Updating the `managingsshkey.md` doc

Sayanta66 commented 6 months ago

The goal is to update the current documentation of managingsshkey with proper technical additions from a user POV.

Tasks to be covered:

Tasks I can cover myself:

Without ssh-key, we will not be able to SSH into the machine and the controller will also not be able to do the job. We need a ssh-key to get information from the system.
We should show the user how to generate a secure ssh-key
Tasks I need help from the core technical team:
Show the user how to upload ssh-key using the console and using hcloud CLI as well
Show the user how to reference the uploaded secret in the manifest as a secretRef in HetznerCluster Object. sshKeys: hcloud:
- name: hcloud-kubernetes
Separate out ssh-key docs for baremetal given we only upload ssh-key using robot.hetzner.com and even hcloud CLI is not supported.
For debugging add a note to check if ssh-key name on the hetzner console matches what we have referenced as secret or not.

Scope of the above tasks

Need live demos of the processes that can be recorded instantly or recorded videos of the demos.
Available resources like docs or videos related to the docs that can help with the writing.

Note: Anyone from @kranurag7 @batistein @guettli @janiskemper can help with the above tasks.

guettli commented 5 months ago

@Sayanta66

Show the user how to upload ssh-key using the console and using hcloud CLI as well

There is a long article from hcloud: https://community.hetzner.com/tutorials/howto-ssh-key But I think this article is not well suited for us, since we want to upload it via api. That's not part of the article.

You can upload a ssh-key to hcloud with this script:

#!/bin/bash
set -euo pipefail

HCLOUD_SSH_KEY=my-ssh-key
SSH_PUBLIC_KEY=$HOME/.ssh/id_rsa.pub

if [ -z "$HCLOUD_TOKEN" ]; then
    echo "HCLOUD_TOKEN is required"
fi
SSH_KEY_CONTENT=$(cat $SSH_PUBLIC_KEY)
json=$(
    cat <<EOF
{
    "labels":{}, 
    "name":"$HCLOUD_SSH_KEY", 
    "public_key":"$SSH_KEY_CONTENT"
}
EOF
)
curl -sS -X POST \
    -H "Authorization: Bearer $HCLOUD_TOKEN" \
    -H "Content-Type: application/json" \
    -d "$json" \
    'https://api.hetzner.cloud/v1/ssh_keys'

But this is only for hcloud.

I'm not sure whether we should add this script to the docs or not. If the user just creates one mgt-cluster, then doing it via the web ui is easier. We at Syself create mgt-cluster over and over again, that's why we have automated that. But the average user does not need that (afaik). And the advanced user can help himself.

apricote commented 5 months ago

The script could be replaced by the following invocation of the CLI:

hcloud ssh-key create --name $HCLOUD_SSH_KEY --public-key-from-file $SSH_PUBLIC_KEY

kranurag7 commented 5 months ago

Thanks for the suggestion, I use the same for hobby projects.

We don't have hcloud CLI in the builder image as of now. https://github.com/syself/cluster-api-provider-hetzner/blob/main/images/builder/Dockerfile

I think that's the main reason why we don't use hcloud CLI for the moment. Having said that, We are revamping our builder image approach to include some statically compiled binaries inside the image itself. I'll package hcloud for wolfi repo and then I'll put that inside the container and copy the same to hack/tools/bin directory.

guettli commented 1 week ago

We use the hcloud cli tool:

hcloud ssh-key create --name caph --public-key-from-file ~/.ssh/hetzner-cluster.pub

hcloud ssh-key create --name ${SSH_KEY_NAME} --public-key-from-file ${SSH_KEY_PATH}.pub

I think we can close this issue.

Please re-open if you think it is still valid.

syself / cluster-api-provider-hetzner