Add server-side apply support to the kube module (plugins/module/kube.py) for large CRDs (ArgoCD 3.3+) #13084
Description
What would you like to be added
Support for kubectl apply --server-side --force-conflicts in the custom kube module (plugins/module/kube.py), either as a new state value (e.g. state: latest_server_side) or as additional boolean parameters (e.g. server_side: true).
Currently, state: latest generates kubectl apply --force, which uses client-side apply. This stores the full manifest in the kubectl.io/last-applied-configuration annotation, which is limited to 262144 bytes. ArgoCD 3.3+ ships CRDs (specifically applicationsets.argoproj.io) that exceed this limit, making installation fail with:
The CustomResourceDefinition "applicationsets.argoproj.io" is invalid: metadata.annotations: Too long: may not be more than 262144 bytes
Server-side apply avoids this limitation entirely because it uses a different field management mechanism and does not rely on the last-applied-configuration annotation.
This change would directly benefit the ArgoCD role (roles/kubernetes-apps/argocd/), but could also be useful for any other addon shipping large CRDs in the future.
Why is this needed
PR #12941 updates the ArgoCD default version to 3.2.6, which is the last version that works without server-side apply. Once 3.2.x reaches EOL, Kubespray will be unable to upgrade ArgoCD any further without this capability, effectively forcing deprecation (as proposed in #12736).
ArgoCD upstream already documents --server-side --force-conflicts as the recommended installation method due to CRD size limitations. This is not a temporary issue — CRDs tend to grow over time, so the problem will likely affect other addons eventually.
Without this change, users who rely on Kubespray's ArgoCD addon will be stuck on an EOL version or forced to manage ArgoCD installation outside of Kubespray entirely.