You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/node-access.md
+23-15Lines changed: 23 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,9 @@ Complete these steps if you don't have an SSH key. Create an SSH key depending o
26
26
27
27
## Linux and macOS
28
28
29
-
### SSH to a Linux using kubectl
29
+
Linux and macOS users can SSH to access their node using `kubectl debug` or their private IP Address. Windows users should skip to below for a workaround to SSH via proxy.
30
+
31
+
### SSH using kubectl debug
30
32
31
33
To create an interactive shell connection, use the `kubectl debug` command to run a privileged container on your node.
32
34
@@ -59,14 +61,14 @@ To create an interactive shell connection, use the `kubectl debug` command to ru
59
61
root@aks-nodepool1-37663765-vmss000000:/#
60
62
```
61
63
62
-
This privileged container gives access to the node.
64
+
You now have access to the node through a privileged container as a debugging pod.
63
65
64
66
> [!NOTE]
65
67
> You can interact with the node session by running `chroot /host` from the privileged container.
66
68
67
69
### Exit kubectl debug mode
68
70
69
-
When you're done with a debugging pod, enter the `exit`command to end the interactive shell session. After the interactive container session closes, delete the pod usedfor access with `kubectl delete pod`.
71
+
When you're done with your node, enter the `exit`command to end the interactive shell session. After the interactive container session closes, delete the debugging pod used with `kubectl delete pod`.
70
72
71
73
```bash
72
74
kubectl delete pod node-debugger-aks-nodepool1-37663765-vmss000000-bkmmx
2. SSH into the private IP address to access your node. You can also try [Azure Bastion][azure-bastion] to test connections to your virtual machines through the private IP address. Make sure that the Azure Bastion is hosted in the same virtual network as your VM.
115
+
2. SSH using your private IP address to access your node.
3. Optionally, you can test with Azure Bastion. Follow these steps to setup [Azure Bastion][azure-bastion] to test your connection to your virtual machines using a private IP address. Make sure that the Azure Bastion is hosted in the same virtual network as your VM.
122
+
123
+
## Windows Server proxy connection
120
124
121
-
### Connect with SSH
125
+
Window Server node users only. Follow these steps as a workaround to connect with SSH.
122
126
123
-
At this time, you can't connect to a Windows Server node directly by using `kubectl debug`. Instead, you need to first connect to another node in the cluster, then connect to the Windows Server node from that node using SSH. Alternatively, you can [connect to Windows Server nodes using remote desktop protocol (RDP) connections][aks-windows-rdp] instead of using SSH or use SSH with 'machines API' presented at the start of this document.
127
+
### Create a proxy server
124
128
125
-
To connect to another node in the cluster, use the `kubectl debug` command. For more information, see the Linux section.
129
+
At this time, you can't connect to a Windows Server node directly by using `kubectl debug`. Instead, you need to first connect to another node in the cluster with `kubectl`, then connect to the Windows Server node from that node using SSH. Alternatively, you can connect to Windows Server nodes using [remote desktop protocol (RDP) connections][aks-windows-rdp] instead of using SSH or use SSH with 'machines API'.
130
+
131
+
To connect to another node in the cluster, use the `kubectl debug` command. For more information, follow the above steps in the kubectl section.
126
132
127
133
To create the SSH connection to the Windows Server node from another node, use the SSH keys provided when you created the AKS cluster and the internal IP address of the Windows Server node.
128
134
129
135
> [!IMPORTANT]
130
136
>
131
-
> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. AKS Update command can also be used to manage, create SSH keys on an existing AKS cluster. For more information refer [Manage SSH configuration][manage-ssh-node-access].
137
+
> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. The AKS Update command can also be used to manage, create SSH keys on an existing AKS cluster. For more information refer to [manage SSH node access][manage-ssh-node-access].
138
+
139
+
Once you have followed the steps to use kubectl debug, come back to this.
132
140
133
141
1. Open a new terminal window and use the `kubectl get pods` command to get the name of the pod started by `kubectl debug`.
134
142
135
143
```bash
136
144
kubectl get pods
137
145
```
138
146
139
-
The following example resembles output from the command:
The following example resembles output from the command:
192
+
Sample output:
185
193
186
194
```output
187
195
The authenticity of host '10.224.0.62 (10.224.0.62)' can't be established.
@@ -207,7 +215,7 @@ To create the SSH connection to the Windows Server node from another node, use t
207
215
208
216
If you need more troubleshooting data, you can [view the kubelet logs][view-kubelet-logs] or [view the Kubernetes control plane logs][view-control-plane-logs].
209
217
210
-
See [Manage SSH configuration][manage-ssh-node-access] to learn about managing the SSH key on an AKS cluster or node pools.
218
+
To learn about managing your SSH keys, see [Manage SSH configuration][manage-ssh-node-access].
0 commit comments