From e6ede8f4a9681c0c25af65fd464b40a24dff140e Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Sat, 17 Jul 2021 16:33:26 -0700
Subject: [PATCH] Don't provision SSH key by default on AWS

---
 cmd/kops/create_cluster.go           | 5 ++---
 docs/cli/kops_create_cluster.md      | 2 +-
 docs/releases/1.22-NOTES.md          | 3 +++
 pkg/model/context.go                 | 9 ++++++---
 upup/pkg/fi/cloudup/apply_cluster.go | 4 ----
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go
index 17587e2809..2d4b6b8705 100644
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@@ -241,7 +241,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 		return []string{"containerd", "docker"}, cobra.ShellCompDirectiveNoFileComp
 	})
 
-	cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)")
+	cmd.Flags().StringVar(&sshPublicKey, "ssh-public-key", sshPublicKey, "SSH public key to use")
 	cmd.RegisterFlagCompletionFunc("ssh-public-key", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return []string{"pub"}, cobra.ShellCompDirectiveFilterFileExt
 	})
@@ -700,8 +700,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
 	if len(c.SSHPublicKeys) == 0 {
 		autoloadSSHPublicKeys := true
 		switch c.CloudProvider {
-		case "gce":
-			// We don't normally use SSH keys on GCE
+		case "gce", "aws":
 			autoloadSSHPublicKeys = false
 		}
 
diff --git a/docs/cli/kops_create_cluster.md b/docs/cli/kops_create_cluster.md
index e2d8ca63f0..5d1c7a92d1 100644
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@@ -113,7 +113,7 @@ kops create cluster [CLUSTER] [flags]
   -o, --output string                    Output format. One of json or yaml. Used with the --dry-run flag.
       --project string                   Project to use (must be set on GCE)
       --ssh-access strings               Restrict SSH access to this CIDR.  If not set, uses the value of the admin-access flag.
-      --ssh-public-key string            SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)
+      --ssh-public-key string            SSH public key to use
       --subnets strings                  Shared subnets to use
       --target string                    Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct")
   -t, --topology string                  Network topology for the cluster: public or private (default "public")
diff --git a/docs/releases/1.22-NOTES.md b/docs/releases/1.22-NOTES.md
index 001f876a8f..d568753820 100644
--- a/docs/releases/1.22-NOTES.md
+++ b/docs/releases/1.22-NOTES.md
@@ -23,6 +23,9 @@ spec:
 
 ## Other significant changes
 
+* New clusters on AWS will no longer provision an SSH public key by default. To provision
+  an SSH public key on a new cluster, use the `--ssh-public-key` flag to `kops create cluster`.
+
 * The kOps Terraform support now renders managed files through the Terraform configuration instead 
   of writing them to S3 directly. This defers changes to these files until the time of `terraform apply`.
   This feature may be temporarily disabled by turning off the `TerraformManagedFiles` feature flag
diff --git a/pkg/model/context.go b/pkg/model/context.go
index aacc8ba21a..3625881953 100644
--- a/pkg/model/context.go
+++ b/pkg/model/context.go
@@ -333,11 +333,14 @@ func (b *KopsModelContext) UseEtcdTLS() bool {
 	return false
 }
 
-// UseSSHKey returns true if SSHKeyName from the cluster spec is not set to an empty string (""). Setting SSHKeyName
-// to an empty string indicates that an SSH key should not be set on instances.
+// UseSSHKey returns true if SSHKeyName from the cluster spec is set to a nonempty string
+// or there is an SSH public key provisioned in the key store.
 func (b *KopsModelContext) UseSSHKey() bool {
 	sshKeyName := b.Cluster.Spec.SSHKeyName
-	return sshKeyName == nil || *sshKeyName != ""
+	if sshKeyName == nil {
+		return len(b.SSHPublicKeys) > 0
+	}
+	return *sshKeyName != ""
 }
 
 // KubernetesVersion parses the semver version of kubernetes, from the cluster spec
diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go
index 9424a9102d..b35f0d0a8a 100644
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@@ -417,10 +417,6 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			modelContext.AWSAccountID = accountID
 			modelContext.AWSPartition = partition
 
-			if len(sshPublicKeys) == 0 && c.Cluster.Spec.SSHKeyName == nil {
-				return fmt.Errorf("SSH public key must be specified when running with AWS (create with `kops create secret --name %s sshpublickey admin -i ~/.ssh/id_rsa.pub`)", cluster.ObjectMeta.Name)
-			}
-
 			if len(sshPublicKeys) > 1 {
 				return fmt.Errorf("exactly one 'admin' SSH public key can be specified when running with AWS; please delete a key using `kops delete secret`")
 			}