Achraf Ben Alaya
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume
SUBSCRIBE
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

How to SSH into AKS Nodes

achraf by achraf
May 11, 2021
in Azure, Blog, Cloud
4 min read
2
How to SSH into AKS Nodes
0
SHARES
6.1k
VIEWS
Share on FacebookShare on Twitter

Providing the best possible solutions and support to our clients is what we do in real life, this time I came with something a client asked for, and I have successfully done it, and since we may need to do it again I said why not I wrote about it.

So, what we have here is the client have Jenkins installed on a virtual machine hosted on azure, also docker and nexus on Linux, the client wants to use Kubernetes for that we have prepared Azure Kubernetes Service (AKS) which offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance.

Everything worked well, but now the client wants for some reasons to access the nodes with ssh it may be for maintenance or troubleshooting, for that we are going to see step by step how to connect with SSH to Azure Kubernetes Service.

Configure virtual machine scale set-based AKS clusters for SSH access

To configure your virtual machine scale set-based for SSH access, find the name of your cluster’s virtual machine scale set and add your SSH public key to that scale set.

Use the az aks show command to get the resource group name of your AKS cluster, then the az vmss list command to get the name of your scale set.

As you can see below, inside this resource group I have my AKS :

 

Now you can see our resource group name is “Demo-kubernetes-value” and our Kubernetes service is demoaks.

First we are going to get our CLUSTER_RESOURCE_GROUP by using the follow command :

az account set --subscription yoursubscription

After that, we are going to take the CLUSTER_RESOURCE_GROUP and the SCALE_SET_NAME using the follow commands :

CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group Demo-kubernetes-value --name demoaks --query nodeResourceGroup -o tsv)

SCALE_SET_NAME=$(az vmss list --resource-group $CLUSTER_RESOURCE_GROUP --query '[0].name' -o tsv)

In order to see the values we can use the below commands :

echo $CLUSTER_RESOURCE_GROUP

echo $SCALE_SET_NAME

and as you can see below, we will have the following results that we will need them later .

For Linux nodes as in our case , SSH keys can currently only be added using the Azure CLI.

Add your SSH keys to the nodes

To add your SSH keys to the nodes in a virtual machine scale set, use the az vmss extension set and az vmss update-instances commands.

az vmss extension set  \
    --resource-group $CLUSTER_RESOURCE_GROUP \
    --vmss-name $SCALE_SET_NAME \
    --name VMAccessForLinux \
    --publisher Microsoft.OSTCExtensions \
    --version 1.4 \
    --protected-settings "{\"username\":\"azureuser\", \"ssh_key\":\"$(cat ~/.ssh/id_rsa.pub)\"}"
az vmss update-instances --instance-ids '*' \
    --resource-group $CLUSTER_RESOURCE_GROUP \
    --name $SCALE_SET_NAME

 

Ps : By default, the username for the AKS nodes is azureuser.

Now we have ssh is activated, for that, and in order to create an SSH connection to an AKS node, you run a helper pod in your AKS cluster. This helper pod provides you with SSH access into the cluster and then additional SSH node access

1 – We need to run container image and attach a terminal session to it. This container can be used to create an SSH session with any node in the AKS cluster :

kubectl run -it --rm aks-ssh --image=mcr.microsoft.com/aks/fundamental/base-ubuntu:v0.0.11
or

kubectl run -it --rm aks-ssh --image=debian

2- Now we need to install SSH client :

apt-get update && apt-get install openssh-client -y

 

3-Open a new terminal window, not connected to your container, copy your private SSH key into the helper pod. This private key is used to create the SSH into the AKS node.

kubectl cp ~/.ssh/id_rsa $(kubectl get pod -l run=aks-ssh -o jsonpath='{.items[0].metadata.name}'):/id_rsa

 

4-Return to the terminal session to your container, update the permissions on the copied id_rsa private SSH key so that it is user read-only ;

chmod 0400 id_rsa

5- Now the last step is to connect to your AKS node :

#the first command will give us the nodes with their IP addresses
kubectl get nodes -o wide

#this command will set up a connection between the node IP that you have chosen using the ssh id_rsa
ssh -i id_rsa azureuser@ip

When done, exit the SSH session and then exit the interactive container session. When this container session closes, the pod used for SSH access from the AKS cluster is deleted .

ShareTweet
Previous Post

#msbuild registration is now open!

Next Post

Finally Azure Static Web Apps no more in Preview!

Related Posts

 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault
Azure

 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault

November 12, 2023
13
Navigating Azure Identities: System-Assigned vs. User-Assigned with Real-World Scenarios
Azure

Navigating Azure Identities: System-Assigned vs. User-Assigned with Real-World Scenarios

October 9, 2023
64
Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!
Azure

Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!

October 4, 2023
100
Configuring GitHub Advanced Security for Azure DevOps: A Must-Have in Today’s DevOps Landscape
Azure

Configuring GitHub Advanced Security for Azure DevOps: A Must-Have in Today’s DevOps Landscape

September 28, 2023
84
The Significance of Azure DevSecOps: Best Practices for Securing Your Pipelines
Azure

The Significance of Azure DevSecOps: Best Practices for Securing Your Pipelines

August 17, 2023
161
Navigating the Alphabet Soup: Unraveling Microsoft Acronyms
Azure

Navigating the Alphabet Soup: Unraveling Microsoft Acronyms

July 16, 2023
82
Next Post
Finally Azure Static Web Apps no more in Preview!

Finally Azure Static Web Apps no more in Preview!

Comments 2

  1. R says:
    1 year ago

    This is far better than official Azure documentation thank you

    Reply
    • achraf says:
      7 months ago

      Thank you so much , this mean a lot to me .

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!

Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!

October 4, 2023
100
Azure Tips

Azure Tips

April 28, 2020
348
Navigating the Alphabet Soup: Unraveling Microsoft Acronyms

Navigating the Alphabet Soup: Unraveling Microsoft Acronyms

July 16, 2023
82
#msbuild registration is now open!

#msbuild registration is now open!

April 29, 2021
197
Win a free certifications at the Microsoft spring skills challenge  🎁

Win a free certifications at the Microsoft spring skills challenge 🎁

March 20, 2022
449
The Differences Between Blazor Server And Blazor  WebAssembly

The Differences Between Blazor Server And Blazor WebAssembly

January 10, 2021
655
Facebook Twitter LinkedIn Youtube
 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault

 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault

November 12, 2023
Navigating Azure Identities: System-Assigned vs. User-Assigned with Real-World Scenarios

Navigating Azure Identities: System-Assigned vs. User-Assigned with Real-World Scenarios

October 9, 2023
Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!

Revolutionizing IP Management in Azure with IPAM: Explore, Deploy, and Master!

October 4, 2023

Categories

  • Apps (1)
  • Azure (52)
  • blazor (2)
  • Blog (76)
  • c# (7)
  • Cloud (50)
  • Dapr (4)
  • docker (4)
  • Games (1)
  • General Tips & Fix (1)
  • Kubernetes Service (AKS) (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Terrafrom (1)
  • Tricks, Tips and Fixes (3)
  • xamarin (5)
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume