Has anyone tried cluster api with --disable-agent? I think the Control Plane health checks would fail as it looks for ready status rather than /healthz

which cluster api? If whatever it is relies on there being a node for the control-plane, then yes, that would be broken

I used this before with kubeadm - https://cluster-api.sigs.k8s.io/ to vend out bare-metal clusters and while kubeadm was fine the control plane was visible to the customer and we were never truly "managed" I like the k3s --disable agent solution as it's mostly hidden from the customer sort of like the hyperscalers.

kubectl get nodes
NAME           STATUS   ROLES    AGE    VERSION
test-node-01   Ready    <none>   4d8h   v1.33.4+k3s1

k3s should provide a transparent control-plane if you use a single-server setup with --disable-agent, but I’ve never tested it with CAPI. We’re working on something similar for RKE2 as well.

I did the embedded etcd setup for 3 CP. I disabled most things because we have argocd that deploys coredns/cilium cni outside the cluster. The demo cluster seems to be functioning but haven't had time to send heavy load.

write-kubeconfig-mode: "0644"
cluster-init: true
disable-cloud-controller: true
disable-kube-proxy: true
disable-helm-controller: true
disable-network-policy: true
disable-agent: true
etcd-disable-snapshots: true
flannel-backend: "none"
cluster-cidr: "192.168.0.0/16"
egress-selector-mode: "cluster"
tls-san:
  - "<redacted>"
disable:
  - "servicelb"
  - "coredns"
  - "traefik"
  - "local-storage"
  - "metrics-server"
  - "runtimes"
  - "ccm"