From 5450a9240d6bf7544d5bfbffe898467079080c62 Mon Sep 17 00:00:00 2001
From: Nicki Washington <alicia_nickiw@hotmail.com>
Date: Sun, 10 Feb 2019 22:35:24 -0500
Subject: [PATCH 1/5] add ssh-kops-cluster to FAQ

---
 content/faq/how-to-ssh-kops-cluster.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 content/faq/how-to-ssh-kops-cluster.md

diff --git a/content/faq/how-to-ssh-kops-cluster.md b/content/faq/how-to-ssh-kops-cluster.md
new file mode 100644
index 000000000..7c7d73341
--- /dev/null
+++ b/content/faq/how-to-ssh-kops-cluster.md
@@ -0,0 +1,23 @@
+---
+title: "How do we SSH into a kops Kubernetes cluster? "
+description: "There's the way it works out of the box and then there's the fancy way, which is recommended."
+tags:
+- kops
+- SSH
+- Kubernetes
+- Gravitational Teleport
+---
+
+## Question
+
+How do we SSH into nodes and pods in a `kops` Kubernetes cluster?
+
+## Answer
+
+There's the way it works out of the box and then there's the fancy way, which is recommended.
+
+Out of the box, there's a set of master keys that are required when provisioning the `kops` cluster. These can be used as a last resort to access the nodes. The downside is that these keys must be shared, and rotating them is painful and time consuming, requiring a rolling update of all nodes in the cluster.
+
+The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with session logs, pretty YouTube-style session replays, bastions, and event hooks. This is what our customers who are serious about security and compliance use.
+
+In our experience, you basically never need to access the raw Kubernetes nodes. This wasn’t the case back in the day (when we ran our own homespun solutions on CoreOS). However, `kops` is very turnkey, and the need for SSH is nearly eliminated.

From f0971d46b105a561706788ad761273c02f7de58a Mon Sep 17 00:00:00 2001
From: Nicki Washington <alicia_nickiw@hotmail.com>
Date: Fri, 19 Apr 2019 23:59:59 -0400
Subject: [PATCH 2/5] add tags to title for ssh-kops-cluster

---
 content/faq/how-to-ssh-kops-cluster.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/faq/how-to-ssh-kops-cluster.md b/content/faq/how-to-ssh-kops-cluster.md
index 7c7d73341..c3dbf5590 100644
--- a/content/faq/how-to-ssh-kops-cluster.md
+++ b/content/faq/how-to-ssh-kops-cluster.md
@@ -1,5 +1,5 @@
 ---
-title: "How do we SSH into a kops Kubernetes cluster? "
+title: "How do we SSH into a `kops` Kubernetes cluster? "
 description: "There's the way it works out of the box and then there's the fancy way, which is recommended."
 tags:
 - kops

From 6c9387a5cf4d1d1efd3451f6645164b4dd0ba84e Mon Sep 17 00:00:00 2001
From: Erik Osterman <erik@cloudposse.com>
Date: Sun, 12 Jan 2020 15:23:53 -0800
Subject: [PATCH 3/5] Update content/faq/how-to-ssh-kops-cluster.md

---
 content/faq/how-to-ssh-kops-cluster.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/faq/how-to-ssh-kops-cluster.md b/content/faq/how-to-ssh-kops-cluster.md
index c3dbf5590..d8fce2e69 100644
--- a/content/faq/how-to-ssh-kops-cluster.md
+++ b/content/faq/how-to-ssh-kops-cluster.md
@@ -16,7 +16,7 @@ How do we SSH into nodes and pods in a `kops` Kubernetes cluster?
 
 There's the way it works out of the box and then there's the fancy way, which is recommended.
 
-Out of the box, there's a set of master keys that are required when provisioning the `kops` cluster. These can be used as a last resort to access the nodes. The downside is that these keys must be shared, and rotating them is painful and time consuming, requiring a rolling update of all nodes in the cluster.
+Out of the box, there's a set of master keys that are required when provisioning the `kops` cluster. These can be used as a last resort to access the nodes. The downside is that these keys must be shared, and rotating them is painful and time-consuming, requiring a rolling update of all nodes in the cluster. In [`geodesic`](https://github.com/cloudposse/geodesic), we've added a shortcut to make this easier by running `kopsctl cluster ssh bastion`.
 
 The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with session logs, pretty YouTube-style session replays, bastions, and event hooks. This is what our customers who are serious about security and compliance use.
 

From c15a396bffabeb1a43f02ea6b57bb15c2f4386f4 Mon Sep 17 00:00:00 2001
From: Erik Osterman <erik@cloudposse.com>
Date: Sun, 12 Jan 2020 15:24:01 -0800
Subject: [PATCH 4/5] Update content/faq/how-to-ssh-kops-cluster.md

---
 content/faq/how-to-ssh-kops-cluster.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/content/faq/how-to-ssh-kops-cluster.md b/content/faq/how-to-ssh-kops-cluster.md
index d8fce2e69..dd2ca6127 100644
--- a/content/faq/how-to-ssh-kops-cluster.md
+++ b/content/faq/how-to-ssh-kops-cluster.md
@@ -18,6 +18,11 @@ There's the way it works out of the box and then there's the fancy way, which is
 
 Out of the box, there's a set of master keys that are required when provisioning the `kops` cluster. These can be used as a last resort to access the nodes. The downside is that these keys must be shared, and rotating them is painful and time-consuming, requiring a rolling update of all nodes in the cluster. In [`geodesic`](https://github.com/cloudposse/geodesic), we've added a shortcut to make this easier by running `kopsctl cluster ssh bastion`.
 
-The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with session logs, pretty YouTube-style session replays, bastions, and event hooks. This is what our customers who are serious about security and compliance use.
+The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with session logs, pretty YouTube-style session replays, bastions, and event hooks. This is what our customers who are serious about security and compliance use. Everything needed to deploy Teleport is public on our GitHub.
+
+To get started, you'll need:
+ 1. [Helmfiles](https://github.com/cloudposse/helmfiles/tree/master/releases) 
+ 2. [Blueprints](https://github.com/cloudposse/terraform-root-modules/tree/master/aws) for teleport backing services
+ 3. [`terraform-aws-teleport-storage`](https://github.com/cloudposse/terraform-aws-teleport-storage) module for deploying backing services
 
 In our experience, you basically never need to access the raw Kubernetes nodes. This wasn’t the case back in the day (when we ran our own homespun solutions on CoreOS). However, `kops` is very turnkey, and the need for SSH is nearly eliminated.

From 14071cfc0ae22c467f17c1180c7e7559c1de7688 Mon Sep 17 00:00:00 2001
From: Erik Osterman <erik@cloudposse.com>
Date: Sun, 12 Jan 2020 15:25:38 -0800
Subject: [PATCH 5/5] Update how-to-ssh-kops-cluster.md

---
 content/faq/how-to-ssh-kops-cluster.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/faq/how-to-ssh-kops-cluster.md b/content/faq/how-to-ssh-kops-cluster.md
index dd2ca6127..44dedf0ae 100644
--- a/content/faq/how-to-ssh-kops-cluster.md
+++ b/content/faq/how-to-ssh-kops-cluster.md
@@ -18,11 +18,11 @@ There's the way it works out of the box and then there's the fancy way, which is
 
 Out of the box, there's a set of master keys that are required when provisioning the `kops` cluster. These can be used as a last resort to access the nodes. The downside is that these keys must be shared, and rotating them is painful and time-consuming, requiring a rolling update of all nodes in the cluster. In [`geodesic`](https://github.com/cloudposse/geodesic), we've added a shortcut to make this easier by running `kopsctl cluster ssh bastion`.
 
-The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with session logs, pretty YouTube-style session replays, bastions, and event hooks. This is what our customers who are serious about security and compliance use. Everything needed to deploy Teleport is public on our GitHub.
+The fancier way (aka the “recommended way”) is with Gravitational Teleport. It provides an enterprise-grade SSH PKI with Single Signon, session logs, pretty YouTube-style session replays, bastions (proxies), and event hooks. This is what our customers who are serious about security and compliance use. Everything needed to deploy Teleport is public on our GitHub.
 
 To get started, you'll need:
  1. [Helmfiles](https://github.com/cloudposse/helmfiles/tree/master/releases) 
  2. [Blueprints](https://github.com/cloudposse/terraform-root-modules/tree/master/aws) for teleport backing services
  3. [`terraform-aws-teleport-storage`](https://github.com/cloudposse/terraform-aws-teleport-storage) module for deploying backing services
 
-In our experience, you basically never need to access the raw Kubernetes nodes. This wasn’t the case back in the day (when we ran our own homespun solutions on CoreOS). However, `kops` is very turnkey, and the need for SSH is nearly eliminated.
+In our experience, you basically never need to access the raw Kubernetes nodes. This wasn’t the case back in the day (when we ran our own homespun solutions on CoreOS). However, with EKS and `kops` things are much more turnkey, and the need for SSH is nearly eliminated.