How to SSH into a Kubernetes Node or Server

Question

How to SSH into a Kube.netes Node or Server hosted on AWS? I have hosted a Kube.netes Server and Node on AWS. I'm able to see the nodes and server from my local laptop with the kubectl get node command.

I need to create a persistent volume for my node but I'm unable to ssh into it.

Is there any specific way to ssh into the node or server?

Answer 1

Try this: ssh -i <path of the private key file> admin@<ip of the aws kube instances>

The perm file should be in $HOME/.ssh/kube_rsa

Answer 2

Use kubectl ssh node NODE_NAME

This kubectl addon is from here. https://github.com/luksa/kubectl-plugins . And I have verified that. This works similar to oc command in openshift.

Answer 3

Kubernetes nodes can be accessed similar way how we ssh into other linux machines. Just try ssh with the external ip of that node and you can login into it that way.

Answer 4

如果工作程序节点位于私有子网中，您可以使用带有 ssh 代理转发的堡垒主机，如https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-中定义的那样私有亚马逊-vpc/

Answer 5

I haven't tried this on AWS specifically, but you can get a shell onto a Node using the following trick.

If you need access to the underlying Nodes for your Kube.netes cluster (and you don't have direct access - usually if you are hosting Kube.netes elsewhere), you can use the following deployment to create Pods where you can login with kubectl exec , and you have access to the Node's IPC and complete filesystem under /node-fs . To get a node console that is just like you have SSHd in, after logging in, perform chroot /node-fs . It is inadvisable to keep this running, but if you need access to the node, this will help. Because it is a DaemonSet, it starts one of these Pods on each Node.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: privpod
spec:
  selector:
    matchLabels:
      mydaemon: privpod
  template:
    metadata:
      labels:
        mydaemon: privpod
    spec:
      hostNetwork: true
      hostPID: true
      hostIPC: true
      containers:
        - name: privcontainer
          image: johnnyb61820/network-toolkit
          securityContext:
            privileged: true
          command:
            - tail
            - "-f"
            - /dev/null
          volumeMounts:
            - name: nodefs
              mountPath: /node-fs
            - name: devfs
              mountPath: /dev
      volumes:
        - name: nodefs
          hostPath:
            path: / 
        - name: devfs
          hostPath:
            path: /dev

This is from Appendix C.13 of Cloud Native Applications with Docker and Kube.netes . I've found this useful especially if I need to deal with physical drives or something similar. It's not something you should leave running, but helps when you are in a pinch.