Workaround to allow use of ed25519 keys on Azure

* Allow passing a dummy RSA key to Azure to satisfy its obtuse requirements (recommend deleting the corresponding private key) * Then `ssh_authorized_key` can be used to provide Fedora CoreOS or Flatcar Linux with a modern ed25519 public key to set in the authorized_keys via Ignition
2025-07-29 22:01:35 +02:00 · 2023-09-17 23:21:42 +02:00
parent 8cbcaa5fc6
commit 0ce8dfbb95
11 changed files with 56 additions and 4 deletions
--- a/azure/flatcar-linux/kubernetes/workers/variables.tf
+++ b/azure/flatcar-linux/kubernetes/workers/variables.tf
@ -79,6 +79,12 @@ variable "ssh_authorized_key" {
  description = "SSH public key for user 'core'"
 }

+variable "azure_authorized_key" {
+  type        = string
+  description = "Optionally, pass a dummy RSA key to satisfy Azure validations (then use an ed25519 key set above)"
+  default     = ""
+}
+
 variable "service_cidr" {
  type        = string
  description = <<EOD
--- a/azure/flatcar-linux/kubernetes/workers/workers.tf
+++ b/azure/flatcar-linux/kubernetes/workers/workers.tf
@ -3,6 +3,8 @@ locals {
  channel      = split("-", var.os_image)[1]
  offer_suffix = var.arch == "arm64" ? "corevm" : "free"
  urn          = var.arch == "arm64" ? local.channel : "${local.channel}-gen2"
+
+  azure_authorized_key = var.azure_authorized_key == "" ? var.ssh_authorized_key : var.azure_authorized_key
 }

 # Workers scale set
@ -48,7 +50,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" {
  admin_username = "core"
  admin_ssh_key {
    username   = "core"
-    public_key = var.ssh_authorized_key
+    public_key = local.azure_authorized_key
  }

  # network