Set protect-kernel-defaults on v2 clusters

[a-blender]

Issue: https://github.com/rancher/terraform-provider-rancher2/issues/1243

Problem

When going to Cluster Management and clicking Edit Config on a cluster, the page crashes and displays a "Loading ..." text but ends up with the following message: Cannot read properties of undefined (reading 'length'). This happens if a MachineSelectorConfig config is set as null.

Solution

Rancher sets protect-kernel-defaults false by default under the hood for rke2/k3s clusters but it is not exposed in the UI. My solution is for the TF rancher2 provider to set this field for any empty MachineSelectorConfig config so tf doesn't remove it every time to reconcile the state.

Testing

Confirmed removing protect-kernel-defaults: false and setting config: null causes the page to crash. Adding the field back in fixes it. Prov an rke2 cluster on EC2 with the fix resolves the bug. Adding the same MachineSelectorConfig via the UI that @Josh-Diamond did during our debug session and then running a terraform refresh to refresh the state causes the following to be set,

machineSelectorConfig:
      - config:
          protect-kernel-defaults: true
      - config:
          kubelet-arg:
            - cloud-provider=external
        machineLabelSelector:
          matchExpressions: []
          matchLabels:
            key: value

which is correct.

Engineering Testing

Manual Testing

Automated Testing

QA Testing Considerations

Regressions Considerations

[a-blender]

DNM waiting on QA testing before merging this forward port to 2.8

[a-blender]

@HarrisonWAffel Tested that on upgrade from a previous tf version to this one, a hardened RKE2 cluster with existing protect-kernel-defaults: true is not overwritten.