4

I have created a private cluster on GKE and a NAT is configued along with the cluster. I also have a bastion setup to access the private cluster. I'm trying to SSH into one of the nodes and unable to do so since private nodes do not have an external IP. Is there any way in which I can do this?

Meghana B Srinath
  • 105
  • 2
  • 9
  • Your bastion server is in the same network of your Kubernetes cluster? Did you check if all firewall rules between bastion <--> k8s nodes are correctly ? – Mr.KoopaKiller Jan 24 '20 at 10:53
  • Yes, my bastion is in the same network as the cluster and firewall rules are also in place correctly. – Meghana B Srinath Jan 27 '20 at 04:19
  • For what reason are you trying to SSH into a cluster node? Since GKE is a managed service by Google, you can use kubectl to interact with the cluster. Are you able to install gcloud and kubectl on your bastion server? – Mr.KoopaKiller Jan 27 '20 at 09:44
  • There was a use case which required me to check few things inside the GKE node. I was able to SSH into the node by running the below command: gcloud compute ssh --internal-ip – Meghana B Srinath Jan 27 '20 at 10:25
  • @Mr.KoopaKiller in my case, the bastion is on the public subnet (10.0.x.x) of a shared VPC whereas the cluster is on the private subnet (10.1.x.x)... do I need anything else to make it work? – ekkis Jun 21 '21 at 23:54
  • @Mr.KoopaKiller as for my reasons, the cluster is failing to build a container on account of being unable to retrieve the image from DockerHub. I can pull the image from the bastion host so I wanted to try it from one of the nodes directly – ekkis Jun 21 '21 at 23:55

1 Answers1

5

You could use the "gcloud" command to SSH into your instances assuming GCP firewall rules are in place.

gcloud compute ssh example-instance --zone=us-central1-a
Frank
  • 361
  • 1
  • 7
  • 2
    Thanks. I had to modify this a little by adding the -internal-ip flag to this command to get it working. – Meghana B Srinath Jan 27 '20 at 10:26
  • 1
    as stated, I got the error: "ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: 'failed to connect to backend']. (Failed to connect to port 22) ssh_exchange_identification: Connection closed by remote host ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]." – ekkis Jun 21 '21 at 23:51
  • when I added the `--internal-ip` flag the error was just: "ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]." -- what else can I check? – ekkis Jun 21 '21 at 23:52