Merge pull request #2219 from mboersma/ssh-docs-fixes

k8s-ci-robot · web-flow · commit a6c8152ab1f5 · 2022-04-07T16:13:23.000-07:00
Minor edits to "SSH access to nodes" doc
diff --git a/docs/book/src/topics/ssh-access.md b/docs/book/src/topics/ssh-access.md
@@ -1,13 +1,13 @@
 # SSH access to nodes
 
-This document describes how to get SSH access to virtual machines being part of a CAPZ cluster.
+This document describes how to get SSH access to virtual machines that are part of a CAPZ cluster.
 
 In order to get SSH access to a Virtual Machine on Azure, two requirements have to be met:
 
-- get network-level access to the SSH service;
-- get authentication sorted.
+- get network-level access to the SSH service
+- get authentication sorted
 
-This documents describe some possible strategies to fulfil both requirements.
+This documents describe some possible strategies to fulfill both requirements.
 
 ## Network Access
 
@@ -16,7 +16,7 @@ This documents describe some possible strategies to fulfil both requirements.
 By default, `control plane` VMs have SSH access allowed from any source in their `Network Security Group`s. Also by default,
 VMs don't have a public IP address assigned. 
 
-To get SSH access to one of the `Control Plane` VMs you can use the `API Load Balancer`'s IP, because by default an `Inbound NAT Rule`
+To get SSH access to one of the `control plane` VMs you can use the `API Load Balancer`'s IP, because by default an `Inbound NAT Rule`
 is created to route traffic coming to the load balancer on TCP port 22 (the SSH port) to one of the nodes with role `master` in the workload cluster.
 
 This of course works only for clusters that are using a `Public` Load Balancer.
@@ -26,32 +26,32 @@ address for the other nodes.
 
 For example, let's consider this CAPZ cluster (using a Public Load Balancer) with two nodes:
 
-```
-NAME                        STATUS   ROLES    AGE    VERSION    INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
-test1-control-plane-cn9lm   Ready    master   111m   v1.18.16   10.0.0.4      <none>        Ubuntu 18.04.5 LTS   5.4.0-1039-azure   containerd://1.4.3
-test1-md-0-scctm            Ready    <none>   109m   v1.18.16   10.1.0.4      <none>        Ubuntu 18.04.5 LTS   5.4.0-1039-azure   containerd://1.4.3
+```shell
+NAME                        STATUS   ROLES                  AGE    VERSION    INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
+test1-control-plane-cn9lm   Ready    control-plane,master   111m   v1.18.16   10.0.0.4      <none>        Ubuntu 18.04.5 LTS   5.4.0-1039-azure   containerd://1.4.3
+test1-md-0-scctm            Ready    <none>                 109m   v1.18.16   10.1.0.4      <none>        Ubuntu 18.04.5 LTS   5.4.0-1039-azure   containerd://1.4.3
 ```
 
 You can SSH to the control plane node using the load balancer's public DNS name:
 
-```
-$ kubectl get azurecluster test1 -o json| jq .spec.networkSpec.apiServerLB.frontendIPs[0].publicIP.dnsName
+```shell
+$ kubectl get azurecluster test1 -o json | jq '.spec.networkSpec.apiServerLB.frontendIPs[0].publicIP.dnsName'
 test1-21192f78.eastus.cloudapp.azure.com
 
 $ ssh username@test1-21192f78.eastus.cloudapp.azure.com hostname
 test1-control-plane-cn9lm
 ```
 
-As you can see, the Load Balancer routed the request to node `test1-control-plane-cn9lm` that is the only node with role `master` in this workload cluster.
+As you can see, the Load Balancer routed the request to node `test1-control-plane-cn9lm` that is the only node with role `control-plane` in this workload cluster.
 
 In order to SSH to node 'test1-md-0-scctm', you can use the other node as a bastion:
 
-```
+```shell
 $ ssh -J username@test1-21192f78.eastus.cloudapp.azure.com username@10.1.0.4 hostname
 test1-md-0-scctm
 ```
 
-Clusters using an `Internal` Load Balancer (private clusters) can't use this approach. Network-level SSH access to those clusters have to be made on the private IP address of VMs
+Clusters using an `Internal` Load Balancer (private clusters) can't use this approach. Network-level SSH access to those clusters has to be made on the private IP address of VMs
 by first getting access to the Virtual Network. How to do that is out of the scope of this document.
 A possible alternative that works for private clusters as well is described in the next paragraph.
 
@@ -65,7 +65,7 @@ It is enough to set the field's value to the empty object `{}` and the default c
 
 For example this is an `AzureCluster` CR with the `Azure Bastion` feature enabled:
 
-```
+```yaml
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureCluster
 metadata:
@@ -92,7 +92,7 @@ When the `AzureBastion` feature is enabled in a CAPZ cluster, 3 new resources wi
 The default values for the new resources should work for most use cases, but if you need to customize them you can 
 provide your own values. Here is a detailed example:
 
-```
+```yaml
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureCluster
 metadata:
@@ -121,7 +121,7 @@ With the networking part sorted, we still have to work out a way of authenticati
 In order to add an SSH authorized key for user `username` and provide `sudo` access to the `control plane` VMs, you can adjust the `KubeadmControlPlane` CR
 as in the following example:
 
-```
+```yaml
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
 kind: KubeadmControlPlane
 ...
@@ -143,7 +143,7 @@ spec:
 
 Similarly, you can achieve the same result for `Machine Deployments` by customizing the `KubeadmConfigTemplate` CR: 
 
-```
+```yaml
 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
 kind: KubeadmConfigTemplate
 metadata:
