kubernetesClusterVmIds, Long cksClusterId, String cksVersion) {
+        String updateKubernetesNodeVersion = "UPDATE `cloud`.`kubernetes_cluster_vm_map` set kubernetes_node_version = ? WHERE id = ?;";
+        for (Long nodeVmId : kubernetesClusterVmIds) {
+            try {
+                PreparedStatement pstmt = conn.prepareStatement(updateKubernetesNodeVersion);
+                pstmt.setString(1, cksVersion);
+                pstmt.setLong(2, nodeVmId);
+                pstmt.executeUpdate();
+                pstmt.close();
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", cksClusterId, e.getMessage());
+                LOG.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
+
+    private void updateKubernetesNodeVersions(Connection conn, Map<Long, String> clusterAndVersion) {
+        List<Long> kubernetesClusterVmIds;
+        for (Map.Entry<Long, String> clusterVersionEntry : clusterAndVersion.entrySet()) {
+            try {
+                Long cksClusterId = clusterVersionEntry.getKey();
+                String cksVersion = clusterVersionEntry.getValue();
+                LOG.debug(String.format("Adding CKS version %s to existing CKS cluster %s nodes", cksVersion, cksClusterId));
+                kubernetesClusterVmIds = getKubernetesClusterVmMapIds(conn, cksClusterId);
+                updateKubernetesNodeVersion(conn, kubernetesClusterVmIds, cksClusterId, cksVersion);
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", clusterVersionEntry.getKey(), e.getMessage());
+                LOG.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
+
+    private void updateKubernetesClusterNodeVersions(Connection conn) {
+        //get list of all non removed kubernetes clusters
+        try {
+            Map<Long, String> clusterAndVersion = getKubernetesClusterIdsAndVersion(conn);
+            updateKubernetesNodeVersions(conn, clusterAndVersion);
+        } catch (Exception e) {
+            String errMsg = "Failed to update kubernetes cluster nodes version";
+            LOG.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+    }
 }

From a50108294f24cab29b7ba2a4a3e9df8621df016a Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Wed, 29 May 2024 18:09:01 -0300
Subject: [PATCH 33/88] Fix CKS cluster version upgrade

---
 .../actionworkers/KubernetesClusterActionWorker.java       | 4 +++-
 .../kubernetes/cluster/utils/KubernetesClusterUtil.java    | 7 +++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 961ae1050ce6..2881d0d9e416 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -371,7 +371,9 @@ public KubernetesClusterVmMapVO doInTransaction(TransactionStatus status) {
                 newClusterVmMap.setExternalNode(isExternalNode);
                 newClusterVmMap.setManualUpgrade(markForManualUpgrade);
                 newClusterVmMap.setEtcdNode(isEtcdNode);
-                newClusterVmMap.setNodeVersion(kubernetesVersion.getSemanticVersion());
+                if (!isEtcdNode) {
+                    newClusterVmMap.setNodeVersion(kubernetesVersion.getSemanticVersion());
+                }
                 kubernetesClusterVmMapDao.persist(newClusterVmMap);
                 return newClusterVmMap;
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
index 4b4e3f40b5ad..cdcb2ce1e770 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
@@ -349,8 +349,11 @@ public static boolean clusterNodeVersionMatches(final String version,
                         10000, 10000, 20000);
                 Pair<Boolean, String> clusterVersionMatchesAndValue = clusterNodeVersionMatches(result, version);
                 if (Boolean.TRUE.equals(clusterVersionMatchesAndValue.first())) {
-                    KubernetesClusterVmMapVO vmMapVO = vmMapDao.findById(vmId);
-                    vmMapVO.setNodeVersion(clusterVersionMatchesAndValue.second());
+                    KubernetesClusterVmMapVO vmMapVO = vmMapDao.getClusterMapFromVmId(vmId);
+                    String newNodeVersion = clusterVersionMatchesAndValue.second();
+                    LOGGER.debug(String.format("Updating node %s Kubernetes version to %s", hostName, newNodeVersion));
+                    vmMapVO.setNodeVersion(newNodeVersion);
+                    vmMapDao.update(vmMapVO.getId(), vmMapVO);
                     return true;
                 }
             } catch (Exception e) {

From 006c5cb0264e35ab2728a265d73038dced2587af Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 30 May 2024 17:01:01 +0100
Subject: [PATCH 34/88] CKS: Fix etcd port numbers being skipped

---
 .../cluster/actionworkers/KubernetesClusterStartWorker.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 1553c554d14b..361612add3e8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -604,14 +604,14 @@ protected void setupKubernetesEtcdNetworkRules(List<UserVm> etcdVms, Network net
         Integer startPort = KubernetesClusterService.KubernetesEtcdNodeStartPort.value();
         IpAddress publicIp = ipAddressDao.findByIpAndDcId(kubernetesCluster.getZoneId(), publicIpAddress);
         for (int i = 0; i < etcdVmIds.size(); i++) {
-            startPort += i;
+            int etcdStartPort = startPort + i;
             try {
-                provisionFirewallRules(publicIp, owner, startPort, startPort);
+                provisionFirewallRules(publicIp, owner, etcdStartPort, etcdStartPort);
             } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException |
                      NetworkRuleConflictException e) {
                 throw new ManagementServerException(String.format("Failed to provision firewall rules for etcd nodes for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
             }
-            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), startPort, DEFAULT_SSH_PORT);
+            provisionPublicIpPortForwardingRule(publicIp, network, owner, etcdVmIds.get(i), etcdStartPort, DEFAULT_SSH_PORT);
         }
     }
 

From 8ca90135d69235f615c3277f4f15a38e7b3e1901 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Fri, 31 May 2024 11:43:04 -0300
Subject: [PATCH 35/88] Fix CKS cluster with etcd nodes on VPC

---
 .../KubernetesClusterStartWorker.java           | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 361612add3e8..98aa8ae349a1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -31,7 +31,10 @@
 import java.util.Objects;
 import java.util.stream.Collectors;
 
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.network.vpc.NetworkACL;
 import com.cloud.storage.VMTemplateVO;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.InternalIdentity;
@@ -606,7 +609,19 @@ protected void setupKubernetesEtcdNetworkRules(List<UserVm> etcdVms, Network net
         for (int i = 0; i < etcdVmIds.size(); i++) {
             int etcdStartPort = startPort + i;
             try {
-                provisionFirewallRules(publicIp, owner, etcdStartPort, etcdStartPort);
+                if (Objects.isNull(network.getVpcId())) {
+                    provisionFirewallRules(publicIp, owner, etcdStartPort, etcdStartPort);
+                } else if (network.getNetworkACLId() != NetworkACL.DEFAULT_ALLOW) {
+                    try {
+                        provisionVpcTierAllowPortACLRule(network, ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_CLIENT_REQUEST_PORT);
+                        if (LOGGER.isInfoEnabled()) {
+                            LOGGER.info(String.format("Provisioned ACL rule to open up port %d on %s for etcd nodes for Kubernetes cluster %s",
+                                    ETCD_NODE_CLIENT_REQUEST_PORT, publicIpAddress, kubernetesCluster.getName()));
+                        }
+                    } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | InvalidParameterValueException | PermissionDeniedException e) {
+                        throw new ManagementServerException(String.format("Failed to provision ACL rules for etcd client access for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
+                    }
+                }
             } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException |
                      NetworkRuleConflictException e) {
                 throw new ManagementServerException(String.format("Failed to provision firewall rules for etcd nodes for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);

From 27f7a16a84b9c73b6fdfd19c5cad42045d825b59 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 5 Jun 2024 12:11:01 -0300
Subject: [PATCH 36/88] Move schema and upgrade for 4.20

---
 .../upgrade/dao/Upgrade41810to41900.java      | 92 ------------------
 .../upgrade/dao/Upgrade41900to42000.java      | 97 +++++++++++++++++++
 .../META-INF/db/schema-41810to41900.sql       | 23 -----
 .../META-INF/db/schema-41900to42000.sql       | 23 +++++
 4 files changed, 120 insertions(+), 115 deletions(-)

diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
index 46e33f2ce30b..e2b1ae1399b6 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41810to41900.java
@@ -27,9 +27,7 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -78,7 +76,6 @@ public void performDataMigration(Connection conn) {
         migrateBackupDates(conn);
         addIndexes(conn);
         addRemoverAccountIdForeignKeyToQuarantinedIps(conn);
-        updateKubernetesClusterNodeVersions(conn);
     }
 
     @Override
@@ -267,93 +264,4 @@ private void addIndexes(Connection conn) {
     private void addRemoverAccountIdForeignKeyToQuarantinedIps(Connection conn) {
         DbUpgradeUtils.addForeignKey(conn, "quarantined_ips", "remover_account_id", "account", "id");
     }
-
-    private Map<Long, String> getKubernetesClusterIdsAndVersion(Connection conn) {
-        String listKubernetesClusters = "SELECT c.id, v.semantic_version FROM `cloud`.`kubernetes_cluster` c JOIN `cloud`.`kubernetes_supported_version` v ON (c.kubernetes_version_id = v.id) WHERE c.removed is NULL;";
-        Map<Long, String> clusterAndVersion = new HashMap<>();
-        try {
-            PreparedStatement pstmt = conn.prepareStatement(listKubernetesClusters);
-            ResultSet rs = pstmt.executeQuery();
-            while (rs.next()) {
-                clusterAndVersion.put(rs.getLong(1), rs.getString(2));
-            }
-            rs.close();
-            pstmt.close();
-        } catch (SQLException e) {
-            String errMsg = String.format("Failed to get all the kubernetes cluster ids due to: %s", e.getMessage());
-            LOG.error(errMsg);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-        return clusterAndVersion;
-    }
-
-    private List<Long> getKubernetesClusterVmMapIds(Connection conn, Long cksClusterId) {
-        List<Long> kubernetesClusterVmIds = new ArrayList<>();
-        String getKubernetesClustersVmMap = "SELECT id FROM `cloud`.`kubernetes_cluster_vm_map` WHERE cluster_id = %s;";
-        try {
-            PreparedStatement pstmt = conn.prepareStatement(String.format(getKubernetesClustersVmMap, cksClusterId));
-            ResultSet rs = pstmt.executeQuery();
-            while (rs.next()) {
-                kubernetesClusterVmIds.add(rs.getLong(1));
-            }
-            rs.close();
-            pstmt.close();
-        } catch (SQLException e) {
-            String errMsg = String.format("Failed to get the kubernetes cluster vm map IDs for kubernetes cluster with id: %s," +
-                    " due to: %s", cksClusterId, e.getMessage());
-            LOG.error(errMsg, e);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-        return kubernetesClusterVmIds;
-    }
-
-    private void updateKubernetesNodeVersion(Connection conn, List<Long> kubernetesClusterVmIds, Long cksClusterId, String cksVersion) {
-        String updateKubernetesNodeVersion = "UPDATE `cloud`.`kubernetes_cluster_vm_map` set kubernetes_node_version = ? WHERE id = ?;";
-        for (Long nodeVmId : kubernetesClusterVmIds) {
-            try {
-                PreparedStatement pstmt = conn.prepareStatement(updateKubernetesNodeVersion);
-                pstmt.setString(1, cksVersion);
-                pstmt.setLong(2, nodeVmId);
-                pstmt.executeUpdate();
-                pstmt.close();
-            } catch (Exception e) {
-                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
-                        " kubernetes cluster with id: %s," +
-                        " due to: %s", cksClusterId, e.getMessage());
-                LOG.error(errMsg, e);
-                throw new CloudRuntimeException(errMsg, e);
-            }
-        }
-    }
-
-    private void updateKubernetesNodeVersions(Connection conn, Map<Long, String> clusterAndVersion) {
-        List<Long> kubernetesClusterVmIds;
-        for (Map.Entry<Long, String> clusterVersionEntry : clusterAndVersion.entrySet()) {
-            try {
-                Long cksClusterId = clusterVersionEntry.getKey();
-                String cksVersion = clusterVersionEntry.getValue();
-                LOG.debug(String.format("Adding CKS version %s to existing CKS cluster %s nodes", cksVersion, cksClusterId));
-                kubernetesClusterVmIds = getKubernetesClusterVmMapIds(conn, cksClusterId);
-                updateKubernetesNodeVersion(conn, kubernetesClusterVmIds, cksClusterId, cksVersion);
-            } catch (Exception e) {
-                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
-                        " kubernetes cluster with id: %s," +
-                        " due to: %s", clusterVersionEntry.getKey(), e.getMessage());
-                LOG.error(errMsg, e);
-                throw new CloudRuntimeException(errMsg, e);
-            }
-        }
-    }
-
-    private void updateKubernetesClusterNodeVersions(Connection conn) {
-        //get list of all non removed kubernetes clusters
-        try {
-            Map<Long, String> clusterAndVersion = getKubernetesClusterIdsAndVersion(conn);
-            updateKubernetesNodeVersions(conn, clusterAndVersion);
-        } catch (Exception e) {
-            String errMsg = "Failed to update kubernetes cluster nodes version";
-            LOG.error(errMsg);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-    }
 }
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41900to42000.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41900to42000.java
index 200c5fda2326..4b84c0c86efe 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41900to42000.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41900to42000.java
@@ -18,6 +18,13 @@
 
 import java.io.InputStream;
 import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 import com.cloud.upgrade.SystemVmTemplateRegistration;
 import com.cloud.utils.exception.CloudRuntimeException;
@@ -53,6 +60,7 @@ public InputStream[] getPrepareScripts() {
 
     @Override
     public void performDataMigration(Connection conn) {
+        updateKubernetesClusterNodeVersions(conn);
     }
 
     @Override
@@ -80,4 +88,93 @@ public void updateSystemVmTemplates(Connection conn) {
             throw new CloudRuntimeException("Failed to find / register SystemVM template(s)");
         }
     }
+
+    private Map<Long, String> getKubernetesClusterIdsAndVersion(Connection conn) {
+        String listKubernetesClusters = "SELECT c.id, v.semantic_version FROM `cloud`.`kubernetes_cluster` c JOIN `cloud`.`kubernetes_supported_version` v ON (c.kubernetes_version_id = v.id) WHERE c.removed is NULL;";
+        Map<Long, String> clusterAndVersion = new HashMap<>();
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(listKubernetesClusters);
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                clusterAndVersion.put(rs.getLong(1), rs.getString(2));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get all the kubernetes cluster ids due to: %s", e.getMessage());
+            logger.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return clusterAndVersion;
+    }
+
+    private List<Long> getKubernetesClusterVmMapIds(Connection conn, Long cksClusterId) {
+        List<Long> kubernetesClusterVmIds = new ArrayList<>();
+        String getKubernetesClustersVmMap = "SELECT id FROM `cloud`.`kubernetes_cluster_vm_map` WHERE cluster_id = %s;";
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(String.format(getKubernetesClustersVmMap, cksClusterId));
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                kubernetesClusterVmIds.add(rs.getLong(1));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get the kubernetes cluster vm map IDs for kubernetes cluster with id: %s," +
+                    " due to: %s", cksClusterId, e.getMessage());
+            logger.error(errMsg, e);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return kubernetesClusterVmIds;
+    }
+
+    private void updateKubernetesNodeVersion(Connection conn, List<Long> kubernetesClusterVmIds, Long cksClusterId, String cksVersion) {
+        String updateKubernetesNodeVersion = "UPDATE `cloud`.`kubernetes_cluster_vm_map` set kubernetes_node_version = ? WHERE id = ?;";
+        for (Long nodeVmId : kubernetesClusterVmIds) {
+            try {
+                PreparedStatement pstmt = conn.prepareStatement(updateKubernetesNodeVersion);
+                pstmt.setString(1, cksVersion);
+                pstmt.setLong(2, nodeVmId);
+                pstmt.executeUpdate();
+                pstmt.close();
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", cksClusterId, e.getMessage());
+                logger.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
+
+    private void updateKubernetesNodeVersions(Connection conn, Map<Long, String> clusterAndVersion) {
+        List<Long> kubernetesClusterVmIds;
+        for (Map.Entry<Long, String> clusterVersionEntry : clusterAndVersion.entrySet()) {
+            try {
+                Long cksClusterId = clusterVersionEntry.getKey();
+                String cksVersion = clusterVersionEntry.getValue();
+                logger.debug(String.format("Adding CKS version %s to existing CKS cluster %s nodes", cksVersion, cksClusterId));
+                kubernetesClusterVmIds = getKubernetesClusterVmMapIds(conn, cksClusterId);
+                updateKubernetesNodeVersion(conn, kubernetesClusterVmIds, cksClusterId, cksVersion);
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", clusterVersionEntry.getKey(), e.getMessage());
+                logger.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
+
+    private void updateKubernetesClusterNodeVersions(Connection conn) {
+        //get list of all non removed kubernetes clusters
+        try {
+            Map<Long, String> clusterAndVersion = getKubernetesClusterIdsAndVersion(conn);
+            updateKubernetesNodeVersions(conn, clusterAndVersion);
+        } catch (Exception e) {
+            String errMsg = "Failed to update kubernetes cluster nodes version";
+            logger.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+    }
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index 3fb0909831aa..a6f45c261ce2 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -323,26 +323,3 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.quarantined_ips', 'remover_account_i
 -- Explicitly add support for VMware 8.0b (8.0.0.2), 8.0c (8.0.0.3)
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities` (uuid, hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_data_volumes_limit, max_hosts_per_cluster, storage_motion_supported, vm_snapshot_enabled) values (UUID(), 'VMware', '8.0.0.2', 1024, 0, 59, 64, 1, 1);
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities` (uuid, hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_data_volumes_limit, max_hosts_per_cluster, storage_motion_supported, vm_snapshot_enabled) values (UUID(), 'VMware', '8.0.0.3', 1024, 0, 59, 64, 1, 1);
-
--- Add for_cks column to the vm_template table
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
-
--- Add support for different node types service offerings on CKS clusters
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
-
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41900to42000.sql b/engine/schema/src/main/resources/META-INF/db/schema-41900to42000.sql
index 1bb1905443a9..e80811303431 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41900to42000.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41900to42000.sql
@@ -79,3 +79,26 @@ CREATE TABLE IF NOT EXISTS `cloud_usage`.`quota_email_configuration`(
     PRIMARY KEY (`account_id`, `email_template_id`),
     CONSTRAINT `FK_quota_email_configuration_account_id` FOREIGN KEY (`account_id`) REFERENCES `cloud_usage`.`quota_account`(`account_id`),
     CONSTRAINT `FK_quota_email_configuration_email_template_id` FOREIGN KEY (`email_template_id`) REFERENCES `cloud_usage`.`quota_email_templates`(`id`));
+
+-- Add for_cks column to the vm_template table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
+
+-- Add support for different node types service offerings on CKS clusters
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
+
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;

From 54037571d8ae4db5a41d60bd1e88d0de540a2de6 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 5 Jun 2024 12:20:04 -0300
Subject: [PATCH 37/88] Fix logger

---
 .../cluster/actionworkers/KubernetesClusterAddWorker.java | 8 ++++----
 .../actionworkers/KubernetesClusterDestroyWorker.java     | 2 +-
 .../actionworkers/KubernetesClusterStartWorker.java       | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 13dc4d8ba38e..9e602383d0d2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -252,7 +252,7 @@ private Pair<Boolean, Integer> validateAndSetupNode(Network network, IpAddress p
         } catch (Exception e) {
             String errMsg = String.format("Unexpected exception while trying to add the external node %s to the Kubernetes cluster %s: %s",
                     nodeId, kubernetesCluster.getName(), e.getMessage());
-            LOGGER.error(errMsg, e);
+            logger.error(errMsg, e);
             revertNetworkRules(network, nodeId, sshStartPort);
             throw new CloudRuntimeException(e);
         }
@@ -309,15 +309,15 @@ private void cleanupCloudInitSemFolder(UserVm userVm, IpAddress publicIp, File p
     }
 
     private void revertNetworkRules(Network network, long vmId, int port) {
-        LOGGER.debug(String.format("Reverting network rules for VM ID %s on network %s", vmId, network.getName()));
+        logger.debug(String.format("Reverting network rules for VM ID %s on network %s", vmId, network.getName()));
         FirewallRuleVO ruleVO = firewallRulesDao.findByNetworkIdAndPorts(network.getId(), port, port);
         if (Objects.isNull(network.getVpcId())) {
-            LOGGER.debug(String.format("Removing firewall rule %s", ruleVO.getId()));
+            logger.debug(String.format("Removing firewall rule %s", ruleVO.getId()));
             firewallService.revokeIngressFirewallRule(ruleVO.getId(), true);
         }
         List<PortForwardingRuleVO> pfRules = portForwardingRulesDao.listByVm(vmId);
         for (PortForwardingRuleVO pfRule : pfRules) {
-            LOGGER.debug(String.format("Removing port forwarding rule %s", pfRule.getId()));
+            logger.debug(String.format("Removing port forwarding rule %s", pfRule.getId()));
             rulesService.revokePortForwardingRule(pfRule.getId(), true);
         }
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index 99d894b2e926..ab561329afb1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -249,7 +249,7 @@ public boolean destroy() throws CloudRuntimeException {
             List<KubernetesClusterVmMapVO> externalNodes = clusterVMs.stream().filter(KubernetesClusterVmMapVO::isExternalNode).collect(Collectors.toList());
             if (!externalNodes.isEmpty()) {
                 String errMsg = String.format("Failed to delete kubernetes cluster %s as there are %s external node(s) present. Please remove the external node(s) from the cluster (and network) or delete them before deleting the cluster.", kubernetesCluster.getName(), externalNodes.size());
-                LOGGER.error(errMsg);
+                logger.error(errMsg);
                 throw new CloudRuntimeException(errMsg);
             }
             if (network != null) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 98aa8ae349a1..33e324d6bb5d 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -614,8 +614,8 @@ protected void setupKubernetesEtcdNetworkRules(List<UserVm> etcdVms, Network net
                 } else if (network.getNetworkACLId() != NetworkACL.DEFAULT_ALLOW) {
                     try {
                         provisionVpcTierAllowPortACLRule(network, ETCD_NODE_CLIENT_REQUEST_PORT, ETCD_NODE_CLIENT_REQUEST_PORT);
-                        if (LOGGER.isInfoEnabled()) {
-                            LOGGER.info(String.format("Provisioned ACL rule to open up port %d on %s for etcd nodes for Kubernetes cluster %s",
+                        if (logger.isInfoEnabled()) {
+                            logger.info(String.format("Provisioned ACL rule to open up port %d on %s for etcd nodes for Kubernetes cluster %s",
                                     ETCD_NODE_CLIENT_REQUEST_PORT, publicIpAddress, kubernetesCluster.getName()));
                         }
                     } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException | InvalidParameterValueException | PermissionDeniedException e) {

From f8fd8e03776a72a2bc21ba67c5537023273c17f4 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Thu, 3 Oct 2024 11:42:01 -0300
Subject: [PATCH 38/88] Fix after rebasing

---
 ui/src/components/view/InfoCard.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ui/src/components/view/InfoCard.vue b/ui/src/components/view/InfoCard.vue
index 1c540d60c1d5..b7bbc896c073 100644
--- a/ui/src/components/view/InfoCard.vue
+++ b/ui/src/components/view/InfoCard.vue
@@ -544,7 +544,6 @@
             <span v-else>{{ resource.serviceofferingname || resource.serviceofferingid }}</span>
           </div>
         </div>
-<<<<<<< HEAD
         <div class="resource-detail-item" v-if="resource.controlofferingname && resource.controlofferingid">
           <div class="resource-detail-item__label">{{ $t('label.service.offering.controlnodes') }}</div>
           <div class="resource-detail-item__details">

From 2a1de76517d33b3d5d01eb51365d794733a90aad Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 25 Jun 2024 20:53:33 -0400
Subject: [PATCH 39/88] Add support for using different CNI plugins with CKS

* Add support for using different CNI plugins with CKS

* remove unused import

* Add UI support and list cni config API

* necessary UI changes

* add license

* changes to support external cni

* UI changes

* Fix NPE on restarting VPC with additional public IPs

* fix merge conflict

* add asnumber to create k8s svc layer

* support cni framework to use as-numbers

* update code

* condition to ignore undefined jinja template variables
---
 .../main/java/com/cloud/event/EventTypes.java |   1 +
 .../kubernetes/cluster/KubernetesCluster.java |   2 +
 .../com/cloud/server/ManagementService.java   |  11 +-
 .../main/java/com/cloud/user/UserData.java    |   1 +
 .../apache/cloudstack/api/ApiConstants.java   |   3 +
 .../userdata/BaseRegisterUserDataCmd.java     |  87 ++++++++
 .../userdata/ListCniConfigurationCmd.java     |  58 ++++++
 .../user/userdata/ListUserDataCmd.java        |   2 +-
 .../userdata/RegisterCniConfigurationCmd.java |  76 +++++++
 .../user/userdata/RegisterUserDataCmd.java    |  79 +-------
 .../user/userdata/ListUserDataCmdTest.java    |   4 +-
 .../upgrade/dao/Upgrade41910to42000.java      |  94 ---------
 .../upgrade/dao/Upgrade42010to42100.java      |  97 +++++++++
 .../main/java/com/cloud/user/UserDataVO.java  |  10 +
 .../META-INF/db/schema-41910to42000.sql       |  23 ---
 .../META-INF/db/schema-42010to42100.sql       |  34 ++++
 .../cluster/KubernetesClusterManagerImpl.java |  24 ++-
 .../cluster/KubernetesClusterService.java     |   2 +
 .../cluster/KubernetesClusterVO.java          |  23 +++
 .../KubernetesClusterActionWorker.java        |  42 ++--
 .../KubernetesClusterDestroyWorker.java       |  18 ++
 .../KubernetesClusterStartWorker.java         |  31 ++-
 .../KubernetesClusterUpgradeWorker.java       |   5 +-
 .../cluster/CreateKubernetesClusterCmd.java   |  18 ++
 .../main/resources/conf/k8s-control-node.yml  |   8 +-
 .../resources/script/upgrade-kubernetes.sh    |  10 +-
 .../java/com/cloud/api/ApiResponseHelper.java |  10 +-
 .../com/cloud/network/NetworkServiceImpl.java |  31 +++
 .../cloud/server/ManagementServerImpl.java    |  35 +++-
 .../server/ManagementServerImplTest.java      |   6 +-
 ui/public/locales/en.json                     |   6 +-
 ui/src/components/view/DetailsTab.vue         |   7 +-
 ui/src/config/section/compute.js              |  77 ++++++++
 ui/src/views/AutogenView.vue                  |   6 +
 .../views/compute/CreateKubernetesCluster.vue | 187 +++++++++++++++++-
 ui/src/views/compute/RegisterUserData.vue     |  53 +++--
 .../compute/wizard/UserDataSelection.vue      |   6 +
 37 files changed, 928 insertions(+), 259 deletions(-)
 create mode 100644 api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
 create mode 100644 api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
 create mode 100644 api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java

diff --git a/api/src/main/java/com/cloud/event/EventTypes.java b/api/src/main/java/com/cloud/event/EventTypes.java
index 81ed185dae5a..d73bd056022f 100644
--- a/api/src/main/java/com/cloud/event/EventTypes.java
+++ b/api/src/main/java/com/cloud/event/EventTypes.java
@@ -289,6 +289,7 @@ public class EventTypes {
 
     //registering userdata events
     public static final String EVENT_REGISTER_USER_DATA = "REGISTER.USER.DATA";
+    public static final String EVENT_REGISTER_CNI_CONFIG = "REGISTER.CNI.CONFIG";
 
     //register for user API and secret keys
     public static final String EVENT_REGISTER_FOR_SECRET_API_KEY = "REGISTER.USER.KEY";
diff --git a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
index c01d8f82a265..c0eb78129883 100644
--- a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
@@ -164,4 +164,6 @@ enum State {
     Long getWorkerTemplateId();
     Long getEtcdTemplateId();
     Long getEtcdNodeCount();
+    Long getCniConfigId();
+    String getCniConfigDetails();
 }
diff --git a/api/src/main/java/com/cloud/server/ManagementService.java b/api/src/main/java/com/cloud/server/ManagementService.java
index 18f3e901cd93..377fbfb5f078 100644
--- a/api/src/main/java/com/cloud/server/ManagementService.java
+++ b/api/src/main/java/com/cloud/server/ManagementService.java
@@ -59,9 +59,9 @@
 import org.apache.cloudstack.api.command.user.ssh.DeleteSSHKeyPairCmd;
 import org.apache.cloudstack.api.command.user.ssh.ListSSHKeyPairsCmd;
 import org.apache.cloudstack.api.command.user.ssh.RegisterSSHKeyPairCmd;
+import org.apache.cloudstack.api.command.user.userdata.BaseRegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.DeleteUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.ListUserDataCmd;
-import org.apache.cloudstack.api.command.user.userdata.RegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.vm.GetVMPasswordCmd;
 import org.apache.cloudstack.api.command.user.vmgroup.UpdateVMGroupCmd;
 import org.apache.cloudstack.config.Configuration;
@@ -360,17 +360,16 @@ public interface ManagementService {
      *            The api command class.
      * @return The list of userdatas found.
      */
-    Pair<List<? extends UserData>, Integer> listUserDatas(ListUserDataCmd cmd);
+    Pair<List<? extends UserData>, Integer> listUserDatas(ListUserDataCmd cmd, boolean forCks);
 
     /**
      * Registers a userdata.
      *
-     * @param cmd
-     *            The api command class.
+     * @param cmd    The api command class.
+     * @param forCks
      * @return A VO with the registered userdata.
      */
-    UserData registerUserData(RegisterUserDataCmd cmd);
-
+    UserData registerUserData(BaseRegisterUserDataCmd cmd);
     /**
      * Deletes a userdata.
      *
diff --git a/api/src/main/java/com/cloud/user/UserData.java b/api/src/main/java/com/cloud/user/UserData.java
index fa0c50473c0d..13a3c74f3679 100644
--- a/api/src/main/java/com/cloud/user/UserData.java
+++ b/api/src/main/java/com/cloud/user/UserData.java
@@ -29,4 +29,5 @@ public enum UserDataOverridePolicy {
     String getUserData();
 
     String getParams();
+    boolean isForCks();
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 77373aaf10b1..4381447a4bf8 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -112,6 +112,9 @@ public class ApiConstants {
     public static final String CN = "cn";
     public static final String COMMAND = "command";
     public static final String CMD_EVENT_TYPE = "cmdeventtype";
+    public static final String CNI_CONFIG = "cniconfig";
+    public static final String CNI_CONFIG_ID = "cniconfigurationid";
+    public static final String CNI_CONFIG_DETAILS = "cniconfigdetails";
     public static final String COMPONENT = "component";
     public static final String CPU_CORE_PER_SOCKET = "cpucorepersocket";
     public static final String CPU_NUMBER = "cpunumber";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
new file mode 100644
index 000000000000..32c1eaf42f8b
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
@@ -0,0 +1,87 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.userdata;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.NetworkModel;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.ProjectResponse;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public abstract class BaseRegisterUserDataCmd extends BaseCmd {
+
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "Name of the userdata")
+    private String name;
+
+    //Owner information
+    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the userdata. Must be used with domainId.")
+    private String accountName;
+
+    @Parameter(name = ApiConstants.DOMAIN_ID,
+            type = CommandType.UUID,
+            entityType = DomainResponse.class,
+            description = "an optional domainId for the userdata. If the account parameter is used, domainId must also be used.")
+    private Long domainId;
+
+    @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "an optional project for the userdata")
+    private Long projectId;
+
+    @Parameter(name = ApiConstants.PARAMS, type = CommandType.STRING, description = "comma separated list of variables declared in userdata content")
+    private String params;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public String getName() {
+        return name;
+    }
+
+    public String getAccountName() {
+        return accountName;
+    }
+
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    public Long getProjectId() {
+        return projectId;
+    }
+
+    public String getParams() {
+        checkForVRMetadataFileNames(params);
+        return params;
+    }
+
+    public void checkForVRMetadataFileNames(String params) {
+        if (StringUtils.isNotEmpty(params)) {
+            List<String> keyValuePairs = new ArrayList<>(Arrays.asList(params.split(",")));
+            keyValuePairs.retainAll(NetworkModel.metadataFileNames);
+            if (!keyValuePairs.isEmpty()) {
+                throw new InvalidParameterValueException(String.format("Params passed here have a few virtual router metadata file names %s", keyValuePairs));
+            }
+        }
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
new file mode 100644
index 000000000000..ecd769eb5a10
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
@@ -0,0 +1,58 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.userdata;
+
+import com.cloud.user.UserData;
+import com.cloud.utils.Pair;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.UserDataResponse;
+import org.apache.log4j.Logger;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@APICommand(name = "listCniConfiguration", description = "List userdata for CNI plugins", responseObject = UserDataResponse.class, entityType = {UserData.class},
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.20",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class ListCniConfigurationCmd extends ListUserDataCmd {
+    public static final Logger s_logger = Logger.getLogger(ListCniConfigurationCmd.class.getName());
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        Pair<List<? extends UserData>, Integer> resultList = _mgr.listUserDatas(this, true);
+        List<UserDataResponse> responses = new ArrayList<>();
+        for (UserData result : resultList.first()) {
+            UserDataResponse r = _responseGenerator.createUserDataResponse(result);
+            r.setObjectName(ApiConstants.CNI_CONFIG);
+            responses.add(r);
+        }
+
+        ListResponse<UserDataResponse> response = new ListResponse<>();
+        response.setResponses(responses, resultList.second());
+        response.setResponseName(getCommandName());
+        setResponseObject(response);
+    }
+
+
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmd.java
index 64ab3ec3d70e..16bf1e5c1e44 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmd.java
@@ -61,7 +61,7 @@ public String getName() {
 
     @Override
     public void execute() {
-        Pair<List<? extends UserData>, Integer> resultList = _mgr.listUserDatas(this);
+        Pair<List<? extends UserData>, Integer> resultList = _mgr.listUserDatas(this, false);
         List<UserDataResponse> responses = new ArrayList<>();
         for (UserData result : resultList.first()) {
             UserDataResponse r = _responseGenerator.createUserDataResponse(result);
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
new file mode 100644
index 000000000000..0a5f687f3928
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
@@ -0,0 +1,76 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.userdata;
+
+import com.cloud.user.UserData;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.UserDataResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+@APICommand(name = "registerCniConfiguration",
+        description = "Register a CNI Configuration to be used with CKS cluster",
+        since = "4.19.0",
+        responseObject = SuccessResponse.class,
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = false,
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class RegisterCniConfigurationCmd extends BaseRegisterUserDataCmd {
+    public static final Logger s_logger = Logger.getLogger(RegisterCniConfigurationCmd.class.getName());
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.CNI_CONFIG, type = CommandType.STRING, description = "CNI Configuration content to be registered as User data", length = 1048576)
+    private String cniConfig;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public String getCniConfig() {
+        return cniConfig;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        UserData result = _mgr.registerUserData(this);
+        UserDataResponse response = _responseGenerator.createUserDataResponse(result);
+        response.setResponseName(getCommandName());
+        response.setObjectName(ApiConstants.CNI_CONFIG);
+        setResponseObject(response);
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        Long accountId = _accountService.finalyzeAccountId(getAccountName(), getDomainId(), getProjectId(), true);
+        if (accountId == null) {
+            return CallContext.current().getCallingAccount().getId();
+        }
+
+        return accountId;
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
index 41d865d678c8..e2160d1418b4 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
@@ -16,30 +16,20 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.userdata;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.ProjectResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
 import org.apache.cloudstack.api.response.UserDataResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.commons.lang3.StringUtils;
 
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.NetworkModel;
 import com.cloud.user.UserData;
 
 @APICommand(name = "registerUserData",
@@ -49,89 +39,28 @@
         requestHasSensitiveInfo = false,
         responseHasSensitiveInfo = false,
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
-public class RegisterUserDataCmd extends BaseCmd {
+public class RegisterUserDataCmd extends BaseRegisterUserDataCmd {
 
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "Name of the userdata")
-    private String name;
-
-    //Owner information
-    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the userdata. Must be used with domainId.")
-    private String accountName;
-
-    @Parameter(name = ApiConstants.DOMAIN_ID,
-            type = CommandType.UUID,
-            entityType = DomainResponse.class,
-            description = "an optional domainId for the userdata. If the account parameter is used, domainId must also be used.")
-    private Long domainId;
-
-    @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "an optional project for the userdata")
-    private Long projectId;
-
-    @Parameter(name = ApiConstants.USER_DATA,
-            type = CommandType.STRING,
-            required = true,
-            description = "Base64 encoded userdata content. " +
-                    "Using HTTP GET (via querystring), you can send up to 4KB of data after base64 encoding. " +
-                    "Using HTTP POST (via POST body), you can send up to 1MB of data after base64 encoding. " +
-                    "You also need to change vm.userdata.max.length value",
-            length = 1048576)
-    private String userData;
-
-    @Parameter(name = ApiConstants.PARAMS, type = CommandType.STRING, description = "comma separated list of variables declared in userdata content")
-    private String params;
-
-
-    /////////////////////////////////////////////////////
-    /////////////////// Accessors ///////////////////////
-    /////////////////////////////////////////////////////
-
-    public String getName() {
-        return name;
-    }
-
-    public String getAccountName() {
-        return accountName;
-    }
+    @Parameter(name = ApiConstants.USER_DATA, type = CommandType.STRING, required = true, description = "Userdata content", length = 1048576)
+    protected String userData;
 
-    public Long getDomainId() {
-        return domainId;
-    }
-
-    public Long getProjectId() {
-        return projectId;
-    }
 
     public String getUserData() {
         return userData;
     }
 
-    public String getParams() {
-        checkForVRMetadataFileNames(params);
-        return params;
-    }
-
-    public void checkForVRMetadataFileNames(String params) {
-        if (StringUtils.isNotEmpty(params)) {
-            List<String> keyValuePairs = new ArrayList<>(Arrays.asList(params.split(",")));
-            keyValuePairs.retainAll(NetworkModel.metadataFileNames);
-            if (!keyValuePairs.isEmpty()) {
-                throw new InvalidParameterValueException(String.format("Params passed here have a few virtual router metadata file names %s", keyValuePairs));
-            }
-        }
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
 
     @Override
     public long getEntityOwnerId() {
-        Long accountId = _accountService.finalyzeAccountId(accountName, domainId, projectId, true);
+        Long accountId = _accountService.finalyzeAccountId(getAccountName(), getDomainId(), getProjectId(), true);
         if (accountId == null) {
             return CallContext.current().getCallingAccount().getId();
         }
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmdTest.java
index 3f47a078445c..8b7db2924629 100644
--- a/api/src/test/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmdTest.java
+++ b/api/src/test/java/org/apache/cloudstack/api/command/user/userdata/ListUserDataCmdTest.java
@@ -68,7 +68,7 @@ public void testListSuccess() {
         Pair<List<? extends UserData>, Integer> result = new Pair<List<? extends UserData>, Integer>(userDataList, 1);
         UserDataResponse userDataResponse = Mockito.mock(UserDataResponse.class);
 
-        Mockito.when(_mgr.listUserDatas(cmd)).thenReturn(result);
+        Mockito.when(_mgr.listUserDatas(cmd, false)).thenReturn(result);
         Mockito.when(_responseGenerator.createUserDataResponse(userData)).thenReturn(userDataResponse);
 
         cmd.execute();
@@ -82,7 +82,7 @@ public void testEmptyList() {
         List<UserData> userDataList = new ArrayList<UserData>();
         Pair<List<? extends UserData>, Integer> result = new Pair<List<? extends UserData>, Integer>(userDataList, 0);
 
-        Mockito.when(_mgr.listUserDatas(cmd)).thenReturn(result);
+        Mockito.when(_mgr.listUserDatas(cmd, false)).thenReturn(result);
 
         cmd.execute();
 
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java
index 8745ae180348..4c26c6bde50b 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java
@@ -21,10 +21,6 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 
 import com.cloud.upgrade.SystemVmTemplateRegistration;
 import com.cloud.utils.exception.CloudRuntimeException;
@@ -61,7 +57,6 @@ public InputStream[] getPrepareScripts() {
 
     @Override
     public void performDataMigration(Connection conn) {
-        updateKubernetesClusterNodeVersions(conn);
         checkAndUpdateAffinityGroupNameCharSetToUtf8mb4(conn);
     }
 
@@ -91,95 +86,6 @@ public void updateSystemVmTemplates(Connection conn) {
         }
     }
 
-    private Map<Long, String> getKubernetesClusterIdsAndVersion(Connection conn) {
-        String listKubernetesClusters = "SELECT c.id, v.semantic_version FROM `cloud`.`kubernetes_cluster` c JOIN `cloud`.`kubernetes_supported_version` v ON (c.kubernetes_version_id = v.id) WHERE c.removed is NULL;";
-        Map<Long, String> clusterAndVersion = new HashMap<>();
-        try {
-            PreparedStatement pstmt = conn.prepareStatement(listKubernetesClusters);
-            ResultSet rs = pstmt.executeQuery();
-            while (rs.next()) {
-                clusterAndVersion.put(rs.getLong(1), rs.getString(2));
-            }
-            rs.close();
-            pstmt.close();
-        } catch (SQLException e) {
-            String errMsg = String.format("Failed to get all the kubernetes cluster ids due to: %s", e.getMessage());
-            logger.error(errMsg);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-        return clusterAndVersion;
-    }
-
-    private List<Long> getKubernetesClusterVmMapIds(Connection conn, Long cksClusterId) {
-        List<Long> kubernetesClusterVmIds = new ArrayList<>();
-        String getKubernetesClustersVmMap = "SELECT id FROM `cloud`.`kubernetes_cluster_vm_map` WHERE cluster_id = %s;";
-        try {
-            PreparedStatement pstmt = conn.prepareStatement(String.format(getKubernetesClustersVmMap, cksClusterId));
-            ResultSet rs = pstmt.executeQuery();
-            while (rs.next()) {
-                kubernetesClusterVmIds.add(rs.getLong(1));
-            }
-            rs.close();
-            pstmt.close();
-        } catch (SQLException e) {
-            String errMsg = String.format("Failed to get the kubernetes cluster vm map IDs for kubernetes cluster with id: %s," +
-                    " due to: %s", cksClusterId, e.getMessage());
-            logger.error(errMsg, e);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-        return kubernetesClusterVmIds;
-    }
-
-    private void updateKubernetesNodeVersion(Connection conn, List<Long> kubernetesClusterVmIds, Long cksClusterId, String cksVersion) {
-        String updateKubernetesNodeVersion = "UPDATE `cloud`.`kubernetes_cluster_vm_map` set kubernetes_node_version = ? WHERE id = ?;";
-        for (Long nodeVmId : kubernetesClusterVmIds) {
-            try {
-                PreparedStatement pstmt = conn.prepareStatement(updateKubernetesNodeVersion);
-                pstmt.setString(1, cksVersion);
-                pstmt.setLong(2, nodeVmId);
-                pstmt.executeUpdate();
-                pstmt.close();
-            } catch (Exception e) {
-                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
-                        " kubernetes cluster with id: %s," +
-                        " due to: %s", cksClusterId, e.getMessage());
-                logger.error(errMsg, e);
-                throw new CloudRuntimeException(errMsg, e);
-            }
-        }
-    }
-
-    private void updateKubernetesNodeVersions(Connection conn, Map<Long, String> clusterAndVersion) {
-        List<Long> kubernetesClusterVmIds;
-        for (Map.Entry<Long, String> clusterVersionEntry : clusterAndVersion.entrySet()) {
-            try {
-                Long cksClusterId = clusterVersionEntry.getKey();
-                String cksVersion = clusterVersionEntry.getValue();
-                logger.debug(String.format("Adding CKS version %s to existing CKS cluster %s nodes", cksVersion, cksClusterId));
-                kubernetesClusterVmIds = getKubernetesClusterVmMapIds(conn, cksClusterId);
-                updateKubernetesNodeVersion(conn, kubernetesClusterVmIds, cksClusterId, cksVersion);
-            } catch (Exception e) {
-                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
-                        " kubernetes cluster with id: %s," +
-                        " due to: %s", clusterVersionEntry.getKey(), e.getMessage());
-                logger.error(errMsg, e);
-                throw new CloudRuntimeException(errMsg, e);
-            }
-        }
-    }
-
-    private void updateKubernetesClusterNodeVersions(Connection conn) {
-        //get list of all non removed kubernetes clusters
-        try {
-            Map<Long, String> clusterAndVersion = getKubernetesClusterIdsAndVersion(conn);
-            updateKubernetesNodeVersions(conn, clusterAndVersion);
-        } catch (Exception e) {
-            String errMsg = "Failed to update kubernetes cluster nodes version";
-            logger.error(errMsg);
-            throw new CloudRuntimeException(errMsg, e);
-        }
-    }
-
     private void checkAndUpdateAffinityGroupNameCharSetToUtf8mb4(Connection conn) {
         logger.debug("Check and update char set for affinity group name to utf8mb4");
         try {
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
index 06a68ec3d8b2..eb557da58d83 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
@@ -21,6 +21,13 @@
 
 import java.io.InputStream;
 import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 public class Upgrade42010to42100 extends DbUpgradeAbstractImpl implements DbUpgrade, DbUpgradeSystemVmTemplate {
     private SystemVmTemplateRegistration systemVmTemplateRegistration;
@@ -53,6 +60,7 @@ public InputStream[] getPrepareScripts() {
 
     @Override
     public void performDataMigration(Connection conn) {
+        updateKubernetesClusterNodeVersions(conn);
     }
 
     @Override
@@ -80,4 +88,93 @@ public void updateSystemVmTemplates(Connection conn) {
             throw new CloudRuntimeException("Failed to find / register SystemVM template(s)");
         }
     }
+
+    private void updateKubernetesClusterNodeVersions(Connection conn) {
+        //get list of all non removed kubernetes clusters
+        try {
+            Map<Long, String> clusterAndVersion = getKubernetesClusterIdsAndVersion(conn);
+            updateKubernetesNodeVersions(conn, clusterAndVersion);
+        } catch (Exception e) {
+            String errMsg = "Failed to update kubernetes cluster nodes version";
+            logger.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+    }
+
+    private Map<Long, String> getKubernetesClusterIdsAndVersion(Connection conn) {
+        String listKubernetesClusters = "SELECT c.id, v.semantic_version FROM `cloud`.`kubernetes_cluster` c JOIN `cloud`.`kubernetes_supported_version` v ON (c.kubernetes_version_id = v.id) WHERE c.removed is NULL;";
+        Map<Long, String> clusterAndVersion = new HashMap<>();
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(listKubernetesClusters);
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                clusterAndVersion.put(rs.getLong(1), rs.getString(2));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get all the kubernetes cluster ids due to: %s", e.getMessage());
+            logger.error(errMsg);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return clusterAndVersion;
+    }
+
+    private void updateKubernetesNodeVersions(Connection conn, Map<Long, String> clusterAndVersion) {
+        List<Long> kubernetesClusterVmIds;
+        for (Map.Entry<Long, String> clusterVersionEntry : clusterAndVersion.entrySet()) {
+            try {
+                Long cksClusterId = clusterVersionEntry.getKey();
+                String cksVersion = clusterVersionEntry.getValue();
+                logger.debug(String.format("Adding CKS version %s to existing CKS cluster %s nodes", cksVersion, cksClusterId));
+                kubernetesClusterVmIds = getKubernetesClusterVmMapIds(conn, cksClusterId);
+                updateKubernetesNodeVersion(conn, kubernetesClusterVmIds, cksClusterId, cksVersion);
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", clusterVersionEntry.getKey(), e.getMessage());
+                logger.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
+
+    private List<Long> getKubernetesClusterVmMapIds(Connection conn, Long cksClusterId) {
+        List<Long> kubernetesClusterVmIds = new ArrayList<>();
+        String getKubernetesClustersVmMap = "SELECT id FROM `cloud`.`kubernetes_cluster_vm_map` WHERE cluster_id = %s;";
+        try {
+            PreparedStatement pstmt = conn.prepareStatement(String.format(getKubernetesClustersVmMap, cksClusterId));
+            ResultSet rs = pstmt.executeQuery();
+            while (rs.next()) {
+                kubernetesClusterVmIds.add(rs.getLong(1));
+            }
+            rs.close();
+            pstmt.close();
+        } catch (SQLException e) {
+            String errMsg = String.format("Failed to get the kubernetes cluster vm map IDs for kubernetes cluster with id: %s," +
+                    " due to: %s", cksClusterId, e.getMessage());
+            logger.error(errMsg, e);
+            throw new CloudRuntimeException(errMsg, e);
+        }
+        return kubernetesClusterVmIds;
+    }
+
+    private void updateKubernetesNodeVersion(Connection conn, List<Long> kubernetesClusterVmIds, Long cksClusterId, String cksVersion) {
+        String updateKubernetesNodeVersion = "UPDATE `cloud`.`kubernetes_cluster_vm_map` set kubernetes_node_version = ? WHERE id = ?;";
+        for (Long nodeVmId : kubernetesClusterVmIds) {
+            try {
+                PreparedStatement pstmt = conn.prepareStatement(updateKubernetesNodeVersion);
+                pstmt.setString(1, cksVersion);
+                pstmt.setLong(2, nodeVmId);
+                pstmt.executeUpdate();
+                pstmt.close();
+            } catch (Exception e) {
+                String errMsg = String.format("Failed to update the node version for kubernetes cluster nodes for the" +
+                        " kubernetes cluster with id: %s," +
+                        " due to: %s", cksClusterId, e.getMessage());
+                logger.error(errMsg, e);
+                throw new CloudRuntimeException(errMsg, e);
+            }
+        }
+    }
 }
diff --git a/engine/schema/src/main/java/com/cloud/user/UserDataVO.java b/engine/schema/src/main/java/com/cloud/user/UserDataVO.java
index a8e48ad22b1a..e8864976069d 100644
--- a/engine/schema/src/main/java/com/cloud/user/UserDataVO.java
+++ b/engine/schema/src/main/java/com/cloud/user/UserDataVO.java
@@ -65,6 +65,9 @@ public UserDataVO() {
     @Column(name = GenericDao.REMOVED_COLUMN)
     private Date removed;
 
+    @Column(name = "for_cks")
+    private boolean forCks;
+
     @Override
     public long getDomainId() {
         return domainId;
@@ -105,6 +108,11 @@ public String getParams() {
         return params;
     }
 
+    @Override
+    public boolean isForCks() {
+        return forCks;
+    }
+
     public void setAccountId(long accountId) {
         this.accountId = accountId;
     }
@@ -132,4 +140,6 @@ public void setRemoved(Date removed) {
     public Date getRemoved() {
         return removed;
     }
+
+    public void setForCks(boolean forCks) { this.forCks = forCks; }
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41910to42000.sql b/engine/schema/src/main/resources/META-INF/db/schema-41910to42000.sql
index 2ab86ea7d892..c36b71c2f250 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41910to42000.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41910to42000.sql
@@ -425,26 +425,3 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid, hypervisor_type, hypervi
 
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_instance', 'delete_protection', 'boolean DEFAULT FALSE COMMENT "delete protection for vm" ');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.volumes', 'delete_protection', 'boolean DEFAULT FALSE COMMENT "delete protection for volumes" ');
-
--- Add for_cks column to the vm_template table
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
-
--- Add support for different node types service offerings on CKS clusters
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
-
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 91223bab798e..4f4b2f2a994f 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -24,3 +24,37 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session', 'console_endpoint_
 
 -- Add client_address column to cloud.console_session table
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session', 'client_address', 'VARCHAR(45)');
+
+-----------------------------------------------------------
+-- CKS Enhancements:
+-----------------------------------------------------------
+-- Add for_cks column to the vm_template table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
+
+-- Add support for different node types service offerings on CKS clusters
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_id', 'bigint unsigned COMMENT "userdata id representing the associated cni configuration"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_details', 'varchar(4096) DEFAULT NULL COMMENT "userdata details representing the values required for the cni configuration associated"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
+
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+
+-- Add for_cks column to the user_data table to represent CNI Configuration stored as userdata
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.user_data','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the userdata represent CNI configuration meant for CKS use only"');
+-----------------------------------------------------------
+-- END - CKS Enhancements
+-----------------------------------------------------------
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 17533ebd3afe..ab8fe3e4308b 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -47,13 +47,16 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.dc.ASNumberVO;
 import com.cloud.dc.DedicatedResourceVO;
+import com.cloud.dc.dao.ASNumberDao;
 import com.cloud.dc.dao.DedicatedResourceDao;
 import com.cloud.exception.ManagementServerException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.host.Host;
 import com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterRemoveWorker;
+import com.cloud.network.NetworkServiceImpl;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.element.NsxProviderVO;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterAddWorker;
@@ -316,6 +319,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     private PortForwardingRulesDao pfRuleDao;
     @Inject
     RoutedIpv4Manager routedIpv4Manager;
+    @Inject
+    private ASNumberDao asNumberDao;
 
     private void logMessage(final Level logLevel, final String message, final Exception e) {
         if (logLevel == Level.WARN) {
@@ -1037,7 +1042,7 @@ protected void validateServiceOfferingForNode(Map<String, Long> map,
     }
 
     private Network getKubernetesClusterNetworkIfMissing(final String clusterName, final DataCenter zone,  final Account owner, final int controlNodesCount,
-                         final int nodesCount, final String externalLoadBalancerIpAddress, final Long networkId) throws CloudRuntimeException {
+                         final int nodesCount, final String externalLoadBalancerIpAddress, final Long networkId, final Long asNumber) throws CloudRuntimeException {
         Network network = null;
         if (networkId != null) {
             network = networkDao.findById(networkId);
@@ -1070,6 +1075,10 @@ private Network getKubernetesClusterNetworkIfMissing(final String clusterName, f
                 network = networkService.createGuestNetwork(networkOffering.getId(), clusterName + "-network",
                         owner.getAccountName() + "-network", owner, physicalNetwork, zone.getId(),
                         ControlledEntity.ACLType.Account);
+                ASNumberVO asNumberVO = NetworkServiceImpl.checkAndSelectASNumber(asNumber, zone, networkOffering, asNumberDao);
+                if (Objects.nonNull(asNumber)) {
+                    NetworkServiceImpl.allocateASNumber(asNumberVO, network, asNumberDao);
+                }
             } catch (ConcurrentOperationException | InsufficientCapacityException | ResourceAllocationException e) {
                 logAndThrow(Level.ERROR, String.format("Unable to create network for the Kubernetes cluster: %s", clusterName));
             } finally {
@@ -1433,6 +1442,7 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         final Account owner = accountService.getActiveAccountById(cmd.getEntityOwnerId());
         final KubernetesSupportedVersion clusterKubernetesVersion = kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId());
         final Hypervisor.HypervisorType hypervisor = cmd.getHypervisorType();
+        final Long asNumber = cmd.getAsNumber();
 
         Map<String, Long> serviceOfferingNodeTypeMap = cmd.getServiceOfferingNodeTypeMap();
         Long defaultServiceOfferingId = cmd.getServiceOfferingId();
@@ -1457,7 +1467,7 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         final VMTemplateVO controlNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, CONTROL);
         final VMTemplateVO workerNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, WORKER);
         final VMTemplateVO etcdNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, ETCD);
-        final Network defaultNetwork = getKubernetesClusterNetworkIfMissing(cmd.getName(), zone, owner, (int)controlNodeCount, (int)clusterSize, cmd.getExternalLoadBalancerIpAddress(), cmd.getNetworkId());
+        final Network defaultNetwork = getKubernetesClusterNetworkIfMissing(cmd.getName(), zone, owner, (int)controlNodeCount, (int)clusterSize, cmd.getExternalLoadBalancerIpAddress(), cmd.getNetworkId(), asNumber);
         final SecurityGroup finalSecurityGroup = securityGroup;
         final KubernetesClusterVO cluster = Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
             @Override
@@ -1472,6 +1482,12 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                         defaultNetwork.getId(), owner.getDomainId(), owner.getAccountId(), controlNodeCount, clusterSize,
                         KubernetesCluster.State.Created, cmd.getSSHKeyPairName(), cores, memory,
                         cmd.getNodeRootDiskSize(), "", KubernetesCluster.ClusterType.CloudManaged);
+                newCluster.setCniConfigId(cmd.getCniConfigId());
+                String cniConfigDetails = null;
+                if (MapUtils.isNotEmpty(cmd.getCniConfigDetails())) {
+                    cniConfigDetails = cmd.getCniConfigDetails().toString();
+                }
+                newCluster.setCniConfigDetails(cniConfigDetails);
                 if (serviceOfferingNodeTypeMap.containsKey(WORKER.name())) {
                     newCluster.setWorkerServiceOfferingId(serviceOfferingNodeTypeMap.get(WORKER.name()));
                 }
@@ -1635,7 +1651,9 @@ public void startKubernetesCluster(StartKubernetesClusterCmd cmd) throws CloudRu
      * @return
      * @throws CloudRuntimeException
      */
-    protected boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, Long asNumber, boolean onCreate) throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException {
+    @Override
+    public boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, Long asNumber, boolean onCreate)
+            throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException {
         if (!KubernetesServiceEnabled.value()) {
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index 2c05f103ad76..ad7aef3250b6 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -151,6 +151,8 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     void startKubernetesCluster(StartKubernetesClusterCmd cmd) throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException;
 
+    boolean startKubernetesCluster(long kubernetesClusterId, Long domainId, String accountName, Long asNumber, boolean onCreate) throws CloudRuntimeException, ManagementServerException, ResourceUnavailableException, InsufficientCapacityException;
+
     boolean stopKubernetesCluster(StopKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
     boolean deleteKubernetesCluster(DeleteKubernetesClusterCmd cmd) throws CloudRuntimeException;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
index 0b4f7f60ac28..ef23ec7477ca 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
@@ -138,6 +138,12 @@ public class KubernetesClusterVO implements KubernetesCluster {
     @Column(name = "etcd_template_id")
     private Long etcdTemplateId;
 
+    @Column(name = "cni_config_id", nullable = true)
+    private Long cniConfigId = null;
+
+    @Column(name = "cni_config_details", updatable = true, length = 4096)
+    private String cniConfigDetails;
+
     @Override
     public long getId() {
         return id;
@@ -483,4 +489,21 @@ public Long getControlTemplateId() {
     public void setControlTemplateId(Long controlTemplateId) {
         this.controlTemplateId = controlTemplateId;
     }
+
+    public Long getCniConfigId() {
+        return cniConfigId;
+    }
+
+    public void setCniConfigId(Long cniConfigId) {
+        this.cniConfigId = cniConfigId;
+    }
+
+    public String getCniConfigDetails() {
+        return cniConfigDetails;
+    }
+
+    public void setCniConfigDetails(String cniConfigDetails) {
+        this.cniConfigDetails = cniConfigDetails;
+    }
+
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 98825c1329cd..83cd52684caf 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -51,6 +51,7 @@
 import com.cloud.network.rules.RulesService;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.user.SSHKeyPairVO;
+import com.cloud.user.dao.UserDataDao;
 import com.cloud.utils.component.ComponentContext;
 import com.cloud.utils.db.TransactionCallbackWithException;
 import com.cloud.utils.net.Ip;
@@ -69,6 +70,7 @@
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.userdata.UserDataManager;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.io.IOUtils;
@@ -179,6 +181,10 @@ public class KubernetesClusterActionWorker {
     @Inject
     protected UserVmService userVmService;
     @Inject
+    protected UserDataManager userDataManager;
+    @Inject
+    protected UserDataDao userDataDao;
+    @Inject
     protected UserVmManager userVmManager;
     @Inject
     protected VlanDao vlanDao;
@@ -725,20 +731,30 @@ protected boolean taintControlNodes() {
             String command = String.format("sudo /opt/bin/kubectl annotate node %s cluster-autoscaler.kubernetes.io/scale-down-disabled=true ; ", name);
             commands.append(command);
         }
-        try {
-            File pkFile = getManagementServerSshPublicKeyFile();
-            Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
-            publicIpAddress = publicIpSshPort.first();
-            sshPort = publicIpSshPort.second();
-
-            Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(),
-            pkFile, null, commands.toString(), 10000, 10000, 60000);
-            return result.first();
-        } catch (Exception e) {
-            String msg = String.format("Failed to taint control nodes on : %s : %s", kubernetesCluster.getName(), e.getMessage());
-            logMessage(Level.ERROR, msg, e);
-            return false;
+        int retryCounter = 0;
+        while (retryCounter < 3) {
+            retryCounter++;
+            try {
+                File pkFile = getManagementServerSshPublicKeyFile();
+                Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
+                publicIpAddress = publicIpSshPort.first();
+                sshPort = publicIpSshPort.second();
+
+                Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(),
+                        pkFile, null, commands.toString(), 10000, 10000, 60000);
+                return result.first();
+            } catch (Exception e) {
+                String msg = String.format("Failed to taint control nodes on : %s : %s", kubernetesCluster.getName(), e.getMessage());
+                logMessage(Level.ERROR, msg, e);
+            }
+            try {
+                Thread.sleep(5 * 1000L);
+            } catch (InterruptedException ie) {
+                LOGGER.error(String.format("Error while attempting to taint nodes on Kubernetes cluster: %s", kubernetesCluster.getName()), ie);
+            }
+            retryCounter++;
         }
+        return false;
     }
 
     protected boolean deployProvider() {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index 80741343d30a..9500f24020b3 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -23,6 +23,10 @@
 
 import javax.inject.Inject;
 
+import com.cloud.dc.ASNumberVO;
+import com.cloud.dc.BGPService;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.dao.ASNumberDao;
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -63,6 +67,10 @@ public class KubernetesClusterDestroyWorker extends KubernetesClusterResourceMod
     protected AccountManager accountManager;
     @Inject
     private AnnotationDao annotationDao;
+    @Inject
+    private ASNumberDao asNumberDao;
+    @Inject
+    private BGPService bgpService;
 
     private List<KubernetesClusterVmMapVO> clusterVMs;
 
@@ -130,6 +138,7 @@ private void destroyKubernetesClusterNetwork() throws ManagementServerException
             Account owner = accountManager.getAccount(network.getAccountId());
             User callerUser = accountManager.getActiveUser(CallContext.current().getCallingUserId());
             ReservationContext context = new ReservationContextImpl(null, null, callerUser, owner);
+            releaseASNumber(kubernetesCluster.getZoneId(), kubernetesCluster.getNetworkId());
             boolean networkDestroyed = networkMgr.destroyNetwork(kubernetesCluster.getNetworkId(), context, true);
             if (!networkDestroyed) {
                 String msg = String.format("Failed to destroy network : %s as part of Kubernetes cluster : %s cleanup", network.getName(), kubernetesCluster.getName());
@@ -143,6 +152,15 @@ private void destroyKubernetesClusterNetwork() throws ManagementServerException
         }
     }
 
+    private void releaseASNumber(Long zoneId, long networkId) {
+        DataCenter zone = dataCenterDao.findById(zoneId);
+        ASNumberVO asNumber = asNumberDao.findByZoneAndNetworkId(zone.getId(), networkId);
+        if (asNumber != null) {
+            LOGGER.debug(String.format("Releasing AS number %s from network %s", asNumber.getAsNumber(), networkId));
+            bgpService.releaseASNumber(zone.getId(), asNumber.getAsNumber());
+        }
+    }
+
     protected void deleteKubernetesClusterIsolatedNetworkRules(Network network, List<Long> removedVmIds) throws ManagementServerException {
         IpAddress publicIp = getNetworkSourceNatIp(network);
         if (publicIp == null) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 44b1bda3aa4d..408e2599a1e7 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -36,6 +36,7 @@
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.network.vpc.NetworkACL;
 import com.cloud.storage.VMTemplateVO;
+import com.cloud.user.UserDataVO;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.framework.ca.Certificate;
@@ -140,7 +141,7 @@ private boolean isKubernetesVersionSupportsHA() {
 
     private Pair<String, String> getKubernetesControlNodeConfig(final String controlNodeIp, final String serverIp,
                                                   final List<Network.IpAddresses> etcdIps, final String hostName, final boolean haSupported,
-                                                  final boolean ejectIso) throws IOException {
+                                                  final boolean ejectIso, final boolean externalCni) throws IOException {
         String k8sControlNodeConfig = readResourceFile("/conf/k8s-control-node.yml");
         final String apiServerCert = "{{ k8s_control_node.apiserver.crt }}";
         final String apiServerKey = "{{ k8s_control_node.apiserver.key }}";
@@ -157,6 +158,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         final String k8sApiPort = "{{ k8s.api_server_port }}";
         final String certSans = "{{ k8s_control.server_ips }}";
         final String k8sCertificate = "{{ k8s_control.certificate_key }}";
+        final String externalCniPlugin = "{{ k8s.external.cni.plugin }}";
 
         final List<String> addresses = new ArrayList<>();
         addresses.add(controlNodeIp);
@@ -207,6 +209,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sApiPort, String.valueOf(CLUSTER_API_PORT));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(certSans, String.format("- %s", serverIp));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sCertificate, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(externalCniPlugin, String.valueOf(externalCni));
 
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
@@ -238,34 +241,47 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
         String suffix = Long.toHexString(System.currentTimeMillis());
         String hostName = String.format("%s-control-%s", kubernetesClusterNodeNamePrefix, suffix);
         boolean haSupported = isKubernetesVersionSupportsHA();
+        Long userDataId = kubernetesCluster.getCniConfigId();
         Pair<String, String> k8sControlNodeConfigAndControlIp = new Pair<>(null, null);
         try {
-            k8sControlNodeConfigAndControlIp = getKubernetesControlNodeConfig(controlNodeIp, serverIp, etcdIps, hostName, haSupported, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            k8sControlNodeConfigAndControlIp = getKubernetesControlNodeConfig(controlNodeIp, serverIp, etcdIps, hostName, haSupported, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()), Objects.nonNull(userDataId));
         } catch (IOException e) {
             logAndThrow(Level.ERROR, "Failed to read Kubernetes control node configuration file", e);
         }
         String k8sControlNodeConfig = k8sControlNodeConfigAndControlIp.first();
         String base64UserData = Base64.encodeBase64String(k8sControlNodeConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+        if (Objects.nonNull(userDataId)) {
+            logger.info("concatenating userdata");
+            UserDataVO cniConfigVo = userDataDao.findById(userDataId);
+            String cniConfig = new String(Base64.decodeBase64(cniConfigVo.getUserData()));
+            if (Objects.nonNull(asNumber)) {
+                cniConfig = substituteASNumber(cniConfig, asNumber);
+                cniConfig = Base64.encodeBase64String(cniConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
+            }
+            base64UserData = userDataManager.concatenateUserData(base64UserData, cniConfig, null);
+        }
+
         List<String> keypairs = new ArrayList<String>();
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
 
         Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        String userDataDetails = kubernetesCluster.getCniConfigDetails();
         if (kubernetesCluster.getSecurityGroupId() != null &&
                 networkModel.checkSecurityGroupSupportForNetwork(owner, zone, networkIds,
                         List.of(kubernetesCluster.getSecurityGroupId()))) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             controlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
-            hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
+            hostName, hostName, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, userDataId, userDataDetails, keypairs,
                     requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
                             Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE);
         } else {
             controlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null,
-                    Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
+                    Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, userDataId, userDataDetails, keypairs,
                     requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
                             Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null);
         }
@@ -275,6 +291,13 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
         return controlVm;
     }
 
+    private String substituteASNumber(String cniConfig, Long asNumber) {
+        final String asNumberKey = "{{ AS_NUMBER }}";
+        cniConfig = cniConfig.replace(asNumberKey, String.valueOf(asNumber));
+        return cniConfig;
+
+    }
+
     private String getKubernetesAdditionalControlNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
         String k8sControlNodeConfig = readResourceFile("/conf/k8s-control-node-add.yml");
         final String joinIpKey = "{{ k8s_control_node.join_ip }}";
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
index d8ef426d3f04..c2468c2d2204 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java
@@ -20,6 +20,7 @@
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 import java.util.stream.Collectors;
 
 import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
@@ -67,12 +68,12 @@ private Pair<Boolean, String> runInstallScriptOnVM(final UserVm vm, final int in
         String nodeAddress = (index > 0 && sshPort == 22) ? vm.getPrivateIpAddress() : publicIpAddress;
         SshHelper.scpTo(nodeAddress, nodeSshPort, getControlNodeLoginUser(), sshKeyFile, null,
                 "~/", upgradeScriptFile.getAbsolutePath(), "0755");
-        String cmdStr = String.format("sudo ./%s %s %s %s %s",
+        String cmdStr = String.format("sudo ./%s %s %s %s %s %s",
                 upgradeScriptFile.getName(),
                 upgradeVersion.getSemanticVersion(),
                 index == 0 ? "true" : "false",
                 KubernetesVersionManagerImpl.compareSemanticVersions(upgradeVersion.getSemanticVersion(), "1.15.0") < 0 ? "true" : "false",
-                Hypervisor.HypervisorType.VMware.equals(vm.getHypervisorType()));
+                Hypervisor.HypervisorType.VMware.equals(vm.getHypervisorType()), Objects.isNull(kubernetesCluster.getCniConfigId()));
         return SshHelper.sshExecute(nodeAddress, nodeSshPort, getControlNodeLoginUser(), sshKeyFile, null,
                 cmdStr,
                 10000, 10000, 10 * 60 * 1000);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 93b2afed7d4c..abd5bd013aa2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -52,6 +52,7 @@
 import org.apache.cloudstack.api.response.NetworkResponse;
 import org.apache.cloudstack.api.response.ProjectResponse;
 import org.apache.cloudstack.api.response.ServiceOfferingResponse;
+import org.apache.cloudstack.api.response.UserDataResponse;
 import org.apache.cloudstack.api.response.ZoneResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -193,6 +194,15 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "the hypervisor on which the CKS cluster is to be deployed. This is required if the zone in which the CKS cluster is being deployed has clusters with different hypervisor types.")
     private String hypervisor;
 
+    @Parameter(name = ApiConstants.CNI_CONFIG_ID, type = CommandType.UUID, entityType = UserDataResponse.class, description = "the ID of the Userdata", since = "4.19.0")
+    private Long cniConfigId;
+
+    @Parameter(name = ApiConstants.CNI_CONFIG_DETAILS, type = CommandType.MAP,
+            description = "used to specify the parameters values for the variables in userdata. " +
+                    "Example: cniconfigdetails[0].key=accesskey&cniconfigdetails[0].value=s389ddssaa&" +
+                    "cniconfigdetails[1].key=secretkey&cniconfigdetails[1].value=8dshfsss", since = "4.19.0")
+    private Map cniConfigDetails;
+
     @Parameter(name=ApiConstants.AS_NUMBER, type=CommandType.LONG, description="the AS Number of the network")
     private Long asNumber;
 
@@ -349,6 +359,14 @@ public Long getAsNumber() {
         return asNumber;
     }
 
+    public Map getCniConfigDetails() {
+        return convertDetailsToMap(cniConfigDetails);
+    }
+
+    public Long getCniConfigId() {
+        return cniConfigId;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 41668aab6dae..42924a10fc03 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -1,3 +1,4 @@
+## template: jinja
 #cloud-config
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
@@ -279,6 +280,7 @@ write_files:
       fi
 
       EXTERNAL_ETCD_NODES={{ etcd.unstacked_etcd }}
+      EXTERNAL_CNI_PLUGIN={{ k8s.external.cni.plugin }}
       MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       crucial_cmd_attempts=1
       while true; do
@@ -320,7 +322,9 @@ write_files:
       if [ -d "$K8S_CONFIG_SCRIPTS_COPY_DIR" ]; then
         ### Network, dashboard configs available offline ###
         echo "Offline configs are available!"
-        /opt/bin/kubectl apply -f ${K8S_CONFIG_SCRIPTS_COPY_DIR}/network.yaml
+        if [[ ${EXTERNAL_CNI_PLUGIN} == false ]]; then
+          /opt/bin/kubectl apply -f ${K8S_CONFIG_SCRIPTS_COPY_DIR}/network.yaml
+        fi
         /opt/bin/kubectl apply -f ${K8S_CONFIG_SCRIPTS_COPY_DIR}/dashboard.yaml
         rm -rf "${K8S_CONFIG_SCRIPTS_COPY_DIR}"
       else
@@ -335,6 +339,7 @@ write_files:
       sudo touch /home/cloud/success
       echo "true" > /home/cloud/success
 
+{% if registry is defined %}
   - path: /opt/bin/setup-containerd
     permissions: '0755'
     owner: root:root
@@ -352,6 +357,7 @@ write_files:
       echo "Restarting containerd service"
       systemctl daemon-reload
       systemctl restart containerd
+{% endif %}
 
   - path: /etc/systemd/system/deploy-kube-system.service
     permissions: '0755'
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/script/upgrade-kubernetes.sh b/plugins/integrations/kubernetes-service/src/main/resources/script/upgrade-kubernetes.sh
index 480b002ef179..a947d508436e 100755
--- a/plugins/integrations/kubernetes-service/src/main/resources/script/upgrade-kubernetes.sh
+++ b/plugins/integrations/kubernetes-service/src/main/resources/script/upgrade-kubernetes.sh
@@ -18,7 +18,7 @@
 
 # Version 1.14 and below needs extra flags with kubeadm upgrade node
 if [ $# -lt 4 ]; then
-    echo "Invalid input. Valid usage: ./upgrade-kubernetes.sh UPGRADE_VERSION IS_CONTROL_NODE IS_OLD_VERSION IS_EJECT_ISO"
+    echo "Invalid input. Valid usage: ./upgrade-kubernetes.sh UPGRADE_VERSION IS_CONTROL_NODE IS_OLD_VERSION IS_EJECT_ISO IS_EXTERNAL_CNI"
     echo "eg: ./upgrade-kubernetes.sh 1.16.3 true false false"
     exit 1
 fi
@@ -35,6 +35,10 @@ EJECT_ISO_FROM_OS=false
 if [ $# -gt 3 ]; then
   EJECT_ISO_FROM_OS="${4}"
 fi
+EXTERNAL_CNI=false
+if [ $# -gt 4 ]; then
+  EXTERNAL_CNI="${5}"
+fi
 
 export PATH=$PATH:/opt/bin
 if [[ "$PATH" != *:/usr/sbin && "$PATH" != *:/usr/sbin:* ]]; then
@@ -144,7 +148,9 @@ if [ -d "$BINARIES_DIR" ]; then
   systemctl restart kubelet
 
   if [ "${IS_MAIN_CONTROL}" == 'true' ]; then
-    /opt/bin/kubectl apply -f ${BINARIES_DIR}/network.yaml
+    if [[ ${EXTERNAL_CNI} == true ]]; then
+      /opt/bin/kubectl apply -f ${BINARIES_DIR}/network.yaml
+    fi
     /opt/bin/kubectl apply -f ${BINARIES_DIR}/dashboard.yaml
   fi
 
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 810f0abd7e00..81757721a3f7 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -5411,9 +5411,13 @@ public ASNumberResponse createASNumberResponse(ASNumber asn) {
         response.setZoneName(zone.getName());
         response.setAsNumber(asn.getAsNumber());
         ASNumberRangeVO range = asNumberRangeDao.findById(asn.getAsNumberRangeId());
-        response.setAsNumberRangeId(range.getUuid());
-        String rangeText = String.format("%s-%s", range.getStartASNumber(), range.getEndASNumber());
-        response.setAsNumberRange(rangeText);
+        if (Objects.nonNull(range)) {
+            response.setAsNumberRangeId(range.getUuid());
+            String rangeText = String.format("%s-%s", range.getStartASNumber(), range.getEndASNumber());
+            response.setAsNumberRange(rangeText);
+        } else {
+            s_logger.info("is null for as number: "+ asn.getAsNumber());
+        }
         response.setAllocated(asn.getAllocatedTime());
         response.setAllocationState(asn.isAllocated() ? "Allocated" : "Free");
         if (asn.getVpcId() != null) {
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 0d4e3fdedc2c..ea51b03602f2 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -41,7 +41,9 @@
 import javax.naming.ConfigurationException;
 
 import com.cloud.bgp.BGPService;
+import com.cloud.dc.ASNumberVO;
 import com.cloud.dc.VlanDetailsVO;
+import com.cloud.dc.dao.ASNumberDao;
 import com.cloud.dc.dao.VlanDetailsDao;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.dao.PublicIpQuarantineDao;
@@ -421,6 +423,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
     RoutedIpv4Manager routedIpv4Manager;
     @Inject
     private BGPService bgpService;
+    @Inject
+    private ASNumberDao asNumberDao;
 
     List<InternalLoadBalancerElementService> internalLoadBalancerElementServices = new ArrayList<>();
     Map<String, InternalLoadBalancerElementService> internalLoadBalancerElementServiceMap = new HashMap<>();
@@ -1726,6 +1730,9 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             routedIpv4Manager.validateBgpPeers(owner, zone.getId(), bgpPeerIds);
         }
 
+        // Check AS number if provided
+        ASNumberVO asNumberVO = checkAndSelectASNumber(asNumber, zone, ntwkOff, asNumberDao);
+
         if (ipv4) {
             // For non-root admins check cidr limit - if it's allowed by global config value
             if (!_accountMgr.isRootAdmin(caller.getId()) && cidr != null) {
@@ -1836,6 +1843,10 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             routedIpv4Manager.persistBgpPeersForGuestNetwork(network.getId(), bgpPeerIds);
         }
 
+        if (asNumberVO != null) {
+            bgpService.allocateASNumber(zone.getId(), asNumberVO.getAsNumber(), network.getId(), network.getVpcId());
+        }
+
         // if the network offering has persistent set to true, implement the network
         if (ntwkOff.isPersistent()) {
             return implementedNetworkInCreation(caller, zone, network);
@@ -1847,6 +1858,26 @@ private boolean isNonVpcNetworkSupportingDynamicRouting(NetworkOffering networkO
         return !networkOffering.isForVpc() && NetworkOffering.RoutingMode.Dynamic == networkOffering.getRoutingMode();
     }
 
+    public static ASNumberVO checkAndSelectASNumber(Long asNumber, DataCenter zone, NetworkOffering networkOffering, ASNumberDao asNumberDao) {
+        if (NetworkOffering.RoutingMode.Dynamic != networkOffering.getRoutingMode()) {
+            return null;
+        }
+        return BooleanUtils.toBoolean(networkOffering.isSpecifyAsNumber()) ?
+                validateASNumber(asNumber, asNumberDao) :
+                asNumberDao.findOneByAllocationStateAndZone(zone.getId(), false);
+    }
+
+    protected static ASNumberVO validateASNumber(Long asNumber, ASNumberDao asNumberDao) {
+        if (asNumber == null) {
+            return null;
+        }
+        ASNumberVO asNumberVO = asNumberDao.findByAsNumber(asNumber);
+        if (asNumberVO == null || asNumberVO.isAllocated()) {
+            throw new InvalidParameterValueException(String.format("The AS Number %s is already allocated, please select a free AS Number", asNumber));
+        }
+        return asNumberVO;
+    }
+
     private void validateNetworkCreationSupported(long zoneId, String zoneName, GuestType guestType) {
         NsxProviderVO nsxProviderVO = nsxProviderDao.findByZoneId(zoneId);
         if (Objects.nonNull(nsxProviderVO) && GuestType.L2.equals(guestType)) {
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 2062ee1e94d4..73a466e3aaa4 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -519,9 +519,12 @@
 import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
 import org.apache.cloudstack.api.command.user.template.UpdateTemplateCmd;
 import org.apache.cloudstack.api.command.user.template.UpdateTemplatePermissionsCmd;
+import org.apache.cloudstack.api.command.user.userdata.BaseRegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.DeleteUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.LinkUserDataToTemplateCmd;
+import org.apache.cloudstack.api.command.user.userdata.ListCniConfigurationCmd;
 import org.apache.cloudstack.api.command.user.userdata.ListUserDataCmd;
+import org.apache.cloudstack.api.command.user.userdata.RegisterCniConfigurationCmd;
 import org.apache.cloudstack.api.command.user.userdata.RegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd;
 import org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd;
@@ -4030,6 +4033,8 @@ public List<Class<?>> getCommands() {
         cmdList.add(DeleteUserDataCmd.class);
         cmdList.add(ListUserDataCmd.class);
         cmdList.add(LinkUserDataToTemplateCmd.class);
+        cmdList.add(RegisterCniConfigurationCmd.class);
+        cmdList.add(ListCniConfigurationCmd.class);
 
         //object store APIs
         cmdList.add(AddObjectStoragePoolCmd.class);
@@ -4829,7 +4834,7 @@ public boolean deleteUserData(final DeleteUserDataCmd cmd) {
     }
 
     @Override
-    public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataCmd cmd) {
+    public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataCmd cmd, final boolean forCks) {
         final Long id = cmd.getId();
         final String name = cmd.getName();
         final String keyword = cmd.getKeyword();
@@ -4849,6 +4854,8 @@ public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataC
         sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
         sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
         sb.and("keyword", sb.entity().getName(), SearchCriteria.Op.LIKE);
+        sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
+        sb.and("forCks", sb.entity().isForCks(), SearchCriteria.Op.EQ);
         final SearchCriteria<UserDataVO> sc = sb.create();
         _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
@@ -4864,24 +4871,33 @@ public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataC
             sc.setParameters("keyword",  "%" + keyword + "%");
         }
 
+        sc.setParameters("forCks", forCks);
+
         final Pair<List<UserDataVO>, Integer> result = userDataDao.searchAndCount(sc, searchFilter);
         return new Pair<>(result.first(), result.second());
     }
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_REGISTER_USER_DATA, eventDescription = "registering userdata", async = true)
-    public UserData registerUserData(final RegisterUserDataCmd cmd) {
+    public UserData registerUserData(final BaseRegisterUserDataCmd cmd) {
         final Account owner = getOwner(cmd);
         checkForUserDataByName(cmd, owner);
-        checkForUserData(cmd, owner);
-
         final String name = cmd.getName();
-        String userdata = cmd.getUserData();
+
+        boolean forCks = false;
+        String userdata = null;
+        if (cmd instanceof RegisterUserDataCmd) {
+            userdata = ((RegisterUserDataCmd) cmd).getUserData();
+            checkForUserData(((RegisterUserDataCmd) cmd), owner);
+        } else {
+            userdata = ((RegisterCniConfigurationCmd) cmd).getCniConfig();
+            forCks = true;
+        }
         final String params = cmd.getParams();
 
         userdata = userDataManager.validateUserData(userdata, cmd.getHttpMethod());
 
-        return createAndSaveUserData(name, userdata, params, owner);
+        return createAndSaveUserData(name, userdata, params, owner, forCks);
     }
 
     /**
@@ -4901,7 +4917,7 @@ private void checkForUserData(final RegisterUserDataCmd cmd, final Account owner
      * @param owner
      * @throws InvalidParameterValueException
      */
-    private void checkForUserDataByName(final RegisterUserDataCmd cmd, final Account owner) throws InvalidParameterValueException {
+    private void checkForUserDataByName(final BaseRegisterUserDataCmd cmd, final Account owner) throws InvalidParameterValueException {
         final UserDataVO userData = userDataDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName());
         if (userData != null) {
             throw new InvalidParameterValueException(String.format("A userdata with name %s already exists for this account.", cmd.getName()));
@@ -4970,7 +4986,7 @@ protected Account getOwner(final RegisterSSHKeyPairCmd cmd) {
      * @param cmd
      * @return Account
      */
-    protected Account getOwner(final RegisterUserDataCmd cmd) {
+    protected Account getOwner(final BaseRegisterUserDataCmd cmd) {
         final Account caller = getCaller();
         return  _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId());
     }
@@ -4998,7 +5014,7 @@ private SSHKeyPair createAndSaveSSHKeyPair(final String name, final String finge
         return newPair;
     }
 
-    private UserData createAndSaveUserData(final String name, final String userdata, final String params, final Account owner) {
+    private UserData createAndSaveUserData(final String name, final String userdata, final String params, final Account owner, final boolean isForCks) {
         final UserDataVO userDataVO = new UserDataVO();
 
         userDataVO.setAccountId(owner.getAccountId());
@@ -5006,6 +5022,7 @@ private UserData createAndSaveUserData(final String name, final String userdata,
         userDataVO.setName(name);
         userDataVO.setUserData(userdata);
         userDataVO.setParams(params);
+        userDataVO.setForCks(isForCks);
 
         userDataDao.persist(userDataVO);
 
diff --git a/server/src/test/java/com/cloud/server/ManagementServerImplTest.java b/server/src/test/java/com/cloud/server/ManagementServerImplTest.java
index b26cd455cfbb..df94a7d2157e 100644
--- a/server/src/test/java/com/cloud/server/ManagementServerImplTest.java
+++ b/server/src/test/java/com/cloud/server/ManagementServerImplTest.java
@@ -479,7 +479,7 @@ public void testListUserDataById() {
             Pair<List<UserDataVO>, Integer> result = new Pair(userDataList, 1);
             when(_userDataDao.searchAndCount(nullable(SearchCriteria.class), nullable(Filter.class))).thenReturn(result);
 
-            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd);
+            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd, false);
 
             Assert.assertEquals(userdataResultList.first().get(0), userDataList.get(0));
         }
@@ -512,7 +512,7 @@ public void testListUserDataByName() {
             Pair<List<UserDataVO>, Integer> result = new Pair(userDataList, 1);
             when(_userDataDao.searchAndCount(nullable(SearchCriteria.class), nullable(Filter.class))).thenReturn(result);
 
-            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd);
+            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd, false);
 
             Assert.assertEquals(userdataResultList.first().get(0), userDataList.get(0));
         }
@@ -545,7 +545,7 @@ public void testListUserDataByKeyword() {
             Pair<List<UserDataVO>, Integer> result = new Pair(userDataList, 1);
             when(_userDataDao.searchAndCount(nullable(SearchCriteria.class), nullable(Filter.class))).thenReturn(result);
 
-            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd);
+            Pair<List<? extends UserData>, Integer> userdataResultList = spy.listUserDatas(cmd, false);
 
             Assert.assertEquals(userdataResultList.first().get(0), userDataList.get(0));
         }
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 243a071f05be..9ab009bae25c 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1874,7 +1874,8 @@
 "label.region": "Region",
 "label.register.oauth": "Register OAuth",
 "label.register.template": "Register Template",
-"label.register.user.data": "Register a userdata",
+"label.register.user.data": "Register User Data",
+"label.register.cni.config": "Register CNI Configuration",
 "label.reinstall.vm": "Reinstall Instance",
 "label.reject": "Reject",
 "label.related": "Related",
@@ -2648,6 +2649,8 @@
 "label.bucket.policy": "Bucket Policy",
 "label.usersecretkey": "Secret Key",
 "label.create.bucket": "Create Bucket",
+"label.cniconfiguration": "CNI Configuration",
+"label.cniconfigparams": "CNI Configuration parameters",
 "message.acquire.ip.failed": "Failed to acquire IP.",
 "message.action.acquire.ip": "Please confirm that you want to acquire new IP.",
 "message.action.cancel.maintenance": "Your host has been successfully canceled for maintenance. This process can take up to several minutes.",
@@ -3020,6 +3023,7 @@
 "message.desc.reset.ssh.key.pair": "Please specify a ssh key pair that you would like to add to this Instance.",
 "message.desc.secondary.storage": "Each zone must have at least one NFS or secondary storage server. We will add the first one now. Secondary storage stores Instance Templates, ISO images, and Instance disk volume Snapshots. This server must be available to all hosts in the zone.<br/><br/>Provide the IP address and exported path.",
 "message.desc.register.user.data": "Please fill in the following data to register a User data.",
+"message.desc.register.cni.config": "Please fill in the following data to register CNI Configuration as user data.",
 "message.desc.registered.user.data": "Registered a User Data.",
 "message.desc.zone": "A zone is the largest organizational unit in CloudStack, and it typically corresponds to a single datacenter. Zones provide physical isolation and redundancy. A zone consists of one or more pods (each of which contains hosts and primary storage servers) and a secondary storage server which is shared by all pods in the zone.",
 "message.desc.zone.edge": "A zone is the largest organizational unit in CloudStack, and it typically corresponds to a single datacenter. Zones provide physical isolation and redundancy. An edge zone consists of one or more hosts (each of which provides local storage as primary storage servers). Only shared and L2 Networks can be deployed in such zones and functionalities that require secondary storages are not supported.",
diff --git a/ui/src/components/view/DetailsTab.vue b/ui/src/components/view/DetailsTab.vue
index 3622f87e67d8..71bb544f0798 100644
--- a/ui/src/components/view/DetailsTab.vue
+++ b/ui/src/components/view/DetailsTab.vue
@@ -44,7 +44,9 @@
     <template #renderItem="{item}">
       <a-list-item v-if="(item in dataResource && !customDisplayItems.includes(item)) || (offeringDetails.includes(item) && dataResource.serviceofferingdetails)">
         <div style="width: 100%">
-          <strong>{{ item === 'service' ? $t('label.supportedservices') : $t(getDetailTitle(item)) }}</strong>
+          <strong>{{ item === 'service' ? $t('label.supportedservices') :
+           $route.meta.name === 'cniconfiguration' && item === 'userdata' ? $t('label.' + String($route.meta.name).toLowerCase()) :
+           $t(getDetailTitle(item)) }}</strong>
           <br/>
           <div v-if="Array.isArray(dataResource[item]) && item === 'service'">
             <div v-for="(service, idx) in dataResource[item]" :key="idx">
@@ -96,6 +98,9 @@
           <div v-else-if="$route.meta.name === 'userdata' && item === 'userdata'">
             <div style="white-space: pre-wrap;"> {{ decodeUserData(dataResource.userdata)}} </div>
           </div>
+          <div v-else-if="$route.meta.name === 'cniconfiguration' && item === 'userdata'">
+            <div style="white-space: pre-wrap;"> {{ dataResource.userdata}} </div>
+          </div>
           <div v-else-if="$route.meta.name === 'guestnetwork' && item === 'egressdefaultpolicy'">
             {{ dataResource[item]? $t('message.egress.rules.allow') : $t('message.egress.rules.deny') }}
           </div>
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index c31184cd36e9..c26284ae071e 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -988,6 +988,83 @@ export default {
         }
       ]
     },
+    {
+      name: 'cniconfiguration',
+      title: 'label.cniconfiguration',
+      icon: 'solution-outlined',
+      docHelp: 'adminguide/virtual_machines.html#user-data-and-meta-data',
+      permission: ['listCniConfiguration'],
+      columns: () => {
+        var fields = ['name', 'id']
+        if (['Admin', 'DomainAdmin'].includes(store.getters.userInfo.roletype)) {
+          fields.push('account')
+          if (store.getters.listAllProjects) {
+            fields.push('project')
+          }
+          fields.push('domain')
+        } else if (store.getters.listAllProjects) {
+          fields.push('project')
+        }
+        return fields
+      },
+      resourceType: 'UserData',
+      details: ['id', 'name', 'userdata', 'account', 'domain', 'params'],
+      related: [{
+        name: 'vm',
+        title: 'label.instances',
+        param: 'userdata'
+      }],
+      tabs: [
+        {
+          name: 'details',
+          component: shallowRef(defineAsyncComponent(() => import('@/components/view/DetailsTab.vue')))
+        },
+        {
+          name: 'comments',
+          component: shallowRef(defineAsyncComponent(() => import('@/components/view/AnnotationsTab.vue')))
+        }
+      ],
+      actions: [
+        {
+          api: 'registerCniConfiguration',
+          icon: 'plus-outlined',
+          label: 'label.register.cni.config',
+          docHelp: 'adminguide/virtual_machines.html#creating-the-ssh-keypair',
+          listView: true,
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/RegisterUserData.vue')))
+        },
+        {
+          api: 'deleteUserData',
+          icon: 'delete-outlined',
+          label: 'label.remove.user.data',
+          message: 'message.please.confirm.remove.user.data',
+          dataView: true,
+          args: ['id', 'account', 'domainid'],
+          mapping: {
+            id: {
+              value: (record, params) => { return record.id }
+            },
+            account: {
+              value: (record, params) => { return record.account }
+            },
+            domainid: {
+              value: (record, params) => { return record.domainid }
+            }
+          },
+          groupAction: true,
+          popup: true,
+          groupMap: (selection, values, record) => {
+            return selection.map(x => {
+              const data = record.filter(y => { return y.id === x })
+              return {
+                id: x, account: data[0].account, domainid: data[0].domainid
+              }
+            })
+          }
+        }
+      ]
+    },
     {
       name: 'affinitygroup',
       title: 'label.affinity.groups',
diff --git a/ui/src/views/AutogenView.vue b/ui/src/views/AutogenView.vue
index 07c6b53d29e2..63f51a954bea 100644
--- a/ui/src/views/AutogenView.vue
+++ b/ui/src/views/AutogenView.vue
@@ -918,6 +918,10 @@ export default {
       }
 
       this.loading = true
+      if (this.$route.path.startsWith('/cniconfiguration')) {
+        params.forcks = true
+        console.log('here')
+      }
       if (this.$route.params && this.$route.params.id) {
         params.id = this.$route.params.id
         if (['listSSHKeyPairs'].includes(this.apiName)) {
@@ -951,6 +955,8 @@ export default {
         }
       }
 
+      console.log(params)
+
       if (this.$store.getters.listAllProjects && !this.projectView) {
         params.projectid = '-1'
       }
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 4d073b4ac18c..f47d3737f14a 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -329,6 +329,60 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item v-if="form.advancedmode && isASNumberRequired()" name="asnumber" ref="asnumber">
+          <template #label>
+              <tooltip-label :title="$t('label.asnumber')" :tooltip="apiParams.asnumber.description"/>
+            </template>
+            <a-select
+             v-model:value="form.asnumber"
+              showSearch
+              optionFilterProp="label"
+              :filterOption="(input, option) => {
+                return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+              }"
+              :loading="asNumberLoading"
+              :placeholder="apiParams.asnumber.description"
+              @change="val => { handleASNumberChange(val) }">
+              <a-select-option v-for="(opt, optIndex) in asNumbersZone" :key="optIndex" :label="opt.asnumber">
+                {{ opt.asnumber }}
+              </a-select-option>
+            </a-select>
+        </a-form-item>
+        <a-form-item  v-if="form.advancedmode" name="cniconfigurationid" ref="cniconfigurationid">
+          <template #label>
+            <tooltip-label :title="$t('label.cniconfiguration')" :tooltip="$t('label.cniconfiguration')"/>
+          </template>
+            <user-data-selection
+              :items="cniConfigurationData"
+              :row-count="cniConfigurationData.length"
+              :zoneId="zoneId"
+              :loading="cniConfigLoading"
+              :preFillContent="dataPreFill"
+              :showSearch="false"
+              @select-user-data-item="($event) => updateCniConfig($event)"
+              @handle-search-filter="($event) => handleSearchFilter('userData', $event)"
+            />
+            <div v-if="cniConfigParams.length > 0">
+              <a-input-group>
+                <a-table
+                  size="small"
+                  style="overflow-y: auto"
+                  :columns="userDataParamCols"
+                  :dataSource="cniConfigParams"
+                  :pagination="false"
+                  :rowKey="record => record.key">
+                  <template #bodyCell="{ column, record }">
+                    <template v-if="column.key === 'value'">
+                      <div v-if="record.key === 'AS_NUMBER'">
+                        <a-input style="width: 100%;text-wrap: wrap;" :disabled="true" value="Value is obtained from the network or is automatically obtained at the time of cluster creation" />
+                      </div>
+                      <a-input v-else v-model:value="cniConfigValues[record.key]" />
+                    </template>
+                  </template>
+                </a-table>
+              </a-input-group>
+            </div>
+        </a-form-item>
 
         <!-- Experimentation Features -->
         <div v-if="$store.getters.features.kubernetesclusterexperimentalfeaturesenabled">
@@ -380,13 +434,15 @@ import { api } from '@/api'
 import { mixinForm } from '@/utils/mixin'
 import ResourceIcon from '@/components/view/ResourceIcon'
 import TooltipLabel from '@/components/widgets/TooltipLabel'
+import UserDataSelection from '@views/compute/wizard/UserDataSelection'
 
 export default {
   name: 'CreateKubernetesCluster',
   mixins: [mixinForm],
   components: {
     TooltipLabel,
-    ResourceIcon
+    ResourceIcon,
+    UserDataSelection
   },
   props: {},
   data () {
@@ -407,7 +463,28 @@ export default {
       templates: [],
       templateLoading: false,
       selectedZoneHypervisors: [],
-      hypervisorLoading: false
+      hypervisorLoading: false,
+      configLoading: false,
+      cniConfigurationData: [],
+      cniConfigLoading: false,
+      cniConfigParams: [],
+      cniConfigValues: {},
+      userDataParamCols: [
+        {
+          title: this.$t('label.key'),
+          dataIndex: 'key'
+        },
+        {
+          title: this.$t('label.value'),
+          dataIndex: 'value',
+          key: 'value'
+        }
+      ],
+      cksNetworkOfferingName: null,
+      cksNetworkOffering: null,
+      asNumbersZone: [],
+      asNumberLoading: false,
+      selectedAsNumber: 0
     }
   },
   beforeCreate () {
@@ -474,16 +551,25 @@ export default {
       this.fetchZoneData()
       this.fetchKeyPairData()
       this.fetchCksTemplates()
+      this.fetchCKSNetworkOfferingName()
+      this.fetchCniConfigurations()
     },
     isValidValueForKey (obj, key) {
       return key in obj && obj[key] != null
     },
+    isASNumberRequired () {
+      return !this.isObjectEmpty(this.cksNetworkOffering) && this.cksNetworkOffering.specifyasnumber && this.cksNetworkOffering.routingmode && this.cksNetworkOffering.routingmode.toLowerCase() === 'dynamic'
+    },
     arrayHasItems (array) {
       return array !== null && array !== undefined && Array.isArray(array) && array.length > 0
     },
     isObjectEmpty (obj) {
       return !(obj !== null && obj !== undefined && Object.keys(obj).length > 0 && obj.constructor === Object)
     },
+    isUserAllowedToListCniConfig () {
+      console.log(Boolean('listCniConfiguration' in this.$store.getters.apis))
+      return Boolean('listCniConfiguration' in this.$store.getters.apis)
+    },
     fetchZoneData () {
       const params = {}
       this.zoneLoading = true
@@ -507,6 +593,11 @@ export default {
       this.fetchKubernetesVersionData()
       this.fetchNetworkData()
       this.fetchZoneHypervisors()
+      this.fetchZoneASNumbers()
+    },
+    handleASNumberChange (selectedIndex) {
+      this.selectedAsNumber = this.asNumbersZone[selectedIndex].asnumber
+      this.form.asnumber = this.selectedAsNumber
     },
     fetchKubernetesVersionData () {
       this.kubernetesVersions = []
@@ -640,6 +731,83 @@ export default {
     handleZoneHypervisorChange (index) {
       this.form.hypervisor = index
     },
+    fetchCKSNetworkOfferingName () {
+      const params = {
+        name: 'cloud.kubernetes.cluster.network.offering'
+      }
+      this.configLoading = true
+      api('listConfigurations', params).then(json => {
+        if (json.listconfigurationsresponse.configuration !== null) {
+          const config = json.listconfigurationsresponse.configuration[0]
+          if (config && config.name === params.name) {
+            this.cksNetworkOfferingName = config.value
+          }
+        }
+      }).then(() => {
+        this.fetchCKSNetworkOffering(this.cksNetworkOfferingName)
+      }).finally(() => {
+        this.configLoading = false
+      })
+    },
+    fetchCKSNetworkOffering (offeringName) {
+      return new Promise((resolve, reject) => {
+        const args = {
+          name: offeringName
+        }
+
+        api('listNetworkOfferings', args).then(json => {
+          const listNetworkOfferings = json.listnetworkofferingsresponse.networkoffering || []
+          resolve(listNetworkOfferings)
+          this.cksNetworkOffering = listNetworkOfferings[0] || {}
+        }).catch(error => {
+          resolve(error)
+        })
+      })
+    },
+    fetchZoneASNumbers () {
+      const params = {}
+      params.zoneid = this.selectedZone.id
+      params.isallocated = false
+      api('listASNumbers', params).then(json => {
+        this.asNumbersZone = json.listasnumbersresponse.asnumber
+      })
+    },
+    fetchCniConfigurations () {
+      this.cniConfigLoading = true
+      api('listCniConfiguration', {}).then(
+        response => {
+          const listResponse = response.listcniconfigurationresponse.cniconfig || []
+          if (listResponse) {
+            this.cniConfigurationData = listResponse
+          }
+        }).finally(() => {
+        this.cniConfigLoading = false
+      })
+    },
+    updateCniConfig (id) {
+      if (id === '0') {
+        this.form.cniconfigurationid = undefined
+        return
+      }
+      this.form.cniconfigurationid = id
+      this.cniConfigParams = []
+      api('listCniConfiguration', { id: id }).then(json => {
+        const resp = json?.listcniconfigurationresponse?.cniconfig || []
+        if (resp) {
+          var params = resp[0].params
+          if (params) {
+            var dataParams = params.split(',')
+          }
+          var that = this
+          dataParams.forEach(function (val, index) {
+            that.cniConfigParams.push({
+              id: index,
+              key: val
+            })
+          })
+        }
+      })
+    },
     handleSubmit (e) {
       e.preventDefault()
       if (this.loading) return
@@ -719,6 +887,21 @@ export default {
           params.dockerregistryurl = values.dockerregistryurl
         }
 
+        if (values.cniconfigurationid) {
+          params.cniconfigurationid = values.cniconfigurationid
+        }
+
+        var idx = 0
+        if (this.cniConfigValues) {
+          for (const [key, value] of Object.entries(this.cniConfigValues)) {
+            params['cniconfigdetails[' + idx + '].' + `${key}`] = value
+            idx++
+          }
+        }
+        if ('asnumber' in values && this.isASNumberRequired()) {
+          params.asnumber = values.asnumber
+        }
+
         api('createKubernetesCluster', params).then(json => {
           const jobId = json.createkubernetesclusterresponse.jobid
           this.$pollJob({
diff --git a/ui/src/views/compute/RegisterUserData.vue b/ui/src/views/compute/RegisterUserData.vue
index 9e4b3623f6f4..67dce17234db 100644
--- a/ui/src/views/compute/RegisterUserData.vue
+++ b/ui/src/views/compute/RegisterUserData.vue
@@ -18,7 +18,7 @@
 <template>
   <div class="form-layout">
     <a-spin :spinning="loading" v-if="!isSubmitted">
-      <p v-html="$t('message.desc.register.user.data')"></p>
+      <p v-html="$route.name === 'userdata' ? $t('message.desc.register.user.data') : $t('message.desc.register.cni.config')"></p>
       <a-form
         v-ctrl-enter="handleSubmit"
         :ref="formRef"
@@ -35,20 +35,34 @@
             :placeholder="apiParams.name.description"
             v-focus="true" />
         </a-form-item>
-        <a-form-item name="userdata" ref="userdata">
-          <template #label>
-            <tooltip-label :title="$t('label.userdata')" :tooltip="apiParams.userdata.description"/>
-          </template>
-          <a-textarea
-            v-model:value="form.userdata"
-            :placeholder="apiParams.userdata.description"/>
-        </a-form-item>
+        <div v-if="$route.name === 'userdata'">
+          <a-form-item name="userdata" ref="userdata">
+            <template #label>
+              <tooltip-label :title="$t('label.userdata')" :tooltip="apiParams.userdata.description"/>
+            </template>
+            <a-textarea
+              v-model:value="form.userdata"
+              :placeholder="apiParams.userdata.description"/>
+          </a-form-item>
+        </div>
+        <div v-else>
+          <a-form-item name="cniconfig" ref="cniconfig">
+            <template #label>
+              <tooltip-label :title="$t('label.cniconfiguration')" :tooltip="apiParams.cniconfig.description"/>
+            </template>
+            <a-textarea
+              v-model:value="form.cniconfig"
+              :placeholder="apiParams.cniconfig.description"/>
+          </a-form-item>
+        </div>
         <a-form-item name="isbase64" ref="isbase64" :label="$t('label.is.base64.encoded')">
           <a-checkbox v-model:checked="form.isbase64"></a-checkbox>
         </a-form-item>
         <a-form-item name="params" ref="params">
           <template #label>
-            <tooltip-label :title="$t('label.userdataparams')" :tooltip="apiParams.params.description"/>
+            <tooltip-label
+              :title="$route.name === 'userdata' ? $t('label.userdataparams') : $t('label.cniconfigparams')"
+              :tooltip="apiParams.params.description"/>
           </template>
           <a-select
             mode="tags"
@@ -135,7 +149,7 @@ export default {
     }
   },
   beforeCreate () {
-    this.apiParams = this.$getApiParams('registerUserData')
+    this.apiParams = this.$route.name === 'userdata' ? this.$getApiParams('registerUserData') : this.$getApiParams('registerCniConfiguration')
   },
   created () {
     this.initForm()
@@ -210,13 +224,23 @@ export default {
           params.account = values.account
         }
 
-        params.userdata = values.isbase64 ? values.userdata : this.$toBase64AndURIEncoded(values.userdata)
+        let apiName = 'registerUserData'
+        if (this.$route.name === 'cniconfiguration') {
+          apiName = 'registerCniConfiguration'
+        }
+
+        if (apiName === 'registerUserData') {
+          params.userdata = values.isbase64 ? values.userdata : this.$toBase64AndURIEncoded(values.userdata)
+        } else {
+          params.cniconfig = values.isbase64 ? values.cniconfig : this.$toBase64AndURIEncoded(values.cniconfig)
+        }
+        console.log(params)
         if (values.params != null && values.params.length > 0) {
           var userdataparams = values.params.join(',')
           params.params = userdataparams
         }
 
-        api('registerUserData', {}, 'POST', params).then(json => {
+        api(apiName, {}, 'POST', params).then(json => {
           this.$message.success(this.$t('message.success.register.user.data') + ' ' + values.name)
         }).catch(error => {
           this.$notifyError(error)
@@ -226,7 +250,8 @@ export default {
           this.closeAction()
         })
       }).catch(error => {
-        this.formRef.value.scrollToField(error.errorFields[0].name)
+        console.log(error)
+        this.formRef.value.scrollToField(error?.errorFields?.[0]?.name)
       })
     },
     downloadKey () {
diff --git a/ui/src/views/compute/wizard/UserDataSelection.vue b/ui/src/views/compute/wizard/UserDataSelection.vue
index 74e3a3be400a..06eaefcc060f 100644
--- a/ui/src/views/compute/wizard/UserDataSelection.vue
+++ b/ui/src/views/compute/wizard/UserDataSelection.vue
@@ -18,6 +18,7 @@
 <template>
   <div>
     <a-input-search
+      v-if="showSearch"
       style="width: 25vw;float: right;margin-bottom: 10px; z-index: 8"
       :placeholder="$t('label.search')"
       v-model:value="filter"
@@ -34,6 +35,7 @@
     >
       <template #headerCell="{ column }">
         <template v-if="column.key === 'name'"><solution-outlined /> {{ $t('label.userdata') }}</template>
+        <template v-if="column.key === 'AS_NUMBER'"><user-outlined /> {{ $t('label.account') }}</template>
         <template v-if="column.key === 'account'"><user-outlined /> {{ $t('label.account') }}</template>
         <template v-if="column.key === 'domain'"><block-outlined /> {{ $t('label.domain') }}</template>
       </template>
@@ -72,6 +74,10 @@ export default {
     zoneId: {
       type: String,
       default: () => ''
+    },
+    showSearch: {
+      type: Boolean,
+      default: true
     }
   },
   data () {

From 51d4403adf7a79001df2b77d4a1d93519da8938a Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 26 Jun 2024 17:24:14 -0400
Subject: [PATCH 40/88] CKS: Do not pass AS number when network ID is passed

---
 .../cluster/actionworkers/KubernetesClusterStartWorker.java     | 2 +-
 ui/src/views/compute/CreateKubernetesCluster.vue                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 408e2599a1e7..ec1caa70cca2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -256,8 +256,8 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
             String cniConfig = new String(Base64.decodeBase64(cniConfigVo.getUserData()));
             if (Objects.nonNull(asNumber)) {
                 cniConfig = substituteASNumber(cniConfig, asNumber);
-                cniConfig = Base64.encodeBase64String(cniConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
             }
+            cniConfig = Base64.encodeBase64String(cniConfig.getBytes(com.cloud.utils.StringUtils.getPreferredCharset()));
             base64UserData = userDataManager.concatenateUserData(base64UserData, cniConfig, null);
         }
 
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index f47d3737f14a..8ccaba5ec9c7 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -329,7 +329,7 @@
             </a-select-option>
           </a-select>
         </a-form-item>
-        <a-form-item v-if="form.advancedmode && isASNumberRequired()" name="asnumber" ref="asnumber">
+        <a-form-item v-if="form.advancedmode && isASNumberRequired() && !form.networkid" name="asnumber" ref="asnumber">
           <template #label>
               <tooltip-label :title="$t('label.asnumber')" :tooltip="apiParams.asnumber.description"/>
             </template>

From 1dadd257a503e746e6a3dcd5aeba6f95d8981b7f Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 8 Jul 2024 07:58:06 -0400
Subject: [PATCH 41/88] Fix deletion of Userdata / CNI Configuration in
 projects

---
 .../KubernetesClusterActionWorker.java        |  2 +-
 .../java/com/cloud/api/ApiResponseHelper.java |  2 +-
 .../cloud/server/ManagementServerImpl.java    |  2 +-
 ui/src/config/section/compute.js              | 20 +++++++++++++++----
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 83cd52684caf..13fb43ffac3e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -750,7 +750,7 @@ protected boolean taintControlNodes() {
             try {
                 Thread.sleep(5 * 1000L);
             } catch (InterruptedException ie) {
-                LOGGER.error(String.format("Error while attempting to taint nodes on Kubernetes cluster: %s", kubernetesCluster.getName()), ie);
+                logger.error(String.format("Error while attempting to taint nodes on Kubernetes cluster: %s", kubernetesCluster.getName()), ie);
             }
             retryCounter++;
         }
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 81757721a3f7..794f7aa96e52 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -5416,7 +5416,7 @@ public ASNumberResponse createASNumberResponse(ASNumber asn) {
             String rangeText = String.format("%s-%s", range.getStartASNumber(), range.getEndASNumber());
             response.setAsNumberRange(rangeText);
         } else {
-            s_logger.info("is null for as number: "+ asn.getAsNumber());
+            logger.info("is null for as number: "+ asn.getAsNumber());
         }
         response.setAllocated(asn.getAllocatedTime());
         response.setAllocationState(asn.isAllocated() ? "Allocated" : "Free");
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 73a466e3aaa4..9fa231f6cc52 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -4999,7 +4999,7 @@ protected Account getCaller() {
         return caller;
     }
 
-    private SSHKeyPair createAndSaveSSHKeyPair(final String name, final String fingerprint, final String publicKey, final String privateKey, final Account owner) {
+    private SSHKeyPair  createAndSaveSSHKeyPair(final String name, final String fingerprint, final String publicKey, final String privateKey, final Account owner) {
         final SSHKeyPairVO newPair = new SSHKeyPairVO();
 
         newPair.setAccountId(owner.getAccountId());
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index c26284ae071e..9c306f160938 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -963,11 +963,14 @@ export default {
           label: 'label.remove.user.data',
           message: 'message.please.confirm.remove.user.data',
           dataView: true,
-          args: ['id', 'account', 'domainid'],
+          args: ['id', 'account', 'domainid', 'projectid'],
           mapping: {
             id: {
               value: (record, params) => { return record.id }
             },
+            projectid: {
+              value: (record, params) => { return record.projectid }
+            },
             account: {
               value: (record, params) => { return record.account }
             },
@@ -981,7 +984,10 @@ export default {
             return selection.map(x => {
               const data = record.filter(y => { return y.id === x })
               return {
-                id: x, account: data[0].account, domainid: data[0].domainid
+                id: x,
+                account: data[0].account,
+                domainid: data[0].domainid,
+                projectid: data[0].projectid
               }
             })
           }
@@ -1040,11 +1046,14 @@ export default {
           label: 'label.remove.user.data',
           message: 'message.please.confirm.remove.user.data',
           dataView: true,
-          args: ['id', 'account', 'domainid'],
+          args: ['id', 'account', 'domainid', 'projectid'],
           mapping: {
             id: {
               value: (record, params) => { return record.id }
             },
+            projectid: {
+              value: (record, params) => { return record.projectid }
+            },
             account: {
               value: (record, params) => { return record.account }
             },
@@ -1058,7 +1067,10 @@ export default {
             return selection.map(x => {
               const data = record.filter(y => { return y.id === x })
               return {
-                id: x, account: data[0].account, domainid: data[0].domainid
+                id: x,
+                account: data[0].account,
+                domainid: data[0].domainid,
+                projectid: data[0].projectid
               }
             })
           }

From e5d377a1adcade17fd855c54157f7b683eb6386a Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 8 Jul 2024 07:58:53 -0400
Subject: [PATCH 42/88] CKS: Add CNI configuration details to the response and
 UI

---
 .../org/apache/cloudstack/api/ApiConstants.java  |  1 +
 .../cluster/KubernetesClusterManagerImpl.java    | 10 ++++++++++
 .../api/response/KubernetesClusterResponse.java  | 16 ++++++++++++++++
 ui/public/locales/en.json                        |  1 +
 ui/src/components/view/DetailsTab.vue            |  3 +++
 ui/src/config/section/compute.js                 |  2 +-
 6 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 4381447a4bf8..93edc1429d4f 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -115,6 +115,7 @@ public class ApiConstants {
     public static final String CNI_CONFIG = "cniconfig";
     public static final String CNI_CONFIG_ID = "cniconfigurationid";
     public static final String CNI_CONFIG_DETAILS = "cniconfigdetails";
+    public static final String CNI_CONFIG_NAME = "cniconfigname";
     public static final String COMPONENT = "component";
     public static final String CPU_CORE_PER_SOCKET = "cpucorepersocket";
     public static final String CPU_NUMBER = "cpunumber";
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index ab8fe3e4308b..fbddb46bd20e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -63,7 +63,9 @@
 import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.template.TemplateApiService;
+import com.cloud.user.UserDataVO;
 import com.cloud.user.dao.AccountDao;
+import com.cloud.user.dao.UserDataDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmService;
@@ -256,6 +258,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected ServiceOfferingDao serviceOfferingDao;
     @Inject
+    protected UserDataDao userDataDao;
+    @Inject
     protected VMTemplateDao templateDao;
     @Inject
     protected TemplateJoinDao templateJoinDao;
@@ -705,6 +709,12 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
             response.setServiceOfferingName(offering.getName());
         }
 
+        Long cniConfigId = kubernetesCluster.getCniConfigId();
+        if (Objects.nonNull(cniConfigId)) {
+            UserDataVO cniConfig = userDataDao.findById(cniConfigId);
+            response.setCniConfigId(cniConfig.getUuid());
+            response.setCniConfigName(cniConfig.getName());
+        }
         setNodeTypeServiceOfferingResponse(response, WORKER, kubernetesCluster.getWorkerServiceOfferingId());
         setNodeTypeServiceOfferingResponse(response, CONTROL, kubernetesCluster.getControlServiceOfferingId());
         setNodeTypeServiceOfferingResponse(response, ETCD, kubernetesCluster.getEtcdServiceOfferingId());
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
index dc2721474d67..b811f4f9dcbd 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
@@ -135,6 +135,14 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "keypair details")
     private String keypair;
 
+    @SerializedName(ApiConstants.CNI_CONFIG_ID)
+    @Param(description = "ID of CNI Configuration associated with the cluster")
+    private String cniConfigId;
+
+    @SerializedName(ApiConstants.CNI_CONFIG_NAME)
+    @Param(description = "Name of CNI Configuration associated with the cluster")
+    private String cniConfigName;
+
     @Deprecated(since = "4.16")
     @SerializedName(ApiConstants.MASTER_NODES)
     @Param(description = "the master nodes count for the Kubernetes cluster. This parameter is deprecated, please use 'controlnodes' parameter.")
@@ -499,4 +507,12 @@ public KubernetesCluster.ClusterType getClusterType() {
     public void setClusterType(KubernetesCluster.ClusterType clusterType) {
         this.clusterType = clusterType;
     }
+
+    public void setCniConfigId(String cniConfigId) {
+        this.cniConfigId = cniConfigId;
+    }
+
+    public void setCniConfigName(String cniConfigName) {
+        this.cniConfigName = cniConfigName;
+    }
 }
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 9ab009bae25c..1ccf1457366b 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2650,6 +2650,7 @@
 "label.usersecretkey": "Secret Key",
 "label.create.bucket": "Create Bucket",
 "label.cniconfiguration": "CNI Configuration",
+"label.cniconfigname": "Associated CNI Configuration",
 "label.cniconfigparams": "CNI Configuration parameters",
 "message.acquire.ip.failed": "Failed to acquire IP.",
 "message.action.acquire.ip": "Please confirm that you want to acquire new IP.",
diff --git a/ui/src/components/view/DetailsTab.vue b/ui/src/components/view/DetailsTab.vue
index 71bb544f0798..d76da5f0d452 100644
--- a/ui/src/components/view/DetailsTab.vue
+++ b/ui/src/components/view/DetailsTab.vue
@@ -132,6 +132,9 @@
           <div v-else-if="item === 'usersource'">
             {{ $t(getUserSourceLabel(dataResource[item])) }}
           </div>
+          <div v-else-if="$route.meta.name === 'kubernetes' && item === 'cniconfigname'">
+              <router-link :to="{ path: '/cniconfiguration/' + dataResource.cniconfigurationid }">{{ dataResource.cniconfigname }}</router-link>
+          </div>
           <div v-else>{{ dataResource[item] }}</div>
         </div>
       </a-list-item>
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index 9c306f160938..8759bea992a5 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -552,7 +552,7 @@ export default {
         const filters = ['cloud.managed', 'external.managed']
         return filters
       },
-      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'etcdnodes', 'cpunumber', 'memory', 'keypair', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
+      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'etcdnodes', 'cpunumber', 'memory', 'keypair', 'cniconfigname', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
       tabs: [
         {
           name: 'k8s',

From b3ff5a3eef7989b3115ae3a8cd6ef0afb3a19b1f Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 8 Jul 2024 08:03:17 -0400
Subject: [PATCH 43/88] Explicit events for registering cni configuration

---
 .../com/cloud/server/ManagementService.java   | 14 +++++++--
 .../userdata/RegisterCniConfigurationCmd.java |  2 +-
 .../cloud/server/ManagementServerImpl.java    | 30 ++++++++++++-------
 3 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/api/src/main/java/com/cloud/server/ManagementService.java b/api/src/main/java/com/cloud/server/ManagementService.java
index 377fbfb5f078..2de6e4b9ffb8 100644
--- a/api/src/main/java/com/cloud/server/ManagementService.java
+++ b/api/src/main/java/com/cloud/server/ManagementService.java
@@ -59,9 +59,10 @@
 import org.apache.cloudstack.api.command.user.ssh.DeleteSSHKeyPairCmd;
 import org.apache.cloudstack.api.command.user.ssh.ListSSHKeyPairsCmd;
 import org.apache.cloudstack.api.command.user.ssh.RegisterSSHKeyPairCmd;
-import org.apache.cloudstack.api.command.user.userdata.BaseRegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.DeleteUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.ListUserDataCmd;
+import org.apache.cloudstack.api.command.user.userdata.RegisterCniConfigurationCmd;
+import org.apache.cloudstack.api.command.user.userdata.RegisterUserDataCmd;
 import org.apache.cloudstack.api.command.user.vm.GetVMPasswordCmd;
 import org.apache.cloudstack.api.command.user.vmgroup.UpdateVMGroupCmd;
 import org.apache.cloudstack.config.Configuration;
@@ -362,14 +363,21 @@ public interface ManagementService {
      */
     Pair<List<? extends UserData>, Integer> listUserDatas(ListUserDataCmd cmd, boolean forCks);
 
+    /**
+     * Registers a cni configuration.
+     *
+     * @param cmd    The api command class.
+     * @return A VO with the registered userdata.
+     */
+    UserData registerCniConfigration(RegisterCniConfigurationCmd cmd);
+
     /**
      * Registers a userdata.
      *
      * @param cmd    The api command class.
-     * @param forCks
      * @return A VO with the registered userdata.
      */
-    UserData registerUserData(BaseRegisterUserDataCmd cmd);
+    UserData registerUserData(RegisterUserDataCmd cmd);
     /**
      * Deletes a userdata.
      *
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
index 0a5f687f3928..5e07356a4ad6 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
@@ -57,7 +57,7 @@ public String getCniConfig() {
 
     @Override
     public void execute() {
-        UserData result = _mgr.registerUserData(this);
+        UserData result = _mgr.registerCniConfigration(this);
         UserDataResponse response = _responseGenerator.createUserDataResponse(result);
         response.setResponseName(getCommandName());
         response.setObjectName(ApiConstants.CNI_CONFIG);
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 9fa231f6cc52..2c6121650795 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -4877,27 +4877,35 @@ public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataC
         return new Pair<>(result.first(), result.second());
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_REGISTER_CNI_CONFIG, eventDescription = "registering CNI configration", async = true)
+    public UserData registerCniConfigration(RegisterCniConfigurationCmd cmd) {
+        final Account owner = getOwner(cmd);
+        checkForUserDataByName(cmd, owner);
+        final String name = cmd.getName();
+
+        String userdata = cmd.getCniConfig();
+        final String params = cmd.getParams();
+
+        userdata = userDataManager.validateUserData(userdata, cmd.getHttpMethod());
+
+        return createAndSaveUserData(name, userdata, params, owner, true);
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_REGISTER_USER_DATA, eventDescription = "registering userdata", async = true)
-    public UserData registerUserData(final BaseRegisterUserDataCmd cmd) {
+    public UserData registerUserData(final RegisterUserDataCmd cmd) {
         final Account owner = getOwner(cmd);
         checkForUserDataByName(cmd, owner);
         final String name = cmd.getName();
 
-        boolean forCks = false;
-        String userdata = null;
-        if (cmd instanceof RegisterUserDataCmd) {
-            userdata = ((RegisterUserDataCmd) cmd).getUserData();
-            checkForUserData(((RegisterUserDataCmd) cmd), owner);
-        } else {
-            userdata = ((RegisterCniConfigurationCmd) cmd).getCniConfig();
-            forCks = true;
-        }
+        String userdata = cmd.getUserData();
+        checkForUserData(cmd, owner);
         final String params = cmd.getParams();
 
         userdata = userDataManager.validateUserData(userdata, cmd.getHttpMethod());
 
-        return createAndSaveUserData(name, userdata, params, owner, forCks);
+        return createAndSaveUserData(name, userdata, params, owner, false);
     }
 
     /**

From 30676411e45306802a614e9c00cb2560a005b658 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 8 Jul 2024 08:11:48 -0400
Subject: [PATCH 44/88] Add Delete cni configuration API

---
 .../main/java/com/cloud/event/EventTypes.java |  1 +
 .../com/cloud/server/ManagementService.java   |  9 +++
 .../userdata/DeleteCniConfigurationCmd.java   | 73 +++++++++++++++++++
 .../cloud/server/ManagementServerImpl.java    |  8 ++
 ui/public/locales/en.json                     |  2 +
 ui/src/config/section/compute.js              |  6 +-
 6 files changed, 96 insertions(+), 3 deletions(-)
 create mode 100644 api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java

diff --git a/api/src/main/java/com/cloud/event/EventTypes.java b/api/src/main/java/com/cloud/event/EventTypes.java
index d73bd056022f..1a814658a036 100644
--- a/api/src/main/java/com/cloud/event/EventTypes.java
+++ b/api/src/main/java/com/cloud/event/EventTypes.java
@@ -290,6 +290,7 @@ public class EventTypes {
     //registering userdata events
     public static final String EVENT_REGISTER_USER_DATA = "REGISTER.USER.DATA";
     public static final String EVENT_REGISTER_CNI_CONFIG = "REGISTER.CNI.CONFIG";
+    public static final String EVENT_DELETE_CNI_CONFIG = "DELETE.CNI.CONFIG";
 
     //register for user API and secret keys
     public static final String EVENT_REGISTER_FOR_SECRET_API_KEY = "REGISTER.USER.KEY";
diff --git a/api/src/main/java/com/cloud/server/ManagementService.java b/api/src/main/java/com/cloud/server/ManagementService.java
index 2de6e4b9ffb8..3b8fb2c5e4b9 100644
--- a/api/src/main/java/com/cloud/server/ManagementService.java
+++ b/api/src/main/java/com/cloud/server/ManagementService.java
@@ -59,6 +59,7 @@
 import org.apache.cloudstack.api.command.user.ssh.DeleteSSHKeyPairCmd;
 import org.apache.cloudstack.api.command.user.ssh.ListSSHKeyPairsCmd;
 import org.apache.cloudstack.api.command.user.ssh.RegisterSSHKeyPairCmd;
+import org.apache.cloudstack.api.command.user.userdata.DeleteCniConfigurationCmd;
 import org.apache.cloudstack.api.command.user.userdata.DeleteUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.ListUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.RegisterCniConfigurationCmd;
@@ -387,6 +388,14 @@ public interface ManagementService {
      */
     boolean deleteUserData(DeleteUserDataCmd cmd);
 
+    /**
+     * Deletes a userdata.
+     *
+     * @param cmd
+     *            The api command class.
+     * @return True on success. False otherwise.
+     */
+    boolean deleteCniConfiguration(DeleteCniConfigurationCmd cmd);
     /**
      * Search registered key pairs for the logged in user.
      *
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
new file mode 100644
index 000000000000..77dd514bbb00
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
@@ -0,0 +1,73 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.userdata;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import com.cloud.user.Account;
+import com.cloud.user.UserData;
+
+
+@APICommand(name = "deleteCniConfiguration", description = "Deletes a CNI Configuration", responseObject = SuccessResponse.class, entityType = {UserData.class},
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.19",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class DeleteCniConfigurationCmd extends DeleteUserDataCmd {
+
+    public static final Logger s_logger = Logger.getLogger(DeleteUserDataCmd.class.getName());
+
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        boolean result = _mgr.deleteCniConfiguration(this);
+        if (result) {
+            SuccessResponse response = new SuccessResponse(getCommandName());
+            response.setSuccess(result);
+            setResponseObject(response);
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete userdata");
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        Account account = CallContext.current().getCallingAccount();
+        Long domainId = this.getDomainId();
+        String accountName = this.getAccountName();
+        if ((account == null || _accountService.isAdmin(account.getId())) && (domainId != null && accountName != null)) {
+            Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+            if (userAccount != null) {
+                return userAccount.getId();
+            }
+        }
+
+        if (account != null) {
+            return account.getId();
+        }
+
+        return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+    }
+}
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 2c6121650795..2fbafb823aba 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -520,6 +520,7 @@
 import org.apache.cloudstack.api.command.user.template.UpdateTemplateCmd;
 import org.apache.cloudstack.api.command.user.template.UpdateTemplatePermissionsCmd;
 import org.apache.cloudstack.api.command.user.userdata.BaseRegisterUserDataCmd;
+import org.apache.cloudstack.api.command.user.userdata.DeleteCniConfigurationCmd;
 import org.apache.cloudstack.api.command.user.userdata.DeleteUserDataCmd;
 import org.apache.cloudstack.api.command.user.userdata.LinkUserDataToTemplateCmd;
 import org.apache.cloudstack.api.command.user.userdata.ListCniConfigurationCmd;
@@ -4035,6 +4036,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(LinkUserDataToTemplateCmd.class);
         cmdList.add(RegisterCniConfigurationCmd.class);
         cmdList.add(ListCniConfigurationCmd.class);
+        cmdList.add(DeleteCniConfigurationCmd.class);
 
         //object store APIs
         cmdList.add(AddObjectStoragePoolCmd.class);
@@ -4833,6 +4835,12 @@ public boolean deleteUserData(final DeleteUserDataCmd cmd) {
         return userDataDao.remove(userData.getId());
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DELETE_CNI_CONFIG, eventDescription = "CNI Configuration deletion")
+    public boolean deleteCniConfiguration(DeleteCniConfigurationCmd cmd) {
+        return deleteUserData(cmd);
+    }
+
     @Override
     public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataCmd cmd, final boolean forCks) {
         final Long id = cmd.getId();
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 1ccf1457366b..856fb0b72a5a 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1893,6 +1893,7 @@
 "label.remove": "Remove",
 "label.remove.annotation": "Remove comment",
 "label.remove.bgp.peer": "Remove BGP peer",
+"label.remove.cni.configuration": "Remove CNI configuration",
 "label.remove.egress.rule": "Remove egress rule",
 "label.remove.interface.route.table": "Remove Tungsten interface route table",
 "label.remove.ip.range": "Remove IP range",
@@ -3362,6 +3363,7 @@
 "message.password.reset.success": "Password has been reset successfully. Please login using your new credentials.",
 "message.path": "Path : ",
 "message.path.description": "NFS: exported path from the server. VMFS: /datacenter name/datastore name. SharedMountPoint: path where primary storage is mounted, such as /mnt/primary.",
+"message.please.confirm.remove.cni.configuration": "Please confirm that you want to remove this CNI Configuration",
 "message.please.confirm.remove.ssh.key.pair": "Please confirm that you want to remove this SSH key pair.",
 "message.please.confirm.remove.user.data": "Please confirm that you want to remove this Userdata",
 "message.please.enter.valid.value": "Please enter a valid value.",
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index 8759bea992a5..40e53409eba4 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -1041,10 +1041,10 @@ export default {
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/RegisterUserData.vue')))
         },
         {
-          api: 'deleteUserData',
+          api: 'deleteCniConfiguration',
           icon: 'delete-outlined',
-          label: 'label.remove.user.data',
-          message: 'message.please.confirm.remove.user.data',
+          label: 'label.remove.cni.configuration',
+          message: 'message.please.confirm.remove.cni.configuration',
           dataView: true,
           args: ['id', 'account', 'domainid', 'projectid'],
           mapping: {

From 8826d3792ca7e6562f2b3c714810ff721afad2cd Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 10 Jul 2024 09:02:19 -0400
Subject: [PATCH 45/88] Fix CKS deployment when using VPC tiers with custom
 ACLs

---
 .../org/apache/cloudstack/service/NsxElement.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
index 7673e5a60386..885c54de48aa 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -94,6 +94,7 @@
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.TransactionCallback;
 import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VMInstanceVO;
@@ -121,6 +122,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -862,17 +864,17 @@ protected NsxNetworkRule.NsxRuleAction transformActionValue(NetworkACLItem.Actio
      * Replace 0.0.0.0/0 to ANY on each occurrence
      */
     protected List<String> transformCidrListValues(List<String> sourceCidrList) {
-        List<String> list = new ArrayList<>();
+        Set<String> set = new HashSet<>();
         if (org.apache.commons.collections.CollectionUtils.isNotEmpty(sourceCidrList)) {
             for (String cidr : sourceCidrList) {
-                if (cidr.equals("0.0.0.0/0")) {
-                    list.add("ANY");
+                if (cidr.equals(NetUtils.ALL_IP4_CIDRS) || cidr.equals(NetUtils.ALL_IP6_CIDRS)) {
+                    set.add("ANY");
                 } else {
-                    list.add(cidr);
+                    set.add(cidr);
                 }
             }
         }
-        return list;
+        return set.stream().sorted().collect(Collectors.toList());
     }
 
     @Override

From 84eca88a570d2354c0de8498fbf8ee0029bee40a Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Mon, 15 Jul 2024 10:50:06 -0300
Subject: [PATCH 46/88] Fix DNS list on VR

---
 systemvm/debian/opt/cloud/bin/cs/CsDhcp.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index ce9493c5e695..b92a8a82674a 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -113,7 +113,9 @@ def configure_server(self):
                 if (self.config.is_vpc() or self.config.is_router()) and ('is_vr_guest_gateway' in gn.data and gn.data['is_vr_guest_gateway']):
                   if gateway in dns_list:
                     dns_list.remove(gateway)
-                  if gn.data['router_guest_ip'] != ip:
+                  if gn.data['router_guest_ip'] != gn.data['router_guest_gateway']:
+                    dns_list.insert(0, gn.data['router_guest_ip'])
+                  else:
                     dns_list.insert(0, ip)
                 elif self.config.is_dhcp() and not self.config.use_extdns():
                     guest_ip = self.config.address().get_guest_ip()

From 749a71d957c37dfedfe3140e5715cef460edb007 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 17 Jul 2024 09:05:10 -0400
Subject: [PATCH 47/88] CKS: Use Network offering of the network passed during
 CKS cluster creation to get the AS number

---
 .../user/kubernetes/cluster/CreateKubernetesClusterCmd.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index abd5bd013aa2..10db364cef3f 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -35,6 +35,7 @@
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.utils.Pair;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
@@ -62,7 +63,6 @@
 import com.cloud.kubernetes.cluster.KubernetesCluster;
 import com.cloud.kubernetes.cluster.KubernetesClusterEventTypes;
 import com.cloud.kubernetes.cluster.KubernetesClusterService;
-import com.cloud.utils.Pair;
 import com.cloud.utils.exception.CloudRuntimeException;
 
 @APICommand(name = "createKubernetesCluster",

From 27d08e2f3f9a48095b992824aa5635ef5cb09a81 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 17 Jul 2024 12:09:26 -0400
Subject: [PATCH 48/88] CKS cluster with guest IP

---
 .../KubernetesClusterStartWorker.java         | 24 +++++++++++--------
 ui/src/views/AutogenView.vue                  |  2 --
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index ec1caa70cca2..f973afa12947 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -216,7 +216,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         return new Pair<>(k8sControlNodeConfig, controlNodeIp);
     }
 
-    private UserVm createKubernetesControlNode(final Network network, String serverIp, List<Network.IpAddresses> etcdIps, Long domainId, Long accountId, Long asNumber) throws ManagementServerException,
+    private Pair<UserVm,String> createKubernetesControlNode(final Network network, String serverIp, List<Network.IpAddresses> etcdIps, Long domainId, Long accountId, Long asNumber) throws ManagementServerException,
             ResourceUnavailableException, InsufficientCapacityException {
         UserVm controlVm = null;
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
@@ -288,7 +288,7 @@ private UserVm createKubernetesControlNode(final Network network, String serverI
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Created control VM ID: %s, %s in the Kubernetes cluster : %s", controlVm.getUuid(), hostName, kubernetesCluster.getName()));
         }
-        return controlVm;
+        return new Pair<>(controlVm, k8sControlNodeConfigAndControlIp.second());
     }
 
     private String substituteASNumber(String cniConfig, Long asNumber) {
@@ -504,11 +504,13 @@ private UserVm createEtcdNode(List<Network.IpAddresses> requestedIps, List<Strin
         return etcdNode;
     }
 
-    private UserVm provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress, final List<Network.IpAddresses> etcdIps,
+    private Pair<UserVm, String> provisionKubernetesClusterControlVm(final Network network, final String publicIpAddress, final List<Network.IpAddresses> etcdIps,
                                                        final Long domainId, final Long accountId, Long asNumber) throws
             ManagementServerException, InsufficientCapacityException, ResourceUnavailableException {
         UserVm k8sControlVM = null;
-        k8sControlVM = createKubernetesControlNode(network, publicIpAddress, etcdIps, domainId, accountId, asNumber);
+        Pair<UserVm, String> k8sControlVMAndControlIP;
+        k8sControlVMAndControlIP = createKubernetesControlNode(network, publicIpAddress, etcdIps, domainId, accountId, asNumber);
+        k8sControlVM = k8sControlVMAndControlIP.first();
         addKubernetesClusterVm(kubernetesCluster.getId(), k8sControlVM.getId(), true, false, false, false);
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
@@ -521,17 +523,17 @@ private UserVm provisionKubernetesClusterControlVm(final Network network, final
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Provisioned the control VM : %s in to the Kubernetes cluster : %s", k8sControlVM.getDisplayName(), kubernetesCluster.getName()));
         }
-        return k8sControlVM;
+        return new Pair<>(k8sControlVM, k8sControlVMAndControlIP.second());
     }
 
-    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String publicIpAddress, final Long domainId,
+    private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String controlIpAddress, final Long domainId,
                                                                         final Long accountId) throws
             InsufficientCapacityException, ManagementServerException, ResourceUnavailableException {
         List<UserVm> additionalControlVms = new ArrayList<>();
         if (kubernetesCluster.getControlNodeCount() > 1) {
             for (int i = 1; i < kubernetesCluster.getControlNodeCount(); i++) {
                 UserVm vm = null;
-                vm = createKubernetesAdditionalControlNode(publicIpAddress, i, domainId, accountId);
+                vm = createKubernetesAdditionalControlNode(controlIpAddress, i, domainId, accountId);
                 addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), true, false, false, false);
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
@@ -767,12 +769,14 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId, Lon
         }
 
         List<UserVm> clusterVMs = new ArrayList<>();
+        Pair<UserVm, String> k8sControlVMAndIp = new Pair<>(null, null);
         UserVm k8sControlVM = null;
         try {
-            k8sControlVM = provisionKubernetesClusterControlVm(network, publicIpAddress, etcdGuestNodeIps, domainId, accountId, asNumber);
+            k8sControlVMAndIp = provisionKubernetesClusterControlVm(network, publicIpAddress, etcdGuestNodeIps, domainId, accountId, asNumber);
         } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the control VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
+        k8sControlVM = k8sControlVMAndIp.first();
         clusterVMs.add(k8sControlVM);
         if (StringUtils.isEmpty(publicIpAddress)) {
             publicIpSshPort = getKubernetesClusterServerIpSshPort(k8sControlVM);
@@ -782,13 +786,13 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId, Lon
             }
         }
         try {
-            List<UserVm> additionalControlVMs = provisionKubernetesClusterAdditionalControlVms(publicIpAddress, domainId, accountId);
+            List<UserVm> additionalControlVMs = provisionKubernetesClusterAdditionalControlVms(k8sControlVMAndIp.second(), domainId, accountId);
             clusterVMs.addAll(additionalControlVMs);
         }  catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning additional control VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
         try {
-            List<UserVm> nodeVMs = provisionKubernetesClusterNodeVms(kubernetesCluster.getNodeCount(), publicIpAddress, domainId, accountId);
+            List<UserVm> nodeVMs = provisionKubernetesClusterNodeVms(kubernetesCluster.getNodeCount(), k8sControlVMAndIp.second(), domainId, accountId);
             clusterVMs.addAll(nodeVMs);
         }  catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning node VM failed in the Kubernetes cluster : %s", kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
diff --git a/ui/src/views/AutogenView.vue b/ui/src/views/AutogenView.vue
index 63f51a954bea..d46725490e66 100644
--- a/ui/src/views/AutogenView.vue
+++ b/ui/src/views/AutogenView.vue
@@ -955,8 +955,6 @@ export default {
         }
       }
 
-      console.log(params)
-
       if (this.$store.getters.listAllProjects && !this.projectView) {
         params.projectid = '-1'
       }

From c884423b96a6130958d1b9df91371e7c62257d34 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Fri, 19 Jul 2024 10:07:38 -0300
Subject: [PATCH 49/88] Fix: Use control node guest IP as join IP for external
 nodes addition

---
 .../cluster/actionworkers/KubernetesClusterAddWorker.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
index 2853c00fc089..8b694adf1cca 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterAddWorker.java
@@ -88,7 +88,8 @@ public boolean addNodesToCluster(List<Long> nodeIds, boolean mountCksIsoOnVr, bo
             }
             attachCksIsoForNodesAdditionToCluster(nodeIds, kubernetesCluster.getId(), mountCksIsoOnVr);
             stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.AddNodeRequested);
-            Ternary<Integer, Long, Long> nodesAddedAndMemory = importNodeToCluster(nodeIds, network, publicIp, mountCksIsoOnVr);
+            String controlNodeGuestIp = getControlVmPrivateIp();
+            Ternary<Integer, Long, Long> nodesAddedAndMemory = importNodeToCluster(nodeIds, network, publicIp, controlNodeGuestIp, mountCksIsoOnVr);
             int nodesAdded = nodesAddedAndMemory.first();
             updateKubernetesCluster(kubernetesCluster.getId(), nodesAddedAndMemory, manualUpgrade);
             if (nodeIds.size() != nodesAdded) {
@@ -180,7 +181,8 @@ public void attachAndServeIsoOnVirtualRouter(Long kubernetesClusterId) {
         }
     }
 
-    private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Network network, IpAddress publicIp, boolean mountCksIsoOnVr) {
+    private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Network network, IpAddress publicIp,
+                                                             String controlNodeGuestIp, boolean mountCksIsoOnVr) {
         int nodeIndex = 0;
         Long additionalMemory = 0L;
         Long additionalCores = 0L;
@@ -188,7 +190,7 @@ private Ternary<Integer, Long, Long> importNodeToCluster(List<Long> nodeIds, Net
             UserVmVO vm = userVmDao.findById(nodeId);
             String k8sControlNodeConfig = null;
             try {
-                k8sControlNodeConfig = getKubernetesNodeConfig(publicIp.getAddress().addr(), Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()), mountCksIsoOnVr);
+                k8sControlNodeConfig = getKubernetesNodeConfig(controlNodeGuestIp, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()), mountCksIsoOnVr);
             } catch (IOException e) {
                 logAndThrow(Level.ERROR, "Failed to read Kubernetes control node configuration file", e);
             }

From 1952f2e7dd2a72e3a6a181335dd37b6359297495 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 31 Jul 2024 08:54:21 -0400
Subject: [PATCH 50/88] Fix DNS resolver issue

---
 systemvm/debian/opt/cloud/bin/cs/CsDhcp.py                  | 4 +---
 .../cks/ubuntu/22.04/scripts/configure-cloud-init.sh        | 2 +-
 tools/appliance/cks/ubuntu/build.sh                         | 6 +++---
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index b92a8a82674a..ce9493c5e695 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -113,9 +113,7 @@ def configure_server(self):
                 if (self.config.is_vpc() or self.config.is_router()) and ('is_vr_guest_gateway' in gn.data and gn.data['is_vr_guest_gateway']):
                   if gateway in dns_list:
                     dns_list.remove(gateway)
-                  if gn.data['router_guest_ip'] != gn.data['router_guest_gateway']:
-                    dns_list.insert(0, gn.data['router_guest_ip'])
-                  else:
+                  if gn.data['router_guest_ip'] != ip:
                     dns_list.insert(0, ip)
                 elif self.config.is_dhcp() and not self.config.use_extdns():
                     guest_ip = self.config.address().get_guest_ip()
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
index ca58d43f4478..ccb4b455a86a 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
@@ -19,7 +19,7 @@
 function install_packages() {
     apt-get install -y rsyslog logrotate cron net-tools ifupdown cloud-guest-utils conntrack apt-transport-https ca-certificates curl \
      gnupg gnupg-agent software-properties-common gnupg lsb-release
-    apt-get install -y python3-json-pointer python3-jsonschema cloud-init
+    apt-get install -y python3-json-pointer python3-jsonschema cloud-init resolvconf
 
     sudo mkdir -p /etc/apt/keyrings
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
diff --git a/tools/appliance/cks/ubuntu/build.sh b/tools/appliance/cks/ubuntu/build.sh
index 8ac0e6f84cc7..0d9d8ea4e49b 100755
--- a/tools/appliance/cks/ubuntu/build.sh
+++ b/tools/appliance/cks/ubuntu/build.sh
@@ -16,15 +16,15 @@
 # specific language governing permissions and limitations
 # under the License.
 
-# build script which wraps around packer and virtualbox to create the systemvm template
+# build script which wraps around packer and virtualbox to create the CKS template
 
 function usage() {
   cat <<END
 Usage:
    ./build.sh [template] [version] [BUILD_NUMBER]
 
-   * Set \$appliance to provide definition name to build
-     (or use command line arg, default systemvmtemplate)
+   * Set \$template to provide definition name to build
+     (or use command line arg, default ckstemplate)
    * Set \$version to provide version to apply to built appliance
      (or use command line arg, default empty)
    * Set \$BUILD_NUMBER to provide build number to apply to built appliance

From 9905f07b6e693eacdd71614f89dd14278f631b78 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 31 Jul 2024 11:59:52 -0400
Subject: [PATCH 51/88] Improve etcd indexing - start from 1

---
 .../cluster/actionworkers/KubernetesClusterStartWorker.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index f973afa12947..e5fda6f1b289 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -362,7 +362,7 @@ private String getEtcdEndpointList(List<Network.IpAddresses> ipAddresses) {
 
     private List<String> getEtcdNodeHostnames() {
         List<String> hostnames = new ArrayList<>();
-        for (int etcdNodeIndex = 0; etcdNodeIndex <= kubernetesCluster.getEtcdNodeCount(); etcdNodeIndex++) {
+        for (int etcdNodeIndex = 1; etcdNodeIndex <= kubernetesCluster.getEtcdNodeCount(); etcdNodeIndex++) {
             String suffix = Long.toHexString(System.currentTimeMillis());
             hostnames.add(String.format("%s-%s-%s", getEtcdNodeNameForCluster(), etcdNodeIndex, suffix));
         }

From fe3efdbe577e35a8c54e355cca197e90c97ce220 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 1 Aug 2024 11:26:50 -0400
Subject: [PATCH 52/88] CKS: Add external node to a CKS cluster deployed with
 etcd node(s) successfully

* CKS: Add external node to a CKS cluster deployed with etcd node(s) successfully

* simplify logic
---
 .../cluster/actionworkers/KubernetesClusterActionWorker.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 13fb43ffac3e..867006d6d6a0 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -388,6 +388,7 @@ private UserVm fetchControlVmIfMissing(final UserVm controlVm) {
         if (controlVm != null) {
             return controlVm;
         }
+        Long etcdNodeCount = kubernetesCluster.getEtcdNodeCount();
         List<KubernetesClusterVmMapVO> clusterVMs = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
         if (CollectionUtils.isEmpty(clusterVMs)) {
             logger.warn(String.format("Unable to retrieve VMs for Kubernetes cluster : %s", kubernetesCluster.getName()));
@@ -398,7 +399,8 @@ private UserVm fetchControlVmIfMissing(final UserVm controlVm) {
             vmIds.add(vmMap.getVmId());
         }
         Collections.sort(vmIds);
-        return userVmDao.findById(vmIds.get(0));
+        int controlNodeIndex = Objects.nonNull(etcdNodeCount) ? etcdNodeCount.intValue() : 0;
+        return userVmDao.findById(vmIds.get(controlNodeIndex));
     }
 
     protected String getControlVmPrivateIp() {

From ab271839a233b4e9a2dc45aaabc5f008d136e266 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 1 Aug 2024 12:09:50 -0400
Subject: [PATCH 53/88] Tweak setup-kube-system script for baremetal external
 nodes

---
 .../kubernetes-service/src/main/resources/conf/k8s-node.yml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index 7376f83f9e41..ece62a478f22 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -104,7 +104,7 @@ write_files:
             ### Download from ROUTER_IP/cks-iso into ISO_MOUNT_DIR
             AUX_DOWNLOAD_DIR=/aux-dwnld
             mkdir -p $AUX_DOWNLOAD_DIR
-            wget -r -R "index.html*" $ROUTER_IP/cks-iso -P $AUX_DOWNLOAD_DIR
+            wget -r -R "index.html*" $ROUTER_IP/cks-iso -P $AUX_DOWNLOAD_DIR || echo 'Cannot download some files from virtual router'
             mv $AUX_DOWNLOAD_DIR/$ROUTER_IP/cks-iso/* $ISO_MOUNT_DIR
             rm -rf $AUX_DOWNLOAD_DIR
           fi

From a4a5541aaee31c8febb4ec69cf3a62f6884108bf Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 6 Aug 2024 18:22:22 -0400
Subject: [PATCH 54/88] Consider cordoned nodes while getting ready nodes

---
 .../cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
index 9a5f25c579ea..f9af31720671 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java
@@ -217,7 +217,7 @@ public static int getKubernetesClusterReadyNodesCount(final KubernetesCluster ku
                                                           final int port, final String user, final File sshKeyFile) throws Exception {
         Pair<Boolean, String> result = SshHelper.sshExecute(ipAddress, port,
                 user, sshKeyFile, null,
-                "sudo /opt/bin/kubectl get nodes | awk '{if ($2 == \"Ready\") print $1}' | wc -l",
+                "sudo /opt/bin/kubectl get nodes | grep -w 'Ready' | wc -l",
                 10000, 10000, 20000);
         if (Boolean.TRUE.equals(result.first())) {
             return Integer.parseInt(result.second().trim().replace("\"", "")) + kubernetesCluster.getEtcdNodeCount().intValue();

From 43d2131901988876194ce83550b15af03c2809ea Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Wed, 7 Aug 2024 12:33:19 -0300
Subject: [PATCH 55/88] Fix CKS cluster scale calculations

---
 .../cluster/actionworkers/KubernetesClusterScaleWorker.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 38e8620ba718..1e81a7393403 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -498,7 +498,9 @@ private void scaleKubernetesClusterSize(KubernetesClusterNodeType nodeType) thro
         } else { // upscale, same node count handled above
             scaleUpKubernetesClusterSize(newVmRequiredCount);
         }
-        kubernetesCluster = updateKubernetesClusterEntryForNodeType(clusterSize, nodeType, null, false, false);
+        boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name());
+        ServiceOffering nodeOffering = serviceOfferingNodeTypeMap.getOrDefault(nodeType.name(), null);
+        kubernetesCluster = updateKubernetesClusterEntryForNodeType(clusterSize, nodeType, nodeOffering, updateNodeOffering, false);
     }
 
     private boolean isAutoscalingChanged() {

From e7884b373940caa702b9a4c37e02bd2e92183d82 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 5 Sep 2024 12:07:06 -0400
Subject: [PATCH 56/88] Set token TTL to 0 (no expire) for external etcd

---
 .../src/main/resources/conf/k8s-control-node.yml                 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 42924a10fc03..07ac9b4d1836 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -256,6 +256,7 @@ write_files:
       kind: InitConfiguration
       bootstrapTokens:
         - token: "{{ k8s_control_node.cluster.token }}"
+          ttl: 0
       nodeRegistration:
         criSocket: /run/containerd/containerd.sock
       localAPIEndpoint:

From 313facb8b52d97793acb12ab4e5d0c4c842b188e Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Fri, 6 Sep 2024 10:01:24 -0400
Subject: [PATCH 57/88] Fix missing quotes

---
 .../src/main/resources/conf/k8s-control-node.yml                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 07ac9b4d1836..a51873cb3212 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -256,7 +256,7 @@ write_files:
       kind: InitConfiguration
       bootstrapTokens:
         - token: "{{ k8s_control_node.cluster.token }}"
-          ttl: 0
+          ttl: "0"
       nodeRegistration:
         criSocket: /run/containerd/containerd.sock
       localAPIEndpoint:

From 663dce1f184fba6b827d9d6d4ef3daabc029b653 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Thu, 2 Jan 2025 12:27:46 -0300
Subject: [PATCH 58/88] Fix build

---
 .../userdata/DeleteCniConfigurationCmd.java   |  5 ++--
 .../userdata/ListCniConfigurationCmd.java     |  5 ++--
 .../userdata/RegisterCniConfigurationCmd.java |  5 ++--
 .../cluster/KubernetesClusterManagerImpl.java | 11 +++-----
 .../KubernetesClusterDestroyWorker.java       |  6 ++--
 .../com/cloud/network/NetworkServiceImpl.java | 28 -------------------
 6 files changed, 16 insertions(+), 44 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
index 77dd514bbb00..286ad1f9d2e1 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
@@ -22,10 +22,11 @@
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.SuccessResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.log4j.Logger;
 
 import com.cloud.user.Account;
 import com.cloud.user.UserData;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 
 @APICommand(name = "deleteCniConfiguration", description = "Deletes a CNI Configuration", responseObject = SuccessResponse.class, entityType = {UserData.class},
@@ -33,7 +34,7 @@
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class DeleteCniConfigurationCmd extends DeleteUserDataCmd {
 
-    public static final Logger s_logger = Logger.getLogger(DeleteUserDataCmd.class.getName());
+    public static final Logger logger = LogManager.getLogger(DeleteUserDataCmd.class.getName());
 
 
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
index ecd769eb5a10..86b02bd18d0e 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
@@ -23,7 +23,8 @@
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.UserDataResponse;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -32,7 +33,7 @@
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.20",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class ListCniConfigurationCmd extends ListUserDataCmd {
-    public static final Logger s_logger = Logger.getLogger(ListCniConfigurationCmd.class.getName());
+    public static final Logger logger = LogManager.getLogger(ListCniConfigurationCmd.class.getName());
 
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
index 5e07356a4ad6..87ad87dc1a0b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
@@ -24,7 +24,8 @@
 import org.apache.cloudstack.api.response.SuccessResponse;
 import org.apache.cloudstack.api.response.UserDataResponse;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 @APICommand(name = "registerCniConfiguration",
         description = "Register a CNI Configuration to be used with CKS cluster",
@@ -34,7 +35,7 @@
         responseHasSensitiveInfo = false,
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class RegisterCniConfigurationCmd extends BaseRegisterUserDataCmd {
-    public static final Logger s_logger = Logger.getLogger(RegisterCniConfigurationCmd.class.getName());
+    public static final Logger logger = LogManager.getLogger(RegisterCniConfigurationCmd.class.getName());
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index fbddb46bd20e..1400dac83035 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -47,16 +47,14 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import com.cloud.dc.ASNumberVO;
+import com.cloud.bgp.BGPService;
 import com.cloud.dc.DedicatedResourceVO;
-import com.cloud.dc.dao.ASNumberDao;
 import com.cloud.dc.dao.DedicatedResourceDao;
 import com.cloud.exception.ManagementServerException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.host.Host;
 import com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterRemoveWorker;
-import com.cloud.network.NetworkServiceImpl;
 import com.cloud.network.dao.NsxProviderDao;
 import com.cloud.network.element.NsxProviderVO;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterAddWorker;
@@ -324,7 +322,7 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     RoutedIpv4Manager routedIpv4Manager;
     @Inject
-    private ASNumberDao asNumberDao;
+    private BGPService bgpService;
 
     private void logMessage(final Level logLevel, final String message, final Exception e) {
         if (logLevel == Level.WARN) {
@@ -1085,9 +1083,8 @@ private Network getKubernetesClusterNetworkIfMissing(final String clusterName, f
                 network = networkService.createGuestNetwork(networkOffering.getId(), clusterName + "-network",
                         owner.getAccountName() + "-network", owner, physicalNetwork, zone.getId(),
                         ControlledEntity.ACLType.Account);
-                ASNumberVO asNumberVO = NetworkServiceImpl.checkAndSelectASNumber(asNumber, zone, networkOffering, asNumberDao);
-                if (Objects.nonNull(asNumber)) {
-                    NetworkServiceImpl.allocateASNumber(asNumberVO, network, asNumberDao);
+                if (!networkOffering.isForVpc() && NetworkOffering.RoutingMode.Dynamic == networkOffering.getRoutingMode()) {
+                    bgpService.allocateASNumber(zone.getId(), asNumber, network.getId(), null);
                 }
             } catch (ConcurrentOperationException | InsufficientCapacityException | ResourceAllocationException e) {
                 logAndThrow(Level.ERROR, String.format("Unable to create network for the Kubernetes cluster: %s", clusterName));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index 9500f24020b3..fa8b95422b06 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -23,8 +23,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.bgp.BGPService;
 import com.cloud.dc.ASNumberVO;
-import com.cloud.dc.BGPService;
 import com.cloud.dc.DataCenter;
 import com.cloud.dc.dao.ASNumberDao;
 import org.apache.cloudstack.annotation.AnnotationService;
@@ -156,8 +156,8 @@ private void releaseASNumber(Long zoneId, long networkId) {
         DataCenter zone = dataCenterDao.findById(zoneId);
         ASNumberVO asNumber = asNumberDao.findByZoneAndNetworkId(zone.getId(), networkId);
         if (asNumber != null) {
-            LOGGER.debug(String.format("Releasing AS number %s from network %s", asNumber.getAsNumber(), networkId));
-            bgpService.releaseASNumber(zone.getId(), asNumber.getAsNumber());
+            logger.debug(String.format("Releasing AS number %s from network %s", asNumber.getAsNumber(), networkId));
+            bgpService.releaseASNumber(zone.getId(), asNumber.getAsNumber(), true);
         }
     }
 
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index ea51b03602f2..6ddcfe6e4699 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -41,7 +41,6 @@
 import javax.naming.ConfigurationException;
 
 import com.cloud.bgp.BGPService;
-import com.cloud.dc.ASNumberVO;
 import com.cloud.dc.VlanDetailsVO;
 import com.cloud.dc.dao.ASNumberDao;
 import com.cloud.dc.dao.VlanDetailsDao;
@@ -1730,9 +1729,6 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             routedIpv4Manager.validateBgpPeers(owner, zone.getId(), bgpPeerIds);
         }
 
-        // Check AS number if provided
-        ASNumberVO asNumberVO = checkAndSelectASNumber(asNumber, zone, ntwkOff, asNumberDao);
-
         if (ipv4) {
             // For non-root admins check cidr limit - if it's allowed by global config value
             if (!_accountMgr.isRootAdmin(caller.getId()) && cidr != null) {
@@ -1843,10 +1839,6 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             routedIpv4Manager.persistBgpPeersForGuestNetwork(network.getId(), bgpPeerIds);
         }
 
-        if (asNumberVO != null) {
-            bgpService.allocateASNumber(zone.getId(), asNumberVO.getAsNumber(), network.getId(), network.getVpcId());
-        }
-
         // if the network offering has persistent set to true, implement the network
         if (ntwkOff.isPersistent()) {
             return implementedNetworkInCreation(caller, zone, network);
@@ -1858,26 +1850,6 @@ private boolean isNonVpcNetworkSupportingDynamicRouting(NetworkOffering networkO
         return !networkOffering.isForVpc() && NetworkOffering.RoutingMode.Dynamic == networkOffering.getRoutingMode();
     }
 
-    public static ASNumberVO checkAndSelectASNumber(Long asNumber, DataCenter zone, NetworkOffering networkOffering, ASNumberDao asNumberDao) {
-        if (NetworkOffering.RoutingMode.Dynamic != networkOffering.getRoutingMode()) {
-            return null;
-        }
-        return BooleanUtils.toBoolean(networkOffering.isSpecifyAsNumber()) ?
-                validateASNumber(asNumber, asNumberDao) :
-                asNumberDao.findOneByAllocationStateAndZone(zone.getId(), false);
-    }
-
-    protected static ASNumberVO validateASNumber(Long asNumber, ASNumberDao asNumberDao) {
-        if (asNumber == null) {
-            return null;
-        }
-        ASNumberVO asNumberVO = asNumberDao.findByAsNumber(asNumber);
-        if (asNumberVO == null || asNumberVO.isAllocated()) {
-            throw new InvalidParameterValueException(String.format("The AS Number %s is already allocated, please select a free AS Number", asNumber));
-        }
-        return asNumberVO;
-    }
-
     private void validateNetworkCreationSupported(long zoneId, String zoneName, GuestType guestType) {
         NsxProviderVO nsxProviderVO = nsxProviderDao.findByZoneId(zoneId);
         if (Objects.nonNull(nsxProviderVO) && GuestType.L2.equals(guestType)) {

From ce50ad21acc3ee8e4cca4baa3304125b5f3855c7 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Sat, 4 Jan 2025 00:50:48 -0300
Subject: [PATCH 59/88] Revert PR 9133

---
 .../src/main/resources/conf/k8s-control-node-add.yml            | 2 +-
 .../src/main/resources/conf/k8s-control-node.yml                | 2 +-
 .../kubernetes-service/src/main/resources/conf/k8s-node.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
index 2c002a451375..d91f08719a70 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
@@ -21,7 +21,7 @@ users:
   - name: cloud
     sudo: ALL=(ALL) NOPASSWD:ALL
     shell: /bin/bash
-    ssh_authorized_keys: |
+    ssh_authorized_keys:
       {{ k8s.ssh.pub.key }}
 
 write_files:
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index a51873cb3212..f1eb96f9931f 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -22,7 +22,7 @@ users:
   - name: cloud
     sudo: ALL=(ALL) NOPASSWD:ALL
     shell: /bin/bash
-    ssh_authorized_keys: |
+    ssh_authorized_keys:
       {{ k8s.ssh.pub.key }}
 
 write_files:
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index ece62a478f22..fe61ff52d56c 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -21,7 +21,7 @@ users:
   - name: cloud
     sudo: ALL=(ALL) NOPASSWD:ALL
     shell: /bin/bash
-    ssh_authorized_keys: |
+    ssh_authorized_keys:
       {{ k8s.ssh.pub.key }}
 
 write_files:

From 89effc7eda7912d0504c89dcd2906d3cfccbfe9d Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 7 Jan 2025 12:00:11 -0300
Subject: [PATCH 60/88] Add calico commands for ens35 interface

---
 .../src/main/resources/conf/k8s-control-node-add.yml          | 4 ++--
 .../src/main/resources/conf/k8s-control-node.yml              | 4 ++--
 .../kubernetes-service/src/main/resources/conf/k8s-node.yml   | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
index d91f08719a70..38f217f403c4 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
@@ -40,8 +40,8 @@ write_files:
       sysctl net.ipv4.conf.default.arp_ignore=0
       sysctl net.ipv4.conf.all.arp_announce=0
       sysctl net.ipv4.conf.all.arp_ignore=0
-      sysctl net.ipv4.conf.eth0.arp_announce=0
-      sysctl net.ipv4.conf.eth0.arp_ignore=0
+      sysctl net.ipv4.conf.eth0.arp_announce=0 || sysctl net.ipv4.conf.ens35.arp_announce=0 || true
+      sysctl net.ipv4.conf.eth0.arp_ignore=0 || sysctl net.ipv4.conf.ens35.arp_ignore=0 || true
       sed -i "s/net.ipv4.conf.default.arp_announce =.*$/net.ipv4.conf.default.arp_announce = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.default.arp_ignore =.*$/net.ipv4.conf.default.arp_ignore = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.all.arp_announce =.*$/net.ipv4.conf.all.arp_announce = 0/" /etc/sysctl.conf
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index f1eb96f9931f..217ed814f6a7 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -61,8 +61,8 @@ write_files:
       sysctl net.ipv4.conf.default.arp_ignore=0
       sysctl net.ipv4.conf.all.arp_announce=0
       sysctl net.ipv4.conf.all.arp_ignore=0
-      sysctl net.ipv4.conf.eth0.arp_announce=0
-      sysctl net.ipv4.conf.eth0.arp_ignore=0
+      sysctl net.ipv4.conf.eth0.arp_announce=0 || sysctl net.ipv4.conf.ens35.arp_announce=0 || true
+      sysctl net.ipv4.conf.eth0.arp_ignore=0 || sysctl net.ipv4.conf.ens35.arp_ignore=0 || true
       sed -i "s/net.ipv4.conf.default.arp_announce =.*$/net.ipv4.conf.default.arp_announce = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.default.arp_ignore =.*$/net.ipv4.conf.default.arp_ignore = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.all.arp_announce =.*$/net.ipv4.conf.all.arp_announce = 0/" /etc/sysctl.conf
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
index fe61ff52d56c..fd9617e69dec 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml
@@ -40,8 +40,8 @@ write_files:
       sysctl net.ipv4.conf.default.arp_ignore=0
       sysctl net.ipv4.conf.all.arp_announce=0
       sysctl net.ipv4.conf.all.arp_ignore=0
-      sysctl net.ipv4.conf.eth0.arp_announce=0
-      sysctl net.ipv4.conf.eth0.arp_ignore=0
+      sysctl net.ipv4.conf.eth0.arp_announce=0 || sysctl net.ipv4.conf.ens35.arp_announce=0 || true
+      sysctl net.ipv4.conf.eth0.arp_ignore=0 || sysctl net.ipv4.conf.ens35.arp_ignore=0 || true
       sed -i "s/net.ipv4.conf.default.arp_announce =.*$/net.ipv4.conf.default.arp_announce = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.default.arp_ignore =.*$/net.ipv4.conf.default.arp_ignore = 0/" /etc/sysctl.conf
       sed -i "s/net.ipv4.conf.all.arp_announce =.*$/net.ipv4.conf.all.arp_announce = 0/" /etc/sysctl.conf

From 36a02b81d0e449f1c0b900291a991dae721ca0fa Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 8 Jan 2025 11:57:30 -0300
Subject: [PATCH 61/88] Address review comments: plan CKS cluster deployment
 based on the node type

---
 .../cluster/KubernetesClusterManagerImpl.java |  8 ++---
 .../KubernetesClusterActionWorker.java        |  6 ++++
 ...esClusterResourceModifierActionWorker.java | 35 +++++++++++++++----
 .../KubernetesClusterStartWorker.java         | 25 ++++++++++---
 .../KubernetesClusterManagerImplTest.java     |  2 +-
 5 files changed, 60 insertions(+), 16 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 1400dac83035..4ac1a5bf1d05 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1037,7 +1037,8 @@ protected void validateServiceOfferingForNode(Map<String, Long> map,
         Long serviceOfferingId = map.getOrDefault(key, defaultServiceOfferingId);
         ServiceOffering serviceOffering = serviceOfferingId != null ? serviceOfferingDao.findById(serviceOfferingId) : null;
         if (serviceOffering == null) {
-            throw new InvalidParameterValueException("No service offering found with ID: " + serviceOfferingId);
+            throw new InvalidParameterValueException("When serviceofferingid is not specified, " +
+                    "service offerings for each node type must be specified in the nodeofferings parameter.");
         }
         try {
             validateServiceOffering(serviceOffering, clusterKubernetesVersion);
@@ -1294,7 +1295,7 @@ protected void checkServiceOfferingForNodesScale(ServiceOffering serviceOffering
 
     protected boolean isAnyNodeOfferingEmpty(Map<String, Long> map) {
         if (MapUtils.isEmpty(map)) {
-            return false;
+            return true;
         }
         return map.values().stream().anyMatch(Objects::isNull);
     }
@@ -1479,13 +1480,12 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         final KubernetesClusterVO cluster = Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
             @Override
             public KubernetesClusterVO doInTransaction(TransactionStatus status) {
-                final ServiceOffering defaultServiceOffering = serviceOfferingDao.findById(defaultServiceOfferingId);
                 Pair<Long, Long> capacityPair = calculateClusterCapacity(serviceOfferingNodeTypeMap, nodeTypeCount, defaultServiceOfferingId);
                 final long cores = capacityPair.first();
                 final long memory = capacityPair.second();
 
                 KubernetesClusterVO newCluster = new KubernetesClusterVO(cmd.getName(), cmd.getDisplayName(), zone.getId(), clusterKubernetesVersion.getId(),
-                        defaultServiceOffering.getId(), Objects.nonNull(finalTemplate) ? finalTemplate.getId() : null,
+                        defaultServiceOfferingId, Objects.nonNull(finalTemplate) ? finalTemplate.getId() : null,
                         defaultNetwork.getId(), owner.getDomainId(), owner.getAccountId(), controlNodeCount, clusterSize,
                         KubernetesCluster.State.Created, cmd.getSSHKeyPairName(), cores, memory,
                         cmd.getNodeRootDiskSize(), "", KubernetesCluster.ClusterType.CloudManaged);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 867006d6d6a0..be155985561a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -128,6 +128,10 @@
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.UserVmDetailsDao;
 
+import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
+import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.WORKER;
+
 
 public class KubernetesClusterActionWorker {
 
@@ -144,6 +148,8 @@ public class KubernetesClusterActionWorker {
 
     protected Logger logger = LogManager.getLogger(getClass());
 
+    protected final static List<KubernetesClusterNodeType> CLUSTER_NODES_TYPES_LIST = Arrays.asList(WORKER, CONTROL, ETCD);
+
     protected StateMachine2<KubernetesCluster.State, KubernetesCluster.Event, KubernetesCluster> _stateMachine = KubernetesCluster.State.getStateMachine();
 
     @Inject
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 62e72288964e..f2b3ae019150 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -259,13 +259,35 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
-    protected DeployDestination plan(Long domainId, Long accountId, Hypervisor.HypervisorType hypervisorType) throws InsufficientServerCapacityException {
-        ServiceOffering offering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+    /**
+     * Plan Kubernetes Cluster Deployment
+     * @return a map of DeployDestination per node type
+     */
+    protected Map<String, DeployDestination> planKubernetesCluster(Long domainId, Long accountId, Hypervisor.HypervisorType hypervisorType) throws InsufficientServerCapacityException {
+        Map<String, DeployDestination> destinationMap = new HashMap<>();
         DataCenter zone = dataCenterDao.findById(kubernetesCluster.getZoneId());
         if (logger.isDebugEnabled()) {
             logger.debug(String.format("Checking deployment destination for Kubernetes cluster : %s in zone : %s", kubernetesCluster.getName(), zone.getName()));
         }
-        return plan(kubernetesCluster.getTotalNodeCount(), zone, offering, domainId, accountId, hypervisorType);
+        long controlNodeCount = kubernetesCluster.getControlNodeCount();
+        long clusterSize = kubernetesCluster.getNodeCount();
+        long etcdNodes = kubernetesCluster.getEtcdNodeCount();
+        Map<String, Long> nodeTypeCount = Map.of(WORKER.name(), clusterSize,
+                CONTROL.name(), controlNodeCount, ETCD.name(), etcdNodes);
+
+        for (KubernetesClusterNodeType nodeType : CLUSTER_NODES_TYPES_LIST) {
+            Long nodes = nodeTypeCount.getOrDefault(nodeType.name(), kubernetesCluster.getServiceOfferingId());
+            if (nodes == null || nodes == 0) {
+                continue;
+            }
+            ServiceOffering nodeOffering = getServiceOfferingForNodeTypeOnCluster(nodeType, kubernetesCluster);
+            if (logger.isDebugEnabled()) {
+                logger.debug(String.format("Checking deployment destination for %s nodes on Kubernetes cluster : %s in zone : %s", nodeType.name(), kubernetesCluster.getName(), zone.getName()));
+            }
+            DeployDestination planForNodeType = plan(nodes, zone, nodeOffering, domainId, accountId, hypervisorType);
+            destinationMap.put(nodeType.name(), planForNodeType);
+        }
+        return destinationMap;
     }
 
     protected void resizeNodeVolume(final UserVm vm) throws ManagementServerException {
@@ -288,7 +310,7 @@ protected void resizeNodeVolume(final UserVm vm) throws ManagementServerExceptio
         }
     }
 
-    protected void startKubernetesVM(final UserVm vm, final Long domainId, final Long accountId) throws ManagementServerException {
+    protected void startKubernetesVM(final UserVm vm, final Long domainId, final Long accountId, KubernetesClusterNodeType nodeType) throws ManagementServerException {
         CallContext vmContext = null;
         if (!ApiCommandResourceType.VirtualMachine.equals(CallContext.current().getEventResourceType())); {
             vmContext = CallContext.register(CallContext.current(), ApiCommandResourceType.VirtualMachine);
@@ -298,7 +320,8 @@ protected void startKubernetesVM(final UserVm vm, final Long domainId, final Lon
         if (Objects.nonNull(domainId) && !listDedicatedHostsInDomain(domainId).isEmpty()) {
             DeployDestination dest = null;
             try {
-                dest = plan(domainId, accountId, vm.getHypervisorType());
+                Map<String, DeployDestination> destinationMap = planKubernetesCluster(domainId, accountId, vm.getHypervisorType());
+                dest = destinationMap.get(nodeType.name());
             } catch (InsufficientCapacityException e) {
                 logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
             }
@@ -341,7 +364,7 @@ protected List<UserVm> provisionKubernetesClusterNodeVms(final long nodeCount, f
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
-                startKubernetesVM(vm, domainId, accountId);
+                startKubernetesVM(vm, domainId, accountId, WORKER);
                 vm = userVmDao.findById(vm.getId());
                 if (vm == null) {
                     throw new ManagementServerException(String.format("Failed to provision worker VM for Kubernetes cluster : %s", kubernetesCluster.getName()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index e5fda6f1b289..bbcc748b8a5d 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -34,6 +34,7 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.PermissionDeniedException;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper;
 import com.cloud.network.vpc.NetworkACL;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.user.UserDataVO;
@@ -85,6 +86,7 @@
 
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.ETCD;
+import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.WORKER;
 
 public class KubernetesClusterStartWorker extends KubernetesClusterResourceModifierActionWorker {
 
@@ -515,7 +517,7 @@ private Pair<UserVm, String> provisionKubernetesClusterControlVm(final Network n
         if (kubernetesCluster.getNodeRootDiskSize() > 0) {
             resizeNodeVolume(k8sControlVM);
         }
-        startKubernetesVM(k8sControlVM, domainId, accountId);
+        startKubernetesVM(k8sControlVM, domainId, accountId, CONTROL);
         k8sControlVM = userVmDao.findById(k8sControlVM.getId());
         if (k8sControlVM == null) {
             throw new ManagementServerException(String.format("Failed to provision control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -538,7 +540,7 @@ private List<UserVm> provisionKubernetesClusterAdditionalControlVms(final String
                 if (kubernetesCluster.getNodeRootDiskSize() > 0) {
                     resizeNodeVolume(vm);
                 }
-                startKubernetesVM(vm, domainId, accountId);
+                startKubernetesVM(vm, domainId, accountId, CONTROL);
                 vm = userVmDao.findById(vm.getId());
                 if (vm == null) {
                     throw new ManagementServerException(String.format("Failed to provision additional control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -560,7 +562,7 @@ private Pair<List<UserVm>, List<Network.IpAddresses>> provisionEtcdCluster(final
         for (int i = 0; i < kubernetesCluster.getEtcdNodeCount(); i++) {
             UserVm vm = createEtcdNode(etcdNodeGuestIps, etcdHostnames, i, domainId, accountId);
             addKubernetesClusterVm(kubernetesCluster.getId(), vm.getId(), false, false, true, true);
-            startKubernetesVM(vm, domainId, accountId);
+            startKubernetesVM(vm, domainId, accountId, ETCD);
             vm = userVmDao.findById(vm.getId());
             if (vm == null) {
                 throw new ManagementServerException(String.format("Failed to provision additional control VM for Kubernetes cluster : %s" , kubernetesCluster.getName()));
@@ -669,7 +671,9 @@ private void startKubernetesClusterVMs(Long domainId, Long accountId) {
             }
             try {
                 resizeNodeVolume(vm);
-                startKubernetesVM(vm, domainId, accountId);
+                KubernetesClusterVmMapVO map = kubernetesClusterVmMapDao.findByVmId(vm.getId());
+                KubernetesServiceHelper.KubernetesClusterNodeType nodeType = getNodeTypeFromClusterVMMapRecord(map);
+                startKubernetesVM(vm, domainId, accountId, nodeType);
             } catch (ManagementServerException ex) {
                 logger.warn(String.format("Failed to start VM : %s in Kubernetes cluster : %s due to ", vm.getDisplayName(), kubernetesCluster.getName()) + ex);
                 // don't bail out here. proceed further to stop the reset of the VM's
@@ -683,6 +687,16 @@ private void startKubernetesClusterVMs(Long domainId, Long accountId) {
         }
     }
 
+    private KubernetesServiceHelper.KubernetesClusterNodeType getNodeTypeFromClusterVMMapRecord(KubernetesClusterVmMapVO map) {
+        if (map.isControlNode()) {
+            return CONTROL;
+        } else if (map.isEtcdNode()) {
+            return ETCD;
+        } else {
+            return WORKER;
+        }
+    }
+
     private boolean isKubernetesClusterKubeConfigAvailable(final long timeoutTime) {
         if (StringUtils.isEmpty(publicIpAddress)) {
             KubernetesClusterDetailsVO kubeConfigDetail = kubernetesClusterDetailsDao.findDetail(kubernetesCluster.getId(), "kubeConfigData");
@@ -733,7 +747,8 @@ public boolean startKubernetesClusterOnCreate(Long domainId, Long accountId, Lon
         DeployDestination dest = null;
         try {
             VMTemplateVO clusterTemplate = templateDao.findById(kubernetesCluster.getTemplateId());
-            dest = plan(domainId, accountId, clusterTemplate.getHypervisorType());
+            Map<String, DeployDestination> destinationMap = planKubernetesCluster(domainId, accountId, clusterTemplate.getHypervisorType());
+            dest = destinationMap.get(WORKER.name());
         } catch (InsufficientCapacityException e) {
             logTransitStateAndThrow(Level.ERROR, String.format("Provisioning the cluster failed due to insufficient capacity in the Kubernetes cluster: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(), KubernetesCluster.Event.CreateFailed, e);
         }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
index 41ec4de2a045..a9cb7096b8ae 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
@@ -370,7 +370,7 @@ public void testClusterCapacity() {
 
     @Test
     public void testIsAnyNodeOfferingEmptyNullMap() {
-        Assert.assertFalse(kubernetesClusterManager.isAnyNodeOfferingEmpty(null));
+        Assert.assertTrue(kubernetesClusterManager.isAnyNodeOfferingEmpty(null));
     }
 
     @Test

From 7501b7488d590a29108f75003dfb494a34bd1158 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 8 Jan 2025 12:21:32 -0500
Subject: [PATCH 62/88] Add qemu-guest-agent dependency for kvm based templates

---
 .../appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
index ccb4b455a86a..80b661f30f55 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
@@ -17,7 +17,7 @@
 # under the License.
 
 function install_packages() {
-    apt-get install -y rsyslog logrotate cron net-tools ifupdown cloud-guest-utils conntrack apt-transport-https ca-certificates curl \
+    apt-get install -y qemu-guest-agent rsyslog logrotate cron net-tools ifupdown cloud-guest-utils conntrack apt-transport-https ca-certificates curl \
      gnupg gnupg-agent software-properties-common gnupg lsb-release
     apt-get install -y python3-json-pointer python3-jsonschema cloud-init resolvconf
 

From 397f25d5185c11febb0b698082283579778fdd4a Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Thu, 9 Jan 2025 00:09:12 -0300
Subject: [PATCH 63/88] Add marvin test for CKS clusters with different
 offerings per node type

---
 .../smoke/test_kubernetes_clusters.py         | 84 +++++++++++++++++--
 1 file changed, 76 insertions(+), 8 deletions(-)

diff --git a/test/integration/smoke/test_kubernetes_clusters.py b/test/integration/smoke/test_kubernetes_clusters.py
index 20f1cb3224ae..455fc8aeed39 100644
--- a/test/integration/smoke/test_kubernetes_clusters.py
+++ b/test/integration/smoke/test_kubernetes_clusters.py
@@ -135,7 +135,25 @@ def setUpClass(cls):
                                                                   cls.apiclient,
                                                                   cks_offering_data
                                                                  )
+                cks_offering_data["name"] = 'CKS-Worker-Offering-' + random_gen()
+                cls.cks_worker_nodes_offering = ServiceOffering.create(
+                    cls.apiclient,
+                    cks_offering_data
+                )
+                cks_offering_data["name"] = 'CKS-Control-Offering-' + random_gen()
+                cls.cks_control_nodes_offering = ServiceOffering.create(
+                    cls.apiclient,
+                    cks_offering_data
+                )
+                cks_offering_data["name"] = 'CKS-Etcd-Offering-' + random_gen()
+                cls.cks_etcd_nodes_offering = ServiceOffering.create(
+                    cls.apiclient,
+                    cks_offering_data
+                )
                 cls._cleanup.append(cls.cks_service_offering)
+                cls._cleanup.append(cls.cks_worker_nodes_offering)
+                cls._cleanup.append(cls.cks_control_nodes_offering)
+                cls._cleanup.append(cls.cks_etcd_nodes_offering)
                 cls.domain = get_domain(cls.apiclient)
                 cls.account = Account.create(
                     cls.apiclient,
@@ -644,6 +662,30 @@ def test_11_test_unmanaged_cluster_lifecycle(self):
         self.deleteKubernetesClusterAndVerify(cluster.id)
         return
 
+    @attr(tags=["advanced", "smoke", "nicolocal"], required_hardware="true")
+    def test_12_test_deploy_cluster_different_offerings_per_node_type(self):
+        """Test creating a CKS cluster with different offerings per node type
+
+        # Validate the following:
+        """
+        cluster = self.getValidKubernetesCluster(worker_offering=self.cks_worker_nodes_offering,
+                                                 control_offering=self.cks_control_nodes_offering)
+        self.assertEqual(
+            cluster.workerofferingid,
+            self.cks_worker_nodes_offering.id,
+            "Check Worker Nodes Offering {}, {}".format(cluster.workerofferingid, self.cks_worker_nodes_offering.id)
+        )
+        self.assertEqual(
+            cluster.controlofferingid,
+            self.cks_control_nodes_offering.id,
+            "Check Control Nodes Offering {}, {}".format(cluster.workerofferingid, self.cks_worker_nodes_offering.id)
+        )
+        self.assertEqual(
+            cluster.etcdnodes,
+            0,
+            "No Etcd Nodes expected but got {}".format(cluster.etcdnodes)
+        )
+
     def addVirtualMachinesToKubernetesCluster(self, cluster_id, vm_list):
         cmd = addVirtualMachinesToKubernetesCluster.addVirtualMachinesToKubernetesClusterCmd()
         cmd.id = cluster_id
@@ -658,8 +700,8 @@ def removeVirtualMachinesFromKubernetesCluster(self, cluster_id, vm_list):
 
         return self.apiclient.removeVirtualMachinesFromKubernetesCluster(cmd)
 
-
-    def createKubernetesCluster(self, name, version_id, size=1, control_nodes=1, cluster_type='CloudManaged'):
+    def createKubernetesCluster(self, name, version_id, size=1, control_nodes=1, etcd_nodes=0, cluster_type='CloudManaged',
+                                workers_offering=None, control_offering=None, etcd_offering=None):
         createKubernetesClusterCmd = createKubernetesCluster.createKubernetesClusterCmd()
         createKubernetesClusterCmd.name = name
         createKubernetesClusterCmd.description = name + "-description"
@@ -672,6 +714,22 @@ def createKubernetesCluster(self, name, version_id, size=1, control_nodes=1, clu
         createKubernetesClusterCmd.account = self.account.name
         createKubernetesClusterCmd.domainid = self.domain.id
         createKubernetesClusterCmd.clustertype = cluster_type
+        if workers_offering:
+            createKubernetesClusterCmd.nodeofferings.append({
+                "node": "WORKER",
+                "offering": workers_offering.id
+            })
+        if control_offering:
+            createKubernetesClusterCmd.nodeofferings.append({
+                "node": "CONTROL",
+                "offering": control_offering.id
+            })
+        if etcd_nodes > 0 and etcd_offering:
+            createKubernetesClusterCmd.etcdnodes = etcd_nodes
+            createKubernetesClusterCmd.nodeofferings.append({
+                "node": "ETCD",
+                "offering": etcd_offering.id
+            })
         if self.default_network:
             createKubernetesClusterCmd.networkid = self.default_network.id
         clusterResponse = self.apiclient.createKubernetesCluster(createKubernetesClusterCmd)
@@ -735,7 +793,8 @@ def waitForAutoscalerPodInRunningState(self, cluster_id, retries=5, interval=60)
             retries = retries - 1
         return False
 
-    def getValidKubernetesCluster(self, size=1, control_nodes=1, version={}):
+    def getValidKubernetesCluster(self, size=1, control_nodes=1, version={}, etcd_nodes=0,
+                                  worker_offering=None, control_offering=None, etcd_offering=None):
         cluster = k8s_cluster
 
         # Does a cluster already exist ?
@@ -743,7 +802,9 @@ def getValidKubernetesCluster(self, size=1, control_nodes=1, version={}):
             if not version:
                 version = self.kubernetes_version_v2
             self.debug("No existing cluster available, k8s_cluster: %s" % cluster)
-            return self.createNewKubernetesCluster(version, size, control_nodes)
+            return self.createNewKubernetesCluster(version, size, control_nodes, etcd_nodes=etcd_nodes,
+                                                   worker_offering=worker_offering, control_offering=control_offering,
+                                                   etcd_offering=etcd_offering)
 
         # Is the existing cluster what is needed ?
         valid = cluster.size == size and cluster.controlnodes == control_nodes
@@ -759,7 +820,9 @@ def getValidKubernetesCluster(self, size=1, control_nodes=1, version={}):
             if cluster == None:
                 # Looks like the cluster disappeared !
                 self.debug("Existing cluster, k8s_cluster ID: %s not returned by list API" % cluster_id)
-                return self.createNewKubernetesCluster(version, size, control_nodes)
+                return self.createNewKubernetesCluster(version, size, control_nodes, etcd_nodes=etcd_nodes,
+                                                       worker_offering=worker_offering, control_offering=control_offering,
+                                                       etcd_offering=etcd_offering)
 
         if valid:
             try:
@@ -775,13 +838,18 @@ def getValidKubernetesCluster(self, size=1, control_nodes=1, version={}):
             self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
 
         self.debug("No valid cluster, need to deploy a new one")
-        return self.createNewKubernetesCluster(version, size, control_nodes)
+        return self.createNewKubernetesCluster(version, size, control_nodes, etcd_nodes=etcd_nodes,
+                                               worker_offering=worker_offering, control_offering=control_offering,
+                                               etcd_offering=etcd_offering)
 
-    def createNewKubernetesCluster(self, version, size, control_nodes) :
+    def createNewKubernetesCluster(self, version, size, control_nodes, etcd_nodes=0,
+                                   worker_offering=None, control_offering=None, etcd_offering=None):
         name = 'testcluster-' + random_gen()
         self.debug("Creating for Kubernetes cluster with name %s" % name)
         try:
-            cluster = self.createKubernetesCluster(name, version.id, size, control_nodes)
+            cluster = self.createKubernetesCluster(name, version.id, size, control_nodes, etcd_nodes=etcd_nodes,
+                                                   workers_offering=worker_offering, control_offering=control_offering,
+                                                   etcd_offering=etcd_offering)
             self.verifyKubernetesCluster(cluster, name, version.id, size, control_nodes)
         except Exception as ex:
             cluster = self.listKubernetesCluster(cluster_name = name)

From 258a2cb6827bc1e79fd69572465ecaa6b88644f3 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Thu, 9 Jan 2025 00:10:08 -0300
Subject: [PATCH 64/88] Remove test tag

---
 test/integration/smoke/test_kubernetes_clusters.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/smoke/test_kubernetes_clusters.py b/test/integration/smoke/test_kubernetes_clusters.py
index 455fc8aeed39..58ec7ca9b74a 100644
--- a/test/integration/smoke/test_kubernetes_clusters.py
+++ b/test/integration/smoke/test_kubernetes_clusters.py
@@ -662,7 +662,7 @@ def test_11_test_unmanaged_cluster_lifecycle(self):
         self.deleteKubernetesClusterAndVerify(cluster.id)
         return
 
-    @attr(tags=["advanced", "smoke", "nicolocal"], required_hardware="true")
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
     def test_12_test_deploy_cluster_different_offerings_per_node_type(self):
         """Test creating a CKS cluster with different offerings per node type
 

From 90eb42a4b9756bcd48bcefc0f208912df2d8484f Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Mon, 13 Jan 2025 00:21:50 -0300
Subject: [PATCH 65/88] Add marvin test and fix update template for cks and
 since annotations

---
 .../user/template/UpdateTemplateCmd.java      |   6 +-
 .../AddNodesToKubernetesClusterCmd.java       |  10 +-
 .../RemoveNodesFromKubernetesClusterCmd.java  |   6 +-
 .../cloud/template/TemplateManagerImpl.java   |   7 +-
 .../smoke/test_kubernetes_clusters.py         | 206 +++++++++++++++++-
 tools/apidoc/gen_toc.py                       |   2 +
 6 files changed, 219 insertions(+), 18 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
index 93c860a7bf87..20849d1ba6c5 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/UpdateTemplateCmd.java
@@ -48,7 +48,7 @@ public class UpdateTemplateCmd extends BaseUpdateTemplateOrIsoCmd implements Use
 
     @Parameter(name = ApiConstants.FOR_CKS, type = CommandType.BOOLEAN,
     description = "indicates that the template can be used for deployment of CKS clusters",
-    since = "4.20.0")
+    since = "4.21.0")
     private Boolean forCks;
 
     /////////////////////////////////////////////////////
@@ -68,8 +68,8 @@ public String getTemplateTag() {
         return templateTag;
     }
 
-    public boolean getForCks() {
-        return Boolean.TRUE.equals(forCks);
+    public Boolean getForCks() {
+        return forCks;
     }
 
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
index 296bbc820992..09cbefe0bf8e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -39,7 +39,7 @@
 @APICommand(name = "addNodesToKubernetesCluster",
         description = "Add nodes as workers to an existing CKS cluster. ",
         responseObject = KubernetesClusterResponse.class,
-        since = "4.20.0",
+        since = "4.21.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
 
@@ -53,22 +53,22 @@ public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
             description = "comma separated list of (external) node (physical or virtual machines) IDs that need to be" +
                     "added as worker nodes to an existing managed Kubernetes cluster (CKS)",
             required = true,
-            since = "4.20.0")
+            since = "4.21.0")
     private List<Long> nodeIds;
 
     @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
             entityType = KubernetesClusterResponse.class,
-            description = "the ID of the Kubernetes cluster", since = "4.20.0")
+            description = "the ID of the Kubernetes cluster", since = "4.21.0")
     private Long clusterId;
 
     @Parameter(name = ApiConstants.MOUNT_CKS_ISO_ON_VR, type = CommandType.BOOLEAN,
             description = "(optional) Vmware only, uses the CKS cluster network VR to mount the CKS ISO",
-            since = "4.20.0")
+            since = "4.21.0")
     private Boolean mountCksIsoOnVr;
 
     @Parameter(name = ApiConstants.MANUAL_UPGRADE, type = CommandType.BOOLEAN,
             description = "(optional) indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation",
-            since = "4.20.0")
+            since = "4.21.0")
     private Boolean manualUpgrade;
 
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
index 2aeb9d940b05..fd089ede9ecb 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
@@ -43,7 +43,7 @@
 @APICommand(name = "removeNodesFromKubernetesCluster",
         description = "Removes external nodes from a CKS cluster. ",
         responseObject = KubernetesClusterResponse.class,
-        since = "4.20.0",
+        since = "4.21.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class RemoveNodesFromKubernetesClusterCmd extends BaseAsyncCmd {
 
@@ -59,12 +59,12 @@ public class RemoveNodesFromKubernetesClusterCmd extends BaseAsyncCmd {
             description = "comma separated list of node (physical or virtual machines) IDs that need to be" +
                     "removed from the Kubernetes cluster (CKS)",
             required = true,
-            since = "4.20.0")
+            since = "4.21.0")
     private List<Long> nodeIds;
 
     @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
             entityType = KubernetesClusterResponse.class,
-            description = "the ID of the Kubernetes cluster", since = "4.20.0")
+            description = "the ID of the Kubernetes cluster", since = "4.21.0")
     private Long clusterId;
 
     /////////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
index ed3c4dc0cef1..d2adb4ba9b8c 100755
--- a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
@@ -2130,7 +2130,7 @@ private VMTemplateVO updateTemplateOrIso(BaseUpdateTemplateOrIsoCmd cmd) {
         Map details = cmd.getDetails();
         Account account = CallContext.current().getCallingAccount();
         boolean cleanupDetails = cmd.isCleanupDetails();
-        boolean forCks = cmd instanceof UpdateTemplateCmd && ((UpdateTemplateCmd) cmd).getForCks();
+        Boolean forCks = cmd instanceof UpdateTemplateCmd ? ((UpdateTemplateCmd) cmd).getForCks() : null;
         CPU.CPUArch arch = cmd.getCPUArch();
 
         // verify that template exists
@@ -2180,6 +2180,7 @@ private VMTemplateVO updateTemplateOrIso(BaseUpdateTemplateOrIsoCmd cmd) {
                   isRoutingTemplate == null &&
                   templateType == null &&
                   templateTag == null &&
+                  forCks == null &&
                   arch == null &&
                   (! cleanupDetails && details == null) //update details in every case except this one
                   );
@@ -2284,7 +2285,9 @@ else if (details != null && !details.isEmpty()) {
             template.setDetails(details);
             _tmpltDao.saveDetails(template);
         }
-        template.setForCks(forCks);
+        if (forCks != null) {
+            template.setForCks(forCks);
+        }
 
         _tmpltDao.update(id, template);
 
diff --git a/test/integration/smoke/test_kubernetes_clusters.py b/test/integration/smoke/test_kubernetes_clusters.py
index 58ec7ca9b74a..accaf3ad0c6a 100644
--- a/test/integration/smoke/test_kubernetes_clusters.py
+++ b/test/integration/smoke/test_kubernetes_clusters.py
@@ -35,7 +35,9 @@
                                   destroyVirtualMachine,
                                   deleteNetwork,
                                   addVirtualMachinesToKubernetesCluster,
-                                  removeVirtualMachinesFromKubernetesCluster)
+                                  removeVirtualMachinesFromKubernetesCluster,
+                                  addNodesToKubernetesCluster,
+                                  removeNodesFromKubernetesCluster)
 from marvin.cloudstackException import CloudstackAPIException
 from marvin.codes import PASS, FAILED
 from marvin.lib.base import (Template,
@@ -49,28 +51,84 @@
                              VPC,
                              NetworkACLList,
                              NetworkACL,
-                             VirtualMachine)
+                             VirtualMachine,
+                             PublicIPAddress,
+                             FireWallRule,
+                             NATRule)
 from marvin.lib.utils import (cleanup_resources,
                               validateList,
                               random_gen)
 from marvin.lib.common import (get_zone,
                                get_domain,
-                               get_template)
+                               get_template,
+                               get_test_template)
 from marvin.sshClient import SshClient
 from nose.plugins.attrib import attr
 from marvin.lib.decoratorGenerators import skipTestIf
 
 from kubernetes import client, config
-import time, io, yaml
+import time, io, yaml, random
 
 _multiprocess_shared_ = True
 
 k8s_cluster = None
+k8s_cluster_node_offerings = None
 VPC_DATA = {
     "cidr": "10.1.0.0/22",
     "tier1_gateway": "10.1.1.1",
     "tier_netmask": "255.255.255.0"
 }
+RAND_SUFFIX = random_gen()
+NODES_TEMPLATE = {
+    "kvm": {
+        "name": "cks-u2204-kvm-" + RAND_SUFFIX,
+        "displaytext": "cks-u2204-kvm-" + RAND_SUFFIX,
+        "format": "qcow2",
+        "hypervisor": "kvm",
+        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-kvm.qcow2.bz2",
+        "requireshvm": "True",
+        "ispublic": "True",
+        "isextractable": "True",
+        "forcks": "True"
+    },
+    "xenserver": {
+        "name": "cks-u2204-hyperv-" + RAND_SUFFIX,
+        "displaytext": "cks-u2204-hyperv-" + RAND_SUFFIX,
+        "format": "vhd",
+        "hypervisor": "xenserver",
+        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-hyperv.vhd.zip",
+        "requireshvm": "True",
+        "ispublic": "True",
+        "isextractable": "True",
+        "forcks": "True"
+    },
+    "hyperv": {
+        "name": "cks-u2204-hyperv-" + RAND_SUFFIX,
+        "displaytext": "cks-u2204-hyperv-" + RAND_SUFFIX,
+        "format": "vhd",
+        "hypervisor": "hyperv",
+        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-hyperv.vhd.zip",
+        "requireshvm": "True",
+        "ispublic": "True",
+        "isextractable": "True",
+        "forcks": "True"
+    },
+    "vmware": {
+        "name": "cks-u2204-vmware-" + RAND_SUFFIX,
+        "displaytext": "cks-u2204-vmware-" + RAND_SUFFIX,
+        "format": "ova",
+        "hypervisor": "vmware",
+        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-vmware.ova",
+        "requireshvm": "True",
+        "ispublic": "True",
+        "isextractable": "True",
+        "forcks": "True"
+    }
+}
 
 class TestKubernetesCluster(cloudstackTestCase):
 
@@ -84,6 +142,7 @@ def setUpClass(cls):
         cls.mgtSvrDetails = cls.config.__dict__["mgtSvr"][0].__dict__
 
         cls.hypervisorNotSupported = False
+        cls.hypervisorIsNotVmware = cls.hypervisor.lower() != "vmware"
         if cls.hypervisor.lower() not in ["kvm", "vmware", "xenserver"]:
             cls.hypervisorNotSupported = True
         cls.setup_failed = False
@@ -129,6 +188,15 @@ def setUpClass(cls):
                         (cls.services["cks_kubernetes_versions"][cls.k8s_version_to]["semanticversion"], cls.services["cks_kubernetes_versions"][cls.k8s_version_to]["url"], e))
 
             if cls.setup_failed == False:
+                cls.nodes_template = None
+                cls.mgmtSshKey = None
+                if cls.hypervisor.lower() == "vmware":
+                    cls.nodes_template = get_test_template(cls.apiclient,
+                                                           cls.zone.id,
+                                                           cls.hypervisor,
+                                                           NODES_TEMPLATE)
+                    cls.nodes_template.update(cls.apiclient, forcks=True)
+                    cls.mgmtSshKey = cls.getMgmtSshKey()
                 cks_offering_data = cls.services["cks_service_offering"]
                 cks_offering_data["name"] = 'CKS-Instance-' + random_gen()
                 cls.cks_service_offering = ServiceOffering.create(
@@ -222,6 +290,19 @@ def updateVmwareSettings(cls, tearDown):
                                       name="vmware.create.full.clone",
                                       value=value)
 
+    @classmethod
+    def getMgmtSshKey(cls):
+        """Get the management server SSH public key"""
+        sshClient = SshClient(
+            cls.mgtSvrDetails["mgtSvrIp"],
+            22,
+            cls.mgtSvrDetails["user"],
+            cls.mgtSvrDetails["passwd"]
+        )
+        command = "cat /var/cloudstack/management/.ssh/id_rsa.pub"
+        response = sshClient.execute(command)
+        return str(response[0])
+
     @classmethod
     def restartServer(cls):
         """Restart management server"""
@@ -666,8 +747,12 @@ def test_11_test_unmanaged_cluster_lifecycle(self):
     def test_12_test_deploy_cluster_different_offerings_per_node_type(self):
         """Test creating a CKS cluster with different offerings per node type
 
-        # Validate the following:
+        # Validate the following on Kubernetes cluster creation:
+        # - Use a service offering for control nodes
+        # - Use a service offering for worker nodes
         """
+        if self.setup_failed == True:
+            self.fail("Setup incomplete")
         cluster = self.getValidKubernetesCluster(worker_offering=self.cks_worker_nodes_offering,
                                                  control_offering=self.cks_control_nodes_offering)
         self.assertEqual(
@@ -685,6 +770,117 @@ def test_12_test_deploy_cluster_different_offerings_per_node_type(self):
             0,
             "No Etcd Nodes expected but got {}".format(cluster.etcdnodes)
         )
+        self.debug("Deleting Kubernetes cluster with ID: %s" % cluster.id)
+        self.deleteKubernetesClusterAndVerify(cluster.id)
+        return
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorIsNotVmware")
+    def test_13_test_add_external_nodes_to_cluster(self):
+        """Test creating a CKS cluster with different offerings per node type
+
+        # Validate the following:
+        # - Deploy Kubernetes Cluster
+        # - Deploy VM on the same network as the Kubernetes cluster with the worker nodes offering and CKS ready template
+        # - Add external node to the Kubernetes Cluster
+        """
+        if self.setup_failed == True:
+            self.fail("Setup incomplete")
+        cluster = self.getValidKubernetesCluster(worker_offering=self.cks_worker_nodes_offering,
+                                                 control_offering=self.cks_control_nodes_offering)
+        self.assertEqual(
+            cluster.size,
+            1,
+            "Expected 1 worker node but got {}".format(cluster.size)
+        )
+        self.services["virtual_machine"]["template"] = self.nodes_template.id
+        external_node = VirtualMachine.create(self.apiclient,
+                                             self.services["virtual_machine"],
+                                             zoneid=self.zone.id,
+                                             accountid=self.account.name,
+                                             domainid=self.account.domainid,
+                                             serviceofferingid=self.cks_worker_nodes_offering.id,
+                                             networkids=cluster.networkid)
+
+        # Acquire public IP and create Port Forwarding Rule and Firewall rule for SSH access
+        free_ip_addresses = PublicIPAddress.list(
+            self.apiclient,
+            domainid=self.account.domainid,
+            account=self.account.name,
+            forvirtualnetwork=True,
+            state='Free'
+        )
+        random.shuffle(free_ip_addresses)
+        external_node_ip = free_ip_addresses[0]
+        external_node_ipaddress = PublicIPAddress.create(
+            self.apiclient,
+            zoneid=self.zone.id,
+            networkid=cluster.networkid,
+            ipaddress=external_node_ip.ipaddress
+        )
+        self.debug("Creating Firewall rule for VM ID: %s" % external_node.id)
+        fw_rule = FireWallRule.create(
+            self.apiclient,
+            ipaddressid=external_node_ip.id,
+            protocol='TCP',
+            cidrlist=['0.0.0.0/0'],
+            startport=22,
+            endport=22
+        )
+        pf_rule = {
+            "privateport": 22,
+            "publicport": 22,
+            "protocol": "TCP"
+        }
+        nat_rule = NATRule.create(
+            self.apiclient,
+            external_node,
+            pf_rule,
+            ipaddressid=external_node_ip.id
+        )
+
+        # Add the management server SSH key to the authorized hosts on the external node
+        node_ssh_client = SshClient(
+            external_node_ip.ipaddress,
+            22,
+            'cloud',
+            'cloud',
+            retries=30,
+            delay=10
+        )
+        node_ssh_client.execute("echo '" + self.mgmtSshKey + "' > ~/.ssh/authorized_keys")
+
+        self.addExternalNodesToKubernetesCluster(cluster.id, [external_node.id])
+        self.assertEqual(
+            cluster.size,
+            2,
+            "Expected 2 worker nodes but got {}".format(cluster.size)
+        )
+        self.removeExternalNodesFromKubernetesCluster(cluster.id, [external_node.id])
+        self.assertEqual(
+            cluster.size,
+            1,
+            "Expected 1 worker node but got {}".format(cluster.size)
+        )
+        nat_rule.delete(self.apiclient)
+        fw_rule.delete(self.apiclient)
+        external_node_ipaddress.delete(self.apiclient)
+        VirtualMachine.delete(external_node, self.apiclient, expunge=True)
+        self.debug("Deleting Kubernetes cluster with ID: %s" % cluster.id)
+        self.deleteKubernetesClusterAndVerify(cluster.id)
+        return
+
+    def addExternalNodesToKubernetesCluster(self, cluster_id, vm_list):
+        cmd = addNodesToKubernetesCluster.addNodesToKubernetesClusterCmd()
+        cmd.id = cluster_id
+        cmd.nodeids = vm_list
+        return self.apiclient.addNodesToKubernetesCluster(cmd)
+
+    def removeExternalNodesFromKubernetesCluster(self, cluster_id, vm_list):
+        cmd = removeNodesFromKubernetesCluster.removeNodesFromKubernetesClusterCmd()
+        cmd.id = cluster_id
+        cmd.nodeids = vm_list
+        return self.apiclient.removeNodesFromKubernetesCluster(cmd)
 
     def addVirtualMachinesToKubernetesCluster(self, cluster_id, vm_list):
         cmd = addVirtualMachinesToKubernetesCluster.addVirtualMachinesToKubernetesClusterCmd()
diff --git a/tools/apidoc/gen_toc.py b/tools/apidoc/gen_toc.py
index 8d28749a637b..fc7cfb18164f 100644
--- a/tools/apidoc/gen_toc.py
+++ b/tools/apidoc/gen_toc.py
@@ -256,6 +256,8 @@
     'deleteASNRange': 'AS Number Range',
     'listASNumbers': 'AS Number',
     'releaseASNumber': 'AS Number',
+    'addNodesToKubernetesCluster': 'Kubernetes Service',
+    'removeNodesFromKubernetesCluster': 'Kubernetes Service'
 }
 
 

From e8a96d4c7c3486ea53b588e2596e1906d026be3d Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 14 Jan 2025 00:47:13 -0300
Subject: [PATCH 66/88] Fix marvin test for adding and removing external nodes

---
 .../KubernetesClusterActionWorker.java        |  3 +-
 .../smoke/test_kubernetes_clusters.py         | 34 +++++++++++--------
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 5c1199f222ae..eba2b8535ab8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -720,7 +720,8 @@ protected void copyScriptFile(String nodeAddress, final int sshPort, File file,
             }
             SshHelper.scpTo(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
                 "~/", file.getAbsolutePath(), "0755", 20000, 30 * 60 * 1000);
-            String cmdStr = String.format("sudo mv ~/%s %s/%s", file.getName(), scriptPath, destination);
+            // Ensure destination dir scriptPath exists and copy file to destination
+            String cmdStr = String.format("sudo mkdir -p %s ; sudo mv ~/%s %s/%s", scriptPath, file.getName(), scriptPath, destination);
             SshHelper.sshExecute(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
                 cmdStr, 10000, 10000, 10 * 60 * 1000);
         } catch (Exception e) {
diff --git a/test/integration/smoke/test_kubernetes_clusters.py b/test/integration/smoke/test_kubernetes_clusters.py
index accaf3ad0c6a..a77829bc255b 100644
--- a/test/integration/smoke/test_kubernetes_clusters.py
+++ b/test/integration/smoke/test_kubernetes_clusters.py
@@ -85,7 +85,7 @@
         "displaytext": "cks-u2204-kvm-" + RAND_SUFFIX,
         "format": "qcow2",
         "hypervisor": "kvm",
-        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "ostype": "Ubuntu 22.04 LTS",
         "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-kvm.qcow2.bz2",
         "requireshvm": "True",
         "ispublic": "True",
@@ -97,7 +97,7 @@
         "displaytext": "cks-u2204-hyperv-" + RAND_SUFFIX,
         "format": "vhd",
         "hypervisor": "xenserver",
-        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "ostype": "Ubuntu 22.04 LTS",
         "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-hyperv.vhd.zip",
         "requireshvm": "True",
         "ispublic": "True",
@@ -109,7 +109,7 @@
         "displaytext": "cks-u2204-hyperv-" + RAND_SUFFIX,
         "format": "vhd",
         "hypervisor": "hyperv",
-        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "ostype": "Ubuntu 22.04 LTS",
         "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-hyperv.vhd.zip",
         "requireshvm": "True",
         "ispublic": "True",
@@ -121,7 +121,7 @@
         "displaytext": "cks-u2204-vmware-" + RAND_SUFFIX,
         "format": "ova",
         "hypervisor": "vmware",
-        "ostypeid": "5d83ac5d-d03c-4743-9629-7d70b5928f7f",
+        "ostype": "Ubuntu 22.04 LTS",
         "url": "https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/cks-ubuntu-2204-vmware.ova",
         "requireshvm": "True",
         "ispublic": "True",
@@ -777,12 +777,13 @@ def test_12_test_deploy_cluster_different_offerings_per_node_type(self):
     @attr(tags=["advanced", "smoke"], required_hardware="true")
     @skipTestIf("hypervisorIsNotVmware")
     def test_13_test_add_external_nodes_to_cluster(self):
-        """Test creating a CKS cluster with different offerings per node type
+        """Test adding and removing external nodes to CKS clusters
 
         # Validate the following:
         # - Deploy Kubernetes Cluster
         # - Deploy VM on the same network as the Kubernetes cluster with the worker nodes offering and CKS ready template
         # - Add external node to the Kubernetes Cluster
+        # - Remove external node from the Kubernetes Cluster
         """
         if self.setup_failed == True:
             self.fail("Setup incomplete")
@@ -795,12 +796,14 @@ def test_13_test_add_external_nodes_to_cluster(self):
         )
         self.services["virtual_machine"]["template"] = self.nodes_template.id
         external_node = VirtualMachine.create(self.apiclient,
-                                             self.services["virtual_machine"],
-                                             zoneid=self.zone.id,
-                                             accountid=self.account.name,
-                                             domainid=self.account.domainid,
-                                             serviceofferingid=self.cks_worker_nodes_offering.id,
-                                             networkids=cluster.networkid)
+                                              self.services["virtual_machine"],
+                                              zoneid=self.zone.id,
+                                              accountid=self.account.name,
+                                              domainid=self.account.domainid,
+                                              rootdiskcontroller="osdefault",
+                                              rootdisksize=8,
+                                              serviceofferingid=self.cks_worker_nodes_offering.id,
+                                              networkids=cluster.networkid)
 
         # Acquire public IP and create Port Forwarding Rule and Firewall rule for SSH access
         free_ip_addresses = PublicIPAddress.list(
@@ -849,22 +852,25 @@ def test_13_test_add_external_nodes_to_cluster(self):
             delay=10
         )
         node_ssh_client.execute("echo '" + self.mgmtSshKey + "' > ~/.ssh/authorized_keys")
+        # Remove acquired public IP address and rules
+        nat_rule.delete(self.apiclient)
+        fw_rule.delete(self.apiclient)
+        external_node_ipaddress.delete(self.apiclient)
 
         self.addExternalNodesToKubernetesCluster(cluster.id, [external_node.id])
+        cluster = self.listKubernetesCluster(cluster.id)
         self.assertEqual(
             cluster.size,
             2,
             "Expected 2 worker nodes but got {}".format(cluster.size)
         )
         self.removeExternalNodesFromKubernetesCluster(cluster.id, [external_node.id])
+        cluster = self.listKubernetesCluster(cluster.id)
         self.assertEqual(
             cluster.size,
             1,
             "Expected 1 worker node but got {}".format(cluster.size)
         )
-        nat_rule.delete(self.apiclient)
-        fw_rule.delete(self.apiclient)
-        external_node_ipaddress.delete(self.apiclient)
         VirtualMachine.delete(external_node, self.apiclient, expunge=True)
         self.debug("Deleting Kubernetes cluster with ID: %s" % cluster.id)
         self.deleteKubernetesClusterAndVerify(cluster.id)

From f53d137286ec5abd3ce31ff190a80d7b8098c324 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Sun, 23 Feb 2025 23:20:43 -0300
Subject: [PATCH 67/88] Fix since version on API params

---
 api/src/main/java/com/cloud/server/ManagementService.java     | 2 +-
 .../api/command/user/template/RegisterTemplateCmd.java        | 2 +-
 .../api/command/user/userdata/DeleteCniConfigurationCmd.java  | 2 +-
 .../api/command/user/userdata/ListCniConfigurationCmd.java    | 2 +-
 .../command/user/userdata/RegisterCniConfigurationCmd.java    | 4 ++--
 .../user/kubernetes/cluster/CreateKubernetesClusterCmd.java   | 4 ++--
 .../src/main/java/com/cloud/server/ManagementServerImpl.java  | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/api/src/main/java/com/cloud/server/ManagementService.java b/api/src/main/java/com/cloud/server/ManagementService.java
index 3b8fb2c5e4b9..d8c2eeffc3f7 100644
--- a/api/src/main/java/com/cloud/server/ManagementService.java
+++ b/api/src/main/java/com/cloud/server/ManagementService.java
@@ -370,7 +370,7 @@ public interface ManagementService {
      * @param cmd    The api command class.
      * @return A VO with the registered userdata.
      */
-    UserData registerCniConfigration(RegisterCniConfigurationCmd cmd);
+    UserData registerCniConfiguration(RegisterCniConfigurationCmd cmd);
 
     /**
      * Registers a userdata.
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
index b7c14a6d3c89..6ea149fd90de 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/RegisterTemplateCmd.java
@@ -170,7 +170,7 @@ public class RegisterTemplateCmd extends BaseCmd implements UserCmd {
 
     @Parameter(name=ApiConstants.FOR_CKS,
             type = CommandType.BOOLEAN,
-            description = "if true, the templates would be available for deploying CKS clusters", since = "4.20.0")
+            description = "if true, the templates would be available for deploying CKS clusters", since = "4.21.0")
     protected Boolean forCks;
 
     @Parameter(name = ApiConstants.TEMPLATE_TYPE, type = CommandType.STRING,
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
index 286ad1f9d2e1..819b3761ddb6 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
@@ -30,7 +30,7 @@
 
 
 @APICommand(name = "deleteCniConfiguration", description = "Deletes a CNI Configuration", responseObject = SuccessResponse.class, entityType = {UserData.class},
-        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.19",
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.21.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class DeleteCniConfigurationCmd extends DeleteUserDataCmd {
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
index 86b02bd18d0e..2270bce942bb 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
@@ -30,7 +30,7 @@
 import java.util.List;
 
 @APICommand(name = "listCniConfiguration", description = "List userdata for CNI plugins", responseObject = UserDataResponse.class, entityType = {UserData.class},
-        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.20",
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.21.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class ListCniConfigurationCmd extends ListUserDataCmd {
     public static final Logger logger = LogManager.getLogger(ListCniConfigurationCmd.class.getName());
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
index 87ad87dc1a0b..eb80da3be05b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterCniConfigurationCmd.java
@@ -29,7 +29,7 @@
 
 @APICommand(name = "registerCniConfiguration",
         description = "Register a CNI Configuration to be used with CKS cluster",
-        since = "4.19.0",
+        since = "4.21.0",
         responseObject = SuccessResponse.class,
         requestHasSensitiveInfo = false,
         responseHasSensitiveInfo = false,
@@ -58,7 +58,7 @@ public String getCniConfig() {
 
     @Override
     public void execute() {
-        UserData result = _mgr.registerCniConfigration(this);
+        UserData result = _mgr.registerCniConfiguration(this);
         UserDataResponse response = _responseGenerator.createUserDataResponse(result);
         response.setResponseName(getCommandName());
         response.setObjectName(ApiConstants.CNI_CONFIG);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 10db364cef3f..fbf7dd5e69a9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -194,13 +194,13 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "the hypervisor on which the CKS cluster is to be deployed. This is required if the zone in which the CKS cluster is being deployed has clusters with different hypervisor types.")
     private String hypervisor;
 
-    @Parameter(name = ApiConstants.CNI_CONFIG_ID, type = CommandType.UUID, entityType = UserDataResponse.class, description = "the ID of the Userdata", since = "4.19.0")
+    @Parameter(name = ApiConstants.CNI_CONFIG_ID, type = CommandType.UUID, entityType = UserDataResponse.class, description = "the ID of the Userdata", since = "4.21.0")
     private Long cniConfigId;
 
     @Parameter(name = ApiConstants.CNI_CONFIG_DETAILS, type = CommandType.MAP,
             description = "used to specify the parameters values for the variables in userdata. " +
                     "Example: cniconfigdetails[0].key=accesskey&cniconfigdetails[0].value=s389ddssaa&" +
-                    "cniconfigdetails[1].key=secretkey&cniconfigdetails[1].value=8dshfsss", since = "4.19.0")
+                    "cniconfigdetails[1].key=secretkey&cniconfigdetails[1].value=8dshfsss", since = "4.21.0")
     private Map cniConfigDetails;
 
     @Parameter(name=ApiConstants.AS_NUMBER, type=CommandType.LONG, description="the AS Number of the network")
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 856b607e657d..b46293035779 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -4882,7 +4882,7 @@ public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataC
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_REGISTER_CNI_CONFIG, eventDescription = "registering CNI configration", async = true)
-    public UserData registerCniConfigration(RegisterCniConfigurationCmd cmd) {
+    public UserData registerCniConfiguration(RegisterCniConfigurationCmd cmd) {
         final Account owner = getOwner(cmd);
         checkForUserDataByName(cmd, owner);
         final String name = cmd.getName();

From 6568c5086d43ec4ae75a5b9ff540b68f7faa44bc Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Sun, 23 Feb 2025 23:37:00 -0300
Subject: [PATCH 68/88] Address review comments

---
 .../kubernetes/cluster/KubernetesClusterManagerImpl.java  | 4 ++--
 .../kubernetes/cluster/KubernetesServiceHelperImpl.java   | 2 +-
 .../KubernetesClusterResourceModifierActionWorker.java    | 2 +-
 .../actionworkers/KubernetesClusterScaleWorker.java       | 4 ++--
 .../kubernetes/cluster/CreateKubernetesClusterCmd.java    | 8 ++++----
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index ccc80daa7d70..052a6e8d3ab8 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1927,7 +1927,7 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
 
         String[] keys = getServiceUserKeys(kubernetesCluster);
         KubernetesClusterScaleWorker scaleWorker =
-            new KubernetesClusterScaleWorker(kubernetesClusterDao.findById(cmd.getId()),
+            new KubernetesClusterScaleWorker(kubernetesCluster,
                 nodeToOfferingMap,
                 cmd.getClusterSize(),
                 cmd.getNodeIds(),
@@ -1942,7 +1942,7 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
 
     /**
      * Creates a map for the requested node type service offering
-     * For the node type ALL: Every node is scaled to the same offering
+     * For the node type DEFAULT: Every node is scaled to the same offering
      */
     protected Map<String, ServiceOffering> createNodeTypeToServiceOfferingMap(Map<String, Long> idsMapping,
                                                                               Long serviceOfferingId, KubernetesClusterVO kubernetesCluster) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
index 98dddd310c42..aa39e6800a15 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
@@ -167,7 +167,7 @@ protected void checkNodeTypeOfferingEntryValues(String nodeTypeStr, ServiceOffer
 
     protected void addNodeTypeOfferingEntry(String nodeTypeStr, String serviceOfferingUuid, ServiceOffering serviceOffering, Map<String, Long> mapping) {
         if (logger.isDebugEnabled()) {
-            logger.debug(String.format("Node Type: '%s' should use Service Offering ID: '%s'", nodeTypeStr, serviceOfferingUuid));
+            logger.debug("Node Type: '{}' should use Service Offering ID: '{}'", nodeTypeStr, serviceOfferingUuid);
         }
         KubernetesClusterNodeType nodeType = KubernetesClusterNodeType.valueOf(nodeTypeStr.toUpperCase());
         mapping.put(nodeType.name(), serviceOffering.getId());
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 7d96e022a8c9..a3bef9cfddbe 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -282,7 +282,7 @@ protected Map<String, DeployDestination> planKubernetesCluster(Long domainId, Lo
             }
             ServiceOffering nodeOffering = getServiceOfferingForNodeTypeOnCluster(nodeType, kubernetesCluster);
             if (logger.isDebugEnabled()) {
-                logger.debug(String.format("Checking deployment destination for %s nodes on Kubernetes cluster : %s in zone : %s", nodeType.name(), kubernetesCluster.getName(), zone.getName()));
+                logger.debug("Checking deployment destination for {} nodes on Kubernetes cluster : {} in zone : {}", nodeType.name(), kubernetesCluster.getName(), zone.getName());
             }
             DeployDestination planForNodeType = plan(nodes, zone, nodeOffering, domainId, accountId, hypervisorType);
             destinationMap.put(nodeType.name(), planForNodeType);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 9f0ce8483744..ba5241d5be5b 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -528,7 +528,8 @@ public boolean scaleCluster() throws CloudRuntimeException {
         }
         scaleTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterScaleTimeout.value() * 1000;
         final long originalClusterSize = kubernetesCluster.getNodeCount();
-        if (serviceOfferingNodeTypeMap.containsKey(DEFAULT.name())) {
+        boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
+        if (hasDefaultOffering) {
             final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
             if (existingServiceOffering == null) {
                 logAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster : %s failed, service offering for the Kubernetes cluster not found!", kubernetesCluster.getName()));
@@ -536,7 +537,6 @@ public boolean scaleCluster() throws CloudRuntimeException {
         }
 
         final boolean autoscalingChanged = isAutoscalingChanged();
-        boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
         Long existingDefaultOfferingId = kubernetesCluster.getServiceOfferingId();
         ServiceOffering defaultServiceOffering = serviceOfferingNodeTypeMap.getOrDefault(DEFAULT.name(), null);
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index fbf7dd5e69a9..7dd2978a5e37 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -111,23 +111,23 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.SERVICE_OFFERING_ID, type = CommandType.UUID, entityType = ServiceOfferingResponse.class,
             description = "the ID of the service offering for the virtual machines in the cluster.")
-    protected Long serviceOfferingId;
+    private Long serviceOfferingId;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.NODE_TYPE_OFFERING_MAP, type = CommandType.MAP,
             description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter")
-    protected Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
+    private Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.NODE_TYPE_TEMPLATE_MAP, type = CommandType.MAP,
             description = "(Optional) Node Type to Template ID mapping. If provided, it overrides the default template: System VM template")
-    protected Map<String, Map<String, String>> templateNodeTypeMap;
+    private Map<String, Map<String, String>> templateNodeTypeMap;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.ETCD_NODES, type = CommandType.LONG,
             description = "(Optional) Number of Kubernetes cluster etcd nodes, default is 0." +
                     "In case the number is greater than 0, etcd nodes are separate from master nodes and are provisioned accordingly")
-    protected Long etcdNodes;
+    private Long etcdNodes;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the" +

From 82e0bf534b9fb1d9b17ab5273445432d8a3a7015 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Mon, 24 Feb 2025 08:31:15 -0300
Subject: [PATCH 69/88] Fix unit test

---
 .../com/cloud/upgrade/dao/Upgrade42010to42100Test.java    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/engine/schema/src/test/java/com/cloud/upgrade/dao/Upgrade42010to42100Test.java b/engine/schema/src/test/java/com/cloud/upgrade/dao/Upgrade42010to42100Test.java
index 035790f0716a..16908f6aaac0 100644
--- a/engine/schema/src/test/java/com/cloud/upgrade/dao/Upgrade42010to42100Test.java
+++ b/engine/schema/src/test/java/com/cloud/upgrade/dao/Upgrade42010to42100Test.java
@@ -16,10 +16,12 @@
 // under the License.
 package com.cloud.upgrade.dao;
 
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.when;
 
 import java.sql.Connection;
 import java.sql.PreparedStatement;
+import java.sql.ResultSet;
 import java.sql.SQLException;
 
 import org.junit.Test;
@@ -64,6 +66,12 @@ public void testPerformDataMigration() throws SQLException {
                         "         ELSE 0" +
                         "     END WHERE scope IS NOT NULL;";
                 when(txn.prepareAutoCloseStatement(sql)).thenReturn(pstmt);
+
+                PreparedStatement preparedStatement = Mockito.mock(PreparedStatement.class);
+                ResultSet resultSet = Mockito.mock(ResultSet.class);
+                Mockito.when(resultSet.next()).thenReturn(false);
+                Mockito.when(preparedStatement.executeQuery()).thenReturn(resultSet);
+                Mockito.when(conn.prepareStatement(anyString())).thenReturn(preparedStatement);
                 upgrade.performDataMigration(conn);
 
                 Mockito.verify(pstmt, Mockito.times(1)).executeUpdate();

From ddaa65f4f362f227d1db0bbf8eb44ad5c35b4547 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 25 Feb 2025 10:35:12 -0300
Subject: [PATCH 70/88] Address review comments

---
 .../user/userdata/DeleteCniConfigurationCmd.java   |  4 ++--
 .../cloudstack/api/response/TemplateResponse.java  |  2 +-
 .../cluster/KubernetesClusterManagerImpl.java      |  3 +--
 .../cluster/KubernetesClusterService.java          | 14 +++++++-------
 .../KubernetesClusterStartWorker.java              |  6 +++---
 .../cluster/AddNodesToKubernetesClusterCmd.java    |  9 +++------
 .../cluster/CreateKubernetesClusterCmd.java        | 12 ++++++++----
 .../RemoveNodesFromKubernetesClusterCmd.java       |  5 ++---
 .../cluster/ScaleKubernetesClusterCmd.java         |  3 ++-
 .../main/java/com/cloud/api/ApiResponseHelper.java |  2 +-
 10 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
index 819b3761ddb6..8faa612d3d97 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/DeleteCniConfigurationCmd.java
@@ -34,7 +34,7 @@
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class DeleteCniConfigurationCmd extends DeleteUserDataCmd {
 
-    public static final Logger logger = LogManager.getLogger(DeleteUserDataCmd.class.getName());
+    public static final Logger logger = LogManager.getLogger(DeleteCniConfigurationCmd.class.getName());
 
 
     /////////////////////////////////////////////////////
@@ -49,7 +49,7 @@ public void execute() {
             response.setSuccess(result);
             setResponseObject(response);
         } else {
-            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete userdata");
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete CNI configuration");
         }
     }
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
index dac3c0554a3b..a6c624e26783 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/TemplateResponse.java
@@ -210,7 +210,7 @@ public class TemplateResponse extends BaseResponseWithTagInformation implements
 
     @SerializedName(ApiConstants.FOR_CKS)
     @Param(description = "If true it indicates that the template can be used for CKS cluster deployments",
-            since = "4.20")
+            since = "4.21.0")
     private Boolean forCks;
 
     @SerializedName(ApiConstants.DEPLOY_AS_IS_DETAILS)
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 052a6e8d3ab8..33fd6bb1665c 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -805,8 +805,6 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
         response.setClusterType(kubernetesCluster.getClusterType());
         response.setCreated(kubernetesCluster.getCreated());
 
-
-
         return response;
     }
 
@@ -2476,6 +2474,7 @@ public ConfigKey<?>[] getConfigKeys() {
             KubernetesClusterUpgradeTimeout,
             KubernetesClusterUpgradeRetries,
             KubernetesClusterAddNodeTimeout,
+            KubernetesClusterRemoveNodeTimeout,
             KubernetesClusterExperimentalFeaturesEnabled,
             KubernetesMaxClusterSize,
             KubernetesControlNodeInstallAttemptWait,
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index ad7aef3250b6..b486a5516a15 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -88,13 +88,13 @@ public interface KubernetesClusterService extends PluggableService, Configurable
     static final ConfigKey<Long> KubernetesClusterAddNodeTimeout = new ConfigKey<Long>("Advanced", Long.class,
             "cloud.kubernetes.cluster.add.node.timeout",
             "3600",
-            "Timeout interval (in seconds) in which an external node(VM / baremetal host) addition to a cluster should be completed",
+            "Timeout interval (in seconds) in which an external node (VM / baremetal host) addition to a cluster should be completed",
             true,
             KubernetesServiceEnabled.key());
     static final ConfigKey<Long> KubernetesClusterRemoveNodeTimeout = new ConfigKey<Long>("Advanced", Long.class,
-            "cloud.kubernetes.cluster.add.node.timeout",
+            "cloud.kubernetes.cluster.remove.node.timeout",
             "900",
-            "Timeout interval (in seconds) in which an external node(VM / baremetal host) removal from a cluster should be completed",
+            "Timeout interval (in seconds) in which an external node (VM / baremetal host) removal from a cluster should be completed",
             true,
             KubernetesServiceEnabled.key());
     static final ConfigKey<Boolean> KubernetesClusterExperimentalFeaturesEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class,
@@ -113,25 +113,25 @@ public interface KubernetesClusterService extends PluggableService, Configurable
     static final ConfigKey<Long> KubernetesControlNodeInstallAttemptWait = new ConfigKey<Long>("Advanced", Long.class,
             "cloud.kubernetes.control.node.install.attempt.wait.duration",
             "15",
-            "Time in seconds for the installation process to wait before it re-attempts",
+            "Control Nodes: Time in seconds for the installation process to wait before it re-attempts",
             true,
             KubernetesServiceEnabled.key());
     static final ConfigKey<Long> KubernetesControlNodeInstallReattempts = new ConfigKey<Long>("Advanced", Long.class,
             "cloud.kubernetes.control.node.install.reattempt.count",
             "100",
-            "Number of times the offline installation of K8S will be re-attempted",
+            "Control Nodes: Number of times the offline installation of K8S will be re-attempted",
             true,
             KubernetesServiceEnabled.key());
     final ConfigKey<Long> KubernetesWorkerNodeInstallAttemptWait = new ConfigKey<Long>("Advanced", Long.class,
             "cloud.kubernetes.worker.node.install.attempt.wait.duration",
             "30",
-            "Time in seconds for the installation process to wait before it re-attempts",
+            "Worker Nodes: Time in seconds for the installation process to wait before it re-attempts",
             true,
             KubernetesServiceEnabled.key());
     static final ConfigKey<Long> KubernetesWorkerNodeInstallReattempts = new ConfigKey<Long>("Advanced", Long.class,
             "cloud.kubernetes.worker.node.install.reattempt.count",
             "40",
-            "Number of times the offline installation of K8S will be re-attempted",
+            "Worker Nodes: Number of times the offline installation of K8S will be re-attempted",
             true,
             KubernetesServiceEnabled.key());
     static final ConfigKey<Integer> KubernetesEtcdNodeStartPort = new ConfigKey<Integer>("Advanced", Integer.class,
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 48b0c12ecd2f..5b0214f20954 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -334,10 +334,10 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
     }
 
     private String getInitialEtcdClusterDetails(List<String> ipAddresses, List<String> hostnames) {
-        String initialCluster = "%s=http://%s:2380";
+        String initialCluster = "%s=http://%s:%s";
         StringBuilder clusterInfo = new StringBuilder();
             for (int i = 0; i < ipAddresses.size(); i++) {
-                clusterInfo.append(String.format(initialCluster, hostnames.get(i), ipAddresses.get(i)));
+                clusterInfo.append(String.format(initialCluster, hostnames.get(i), ipAddresses.get(i), KubernetesClusterActionWorker.ETCD_NODE_PEER_COMM_PORT));
                 if (i < ipAddresses.size()-1) {
                     clusterInfo.append(",");
                 }
@@ -353,7 +353,7 @@ private String getInitialEtcdClusterDetails(List<String> ipAddresses, List<Strin
     private String getEtcdEndpointList(List<Network.IpAddresses> ipAddresses) {
         StringBuilder endpoints = new StringBuilder();
         for (int i = 0; i < ipAddresses.size(); i++) {
-            endpoints.append(String.format("- http://%s:2379", ipAddresses.get(i).getIp4Address()));
+            endpoints.append(String.format("- http://%s:%s", ipAddresses.get(i).getIp4Address(), KubernetesClusterActionWorker.ETCD_NODE_CLIENT_REQUEST_PORT));
             if (i < ipAddresses.size()-1) {
                 endpoints.append("\n          ");
             }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
index 09cbefe0bf8e..71cc8ffcde23 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/AddNodesToKubernetesClusterCmd.java
@@ -52,8 +52,7 @@ public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
             entityType= UserVmResponse.class,
             description = "comma separated list of (external) node (physical or virtual machines) IDs that need to be" +
                     "added as worker nodes to an existing managed Kubernetes cluster (CKS)",
-            required = true,
-            since = "4.21.0")
+            required = true)
     private List<Long> nodeIds;
 
     @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
@@ -62,13 +61,11 @@ public class AddNodesToKubernetesClusterCmd extends BaseAsyncCmd {
     private Long clusterId;
 
     @Parameter(name = ApiConstants.MOUNT_CKS_ISO_ON_VR, type = CommandType.BOOLEAN,
-            description = "(optional) Vmware only, uses the CKS cluster network VR to mount the CKS ISO",
-            since = "4.21.0")
+            description = "(optional) Vmware only, uses the CKS cluster network VR to mount the CKS ISO")
     private Boolean mountCksIsoOnVr;
 
     @Parameter(name = ApiConstants.MANUAL_UPGRADE, type = CommandType.BOOLEAN,
-            description = "(optional) indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation",
-            since = "4.21.0")
+            description = "(optional) indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation")
     private Boolean manualUpgrade;
 
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 7dd2978a5e37..8810b9262a86 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -115,18 +115,21 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.NODE_TYPE_OFFERING_MAP, type = CommandType.MAP,
-            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter")
+            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter",
+            since = "4.21.0")
     private Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.NODE_TYPE_TEMPLATE_MAP, type = CommandType.MAP,
-            description = "(Optional) Node Type to Template ID mapping. If provided, it overrides the default template: System VM template")
+            description = "(Optional) Node Type to Template ID mapping. If provided, it overrides the default template: System VM template",
+            since = "4.21.0")
     private Map<String, Map<String, String>> templateNodeTypeMap;
 
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.ETCD_NODES, type = CommandType.LONG,
             description = "(Optional) Number of Kubernetes cluster etcd nodes, default is 0." +
-                    "In case the number is greater than 0, etcd nodes are separate from master nodes and are provisioned accordingly")
+                    "In case the number is greater than 0, etcd nodes are separate from master nodes and are provisioned accordingly",
+            since = "4.21.0")
     private Long etcdNodes;
 
     @ACL(accessType = AccessType.UseEntry)
@@ -200,7 +203,8 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.CNI_CONFIG_DETAILS, type = CommandType.MAP,
             description = "used to specify the parameters values for the variables in userdata. " +
                     "Example: cniconfigdetails[0].key=accesskey&cniconfigdetails[0].value=s389ddssaa&" +
-                    "cniconfigdetails[1].key=secretkey&cniconfigdetails[1].value=8dshfsss", since = "4.21.0")
+                    "cniconfigdetails[1].key=secretkey&cniconfigdetails[1].value=8dshfsss",
+            since = "4.21.0")
     private Map cniConfigDetails;
 
     @Parameter(name=ApiConstants.AS_NUMBER, type=CommandType.LONG, description="the AS Number of the network")
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
index fd089ede9ecb..2ca36e83ab47 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/RemoveNodesFromKubernetesClusterCmd.java
@@ -58,13 +58,12 @@ public class RemoveNodesFromKubernetesClusterCmd extends BaseAsyncCmd {
             entityType= UserVmResponse.class,
             description = "comma separated list of node (physical or virtual machines) IDs that need to be" +
                     "removed from the Kubernetes cluster (CKS)",
-            required = true,
-            since = "4.21.0")
+            required = true)
     private List<Long> nodeIds;
 
     @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
             entityType = KubernetesClusterResponse.class,
-            description = "the ID of the Kubernetes cluster", since = "4.21.0")
+            description = "the ID of the Kubernetes cluster")
     private Long clusterId;
 
     /////////////////////////////////////////////////////
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
index 9afd4b8c3240..2fb92f60fb97 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
@@ -74,7 +74,8 @@ public class ScaleKubernetesClusterCmd extends BaseAsyncCmd {
 
     @ACL(accessType = SecurityChecker.AccessType.UseEntry)
     @Parameter(name = ApiConstants.NODE_TYPE_OFFERING_MAP, type = CommandType.MAP,
-            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter")
+            description = "(Optional) Node Type to Service Offering ID mapping. If provided, it overrides the serviceofferingid parameter",
+            since = "4.21.0")
     protected Map<String, Map<String, String>> serviceOfferingNodeTypeMap;
 
     @Parameter(name=ApiConstants.SIZE, type = CommandType.LONG,
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 1f964fbbd429..cb63ebcd8daf 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -5417,7 +5417,7 @@ public ASNumberResponse createASNumberResponse(ASNumber asn) {
             String rangeText = String.format("%s-%s", range.getStartASNumber(), range.getEndASNumber());
             response.setAsNumberRange(rangeText);
         } else {
-            logger.info("is null for as number: "+ asn.getAsNumber());
+            logger.info("Range is null for AS number: "+ asn.getAsNumber());
         }
         response.setAllocated(asn.getAllocatedTime());
         response.setAllocationState(asn.isAllocated() ? "Allocated" : "Free");

From fe3e914a8509857456e20cf637dfdf075e1ca5b6 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 18 Mar 2025 13:16:09 -0300
Subject: [PATCH 71/88] UI: Make CKS public templates visible to non-admins on
 CKS cluster creation

---
 .../views/compute/CreateKubernetesCluster.vue | 29 +++++++++++++------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 8ccaba5ec9c7..2a12d64c0c00 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -661,16 +661,27 @@ export default {
       return ['Admin', 'DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
     },
     fetchCksTemplates () {
-      const params = {
-        templatefilter: this.isAdminOrDomainAdmin() ? 'all' : 'self',
-        forcks: true
+      var filters = []
+      if (this.isAdminOrDomainAdmin()) {
+        filters = ['all']
+      } else {
+        filters = ['self', 'featured', 'community']
       }
-      this.templateLoading = true
-      api('listTemplates', params).then(json => {
-        this.templates = json?.listtemplatesresponse?.template || []
-      }).finally(() => {
-        this.templateLoading = false
-      })
+      var ckstemplates = []
+      for (const filtername of filters) {
+        const params = {
+          templatefilter: filtername,
+          forcks: true
+        }
+        this.templateLoading = true
+        api('listTemplates', params).then(json => {
+          var templates = json?.listtemplatesresponse?.template || []
+          ckstemplates.push(...templates)
+        }).finally(() => {
+          this.templateLoading = false
+        })
+      }
+      this.templates = ckstemplates
     },
     fetchNetworkData () {
       const params = {}

From 98bb4afd8b25e02ee0afb99e207e6e6d1039a6f9 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Mon, 7 Apr 2025 20:38:50 -0300
Subject: [PATCH 72/88] Fix linter

---
 .../src/main/resources/conf/etcd-node.yml                 | 8 ++++----
 .../src/main/resources/conf/k8s-control-node.yml          | 8 ++++----
 .../main/java/com/cloud/server/ManagementServerImpl.java  | 2 +-
 tools/appliance/cks/ubuntu/build.sh                       | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
index c380151f49d2..d455441279dd 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml
@@ -30,17 +30,17 @@ write_files:
     owner: root:root
     content: |
       #!/bin/bash -e
-      
+
       if [[ -f "/home/cloud/success" ]]; then
         echo "Already provisioned!"
         exit 0
       fi
-      
+
       ISO_MOUNT_DIR=/mnt/etcddisk
       BINARIES_DIR=${ISO_MOUNT_DIR}/
       ATTEMPT_ONLINE_INSTALL=false
       setup_complete=false
-      
+
       OFFLINE_INSTALL_ATTEMPT_SLEEP={{ k8s.install.wait.time }}
       MAX_OFFLINE_INSTALL_ATTEMPTS={{ k8s.install.reattempts.count }}
       if [[ -z $OFFLINE_INSTALL_ATTEMPT_SLEEP || $OFFLINE_INSTALL_ATTEMPT_SLEEP -eq 0 ]]; then
@@ -89,7 +89,7 @@ write_files:
         sleep $OFFLINE_INSTALL_ATTEMPT_SLEEP
         offline_attempts=$[$offline_attempts + 1]
       done
-      
+
       if [[ "$PATH" != *:/opt/bin && "$PATH" != *:/opt/bin:* ]]; then
         export PATH=$PATH:/opt/bin
       fi
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 217ed814f6a7..dc066e10d06b 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -250,7 +250,7 @@ write_files:
       etcd:
         external:
           endpoints:
-          {{ etcd.etcd_endpoint_list }}  
+          {{ etcd.etcd_endpoint_list }}
       ---
       apiVersion: kubeadm.k8s.io/v1beta3
       kind: InitConfiguration
@@ -263,7 +263,7 @@ write_files:
         advertiseAddress: {{ k8s_control.server_ip }}
         bindPort: {{ k8s.api_server_port }}
       certificateKey: {{ k8s_control.certificate_key }}
-      
+
 
   - path: /opt/bin/deploy-kube-system
     permissions: '0700'
@@ -340,7 +340,7 @@ write_files:
       sudo touch /home/cloud/success
       echo "true" > /home/cloud/success
 
-{% if registry is defined %}
+  {% if registry is defined %}
   - path: /opt/bin/setup-containerd
     permissions: '0755'
     owner: root:root
@@ -358,7 +358,7 @@ write_files:
       echo "Restarting containerd service"
       systemctl daemon-reload
       systemctl restart containerd
-{% endif %}
+  {% endif %}
 
   - path: /etc/systemd/system/deploy-kube-system.service
     permissions: '0755'
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 62873cbfe913..bcb813712f63 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -4890,7 +4890,7 @@ public Pair<List<? extends UserData>, Integer> listUserDatas(final ListUserDataC
     }
 
     @Override
-    @ActionEvent(eventType = EventTypes.EVENT_REGISTER_CNI_CONFIG, eventDescription = "registering CNI configration", async = true)
+    @ActionEvent(eventType = EventTypes.EVENT_REGISTER_CNI_CONFIG, eventDescription = "registering CNI configuration", async = true)
     public UserData registerCniConfiguration(RegisterCniConfigurationCmd cmd) {
         final Account owner = getOwner(cmd);
         checkForUserDataByName(cmd, owner);
diff --git a/tools/appliance/cks/ubuntu/build.sh b/tools/appliance/cks/ubuntu/build.sh
index 0d9d8ea4e49b..c58668434781 100755
--- a/tools/appliance/cks/ubuntu/build.sh
+++ b/tools/appliance/cks/ubuntu/build.sh
@@ -201,7 +201,7 @@ function prepare() {
 function packer_build() {
   log INFO "building new image with packer"
   #cd ${appliance_build_name} && packer build template.json && cd ..
-  cd 22.04 && packer build ${appliance_build_name}.json && cd .. 
+  cd 22.04 && packer build ${appliance_build_name}.json && cd ..
 }
 
 function stage_vmx() {

From fd730a048d132314b54a7e92f85eccab7cb06d56 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Sun, 11 May 2025 21:03:35 -0300
Subject: [PATCH 73/88] Fix merge error

---
 .../src/main/resources/META-INF/db/schema-42010to42100.sql      | 2 --
 1 file changed, 2 deletions(-)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 6f685f25a2b5..1a303c9576bb 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -38,8 +38,6 @@ WHERE rp.rule = 'quotaStatement'
 
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.host', 'last_mgmt_server_id', 'bigint unsigned DEFAULT NULL COMMENT "last management server this host is connected to" AFTER `mgmt_server_id`');
 
-<<<<<<< HEAD
-
 -----------------------------------------------------------
 -- CKS Enhancements:
 -----------------------------------------------------------

From ca1b1162651cd1a4c7d314a418f9e444873709ef Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Thu, 22 May 2025 11:42:48 -0300
Subject: [PATCH 74/88] Fix positional parameters on the create kubernetes ISO
 script and make the ETCD version optional

---
 scripts/util/create-kubernetes-binaries-iso.sh | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/scripts/util/create-kubernetes-binaries-iso.sh b/scripts/util/create-kubernetes-binaries-iso.sh
index 61c54834bb8e..535d4b364791 100755
--- a/scripts/util/create-kubernetes-binaries-iso.sh
+++ b/scripts/util/create-kubernetes-binaries-iso.sh
@@ -19,8 +19,8 @@
 set -e
 
 if [ $# -lt 6 ]; then
-    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG ETCD_VER BUILD_NAME"
-    echo "eg: ./create-kubernetes-binaries-iso.sh ./ 1.11.4 0.7.1 1.11.1 https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml 3.5.1 setup-v1.11.4"
+    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG BUILD_NAME [ETCD_VERSION]"
+    echo "eg: ./create-kubernetes-binaries-iso.sh ./ 1.11.4 0.7.1 1.11.1 https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml setup-v1.11.4 3.5.1"
     exit 1
 fi
 
@@ -31,7 +31,7 @@ start_dir="$PWD"
 iso_dir="/tmp/iso"
 working_dir="${iso_dir}/"
 mkdir -p "${working_dir}"
-build_name="${8}.iso"
+build_name="${7}.iso"
 [ -z "${build_name}" ] && build_name="setup-${RELEASE}.iso"
 
 CNI_VERSION="v${3}"
@@ -148,11 +148,13 @@ chmod ${kubeadm_file_permissions} "${working_dir}/k8s/kubeadm"
 echo "Updating imagePullPolicy to IfNotPresent in yaml files..."
 sed -i "s/imagePullPolicy:.*/imagePullPolicy: IfNotPresent/g" ${working_dir}/*.yaml
 
-# Install etcd dependencies
-etcd_dir="${working_dir}/etcd"
-mkdir -p "${etcd_dir}"
-ETCD_VER=v${7}
-wget -q --show-progress "https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz" -O ${etcd_dir}/etcd-linux-amd64.tar.gz
+if [ -n "${8}" ]; then
+  # Install etcd dependencies
+  etcd_dir="${working_dir}/etcd"
+  mkdir -p "${etcd_dir}"
+  ETCD_VERSION=v${8}
+  wget -q --show-progress "https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-amd64.tar.gz" -O ${etcd_dir}/etcd-linux-amd64.tar.gz
+fi
 
 mkisofs -o "${output_dir}/${build_name}" -J -R -l "${iso_dir}"
 

From e2065a02c27b8a1fa0ddf4348bb8b232e257db30 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Fri, 23 May 2025 09:41:24 +0530
Subject: [PATCH 75/88] fix etcd port displayed

---
 ui/src/views/compute/KubernetesServiceTab.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index d7bf7455dffc..4c449bac9feb 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -121,7 +121,7 @@
                 {{ cksSshStartingPort + index }}
               </div>
               <div v-else>
-                {{ parseInt(etcdSshPort) + parseInt(getEtcdIndex(record.name)) }}
+                {{ parseInt(etcdSshPort) + parseInt(getEtcdIndex(record.name)) - 1 }}
               </div>
             </template>
             <template v-if="column.key === 'kubernetesnodeversion'">

From 138ed600763f75d779d762645a96801384961574 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 28 May 2025 06:03:20 +0530
Subject: [PATCH 76/88] Further improvements to CKS  (#118)

* Multiple nics support on Ubuntu template

* Multiple nics support on Ubuntu template

* supports allocating IP to the nic when VM is added to another network - no delay

* Add option to select DNS or VR IP as resolver on VPC creation

* Add API param and UI to select option

* Add column on vpc and pass the value on the databags for CsDhcp.py to fix accordingly

* Externalize the CKS Configuration, so that end users can tweak the configuration before deploying the cluster

* Add new directory to c8 packaging for CKS config

* Remove k8s configuration from resources and make it configurable

* Revert "Remove k8s configuration from resources and make it configurable"

This reverts commit d5997033ebe4ba559e6478a64578b894f8e7d3db.

* copy conf to mgmt server and consume them from there

* Remove node from cluster

* Add missing /opt/bin directory requrired by external nodes

* Login to a specific Project view

* add indents

* Fix CKS HA clusters

* Fix build

---------

Co-authored-by: Nicolas Vazquez <nicovazquez90@gmail.com>
---
 .../main/java/com/cloud/network/vpc/Vpc.java  |  2 +
 .../com/cloud/network/vpc/VpcService.java     |  8 ++--
 .../apache/cloudstack/api/ApiConstants.java   |  1 +
 .../api/command/user/vpc/CreateVPCCmd.java    |  9 ++++
 debian/rules                                  |  8 ++++
 .../java/com/cloud/network/vpc/VpcVO.java     | 12 +++++
 .../META-INF/db/schema-42010to42100.sql       |  3 ++
 packaging/el8/cloud.spec                      |  9 +++-
 .../KubernetesClusterActionWorker.java        | 31 +++++++-----
 .../KubernetesClusterRemoveWorker.java        |  3 +-
 .../KubernetesClusterStartWorker.java         | 38 +++++++++------
 .../resources/conf/k8s-control-node-add.yml   |  7 +++
 .../main/resources/conf/k8s-control-node.yml  |  7 +++
 .../network/NetworkMigrationManagerImpl.java  |  2 +-
 .../VirtualNetworkApplianceManagerImpl.java   | 16 +++++++
 .../com/cloud/network/vpc/VpcManagerImpl.java |  5 +-
 .../cloud/network/vpc/VpcManagerImplTest.java | 10 ++--
 systemvm/debian/opt/cloud/bin/cs/CsConfig.py  | 10 ++--
 systemvm/debian/opt/cloud/bin/cs/CsDatabag.py |  5 ++
 .../debian/opt/cloud/bin/cs/CsGuestNetwork.py |  3 ++
 .../cks/ubuntu/22.04/cks-ubuntu-2204.json     |  2 +
 .../22.04/scripts/add-interface-rule.sh       | 25 ++++++++++
 .../22.04/scripts/configure-cloud-init.sh     |  2 +
 .../ubuntu/22.04/scripts/setup-interfaces.sh  | 47 +++++++++++++++++++
 ui/public/locales/en.json                     |  1 +
 ui/src/views/auth/Login.vue                   | 44 +++++++++++++++--
 ui/src/views/network/CreateVpc.vue            | 16 ++++++-
 27 files changed, 278 insertions(+), 48 deletions(-)
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
 create mode 100644 tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh

diff --git a/api/src/main/java/com/cloud/network/vpc/Vpc.java b/api/src/main/java/com/cloud/network/vpc/Vpc.java
index e9a831c9d839..b94089d2d433 100644
--- a/api/src/main/java/com/cloud/network/vpc/Vpc.java
+++ b/api/src/main/java/com/cloud/network/vpc/Vpc.java
@@ -105,4 +105,6 @@ public enum State {
     String getIp6Dns1();
 
     String getIp6Dns2();
+
+    boolean useRouterIpAsResolver();
 }
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index af2a9847a62d..9b7a83c29c1a 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -48,17 +48,17 @@ public interface VpcService {
      * @param vpcName
      * @param displayText
      * @param cidr
-     * @param networkDomain TODO
+     * @param networkDomain   TODO
      * @param ip4Dns1
      * @param ip4Dns2
-     * @param displayVpc TODO
+     * @param displayVpc      TODO
+     * @param useVrIpResolver
      * @return
      * @throws ResourceAllocationException TODO
      */
     Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, String displayText, String cidr, String networkDomain,
                   String ip4Dns1, String ip4Dns2, String ip6Dns1, String ip6Dns2, Boolean displayVpc, Integer publicMtu, Integer cidrSize,
-                  Long asNumber, List<Long> bgpPeerIds)
-            throws ResourceAllocationException;
+                  Long asNumber, List<Long> bgpPeerIds, Boolean useVrIpResolver) throws ResourceAllocationException;
 
     /**
      * Persists VPC record in the database
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index d7038f33c4b4..302a08d692c2 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -549,6 +549,7 @@ public class ApiConstants {
     public static final String USER_SECURITY_GROUP_LIST = "usersecuritygrouplist";
     public static final String USER_SECRET_KEY = "usersecretkey";
     public static final String USE_VIRTUAL_NETWORK = "usevirtualnetwork";
+    public static final String USE_VIRTUAL_ROUTER_IP_RESOLVER = "userouteripresolver";
     public static final String UPDATE_IN_SEQUENCE = "updateinsequence";
     public static final String VALUE = "value";
     public static final String VIRTUAL_MACHINE_ID = "virtualmachineid";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 2f62d0d7210d..08b7b9911b1b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -16,6 +16,7 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.vpc;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 
 import org.apache.cloudstack.acl.RoleType;
@@ -125,6 +126,10 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name=ApiConstants.AS_NUMBER, type=CommandType.LONG, since = "4.20.0", description="the AS Number of the VPC tiers")
     private Long asNumber;
 
+    @Parameter(name=ApiConstants.USE_VIRTUAL_ROUTER_IP_RESOLVER, type=CommandType.BOOLEAN,
+            description="(optional) for NSX based VPCs: when set to true, use the VR IP as nameserver, otherwise use DNS1 and DNS2")
+    private Boolean useVrIpResolver;
+
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
     // ///////////////////////////////////////////////////
@@ -205,6 +210,10 @@ public Long getAsNumber() {
         return asNumber;
     }
 
+    public boolean getUseVrIpResolver() {
+        return BooleanUtils.toBoolean(useVrIpResolver);
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/debian/rules b/debian/rules
index e7ff6759d446..d178afa67307 100755
--- a/debian/rules
+++ b/debian/rules
@@ -70,6 +70,7 @@ override_dh_auto_install:
 	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/lib
 	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/setup
 	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm
+	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf
 	mkdir $(DESTDIR)/var/log/$(PACKAGE)/management
 	mkdir $(DESTDIR)/var/cache/$(PACKAGE)/management
 	mkdir $(DESTDIR)/var/log/$(PACKAGE)/ipallocator
@@ -83,6 +84,7 @@ override_dh_auto_install:
 	cp client/target/cloud-client-ui-$(VERSION).jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/cloudstack-$(VERSION).jar
 	cp client/target/lib/*jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/
 	cp -r engine/schema/dist/systemvm-templates/* $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/
+	cp -r plugins/integrations/kubernetes-service/src/main/resources/conf/* $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/
 	rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/md5sum.txt
 
 	# Bundle cmk in cloudstack-management
@@ -95,6 +97,12 @@ override_dh_auto_install:
 	chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
 
 	install -D client/target/utilities/bin/cloud-update-xenserver-licenses $(DESTDIR)/usr/bin/cloudstack-update-xenserver-licenses
+
+	install -D plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/etcd-node.yml
+	install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/k8s-control-node.yml
+	install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/k8s-control-node-add.yml
+	install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/k8s-node.yml
+
 	# Remove configuration in /ur/share/cloudstack-management/webapps/client/WEB-INF
 	# This should all be in /etc/cloudstack/management
 	ln -s ../../..$(SYSCONFDIR)/$(PACKAGE)/management $(DESTDIR)/usr/share/$(PACKAGE)-management/conf
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java
index e8ccc2ebcf1c..e942eadb8ffb 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcVO.java
@@ -105,6 +105,9 @@ public class VpcVO implements Vpc {
     @Column(name = "ip6Dns2")
     String ip6Dns2;
 
+    @Column(name = "use_router_ip_resolver")
+    boolean useRouterIpResolver = false;
+
     @Transient
     boolean rollingRestart = false;
 
@@ -309,4 +312,13 @@ public String getIp6Dns1() {
     public String getIp6Dns2() {
         return ip6Dns2;
     }
+
+    @Override
+    public boolean useRouterIpAsResolver() {
+        return useRouterIpResolver;
+    }
+
+    public void setUseRouterIpResolver(boolean useRouterIpResolver) {
+        this.useRouterIpResolver = useRouterIpResolver;
+    }
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index ec20cb3fdd24..fe746c9884a2 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -68,6 +68,9 @@ ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_templa
 
 -- Add for_cks column to the user_data table to represent CNI Configuration stored as userdata
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.user_data','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the userdata represent CNI configuration meant for CKS use only"');
+
+-- Add use VR IP as resolver option on VPC
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vpc','use_router_ip_resolver', 'tinyint(1) DEFAULT 0 COMMENT "use router ip as resolver instead of dns options"');
 -----------------------------------------------------------
 -- END - CKS Enhancements
 -----------------------------------------------------------
diff --git a/packaging/el8/cloud.spec b/packaging/el8/cloud.spec
index 22fede6fb850..2c6898cac7c6 100644
--- a/packaging/el8/cloud.spec
+++ b/packaging/el8/cloud.spec
@@ -248,6 +248,7 @@ cp -r plugins/network-elements/cisco-vnmc/src/main/scripts/network/cisco/* ${RPM
 mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/
 mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/lib
 mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/setup
+mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf
 mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/log/%{name}/management
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/systemd/system/%{name}-management.service.d
@@ -273,7 +274,7 @@ wget https://github.com/apache/cloudstack-cloudmonkey/releases/download/$CMK_REL
 chmod +x ${RPM_BUILD_ROOT}%{_bindir}/cmk
 
 cp -r client/target/utilities/scripts/db/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/setup
-
+cp -r plugins/integrations/kubernetes-service/src/main/resources/conf/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf
 cp -r client/target/cloud-client-ui-%{_maventag}.jar ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/
 cp -r client/target/classes/META-INF/webapp ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapp
 cp ui/dist/config.json ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/
@@ -308,6 +309,11 @@ touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid
 #install -D server/target/conf/cloudstack-catalina.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}-catalina
 install -D server/target/conf/cloudstack-management.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}-management
 
+install -D plugins/integrations/kubernetes-service/src/main/resources/conf/etcd-node.yml ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf/etcd-node.yml
+install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf/k8s-control-node.yml
+install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf/k8s-control-node-add.yml
+install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/cks/conf/k8s-node.yml
+
 # SystemVM template
 mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
 cp -r engine/schema/dist/systemvm-templates/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
@@ -608,6 +614,7 @@ pip3 install --upgrade /usr/share/cloudstack-marvin/Marvin-*.tar.gz
 %attr(0755,root,root) %{_bindir}/%{name}-sysvmadm
 %attr(0755,root,root) %{_bindir}/%{name}-setup-encryption
 %attr(0755,root,root) %{_bindir}/cmk
+%{_datadir}/%{name}-management/cks/conf/*.yml
 %{_datadir}/%{name}-management/setup/*.sql
 %{_datadir}/%{name}-management/setup/*.sh
 %{_datadir}/%{name}-management/setup/server-setup.xml
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index bc5af08a9c12..864c68c96e73 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -21,6 +21,9 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -143,6 +146,7 @@ public class KubernetesClusterActionWorker {
 
     public static final String CKS_CLUSTER_SECURITY_GROUP_NAME = "CKSSecurityGroup";
     public static final String CKS_SECURITY_GROUP_DESCRIPTION = "Security group for CKS nodes";
+    public static final String CKS_CONFIG_PATH = "/usr/share/cloudstack-management/cks";
 
     protected Logger logger = LogManager.getLogger(getClass());
 
@@ -264,6 +268,11 @@ protected String readResourceFile(String resource) throws IOException {
         return IOUtils.toString(Objects.requireNonNull(Thread.currentThread().getContextClassLoader().getResourceAsStream(resource)), com.cloud.utils.StringUtils.getPreferredCharset());
     }
 
+    protected String readK8sConfigFile(String resource) throws IOException {
+        Path path = Paths.get(String.format("%s%s", CKS_CONFIG_PATH, resource));
+        return Files.readString(path);
+    }
+
     protected String getControlNodeLoginUser() {
         List<KubernetesClusterVmMapVO> vmMapVOList = getKubernetesClusterVMMaps();
         if (!vmMapVOList.isEmpty()) {
@@ -316,7 +325,7 @@ protected void logMessage(final Level logLevel, final String message, final Exce
     }
 
     protected void logTransitStateDetachIsoAndThrow(final Level logLevel, final String message, final KubernetesCluster kubernetesCluster,
-        final List<UserVm> clusterVMs, final KubernetesCluster.Event event, final Exception e) throws CloudRuntimeException {
+                                                    final List<UserVm> clusterVMs, final KubernetesCluster.Event event, final Exception e) throws CloudRuntimeException {
         logMessage(logLevel, message, e);
         stateTransitTo(kubernetesCluster.getId(), event);
         detachIsoKubernetesVMs(clusterVMs);
@@ -670,14 +679,14 @@ protected boolean createCloudStackSecret(String[] keys) {
 
         try {
             String command = String.format("sudo %s/%s -u '%s' -k '%s' -s '%s'",
-                scriptPath, deploySecretsScriptFilename, ApiServiceConfiguration.ApiServletPath.value(), keys[0], keys[1]);
+                    scriptPath, deploySecretsScriptFilename, ApiServiceConfiguration.ApiServletPath.value(), keys[0], keys[1]);
             Account account = accountDao.findById(kubernetesCluster.getAccountId());
             if (account != null && account.getType() == Account.Type.PROJECT) {
                 String projectId = projectService.findByProjectAccountId(account.getId()).getUuid();
                 command = String.format("%s -p '%s'", command, projectId);
             }
             Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(),
-                pkFile, null, command, 10000, 10000, 60000);
+                    pkFile, null, command, 10000, 10000, 60000);
             return result.first();
         } catch (Exception e) {
             String msg = String.format("Failed to add cloudstack-secret to Kubernetes cluster: %s", kubernetesCluster.getName());
@@ -696,7 +705,7 @@ protected File retrieveScriptFile(String filename) {
             writer.close();
         } catch (IOException e) {
             logAndThrow(Level.ERROR, String.format("Kubernetes Cluster %s : Failed to fetch script %s",
-                kubernetesCluster.getName(), filename), e);
+                    kubernetesCluster.getName(), filename), e);
         }
         return file;
     }
@@ -719,11 +728,11 @@ protected void copyScriptFile(String nodeAddress, final int sshPort, File file,
                 sshKeyFile = getManagementServerSshPublicKeyFile();
             }
             SshHelper.scpTo(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
-                "~/", file.getAbsolutePath(), "0755", 20000, 30 * 60 * 1000);
+                    "~/", file.getAbsolutePath(), "0755", 20000, 30 * 60 * 1000);
             // Ensure destination dir scriptPath exists and copy file to destination
             String cmdStr = String.format("sudo mkdir -p %s ; sudo mv ~/%s %s/%s", scriptPath, file.getName(), scriptPath, destination);
             SshHelper.sshExecute(nodeAddress, sshPort, getControlNodeLoginUser(), sshKeyFile, null,
-                cmdStr, 10000, 10000, 10 * 60 * 1000);
+                    cmdStr, 10000, 10000, 10 * 60 * 1000);
         } catch (Exception e) {
             throw new CloudRuntimeException(e);
         }
@@ -771,7 +780,7 @@ protected boolean deployProvider() {
         // Since the provider creates IP addresses, don't deploy it unless the underlying network supports it
         if (manager.isDirectAccess(network)) {
             logMessage(Level.INFO, String.format("Skipping adding the provider as %s is not on an isolated network",
-                kubernetesCluster.getName()), null);
+                    kubernetesCluster.getName()), null);
             return true;
         }
         File pkFile = getManagementServerSshPublicKeyFile();
@@ -782,7 +791,7 @@ protected boolean deployProvider() {
         try {
             String command = String.format("sudo %s/%s", scriptPath, deployProviderScriptFilename);
             Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(),
-                pkFile, null, command, 10000, 10000, 60000);
+                    pkFile, null, command, 10000, 10000, 60000);
 
             // Maybe the file isn't present. Try and copy it
             if (!result.first()) {
@@ -792,12 +801,12 @@ protected boolean deployProvider() {
 
                 if (!createCloudStackSecret(keys)) {
                     logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup keys for Kubernetes cluster %s",
-                        kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
+                            kubernetesCluster.getName()), kubernetesCluster.getId(), KubernetesCluster.Event.OperationFailed);
                 }
 
                 // If at first you don't succeed ...
                 result = SshHelper.sshExecute(publicIpAddress, sshPort, getControlNodeLoginUser(),
-                    pkFile, null, command, 10000, 10000, 60000);
+                        pkFile, null, command, 10000, 10000, 60000);
                 if (!result.first()) {
                     throw new CloudRuntimeException(result.second());
                 }
@@ -871,7 +880,7 @@ protected void provisionPublicIpPortForwardingRule(IpAddress publicIp, Network n
     }
 
     public String getKubernetesNodeConfig(final String joinIp, final boolean ejectIso, final boolean mountCksIsoOnVR) throws IOException {
-        String k8sNodeConfig = readResourceFile("/conf/k8s-node.yml");
+        String k8sNodeConfig = readK8sConfigFile("/conf/k8s-node.yml");
         final String sshPubKey = "{{ k8s.ssh.pub.key }}";
         final String joinIpKey = "{{ k8s_control_node.join_ip }}";
         final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
index c76609686a6c..07d062e23a19 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterRemoveWorker.java
@@ -41,6 +41,7 @@
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Objects;
 import java.util.Optional;
 
@@ -95,7 +96,7 @@ private boolean removeNodesFromCluster(List<Long> nodeIds, Network network, IpAd
                 continue;
             }
             try {
-                removeNodeVmFromCluster(nodeId, vm.getDisplayName(), publicIp.getAddress().addr());
+                removeNodeVmFromCluster(nodeId, vm.getDisplayName().toLowerCase(Locale.ROOT), publicIp.getAddress().addr());
                 result &= removeNodePortForwardingRules(nodeId, network, vm);
                 if (System.currentTimeMillis() > removeNodeTimeoutTime) {
                     logger.error(String.format("Removal of node %s from Kubernetes cluster %s timed out", vm.getName(), kubernetesCluster.getName()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 5b0214f20954..69d493e85fef 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -142,9 +142,9 @@ private boolean isKubernetesVersionSupportsHA() {
     }
 
     private Pair<String, String> getKubernetesControlNodeConfig(final String controlNodeIp, final String serverIp,
-                                                  final List<Network.IpAddresses> etcdIps, final String hostName, final boolean haSupported,
-                                                  final boolean ejectIso, final boolean externalCni) throws IOException {
-        String k8sControlNodeConfig = readResourceFile("/conf/k8s-control-node.yml");
+                                                                final List<Network.IpAddresses> etcdIps, final String hostName, final boolean haSupported,
+                                                                final boolean ejectIso, final boolean externalCni) throws IOException {
+        String k8sControlNodeConfig = readK8sConfigFile("/conf/k8s-control-node.yml");
         final String apiServerCert = "{{ k8s_control_node.apiserver.crt }}";
         final String apiServerKey = "{{ k8s_control_node.apiserver.key }}";
         final String caCert = "{{ k8s_control_node.ca.crt }}";
@@ -161,6 +161,8 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         final String certSans = "{{ k8s_control.server_ips }}";
         final String k8sCertificate = "{{ k8s_control.certificate_key }}";
         final String externalCniPlugin = "{{ k8s.external.cni.plugin }}";
+        final String isHaCluster = "{{ k8s.ha.cluster }}";
+        final String publicIP = "{{ k8s.public.ip }}";
 
         final List<String> addresses = new ArrayList<>();
         addresses.add(controlNodeIp);
@@ -170,7 +172,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
 
         boolean externalEtcd = !etcdIps.isEmpty();
         final Certificate certificate = caManager.issueCertificate(null, Arrays.asList(hostName, "kubernetes",
-                "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local"),
+                        "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local"),
                 addresses, 3650, null);
         final String tlsClientCert = CertUtils.x509CertificateToPem(certificate.getClientCertificate());
         final String tlsPrivateKey = CertUtils.privateKeyToPem(certificate.getPrivateKey());
@@ -202,7 +204,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
                     CLUSTER_API_PORT,
                     KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         }
-        initArgs += String.format("--apiserver-cert-extra-sans=%s", controlNodeIp);
+        initArgs += String.format("--apiserver-cert-extra-sans=%s", String.join(",", addresses));
         initArgs += String.format(" --kubernetes-version=%s", getKubernetesClusterVersion().getSemanticVersion());
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterInitArgsKey, initArgs);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
@@ -212,6 +214,8 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         k8sControlNodeConfig = k8sControlNodeConfig.replace(certSans, String.format("- %s", serverIp));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sCertificate, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(externalCniPlugin, String.valueOf(externalCni));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(isHaCluster, String.valueOf(kubernetesCluster.getControlNodeCount() > 1));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(publicIP, publicIpAddress);
 
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
@@ -301,7 +305,7 @@ private String substituteASNumber(String cniConfig, Long asNumber) {
     }
 
     private String getKubernetesAdditionalControlNodeConfig(final String joinIp, final boolean ejectIso) throws IOException {
-        String k8sControlNodeConfig = readResourceFile("/conf/k8s-control-node-add.yml");
+        String k8sControlNodeConfig = readK8sConfigFile("/conf/k8s-control-node-add.yml");
         final String joinIpKey = "{{ k8s_control_node.join_ip }}";
         final String clusterTokenKey = "{{ k8s_control_node.cluster.token }}";
         final String sshPubKey = "{{ k8s.ssh.pub.key }}";
@@ -309,6 +313,8 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
         final String installWaitTime = "{{ k8s.install.wait.time }}";
         final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
+        final String isHaCluster = "{{ k8s.ha.cluster }}";
+        final String publicIP = "{{ k8s.public.ip }}";
 
         final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
         final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
@@ -328,6 +334,8 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterHACertificateKey, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(isHaCluster, String.valueOf(kubernetesCluster.getControlNodeCount() > 1));
+        k8sControlNodeConfig = k8sControlNodeConfig.replace(publicIP, publicIpAddress);
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
         return k8sControlNodeConfig;
@@ -336,13 +344,13 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
     private String getInitialEtcdClusterDetails(List<String> ipAddresses, List<String> hostnames) {
         String initialCluster = "%s=http://%s:%s";
         StringBuilder clusterInfo = new StringBuilder();
-            for (int i = 0; i < ipAddresses.size(); i++) {
-                clusterInfo.append(String.format(initialCluster, hostnames.get(i), ipAddresses.get(i), KubernetesClusterActionWorker.ETCD_NODE_PEER_COMM_PORT));
-                if (i < ipAddresses.size()-1) {
-                    clusterInfo.append(",");
-                }
+        for (int i = 0; i < ipAddresses.size(); i++) {
+            clusterInfo.append(String.format(initialCluster, hostnames.get(i), ipAddresses.get(i), KubernetesClusterActionWorker.ETCD_NODE_PEER_COMM_PORT));
+            if (i < ipAddresses.size()-1) {
+                clusterInfo.append(",");
             }
-            return clusterInfo.toString();
+        }
+        return clusterInfo.toString();
     }
 
     /**
@@ -373,7 +381,7 @@ private List<String> getEtcdNodeHostnames() {
 
     private String getEtcdNodeConfig(final List<String> ipAddresses, final List<String> hostnames, final int etcdNodeIndex,
                                      final boolean ejectIso) throws IOException {
-        String k8sEtcdNodeConfig = readResourceFile("/conf/etcd-node.yml");
+        String k8sEtcdNodeConfig = readK8sConfigFile("/conf/etcd-node.yml");
         final String sshPubKey = "{{ k8s.ssh.pub.key }}";
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
         final String installWaitTime = "{{ k8s.install.wait.time }}";
@@ -426,7 +434,7 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
         String hostName = String.format("%s-control-%s", kubernetesClusterNodeNamePrefix, suffix);
         String k8sControlNodeConfig = null;
         try {
-            k8sControlNodeConfig = getKubernetesAdditionalControlNodeConfig(joinIp, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            k8sControlNodeConfig = getKubernetesAdditionalControlNodeConfig(publicIpAddress, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
         } catch (IOException e) {
             logAndThrow(Level.ERROR, "Failed to read Kubernetes control configuration file", e);
         }
@@ -576,7 +584,7 @@ private Pair<List<UserVm>, List<Network.IpAddresses>> provisionEtcdCluster(final
     }
 
     private List<Network.IpAddresses> getEtcdNodeGuestIps(final Network network, final long etcdNodeCount) {
-       List<Network.IpAddresses> guestIps = new ArrayList<>();
+        List<Network.IpAddresses> guestIps = new ArrayList<>();
         for (int i = 1; i <= etcdNodeCount; i++) {
             guestIps.add(new Network.IpAddresses(ipAddressManager.acquireGuestIpAddress(network, null), null));
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
index 38f217f403c4..e1d021dd0784 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
@@ -225,6 +225,9 @@ write_files:
         exit 0
       fi
 
+      HA_CLUSTER={{ k8s.ha.cluster }}
+      CLUSTER_PUBLIC_IP={{ k8s.public.ip }}
+
       if [[ $(systemctl is-active setup-kube-system) != "inactive" ]]; then
         echo "setup-kube-system is running!"
         exit 1
@@ -242,6 +245,10 @@ write_files:
       cp -i /etc/kubernetes/admin.conf /root/.kube/config
       chown $(id -u):$(id -g) /root/.kube/config
 
+      if [[ "$HA_CLUSTER" == "true" ]]; then
+        sed -i -E "s|(server:\\s*).*|\\1https://${CLUSTER_PUBLIC_IP}:6443|" /root/.kube/config
+      fi
+
       sudo touch /home/cloud/success
       echo "true" > /home/cloud/success
 
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index dc066e10d06b..d76dbe3f1f9d 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -275,6 +275,9 @@ write_files:
       echo "Already provisioned!"
       exit 0
       fi
+      
+      HA_CLUSTER={{ k8s.ha.cluster }}
+      CLUSTER_PUBLIC_IP={{ k8s.public.ip }}
 
       if [[ "$PATH" != *:/opt/bin && "$PATH" != *:/opt/bin:* ]]; then
         export PATH=$PATH:/opt/bin
@@ -319,6 +322,10 @@ write_files:
       cp -i /etc/kubernetes/admin.conf /root/.kube/config
       chown $(id -u):$(id -g) /root/.kube/config
       echo export PATH=\$PATH:/opt/bin >> /root/.bashrc
+      
+      if [[ "$HA_CLUSTER" == "true" ]]; then
+        sed -i -E "s|(server:\\s*).*|\\1https://${CLUSTER_PUBLIC_IP}:6443|" /root/.kube/config
+      fi
 
       if [ -d "$K8S_CONFIG_SCRIPTS_COPY_DIR" ]; then
         ### Network, dashboard configs available offline ###
diff --git a/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java b/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
index 91e4fddb69ce..450f08c46e35 100644
--- a/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
@@ -301,7 +301,7 @@ public Long makeCopyOfVpc(long vpcId, long vpcOfferingId) {
 
             copyOfVpc = _vpcService.createVpc(vpc.getZoneId(), vpcOfferingId, vpc.getAccountId(), vpc.getName(),
                     vpc.getDisplayText(), vpc.getCidr(), vpc.getNetworkDomain(), vpc.getIp4Dns1(), vpc.getIp4Dns2(),
-                    vpc.getIp6Dns1(), vpc.getIp6Dns2(), vpc.isDisplay(), vpc.getPublicMtu(), null, null, null);
+                    vpc.getIp6Dns1(), vpc.getIp6Dns2(), vpc.isDisplay(), vpc.getPublicMtu(), null, null, null, vpc.useRouterIpAsResolver());
 
             copyOfVpcId = copyOfVpc.getId();
             //on resume of migration the uuid will be swapped already. So the copy will have the value of the original vpcid.
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index e171b68399bf..27f04234c331 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2072,6 +2072,7 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
          * service, we need to override the DHCP response to return DNS server
          * rather than virtual router itself.
          */
+        boolean useRouterIpResolver = getUseRouterIpAsResolver(router);
         if (dnsProvided || dhcpProvided) {
             if (defaultDns1 != null) {
                 buf.append(" dns1=").append(defaultDns1);
@@ -2093,6 +2094,9 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
             if (useExtDns) {
                 buf.append(" useextdns=true");
             }
+            if (useRouterIpResolver) {
+                buf.append(" userouteripresolver=true");
+            }
         }
 
         if (Boolean.TRUE.equals(ExposeDnsAndBootpServer.valueIn(dc.getId()))) {
@@ -2132,6 +2136,18 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         return true;
     }
 
+    private boolean getUseRouterIpAsResolver(DomainRouterVO router) {
+        if (router == null || router.getVpcId() == null) {
+            return false;
+        }
+        Vpc vpc = _vpcDao.findById(router.getVpcId());
+        if (vpc == null) {
+            logger.warn(String.format("Cannot find VPC with ID %s from router %s", router.getVpcId(), router.getName()));
+            return false;
+        }
+        return vpc.useRouterIpAsResolver();
+    }
+
     /**
      * @param routerLogrotateFrequency The string to be checked if matches with any acceptable values.
      * Checks if the value in the global configuration is an acceptable value to be informed to the Virtual Router.
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index dc6b6cd3d406..7a2e789996f5 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1145,7 +1145,7 @@ public List<Long> getVpcOfferingZones(Long vpcOfferingId) {
     @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
     public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain,
                          final String ip4Dns1, final String ip4Dns2, final String ip6Dns1, final String ip6Dns2, final Boolean displayVpc, Integer publicMtu,
-                         final Integer cidrSize, final Long asNumber, final List<Long> bgpPeerIds) throws ResourceAllocationException {
+                         final Integer cidrSize, final Long asNumber, final List<Long> bgpPeerIds, Boolean useVrIpResolver) throws ResourceAllocationException {
         final Account caller = CallContext.current().getCallingAccount();
         final Account owner = _accountMgr.getAccount(vpcOwnerId);
 
@@ -1247,6 +1247,7 @@ public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwner
                 vpcOff.isRedundantRouter(), ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2);
         vpc.setPublicMtu(publicMtu);
         vpc.setDisplay(Boolean.TRUE.equals(displayVpc));
+        vpc.setUseRouterIpResolver(Boolean.TRUE.equals(useVrIpResolver));
 
         if (vpc.getCidr() == null && cidrSize != null) {
             // Allocate a CIDR for VPC
@@ -1305,7 +1306,7 @@ public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException {
         List<Long> bgpPeerIds = (cmd instanceof CreateVPCCmdByAdmin) ? ((CreateVPCCmdByAdmin)cmd).getBgpPeerIds() : null;
         Vpc vpc = createVpc(cmd.getZoneId(), cmd.getVpcOffering(), cmd.getEntityOwnerId(), cmd.getVpcName(), cmd.getDisplayText(),
             cmd.getCidr(), cmd.getNetworkDomain(), cmd.getIp4Dns1(), cmd.getIp4Dns2(), cmd.getIp6Dns1(),
-            cmd.getIp6Dns2(), cmd.isDisplay(), cmd.getPublicMtu(), cmd.getCidrSize(), cmd.getAsNumber(), bgpPeerIds);
+            cmd.getIp6Dns2(), cmd.isDisplay(), cmd.getPublicMtu(), cmd.getCidrSize(), cmd.getAsNumber(), bgpPeerIds, cmd.getUseVrIpResolver());
 
         String sourceNatIP = cmd.getSourceNatIP();
         boolean forNsx = isVpcForNsx(vpc);
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index ee56a092dd18..8d5136198058 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -492,7 +492,7 @@ public void testCreateVpcDnsOfferingServiceFailure() {
         try {
             doNothing().when(resourceLimitService).checkResourceLimit(account, Resource.ResourceType.vpc);
             manager.createVpc(zoneId, vpcOfferingId, vpcOwnerId, vpcName, vpcName, ip4Cidr, vpcDomain,
-                    ip4Dns[0], null, null, null, true, 1500, null, null, null);
+                    ip4Dns[0], null, null, null, true, 1500, null, null, null, false);
         } catch (ResourceAllocationException e) {
             Assert.fail(String.format("failure with exception: %s", e.getMessage()));
         }
@@ -504,7 +504,7 @@ public void testCreateVpcDnsIpv6OfferingFailure() {
         try {
             doNothing().when(resourceLimitService).checkResourceLimit(account, Resource.ResourceType.vpc);
             manager.createVpc(zoneId, vpcOfferingId, vpcOwnerId, vpcName, vpcName, ip4Cidr, vpcDomain,
-                    ip4Dns[0], ip4Dns[1], ip6Dns[0], null, true, 1500, null, null, null);
+                    ip4Dns[0], ip4Dns[1], ip6Dns[0], null, true, 1500, null, null, null, false);
         } catch (ResourceAllocationException e) {
             Assert.fail(String.format("failure with exception: %s", e.getMessage()));
         }
@@ -519,7 +519,7 @@ public void testCreateVpc() {
         try {
             doNothing().when(resourceLimitService).checkResourceLimit(account, Resource.ResourceType.vpc);
             manager.createVpc(zoneId, vpcOfferingId, vpcOwnerId, vpcName, vpcName, ip4Cidr, vpcDomain,
-                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, null, null, null);
+                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, null, null, null, false);
         } catch (ResourceAllocationException e) {
             Assert.fail(String.format("failure with exception: %s", e.getMessage()));
         }
@@ -536,7 +536,7 @@ public void testCreateRoutedVpc() {
         try {
             doNothing().when(resourceLimitService).checkResourceLimit(account, Resource.ResourceType.vpc);
             manager.createVpc(zoneId, vpcOfferingId, vpcOwnerId, vpcName, vpcName, ip4Cidr, vpcDomain,
-                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, null, null, null);
+                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, null, null, null, false);
         } catch (ResourceAllocationException e) {
             Assert.fail(String.format("failure with exception: %s", e.getMessage()));
         }
@@ -559,7 +559,7 @@ public void testCreateRoutedVpcWithDynamicRouting() {
         try {
             doNothing().when(resourceLimitService).checkResourceLimit(account, Resource.ResourceType.vpc);
             manager.createVpc(zoneId, vpcOfferingId, vpcOwnerId, vpcName, vpcName, null, vpcDomain,
-                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, 24, null, bgpPeerIds);
+                    ip4Dns[0], ip4Dns[1], null, null, true, 1500, 24, null, bgpPeerIds, false);
         } catch (ResourceAllocationException e) {
             Assert.fail(String.format("failure with exception: %s", e.getMessage()));
         }
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
index a17f6ac4aa59..1ad7e34db57d 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
@@ -114,6 +114,9 @@ def use_extdns(self):
     def expose_dns(self):
         return self.cmdline().idata().get('exposedns', 'false') == 'true'
 
+    def use_router_ip_as_resolver(self):
+        return self.cl.get_use_router_ip_as_resolver()
+
     def get_dns(self):
         conf = self.cmdline().idata()
         dns = []
@@ -123,9 +126,10 @@ def get_dns(self):
             else:
                 dns.append(self.address().get_guest_ip())
 
-        for name in ('dns1', 'dns2'):
-            if name in conf:
-                dns.append(conf[name])
+        if not 'userouteripresolver' in conf:
+            for name in ('dns1', 'dns2'):
+                if name in conf:
+                    dns.append(conf[name])
         return dns
 
     def get_format(self):
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py b/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py
index abbf23b4cdfc..4c6b61240b86 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py
@@ -176,6 +176,11 @@ def get_use_ext_dns(self):
             return self.idata()['useextdns']
         return False
 
+    def get_use_router_ip_as_resolver(self):
+        if "userouteripresolver" in self.idata():
+            return self.idata()['userouteripresolver']
+        return False
+
     def get_advert_int(self):
         if 'advert_int' in self.idata():
             return self.idata()['advert_int']
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
index fe8737208c4b..65200fb8796c 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py
@@ -38,6 +38,9 @@ def get_dns(self):
         if not self.guest:
             return self.config.get_dns()
 
+        if self.config.use_router_ip_as_resolver():
+            return [self.data['router_guest_ip']]
+
         dns = []
         if 'router_guest_gateway' in self.data and not self.config.use_extdns() and ('is_vr_guest_gateway' not in self.data or not self.data['is_vr_guest_gateway']):
             dns.append(self.data['router_guest_gateway'])
diff --git a/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
index c7ee09f03547..edaa11f96ce6 100644
--- a/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
+++ b/tools/appliance/cks/ubuntu/22.04/cks-ubuntu-2204.json
@@ -46,6 +46,8 @@
         "scripts/apt_upgrade.sh",
         "scripts/configure_networking.sh",
         "scripts/configure-cloud-init.sh",
+        "scripts/setup-interfaces.sh",
+        "scripts/add-interface-rule.sh",
         "scripts/cleanup.sh"
       ],
       "type": "shell"
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh b/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
new file mode 100644
index 000000000000..a21d978012ed
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# File and rule definition
+RULE_FILE="/etc/udev/rules.d/90-new-interface.rules"
+RULE='ACTION=="add|change|remove", SUBSYSTEM=="net", DRIVERS=="?*", RUN+="/bin/systemctl --no-block start update-netplan.service"'
+
+# Ensure the file exists, or create it
+if [[ ! -f $RULE_FILE ]]; then
+    touch "$RULE_FILE"
+    echo "Created $RULE_FILE."
+fi
+
+# Check if the rule already exists to prevent duplication
+if grep -Fxq "$RULE" "$RULE_FILE"; then
+    echo "Rule already exists in $RULE_FILE."
+else
+    # Add the rule to the file
+    echo "$RULE" | tee -a "$RULE_FILE" > /dev/null
+    echo "Rule added to $RULE_FILE."
+fi
+
+# Reload udev rules and apply the changes
+udevadm control --reload-rules
+udevadm trigger
+echo "Udev rules reloaded and triggered."
\ No newline at end of file
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
index 80b661f30f55..4e4979c936f3 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/configure-cloud-init.sh
@@ -22,6 +22,8 @@ function install_packages() {
     apt-get install -y python3-json-pointer python3-jsonschema cloud-init resolvconf
 
     sudo mkdir -p /etc/apt/keyrings
+    echo "Creating /opt/bin directory"
+    sudo mkdir -p /opt/bin
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
     echo \
       "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh b/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh
new file mode 100644
index 000000000000..61983d75dd83
--- /dev/null
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Create the script in the /opt/bin directory
+SCRIPT_PATH="/usr/local/bin/update-netplan.sh"
+
+cat <<'EOF' > $SCRIPT_PATH
+#!/bin/bash
+
+echo "New interface detected: $INTERFACE" >> /var/log/interface-events.log
+CONFIG_FILE="/etc/netplan/config.yaml"
+
+# Generate a new netplan configuration
+echo "network:" > $CONFIG_FILE
+echo "  ethernets:" >> $CONFIG_FILE
+
+# Loop through all available interfaces
+for iface in $(ls /sys/class/net | grep -vE '^lo$'); do
+cat <<EOL >> $CONFIG_FILE
+   $iface:
+       dhcp4: true
+EOL
+done
+
+chmod 600 $CONFIG_FILE
+
+netplan apply
+EOF
+
+tee /etc/systemd/system/update-netplan.service <<EOF
+[Unit]
+Description=Update netplan configuration on boot
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/update-netplan.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+chmod 600 /etc/netplan/config.yaml
+chmod 777 $SCRIPT_PATH
+
+systemctl daemon-reload || true
+systemctl enable update-netplan.service || true
+systemctl start update-netplan.service || true
\ No newline at end of file
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index f3e7c88fdd27..6b91200e8109 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2488,6 +2488,7 @@
 "label.usagetypedescription": "Usage description",
 "label.use.kubectl.access.cluster": "<code><b>kubectl</b></code> and <code><b>kubeconfig</b></code> file to access cluster",
 "label.use.local.timezone": "Use local timezone",
+"label.use.router.ip.resolver": "Use Virtual Router IP as resolver",
 "label.used": "Used",
 "label.usehttps": "Use HTTPS",
 "label.usenewdiskoffering": "Replace disk offering?",
diff --git a/ui/src/views/auth/Login.vue b/ui/src/views/auth/Login.vue
index 47e2f34c57e9..8610900f271f 100644
--- a/ui/src/views/auth/Login.vue
+++ b/ui/src/views/auth/Login.vue
@@ -97,6 +97,18 @@
             </template>
           </a-input>
         </a-form-item>
+        <a-form-item ref="project" name="project">
+          <a-input
+            size="large"
+            type="text"
+            :placeholder="$t('label.project')"
+            v-model:value="form.project"
+          >
+            <template #prefix>
+              <block-outlined />
+            </template>
+          </a-input>
+        </a-form-item>
       </a-tab-pane>
       <a-tab-pane key="saml" :disabled="idps.length === 0">
         <template #tab>
@@ -230,7 +242,8 @@ export default {
         loginType: 0
       },
       server: '',
-      forgotPasswordEnabled: false
+      forgotPasswordEnabled: false,
+      project: null
     }
   },
   created () {
@@ -255,7 +268,8 @@ export default {
       this.form = reactive({
         server: (this.server.apiHost || '') + this.server.apiBase,
         username: this.$route.query?.username || '',
-        domain: this.$route.query?.domain || ''
+        domain: this.$route.query?.domain || '',
+        project: null
       })
       this.rules = reactive({})
       this.setRules()
@@ -447,7 +461,7 @@ export default {
           })
       })
     },
-    loginSuccess (res) {
+    async loginSuccess (res) {
       this.$notification.destroy()
       this.$store.commit('SET_COUNT_NOTIFY', 0)
       if (store.getters.twoFaEnabled === true && store.getters.twoFaProvider !== '' && store.getters.twoFaProvider !== undefined) {
@@ -456,9 +470,33 @@ export default {
         this.$router.push({ path: '/setup2FA' }).catch(() => {})
       } else {
         this.$store.commit('SET_LOGIN_FLAG', true)
+        const values = toRaw(this.form)
+        if (values.project) {
+          await this.getProject(values.project)
+          this.$store.dispatch('ProjectView', this.project.id)
+          this.$store.dispatch('SetProject', this.project)
+          this.$store.dispatch('ToggleTheme', this.project.id === undefined ? 'light' : 'dark')
+        }
         this.$router.push({ path: '/dashboard' }).catch(() => {})
       }
     },
+    getProject (projectName) {
+      return new Promise((resolve, reject) => {
+        api('listProjects', {
+          response: 'json',
+          domainId: this.selectedDomain,
+          details: 'min'
+        }).then((response) => {
+          const projects = response.listprojectsresponse.project
+          this.project = projects.filter(project => project.name === projectName)?.[0] || null
+          resolve(this.project)
+        }).catch((error) => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      })
+    },
     requestFailed (err) {
       if (err && err.response && err.response.data && err.response.data.loginresponse) {
         const error = err.response.data.loginresponse.errorcode + ': ' + err.response.data.loginresponse.errortext
diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index d239d04e1433..6ede446fb440 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -142,7 +142,15 @@
               <div style="color: red" v-if="errorPublicMtu" v-html="errorPublicMtu"></div>
           </a-form-item>
         </div>
-        <a-row :gutter="12" v-if="selectedVpcOfferingSupportsDns">
+        <div v-if="isNsxNetwork">
+          <a-form-item name="userouteripresolver" ref="userouteripresolver">
+            <template #label>
+              <tooltip-label :title="$t('label.use.router.ip.resolver')" :tooltip="apiParams.userouteripresolver.description"/>
+            </template>
+            <a-switch v-model:checked="useRouterIpResolver" />
+          </a-form-item>
+        </div>
+        <a-row :gutter="12" v-if="selectedVpcOfferingSupportsDns && !useRouterIpResolver">
           <a-col :md="12" :lg="12">
             <a-form-item v-if="'dns1' in apiParams" name="dns1" ref="dns1">
               <template #label>
@@ -240,7 +248,8 @@ export default {
       isNsxNetwork: false,
       asNumberLoading: false,
       asNumbersZone: [],
-      selectedAsNumber: 0
+      selectedAsNumber: 0,
+      useRouterIpResolver: false
     }
   },
   beforeCreate () {
@@ -459,6 +468,9 @@ export default {
         if ('asnumber' in values && this.isASNumberRequired()) {
           params.asnumber = values.asnumber
         }
+        if (this.useRouterIpResolver) {
+          params.userouteripresolver = true
+        }
         this.loading = true
         const title = this.$t('label.add.vpc')
         const description = this.$t('message.success.add.vpc')

From 20cbc1f3b9187d91444728d0869d439464dbf27e Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 27 May 2025 21:43:58 -0300
Subject: [PATCH 77/88] Add missing headers

---
 .../ubuntu/22.04/scripts/add-interface-rule.sh | 18 +++++++++++++++++-
 .../ubuntu/22.04/scripts/setup-interfaces.sh   | 18 +++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh b/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
index a21d978012ed..7a28f0e55cbe 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/add-interface-rule.sh
@@ -1,4 +1,20 @@
 #!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
 # File and rule definition
 RULE_FILE="/etc/udev/rules.d/90-new-interface.rules"
@@ -22,4 +38,4 @@ fi
 # Reload udev rules and apply the changes
 udevadm control --reload-rules
 udevadm trigger
-echo "Udev rules reloaded and triggered."
\ No newline at end of file
+echo "Udev rules reloaded and triggered."
diff --git a/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh b/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh
index 61983d75dd83..4dd2caead56e 100644
--- a/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh
+++ b/tools/appliance/cks/ubuntu/22.04/scripts/setup-interfaces.sh
@@ -1,4 +1,20 @@
 #!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
 # Create the script in the /opt/bin directory
 SCRIPT_PATH="/usr/local/bin/update-netplan.sh"
@@ -44,4 +60,4 @@ chmod 777 $SCRIPT_PATH
 
 systemctl daemon-reload || true
 systemctl enable update-netplan.service || true
-systemctl start update-netplan.service || true
\ No newline at end of file
+systemctl start update-netplan.service || true

From 6264c2181b05d10fee247634c3c66a8bda887017 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 27 May 2025 21:53:50 -0300
Subject: [PATCH 78/88] Fix linter

---
 .../src/main/resources/conf/k8s-control-node.yml              | 4 ++--
 systemvm/debian/opt/cloud/bin/cs/CsConfig.py                  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index d76dbe3f1f9d..471db9ab2648 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -275,7 +275,7 @@ write_files:
       echo "Already provisioned!"
       exit 0
       fi
-      
+
       HA_CLUSTER={{ k8s.ha.cluster }}
       CLUSTER_PUBLIC_IP={{ k8s.public.ip }}
 
@@ -322,7 +322,7 @@ write_files:
       cp -i /etc/kubernetes/admin.conf /root/.kube/config
       chown $(id -u):$(id -g) /root/.kube/config
       echo export PATH=\$PATH:/opt/bin >> /root/.bashrc
-      
+
       if [[ "$HA_CLUSTER" == "true" ]]; then
         sed -i -E "s|(server:\\s*).*|\\1https://${CLUSTER_PUBLIC_IP}:6443|" /root/.kube/config
       fi
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
index 1ad7e34db57d..e6e738b042a4 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py
@@ -126,7 +126,7 @@ def get_dns(self):
             else:
                 dns.append(self.address().get_guest_ip())
 
-        if not 'userouteripresolver' in conf:
+        if 'userouteripresolver' not in conf:
             for name in ('dns1', 'dns2'):
                 if name in conf:
                     dns.append(conf[name])

From bcf7b6df25413ddb58e9ffb21b2f319b43b79d25 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 27 May 2025 22:51:36 -0300
Subject: [PATCH 79/88] Address more review comments

---
 .../cluster/KubernetesClusterManagerImpl.java | 17 +++++++++-
 ...esClusterResourceModifierActionWorker.java |  4 ++-
 .../KubernetesClusterScaleWorker.java         | 33 +++++++++----------
 .../KubernetesClusterScaleWorkerTest.java     | 21 ------------
 4 files changed, 34 insertions(+), 41 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 0c53838303dc..5774e8b4693b 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1323,7 +1323,11 @@ protected void validateServiceOfferingsForNodeTypesScale(Map<String, Long> map,
                     throw new InvalidParameterValueException("Failed to find service offering ID: " + serviceOfferingId);
                 }
                 checkServiceOfferingForNodesScale(serviceOffering, kubernetesCluster, clusterVersion);
-                final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
+                Long nodeTypeOfferingId = getExistingServiceOfferingIdForNodeType(key, kubernetesCluster);
+                if (nodeTypeOfferingId == null) {
+                    nodeTypeOfferingId = kubernetesCluster.getServiceOfferingId();
+                }
+                final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(nodeTypeOfferingId);
                 if (KubernetesCluster.State.Running.equals(kubernetesCluster.getState()) && (serviceOffering.getRamSize() < existingServiceOffering.getRamSize() ||
                         serviceOffering.getCpu() * serviceOffering.getSpeed() < existingServiceOffering.getCpu() * existingServiceOffering.getSpeed())) {
                     logAndThrow(Level.WARN, String.format("Kubernetes cluster cannot be scaled down for service offering. Service offering : %s offers lesser resources as compared to service offering : %s of Kubernetes cluster : %s",
@@ -1333,6 +1337,17 @@ protected void validateServiceOfferingsForNodeTypesScale(Map<String, Long> map,
         }
     }
 
+    private Long getExistingServiceOfferingIdForNodeType(String key, KubernetesClusterVO kubernetesCluster) {
+        if (key.equalsIgnoreCase(WORKER.name())) {
+            return kubernetesCluster.getWorkerServiceOfferingId();
+        } else if (key.equalsIgnoreCase(CONTROL.name())) {
+            return kubernetesCluster.getControlServiceOfferingId();
+        } else if (key.equalsIgnoreCase(ETCD.name())) {
+            return kubernetesCluster.getEtcdServiceOfferingId();
+        }
+        return kubernetesCluster.getServiceOfferingId();
+    }
+
     protected void checkServiceOfferingForNodesScale(ServiceOffering serviceOffering, KubernetesClusterVO kubernetesCluster, KubernetesSupportedVersion clusterVersion) {
         if (serviceOffering.isDynamic()) {
             throw new InvalidParameterValueException(String.format("Custom service offerings are not supported for Kubernetes clusters. Kubernetes cluster : %s, service offering : %s", kubernetesCluster.getName(), serviceOffering.getName()));
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index a3bef9cfddbe..0d976259b172 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -852,7 +852,9 @@ protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, fin
             }
             updatedCluster.setMinSize(minSize);
             updatedCluster.setMaxSize(maxSize);
-            return kubernetesClusterDao.persist(updatedCluster);
+            kubernetesClusterDao.persist(updatedCluster);
+            // Prevent null attributes set by the createForUpdate method
+            return kubernetesClusterDao.findById(kubernetesCluster.getId());
         });
     }
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index ba5241d5be5b..7822e0048e3a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -35,6 +35,7 @@
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 
 import com.cloud.dc.DataCenter;
@@ -531,13 +532,14 @@ public boolean scaleCluster() throws CloudRuntimeException {
         boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
         if (hasDefaultOffering) {
             final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
-            if (existingServiceOffering == null) {
+            final ServiceOffering existingControlOffering = serviceOfferingDao.findById(kubernetesCluster.getControlServiceOfferingId());
+            final ServiceOffering existingWorkerOffering = serviceOfferingDao.findById(kubernetesCluster.getWorkerServiceOfferingId());
+            if (existingServiceOffering == null && ObjectUtils.anyNull(existingControlOffering, existingWorkerOffering)) {
                 logAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster : %s failed, service offering for the Kubernetes cluster not found!", kubernetesCluster.getName()));
             }
         }
 
         final boolean autoscalingChanged = isAutoscalingChanged();
-        Long existingDefaultOfferingId = kubernetesCluster.getServiceOfferingId();
         ServiceOffering defaultServiceOffering = serviceOfferingNodeTypeMap.getOrDefault(DEFAULT.name(), null);
 
         for (KubernetesClusterNodeType nodeType : Arrays.asList(CONTROL, ETCD, WORKER)) {
@@ -547,7 +549,7 @@ public boolean scaleCluster() throws CloudRuntimeException {
                 continue;
             }
 
-            boolean serviceOfferingScalingNeeded = isServiceOfferingScalingNeededForNodeType(nodeType, serviceOfferingNodeTypeMap, kubernetesCluster, existingDefaultOfferingId);
+            boolean serviceOfferingScalingNeeded = isServiceOfferingScalingNeededForNodeType(nodeType, serviceOfferingNodeTypeMap, kubernetesCluster);
             ServiceOffering serviceOffering = serviceOfferingNodeTypeMap.getOrDefault(nodeType.name(), defaultServiceOffering);
             boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name());
             boolean updateClusterOffering = isWorkerNodeOrAllNodes && hasDefaultOffering;
@@ -580,11 +582,8 @@ public boolean scaleCluster() throws CloudRuntimeException {
     }
 
     protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNodeType nodeType,
-                                                                Map<String, ServiceOffering> map, KubernetesCluster kubernetesCluster,
-                                                                Long existingDefaultOfferingId) {
-        Long existingOfferingId = map.containsKey(DEFAULT.name()) ?
-                existingDefaultOfferingId :
-                getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
+                                                                Map<String, ServiceOffering> map, KubernetesCluster kubernetesCluster) {
+        Long existingOfferingId = getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
         if (existingOfferingId == null) {
             logAndThrow(Level.ERROR, String.format("The Kubernetes cluster %s does not have a global service offering set", kubernetesCluster.getName()));
         }
@@ -597,17 +596,15 @@ protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNod
     }
 
     protected Long getExistingOfferingIdForNodeType(KubernetesClusterNodeType nodeType, KubernetesCluster kubernetesCluster) {
-        Long offeringId = null;
-        if (WORKER == nodeType) {
-            offeringId = kubernetesCluster.getWorkerServiceOfferingId();
-        } else if (CONTROL == nodeType) {
-            offeringId = kubernetesCluster.getControlServiceOfferingId();
-        } else if (ETCD == nodeType) {
-            offeringId = kubernetesCluster.getEtcdServiceOfferingId();
+        List<KubernetesClusterVmMapVO> clusterVms = kubernetesClusterVmMapDao.listByClusterIdAndVmType(kubernetesCluster.getId(), nodeType);
+        if (CollectionUtils.isEmpty(clusterVms)) {
+            return null;
         }
-        if (offeringId == null) {
-            offeringId = kubernetesCluster.getServiceOfferingId();
+        KubernetesClusterVmMapVO clusterVm = clusterVms.get(0);
+        UserVmVO clusterUserVm = userVmDao.findById(clusterVm.getVmId());
+        if (clusterUserVm == null) {
+            return null;
         }
-        return offeringId;
+        return clusterUserVm.getServiceOfferingId();
     }
 }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
index e6fb45fd7176..050def269e0d 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
@@ -30,8 +30,6 @@
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import java.util.Map;
-
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.DEFAULT;
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
 
@@ -55,25 +53,6 @@ public void setUp() {
         worker.serviceOfferingDao = serviceOfferingDao;
     }
 
-    @Test
-    public void testIsServiceOfferingScalingNeededForNodeTypeAllNodesSameOffering() {
-        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
-        Map<String, ServiceOffering> map = Map.of(DEFAULT.name(), serviceOffering);
-        Mockito.when(serviceOfferingDao.findById(defaultOfferingId)).thenReturn(serviceOffering);
-        Assert.assertFalse(worker.isServiceOfferingScalingNeededForNodeType(DEFAULT, map, kubernetesCluster, defaultOfferingId));
-    }
-
-    @Test
-    public void testIsServiceOfferingScalingNeededForNodeTypeAllNodesDifferentOffering() {
-        ServiceOfferingVO serviceOffering = Mockito.mock(ServiceOfferingVO.class);
-        Mockito.when(serviceOffering.getId()).thenReturn(defaultOfferingId);
-        ServiceOfferingVO newOffering = Mockito.mock(ServiceOfferingVO.class);
-        Mockito.when(newOffering.getId()).thenReturn(4L);
-        Map<String, ServiceOffering> map = Map.of(DEFAULT.name(), newOffering);
-        Mockito.when(serviceOfferingDao.findById(defaultOfferingId)).thenReturn(serviceOffering);
-        Assert.assertTrue(worker.isServiceOfferingScalingNeededForNodeType(DEFAULT, map, kubernetesCluster, defaultOfferingId));
-    }
-
     @Test
     public void testCalculateNewClusterCountAndCapacityAllNodesScaleSize() {
         long controlNodes = 3L;

From db97e968817a21af67f6d43f4179de1619f514bf Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 28 May 2025 10:34:36 -0300
Subject: [PATCH 80/88] Fix unit test

---
 .../KubernetesClusterScaleWorkerTest.java     | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
index 050def269e0d..847c8bd6d291 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorkerTest.java
@@ -18,10 +18,14 @@
 
 import com.cloud.kubernetes.cluster.KubernetesCluster;
 import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.utils.Pair;
+import com.cloud.vm.UserVmVO;
+import com.cloud.vm.dao.UserVmDao;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -30,6 +34,8 @@
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
 
+import java.util.List;
+
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.DEFAULT;
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
 
@@ -42,6 +48,10 @@ public class KubernetesClusterScaleWorkerTest {
     private KubernetesClusterManagerImpl clusterManager;
     @Mock
     private ServiceOfferingDao serviceOfferingDao;
+    @Mock
+    private KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
+    @Mock
+    private UserVmDao userVmDao;
 
     private KubernetesClusterScaleWorker worker;
 
@@ -51,6 +61,8 @@ public class KubernetesClusterScaleWorkerTest {
     public void setUp() {
         worker = new KubernetesClusterScaleWorker(kubernetesCluster, clusterManager);
         worker.serviceOfferingDao = serviceOfferingDao;
+        worker.kubernetesClusterVmMapDao = kubernetesClusterVmMapDao;
+        worker.userVmDao = userVmDao;
     }
 
     @Test
@@ -78,6 +90,8 @@ public void testCalculateNewClusterCountAndCapacityAllNodesScaleSize() {
     @Test
     public void testCalculateNewClusterCountAndCapacityNodeTypeScaleControlOffering() {
         long controlNodes = 2L;
+        long kubernetesClusterId = 10L;
+        Mockito.when(kubernetesCluster.getId()).thenReturn(kubernetesClusterId);
         Mockito.when(kubernetesCluster.getControlNodeCount()).thenReturn(controlNodes);
 
         ServiceOfferingVO existingOffering = Mockito.mock(ServiceOfferingVO.class);
@@ -90,7 +104,6 @@ public void testCalculateNewClusterCountAndCapacityNodeTypeScaleControlOffering(
         Mockito.when(kubernetesCluster.getCores()).thenReturn(remainingClusterCpu + (controlNodes * existingCores));
         Mockito.when(kubernetesCluster.getMemory()).thenReturn(remainingClusterMemory + (controlNodes * existingMemory));
 
-        Mockito.when(kubernetesCluster.getControlServiceOfferingId()).thenReturn(1L);
         Mockito.when(serviceOfferingDao.findById(1L)).thenReturn(existingOffering);
 
         ServiceOfferingVO newOffering = Mockito.mock(ServiceOfferingVO.class);
@@ -99,6 +112,12 @@ public void testCalculateNewClusterCountAndCapacityNodeTypeScaleControlOffering(
         Mockito.when(newOffering.getCpu()).thenReturn(newCores);
         Mockito.when(newOffering.getRamSize()).thenReturn(newMemory);
 
+        KubernetesClusterVmMapVO controlNodeVM1 = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(controlNodeVM1.getVmId()).thenReturn(10L);
+        UserVmVO userVmVO = Mockito.mock(UserVmVO.class);
+        Mockito.when(userVmVO.getServiceOfferingId()).thenReturn(defaultOfferingId);
+        Mockito.when(userVmDao.findById(10L)).thenReturn(userVmVO);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(kubernetesClusterId, CONTROL)).thenReturn(List.of(controlNodeVM1));
         Pair<Long, Long> newClusterCapacity = worker.calculateNewClusterCountAndCapacity(null, CONTROL, newOffering);
 
         long expectedCores = remainingClusterCpu + (controlNodes * newCores);

From 9d1699be3fee5a50abb1f968be8b6bb39b7efc73 Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Wed, 28 May 2025 22:50:04 -0300
Subject: [PATCH 81/88] Fix scaling case for the same offering

---
 .../cluster/actionworkers/KubernetesClusterScaleWorker.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 7822e0048e3a..b924b3c4ab72 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -583,7 +583,10 @@ public boolean scaleCluster() throws CloudRuntimeException {
 
     protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNodeType nodeType,
                                                                 Map<String, ServiceOffering> map, KubernetesCluster kubernetesCluster) {
-        Long existingOfferingId = getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
+        // DEFAULT node type means only the global service offering has been set for the Kubernetes cluster
+        Long existingOfferingId = map.containsKey(DEFAULT.name()) ?
+                kubernetesCluster.getServiceOfferingId() :
+                getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
         if (existingOfferingId == null) {
             logAndThrow(Level.ERROR, String.format("The Kubernetes cluster %s does not have a global service offering set", kubernetesCluster.getName()));
         }

From 05f357e75c2d9c80f8ad2a9ac7c647792c77a73b Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Fri, 30 May 2025 12:35:27 -0300
Subject: [PATCH 82/88] Revert "Login to a specific Project view"

This reverts commit 95e37563f48573780b07a038a7f48c0bc04e9b64.
---
 ui/src/views/auth/Login.vue | 44 +++----------------------------------
 1 file changed, 3 insertions(+), 41 deletions(-)

diff --git a/ui/src/views/auth/Login.vue b/ui/src/views/auth/Login.vue
index 8610900f271f..47e2f34c57e9 100644
--- a/ui/src/views/auth/Login.vue
+++ b/ui/src/views/auth/Login.vue
@@ -97,18 +97,6 @@
             </template>
           </a-input>
         </a-form-item>
-        <a-form-item ref="project" name="project">
-          <a-input
-            size="large"
-            type="text"
-            :placeholder="$t('label.project')"
-            v-model:value="form.project"
-          >
-            <template #prefix>
-              <block-outlined />
-            </template>
-          </a-input>
-        </a-form-item>
       </a-tab-pane>
       <a-tab-pane key="saml" :disabled="idps.length === 0">
         <template #tab>
@@ -242,8 +230,7 @@ export default {
         loginType: 0
       },
       server: '',
-      forgotPasswordEnabled: false,
-      project: null
+      forgotPasswordEnabled: false
     }
   },
   created () {
@@ -268,8 +255,7 @@ export default {
       this.form = reactive({
         server: (this.server.apiHost || '') + this.server.apiBase,
         username: this.$route.query?.username || '',
-        domain: this.$route.query?.domain || '',
-        project: null
+        domain: this.$route.query?.domain || ''
       })
       this.rules = reactive({})
       this.setRules()
@@ -461,7 +447,7 @@ export default {
           })
       })
     },
-    async loginSuccess (res) {
+    loginSuccess (res) {
       this.$notification.destroy()
       this.$store.commit('SET_COUNT_NOTIFY', 0)
       if (store.getters.twoFaEnabled === true && store.getters.twoFaProvider !== '' && store.getters.twoFaProvider !== undefined) {
@@ -470,33 +456,9 @@ export default {
         this.$router.push({ path: '/setup2FA' }).catch(() => {})
       } else {
         this.$store.commit('SET_LOGIN_FLAG', true)
-        const values = toRaw(this.form)
-        if (values.project) {
-          await this.getProject(values.project)
-          this.$store.dispatch('ProjectView', this.project.id)
-          this.$store.dispatch('SetProject', this.project)
-          this.$store.dispatch('ToggleTheme', this.project.id === undefined ? 'light' : 'dark')
-        }
         this.$router.push({ path: '/dashboard' }).catch(() => {})
       }
     },
-    getProject (projectName) {
-      return new Promise((resolve, reject) => {
-        api('listProjects', {
-          response: 'json',
-          domainId: this.selectedDomain,
-          details: 'min'
-        }).then((response) => {
-          const projects = response.listprojectsresponse.project
-          this.project = projects.filter(project => project.name === projectName)?.[0] || null
-          resolve(this.project)
-        }).catch((error) => {
-          this.$notifyError(error)
-        }).finally(() => {
-          this.loading = false
-        })
-      })
-    },
     requestFailed (err) {
       if (err && err.response && err.response.data && err.response.data.loginresponse) {
         const error = err.response.data.loginresponse.errorcode + ': ' + err.response.data.loginresponse.errortext

From 0be2cd56069976d4c2207b1d6f7f1651affe10d4 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Mon, 2 Jun 2025 11:11:22 -0300
Subject: [PATCH 83/88] Revert "Fix CKS HA clusters" (#120)

This reverts commit 8dac16aa359faa6500ea1e1ce548169cfd08331a.
---
 .../actionworkers/KubernetesClusterStartWorker.java  | 12 ++----------
 .../src/main/resources/conf/k8s-control-node-add.yml |  7 -------
 .../src/main/resources/conf/k8s-control-node.yml     |  7 -------
 3 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index 69d493e85fef..68bec58d4623 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -161,8 +161,6 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         final String certSans = "{{ k8s_control.server_ips }}";
         final String k8sCertificate = "{{ k8s_control.certificate_key }}";
         final String externalCniPlugin = "{{ k8s.external.cni.plugin }}";
-        final String isHaCluster = "{{ k8s.ha.cluster }}";
-        final String publicIP = "{{ k8s.public.ip }}";
 
         final List<String> addresses = new ArrayList<>();
         addresses.add(controlNodeIp);
@@ -204,7 +202,7 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
                     CLUSTER_API_PORT,
                     KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         }
-        initArgs += String.format("--apiserver-cert-extra-sans=%s", String.join(",", addresses));
+        initArgs += String.format("--apiserver-cert-extra-sans=%s", controlNodeIp);
         initArgs += String.format(" --kubernetes-version=%s", getKubernetesClusterVersion().getSemanticVersion());
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterInitArgsKey, initArgs);
         k8sControlNodeConfig = k8sControlNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
@@ -214,8 +212,6 @@ private Pair<String, String> getKubernetesControlNodeConfig(final String control
         k8sControlNodeConfig = k8sControlNodeConfig.replace(certSans, String.format("- %s", serverIp));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(k8sCertificate, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(externalCniPlugin, String.valueOf(externalCni));
-        k8sControlNodeConfig = k8sControlNodeConfig.replace(isHaCluster, String.valueOf(kubernetesCluster.getControlNodeCount() > 1));
-        k8sControlNodeConfig = k8sControlNodeConfig.replace(publicIP, publicIpAddress);
 
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
@@ -313,8 +309,6 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         final String ejectIsoKey = "{{ k8s.eject.iso }}";
         final String installWaitTime = "{{ k8s.install.wait.time }}";
         final String installReattemptsCount = "{{ k8s.install.reattempts.count }}";
-        final String isHaCluster = "{{ k8s.ha.cluster }}";
-        final String publicIP = "{{ k8s.public.ip }}";
 
         final Long waitTime = KubernetesClusterService.KubernetesControlNodeInstallAttemptWait.value();
         final Long reattempts = KubernetesClusterService.KubernetesControlNodeInstallReattempts.value();
@@ -334,8 +328,6 @@ private String getKubernetesAdditionalControlNodeConfig(final String joinIp, fin
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterTokenKey, KubernetesClusterUtil.generateClusterToken(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(clusterHACertificateKey, KubernetesClusterUtil.generateClusterHACertificateKey(kubernetesCluster));
         k8sControlNodeConfig = k8sControlNodeConfig.replace(ejectIsoKey, String.valueOf(ejectIso));
-        k8sControlNodeConfig = k8sControlNodeConfig.replace(isHaCluster, String.valueOf(kubernetesCluster.getControlNodeCount() > 1));
-        k8sControlNodeConfig = k8sControlNodeConfig.replace(publicIP, publicIpAddress);
         k8sControlNodeConfig = updateKubeConfigWithRegistryDetails(k8sControlNodeConfig);
 
         return k8sControlNodeConfig;
@@ -434,7 +426,7 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
         String hostName = String.format("%s-control-%s", kubernetesClusterNodeNamePrefix, suffix);
         String k8sControlNodeConfig = null;
         try {
-            k8sControlNodeConfig = getKubernetesAdditionalControlNodeConfig(publicIpAddress, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
+            k8sControlNodeConfig = getKubernetesAdditionalControlNodeConfig(joinIp, Hypervisor.HypervisorType.VMware.equals(clusterTemplate.getHypervisorType()));
         } catch (IOException e) {
             logAndThrow(Level.ERROR, "Failed to read Kubernetes control configuration file", e);
         }
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
index e1d021dd0784..38f217f403c4 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml
@@ -225,9 +225,6 @@ write_files:
         exit 0
       fi
 
-      HA_CLUSTER={{ k8s.ha.cluster }}
-      CLUSTER_PUBLIC_IP={{ k8s.public.ip }}
-
       if [[ $(systemctl is-active setup-kube-system) != "inactive" ]]; then
         echo "setup-kube-system is running!"
         exit 1
@@ -245,10 +242,6 @@ write_files:
       cp -i /etc/kubernetes/admin.conf /root/.kube/config
       chown $(id -u):$(id -g) /root/.kube/config
 
-      if [[ "$HA_CLUSTER" == "true" ]]; then
-        sed -i -E "s|(server:\\s*).*|\\1https://${CLUSTER_PUBLIC_IP}:6443|" /root/.kube/config
-      fi
-
       sudo touch /home/cloud/success
       echo "true" > /home/cloud/success
 
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
index 471db9ab2648..dc066e10d06b 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml
@@ -276,9 +276,6 @@ write_files:
       exit 0
       fi
 
-      HA_CLUSTER={{ k8s.ha.cluster }}
-      CLUSTER_PUBLIC_IP={{ k8s.public.ip }}
-
       if [[ "$PATH" != *:/opt/bin && "$PATH" != *:/opt/bin:* ]]; then
         export PATH=$PATH:/opt/bin
       fi
@@ -323,10 +320,6 @@ write_files:
       chown $(id -u):$(id -g) /root/.kube/config
       echo export PATH=\$PATH:/opt/bin >> /root/.bashrc
 
-      if [[ "$HA_CLUSTER" == "true" ]]; then
-        sed -i -E "s|(server:\\s*).*|\\1https://${CLUSTER_PUBLIC_IP}:6443|" /root/.kube/config
-      fi
-
       if [ -d "$K8S_CONFIG_SCRIPTS_COPY_DIR" ]; then
         ### Network, dashboard configs available offline ###
         echo "Offline configs are available!"

From 5dcac1e8d7b07aba27fa4fa49528906700c13d96 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 10 Jun 2025 12:19:19 -0300
Subject: [PATCH 84/88] Apply suggestions from code review about user data

Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
---
 api/src/main/java/com/cloud/server/ManagementService.java | 4 ++--
 .../command/user/userdata/BaseRegisterUserDataCmd.java    | 8 ++++----
 .../command/user/userdata/ListCniConfigurationCmd.java    | 2 +-
 .../api/command/user/userdata/RegisterUserDataCmd.java    | 2 +-
 .../main/resources/META-INF/db/schema-42010to42100.sql    | 6 +++---
 .../kubernetes/cluster/CreateKubernetesClusterCmd.java    | 2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/api/src/main/java/com/cloud/server/ManagementService.java b/api/src/main/java/com/cloud/server/ManagementService.java
index 5142425d1c41..032245a91ada 100644
--- a/api/src/main/java/com/cloud/server/ManagementService.java
+++ b/api/src/main/java/com/cloud/server/ManagementService.java
@@ -377,7 +377,7 @@ public interface ManagementService {
      * Registers a cni configuration.
      *
      * @param cmd    The api command class.
-     * @return A VO with the registered userdata.
+     * @return A VO with the registered user data.
      */
     UserData registerCniConfiguration(RegisterCniConfigurationCmd cmd);
 
@@ -398,7 +398,7 @@ public interface ManagementService {
     boolean deleteUserData(DeleteUserDataCmd cmd);
 
     /**
-     * Deletes a userdata.
+     * Deletes user data.
      *
      * @param cmd
      *            The api command class.
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
index 32c1eaf42f8b..5806e3b6e9c3 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
@@ -31,7 +31,7 @@
 
 public abstract class BaseRegisterUserDataCmd extends BaseCmd {
 
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "Name of the userdata")
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "Name of the user data")
     private String name;
 
     //Owner information
@@ -41,13 +41,13 @@ public abstract class BaseRegisterUserDataCmd extends BaseCmd {
     @Parameter(name = ApiConstants.DOMAIN_ID,
             type = CommandType.UUID,
             entityType = DomainResponse.class,
-            description = "an optional domainId for the userdata. If the account parameter is used, domainId must also be used.")
+            description = "an optional domainId for the user data. If the account parameter is used, domainId must also be used.")
     private Long domainId;
 
-    @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "an optional project for the userdata")
+    @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "an optional project for the user data")
     private Long projectId;
 
-    @Parameter(name = ApiConstants.PARAMS, type = CommandType.STRING, description = "comma separated list of variables declared in userdata content")
+    @Parameter(name = ApiConstants.PARAMS, type = CommandType.STRING, description = "comma separated list of variables declared in user data content")
     private String params;
 
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
index 2270bce942bb..3a0c3f1168bc 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/ListCniConfigurationCmd.java
@@ -29,7 +29,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-@APICommand(name = "listCniConfiguration", description = "List userdata for CNI plugins", responseObject = UserDataResponse.class, entityType = {UserData.class},
+@APICommand(name = "listCniConfiguration", description = "List user data for CNI plugins", responseObject = UserDataResponse.class, entityType = {UserData.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.21.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
 public class ListCniConfigurationCmd extends ListUserDataCmd {
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
index e2160d1418b4..fabf8827796e 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/RegisterUserDataCmd.java
@@ -46,7 +46,7 @@ public class RegisterUserDataCmd extends BaseRegisterUserDataCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name = ApiConstants.USER_DATA, type = CommandType.STRING, required = true, description = "Userdata content", length = 1048576)
+    @Parameter(name = ApiConstants.USER_DATA, type = CommandType.STRING, required = true, description = "User data content", length = 1048576)
     protected String userData;
 
 
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 2d196a9c5407..7e80ed0720d9 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -52,8 +52,8 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_id', 'bigint unsigned COMMENT "userdata id representing the associated cni configuration"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_details', 'varchar(4096) DEFAULT NULL COMMENT "userdata details representing the values required for the cni configuration associated"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_id', 'bigint unsigned COMMENT "user data id representing the associated cni configuration"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_details', 'varchar(4096) DEFAULT NULL COMMENT "user data details representing the values required for the cni configuration associated"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node was imported into the Kubernetes cluster"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
@@ -67,7 +67,7 @@ ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_temp
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
 
 -- Add for_cks column to the user_data table to represent CNI Configuration stored as userdata
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.user_data','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the userdata represent CNI configuration meant for CKS use only"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.user_data','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the user data represent CNI configuration meant for CKS use only"');
 
 -- Add use VR IP as resolver option on VPC
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vpc','use_router_ip_resolver', 'tinyint(1) DEFAULT 0 COMMENT "use router ip as resolver instead of dns options"');
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index 8810b9262a86..4e92f9546f83 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -194,7 +194,7 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.CLUSTER_TYPE, type = CommandType.STRING, description = "type of the cluster: CloudManaged, ExternalManaged. The default value is CloudManaged.", since="4.19.0")
     private String clusterType;
 
-    @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "the hypervisor on which the CKS cluster is to be deployed. This is required if the zone in which the CKS cluster is being deployed has clusters with different hypervisor types.")
+    @Parameter(name = ApiConstants.HYPERVISOR, type = CommandType.STRING, description = "the hypervisor on which the CKS cluster is to be deployed. This is required if the zone in which the CKS cluster is being deployed has clusters with different hypervisor types.", since = "4.21.0")
     private String hypervisor;
 
     @Parameter(name = ApiConstants.CNI_CONFIG_ID, type = CommandType.UUID, entityType = UserDataResponse.class, description = "the ID of the Userdata", since = "4.21.0")

From db50411e8395479ba321976ce42ef089df2904f4 Mon Sep 17 00:00:00 2001
From: Nicolas Vazquez <nicovazquez90@gmail.com>
Date: Tue, 10 Jun 2025 12:21:20 -0300
Subject: [PATCH 85/88] Update
 api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java

Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
---
 .../api/command/user/userdata/BaseRegisterUserDataCmd.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
index 5806e3b6e9c3..c002bd226a0d 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/userdata/BaseRegisterUserDataCmd.java
@@ -35,7 +35,7 @@ public abstract class BaseRegisterUserDataCmd extends BaseCmd {
     private String name;
 
     //Owner information
-    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the userdata. Must be used with domainId.")
+    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an optional account for the user data. Must be used with domainId.")
     private String accountName;
 
     @Parameter(name = ApiConstants.DOMAIN_ID,

From 2f8e9ab0b0167ae8ed1602ec6104b44e405d550f Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 10 Jun 2025 12:34:01 -0300
Subject: [PATCH 86/88] Refactor column names and schema path

---
 .../kubernetes/cluster/KubernetesCluster.java | 12 ++--
 .../META-INF/db/schema-42010to42100.sql       | 24 +++----
 .../cluster/KubernetesClusterManagerImpl.java | 24 +++----
 .../cluster/KubernetesClusterVO.java          | 72 +++++++++----------
 .../KubernetesClusterActionWorker.java        | 14 ++--
 ...esClusterResourceModifierActionWorker.java |  6 +-
 .../KubernetesClusterScaleWorker.java         |  4 +-
 7 files changed, 78 insertions(+), 78 deletions(-)

diff --git a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
index c0eb78129883..8b5551d6a8e9 100644
--- a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
@@ -157,12 +157,12 @@ enum State {
     Long getMaxSize();
     Long getSecurityGroupId();
     ClusterType getClusterType();
-    Long getControlServiceOfferingId();
-    Long getWorkerServiceOfferingId();
-    Long getEtcdServiceOfferingId();
-    Long getControlTemplateId();
-    Long getWorkerTemplateId();
-    Long getEtcdTemplateId();
+    Long getControlNodeServiceOfferingId();
+    Long getWorkerNodeServiceOfferingId();
+    Long getEtcdNodeServiceOfferingId();
+    Long getControlNodeTemplateId();
+    Long getWorkerNodeTemplateId();
+    Long getEtcdNodeTemplateId();
     Long getEtcdNodeCount();
     Long getCniConfigId();
     String getCniConfigDetails();
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 7e80ed0720d9..2765b40ed9e1 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -45,13 +45,13 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.host', 'last_mgmt_server_id', 'bigin
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vm_template','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the template can be used for CKS cluster deployment"');
 
 -- Add support for different node types service offerings on CKS clusters
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_node_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_node_service_offering_id', 'bigint unsigned COMMENT "service offering ID for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_service_offering_id', 'bigint unsigned COMMENT "service offering ID for etcd Nodes"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_count', 'bigint unsigned COMMENT "number of etcd nodes to be deployed for the Kubernetes cluster"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
-CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','control_node_template_id', 'bigint unsigned COMMENT "template id to be used for Control Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','worker_node_template_id', 'bigint unsigned COMMENT "template id to be used for Worker Node(s)"');
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','etcd_node_template_id', 'bigint unsigned COMMENT "template id to be used for etcd Nodes"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_id', 'bigint unsigned COMMENT "user data id representing the associated cni configuration"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster','cni_config_details', 'varchar(4096) DEFAULT NULL COMMENT "user data details representing the values required for the cni configuration associated"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','etcd_node', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the VM is an etcd node"');
@@ -59,12 +59,12 @@ CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','external
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','manual_upgrade', 'tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT "indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation"');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.kubernetes_cluster_vm_map','kubernetes_node_version', 'varchar(40) COMMENT "version of k8s the cluster node is on"');
 
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_service_offering_id` FOREIGN KEY `fk_cluster__control_service_offering_id`(`control_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_service_offering_id` FOREIGN KEY `fk_cluster__worker_service_offering_id`(`worker_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_service_offering_id` FOREIGN KEY `fk_cluster__etcd_service_offering_id`(`etcd_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_template_id` FOREIGN KEY `fk_cluster__control_template_id`(`control_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_template_id` FOREIGN KEY `fk_cluster__worker_template_id`(`worker_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_template_id` FOREIGN KEY `fk_cluster__etcd_template_id`(`etcd_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_node_service_offering_id` FOREIGN KEY `fk_cluster__control_node_service_offering_id`(`control_node_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_node_service_offering_id` FOREIGN KEY `fk_cluster__worker_node_service_offering_id`(`worker_node_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_node_service_offering_id` FOREIGN KEY `fk_cluster__etcd_node_service_offering_id`(`etcd_node_service_offering_id`) REFERENCES `service_offering`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__control_node_template_id` FOREIGN KEY `fk_cluster__control_node_template_id`(`control_node_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__worker_node_template_id` FOREIGN KEY `fk_cluster__worker_node_template_id`(`worker_node_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD CONSTRAINT `fk_cluster__etcd_node_template_id` FOREIGN KEY `fk_cluster__etcd_node_template_id`(`etcd_node_template_id`) REFERENCES `vm_template`(`id`) ON DELETE CASCADE;
 
 -- Add for_cks column to the user_data table to represent CNI Configuration stored as userdata
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.user_data','for_cks', 'int(1) unsigned DEFAULT "0" COMMENT "if true, the user data represent CNI configuration meant for CKS use only"');
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 5774e8b4693b..f242ded55938 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -773,9 +773,9 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
             response.setCniConfigId(cniConfig.getUuid());
             response.setCniConfigName(cniConfig.getName());
         }
-        setNodeTypeServiceOfferingResponse(response, WORKER, kubernetesCluster.getWorkerServiceOfferingId());
-        setNodeTypeServiceOfferingResponse(response, CONTROL, kubernetesCluster.getControlServiceOfferingId());
-        setNodeTypeServiceOfferingResponse(response, ETCD, kubernetesCluster.getEtcdServiceOfferingId());
+        setNodeTypeServiceOfferingResponse(response, WORKER, kubernetesCluster.getWorkerNodeServiceOfferingId());
+        setNodeTypeServiceOfferingResponse(response, CONTROL, kubernetesCluster.getControlNodeServiceOfferingId());
+        setNodeTypeServiceOfferingResponse(response, ETCD, kubernetesCluster.getEtcdNodeServiceOfferingId());
 
         if (kubernetesCluster.getEtcdNodeCount() != null) {
             response.setEtcdNodes(kubernetesCluster.getEtcdNodeCount());
@@ -1339,11 +1339,11 @@ protected void validateServiceOfferingsForNodeTypesScale(Map<String, Long> map,
 
     private Long getExistingServiceOfferingIdForNodeType(String key, KubernetesClusterVO kubernetesCluster) {
         if (key.equalsIgnoreCase(WORKER.name())) {
-            return kubernetesCluster.getWorkerServiceOfferingId();
+            return kubernetesCluster.getWorkerNodeServiceOfferingId();
         } else if (key.equalsIgnoreCase(CONTROL.name())) {
-            return kubernetesCluster.getControlServiceOfferingId();
+            return kubernetesCluster.getControlNodeServiceOfferingId();
         } else if (key.equalsIgnoreCase(ETCD.name())) {
-            return kubernetesCluster.getEtcdServiceOfferingId();
+            return kubernetesCluster.getEtcdNodeServiceOfferingId();
         }
         return kubernetesCluster.getServiceOfferingId();
     }
@@ -1569,20 +1569,20 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                 }
                 newCluster.setCniConfigDetails(cniConfigDetails);
                 if (serviceOfferingNodeTypeMap.containsKey(WORKER.name())) {
-                    newCluster.setWorkerServiceOfferingId(serviceOfferingNodeTypeMap.get(WORKER.name()));
+                    newCluster.setWorkerNodeServiceOfferingId(serviceOfferingNodeTypeMap.get(WORKER.name()));
                 }
                 if (serviceOfferingNodeTypeMap.containsKey(CONTROL.name())) {
-                    newCluster.setControlServiceOfferingId(serviceOfferingNodeTypeMap.get(CONTROL.name()));
+                    newCluster.setControlNodeServiceOfferingId(serviceOfferingNodeTypeMap.get(CONTROL.name()));
                 }
                 if (etcdNodes > 0) {
-                    newCluster.setEtcdTemplateId(etcdNodeTemplate.getId());
+                    newCluster.setEtcdNodeTemplateId(etcdNodeTemplate.getId());
                     newCluster.setEtcdNodeCount(etcdNodes);
                     if (serviceOfferingNodeTypeMap.containsKey(ETCD.name())) {
-                        newCluster.setEtcdServiceOfferingId(serviceOfferingNodeTypeMap.get(ETCD.name()));
+                        newCluster.setEtcdNodeServiceOfferingId(serviceOfferingNodeTypeMap.get(ETCD.name()));
                     }
                 }
-                newCluster.setWorkerTemplateId(workerNodeTemplate.getId());
-                newCluster.setControlTemplateId(controlNodeTemplate.getId());
+                newCluster.setWorkerNodeTemplateId(workerNodeTemplate.getId());
+                newCluster.setControlNodeTemplateId(controlNodeTemplate.getId());
                 if (zone.isSecurityGroupEnabled()) {
                     newCluster.setSecurityGroupId(finalSecurityGroup.getId());
                 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
index 0992a64bff32..79fc15f68981 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java
@@ -118,26 +118,26 @@ public class KubernetesClusterVO implements KubernetesCluster {
     @Column(name = "cluster_type")
     private ClusterType clusterType;
 
-    @Column(name = "control_service_offering_id")
-    private Long controlServiceOfferingId;
+    @Column(name = "control_node_service_offering_id")
+    private Long controlNodeServiceOfferingId;
 
-    @Column(name = "worker_service_offering_id")
-    private Long workerServiceOfferingId;
+    @Column(name = "worker_node_service_offering_id")
+    private Long workerNodeServiceOfferingId;
 
-    @Column(name = "etcd_service_offering_id")
-    private Long etcdServiceOfferingId;
+    @Column(name = "etcd_node_service_offering_id")
+    private Long etcdNodeServiceOfferingId;
 
     @Column(name = "etcd_node_count")
     private Long etcdNodeCount;
 
-    @Column(name = "control_template_id")
-    private Long controlTemplateId;
+    @Column(name = "control_node_template_id")
+    private Long controlNodeTemplateId;
 
-    @Column(name = "worker_template_id")
-    private Long workerTemplateId;
+    @Column(name = "worker_node_template_id")
+    private Long workerNodeTemplateId;
 
-    @Column(name = "etcd_template_id")
-    private Long etcdTemplateId;
+    @Column(name = "etcd_node_template_id")
+    private Long etcdNodeTemplateId;
 
     @Column(name = "cni_config_id", nullable = true)
     private Long cniConfigId = null;
@@ -442,28 +442,28 @@ public Class<?> getEntityType() {
         return KubernetesCluster.class;
     }
 
-    public Long getControlServiceOfferingId() {
-        return controlServiceOfferingId;
+    public Long getControlNodeServiceOfferingId() {
+        return controlNodeServiceOfferingId;
     }
 
-    public void setControlServiceOfferingId(Long controlServiceOfferingId) {
-        this.controlServiceOfferingId = controlServiceOfferingId;
+    public void setControlNodeServiceOfferingId(Long controlNodeServiceOfferingId) {
+        this.controlNodeServiceOfferingId = controlNodeServiceOfferingId;
     }
 
-    public Long getWorkerServiceOfferingId() {
-        return workerServiceOfferingId;
+    public Long getWorkerNodeServiceOfferingId() {
+        return workerNodeServiceOfferingId;
     }
 
-    public void setWorkerServiceOfferingId(Long workerServiceOfferingId) {
-        this.workerServiceOfferingId = workerServiceOfferingId;
+    public void setWorkerNodeServiceOfferingId(Long workerNodeServiceOfferingId) {
+        this.workerNodeServiceOfferingId = workerNodeServiceOfferingId;
     }
 
-    public Long getEtcdServiceOfferingId() {
-        return etcdServiceOfferingId;
+    public Long getEtcdNodeServiceOfferingId() {
+        return etcdNodeServiceOfferingId;
     }
 
-    public void setEtcdServiceOfferingId(Long etcdServiceOfferingId) {
-        this.etcdServiceOfferingId = etcdServiceOfferingId;
+    public void setEtcdNodeServiceOfferingId(Long etcdNodeServiceOfferingId) {
+        this.etcdNodeServiceOfferingId = etcdNodeServiceOfferingId;
     }
 
     public Long getEtcdNodeCount() {
@@ -474,28 +474,28 @@ public void setEtcdNodeCount(Long etcdNodeCount) {
         this.etcdNodeCount = etcdNodeCount;
     }
 
-    public Long getEtcdTemplateId() {
-        return etcdTemplateId;
+    public Long getEtcdNodeTemplateId() {
+        return etcdNodeTemplateId;
     }
 
-    public void setEtcdTemplateId(Long etcdTemplateId) {
-        this.etcdTemplateId = etcdTemplateId;
+    public void setEtcdNodeTemplateId(Long etcdNodeTemplateId) {
+        this.etcdNodeTemplateId = etcdNodeTemplateId;
     }
 
-    public Long getWorkerTemplateId() {
-        return workerTemplateId;
+    public Long getWorkerNodeTemplateId() {
+        return workerNodeTemplateId;
     }
 
-    public void setWorkerTemplateId(Long workerTemplateId) {
-        this.workerTemplateId = workerTemplateId;
+    public void setWorkerNodeTemplateId(Long workerNodeTemplateId) {
+        this.workerNodeTemplateId = workerNodeTemplateId;
     }
 
-    public Long getControlTemplateId() {
-        return controlTemplateId;
+    public Long getControlNodeTemplateId() {
+        return controlNodeTemplateId;
     }
 
-    public void setControlTemplateId(Long controlTemplateId) {
-        this.controlTemplateId = controlTemplateId;
+    public void setControlNodeTemplateId(Long controlNodeTemplateId) {
+        this.controlNodeTemplateId = controlNodeTemplateId;
     }
 
     public Long getCniConfigId() {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 864c68c96e73..7ce227dfeb75 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -258,9 +258,9 @@ protected void init() {
         VMTemplateVO template = templateDao.findById(templateId);
         Hypervisor.HypervisorType type = template.getHypervisorType();
         this.clusterTemplate = manager.getKubernetesServiceTemplate(dataCenterVO, type, null, KubernetesClusterNodeType.DEFAULT);
-        this.controlNodeTemplate = templateDao.findById(this.kubernetesCluster.getControlTemplateId());
-        this.workerNodeTemplate = templateDao.findById(this.kubernetesCluster.getWorkerTemplateId());
-        this.etcdTemplate = templateDao.findById(this.kubernetesCluster.getEtcdTemplateId());
+        this.controlNodeTemplate = templateDao.findById(this.kubernetesCluster.getControlNodeTemplateId());
+        this.workerNodeTemplate = templateDao.findById(this.kubernetesCluster.getWorkerNodeTemplateId());
+        this.etcdTemplate = templateDao.findById(this.kubernetesCluster.getEtcdNodeTemplateId());
         this.sshKeyFile = getManagementServerSshPublicKeyFile();
     }
 
@@ -827,9 +827,9 @@ protected ServiceOffering getServiceOfferingForNodeTypeOnCluster(KubernetesClust
                                                                      KubernetesCluster cluster) {
         Long offeringId = null;
         Long defaultOfferingId = cluster.getServiceOfferingId();
-        Long controlOfferingId = cluster.getControlServiceOfferingId();
-        Long workerOfferingId = cluster.getWorkerServiceOfferingId();
-        Long etcdOfferingId = cluster.getEtcdServiceOfferingId();
+        Long controlOfferingId = cluster.getControlNodeServiceOfferingId();
+        Long workerOfferingId = cluster.getWorkerNodeServiceOfferingId();
+        Long etcdOfferingId = cluster.getEtcdNodeServiceOfferingId();
         if (KubernetesClusterNodeType.CONTROL == nodeType) {
             offeringId = controlOfferingId != null ? controlOfferingId : defaultOfferingId;
         } else if (KubernetesClusterNodeType.WORKER == nodeType) {
@@ -847,7 +847,7 @@ protected ServiceOffering getServiceOfferingForNodeTypeOnCluster(KubernetesClust
     }
 
     protected boolean isDefaultTemplateUsed() {
-        if (Arrays.asList(kubernetesCluster.getControlTemplateId(), kubernetesCluster.getWorkerTemplateId(), kubernetesCluster.getEtcdTemplateId()).contains(kubernetesCluster.getTemplateId())) {
+        if (Arrays.asList(kubernetesCluster.getControlNodeTemplateId(), kubernetesCluster.getWorkerNodeTemplateId(), kubernetesCluster.getEtcdNodeTemplateId()).contains(kubernetesCluster.getTemplateId())) {
             return true;
         }
         return false;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index 0d976259b172..7f7f8c07f067 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -837,11 +837,11 @@ protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, fin
             }
             if (updateNodeOffering && serviceOfferingId != null && nodeType != null) {
                 if (WORKER == nodeType) {
-                    updatedCluster.setWorkerServiceOfferingId(serviceOfferingId);
+                    updatedCluster.setWorkerNodeServiceOfferingId(serviceOfferingId);
                 } else if (CONTROL == nodeType) {
-                    updatedCluster.setControlServiceOfferingId(serviceOfferingId);
+                    updatedCluster.setControlNodeServiceOfferingId(serviceOfferingId);
                 } else if (ETCD == nodeType) {
-                    updatedCluster.setEtcdServiceOfferingId(serviceOfferingId);
+                    updatedCluster.setEtcdNodeServiceOfferingId(serviceOfferingId);
                 }
             }
             if (updateClusterOffering && serviceOfferingId != null) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index b924b3c4ab72..1697542e8aed 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -532,8 +532,8 @@ public boolean scaleCluster() throws CloudRuntimeException {
         boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
         if (hasDefaultOffering) {
             final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
-            final ServiceOffering existingControlOffering = serviceOfferingDao.findById(kubernetesCluster.getControlServiceOfferingId());
-            final ServiceOffering existingWorkerOffering = serviceOfferingDao.findById(kubernetesCluster.getWorkerServiceOfferingId());
+            final ServiceOffering existingControlOffering = serviceOfferingDao.findById(kubernetesCluster.getControlNodeServiceOfferingId());
+            final ServiceOffering existingWorkerOffering = serviceOfferingDao.findById(kubernetesCluster.getWorkerNodeServiceOfferingId());
             if (existingServiceOffering == null && ObjectUtils.anyNull(existingControlOffering, existingWorkerOffering)) {
                 logAndThrow(Level.ERROR, String.format("Scaling Kubernetes cluster : %s failed, service offering for the Kubernetes cluster not found!", kubernetesCluster.getName()));
             }

From 2771ab759c74df0e762fa98ffbce05200732c44c Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Mon, 16 Jun 2025 23:13:17 -0300
Subject: [PATCH 87/88] Fix scaling for non existing previous offering per node
 type

---
 .../cluster/actionworkers/KubernetesClusterScaleWorker.java   | 3 +++
 ui/src/views/compute/CreateKubernetesCluster.vue              | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 1697542e8aed..00329ad1bb95 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -223,6 +223,9 @@ protected Pair<Long, Long> calculateNewClusterCountAndCapacity(Long newWorkerSiz
         } else {
             long nodeCount = getNodeCountForType(nodeType, kubernetesCluster);
             Long existingOfferingId = getExistingOfferingIdForNodeType(nodeType, kubernetesCluster);
+            if (existingOfferingId == null) {
+                existingOfferingId = serviceOffering.getId();
+            }
             ServiceOfferingVO previousOffering = serviceOfferingDao.findById(existingOfferingId);
             Pair<Long, Long> previousNodesCapacity = calculateNodesCapacity(previousOffering, nodeCount);
             if (WORKER == nodeType) {
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 2a12d64c0c00..70cd06a20dd3 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -285,11 +285,11 @@
         </a-form-item>
         <a-form-item v-if="form.advancedmode" name="etcdnodes" ref="etcdnodes">
           <template #label>
-            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes')" :tooltip="apiParams.controlnodes.description"/>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes')" :tooltip="apiParams.etcdnodes.description"/>
           </template>
           <a-input
             v-model:value="form.etcdnodes"
-            :placeholder="apiParams.controlnodes.description"/>
+            :placeholder="apiParams.etcdnodes.description"/>
         </a-form-item>
         <a-form-item v-if="form.advancedmode && form.etcdnodes && form.etcdnodes > 0" name="etcdofferingid" ref="etcdofferingid">
           <template #label>

From b09b75a0e1cebf1f3788741e0db08f1c36e41b5e Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Tue, 17 Jun 2025 13:37:38 -0300
Subject: [PATCH 88/88] Update node offering entry if there was an existing
 offering but a global service offering has been provided on scale

---
 .../KubernetesClusterScaleWorker.java         | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 00329ad1bb95..bfc553f6afa9 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -532,8 +532,8 @@ public boolean scaleCluster() throws CloudRuntimeException {
         }
         scaleTimeoutTime = System.currentTimeMillis() + KubernetesClusterService.KubernetesClusterScaleTimeout.value() * 1000;
         final long originalClusterSize = kubernetesCluster.getNodeCount();
-        boolean hasDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
-        if (hasDefaultOffering) {
+        boolean scaleClusterDefaultOffering = serviceOfferingNodeTypeMap.containsKey(DEFAULT.name());
+        if (scaleClusterDefaultOffering) {
             final ServiceOffering existingServiceOffering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
             final ServiceOffering existingControlOffering = serviceOfferingDao.findById(kubernetesCluster.getControlNodeServiceOfferingId());
             final ServiceOffering existingWorkerOffering = serviceOfferingDao.findById(kubernetesCluster.getWorkerNodeServiceOfferingId());
@@ -548,14 +548,17 @@ public boolean scaleCluster() throws CloudRuntimeException {
         for (KubernetesClusterNodeType nodeType : Arrays.asList(CONTROL, ETCD, WORKER)) {
             boolean isWorkerNodeOrAllNodes = WORKER == nodeType;
             final long newVMRequired = (!isWorkerNodeOrAllNodes || clusterSize == null) ? 0 : clusterSize - originalClusterSize;
-            if (!hasDefaultOffering && !serviceOfferingNodeTypeMap.containsKey(nodeType.name()) && newVMRequired == 0) {
+            if (!scaleClusterDefaultOffering && !serviceOfferingNodeTypeMap.containsKey(nodeType.name()) && newVMRequired == 0) {
                 continue;
             }
 
+            Long existingNodeTypeOfferingId = getKubernetesClusterNodeTypeOfferingId(kubernetesCluster, nodeType);
+            boolean clusterHasExistingOfferingForNodeType = existingNodeTypeOfferingId != null;
             boolean serviceOfferingScalingNeeded = isServiceOfferingScalingNeededForNodeType(nodeType, serviceOfferingNodeTypeMap, kubernetesCluster);
             ServiceOffering serviceOffering = serviceOfferingNodeTypeMap.getOrDefault(nodeType.name(), defaultServiceOffering);
-            boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name());
-            boolean updateClusterOffering = isWorkerNodeOrAllNodes && hasDefaultOffering;
+            boolean updateNodeOffering = serviceOfferingNodeTypeMap.containsKey(nodeType.name()) ||
+                    scaleClusterDefaultOffering && clusterHasExistingOfferingForNodeType;
+            boolean updateClusterOffering = isWorkerNodeOrAllNodes && scaleClusterDefaultOffering;
             if (isWorkerNodeOrAllNodes && autoscalingChanged) {
                 boolean autoScaled = autoscaleCluster(this.isAutoscalingEnabled, minSize, maxSize);
                 if (autoScaled && serviceOfferingScalingNeeded) {
@@ -584,6 +587,17 @@ public boolean scaleCluster() throws CloudRuntimeException {
         return true;
     }
 
+    private Long getKubernetesClusterNodeTypeOfferingId(KubernetesCluster kubernetesCluster, KubernetesClusterNodeType nodeType) {
+        if (nodeType == WORKER) {
+            return kubernetesCluster.getWorkerNodeServiceOfferingId();
+        } else if (nodeType == ETCD) {
+            return kubernetesCluster.getEtcdNodeServiceOfferingId();
+        } else if (nodeType == CONTROL) {
+            return kubernetesCluster.getControlNodeServiceOfferingId();
+        }
+        return null;
+    }
+
     protected boolean isServiceOfferingScalingNeededForNodeType(KubernetesClusterNodeType nodeType,
                                                                 Map<String, ServiceOffering> map, KubernetesCluster kubernetesCluster) {
         // DEFAULT node type means only the global service offering has been set for the Kubernetes cluster