User Story 60501: 101-aks-cluster #218
Conversation
There was a problem hiding this comment.
Thanks @TomArcherMsft for opening this pr, could we use tls_private_key resource to generate the ssh key?
quickstart/101-aks-cluster/main.tf
Outdated
| parent_id = azurerm_resource_group.rg.id | ||
| } | ||
|
|
||
| resource "azapi_resource_action" "ssh_public_key_gen" { |
There was a problem hiding this comment.
I would recommend tls_private_key resource:
# RSA key of size 4096 bits
resource "tls_private_key" "rsa_4096" {
algorithm = "RSA"
rsa_bits = 4096
}There was a problem hiding this comment.
Hi, @lonegunmanb. I used the AzAPI as that is something @grayzu recommended in an email thread with all of us. Maybe we need to reengage on the email thread or figure it out here?
There was a problem hiding this comment.
Although the tls provider will do the trick, I think making use of the Azure functionality which will provide SSH certificates that can be used in production environments is a better way to show this functionality. According to the docs, the tls provider is not recommended for prod use.
| admin_username = var.linux_admin_username | ||
|
|
||
| ssh_key { | ||
| key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output)["publicKey"] |
There was a problem hiding this comment.
If we use tls_private_key resource, then the key_data could be:
key_data = tls_private_key.rsa_4096.public_key_openssh| value = azurerm_resource_group.rg.name | ||
| } | ||
|
|
||
| output "ssh_key_name" { |
There was a problem hiding this comment.
We can export the private key:
output "ssh_private_key_openssh" {
sensitive = true
value = tls_private_key.rsa_4096.private_key_openssh
}
output "ssh_private_key_pem" {
sensitive = true
value = tls_private_key.rsa_4096.private_key_pem
}| terraform { | ||
| required_version = ">=1.0" | ||
| required_providers { | ||
| azapi = { |
There was a problem hiding this comment.
We can use tls provider here:
tls = {
source = "hashicorp/tls"
version = "~>4.0"
}
quickstart/101-aks-cluster/main.tf
Outdated
| parent_id = azurerm_resource_group.rg.id | ||
| } | ||
|
|
||
| resource "azapi_resource_action" "ssh_public_key_gen" { |
There was a problem hiding this comment.
Although the tls provider will do the trick, I think making use of the Azure functionality which will provide SSH certificates that can be used in production environments is a better way to show this functionality. According to the docs, the tls provider is not recommended for prod use.
|
In a more recent PR, I put the SSH-creation code in a separate file (ssh.tf). I like doing that as it's isolates the SSH creation & AzAPI usage and reduces code in main.tf. Should we use that pattern as the standard? If so, I'll make the change to this PR. |
As long as we've agreed on a working pattern I think it's ok to apply the pattern on this repo. |
|
@stemaMSFT @lonegunmanb This PR is ready to review. |
There was a problem hiding this comment.
Hi @TomArcherMsft thanks for the update, it looks this pr's base commit is too old so the changed files scope that the pipeline calculated was wrong. Would you please rebase your branch to the latest master branch and try again? Thanks!
Part of POC to test generating sample code and articles using OpenAI.