How to use cloud shell SSH into AKS Cluster and test the connection from AKS inside

Question

Our company blocks the ssh port. How to use cloud shell to ssh into an AKS cluster, so we can curl from there to an external URL to test the connection? Tks.

Answer 1

this wouldn't really make a lot of sense, but you'd need to just open up your ssh ports to the azure region your cloudshell is in (determined by your storage, i suppose).

But a better way would be to just do:

kubectl exec -it -n pod_namespace podname /bin/bash (or /bin/sh)

this would open up a bash session on the pod on your AKS and you'd be able to test your curl requests.

Answer 2

For your requirements, you can use pod in the AKS cluster as a jump box, and then ssh the AKS cluster nodes inside the pod.

Steps here:

1. Get the nodes IP:

kubectl get nodes -o wide

2. Create a pod in the AKS cluster and create a bash session with the pod:

    kubectl run --generator=run-pod/v1 -it --rm aks-ssh --image=debian

3. Install ssh client inside the pod:

    apt-get update && apt-get install openssh-client -y

4. Copy ssh key that used when you create the AKS cluster to the pod：

  kubectl cp ~/.ssh/id_rsa $(kubectl get pod -l run=aks-ssh -o jsonpath='{.items[0].metadata.name}'):/id_rsa

Or use the password, if you forget it, you can find the AKS nodes and reset the password.

5. Choose one node to SSH it:

ssh -i id_rsa azureuser@node_Ip

For more details, see Create the SSH connection to the AKS cluster nodes .