From 9d1641ac45d26078ff81075871874087c84aa7d6 Mon Sep 17 00:00:00 2001
From: Simplysoft GmbH <1588210+simplysoft@users.noreply.github.com>
Date: Tue, 13 Aug 2024 10:48:27 +0200
Subject: [PATCH] fix: use absolute path to rke2's kubectl binary

ensures that cluster-etcd secret can be created if host does not have kubectl installed

fixes #403

Signed-off-by: Simplysoft GmbH <1588210+simplysoft@users.noreply.github.com>
---
 bootstrap/internal/cloudinit/controlplane_init.go | 2 +-
 bootstrap/internal/ignition/ignition.go           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/bootstrap/internal/cloudinit/controlplane_init.go b/bootstrap/internal/cloudinit/controlplane_init.go
index efd267fa..b1bebc66 100644
--- a/bootstrap/internal/cloudinit/controlplane_init.go
+++ b/bootstrap/internal/cloudinit/controlplane_init.go
@@ -37,7 +37,7 @@ runcmd:
   - '/opt/rke2-cis-script.sh'{{ end }}
   - 'systemctl enable rke2-server.service'
   - 'systemctl start rke2-server.service'
-  - 'kubectl create secret tls cluster-etcd -o yaml --dry-run=client -n kube-system --cert=/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --key=/var/lib/rancher/rke2/server/tls/etcd/server-ca.key --kubeconfig /etc/rancher/rke2/rke2.yaml | kubectl apply -f- --kubeconfig /etc/rancher/rke2/rke2.yaml'
+  - '/var/lib/rancher/rke2/bin/kubectl create secret tls cluster-etcd -o yaml --dry-run=client -n kube-system --cert=/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --key=/var/lib/rancher/rke2/server/tls/etcd/server-ca.key --kubeconfig /etc/rancher/rke2/rke2.yaml | /var/lib/rancher/rke2/bin/kubectl apply -f- --kubeconfig /etc/rancher/rke2/rke2.yaml'
   - 'mkdir -p /run/cluster-api'
   - '{{ .SentinelFileCommand }}'
 {{- template "commands" .PostRKE2Commands }}
diff --git a/bootstrap/internal/ignition/ignition.go b/bootstrap/internal/ignition/ignition.go
index b151c02e..64996ddc 100644
--- a/bootstrap/internal/ignition/ignition.go
+++ b/bootstrap/internal/ignition/ignition.go
@@ -37,10 +37,10 @@ var (
 		"setenforce 0",
 		"systemctl enable rke2-server.service",
 		"systemctl start rke2-server.service",
-		"kubectl create secret tls cluster-etcd -o yaml --dry-run=client -n kube-system " +
+		"/var/lib/rancher/rke2/bin/kubectl create secret tls cluster-etcd -o yaml --dry-run=client -n kube-system " +
 			"--cert=/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --key=/var/lib/rancher/rke2/server/tls/etcd/server-ca.key " +
 			"--kubeconfig /etc/rancher/rke2/rke2.yaml |" +
-			" kubectl apply -f- --kubeconfig /etc/rancher/rke2/rke2.yaml",
+			" /var/lib/rancher/rke2/bin/kubectl apply -f- --kubeconfig /etc/rancher/rke2/rke2.yaml",
 		"restorecon /etc/systemd/system/rke2-server.service",
 		"mkdir -p /run/cluster-api /etc/cluster-api",
 		"echo success | tee /run/cluster-api/bootstrap-success.complete /etc/cluster-api/bootstrap-success.complete > /dev/null",