Comments (9)
alvaroaleman
commented on July 17, 2024
Thinking about this some more, I dislike that idea. We should instead remove this whole ssh key deployment functionality everywhere where it is not absolutely required (AWS) and let users pass in their ssh key via the machineSpec if they so chose.
Allowing to pass a ssh key via flag is just an incentive to not put the key in the place it belongs, the machineSpec.
from machine-controller.
mrIncompetent
commented on July 17, 2024
Pro:
- We can get rid of ssh key handling code in all providers - except aws
Cons:
- We would need to extend the key handling code in AWS
- Check if any of the specified ssh keys exists in the account
- If none of the specified keys exists, we would need to create it -> which one and which name to take?
- Different behavior on the different cloud-providers -> bad user-experience
- We would introduce a hard coupling of the
sshPublicKeysproperty and the cloud-provider
from machine-controller.
alvaroaleman
commented on July 17, 2024
No, leave the code for AWS as-is, only remove the handling from the other cloud providers.
from machine-controller.
mrIncompetent
commented on July 17, 2024
So we maintain the initial creation of the ssh-key + secret but we simply ignore it for everyone except AWS?
I'm pretty sure this will create the most confusion - as users now see a secret containing a ssh key secret in their cluster although it'll never get used
from machine-controller.
alvaroaleman
commented on July 17, 2024
I don't think so, the machine-controller itself is cloud-agnostic, it doesn't have a flag --cloud-provider=<my-cloud-provider> thus it has to do everything that any of the supported clouds may need.
We can just add a note in the Readme why this is needed and also add a comment in the code. I find this much less confusing than creating a ssh key for every cloud provider just because AWS needs it.
from machine-controller.
mrIncompetent
commented on July 17, 2024
Need to check if the ssh key is still necessary
from machine-controller.
mrIncompetent
commented on July 17, 2024
Digitalocean requires us to specify an ssh key. Otherwise the api will respond with:
The image for this droplet does not use root passwords, please use an SSH key.
AWS, Openstack & Hetzner don't require a SSH key to be specified.
A just had a new idea:
Why not creating a random ssh key during the Digitalocean droplet creation & after successfully creating the droplet, we delete the key?
from machine-controller.
alvaroaleman
commented on July 17, 2024
That good Sir is an awesome idea.
…On Wed, Feb 28, 2018 at 6:44 PM, Henrik Schmidt ***@***.***> wrote:
Digitalocean requires us to specify an ssh key. Otherwise the api will
respond with:
The image for this droplet does not use root passwords, please use an SSH
key.
AWS, Openstack & Hetzner don't require a SSH key to be specified.
A just had a new idea:
Why not creating a random ssh key during the Digitalocean droplet creation
& after successfully creating the droplet, we delete the key?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#107 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGMfZNIx5spPo6aRivj4_jd8fSWvevsuks5tZZCFgaJpZM4SH-d5>
.
from machine-controller.
mrIncompetent
commented on July 17, 2024
closed in favor of #119
from machine-controller.
Related Issues (20)
- Updating SSH keys on existing Machines HOT 7
- Deterministic way to get private ip of machine HOT 2
- Vultr: Multiple Instances for Single Machine HOT 20
- vSphere: Allow configuration of disk provisioning for VMs HOT 6
- Node not ready due to cloud provider instance network issues HOT 3
- Failing tests for pull-machine-controller-e2e-hetzner HOT 1
- AWS: Support for passing CpuOptions HOT 6
- Support running shell script on Node boot HOT 8
- Can't create MachineDeployment: Post "https://machine-controller-webhook.kube-system.svc:443/machinedeployments?timeout=10s": context deadline exceeded HOT 1
- Stale token in cloud-init-settings/kube-system-hetzner-kubelet-bootstrap-config HOT 4
- KubeVirt GenerateRandMAC HOT 4
- Tags does not appear to work for Equinix provider HOT 4
- Support for networks with disabled port security HOT 4
- Expose metrics for MachineDeployment status HOT 2
- Support enabling cloud drive on OpenStack VMs HOT 1
- vSphere machine deployment with anti-affinity keeps recreating nodes
- Too many reconciliation errors/warnings for machine deployment objects HOT 1
- Future API group conflict with upstream CAPI HOT 3
- Remove user-data plugins from machine-controller
- E2E tests for Azure are failing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from machine-controller.