You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/node-access.md
+10-12Lines changed: 10 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Connect to Azure Kubernetes Service (AKS) cluster nodes
3
3
description: Learn how to connect to Azure Kubernetes Service (AKS) cluster nodes for troubleshooting and maintenance tasks.
4
4
ms.topic: troubleshooting
5
-
ms.date: 01/04/2024
5
+
ms.date: 01/08/2024
6
6
ms.reviewer: mattmcinnes
7
7
ms.custom: contperf-fy21q4, devx-track-linux
8
8
#Customer intent: As a cluster operator, I want to learn how to connect to virtual machines in an AKS cluster to perform maintenance or troubleshoot a problem.
Throughout the lifecycle of your Azure Kubernetes Service (AKS) cluster, you eventually need to directly access an AKS node. This access could be for maintenance, log collection, or troubleshooting operations.
14
14
15
-
You access a node through authenthication, which methods vary depending on your Node OS and method of connection. You securely authenticate against AKS Linux and Windows nodes using SSH. Alternatively, for Windows Servers you can also connect to Windows Server nodes using the [remote desktop protocol (RDP)][aks-windows-rdp].
15
+
You access a node through authentication, which methods vary depending on your Node OS and method of connection. You securely authenticate against AKS Linux and Windows nodes using SSH. Alternatively, for Windows Servers you can also connect to Windows Server nodes using the [remote desktop protocol (RDP)][aks-windows-rdp].
16
16
17
17
For security reasons, AKS nodes aren't exposed to the internet. Instead, to connect directly to any AKS nodes, you need to use either `kubectl debug` or the host's private IP address.
18
18
@@ -22,11 +22,11 @@ This guide shows you how to create a connection to an AKS node and update the SS
22
22
23
23
To follow along the steps, you need to use Azure CLI that supports version 2.0.64 or later. Run `az --version` to check the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
24
24
25
-
Complete these steps if you don't have an SSH key. Create an SSH key depending on your Node OS Image, for [macOS and Linux][ssh-nix], or [Windows][ssh-windows]. Make sure you save the key pair in the OpenSSH format. Other formats such as `.ppk` aren't supported by AKS. Next, refer to [Manage SSH configuration][manage-ssh-node-access] to add the key to your cluster.
25
+
Complete these steps if you don't have an SSH key. Create an SSH key depending on your Node OS Image, for [macOS and Linux][ssh-nix], or [Windows][ssh-windows]. Make sure you save the key pair in the OpenSSH format, avoid unsupported formats such as `.ppk`. Next, refer to [Manage SSH configuration][manage-ssh-node-access] to add the key to your cluster.
26
26
27
27
## Linux and macOS
28
28
29
-
Linux and macOS users can SSH to access their node using `kubectl debug` or their private IP Address. Windows users should skip to below for a workaround to SSH via proxy.
29
+
Linux and macOS users can SSH to access their node using `kubectl debug` or their private IP Address. Windows users should skip to the Windows Server Proxy section for a workaround to SSH via proxy.
30
30
31
31
### SSH using kubectl debug
32
32
@@ -82,7 +82,7 @@ If you don't have access to the Kubernetes API, you can get access to properties
82
82
83
83
For convenience, the nodepools are exposed when the node has a public IP assigned. However, you need to be in the cluster's virtual network to SSH into the node.
84
84
85
-
1. To get the private IP use the Agent pool preview to list out the VMs installed.
85
+
1. To get the private IP, use the `machine list`to show all your VMs.
86
86
87
87
```bash
88
88
az aks machine list --resource-group myResourceGroup --cluster-name myAKSCluster --nodepool-name nodepool1 -o table
3. Optionally, you can test with Azure Bastion. Follow these steps to setup[Azure Bastion][azure-bastion] to test your connection to your virtual machines using a private IP address. Make sure that the Azure Bastion is hosted in the same virtual network as your VM.
121
+
3. Optionally, you can test with Azure Bastion. Follow these steps to set up[Azure Bastion][azure-bastion] to test your connection to your virtual machines using a private IP address. Make sure that the Azure Bastion is hosted in the same virtual network as your VM.
122
122
123
123
## Windows Server proxy connection
124
124
125
125
Window Server node users only. Follow these steps as a workaround to connect with SSH.
126
126
127
127
### Create a proxy server
128
128
129
-
At this time, you can't connect to a Windows Server node directly by using `kubectl debug`. Instead, you need to first connect to another node in the cluster with `kubectl`, then connect to the Windows Server node from that node using SSH. Alternatively, you can connect to Windows Server nodes using [remote desktop protocol (RDP) connections][aks-windows-rdp] instead of using SSH or use SSH with 'machines API'.
129
+
At this time, you can't connect to a Windows Server node directly by using `kubectl debug`. Instead, you need to first connect to another node in the cluster with `kubectl`, then connect to the Windows Server node from that node using SSH. Alternatively, you can connect to Windows Server nodes using [remote desktop protocol (RDP) connections][aks-windows-rdp].
130
130
131
-
To connect to another node in the cluster, use the `kubectl debug` command. For more information, follow the above steps in the kubectl section.
132
-
133
-
To create the SSH connection to the Windows Server node from another node, use the SSH keys provided when you created the AKS cluster and the internal IP address of the Windows Server node.
131
+
To connect to another node in the cluster, use the `kubectl debug` command. For more information, follow the above steps in the kubectl section. Create an SSH connection to the Windows Server node from another node, and use the SSH keys provided when you created the AKS cluster and the internal IP address of the Windows Server node.
134
132
135
133
> [!IMPORTANT]
136
134
>
137
-
> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. The AKS Update command can also be used to manage, create SSH keys on an existing AKS cluster. For more information refer to[manage SSH node access][manage-ssh-node-access].
135
+
> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. The AKS Update command can also be used to manage, create SSH keys on an existing AKS cluster. For more information, see[manage SSH node access][manage-ssh-node-access].
138
136
139
-
Once you have followed the steps to use kubectl debug, come back to this.
137
+
Finish the prior steps to use kubectl debug, then return to this section, as you need to run the `kubectl debug` in your proxy.
140
138
141
139
1. Open a new terminal window and use the `kubectl get pods` command to get the name of the pod started by `kubectl debug`.
0 commit comments