Merge pull request #3245 from mad01/sshsecret

Automatic merge from submit-queue

Adding support for adding ssh public key from file

MVP implementation of adding secret from file related to #2195 

```bash
cat > secret.yaml <<EOF
apiVersion: kops/v1alpha2
kind: SSHSecret
metadata:
  labels:
    kops.k8s.io/cluster: dev.k8s.example.com
spec:
  username: "admin"
  sshPublicKey: "ssh-rsa AAAAB3NzaC1yc2EEEAADA dev@devbox"
EOF
```

`kops create -f secret.yaml`

cmd/kops/create.go

@@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/kops/cmd/kops/util"
 	kopsapi "k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/apis/kops/registry"
 	"k8s.io/kops/pkg/apis/kops/v1alpha1"
 	"k8s.io/kops/upup/pkg/fi/cloudup"
 	"k8s.io/kops/util/pkg/vfs"
@@ -54,6 +55,9 @@ var (
 	# Create a cluster from the configuration specification in a YAML file
 	kops create -f my-cluster.yaml
 
+	# Create secret from secret spec file 
+	kops create -f secret.yaml
+
 	# Create a cluster in AWS
 	kops create cluster --name=kubernetes-cluster.example.com \
 		--state=s3://kops-state-1234 --zones=eu-west-1a \
@@ -190,6 +194,33 @@ func RunCreate(f *util.Factory, out io.Writer, c *CreateOptions) error {
 					fmt.Fprintf(&sb, "Created instancegroup/%s\n", v.ObjectMeta.Name)
 				}
 
+			case *kopsapi.SSHCredential:
+				clusterName = v.ObjectMeta.Labels[kopsapi.LabelClusterName]
+				if clusterName == "" {
+					return fmt.Errorf("must specify %q label with cluster name to create instanceGroup", kopsapi.LabelClusterName)
+				}
+				if v.Spec.PublicKey == "" {
+					return fmt.Errorf("spec.PublicKey is required")
+				}
+
+				cluster, err := clientset.GetCluster(clusterName)
+				if err != nil {
+					return err
+				}
+
+				keyStore, err := registry.KeyStore(cluster)
+				if err != nil {
+					return err
+				}
+
+				sshKeyArr := []byte(v.Spec.PublicKey)
+				err = keyStore.AddSSHPublicKey("admin", sshKeyArr)
+				if err != nil {
+					return err
+				} else {
+					fmt.Fprintf(&sb, "Added ssh creadential\n")
+				}
+
 			default:
 				glog.V(2).Infof("Type of object was %T", v)
 				return fmt.Errorf("Unhandled kind %q in %s", gvk, f)

docs/cli/kops_create.md

@@ -27,6 +27,9 @@ kops create -f FILENAME
   # Create a cluster from the configuration specification in a YAML file
   kops create -f my-cluster.yaml
   
+  # Create secret from secret spec file
+  kops create -f secret.yaml
+  
   # Create a cluster in AWS
   kops create cluster --name=kubernetes-cluster.example.com \
   --state=s3://kops-state-1234 --zones=eu-west-1a \

docs/secrets.md

@@ -24,3 +24,14 @@ The ID form can be used when there are multiple matching keys.
 example:
 `kops delete secret sshpublickey admin`
 
+
+### adding ssh credential from spec file
+```bash
+apiVersion: kops/v1alpha2
+kind: SSHCredential
+metadata:
+  labels:
+    kops.k8s.io/cluster: dev.k8s.example.com
+spec:
+  publicKey: "ssh-rsa AAAAB3NzaC1 dev@devbox"
+```

pkg/apis/kops/register.go

@@ -17,12 +17,13 @@ limitations under the License.
 package kops
 
 import (
+	"os"
+
 	"k8s.io/apimachinery/pkg/apimachinery/announced"
 	"k8s.io/apimachinery/pkg/apimachinery/registered"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
-	"os"
 )
 
 var (
@@ -65,6 +66,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&InstanceGroupList{},
 		&Federation{},
 		&FederationList{},
+		&SSHCredential{},
+		&SSHCredentialList{},
 	)
 	//metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
@@ -79,3 +82,6 @@ func (obj *InstanceGroup) GetObjectKind() schema.ObjectKind {
 func (obj *Federation) GetObjectKind() schema.ObjectKind {
 	return &obj.TypeMeta
 }
+func (obj *SSHCredential) GetObjectKind() schema.ObjectKind {
+	return &obj.TypeMeta
+}

pkg/apis/kops/sshcredential.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kops
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient=true
+
+// SSHCredential represent a set of kops secrets
+type SSHCredential struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec SSHCredentialSpec `json:"spec,omitempty"`
+}
+
+type SSHCredentialSpec struct {
+	PublicKey string `json:"publicKey,omitempty"`
+}
+
+type SSHCredentialList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []SSHCredential `json:"items"`
+}

pkg/apis/kops/v1alpha1/register.go

@@ -52,6 +52,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&InstanceGroupList{},
 		&Federation{},
 		&FederationList{},
+		&SSHCredential{},
+		&SSHCredentialList{},
 	)
 
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
@@ -68,6 +70,9 @@ func (obj *InstanceGroup) GetObjectKind() schema.ObjectKind {
 func (obj *Federation) GetObjectKind() schema.ObjectKind {
 	return &obj.TypeMeta
 }
+func (obj *SSHCredential) GetObjectKind() schema.ObjectKind {
+	return &obj.TypeMeta
+}
 
 func addConversionFuncs(scheme *runtime.Scheme) error {
 	// Add non-generated conversion functions

pkg/apis/kops/v1alpha1/sshcredential.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient=true
+
+// SSHCredential represent a set of kops secrets
+type SSHCredential struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec SSHCredentialSpec `json:"spec,omitempty"`
+}
+
+type SSHCredentialSpec struct {
+	PublicKey string `json:"publicKey,omitempty"`
+}
+
+type SSHCredentialList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []SSHCredential `json:"items"`
+}

pkg/apis/kops/v1alpha1/zz_generated.conversion.go

@@ -127,6 +127,12 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec,
 		Convert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec,
 		Convert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec,
+		Convert_v1alpha1_SSHCredential_To_kops_SSHCredential,
+		Convert_kops_SSHCredential_To_v1alpha1_SSHCredential,
+		Convert_v1alpha1_SSHCredentialList_To_kops_SSHCredentialList,
+		Convert_kops_SSHCredentialList_To_v1alpha1_SSHCredentialList,
+		Convert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec,
+		Convert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec,
 		Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
 		Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec,
 	)
@@ -2298,6 +2304,94 @@ func Convert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(in *ko
 	return autoConvert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(in, out, s)
 }
 
+func autoConvert_v1alpha1_SSHCredential_To_kops_SSHCredential(in *SSHCredential, out *kops.SSHCredential, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1alpha1_SSHCredential_To_kops_SSHCredential is an autogenerated conversion function.
+func Convert_v1alpha1_SSHCredential_To_kops_SSHCredential(in *SSHCredential, out *kops.SSHCredential, s conversion.Scope) error {
+	return autoConvert_v1alpha1_SSHCredential_To_kops_SSHCredential(in, out, s)
+}
+
+func autoConvert_kops_SSHCredential_To_v1alpha1_SSHCredential(in *kops.SSHCredential, out *SSHCredential, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_kops_SSHCredential_To_v1alpha1_SSHCredential is an autogenerated conversion function.
+func Convert_kops_SSHCredential_To_v1alpha1_SSHCredential(in *kops.SSHCredential, out *SSHCredential, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredential_To_v1alpha1_SSHCredential(in, out, s)
+}
+
+func autoConvert_v1alpha1_SSHCredentialList_To_kops_SSHCredentialList(in *SSHCredentialList, out *kops.SSHCredentialList, s conversion.Scope) error {
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]kops.SSHCredential, len(*in))
+		for i := range *in {
+			if err := Convert_v1alpha1_SSHCredential_To_kops_SSHCredential(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = make([]kops.SSHCredential, 0)
+	}
+	return nil
+}
+
+// Convert_v1alpha1_SSHCredentialList_To_kops_SSHCredentialList is an autogenerated conversion function.
+func Convert_v1alpha1_SSHCredentialList_To_kops_SSHCredentialList(in *SSHCredentialList, out *kops.SSHCredentialList, s conversion.Scope) error {
+	return autoConvert_v1alpha1_SSHCredentialList_To_kops_SSHCredentialList(in, out, s)
+}
+
+func autoConvert_kops_SSHCredentialList_To_v1alpha1_SSHCredentialList(in *kops.SSHCredentialList, out *SSHCredentialList, s conversion.Scope) error {
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]SSHCredential, len(*in))
+		for i := range *in {
+			if err := Convert_kops_SSHCredential_To_v1alpha1_SSHCredential(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = make([]SSHCredential, 0)
+	}
+	return nil
+}
+
+// Convert_kops_SSHCredentialList_To_v1alpha1_SSHCredentialList is an autogenerated conversion function.
+func Convert_kops_SSHCredentialList_To_v1alpha1_SSHCredentialList(in *kops.SSHCredentialList, out *SSHCredentialList, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredentialList_To_v1alpha1_SSHCredentialList(in, out, s)
+}
+
+func autoConvert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec(in *SSHCredentialSpec, out *kops.SSHCredentialSpec, s conversion.Scope) error {
+	out.PublicKey = in.PublicKey
+	return nil
+}
+
+// Convert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec is an autogenerated conversion function.
+func Convert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec(in *SSHCredentialSpec, out *kops.SSHCredentialSpec, s conversion.Scope) error {
+	return autoConvert_v1alpha1_SSHCredentialSpec_To_kops_SSHCredentialSpec(in, out, s)
+}
+
+func autoConvert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec(in *kops.SSHCredentialSpec, out *SSHCredentialSpec, s conversion.Scope) error {
+	out.PublicKey = in.PublicKey
+	return nil
+}
+
+// Convert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec is an autogenerated conversion function.
+func Convert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec(in *kops.SSHCredentialSpec, out *SSHCredentialSpec, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredentialSpec_To_v1alpha1_SSHCredentialSpec(in, out, s)
+}
+
 func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error {
 	out.MTU = in.MTU
 	return nil

pkg/apis/kops/v1alpha2/register.go

@@ -53,6 +53,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&InstanceGroupList{},
 		&Federation{},
 		&FederationList{},
+		&SSHCredential{},
+		&SSHCredentialList{},
 	)
 
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
@@ -69,6 +71,9 @@ func (obj *InstanceGroup) GetObjectKind() schema.ObjectKind {
 func (obj *Federation) GetObjectKind() schema.ObjectKind {
 	return &obj.TypeMeta
 }
+func (obj *SSHCredential) GetObjectKind() schema.ObjectKind {
+	return &obj.TypeMeta
+}
 
 func addConversionFuncs(scheme *runtime.Scheme) error {
 	return nil

pkg/apis/kops/v1alpha2/sshcredential.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient=true
+
+// SSHCredential represent a set of kops secrets
+type SSHCredential struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec SSHCredentialSpec `json:"spec,omitempty"`
+}
+
+type SSHCredentialSpec struct {
+	PublicKey string `json:"publicKey,omitempty"`
+}
+
+type SSHCredentialList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []SSHCredential `json:"items"`
+}

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -131,6 +131,12 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec,
 		Convert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec,
 		Convert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec,
+		Convert_v1alpha2_SSHCredential_To_kops_SSHCredential,
+		Convert_kops_SSHCredential_To_v1alpha2_SSHCredential,
+		Convert_v1alpha2_SSHCredentialList_To_kops_SSHCredentialList,
+		Convert_kops_SSHCredentialList_To_v1alpha2_SSHCredentialList,
+		Convert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec,
+		Convert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec,
 		Convert_v1alpha2_TopologySpec_To_kops_TopologySpec,
 		Convert_kops_TopologySpec_To_v1alpha2_TopologySpec,
 		Convert_v1alpha2_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
@@ -2406,6 +2412,94 @@ func Convert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(in *ko
 	return autoConvert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(in, out, s)
 }
 
+func autoConvert_v1alpha2_SSHCredential_To_kops_SSHCredential(in *SSHCredential, out *kops.SSHCredential, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1alpha2_SSHCredential_To_kops_SSHCredential is an autogenerated conversion function.
+func Convert_v1alpha2_SSHCredential_To_kops_SSHCredential(in *SSHCredential, out *kops.SSHCredential, s conversion.Scope) error {
+	return autoConvert_v1alpha2_SSHCredential_To_kops_SSHCredential(in, out, s)
+}
+
+func autoConvert_kops_SSHCredential_To_v1alpha2_SSHCredential(in *kops.SSHCredential, out *SSHCredential, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_kops_SSHCredential_To_v1alpha2_SSHCredential is an autogenerated conversion function.
+func Convert_kops_SSHCredential_To_v1alpha2_SSHCredential(in *kops.SSHCredential, out *SSHCredential, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredential_To_v1alpha2_SSHCredential(in, out, s)
+}
+
+func autoConvert_v1alpha2_SSHCredentialList_To_kops_SSHCredentialList(in *SSHCredentialList, out *kops.SSHCredentialList, s conversion.Scope) error {
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]kops.SSHCredential, len(*in))
+		for i := range *in {
+			if err := Convert_v1alpha2_SSHCredential_To_kops_SSHCredential(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = make([]kops.SSHCredential, 0)
+	}
+	return nil
+}
+
+// Convert_v1alpha2_SSHCredentialList_To_kops_SSHCredentialList is an autogenerated conversion function.
+func Convert_v1alpha2_SSHCredentialList_To_kops_SSHCredentialList(in *SSHCredentialList, out *kops.SSHCredentialList, s conversion.Scope) error {
+	return autoConvert_v1alpha2_SSHCredentialList_To_kops_SSHCredentialList(in, out, s)
+}
+
+func autoConvert_kops_SSHCredentialList_To_v1alpha2_SSHCredentialList(in *kops.SSHCredentialList, out *SSHCredentialList, s conversion.Scope) error {
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]SSHCredential, len(*in))
+		for i := range *in {
+			if err := Convert_kops_SSHCredential_To_v1alpha2_SSHCredential(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.Items = make([]SSHCredential, 0)
+	}
+	return nil
+}
+
+// Convert_kops_SSHCredentialList_To_v1alpha2_SSHCredentialList is an autogenerated conversion function.
+func Convert_kops_SSHCredentialList_To_v1alpha2_SSHCredentialList(in *kops.SSHCredentialList, out *SSHCredentialList, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredentialList_To_v1alpha2_SSHCredentialList(in, out, s)
+}
+
+func autoConvert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec(in *SSHCredentialSpec, out *kops.SSHCredentialSpec, s conversion.Scope) error {
+	out.PublicKey = in.PublicKey
+	return nil
+}
+
+// Convert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec is an autogenerated conversion function.
+func Convert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec(in *SSHCredentialSpec, out *kops.SSHCredentialSpec, s conversion.Scope) error {
+	return autoConvert_v1alpha2_SSHCredentialSpec_To_kops_SSHCredentialSpec(in, out, s)
+}
+
+func autoConvert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec(in *kops.SSHCredentialSpec, out *SSHCredentialSpec, s conversion.Scope) error {
+	out.PublicKey = in.PublicKey
+	return nil
+}
+
+// Convert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec is an autogenerated conversion function.
+func Convert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec(in *kops.SSHCredentialSpec, out *SSHCredentialSpec, s conversion.Scope) error {
+	return autoConvert_kops_SSHCredentialSpec_To_v1alpha2_SSHCredentialSpec(in, out, s)
+}
+
 func autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
 	out.Masters = in.Masters
 	out.Nodes = in.Nodes

pkg/client/clientset_generated/clientset/typed/kops/internalversion/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKops) InstanceGroups(namespace string) internalversion.InstanceGrou
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKops) SSHCredentials(namespace string) internalversion.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKops) RESTClient() rest.Interface {

pkg/client/clientset_generated/clientset/typed/kops/internalversion/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	kops "k8s.io/kops/pkg/apis/kops"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKops
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &kops.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &kops.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *kops.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &kops.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &kops.SSHCredentialList{}
+	for _, item := range obj.(*kops.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}

pkg/client/clientset_generated/clientset/typed/kops/internalversion/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/clientset/typed/kops/internalversion/kops_client.go

@@ -26,6 +26,7 @@ type KopsInterface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsClient is used to interact with features provided by the kops group.
@@ -45,6 +46,10 @@ func (c *KopsClient) InstanceGroups(namespace string) InstanceGroupInterface {
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsClient) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsClient for the given config.
 func NewForConfig(c *rest.Config) (*KopsClient, error) {
 	config := *c

pkg/client/clientset_generated/clientset/typed/kops/internalversion/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package internalversion
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	kops "k8s.io/kops/pkg/apis/kops"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/clientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*kops.SSHCredential) (*kops.SSHCredential, error)
+	Update(*kops.SSHCredential) (*kops.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*kops.SSHCredential, error)
+	List(opts v1.ListOptions) (*kops.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsClient, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *kops.SSHCredentialList, err error) {
+	result = &kops.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha1/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKopsV1alpha1) InstanceGroups(namespace string) v1alpha1.InstanceGro
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKopsV1alpha1) SSHCredentials(namespace string) v1alpha1.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKopsV1alpha1) RESTClient() rest.Interface {

pkg/client/clientset_generated/clientset/typed/kops/v1alpha1/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha1 "k8s.io/kops/pkg/apis/kops/v1alpha1"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKopsV1alpha1
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "v1alpha1", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "v1alpha1", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &v1alpha1.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *v1alpha1.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &v1alpha1.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.SSHCredentialList{}
+	for _, item := range obj.(*v1alpha1.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha1/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha1/kops_client.go

@@ -28,6 +28,7 @@ type KopsV1alpha1Interface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsV1alpha1Client is used to interact with features provided by the kops group.
@@ -47,6 +48,10 @@ func (c *KopsV1alpha1Client) InstanceGroups(namespace string) InstanceGroupInter
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsV1alpha1Client) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsV1alpha1Client for the given config.
 func NewForConfig(c *rest.Config) (*KopsV1alpha1Client, error) {
 	config := *c

pkg/client/clientset_generated/clientset/typed/kops/v1alpha1/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha1 "k8s.io/kops/pkg/apis/kops/v1alpha1"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/clientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*v1alpha1.SSHCredential) (*v1alpha1.SSHCredential, error)
+	Update(*v1alpha1.SSHCredential) (*v1alpha1.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.SSHCredential, error)
+	List(opts v1.ListOptions) (*v1alpha1.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsV1alpha1Client, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *v1alpha1.SSHCredentialList, err error) {
+	result = &v1alpha1.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha2/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKopsV1alpha2) InstanceGroups(namespace string) v1alpha2.InstanceGro
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKopsV1alpha2) SSHCredentials(namespace string) v1alpha2.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKopsV1alpha2) RESTClient() rest.Interface {

pkg/client/clientset_generated/clientset/typed/kops/v1alpha2/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha2 "k8s.io/kops/pkg/apis/kops/v1alpha2"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKopsV1alpha2
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "v1alpha2", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "v1alpha2", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &v1alpha2.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha2.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *v1alpha2.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &v1alpha2.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha2.SSHCredentialList{}
+	for _, item := range obj.(*v1alpha2.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha2/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/clientset/typed/kops/v1alpha2/kops_client.go

@@ -28,6 +28,7 @@ type KopsV1alpha2Interface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsV1alpha2Client is used to interact with features provided by the kops group.
@@ -47,6 +48,10 @@ func (c *KopsV1alpha2Client) InstanceGroups(namespace string) InstanceGroupInter
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsV1alpha2Client) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsV1alpha2Client for the given config.
 func NewForConfig(c *rest.Config) (*KopsV1alpha2Client, error) {
 	config := *c

pkg/client/clientset_generated/clientset/typed/kops/v1alpha2/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha2 "k8s.io/kops/pkg/apis/kops/v1alpha2"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/clientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*v1alpha2.SSHCredential) (*v1alpha2.SSHCredential, error)
+	Update(*v1alpha2.SSHCredential) (*v1alpha2.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha2.SSHCredential, error)
+	List(opts v1.ListOptions) (*v1alpha2.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsV1alpha2Client, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *v1alpha2.SSHCredentialList, err error) {
+	result = &v1alpha2.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset_generated/internalclientset/typed/kops/internalversion/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKops) InstanceGroups(namespace string) internalversion.InstanceGrou
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKops) SSHCredentials(namespace string) internalversion.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKops) RESTClient() rest.Interface {

pkg/client/clientset_generated/internalclientset/typed/kops/internalversion/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	kops "k8s.io/kops/pkg/apis/kops"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKops
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &kops.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &kops.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *kops.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &kops.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &kops.SSHCredentialList{}
+	for _, item := range obj.(*kops.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &kops.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*kops.SSHCredential), err
+}

pkg/client/clientset_generated/internalclientset/typed/kops/internalversion/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/internalclientset/typed/kops/internalversion/kops_client.go

@@ -26,6 +26,7 @@ type KopsInterface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsClient is used to interact with features provided by the kops group.
@@ -45,6 +46,10 @@ func (c *KopsClient) InstanceGroups(namespace string) InstanceGroupInterface {
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsClient) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsClient for the given config.
 func NewForConfig(c *rest.Config) (*KopsClient, error) {
 	config := *c

pkg/client/clientset_generated/internalclientset/typed/kops/internalversion/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package internalversion
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	kops "k8s.io/kops/pkg/apis/kops"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/internalclientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*kops.SSHCredential) (*kops.SSHCredential, error)
+	Update(*kops.SSHCredential) (*kops.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*kops.SSHCredential, error)
+	List(opts v1.ListOptions) (*kops.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsClient, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *kops.SSHCredential) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *kops.SSHCredentialList, err error) {
+	result = &kops.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *kops.SSHCredential, err error) {
+	result = &kops.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha1/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKopsV1alpha1) InstanceGroups(namespace string) v1alpha1.InstanceGro
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKopsV1alpha1) SSHCredentials(namespace string) v1alpha1.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKopsV1alpha1) RESTClient() rest.Interface {

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha1/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha1 "k8s.io/kops/pkg/apis/kops/v1alpha1"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKopsV1alpha1
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "v1alpha1", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "v1alpha1", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &v1alpha1.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *v1alpha1.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &v1alpha1.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.SSHCredentialList{}
+	for _, item := range obj.(*v1alpha1.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &v1alpha1.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.SSHCredential), err
+}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha1/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha1/kops_client.go

@@ -28,6 +28,7 @@ type KopsV1alpha1Interface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsV1alpha1Client is used to interact with features provided by the kops group.
@@ -47,6 +48,10 @@ func (c *KopsV1alpha1Client) InstanceGroups(namespace string) InstanceGroupInter
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsV1alpha1Client) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsV1alpha1Client for the given config.
 func NewForConfig(c *rest.Config) (*KopsV1alpha1Client, error) {
 	config := *c

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha1/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha1 "k8s.io/kops/pkg/apis/kops/v1alpha1"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/internalclientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*v1alpha1.SSHCredential) (*v1alpha1.SSHCredential, error)
+	Update(*v1alpha1.SSHCredential) (*v1alpha1.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.SSHCredential, error)
+	List(opts v1.ListOptions) (*v1alpha1.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsV1alpha1Client, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *v1alpha1.SSHCredential) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *v1alpha1.SSHCredentialList, err error) {
+	result = &v1alpha1.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.SSHCredential, err error) {
+	result = &v1alpha1.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha2/fake/fake_kops_client.go

@@ -38,6 +38,10 @@ func (c *FakeKopsV1alpha2) InstanceGroups(namespace string) v1alpha2.InstanceGro
 	return &FakeInstanceGroups{c, namespace}
 }
 
+func (c *FakeKopsV1alpha2) SSHCredentials(namespace string) v1alpha2.SSHCredentialInterface {
+	return &FakeSSHCredentials{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeKopsV1alpha2) RESTClient() rest.Interface {

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha2/fake/fake_sshcredential.go

@@ -0,0 +1,120 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha2 "k8s.io/kops/pkg/apis/kops/v1alpha2"
+)
+
+// FakeSSHCredentials implements SSHCredentialInterface
+type FakeSSHCredentials struct {
+	Fake *FakeKopsV1alpha2
+	ns   string
+}
+
+var sshcredentialsResource = schema.GroupVersionResource{Group: "kops", Version: "v1alpha2", Resource: "sshcredentials"}
+
+var sshcredentialsKind = schema.GroupVersionKind{Group: "kops", Version: "v1alpha2", Kind: "SSHCredential"}
+
+func (c *FakeSSHCredentials) Create(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Update(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(sshcredentialsResource, c.ns, sSHCredential), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(sshcredentialsResource, c.ns, name), &v1alpha2.SSHCredential{})
+
+	return err
+}
+
+func (c *FakeSSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(sshcredentialsResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha2.SSHCredentialList{})
+	return err
+}
+
+func (c *FakeSSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(sshcredentialsResource, c.ns, name), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}
+
+func (c *FakeSSHCredentials) List(opts v1.ListOptions) (result *v1alpha2.SSHCredentialList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(sshcredentialsResource, sshcredentialsKind, c.ns, opts), &v1alpha2.SSHCredentialList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha2.SSHCredentialList{}
+	for _, item := range obj.(*v1alpha2.SSHCredentialList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *FakeSSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(sshcredentialsResource, c.ns, opts))
+
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *FakeSSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(sshcredentialsResource, c.ns, name, data, subresources...), &v1alpha2.SSHCredential{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.SSHCredential), err
+}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha2/generated_expansion.go

@@ -21,3 +21,5 @@ type ClusterExpansion interface{}
 type FederationExpansion interface{}
 
 type InstanceGroupExpansion interface{}
+
+type SSHCredentialExpansion interface{}

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha2/kops_client.go

@@ -28,6 +28,7 @@ type KopsV1alpha2Interface interface {
 	ClustersGetter
 	FederationsGetter
 	InstanceGroupsGetter
+	SSHCredentialsGetter
 }
 
 // KopsV1alpha2Client is used to interact with features provided by the kops group.
@@ -47,6 +48,10 @@ func (c *KopsV1alpha2Client) InstanceGroups(namespace string) InstanceGroupInter
 	return newInstanceGroups(c, namespace)
 }
 
+func (c *KopsV1alpha2Client) SSHCredentials(namespace string) SSHCredentialInterface {
+	return newSSHCredentials(c, namespace)
+}
+
 // NewForConfig creates a new KopsV1alpha2Client for the given config.
 func NewForConfig(c *rest.Config) (*KopsV1alpha2Client, error) {
 	config := *c

pkg/client/clientset_generated/internalclientset/typed/kops/v1alpha2/sshcredential.go

@@ -0,0 +1,155 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha2 "k8s.io/kops/pkg/apis/kops/v1alpha2"
+	scheme "k8s.io/kops/pkg/client/clientset_generated/internalclientset/scheme"
+)
+
+// SSHCredentialsGetter has a method to return a SSHCredentialInterface.
+// A group's client should implement this interface.
+type SSHCredentialsGetter interface {
+	SSHCredentials(namespace string) SSHCredentialInterface
+}
+
+// SSHCredentialInterface has methods to work with SSHCredential resources.
+type SSHCredentialInterface interface {
+	Create(*v1alpha2.SSHCredential) (*v1alpha2.SSHCredential, error)
+	Update(*v1alpha2.SSHCredential) (*v1alpha2.SSHCredential, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha2.SSHCredential, error)
+	List(opts v1.ListOptions) (*v1alpha2.SSHCredentialList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error)
+	SSHCredentialExpansion
+}
+
+// sSHCredentials implements SSHCredentialInterface
+type sSHCredentials struct {
+	client rest.Interface
+	ns     string
+}
+
+// newSSHCredentials returns a SSHCredentials
+func newSSHCredentials(c *KopsV1alpha2Client, namespace string) *sSHCredentials {
+	return &sSHCredentials{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Create takes the representation of a sSHCredential and creates it.  Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Create(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a sSHCredential and updates it. Returns the server's representation of the sSHCredential, and an error, if there is any.
+func (c *sSHCredentials) Update(sSHCredential *v1alpha2.SSHCredential) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(sSHCredential.Name).
+		Body(sSHCredential).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the sSHCredential and deletes it. Returns an error if one occurs.
+func (c *sSHCredentials) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *sSHCredentials) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Get takes name of the sSHCredential, and returns the corresponding sSHCredential object, and an error if there is any.
+func (c *sSHCredentials) Get(name string, options v1.GetOptions) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of SSHCredentials that match those selectors.
+func (c *sSHCredentials) List(opts v1.ListOptions) (result *v1alpha2.SSHCredentialList, err error) {
+	result = &v1alpha2.SSHCredentialList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested sSHCredentials.
+func (c *sSHCredentials) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Patch applies the patch and returns the patched sSHCredential.
+func (c *sSHCredentials) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha2.SSHCredential, err error) {
+	result = &v1alpha2.SSHCredential{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("sshcredentials").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}