Merge pull request #7 from d3vil-st/main

Added support to provide SSH keys for k8s node groups

README.md

@@ -2,7 +2,7 @@
 
 ## Features
 
-- Create zonal Kubernetes cluster  
+- Create zonal Kubernetes cluster
 - Create user defined Kubernetes node groups
 - Easy to use in other resources via outputs
 
@@ -63,11 +63,11 @@ module "kube" {
       subnet_id = "e9b3k97pr2nh1i80as04"
     },
     {
-      zone      = "eu-north1-b" 
+      zone      = "eu-north1-b"
       subnet_id = "e2laaglsc7u99ur8c4j1"
     },
     {
-      zone      = "eu-north1-c" 
+      zone      = "eu-north1-c"
       subnet_id = "b0ckjm3olbpmk2t6c28o"
     }
   ]
@@ -206,6 +206,9 @@ No modules.
 | <a name="input_service_ipv4_range"></a> [service\_ipv4\_range](#input\_service\_ipv4\_range) | CIDR block. IP range from which Kubernetes service cluster IP addresses <br>    will be allocated from. It should not overlap with<br>    any subnet in the network the Kubernetes cluster located in | `string` | `"172.18.0.0/16"` | no |
 | <a name="input_service_ipv6_range"></a> [service\_ipv6\_range](#input\_service\_ipv6\_range) | IPv6 CIDR block. IP range for allocating pod addresses. | `string` | `null` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Timeouts. | `map(string)` | <pre>{<br>  "create": "60m",<br>  "delete": "60m",<br>  "update": "60m"<br>}</pre> | no |
+| <a name="ssh_username"></a> [ssh_username](#input\_ssh_username) | SSH Username. | `map(string)` | <pre>{<br>  "create": "60m",<br>  "delete": "60m",<br>  "update": "60m"<br>}</pre> | no |
+| <a name="ssh_public_key"></a> [ssh_public_key](#input\_ssh_public_key) | SSH Public key content. | `map(string)` | <pre>{<br>  "create": "60m",<br>  "delete": "60m",<br>  "update": "60m"<br>}</pre> | no |
+| <a name="ssh_public_key_path"></a> [ssh_public_key_path](#input\_ssh_public_key_path) | Path to SSH Public key file. | `map(string)` | <pre>{<br>  "create": "60m",<br>  "delete": "60m",<br>  "update": "60m"<br>}</pre> | no |
 
 ## Outputs
 

examples/example-1-zonal-with-2-ng/main.tf

@@ -3,7 +3,7 @@
 module "kube" {
   source = "../../"
 
-  network_id =  "btcci5d99ka84l988qvs"
+  network_id = "btcci5d99ka84l988qvs"
 
   master_locations = [
     {
@@ -28,7 +28,7 @@ module "kube" {
     }
   ]
   node_groups = {
-   "k8s-ng-h100-8gpu1" = {
+    "k8s-ng-h100-8gpu1" = {
       description = "Kubernetes nodes h100-8-gpu nodes with autoscaling"
       fixed_scale = {
         size = 2
@@ -40,12 +40,10 @@ module "kube" {
       node_gpus       = 8
       disk_type       = "network-ssd-nonreplicated"
       disk_size       = 372
-      nat = true
+      nat             = true
       node_labels = {
         "group" = "h100-8gpu"
       }
     }
   }
 }
-
-

examples/example-1-zonal-with-2-ng/terraform.tfvars

@@ -1 +0,0 @@
-

examples/example-1-zonal-with-2-ng/versions.tf

@@ -3,7 +3,7 @@ terraform {
 
   required_providers {
     nebius = {
-      source = "terraform-registry.storage.ai.nebius.cloud/nebius/nebius"
+      source  = "terraform-registry.storage.ai.nebius.cloud/nebius/nebius"
       version = ">= 0.6.0"
     }
     local = {
@@ -18,7 +18,7 @@ terraform {
 }
 
 provider "nebius" {
-  endpoint = "api.nemax.nebius.cloud:443"
+  endpoint  = "api.nemax.nebius.cloud:443"
   folder_id = "bjer0eu4okh6vntopouq"
 }
 

node_group.tf

@@ -11,6 +11,9 @@ locals {
     ])
   ]...) : []
   master_locations_subnets_ids = concat(flatten([for location in var.master_locations : location.subnet_id]))
+
+  ssh_public_key = var.ssh_public_key != null ? var.ssh_public_key : (
+  fileexists(var.ssh_public_key_path) ? file(var.ssh_public_key_path) : null)
 }
 
 resource "nebius_kubernetes_node_group" "kube_node_groups" {
@@ -32,11 +35,14 @@ resource "nebius_kubernetes_node_group" "kube_node_groups" {
       gpus          = lookup(each.value, "node_gpus", var.node_groups_defaults.node_gpus)
     }
 
+    metadata = {
+      ssh-keys = local.ssh_public_key != null ? "${var.ssh_username}:${local.ssh_public_key}" : null
+    }
 
     dynamic "gpu_settings" {
       for_each = compact([lookup(each.value, "gpu_cluster_id", null)])
       content {
-        gpu_cluster_id = each.value.gpu_cluster_id
+        gpu_cluster_id  = each.value.gpu_cluster_id
         gpu_environment = each.value.gpu_environment
       }
     }

variables.tf

@@ -73,7 +73,7 @@ variable "node_ipv4_cidr_mask_size" {
 
 variable "service_ipv4_range" {
   description = <<EOF
-    CIDR block. IP range from which Kubernetes service cluster IP addresses 
+    CIDR block. IP range from which Kubernetes service cluster IP addresses
     will be allocated from. It should not overlap with
     any subnet in the network the Kubernetes cluster located in
     EOF
@@ -113,7 +113,7 @@ variable "release_channel" {
 variable "network_policy_provider" {
   description = "Network policy provider for Kubernetes cluster"
   type        = string
-  default     = null #changed 
+  default     = null #changed
 }
 
 variable "enable_cilium_policy" {
@@ -223,14 +223,14 @@ variable "node_groups" {
      - If node groups version isn't defined, cluster version will be used instead of.
      - A master locations list must have only one location for zonal cluster and three locations for a regional.
      - All node groups are able to define own locations. These locations will be used at first.
-     - If own location aren't defined for node groups with auto scale policy, locations for these groups will be automatically generated from master locations. If node groups list have more than three groups, locations for them will be assigned from the beggining of the master locations list. So, all node groups will be distributed in a range of master locations. 
+     - If own location aren't defined for node groups with auto scale policy, locations for these groups will be automatically generated from master locations. If node groups list have more than three groups, locations for them will be assigned from the beggining of the master locations list. So, all node groups will be distributed in a range of master locations.
      - Master locations will be used for fixed scale node groups.
      - Auto repair and upgrade values will be used master_auto_upgrade value.
      - Master maintenance windows will be used for Node groups also!
      - Only one max_expansion OR max_unavailable values should be specified for the deployment policy.
-    
+
     Documentation - https://registry.terraform.io/providers/nebius-cloud/nebius/latest/docs/resources/kubernetes_node_group
-    
+
     Default values:
     ```
       platform_id     = "standard-v2"
@@ -356,7 +356,7 @@ variable "enable_default_rules" {
 variable "custom_ingress_rules" {
   description = <<-EOF
     Map definition of custom security ingress rules.
-    
+
     Example:
     ```
     custom_ingress_rules = {
@@ -390,7 +390,7 @@ variable "custom_ingress_rules" {
 variable "custom_egress_rules" {
   description = <<-EOF
     Map definition of custom security egress rules.
-    
+
     Example:
     ```
     custom_egress_rules = {
@@ -431,4 +431,22 @@ variable "pod_mtu" {
   description = "default pod mtu for networking"
   type        = number
   default     = 8880
-}
+}
+
+variable "ssh_username" {
+  description = "Username for SSH login"
+  type        = string
+  default     = "ubuntu"
+}
+
+variable "ssh_public_key" {
+  description = "Public SSH key to access the cluster nodes"
+  type        = string
+  default     = null
+}
+
+variable "ssh_public_key_path" {
+  description = "Path to a SSH public key to access the cluster nodes"
+  type        = string
+  default     = "~/.ssh/id_rsa.pub"
+}

versions.tf

@@ -3,10 +3,10 @@ terraform {
 
   required_providers {
     nebius = {
-      source = "terraform-registry.storage.ai.nebius.cloud/nebius/nebius"
+      source  = "terraform-registry.storage.ai.nebius.cloud/nebius/nebius"
       version = ">= 0.6.0"
     }
-    
+
     random = {
       source  = "hashicorp/random"
       version = "> 3.3"