stackoom
  简体   繁体   中英

SSH to Azure's Kubernetes managed master node

 原文  2017-11-22 07:49:58       azure/ docker/ service/ kubernetes/ containers

Question

I just deployed a managed Kubernetes cluster with Azure Container Service. My deployment includes a single agent machine over the managed cluster and an Azure disk attached to it for persistent storage.

The problem I am facing is that I don't know how to ssh this agent server. I read that you should be able to ssh the master node and connect to the agent from there but as I am using a managed Kubernetes master I can't find the way of doing this.

Any idea? Thank you in advance.

3 answers

solution1
 5 ACCPTED  2017-11-22 08:36:51

The problem I am facing is that I don't know how to ssh this agent server.

Do you mean you create AKS and can't find master VM?

If I understand it correctly, that is a by design behavior, AKS does not provide direct access (Such as with SSH) to the cluster.

If you want to SSH to the agent node, as a workaround, we can create a public IP address and associate this public IP address to the agent's NIC, then we can SSH to this agent.

Here are my steps:

1. Create Public IP address via Azure portal:

在此处输入图片说明

2. Associate the public IP address to the agent VM's NIC:

在此处输入图片说明

3. SSH to this VM with this public IP address:

在此处输入图片说明

Note:

By default, we can find ssh key when we try to create AKS, like this:

在此处输入图片说明

solution2
 2  2019-02-06 10:24:27

Basically, you don't even have to create a public IP to that node. Simply add public ssh key to the desired node with Azure CLI:

az vm user update --resource-group <NODE_RG> --name <NODE_NAME> --username azureuser --ssh-key-value ~/.ssh/id_rsa.pub

Then run temporary pod with (Don't forget to switch to the desired namespace in kubernetes config):

kubectl run -it --rm aks-ssh --image=debian

Copy private ssh key to that pod:

kubectl cp ~/.ssh/id_rsa <POD_NAME>:/id_rsa

Finally, connect to the AKS node from pod to private IP:

ssh -i id_rsa azureuser@<NODE_PRIVATE_IP>

In this way, you don't have to pay for Public IP and in addition, this is good from security perspective.

solution3
 0  2020-08-24 13:06:41

The easiest way is to use the below, this will create a tiny priv pod on the node and access the node using nsenter.

https://github.com/mohatb/kubectl-wls

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure kubernetes - multiple managed identity? Azure k8s worknode/master node with redhat OS External https on azure kubernetes managed service Stop all compute in AKS (Azure Managed Kubernetes) Getting error while SSH to VM of Azure Kubernetes Azure AKS master node architecture Azure kubernetes deployment error - 0/1 nodes are available: 1 node(s) didn't match node selector Azure Default Credential with Managed Identity not working (node) Security model of Azure Kubernetes Service ( AKS ) Managed Clusters Azure kubernetes - java spring app & managed identity to access key vault?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM