diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml
index 247b3f6374..bd46903bf8 100644
--- a/magnum/templates/configmap-etc.yaml
+++ b/magnum/templates/configmap-etc.yaml
@@ -104,4 +104,7 @@ data:
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
+  {{- if .Values.conf.capi.enabled }}
+  kubeconfig.conf: {{ include "kubeconfig.tpl" . | b64enc }}
+  {{- end }}
 {{- end }}
diff --git a/magnum/templates/deployment-api.yaml b/magnum/templates/deployment-api.yaml
index 85d603b3f0..18b2222dff 100644
--- a/magnum/templates/deployment-api.yaml
+++ b/magnum/templates/deployment-api.yaml
@@ -111,6 +111,12 @@ spec:
               mountPath: /etc/magnum/policy.yaml
               subPath: policy.yaml
               readOnly: true
+            {{- if .Values.conf.capi.enabled }}
+            - name: magnum-etc
+              mountPath: /etc/magnum/kubeconfig.conf
+              subPath: kubeconfig.conf
+              readOnly: true
+            {{- end }}
             - name: magnum-lock-path
               mountPath: {{ .Values.conf.magnum.oslo_concurrency.lock_path }}
 {{ if $mounts_magnum_api.volumeMounts }}{{ toYaml $mounts_magnum_api.volumeMounts | indent 12 }}{{ end }}
diff --git a/magnum/templates/kubeconfig.tpl b/magnum/templates/kubeconfig.tpl
new file mode 100644
index 0000000000..57a8b74e5b
--- /dev/null
+++ b/magnum/templates/kubeconfig.tpl
@@ -0,0 +1,20 @@
+{{- define "kubeconfig.tpl" }}
+apiVersion: v1
+kind: Config
+clusters:
+- name: {{ .Values.conf.capi.clusterName }}
+  cluster:
+    server: {{ .Values.conf.capi.apiServer }}
+    certificate-authority-data: {{ .Values.conf.capi.certificateAuthorityData | quote }}
+contexts:
+- name: {{ .Values.conf.capi.contextName }}
+  context:
+    cluster: {{ .Values.conf.capi.clusterName }}
+    user: {{ .Values.conf.capi.userName }}
+current-context: {{ .Values.conf.capi.contextName }}
+users:
+- name: {{ .Values.conf.capi.userName }}
+  user:
+    client-certificate-data: {{ .Values.conf.capi.clientCertificateData | quote }}
+    client-key-data: {{ .Values.conf.capi.clientKeyData | quote }}
+{{- end }}
diff --git a/magnum/templates/statefulset-conductor.yaml b/magnum/templates/statefulset-conductor.yaml
index 44d8b0273b..fc368e082a 100644
--- a/magnum/templates/statefulset-conductor.yaml
+++ b/magnum/templates/statefulset-conductor.yaml
@@ -100,6 +100,12 @@ spec:
               subPath: {{ base .Values.conf.magnum.DEFAULT.log_config_append }}
               readOnly: true
             {{- end }}
+            {{- if .Values.conf.capi.enabled }}
+            - name: magnum-etc
+              mountPath: /etc/magnum/kubeconfig.conf
+              subPath: kubeconfig.conf
+              readOnly: true
+            {{- end }}
             - name: magnum-etc
               mountPath: /etc/magnum/policy.yaml
               subPath: policy.yaml
diff --git a/magnum/values.yaml b/magnum/values.yaml
index 426ae04486..252aef4de8 100644
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@@ -51,6 +51,15 @@ images:
       - image_repo_sync
 
 conf:
+  capi:
+    enabled: false
+    clusterName: cluster.local
+    apiServer: https://localhost:6443
+    certificateAuthorityData: null
+    contextName: default
+    userName: clusterUse
+    clientCertificateData: null
+    clientKeyData: null
   paste:
     pipeline:main:
       pipeline: cors healthcheck request_id authtoken api_v1
@@ -75,6 +84,8 @@ conf:
       transport_url: null
     cluster:
       temp_cache_dir: /var/lib/magnum/certificate-cache
+    capi-helm:
+      kubeconfig_file: /etc/magnum/kubeconfig.conf
     oslo_messaging_notifications:
       driver: messaging
     oslo_concurrency: