diff --git a/pkg/validations/createvalidations/createvalidations.go b/pkg/validations/createvalidations/createvalidations.go
index a42049530fdc4..61489db582b8a 100644
--- a/pkg/validations/createvalidations/createvalidations.go
+++ b/pkg/validations/createvalidations/createvalidations.go
@@ -7,6 +7,7 @@ import (
 // SkippableValidations represents all the validations we offer for users to skip.
 var SkippableValidations = []string{
 	validations.VSphereUserPriv,
+	validations.APIServerExtraArgs,
 }
 
 func New(opts *validations.Opts) *CreateValidations {
diff --git a/pkg/validations/createvalidations/preflightvalidations.go b/pkg/validations/createvalidations/preflightvalidations.go
index 76fa21e31a6ca..660fa43b71a34 100644
--- a/pkg/validations/createvalidations/preflightvalidations.go
+++ b/pkg/validations/createvalidations/preflightvalidations.go
@@ -107,5 +107,16 @@ func (v *CreateValidations) PreflightValidations(ctx context.Context) []validati
 		)
 	}
 
+	if !v.Opts.SkippedValidations[validations.APIServerExtraArgs] {
+		createValidations = append(
+			createValidations,
+			func() *validations.ValidationResult {
+				return &validations.ValidationResult{
+					Name:        "validate api server extra args",
+					Remediation: "ensure apiServerExtraArgs have only supported flags (service-account-issuer, service-account-jwks-uri)",
+					Err:         validations.ValidateAPIServerExtraArgs(v.Opts.Spec),
+				}
+			})
+	}
 	return createValidations
 }
diff --git a/pkg/validations/skipvalidations.go b/pkg/validations/skipvalidations.go
index 268b372ab9180..241554c373e6f 100644
--- a/pkg/validations/skipvalidations.go
+++ b/pkg/validations/skipvalidations.go
@@ -7,9 +7,10 @@ import (
 
 // string values of supported validation names that can be skipped.
 const (
-	PDB             = "pod-disruption"
-	VSphereUserPriv = "vsphere-user-privilege"
-	EksaVersionSkew = "eksa-version-skew"
+	PDB                = "pod-disruption"
+	VSphereUserPriv    = "vsphere-user-privilege"
+	EksaVersionSkew    = "eksa-version-skew"
+	APIServerExtraArgs = "api-server-extra-args"
 )
 
 // ValidSkippableValidationsMap returns a map for all valid skippable validations as keys, defaulting values to false.
diff --git a/pkg/validations/skipvalidations_test.go b/pkg/validations/skipvalidations_test.go
index 0fff9b0f46935..fd05186a8ada8 100644
--- a/pkg/validations/skipvalidations_test.go
+++ b/pkg/validations/skipvalidations_test.go
@@ -29,9 +29,10 @@ func TestValidateSkippableValidation(t *testing.T) {
 		{
 			name: "valid upgrade validation param",
 			want: map[string]bool{
-				validations.PDB:             true,
-				validations.VSphereUserPriv: false,
-				validations.EksaVersionSkew: false,
+				validations.PDB:                true,
+				validations.VSphereUserPriv:    false,
+				validations.EksaVersionSkew:    false,
+				validations.APIServerExtraArgs: false,
 			},
 			wantErr:              nil,
 			skippedValidations:   []string{validations.PDB},
@@ -40,7 +41,8 @@ func TestValidateSkippableValidation(t *testing.T) {
 		{
 			name: "valid create validation param",
 			want: map[string]bool{
-				validations.VSphereUserPriv: true,
+				validations.VSphereUserPriv:    true,
+				validations.APIServerExtraArgs: false,
 			},
 			wantErr:              nil,
 			skippedValidations:   []string{validations.VSphereUserPriv},
diff --git a/pkg/validations/upgradevalidations/preflightvalidations.go b/pkg/validations/upgradevalidations/preflightvalidations.go
index 650bd9f941e26..55aebfb457670 100644
--- a/pkg/validations/upgradevalidations/preflightvalidations.go
+++ b/pkg/validations/upgradevalidations/preflightvalidations.go
@@ -166,6 +166,17 @@ func (u *UpgradeValidations) PreflightValidations(ctx context.Context) []validat
 				}
 			})
 	}
+	if !u.Opts.SkippedValidations[validations.APIServerExtraArgs] {
+		upgradeValidations = append(
+			upgradeValidations,
+			func() *validations.ValidationResult {
+				return &validations.ValidationResult{
+					Name:        "validate api server extra args",
+					Remediation: "ensure apiServerExtraArgs have only supported flags (service-account-issuer, service-account-jwks-uri)",
+					Err:         validations.ValidateAPIServerExtraArgs(u.Opts.Spec),
+				}
+			})
+	}
 	return upgradeValidations
 }
 
diff --git a/pkg/validations/upgradevalidations/upgradevalidations.go b/pkg/validations/upgradevalidations/upgradevalidations.go
index 1490743507094..ab68e35da3862 100644
--- a/pkg/validations/upgradevalidations/upgradevalidations.go
+++ b/pkg/validations/upgradevalidations/upgradevalidations.go
@@ -9,6 +9,7 @@ var SkippableValidations = []string{
 	validations.PDB,
 	validations.VSphereUserPriv,
 	validations.EksaVersionSkew,
+	validations.APIServerExtraArgs,
 }
 
 func New(opts *validations.Opts) *UpgradeValidations {