[release/v1.45] Refactor handling of kubeconfig for kubevirt (#1358)

mfranczy · web-flow · commit 2322ab4e3933 · 2022-07-13T22:19:50.000+02:00
* Refactor handling of kubeconfig for kubevirt

Signed-off-by: Marcin Franczyk &lt;marcin0franczyk@gmail.com&gt;

* fix test KubeVirt MachineDeployment object

change storage class to longhorn and remove
hardcoded KubeVirt registry IP

Signed-off-by: Marcin Franczyk &lt;marcin0franczyk@gmail.com&gt;
diff --git a/pkg/cloudprovider/provider/kubevirt/provider.go b/pkg/cloudprovider/provider/kubevirt/provider.go
@@ -18,6 +18,7 @@ package kubevirt
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"strconv"
@@ -135,9 +136,34 @@ func (p *provider) getConfig(provSpec clusterv1alpha1.ProviderSpec) (*Config, *p
 	}
 
 	config := Config{}
-	config.Kubeconfig, err = p.configVarResolver.GetConfigVarStringValueOrEnv(rawConfig.Kubeconfig, "KUBEVIRT_KUBECONFIG")
+
+	// Kubeconfig was specified directly in the Machine/MachineDeployment CR. In this case we need to ensure that the value is base64 encoded.
+	if rawConfig.Kubeconfig.Value != "" {
+		val, err := base64.StdEncoding.DecodeString(rawConfig.Kubeconfig.Value)
+		if err != nil {
+			// An error here means that this is not a valid base64 string
+			// We can be more explicit here with the error for visibility. Webhook will return this error if we hit this scenario.
+			return nil, nil, fmt.Errorf("failed to decode base64 encoded kubeconfig. Expected value is a base64 encoded Kubeconfig in JSON or YAML format: %w", err)
+		}
+		config.Kubeconfig = string(val)
+	} else {
+		// Environment variable or secret reference was used for providing the value of kubeconfig
+		// We have to be lenient in this case and allow unencoded values as well.
+		config.Kubeconfig, err = p.configVarResolver.GetConfigVarStringValueOrEnv(rawConfig.Kubeconfig, "KUBEVIRT_KUBECONFIG")
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to get value of "kubeconfig" field: %w`, err)
+		}
+		val, err := base64.StdEncoding.DecodeString(config.Kubeconfig)
+		// We intentionally ignore errors here with an assumption that an unencoded YAML or JSON must have been passed on
+		// in this case.
+		if err == nil {
+			config.Kubeconfig = string(val)
+		}
+	}
+
+	config.RestConfig, err = clientcmd.RESTConfigFromKubeConfig([]byte(config.Kubeconfig))
 	if err != nil {
-		return nil, nil, fmt.Errorf(`failed to get value of "kubeconfig" field: %v`, err)
+		return nil, nil, fmt.Errorf("failed to decode kubeconfig: %w", err)
 	}
 	config.CPUs, err = p.configVarResolver.GetConfigVarStringValue(rawConfig.CPUs)
 	if err != nil {
@@ -166,10 +192,6 @@ func (p *provider) getConfig(provSpec clusterv1alpha1.ProviderSpec) (*Config, *p
 	if err != nil {
 		return nil, nil, fmt.Errorf(`failed to get value of "storageClassName" field: %v`, err)
 	}
-	config.RestConfig, err = clientcmd.RESTConfigFromKubeConfig([]byte(config.Kubeconfig))
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to decode kubeconfig: %v", err)
-	}
 
 	dnsPolicyString, err := p.configVarResolver.GetConfigVarStringValue(rawConfig.DNSPolicy)
 	if err != nil {
diff --git a/test/e2e/provisioning/testdata/machinedeployment-kubevirt.yaml b/test/e2e/provisioning/testdata/machinedeployment-kubevirt.yaml
@@ -26,9 +26,9 @@ spec:
             - "<< YOUR_PUBLIC_KEY >>"
           cloudProvider: "kubevirt"
           cloudProviderSpec:
-            storageClassName: local-path
+            storageClassName: longhorn
             pvcSize: "10Gi"
-            sourceURL: http://10.107.208.71/<< OS_NAME >>.img
+            sourceURL: http://image-repo.kube-system.svc.cluster.local/images/<< OS_NAME >>.img
             cpus: "1"
             memory: "4096M"
             dnsPolicy: "None"
