From ec900f3856ab31493d65ec1317b4ce4810d47b5e Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 10 Jul 2023 15:20:42 +0100 Subject: [PATCH] authorized_keys now reads public keys directly from ~/.ssh --- README.md | 8 +++++++- generate-secrets.sh | 2 +- publish-keys.sh | 3 +++ slurm-cluster-chart/files/authorized_keys | 2 -- .../templates/authorized-keys-configmap.yaml | 8 -------- 5 files changed, 11 insertions(+), 12 deletions(-) create mode 100755 publish-keys.sh delete mode 100644 slurm-cluster-chart/files/authorized_keys delete mode 100644 slurm-cluster-chart/templates/authorized-keys-configmap.yaml diff --git a/README.md b/README.md index e29f3ec..234160c 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ A named RWM volume mounted to `/home` is also expected, this can be external or ## Configuring the Cluster -All config files in `slurm-cluster-chart/files` will be mounted into the container to configure their respective services on startup. The `authorized_keys` file contains authorised public keys for the user `rocky`, add your public key to access the cluster. Note that changes to these files will not all be propagated to existing deployments (see "Reconfiguring the Cluster"). +All config files in `slurm-cluster-chart/files` will be mounted into the container to configure their respective services on startup. Note that changes to these files will not all be propagated to existing deployments (see "Reconfiguring the Cluster"). Additional parameters can be found in the `values.yaml` file, which will be applied on a Helm chart deployment. Note that some of these values will also not propagate until the cluster is restarted (see "Reconfiguring the Cluster"). ## Deploying the Cluster @@ -48,6 +48,12 @@ An RWM volume is required, if a named volume exists, set `nfs.claimName` in the ``` and leaving `nfs.claimName` as the provided value +To access the cluster via `ssh`, you will need to make your public keys available. Do this by running + +```console +./publish-keys.sh +``` + After configuring `kubectl` with the appropriate `kubeconfig` file, deploy the cluster using the Helm chart: ```console helm install slurm-cluster-chart diff --git a/generate-secrets.sh b/generate-secrets.sh index 70dcb22..db64a53 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -10,4 +10,4 @@ kubectl create secret generic munge-key-secret \ --dry-run=client \ --from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64 -w 0) \ -o yaml | \ -kubectl apply -f - +kubectl apply -f - \ No newline at end of file diff --git a/publish-keys.sh b/publish-keys.sh new file mode 100755 index 0000000..d293e81 --- /dev/null +++ b/publish-keys.sh @@ -0,0 +1,3 @@ +kubectl create configmap authorized-keys-configmap \ +"--from-literal=authorized_keys=$(cat ~/.ssh/*.pub)" --dry-run=client -o yaml | \ +kubectl apply -f - \ No newline at end of file diff --git a/slurm-cluster-chart/files/authorized_keys b/slurm-cluster-chart/files/authorized_keys deleted file mode 100644 index c91d3ef..0000000 --- a/slurm-cluster-chart/files/authorized_keys +++ /dev/null @@ -1,2 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx91hb5SMatDqPTpe63iOv34ddkR+PoeXf+86ET6v2y wtripp@LAPTOP-U9SBINHF -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxXfcSTVZeiJrlLoGZxVCZGBOEdSejn/eqJo8uugfZLqXvFX2Mq/hvog0z2vccA1/7nX9DgsbG1R/2f8o1C2VPkURIFVfYcOc6+OK2PRYW/vgubqHIx0kkTxVhkCdbIPizHt4Fe7v27h+bAerLASv3xNThhX8dObCbEPyalwpFdRyOpUaW3jU8UDW2LfYqWYdd3KjRAVtS/0Xc6xkQ1ZHkpy0R2P9cMUbgXxpn011VF61uk4yO0qHa8lYqDRJVTmUcwGUQPbKmBWaKM14ltf/UQSvExPrAfUFIgHigJFo1aa8iIomt5XkZEfHSWkDiqKjoT+Lu2brU8xKwW3Vb5g9jfrZSM/xkXsw/YYarx4B/6f1dwSKF7rXinZflrQtuqBeg6Rscy2mhuByZPOUG8w9quicrYJHCMO68WwEQKSiG0C/BC5rsjtX08ice0Jngk8HlA95FZrXvxK5G6GIDeU7rG1V8NjpU8kn9K8J5xrlWKhuvxlkkDTdB8TZzH0UB4Eu4YhXoK/Zak0xY9zkIz1XPFRL8G8E0pWwf+dkuVlX2hsVBxAZpnaqa1vEj0lmuXUFbxCley18zgNf0ACDgMHb6sd2NxgadTi3rrSWk5sJhcGN7iT/DtwPovd6XmxQf+8ndiQwnJrBy1YrCpMWA4RWQngo7fSO3booC+Aleju1lmw== wtripp@LAPTOP-U9SBINHF \ No newline at end of file diff --git a/slurm-cluster-chart/templates/authorized-keys-configmap.yaml b/slurm-cluster-chart/templates/authorized-keys-configmap.yaml deleted file mode 100644 index dd3db77..0000000 --- a/slurm-cluster-chart/templates/authorized-keys-configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.configmaps.authorizedKeys }} -data: - authorized_keys: | - {{- .Files.Get "files/authorized_keys" | nindent 4 -}} - \ No newline at end of file