operator: remove the generated ssh key machineconfig

[abhinavdahiya]

The original feature of syncing the ssh key for authorized users from cluster-config-v1 config map was added in [1]. The original assumption was
that as cluster-config-v1 was being deprecated in favor of global configs [2] and we will be able to find new home for the source of authorized keys for core user.

Based on several discussions like [3], The better UX for users is that machineconfig with authorized keys is not owned by the controller and is rather pushed by the installer at install time.
This allows users to edit the machineconfig directly to remove, add and manage the list of authorized keys.

This requires openshift/installer#1150

/cc @kikisdeliveryservice @crawford @cgwalters

[ashcrow]

level=fatal msg="waiting for openshift-console URL: context deadline exceeded"

/test e2e-aws-op

[kikisdeliveryservice]

/hold

[runcom]

needs to be rebased as per our conversation on slack - we'll get this in to avoid a migration post release

[runcom]

/hold cancel

we're waiting on #548 as well before this anyway

[runcom]

alrighty, this is good to be rebased reviewed and merged

[kikisdeliveryservice]

i do think #541 should go in before this

[runcom]

#541 went it, @abhinavdahiya can you rebase this so we can review and merge?

[abhinavdahiya]

#541 went it, @abhinavdahiya can you rebase this so we can review and merge?

@runcom PTAL

[runcom]

so nice to see this (cc @kikisdeliveryservice )

=== RUN   TestUpdateSSH
--- PASS: TestUpdateSSH (230.63s)

/approve

@kikisdeliveryservice @cgwalters ptal for merging

[cgwalters]

LGTM

[kikisdeliveryservice]

The documentation section is out of date and needs to be updated to reflect current output.

Also, I dont fully understand the flow. If a user makes a new sshkeys config, the 99-worker-ssh will be updated and a new rendered-worker-XXXXX config will be created? or will the 99-worker-ssh NOT be updated and just a new rendered worker config is generated?

I'd like this to be clear in the docs

[cgwalters]

or will the 99-worker-ssh NOT be updated

AIUI it's more like "99-worker-ssh is created by the installer if a SSH key was provided to it" - after that it's user editable (including deletion). There's no "internal controller" for it like there are for the 00-* configs etc.

The user could create separately named SSH MCs too - the keys would then be unioned.

[kikisdeliveryservice]

does this sentence make sense anymore?

[abhinavdahiya]

updated

[kikisdeliveryservice]

It's time! 👍

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, kikisdeliveryservice, runcom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [kikisdeliveryservice,runcom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[abhinavdahiya]

/hold
would need openshift/installer#1150 to go in so that we are not left without SSH keys being setup.

[abhinavdahiya]

openshift/installer#1150 merged
/hold cancel

[abhinavdahiya]

/retest

[abhinavdahiya]

Hmm... haven't seen that before :/

could not wait for build: the build machine-config-controller failed after 3m16s with reason PushImageToRegistryFailed: Failed to push the image to the registry.

Registry server Address: 
Registry server User Name: serviceaccount
Registry server Email: [email protected]
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Put https://dock...t canceled (Client.Timeout exceeded while awaiting headers)

/retest

[runcom]

looks like this may have broken upgrades (investigating with QE) - might have a clue related to the "generated by controller version" and the check the MCO does on that field.