openshift
diff --git a/‎_topic_maps/_topic_map.yml
Lines changed: 4 additions & 2 deletions b/‎_topic_maps/_topic_map.yml
Lines changed: 4 additions & 2 deletions
diff --git a/‎modules/virt-about-services.adoc
Lines changed: 4 additions & 5 deletions b/‎modules/virt-about-services.adoc
Lines changed: 4 additions & 5 deletions
diff --git a/‎modules/virt-access-configuration-considerations.adoc
Lines changed: 41 additions & 0 deletions b/‎modules/virt-access-configuration-considerations.adoc
Lines changed: 41 additions & 0 deletions
diff --git a/‎modules/virt-accessing-vmi-ssh.adoc
Lines changed: 0 additions & 89 deletions b/‎modules/virt-accessing-vmi-ssh.adoc
Lines changed: 0 additions & 89 deletions
diff --git a/‎modules/virt-adding-static-public-key-cli.adoc
Lines changed: 151 additions & 0 deletions b/‎modules/virt-adding-static-public-key-cli.adoc
Lines changed: 151 additions & 0 deletions
diff --git a/‎modules/virt-adding-static-public-key-project-web.adoc
Lines changed: 37 additions & 0 deletions b/‎modules/virt-adding-static-public-key-project-web.adoc
Lines changed: 37 additions & 0 deletions
@@ -3629,6 +3629,10 @@ Topics:
 ###VIRTUAL MACHINE CHESS SALAD (silly name to highlight that the commented out assemblies need to be checked against merged filenams)
   - Name: Creating virtual machines
     File: virt-create-vms
+  - Name: Connecting to VM consoles
+    File: virt-accessing-vm-consoles
+  - Name: Configuring SSH access to VMs
+    File: virt-accessing-vm-ssh
   - Name: Editing virtual machines
     File: virt-edit-vms
   - Name: Editing boot order
@@ -3641,8 +3645,6 @@ Topics:
     File: virt-manage-vmis
   - Name: Controlling virtual machine states
     File: virt-controlling-vm-states
-  - Name: Accessing virtual machine consoles
-    File: virt-accessing-vm-consoles
   - Name: Automating Windows installation with sysprep
     File: virt-automating-windows-sysprep
   - Name: Installing the QEMU guest agent and VirtIO drivers
 
@@ -1,18 +1,17 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
 
 :_content-type: CONCEPT
 [id="virt-about-services_{context}"]
 = About services
 
-A Kubernetes _service_ exposes network access for clients to an application running on a set of pods. Services offer abstraction, load balancing, and, in the case of NodePort and LoadBalancer, exposure to the outside world. 
+A Kubernetes service exposes network access for clients to an application running on a set of pods. Services offer abstraction, load balancing, and, in the case of the `NodePort` and `LoadBalancer` types, exposure to the outside world.
 
-Services can be exposed in the *VirtualMachine details* -> *Details* tab of the web console or by specifying a `spec.type` in the `Service` object:
+ClusterIP:: Exposes the service on an internal IP address and as a DNS name to other applications within the cluster. A single service can map to multiple virtual machines. When a client tries to connect to the service, the client's request is load balanced among available backends. `ClusterIP` is the default service type.
 
-ClusterIP:: Exposes the service on an internal IP address and as a DNS name to other applications within the cluster. A single service can map to multiple virtual machines. When a client tries to connect to the service, the client's request is load balanced among available backends. `ClusterIP` is the default service `type`.
-
-NodePort:: Exposes the service on the same port of each selected node in the cluster. `NodePort` makes a service accessible from outside the cluster.
+NodePort:: Exposes the service on the same port of each selected node in the cluster. `NodePort` makes a port accessible from outside the cluster, as long as the node itself is externally accessible to the client.
 
 LoadBalancer:: Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP address to the service.
 
 
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_content-type: REFERENCE
+[id="virt-access-configuration-considerations_{context}"]
+= Access configuration considerations
+
+Each method for configuring access to a virtual machine (VM) has advantages and limitations, depending on the traffic load and client requirements.
+
+Services provide excellent performance and are recommended for applications that are accessed from outside the cluster.
+
+If the internal cluster network cannot handle the traffic load, you can configure a secondary network.
+
+`virtctl ssh` and `virtctl port-forwarding` commands::
+* Simple to configure.
+* Recommended for troubleshooting VMs.
+* `virtctl port-forwarding` recommended for automated configuration of VMs with Ansible.
+* Not recommended for high-traffic applications like Rsync or Remote Desktop Protocol because of the burden on the API server.
+* The API server must be able to handle the traffic load.
+* The clients must be able to access the API server.
+* The clients must have access credentials for the cluster.
+
+Cluster IP service::
+* The internal cluster network must be able to handle the traffic load.
+* The clients must be able to access an internal cluster IP address.
+
+Node port service::
+* The internal cluster network must be able to handle the traffic load.
+* The clients must be able to access at least one node.
+
+Load balancer service::
+* A load balancer must be configured.
+* Each node must be able to handle the traffic load of one or more load balancer services.
+
+Secondary network::
+* Excellent performance because traffic does not go through the internal cluster network.
+* Allows a flexible approach to network topology.
+* Guest operating system must be configured with appropriate security because the VM is exposed directly to the secondary network. If a VM is compromised, an intruder could gain access to the secondary network.
+
+
@@ -0,0 +1,151 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_content-type: PROCEDURE
+[id="virt-adding-static-public-key-cli_{context}"]
+= Adding an SSH key when creating a virtual machine by using the command line
+
+You can add a _static_ public SSH key when you create a virtual machine (VM) by using the command line. The key is added to the VM at startup.
+
+The SSH key is added to the VM as generated cloud-init metadata, by using a cloud-init configuration disk. This method separates the access credentials from the application data in the cloud-init user data. This method does not affect cloud-init user data.
+
+.Prerequisites
+
+* You generated an SSH key pair by running the `ssh-keygen` command.
+
+.Procedure
+
+. Create a manifest file for a `VirtualMachine` object and a `Secret` object:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+  namespace: example-namespace
+spec:
+  dataVolumeTemplates:
+  - apiVersion: cdi.kubevirt.io/v1beta1
+    kind: DataVolume
+    metadata:
+      name: example-vm-disk
+    spec:
+      sourceRef:
+        kind: DataSource
+        name: rhel9
+        namespace: openshift-virtualization-os-images
+      storage:
+        resources:
+          requests:
+            storage: 30Gi
+  running: false
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: example-vm
+    spec:
+      domain:
+        cpu:
+          cores: 1
+          sockets: 2
+          threads: 1
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: rootdisk
+          - disk:
+              bus: virtio
+            name: cloudinitdisk
+          interfaces:
+          - masquerade: {}
+            name: default
+          rng: {}
+        features:
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi: {}
+        resources:
+          requests:
+            memory: 8Gi
+      evictionStrategy: LiveMigrate
+      networks:
+      - name: default
+        pod: {}
+      volumes:
+      - dataVolume:
+          name: example-volume
+        name: example-vm-disk
+        - cloudInitConfigDrive: <1>
+            userData: |-
+              #cloud-config
+              user: cloud-user
+              password: <password>
+              chpasswd: { expire: False }
+          name: cloudinitdisk
+      accessCredentials:
+        - sshPublicKey:
+            propagationMethod:
+              configDrive: {}
+            source:
+              secret:
+                secretName: authorized-keys <2>
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authorized-keys
+data:
+  key:  |
+      MIIEpQIBAAKCAQEAulqb/Y... <3>
+----
+<1> Specify `cloudInitConfigDrive` to create a configuration drive.
+<2> Specify the `Secret` object name.
+<3> Paste the public SSH key.
+
+. Create the `VirtualMachine` and `Secret` objects:
++
+[source,terminal]
+----
+$ oc create -f <manifest_file>.yaml
+----
+
+. Start the VM:
++
+[source,terminal]
+----
+$ virtctl start vm example-vm
+----
+
+.Verification
+. Get the VM configuration:
++
+[source,terminal]
+----
+$ oc describe vm example-vm -n example-namespace
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+  namespace: example-namespace
+spec:
+  template:
+    spec:
+      accessCredentials:
+        - sshPublicKey:
+            propagationMethod:
+              configDrive: {}
+            source:
+              secret:
+                secretName: authorized-keys
+----
+
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_content-type: PROCEDURE
+[id="adding-static-public-key-project-web_{context}"]
+= Adding an SSH key to a project by using the web console
+
+You can add a _static_ public SSH key to a project by using the {product-title} web console. Afterwards, this key is added to the virtual machines (VMs) that you create in the project.
+
+A static public key is added to a VM at startup as cloud-init metadata. This method does not affect cloud-init user data.
+
+.Prerequisites
+
+* You generated an SSH key pair by running the `ssh-keygen` command.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Overview* in the web console.
+. On the *Settings* tab, click the *User* tab.
+. Expand *Manage SSH keys*.
+. Select a project from the *Project* list and click the edit icon.
+. Select an SSH key option:
+
+* *Use existing*: Select a secret from the secrets list.
+* *Add new*:
+.. Browse to the public SSH key file or paste the file in the key field.
+.. Enter the secret name.
+
+. Click *Save*.
+
+.Verification
+. Create a VM in the same project as the SSH key.
+. Click the VM to view the *VirtualMachine details* page.
+. Click the *Scripts* tab on the *Configuration* tab.
++
+The secret name is displayed in the *Authorized SSH key* section.