contrib/terraform/exoscale: Rework SSH public keys (#7242)

* contrib/terraform/exoscale: Rework SSH public keys Exoscale has a few limitations with `exoscale_ssh_keypair` resources. Creating several clusters with these scripts may lead to an error like: ``` Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint ``` This patch reworks handling of SSH public keys. Specifically, we rely on the more cloud-agnostic way of configuring SSH public keys via `cloud-init`. * contrib/terraform/exoscale: terraform fmt * contrib/terraform/exoscale: Add terraform validate * contrib/terraform/exoscale: Inline public SSH keys The Terraform scripts need to install some SSH key, so that Kubespray (i.e., the "Ansible part") can take over. Initially, we pointed the Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal: Operators sharing responbility for a cluster risk unnecessarily replacing resources. Therefore, it has been determined that it's best to inline the public SSH keys. The chosen variable `ssh_public_keys` provides some uniformity with `contrib/azurerm`. * Fix Terraform Exoscale test * Fix Terraform 0.14 test
2026-02-28 09:39:12 +03:00 · 2021-02-03 16:32:28 +01:00
parent 88bee6c68e
commit b77460ec34
11 changed files with 161 additions and 75 deletions
--- a/contrib/terraform/exoscale/main.tf
+++ b/contrib/terraform/exoscale/main.tf
@@ -7,7 +7,7 @@ module "kubernetes" {

  machines = var.machines

-  ssh_pub_key = var.ssh_pub_key
+  ssh_public_keys = var.ssh_public_keys

  ssh_whitelist        = var.ssh_whitelist
  api_server_whitelist = var.api_server_whitelist
@@ -23,18 +23,18 @@ data "template_file" "inventory" {

  vars = {
    connection_strings_master = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s etcd_member_name=etcd%d",
-                                        keys(module.kubernetes.master_ip_addresses),
-                                        values(module.kubernetes.master_ip_addresses).*.public_ip,
-                                        values(module.kubernetes.master_ip_addresses).*.private_ip,
-                                        range(1, length(module.kubernetes.master_ip_addresses) + 1)))
+      keys(module.kubernetes.master_ip_addresses),
+      values(module.kubernetes.master_ip_addresses).*.public_ip,
+      values(module.kubernetes.master_ip_addresses).*.private_ip,
+    range(1, length(module.kubernetes.master_ip_addresses) + 1)))
    connection_strings_worker = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s",
-                                        keys(module.kubernetes.worker_ip_addresses),
-                                        values(module.kubernetes.worker_ip_addresses).*.public_ip,
-                                        values(module.kubernetes.worker_ip_addresses).*.private_ip))
+      keys(module.kubernetes.worker_ip_addresses),
+      values(module.kubernetes.worker_ip_addresses).*.public_ip,
+    values(module.kubernetes.worker_ip_addresses).*.private_ip))

-    list_master               = join("\n", keys(module.kubernetes.master_ip_addresses))
-    list_worker               = join("\n", keys(module.kubernetes.worker_ip_addresses))
-    api_lb_ip_address         = module.kubernetes.control_plane_lb_ip_address
+    list_master       = join("\n", keys(module.kubernetes.master_ip_addresses))
+    list_worker       = join("\n", keys(module.kubernetes.worker_ip_addresses))
+    api_lb_ip_address = module.kubernetes.control_plane_lb_ip_address
  }
 }