KOPS reload ssh access key to cluster

3/24/2021

I want to restart my Kubernetes access ssh key using commands from this website: https://github.com/kubernetes/kops/blob/master/docs/security.md#ssh-access

so those:

kops delete secret --name <clustername> sshpublickey admin

kops create secret --name <clustername> sshpublickey admin -i ~/.ssh/newkey.pub

kops update cluster --yes

And when I type last command "kops update cluster --yes" I get that error:

completed cluster failed validation: spec.spec.kubeProxy.enabled: Forbidden: kube-router requires kubeProxy to be disabled

Does Anybody have any idea what can I change those secret key without disabling kubeProxy?

-- rupert
kops
kubernetes

2 Answers

3/24/2021

This problem comes from having set

spec:
  networking:
    kuberouter: {}

but not

spec:
  kubeProxy:
    enabled: false

in the cluster spec.

Export the config using kops get -o yaml > myspec.yaml, edit the config according to the error above. Then you can apply the spec using kops replace -f myspec.yaml.

It is considered a best practice to check the above yaml into version control to track any changes done to the cluster configuration.

Once the cluster spec has been amended, the new ssh key should work as well.

-- Ole Markus With
Source: StackOverflow

3/24/2021

What version of kubernetes are you running? If you are running the latests one 1.18.xx the user its not admin but ubuntu. One other thing that you could do is to first edit the cluster and set the spect of kubeproxy to enabled fist . Run kops update cluster and rolling update and then do the secret delete and creation.

-- Klevi Merkuri
Source: StackOverflow