docs: publish to 2.0

docs/versioned_docs/version-2.0/workflows/ssh.md

@@ -1,19 +1,19 @@
-# Manage SSH Keys
+# Manage SSH keys
 
-Constellation gives you the capability to create UNIX users which can connect to the cluster nodes over SSH, allowing you to access both control-plane and worker nodes. While the nodes' data partitions are persistent, the system partitions are read-only. Consequently, users need to be re-created upon each restart of a node. This is where the Access Manager comes into effect, ensuring the automatic (re-)creation of all users whenever a node is restarted.
+Constellation allows you to create UNIX users that can connect to both control-plane and worker nodes over SSH. As the system partitions are read-only, users need to be re-created upon each restart of a node. This is automated by the *Access Manager*.
 
-During the initial creation of the cluster, all users defined in the `ssh-users` section of the Constellation configuration file are automatically created during the initialization process. For persistence, the users are stored in a ConfigMap called `ssh-users`, residing in the `kube-system` namespace. For a running cluster, users can be added and removed by modifying the entries of the ConfigMap and performing a restart of a node.
+On cluster initialization, users defined in the `ssh-users` section of the Constellation configuration file are created and stored in the `ssh-users` ConfigMap in the `kube-system` namespace. For a running cluster, you can add or remove users by modifying the ConfigMap and restarting a node.
 
 ## Access Manager
-The Access Manager supports all OpenSSH key types. These are RSA, ECDSA (using the `nistp256`, `nistp384`, `nistp521` curves) and Ed25519. 
+The Access Manager supports all OpenSSH key types. These are RSA, ECDSA (using the `nistp256`, `nistp384`, `nistp521` curves) and Ed25519.
 
 :::note
 All users are automatically created with `sudo` capabilities.
 :::
 
-The Access Manager is deployed as a DaemonSet called `constellation-access-manager`, running as an `initContainer` and afterward running a `pause` container to avoid automatic restarts. While technically killing the Pod and letting it restart works for the (re-)creation of users, it doesn't automatically remove users. Thus, a complete node restart is required after making changes to the ConfigMap.
+The Access Manager is deployed as a DaemonSet called `constellation-access-manager`, running as an `initContainer` and afterward running a `pause` container to avoid automatic restarts. While technically killing the Pod and letting it restart works for the (re-)creation of users, it doesn't automatically remove users. Thus, a node restart is required after making changes to the ConfigMap.
 
-When a user is deleted from the ConfigMap, it won't be re-created after the next restart of a node. The home directories of the affected users will be moved to `/var/evicted`, with the owner of each directory and its content being modified to `root`.
+When a user is deleted from the ConfigMap, it won't be re-created after the next restart of a node. The home directories of the affected users will be moved to `/var/evicted`.
 
 You can update the ConfigMap by:
 ```bash
@@ -23,7 +23,7 @@ kubectl edit configmap -n kube-system ssh-users
 Or alternatively, by modifying and re-applying it with the definition listed in the examples.
 
 ## Examples
-An example to create an user called `myuser` as part of the `constellation-config.yaml` looks like this:
+You can add a user `myuser` in `constellation-config.yaml` like this:
 
 ```yaml
 # Create SSH users on Constellation nodes upon the first initialization of the cluster.
@@ -43,7 +43,7 @@ data:
   myuser: "ssh-rsa AAAA...mgNJd9jc="
 ```
 
-Entries can be added simply by adding `data` entries:
+You can add users by adding `data` entries:
 
 ```yaml
 apiVersion: v1