Preconditions
Related command
az aks create -g <aks resource group> -n <aks name> --generate-ssh-keys
az aks create -g <aks resource group> -n <aks name> --no-ssh-key
az aks update -g <aks resource group> -n <aks name> --ssh-key-value
Resource Provider
Microsoft.ContainerService/Azure Kubernetes Service
Description of Feature or Work Requested
VMSS requires ssh key for creation.
During az aks creation, there are several options about ssh key:
--generate-ssh-keys-keys: az cli will automatically generate a set of ssh keys for the user and put them in the specified directory.- No ssh-related parameters: az cli will use ssh keys in the ~/.ssh/ directory without any SSH-related parameters assigned.
--ssh-key-value : The user can use --ssh-key-value for assigning a dedicated key--no-ssh-key: AKS RP will automatically generate a set of ssh key, but it will not be returned to the user. So users can't use this key to access the nodes. As a workaround, they can run az aks update -g <aks resource group> -n <aks name> --ssh-key-value to assign new key then ssh.
Behavior change:
For the following two reasons:
- Above 50% clusters are running without ssh key, which means most users prefer not assigning keys.
2)'no ssh key' is safer as there is no risk of revealing private key.
We will set --no-ssh-key as the default behavior in CLI.
Whenever users want to access the nodes, they can run az aks update -g <aks resource group> -n <aks name> --ssh-key-value to assign new keys
Minimum API Version Required
2023-01-01
Swagger PR link / SDK link
N/A
We will make this change in GA and no PR link currently
Request Example
No response
Target Date
2023-09-01
PM Contact
qiaolwan
Engineer Contact
binxi
Additional context
No response
Preconditions
Related command
az aks create -g <aks resource group> -n <aks name> --generate-ssh-keysaz aks create -g <aks resource group> -n <aks name> --no-ssh-keyaz aks update -g <aks resource group> -n <aks name> --ssh-key-valueResource Provider
Microsoft.ContainerService/Azure Kubernetes Service
Description of Feature or Work Requested
VMSS requires ssh key for creation.
During az aks creation, there are several options about ssh key:
--generate-ssh-keys-keys: az cli will automatically generate a set of ssh keys for the user and put them in the specified directory.--ssh-key-value: The user can use--ssh-key-valuefor assigning a dedicated key--no-ssh-key: AKS RP will automatically generate a set of ssh key, but it will not be returned to the user. So users can't use this key to access the nodes. As a workaround, they can runaz aks update -g <aks resource group> -n <aks name> --ssh-key-valueto assign new key then ssh.Behavior change:
For the following two reasons:
2)'no ssh key' is safer as there is no risk of revealing private key.
We will set
--no-ssh-keyas the default behavior in CLI.Whenever users want to access the nodes, they can run
az aks update -g <aks resource group> -n <aks name> --ssh-key-valueto assign new keysMinimum API Version Required
2023-01-01
Swagger PR link / SDK link
N/A
We will make this change in GA and no PR link currently
Request Example
No response
Target Date
2023-09-01
PM Contact
qiaolwan
Engineer Contact
binxi
Additional context
No response