Otdfbt

How do I write "Show, Don't Tell" as a person with Asperger Syndrome?

Movie about a boy who was born old and grew young

Arriving at the same result with the opposite hypotheses

Scrum Master role: Reporting?

How to chain Python function calls so the behaviour is as follows

Why doesn't Adrian Toomes give up Spider-Man's identity?

How to build suspense or so to establish and justify xenophobia of characters in the eyes of the reader?

How water is heavier than petrol eventhough its molecular weight less than petrol?

What risks are there when you clear your cookies instead of logging off?

Taxi Services at Didcot

Can an Aarakocra use a shield while flying?

Using "subway" as name for London Underground?

Smooth switching between 12 V batteries, with a toggle switch

What can plausibly explain many of my very long and low-tech bridges?

What should the arbiter and what should have I done in this case?

Is open-sourcing the code of a webapp not recommended?

Using a found spellbook as a Sorcerer-Wizard multiclass

Where does "0 packages can be updated." come from?

Can a user sell my software (MIT license) without modification?

PhD - Well known professor or well known school?

Hottest Possible Hydrogen-Fusing Stars

How to project 3d image in the planes xy, xz, yz?

How Can I Tell The Difference Between Unmarked Sugar and Stevia?

What makes Ada the language of choice for the ISS's safety-critical systems?

How to include a TrustedUserCAKeys to Google Cloud Instances (GKE Kubernetes)

google cloud http(s) load balancing with kubernetesCreate a single, outbound IP for a given networkCreate Google Container Engine Cluster Without Default Node Pool?Mismatch between request external IP and forwarding rule k8s service targetKubernetes - can I avoid using the GCE Load Balancer to reduce cost?New SSH Connection failed Google Cloud VMUsers 'overriding' each other when trying to connect to SFTP on Google Compute Engine VM instanceGKE Clusters not coming back after project restoreEncrypted config kubernetes on Google CloudGoogle cloud platform: k8s master cannot ssh to nodes

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I want to connect to my kubernetes nodes (GKE) using SSH CA certificates, but in order to do so, I need to put the SSH CA public key on my fleet and add the path to the file in my sshd_config in every of my instances that gets created for kubernetes.

How should I do this? With the startup script? Or is it anything better?

Also, if I put this line on the sshd_config and I don't add any other public SSH Key, I won't have any user by default to log in.

Thank you

google-cloud-platform google-compute-engine google-kubernetes-engine

share|improve this question

edited May 21 at 14:01

codiaf

asked May 21 at 13:46

codiafcodiaf

1011

add a comment | 

0

I want to connect to my kubernetes nodes (GKE) using SSH CA certificates, but in order to do so, I need to put the SSH CA public key on my fleet and add the path to the file in my sshd_config in every of my instances that gets created for kubernetes.

How should I do this? With the startup script? Or is it anything better?

Also, if I put this line on the sshd_config and I don't add any other public SSH Key, I won't have any user by default to log in.

Thank you

google-cloud-platform google-compute-engine google-kubernetes-engine

share|improve this question

edited May 21 at 14:01

codiaf

asked May 21 at 13:46

codiafcodiaf

1011

add a comment | 

I want to connect to my kubernetes nodes (GKE) using SSH CA certificates, but in order to do so, I need to put the SSH CA public key on my fleet and add the path to the file in my sshd_config in every of my instances that gets created for kubernetes.

How should I do this? With the startup script? Or is it anything better?

Also, if I put this line on the sshd_config and I don't add any other public SSH Key, I won't have any user by default to log in.

Thank you

google-cloud-platform google-compute-engine google-kubernetes-engine

share|improve this question

edited May 21 at 14:01

codiaf

asked May 21 at 13:46

codiafcodiaf

1011

google-cloud-platform google-compute-engine google-kubernetes-engine

google-cloud-platform google-compute-engine google-kubernetes-engine

share|improve this question

edited May 21 at 14:01

codiaf

asked May 21 at 13:46

codiafcodiaf

1011

share|improve this question

edited May 21 at 14:01

codiaf

asked May 21 at 13:46

codiafcodiaf

1011

asked May 21 at 13:46

codiafcodiaf

1011

asked May 21 at 13:46

codiafcodiaf

1011

1 Answer
1

active

oldest

votes

0

There are a couple of approaches to do this so it depends on what you need from the setup.

GKE nodes are regular GCE instances so you can just add ssh keys normally. See for details this link.

For a more secure approach, you can use OS Login and gcloud command as described here.

I would like to note, anyway, that generally you shouldn't need to get direct access to GKE nodes.

Of course, you have the freedom to do that since they are instances under your management. But please note that Google's understanding will be that you know what you are doing and will not impact the normal functioning of the GKE deployments.

share|improve this answer

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f968230%2fhow-to-include-a-trustedusercakeys-to-google-cloud-instances-gke-kubernetes%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

There are a couple of approaches to do this so it depends on what you need from the setup.

GKE nodes are regular GCE instances so you can just add ssh keys normally. See for details this link.

For a more secure approach, you can use OS Login and gcloud command as described here.

I would like to note, anyway, that generally you shouldn't need to get direct access to GKE nodes.

Of course, you have the freedom to do that since they are instances under your management. But please note that Google's understanding will be that you know what you are doing and will not impact the normal functioning of the GKE deployments.

share|improve this answer

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

add a comment | 

0

There are a couple of approaches to do this so it depends on what you need from the setup.

GKE nodes are regular GCE instances so you can just add ssh keys normally. See for details this link.

For a more secure approach, you can use OS Login and gcloud command as described here.

I would like to note, anyway, that generally you shouldn't need to get direct access to GKE nodes.

Of course, you have the freedom to do that since they are instances under your management. But please note that Google's understanding will be that you know what you are doing and will not impact the normal functioning of the GKE deployments.

share|improve this answer

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

add a comment | 

There are a couple of approaches to do this so it depends on what you need from the setup.

GKE nodes are regular GCE instances so you can just add ssh keys normally. See for details this link.

For a more secure approach, you can use OS Login and gcloud command as described here.

I would like to note, anyway, that generally you shouldn't need to get direct access to GKE nodes.

Of course, you have the freedom to do that since they are instances under your management. But please note that Google's understanding will be that you know what you are doing and will not impact the normal functioning of the GKE deployments.

share|improve this answer

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

share|improve this answer

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1

answered May 27 at 14:43

Matias PaglioniMatias Paglioni

1