Show SSH keys with ssh-ed25519 instead of sha-rsa in docs
* For Fedora CoreOS, users should not be using sha-rsa public keys anymore, so make sure the docs examples reflect this * https://github.com/poseidon/typhoon/issues/915
This commit is contained in:
parent
cbef202eec
commit
61ee01f462
|
@ -67,7 +67,7 @@ module "yavin" {
|
||||||
dns_zone_name = "example-zone"
|
dns_zone_name = "example-zone"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
worker_count = 2
|
worker_count = 2
|
||||||
|
|
|
@ -29,7 +29,7 @@ module "gravitas" {
|
||||||
dns_zone_id = "Z3PAABBCFAKEC0"
|
dns_zone_id = "Z3PAABBCFAKEC0"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
arch = "arm64"
|
arch = "arm64"
|
||||||
|
@ -68,7 +68,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo
|
||||||
dns_zone_id = "Z3PAABBCFAKEC0"
|
dns_zone_id = "Z3PAABBCFAKEC0"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
networking = "cilium"
|
networking = "cilium"
|
||||||
|
|
|
@ -82,7 +82,7 @@ The AWS internal `workers` module supports a number of [variables](https://githu
|
||||||
| subnet_ids | Must be set to `subnet_ids` output by cluster | module.cluster.subnet_ids |
|
| subnet_ids | Must be set to `subnet_ids` output by cluster | module.cluster.subnet_ids |
|
||||||
| security_groups | Must be set to `worker_security_groups` output by cluster | module.cluster.worker_security_groups |
|
| security_groups | Must be set to `worker_security_groups` output by cluster | module.cluster.worker_security_groups |
|
||||||
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
#### Optional
|
#### Optional
|
||||||
|
|
||||||
|
@ -182,7 +182,7 @@ The Azure internal `workers` module supports a number of [variables](https://git
|
||||||
| security_group_id | Must be set to `security_group_id` output by cluster | module.cluster.security_group_id |
|
| security_group_id | Must be set to `security_group_id` output by cluster | module.cluster.security_group_id |
|
||||||
| backend_address_pool_id | Must be set to `backend_address_pool_id` output by cluster | module.cluster.backend_address_pool_id |
|
| backend_address_pool_id | Must be set to `backend_address_pool_id` output by cluster | module.cluster.backend_address_pool_id |
|
||||||
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
#### Optional
|
#### Optional
|
||||||
|
|
||||||
|
@ -283,7 +283,7 @@ The Google Cloud internal `workers` module supports a number of [variables](http
|
||||||
| network | Must be set to `network_name` output by cluster | module.cluster.network_name |
|
| network | Must be set to `network_name` output by cluster | module.cluster.network_name |
|
||||||
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig |
|
||||||
| os_image | Container Linux image for compute instances | "uploaded-flatcar-image" |
|
| os_image | Container Linux image for compute instances | "uploaded-flatcar-image" |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
Check the list of regions [docs](https://cloud.google.com/compute/docs/regions-zones/regions-zones) or with `gcloud compute regions list`.
|
Check the list of regions [docs](https://cloud.google.com/compute/docs/regions-zones/regions-zones) or with `gcloud compute regions list`.
|
||||||
|
|
||||||
|
|
|
@ -80,7 +80,7 @@ module "tempest" {
|
||||||
dns_zone_id = "Z3PAABBCFAKEC0"
|
dns_zone_id = "Z3PAABBCFAKEC0"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
worker_count = 2
|
worker_count = 2
|
||||||
|
@ -95,7 +95,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github.
|
||||||
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-add ~/.ssh/id_rsa
|
ssh-add ~/.ssh/id_ed25519
|
||||||
ssh-add -L
|
ssh-add -L
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -183,7 +183,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/aws/fed
|
||||||
| cluster_name | Unique cluster name (prepended to dns_zone) | "tempest" |
|
| cluster_name | Unique cluster name (prepended to dns_zone) | "tempest" |
|
||||||
| dns_zone | AWS Route53 DNS zone | "aws.example.com" |
|
| dns_zone | AWS Route53 DNS zone | "aws.example.com" |
|
||||||
| dns_zone_id | AWS Route53 DNS zone id | "Z3PAABBCFAKEC0" |
|
| dns_zone_id | AWS Route53 DNS zone id | "Z3PAABBCFAKEC0" |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
#### DNS Zone
|
#### DNS Zone
|
||||||
|
|
||||||
|
|
|
@ -96,7 +96,7 @@ module "ramius" {
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-31.20200323.3.2"
|
os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-31.20200323.3.2"
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
worker_count = 2
|
worker_count = 2
|
||||||
|
@ -111,7 +111,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github.
|
||||||
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-add ~/.ssh/id_rsa
|
ssh-add ~/.ssh/id_ed25519
|
||||||
ssh-add -L
|
ssh-add -L
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -201,7 +201,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/azure/f
|
||||||
| dns_zone | Azure DNS zone | "azure.example.com" |
|
| dns_zone | Azure DNS zone | "azure.example.com" |
|
||||||
| dns_zone_group | Resource group where the Azure DNS zone resides | "global" |
|
| dns_zone_group | Resource group where the Azure DNS zone resides | "global" |
|
||||||
| os_image | Fedora CoreOS image for instances | "/subscriptions/..../custom-image" |
|
| os_image | Fedora CoreOS image for instances | "/subscriptions/..../custom-image" |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
!!! tip
|
!!! tip
|
||||||
Regions are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`.
|
Regions are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`.
|
||||||
|
|
|
@ -164,7 +164,7 @@ module "mercury" {
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
k8s_domain_name = "node1.example.com"
|
k8s_domain_name = "node1.example.com"
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# machines
|
# machines
|
||||||
controllers = [{
|
controllers = [{
|
||||||
|
@ -194,7 +194,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github.
|
||||||
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-add ~/.ssh/id_rsa
|
ssh-add ~/.ssh/id_ed25519
|
||||||
ssh-add -L
|
ssh-add -L
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -323,7 +323,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
|
||||||
| os_stream | Fedora CoreOS release stream | "stable" |
|
| os_stream | Fedora CoreOS release stream | "stable" |
|
||||||
| os_version | Fedora CoreOS version to PXE and install | "32.20201104.3.0" |
|
| os_version | Fedora CoreOS version to PXE and install | "32.20201104.3.0" |
|
||||||
| k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" |
|
| k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3Nz..." |
|
||||||
| controllers | List of controller machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node1", mac="52:54:00:a1:9c:ae", domain="node1.example.com"}]` |
|
| controllers | List of controller machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node1", mac="52:54:00:a1:9c:ae", domain="node1.example.com"}]` |
|
||||||
| workers | List of worker machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node2", mac="52:54:00:b2:2f:86", domain="node2.example.com"}, {name="node3", mac="52:54:00:c3:61:77", domain="node3.example.com"}]` |
|
| workers | List of worker machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node2", mac="52:54:00:b2:2f:86", domain="node2.example.com"}, {name="node3", mac="52:54:00:c3:61:77", domain="node3.example.com"}]` |
|
||||||
|
|
||||||
|
|
|
@ -104,7 +104,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github.
|
||||||
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-add ~/.ssh/id_rsa
|
ssh-add ~/.ssh/id_ed25519
|
||||||
ssh-add -L
|
ssh-add -L
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -214,7 +214,7 @@ resource "digitalocean_domain" "zone-for-clusters" {
|
||||||
|
|
||||||
#### SSH Fingerprints
|
#### SSH Fingerprints
|
||||||
|
|
||||||
DigitalOcean droplets are created with your SSH public key "fingerprint" (i.e. MD5 hash) to allow access. If your SSH public key is at `~/.ssh/id_rsa`, find the fingerprint with,
|
DigitalOcean droplets are created with your SSH public key "fingerprint" (i.e. MD5 hash) to allow access. If your SSH public key is at `~/.ssh/id_ed25519.pub`, find the fingerprint with,
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub | awk '{print $2}'
|
ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub | awk '{print $2}'
|
||||||
|
|
|
@ -82,7 +82,7 @@ module "yavin" {
|
||||||
dns_zone_name = "example-zone"
|
dns_zone_name = "example-zone"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
worker_count = 2
|
worker_count = 2
|
||||||
|
@ -96,7 +96,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github.
|
||||||
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-add ~/.ssh/id_rsa
|
ssh-add ~/.ssh/id_ed25519
|
||||||
ssh-add -L
|
ssh-add -L
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -186,7 +186,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/google-
|
||||||
| region | Google Cloud region | "us-central1" |
|
| region | Google Cloud region | "us-central1" |
|
||||||
| dns_zone | Google Cloud DNS zone | "google-cloud.example.com" |
|
| dns_zone | Google Cloud DNS zone | "google-cloud.example.com" |
|
||||||
| dns_zone_name | Google Cloud DNS zone name | "example-zone" |
|
| dns_zone_name | Google Cloud DNS zone name | "example-zone" |
|
||||||
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." |
|
| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." |
|
||||||
|
|
||||||
Check the list of valid [regions](https://cloud.google.com/compute/docs/regions-zones/regions-zones) and list Fedora CoreOS [images](https://cloud.google.com/compute/docs/images) with `gcloud compute images list | grep fedora-coreos`.
|
Check the list of valid [regions](https://cloud.google.com/compute/docs/regions-zones/regions-zones) and list Fedora CoreOS [images](https://cloud.google.com/compute/docs/images) with `gcloud compute images list | grep fedora-coreos`.
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ module "yavin" {
|
||||||
dns_zone_name = "example-zone"
|
dns_zone_name = "example-zone"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
|
ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..."
|
||||||
|
|
||||||
# optional
|
# optional
|
||||||
worker_count = 2
|
worker_count = 2
|
||||||
|
|
Loading…
Reference in New Issue