search

Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.95k stars 305 forks source link

Unable to deploy AKS cluster with ed25519 SSH key #1172

Closed maxkochubey closed 4 years ago

maxkochubey commented 5 years ago

What happened: I tried to deploy AKS cluster with terraform (using recent azurerm provider) and specified SSH ed25519 public key. Got error: Error: Error creating/updating Managed Kubernetes Cluster "aks-test" (Resource Group "aks-test-rg"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameter" Message="The value of parameter linuxProfile.ssh.publicKeys.keyData is invalid. Please see https://aka.ms/aks-naming-rules for more details." Target="linuxProfile.ssh.publicKeys.keyData"

With newly generated 4096-bit RSA-key everything is fine. Obvious that it isn't terraform provider issue, because error was received from Azure API.

What you expected to happen: Working Kubernetes cluster with provided public SSH key, deployed to admin user profile on agent nodes.

How to reproduce it (as minimally and precisely as possible): I guess, to generate an ed25519 SSH key and provide it on AKS cluster setup.

resource "azurerm_kubernetes_cluster" "aks" {
  name                = var.cluster_name
  location            = var.location
  resource_group_name = var.resource_group
  node_resource_group = "${var.resource_group}-k8s"
  dns_prefix          = var.dns_prefix
  kubernetes_version  = var.k8s_version

  linux_profile {
    admin_username = var.ssh_user
    ssh_key {
      key_data = file(var.path_to_ssh_public_key) # <--- provided public SSH key
    }
  }

# .... SKIPPED .....

}

Environment:

github-actions[bot] commented 4 years ago

Action required from @Azure/aks-pm

ghost commented 4 years ago

Action required from @Azure/aks-pm

TomGeske commented 4 years ago

@maxkochubey: can you verify with latest Terraform Azurerm provider?

maxkochubey commented 4 years ago

Hi @TomGeske, I tried to deploy AKS cluster with

and got the following error:

module.aks_cluster.azurerm_kubernetes_cluster.aks: Creating...

Error: creating Managed Kubernetes Cluster "aks-dev01" (Resource Group "aks-dev01"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameter" Message="The value of parameter linuxProfile.ssh.publicKeys.keyData is invalid. Please see https://aka.ms/aks-naming-rules for more details." Target="linuxProfile.ssh.publicKeys.keyData"

  on ../../../../modules/azure/aks_cluster/main.tf line 54, in resource "azurerm_kubernetes_cluster" "aks":
  54: resource "azurerm_kubernetes_cluster" "aks" {
Used Terraform code ``` resource "azurerm_kubernetes_cluster" "aks" { name = var.cluster_name location = var.location resource_group_name = var.resource_group node_resource_group = "${var.resource_group}-k8s" kubernetes_version = var.k8s_version private_cluster_enabled = false enable_pod_security_policy = false dns_prefix = var.aks_dns_prefix linux_profile { admin_username = var.ssh_user ssh_key { key_data = var.ssh_public_key } } lifecycle { ignore_changes = [ default_node_pool[0].node_count ] } default_node_pool { name = "main" vm_size = lookup(local.default_node_pool, "machine_type", local.default_machine_type) os_disk_size_gb = lookup(local.default_node_pool, "disk_size_gb", local.default_disk_size_gb) vnet_subnet_id = var.aks_subnet_id type = "VirtualMachineScaleSets" enable_auto_scaling = true enable_node_public_ip = false # In AKS there's no option to create node pool with 0 nodes, minimum is 1 node_count = lookup(local.default_node_pool, "init_node_count", local.default_nodes_count) min_count = lookup(local.default_node_pool, "min_node_count", local.default_nodes_min) max_count = lookup(local.default_node_pool, "max_node_count", local.default_nodes_max) max_pods = lookup(local.default_node_pool, "max_pods", local.default_pods_max) node_taints = [ for taint in lookup(local.default_node_pool, "taints", []) : "${taint.key}=${taint.value}:${taint.effect}" ] node_labels = { env = "development" } tags = var.aks_tags } service_principal { client_id = var.sp_client_id client_secret = var.sp_secret } addon_profile { kube_dashboard { enabled = false } oms_agent { enabled = var.aks_analytics_workspace_id == "" ? false : true log_analytics_workspace_id = var.aks_analytics_workspace_id == "" ? null : var.aks_analytics_workspace_id } } auto_scaler_profile { balance_similar_node_groups = false max_graceful_termination_sec = 600 scale_down_delay_after_add = "10m" scale_down_delay_after_delete = "10s" scale_down_delay_after_failure = "3m" scale_down_unneeded = "10m" scale_down_unready = "20m" scale_down_utilization_threshold = 0.5 scan_interval = "10s" } api_server_authorized_ip_ranges = local.allowed_nets role_based_access_control { enabled = true } network_profile { network_plugin = "azure" network_policy = "calico" load_balancer_sku = "standard" load_balancer_profile { outbound_ip_address_ids = [data.external.egress_ip.result.id] } } tags = var.aks_tags } ``` ``` resource "azurerm_kubernetes_cluster_node_pool" "aks" { for_each = local.additional_node_pools lifecycle { ignore_changes = [ node_count ] } enable_node_public_ip = false kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id # Pool name must start with a lowercase letter, have max length of 12, and only have characters a-z0-9 name = substr(replace(each.key, "/[-_]/", ""), 0, 12) vm_size = lookup(each.value, "machine_type", local.default_machine_type) os_disk_size_gb = lookup(each.value, "disk_size_gb", local.default_disk_size_gb) os_type = "Linux" vnet_subnet_id = var.aks_subnet_id enable_auto_scaling = true priority = local.node_pools_spot_settings[each.key].priority eviction_policy = local.node_pools_spot_settings[each.key].eviction_policy spot_max_price = local.node_pools_spot_settings[each.key].spot_max_price node_count = lookup(each.value, "init_node_count", local.default_nodes_count) min_count = lookup(each.value, "min_node_count", local.default_nodes_min) max_count = lookup(each.value, "max_node_count", local.default_nodes_max) max_pods = lookup(each.value, "max_pods", local.default_pods_max) node_taints = [ for taint in lookup(each.value, "taints", []) : "${taint.key}=${taint.value}:${taint.effect}" ] node_labels = merge( { env = "development" }, { for key, value in lookup(each.value, "labels", {}) : key => value }, local.node_pools_spot_settings[each.key].labels ) tags = var.aks_tags } ```

The var.ssh_public_key is a string variable:

ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lBLABLAE5AAAAIBAF9DSGLefFlLWXppFaj4jk7kIpA7950ynBW3C8FXDz user@host"
ghost commented 4 years ago

Action required from @Azure/aks-pm

TomGeske commented 4 years ago

I just had a look. ED25519 isn't supported by Azure VMs.

/Azure/azure-cli#9780

ghost commented 4 years ago

Thanks for reaching out. I'm closing this issue as it was marked with "Answer Provided" and it hasn't had activity for 2 days.