Connect to a Node via SSH within a Kubernetes cluster on Azure Container Service

This blogpost was not possible without the help of Andreas Lindeboom, my Xebia colleague of XITA. Thanks!

In case of problems with a node of a Kubernetes cluster you probably want to read the logfiles on a Node of the Kubernetes Cluster, as described here. This Kubernetes cluster is created with Azure Container Service (ACS).

The following steps describe how to connect:
I’m using the Linux Bash Shell for Windows to do this.

1. Make sure the private ssh key is located in the .ssh directory with a name to identify          the cluster.
In bash copy the ssh file from your windows drive to the .ssh directory in bash:
​$ cp /mnt/c/repos/myproject/ssh/privatekeyopenssl .ssh/myproject-privatesshkey
​    (Don’t copy the file in Windows
to C:\Users\Pascal\AppData\Local\lxss\home\pascal\.ssh\ to make it available in Linux)

2. Create a ssh config file that looks like this (for a cluster with a master and 2 nodes):

Host Master
  Port 22
  User azureuser
  IdentityFile /pascal/.ssh/myproject-privatesshkey
Host Node01
  Port 22
  User azureuser
  ProxyCommand ssh -F /pascal/.ssh/config-myproject -q master -W %h:%p
  IdentityFile /pascal/.ssh/myproject-privatesshkey
Host node02
  Port 22
  User azureuser
  ProxyCommand ssh -F /pascal/.ssh/config-myproject -q master -W %h:%p
  IdentityFile /pascal/.ssh/myproject-privatesshkey

You have to make sure that:
a) The HostName at the top, is the name or the ip-address of your cluster
b) The HostName of the other sections (the nodes) are the ip-addresses of the nodes in your cluster. You can get the ip-addresses of the nodes with the Azure CLI:
az vm list-ip-addresses –resource-group “my-resourcegroup”
c) You can optionally add an extra alias to Host. Just separate with a space. For example the VM name: Host node02 k8s-agent-E4126C94-1
d) The “User” (azureuser) is the name of the user which you used to provision the cluster
e) All paths (all paths with /pascal) are correct.
Type ​$ pwd​ and in my case it results in: /home/pascal
Use the last part in your config
f) All “IdentityFile” reference the ssh config file you have created in step 1. In this sample myproject-privatesshkey.
g) All “ProxyCommand” reference the name of the file itself. So save the file with a name
to identify the config. In this sample: config-myproject.
h) This file is also located in the .ssh directory. In my case I had to copy it from Windows
to Linux:
$ cp /mnt/c/repos/myproject/ssh/config-myproject .ssh/config-myproject

3. Now you can connect to the master, or any of the nodes easy.
To the master:
ssh -F ~/.ssh/config-myproject master
Or to node02 for example:
ssh -F ~/.ssh/config-myproject node02

You can copy files with this configuration also, like:
scp -F ~/.ssh/config-myproject node02:/var/log/* logs


Een gedachte over “Connect to a Node via SSH within a Kubernetes cluster on Azure Container Service

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s

Deze site gebruikt Akismet om spam te bestrijden. Ontdek hoe de data van je reactie verwerkt wordt.