One more thing, as mentioned previously, Ansible is actually the ssh automation tool. If you log on to host via ssh, you have to have an appropriate credential (user/password or ssh public key) to the target machines. In this case, the target machines mean the Kubernetes master and nodes.
Due to security reasons, especially in the public cloud, Kubernetes uses only the ssh public key authentication instead of ID/password authentication.
To follow the best practice, let's copy the ssh public key from your Ansible machine to the Kubernetes master/node machines:
If you've already set up ssh public key authentication between the Ansible machine to Kubernetes candidate machines, you can skip this step.
- In order to create an ssh public/private key pair from your Ansible machine, type the following command:
//with –q means, quiet output
$ ssh-keygen -q
- It will ask you to set a passphrase. You may set or skip (empty) this, but you have to remember it.
- Once you have successfully created a key pair, you can see the private key as ~/.ssh/id_rsa and public key as ~/.ssh/id_rsa.pub. You need to append the public key to the target machine under ~/.ssh/authorized_keys, as shown in the following screenshot:
- You need to copy and paste your public key to all Kubernetes master and node candidate machines.
- To make sure your ssh public key authentication works, just ssh from the Ansible machine to the target host that won't ask for your logon password, as here:
//use ssh-agent to remember your private key and passphrase (if you set)
ansible_machine$ ssh-agent bash
ansible_machine$ ssh-add
Enter passphrase for /home/saito/.ssh/id_rsa: Identity added: /home/saito/.ssh/id_rsa (/home/saito/.ssh/id_rsa)
//logon from ansible machine to k8s machine which you copied public key
ansible_machine$ ssh 10.128.0.2
Last login: Sun Nov 5 17:05:32 2017 from 133.172.188.35.bc.googleusercontent.com
k8s-master-1$
Now you are all set! Let's set up Kubernetes using kubespray (Ansible) from scratch.