Don't provision SSH key by default on AWS

cmd/kops/create_cluster.go

@@ -241,7 +241,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 		return []string{"containerd", "docker"}, cobra.ShellCompDirectiveNoFileComp
 	})
 
-	cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)")
+	cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use")
 	cmd.RegisterFlagCompletionFunc("ssh-public-key", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return []string{"pub"}, cobra.ShellCompDirectiveFilterFileExt
 	})
@@ -700,8 +700,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
 	if len(c.SSHPublicKeys) == 0 {
 		autoloadSSHPublicKeys := true
 		switch c.CloudProvider {
-		case "gce":
-			// We don't normally use SSH keys on GCE
+		case "gce", "aws":
 			autoloadSSHPublicKeys = false
 		}
 

docs/cli/kops_create_cluster.md

@@ -113,7 +113,7 @@ kops create cluster [CLUSTER] [flags]
   -o, --output string                    Output format. One of json or yaml. Used with the --dry-run flag.
       --project string                   Project to use (must be set on GCE)
       --ssh-access strings               Restrict SSH access to this CIDR.  If not set, uses the value of the admin-access flag.
-      --ssh-public-key string            SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)
+      --ssh-public-key string            SSH public key to use
       --subnets strings                  Shared subnets to use
       --target string                    Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct")
   -t, --topology string                  Network topology for the cluster: public or private (default "public")

docs/releases/1.22-NOTES.md

@@ -23,6 +23,9 @@ spec:
 
 ## Other significant changes
 
+* New clusters on AWS will no longer provision an SSH public key by default. To provision
+  an SSH public key on a new cluster, use the `--ssh-public-key` flag to `kops create cluster`.
+
 * The kOps Terraform support now renders managed files through the Terraform configuration instead 
   of writing them to S3 directly. This defers changes to these files until the time of `terraform apply`.
   This feature may be temporarily disabled by turning off the `TerraformManagedFiles` feature flag

pkg/model/context.go

@@ -333,11 +333,14 @@ func (b *KopsModelContext) UseEtcdTLS() bool {
 	return false
 }
 
-// UseSSHKey returns true if SSHKeyName from the cluster spec is not set to an empty string (""). Setting SSHKeyName
-// to an empty string indicates that an SSH key should not be set on instances.
+// UseSSHKey returns true if SSHKeyName from the cluster spec is set to a nonempty string
+// or there is an SSH public key provisioned in the key store.
 func (b *KopsModelContext) UseSSHKey() bool {
 	sshKeyName := b.Cluster.Spec.SSHKeyName
-	return sshKeyName == nil || *sshKeyName != ""
+	if sshKeyName == nil {
+		return len(b.SSHPublicKeys) > 0
+	}
+	return *sshKeyName != ""
 }
 
 // KubernetesVersion parses the semver version of kubernetes, from the cluster spec

upup/pkg/fi/cloudup/apply_cluster.go

@@ -417,10 +417,6 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			modelContext.AWSAccountID = accountID
 			modelContext.AWSPartition = partition
 
-			if len(sshPublicKeys) == 0 && c.Cluster.Spec.SSHKeyName == nil {
-				return fmt.Errorf("SSH public key must be specified when running with AWS (create with `kops create secret --name %s sshpublickey admin -i ~/.ssh/id_rsa.pub`)", cluster.ObjectMeta.Name)
-			}
-
 			if len(sshPublicKeys) > 1 {
 				return fmt.Errorf("exactly one 'admin' SSH public key can be specified when running with AWS; please delete a key using `kops delete secret`")
 			}