OpenNebula · rsmontero · May 7, 2024 · May 7, 2024
diff --git a/appliances/OneKE/helpers.rb b/appliances/OneKE/helpers.rb
@@ -4,6 +4,7 @@
 require 'fileutils'
 require 'json'
 require 'net/http'
+require 'resolv'
 require 'tempfile'
 require 'uri'
 require 'yaml'
@@ -166,3 +167,39 @@ def http_status_200?(url,
 rescue Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ETIMEDOUT, Net::OpenTimeout
     false
 end
+
+def resolv_kubeconfig(kubeconfig: KUBECONFIG)
+    kubeconfig = [kubeconfig].flatten.find { |path| !path.nil? && File.exist?(path) }
+
+    return if kubeconfig.nil?
+
+    document = YAML.safe_load File.read(kubeconfig)
+
+    cluster = document.dig 'clusters', 0, 'cluster'
+
+    return if cluster.nil?
+
+    cp = URI.parse "https://#{ONEAPP_K8S_CONTROL_PLANE_EP}"
+
+    port = (cp.port || ONEAPP_VNF_HAPROXY_LB1_PORT).to_i
+
+    fallback_addr = if ONEAPP_VROUTER_ETH0_VIP0.nil? || ONEAPP_VROUTER_ETH0_VIP0.empty?
+        '127.0.0.1'
+    else
+        ONEAPP_VROUTER_ETH0_VIP0
+    end
+
+    addr = if cp.host.nil? || cp.host.empty?
+        fallback_addr
+    else
+        begin
+            Resolv.getaddress cp.host
+        rescue ResolvError
+            fallback_addr
+        end
+    end
+
+    cluster['server'] = "https://#{addr}:#{port}"
+
+    return YAML.dump document
+end
diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb
@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'base64'
 require 'securerandom'
 require 'uri'
 require 'yaml'
@@ -212,6 +213,12 @@ def init_master
 
     wait_for_control_plane
     wait_for_kubelets
+
+    # Please make sure you add VM_ENCRYPTED_ATTR="ONEKE_KUBECONFIG" to /etc/one/oned.conf.
+    unless (kubeconfig = resolv_kubeconfig).nil?
+        encoded = Base64.strict_encode64 kubeconfig
+        onegate_vm_update ["ONEKE_KUBECONFIG=#{encoded}"]
+    end
 end
 
 def join_master(token, retries = RETRIES, seconds = SECONDS)
@@ -270,6 +277,12 @@ def join_master(token, retries = RETRIES, seconds = SECONDS)
 
     wait_for_control_plane
     wait_for_kubelets
+
+    # Please make sure you add VM_ENCRYPTED_ATTR="ONEKE_KUBECONFIG" to /etc/one/oned.conf.
+    unless (kubeconfig = resolv_kubeconfig).nil?
+        encoded = Base64.strict_encode64 kubeconfig
+        onegate_vm_update ["ONEKE_KUBECONFIG=#{encoded}"]
+    end
 end
 
 def join_worker(token)