Provide existing ssh public key in brownfield scenarios

[cveld]

In brownfield scenarios there is already a kubernetes cluster with a configured ssh public key. As it is not possible to import the resource tls_private_key we must look for an alternative to bring an existing public key into play.

Suggestion is to specify a key vault reference and use a data resource.

E.g.

data "azurerm_key_vault_secret" "tls_public_key_secret" {
  for_each = var.cluster.profile == "linux" && var.ssh_public_key_provided ? { "default" = {} } : {}

  name         = var.ssh_public_key_keyvault_secret_name
  key_vault_id = var.keyvault
}

dynamic "linux_profile" {
    for_each = var.cluster.profile == "linux" ? { "default" = {} } : {}

    content {
      admin_username = try(var.cluster.linux_admin_username, "nodeadmin")
      ssh_key {
        key_data = var.ssh_public_key_provided ? trim(data.azurerm_key_vault_secret.tls_public_key_secret["default"].value, "\n") : azurerm_key_vault_secret.tls_public_key_secret[linux_profile.key].value
      }
    }
  }

[eddy-vera]

Check VM Module, as this is already in place there, with a bring your own SSH key.