Shayan Hosseini c6f611c4bf neonvm: enable ssh access into the VMs (#726)
Simple SSH access into a NeonVM by running the `ssh guest-vm` from its
runner pod.

## How it works

1. NeonVM Controller makes a secret for each VM. The secret has a pair
of public and private keys.
2. NeonVM Controller mounts the secret on the runner pod. 
3. Runner pod shares the public key with the VM by mounting a cdrom
disk. Runner pod have access to the private key and have ssh client
installed.
4. VM Builder sets up an SSH server inside the VM and uses the shared
public as an authorized key. The SSH server is accessible through the
private network bridge between the runner pod and the VM
(`169.254.254.252/30`). For convenience, we add VM's IP address to
runner pod's `/etc/hosts` as `guest-vm`. VM's SSH server is not supposed
to be exposed to the rest of the cluster. Currently we don't enforce
this and one might expose the SSH server port through
`.Spec.Guest.Ports`.

## API Changes

- Added `.Spec.EnableSSH` to VM resource object
- Added `.Status.SSHSecretName` to VM resource object

## Migration

Virtual machine migration controller requires the SSH secret to exist
because we cannot unmount and mount the new secret into the VM after the
live migration. If a VM's SSH secret is deleted accidentally then live
migration won't be possible. We can prevent accidental deletion of SSH
secrets by implementing a custom finalizer, but I leave that for another
task.

**Other changes:**
- Removing legacy SSH stuff from Makefile, vm-examples	and scripts

Resolves https://github.com/neondatabase/cloud/issues/8029.
2024-01-16 17:46:19 -08:00
..
2023-01-12 10:00:25 -08:00