Skip to content

Commit 09cecb6

Browse files
Merge pull request #202854 from alexandair/an-az-aks-ops-rdp
Add PowerShell tab
2 parents 66dd507 + 28de655 commit 09cecb6

File tree

1 file changed

+155
-5
lines changed

1 file changed

+155
-5
lines changed

articles/aks/rdp.md

Lines changed: 155 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ This article shows you how to create an RDP connection with an AKS node using th
1818

1919
## Before you begin
2020

21+
### [Azure CLI](#tab/azure-cli)
22+
2123
This article assumes that you have an existing AKS cluster with a Windows Server node. If you need an AKS cluster, see the article on [creating an AKS cluster with a Windows container using the Azure CLI][aks-quickstart-windows-cli]. You need the Windows administrator username and password for the Windows Server node you want to troubleshoot. You also need an RDP client such as [Microsoft Remote Desktop][rdp-mac].
2224

2325
If you need to reset the password you can use `az aks update` to change the password.
@@ -31,13 +33,34 @@ If you need to reset both the username and password, see [Reset Remote Desktop S
3133

3234
You also need the Azure CLI version 2.0.61 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
3335

36+
### [Azure PowerShell](#tab/azure-powershell)
37+
38+
This article assumes that you have an existing AKS cluster with a Windows Server node. If you need an AKS cluster, see the article on [creating an AKS cluster with a Windows container using the Azure PowerShell][aks-quickstart-windows-powershell]. You need the Windows administrator username and password for the Windows Server node you want to troubleshoot. You also need an RDP client such as [Microsoft Remote Desktop][rdp-mac].
39+
40+
If you need to reset the password you can use `Set-AzAksCluster` to change the password.
41+
42+
```azurepowershell-interactive
43+
$cluster = Get-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster
44+
$cluster.WindowsProfile.AdminPassword = $WINDOWS_ADMIN_PASSWORD
45+
$cluster | Set-AzAksCluster
46+
```
47+
48+
If you need to reset both the username and password, see [Reset Remote Desktop Services or its administrator password in a Windows VM
49+
](/troubleshoot/azure/virtual-machines/reset-rdp).
50+
51+
You also need the Azure PowerShell version 7.5.0 or later installed and configured. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][install-azure-powershell].
52+
53+
---
54+
3455
## Deploy a virtual machine to the same subnet as your cluster
3556

3657
The Windows Server nodes of your AKS cluster don't have externally accessible IP addresses. To make an RDP connection, you can deploy a virtual machine with a publicly accessible IP address to the same subnet as your Windows Server nodes.
3758

3859
The following example creates a virtual machine named *myVM* in the *myResourceGroup* resource group.
3960

40-
First, get the subnet used by your Windows Server node pool. To get the subnet id, you need the name of the subnet. To get the name of the subnet, you need the name of the vnet. Get the vnet name by querying your cluster for its list of networks. To query the cluster, you need its name. You can get all of these by running the following in the Azure Cloud Shell:
61+
### [Azure CLI](#tab/azure-cli)
62+
63+
First, get the subnet used by your Windows Server node pool. To get the subnet ID, you need the name of the subnet. To get the name of the subnet, you need the name of the VNet. Get the VNet name by querying your cluster for its list of networks. To query the cluster, you need its name. You can get all of these by running the following in the Azure Cloud Shell:
4164

4265
```azurecli-interactive
4366
CLUSTER_RG=$(az aks show -g myResourceGroup -n myAKSCluster --query nodeResourceGroup -o tsv)
@@ -67,6 +90,56 @@ The following example output shows the VM has been successfully created and disp
6790

6891
Record the public IP address of the virtual machine. You will use this address in a later step.
6992

93+
### [Azure PowerShell](#tab/azure-powershell)
94+
95+
First, get the subnet used by your Windows Server node pool. You need the name of the subnet and its address prefix. To get the name of the subnet, you need the name of the VNet. Get the VNet name by querying your cluster for its list of networks. To query the cluster, you need its name. You can get all of these by running the following in the Azure Cloud Shell:
96+
97+
```azurepowershell-interactive
98+
$CLUSTER_RG = (Get-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster).nodeResourceGroup
99+
$VNET_NAME = (Get-AzVirtualNetwork -ResourceGroupName $CLUSTER_RG).Name
100+
$ADDRESS_PREFIX = (Get-AzVirtualNetwork -ResourceGroupName $CLUSTER_RG).AddressSpace | Select-Object -ExpandProperty AddressPrefixes
101+
$SUBNET_NAME = (Get-AzVirtualNetwork -ResourceGroupName $CLUSTER_RG).Subnets[0].Name
102+
$SUBNET_ADDRESS_PREFIX = (Get-AzVirtualNetwork -ResourceGroupName $CLUSTER_RG).Subnets[0] | Select-Object -ExpandProperty AddressPrefix
103+
```
104+
105+
Now that you have the VNet and subnet details, run the following commands in the same Azure Cloud Shell window to create the public IP address and VM:
106+
107+
```azurepowershell-interactive
108+
$ipParams = @{
109+
Name = 'myPublicIP'
110+
ResourceGroupName = 'myResourceGroup'
111+
Location = 'eastus'
112+
AllocationMethod = 'Dynamic'
113+
IpAddressVersion = 'IPv4'
114+
}
115+
New-AzPublicIpAddress @ipParams
116+
117+
$vmParams = @{
118+
ResourceGroupName = 'myResourceGroup'
119+
Name = 'myVM'
120+
Image = 'win2019datacenter'
121+
Credential = Get-Credential azureuser
122+
VirtualNetworkName = $VNET_NAME
123+
AddressPrefix = $ADDRESS_PREFIX
124+
SubnetName = $SUBNET_NAME
125+
SubnetAddressPrefix = $SUBNET_ADDRESS_PREFIX
126+
PublicIpAddressName = 'myPublicIP'
127+
}
128+
New-AzVM @vmParams
129+
130+
(Get-AzPublicIpAddress -ResourceGroupName myResourceGroup -Name myPublicIP).IpAddress
131+
```
132+
133+
The following example output shows the VM has been successfully created and displays the public IP address of the virtual machine.
134+
135+
```console
136+
13.62.204.18
137+
```
138+
139+
Record the public IP address of the virtual machine. You will use this address in a later step.
140+
141+
---
142+
70143
## Allow access to the virtual machine
71144

72145
AKS node pool subnets are protected with NSGs (Network Security Groups) by default. To get access to the virtual machine, you'll have to enabled access in the NSG.
@@ -75,7 +148,9 @@ AKS node pool subnets are protected with NSGs (Network Security Groups) by defau
75148
> The NSGs are controlled by the AKS service. Any change you make to the NSG will be overwritten at any time by the control plane.
76149
>
77150
78-
First, get the resource group and nsg name of the nsg to add the rule to:
151+
### [Azure CLI](#tab/azure-cli)
152+
153+
First, get the resource group and name of the NSG to add the rule to:
79154

80155
```azurecli-interactive
81156
CLUSTER_RG=$(az aks show -g myResourceGroup -n myAKSCluster --query nodeResourceGroup -o tsv)
@@ -88,11 +163,42 @@ Then, create the NSG rule:
88163
az network nsg rule create --name tempRDPAccess --resource-group $CLUSTER_RG --nsg-name $NSG_NAME --priority 100 --destination-port-range 3389 --protocol Tcp --description "Temporary RDP access to Windows nodes"
89164
```
90165

166+
### [Azure PowerShell](#tab/azure-powershell)
167+
168+
First, get the resource group and name of the NSG to add the rule to:
169+
170+
```azurepowershell-interactive
171+
$CLUSTER_RG = (Get-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster).nodeResourceGroup
172+
$NSG_NAME = (Get-AzNetworkSecurityGroup -ResourceGroupName $CLUSTER_RG).Name
173+
```
174+
175+
Then, create the NSG rule:
176+
177+
```azurepowershell-interactive
178+
$nsgRuleParams = @{
179+
Name = 'tempRDPAccess'
180+
Access = 'Allow'
181+
Direction = 'Inbound'
182+
Priority = 100
183+
SourceAddressPrefix = 'Internet'
184+
SourcePortRange = '*'
185+
DestinationAddressPrefix = '*'
186+
DestinationPortRange = '3389'
187+
Protocol = 'Tcp'
188+
Description = 'Temporary RDP access to Windows nodes'
189+
}
190+
Get-AzNetworkSecurityGroup -Name $NSG_NAME -ResourceGroupName $CLUSTER_RG | Add-AzNetworkSecurityRuleConfig @nsgRuleParams | Set-AzNetworkSecurityGroup
191+
```
192+
193+
---
194+
91195
## Get the node address
92196

197+
### [Azure CLI](#tab/azure-cli)
198+
93199
To manage a Kubernetes cluster, you use [kubectl][kubectl], the Kubernetes command-line client. If you use Azure Cloud Shell, `kubectl` is already installed. To install `kubectl` locally, use the [az aks install-cli][az-aks-install-cli] command:
94200

95-
```azurecli-interactive
201+
```azurecli
96202
az aks install-cli
97203
```
98204

@@ -102,13 +208,29 @@ To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks ge
102208
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
103209
```
104210

211+
### [Azure PowerShell](#tab/azure-powershell)
212+
213+
To manage a Kubernetes cluster, you use [kubectl][kubectl], the Kubernetes command-line client. If you use Azure Cloud Shell, `kubectl` is already installed. To install `kubectl` locally, use the [Install-AzAksKubectl][install-azakskubectl] cmdlet:
214+
215+
```azurepowershell
216+
Install-AzAksKubectl
217+
```
218+
219+
To configure `kubectl` to connect to your Kubernetes cluster, use the [Import-AzAksCredential][import-azakscredential] cmdlet. This command downloads credentials and configures the Kubernetes CLI to use them.
220+
221+
```azurepowershell-interactive
222+
Import-AzAksCredential -ResourceGroupName myResourceGroup -Name myAKSCluster
223+
```
224+
225+
---
226+
105227
List the internal IP address of the Windows Server nodes using the [kubectl get][kubectl-get] command:
106228

107229
```console
108230
kubectl get nodes -o wide
109231
```
110232

111-
The follow example output shows the internal IP addresses of all the nodes in the cluster, including the Windows Server nodes.
233+
The following example output shows the internal IP addresses of all the nodes in the cluster, including the Windows Server nodes.
112234

113235
```console
114236
$ kubectl get nodes -o wide
@@ -137,6 +259,8 @@ You can now run any troubleshooting commands in the *cmd* window. Since Windows
137259

138260
## Remove RDP access
139261

262+
### [Azure CLI](#tab/azure-cli)
263+
140264
When done, exit the RDP connection to the Windows Server node then exit the RDP session to the virtual machine. After you exit both RDP sessions, delete the virtual machine with the [az vm delete][az-vm-delete] command:
141265

142266
```azurecli-interactive
@@ -154,6 +278,27 @@ NSG_NAME=$(az network nsg list -g $CLUSTER_RG --query [].name -o tsv)
154278
az network nsg rule delete --resource-group $CLUSTER_RG --nsg-name $NSG_NAME --name tempRDPAccess
155279
```
156280

281+
### [Azure PowerShell](#tab/azure-powershell)
282+
283+
When done, exit the RDP connection to the Windows Server node then exit the RDP session to the virtual machine. After you exit both RDP sessions, delete the virtual machine with the [Remove-AzVM][remove-azvm] command:
284+
285+
```azurepowershell-interactive
286+
Remove-AzVM -ResourceGroupName myResourceGroup -Name myVM
287+
```
288+
289+
And the NSG rule:
290+
291+
```azurepowershell-interactive
292+
$CLUSTER_RG = (Get-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster).nodeResourceGroup
293+
$NSG_NAME = (Get-AzNetworkSecurityGroup -ResourceGroupName $CLUSTER_RG).Name
294+
```
295+
296+
```azurepowershell-interactive
297+
Get-AzNetworkSecurityGroup -Name $NSG_NAME -ResourceGroupName $CLUSTER_RG | Remove-AzNetworkSecurityRuleConfig -Name tempRDPAccess | Set-AzNetworkSecurityGroup
298+
```
299+
300+
---
301+
157302
## Next steps
158303

159304
If you need additional troubleshooting data, you can [view the Kubernetes master node logs][view-master-logs] or [Azure Monitor][azure-monitor-containers].
@@ -165,10 +310,15 @@ If you need additional troubleshooting data, you can [view the Kubernetes master
165310

166311
<!-- INTERNAL LINKS -->
167312
[aks-quickstart-windows-cli]: ./learn/quick-windows-container-deploy-cli.md
313+
[aks-quickstart-windows-powershell]: ./learn/quick-windows-container-deploy-powershell.md
168314
[az-aks-install-cli]: /cli/azure/aks#az_aks_install_cli
315+
[install-azakskubectl]: /powershell/module/az.aks/install-azakskubectl
169316
[az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
317+
[import-azakscredential]: /powershell/module/az.aks/import-azakscredential
170318
[az-vm-delete]: /cli/azure/vm#az_vm_delete
319+
[remove-azvm]: /powershell/module/az.compute/remove-azvm
171320
[azure-monitor-containers]: ../azure-monitor/containers/container-insights-overview.md
172321
[install-azure-cli]: /cli/azure/install-azure-cli
322+
[install-azure-powershell]: /powershell/azure/install-az-ps
173323
[ssh-steps]: ssh.md
174-
[view-master-logs]: view-master-logs.md
324+
[view-master-logs]: view-master-logs.md

0 commit comments

Comments
 (0)