Create kubeconfig for each cluster in reconcile function

cmd/clusterctl/examples/openstack/cluster.yaml

@@ -15,4 +15,4 @@ spec:
         kind: "OpenstackProviderSpec"
         tags:
           - a_cluster_wide_tag
-
+        masterIP: <master ip>

config/crds/openstackproviderconfig_v1alpha1_openstackclusterproviderspec.yaml

@@ -83,6 +83,10 @@ spec:
             allows all traffic to/from machines belonging to that group. In the future,
             we could make this more flexible.
           type: boolean
+        masterIP:
+          description: MasterIP is the ip of the master, if there is Loadbalancer,
+            should be LB ip and no LB should be floating ip address
+          type: string
         metadata:
           type: object
         nodeCidr:

config/rbac/rbac_role.yaml

@@ -50,6 +50,7 @@ rules:
   resources:
   - secrets
   verbs:
+  - create
   - get
   - list
   - watch

pkg/apis/openstackproviderconfig/v1alpha1/types.go

@@ -223,6 +223,10 @@ type OpenstackClusterProviderSpec struct {
 
 	// SAKeyPair is the service account key pair.
 	SAKeyPair KeyPair `json:"saKeyPair,omitempty"`
+
+	// MasterIP is the ip of the master, if there is Loadbalancer, should be LB
+	// ip and no LB should be floating ip address
+	MasterIP string `json:"masterIP,omitempty"`
 }
 
 // KeyPair is how operators can supply custom keypairs for kubeadm to use.

pkg/cloud/openstack/cluster/actuator.go

@@ -4,6 +4,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/pkg/errors"
+	apiv1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
@@ -17,6 +20,7 @@ import (
 	"sigs.k8s.io/cluster-api-provider-openstack/pkg/deployer"
 	clusterv1 "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1"
 	clientclusterv1 "sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset/typed/cluster/v1alpha1"
+	"sigs.k8s.io/cluster-api/pkg/controller/remote"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/patch"
 )
@@ -110,6 +114,30 @@ func (a *Actuator) Reconcile(cluster *clusterv1.Cluster) error {
 		return errors.Errorf("failed to reconcile security groups: %v", err)
 	}
 
+	// Store KubeConfig for Cluster API NodeRef controller to use.
+	kubeConfigSecretName := remote.KubeConfigSecretName(cluster.Name)
+	if _, err := a.params.KubeClient.CoreV1().Secrets(cluster.Namespace).Get(kubeConfigSecretName, metav1.GetOptions{}); err != nil && apierrors.IsNotFound(err) {
+		kubeConfig, err := a.Deployer.GetKubeConfig(cluster, nil)
+		if err != nil {
+			return errors.Wrapf(err, "failed to get kubeconfig for cluster %q", cluster.Name)
+		}
+
+		kubeConfigSecret := &apiv1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: kubeConfigSecretName,
+			},
+			StringData: map[string]string{
+				"value": kubeConfig,
+			},
+		}
+
+		if _, err := a.params.KubeClient.CoreV1().Secrets(cluster.Namespace).Create(kubeConfigSecret); err != nil {
+			return errors.Wrapf(err, "failed to create kubeconfig secret for cluster %q", cluster.Name)
+		}
+	} else if err != nil {
+		return errors.Wrapf(err, "failed to get kubeconfig secret for cluster %q", cluster.Name)
+	}
+
 	return nil
 }
 

pkg/deployer/deployer.go

@@ -55,9 +55,18 @@ func (d *Deployer) GetKubeConfig(cluster *clusterv1.Cluster, master *clusterv1.M
 		return "", errors.New("key not found in status")
 	}
 
-	ip, err := d.GetIP(cluster, master)
-	if err != nil {
-		return "", err
+	var ip string
+	if master != nil {
+		ip, err = d.GetIP(cluster, master)
+		if err != nil {
+			return "", err
+		}
+	} else {
+		// This case means no master created yet, we need get from cluster info anyway
+		if len(config.MasterIP) == 0 {
+			return "", errors.New("MasterIP in cluster spec not set")
+		}
+		ip = config.MasterIP
 	}
 
 	server := fmt.Sprintf("https://%s:443", ip)