CODEWITHSUNDEEP
kubernetesgoogle-kubernetes-engine
Jaikumar Ganesan
Jaikumar Ganesan

Reputation: 411

how to ssh into nodes of Google container engine cluster?

how to ssh into nodes of Google container engine cluster? When i try ssh to the node using its ip address it says public key denied.

Can some one help me how to get the key to connect to nodes of google container cluster?

Upvotes: 30

Views: 26133

Answers (3)

x-yuri
x-yuri

Reputation: 18853

The way you ssh into a GKE node is no different (AFAICT) from sshing into a GCE instance.

There are basically two ways (unless I'm missing something):

In the first case you add USER:$(cat ~/.ssh/id_rsa.pub) to the instance metadata (or project metadata if you want to give yourselves access to all the project VMs):

$ gcloud compute instances add-metadata INSTANCE \
  --metadata="ssh-keys=me:`cat ~/.ssh/id_rsa.pub`" \
  --zone ZONE --project PROJECT_ID

add you source IP to the firewall rules:

$ gcloud compute firewall-rules create allow-ssh \
  --source-ranges SOURCE_IP --allow tcp:22 \
  --project PROJECT_ID

and connect to the node:

$ ssh me@EXTERNAL_IP

Use gcloud compute instances list --project PROJECT_ID --filter name:NAME to learn the external IP.

Alternatively you can connect with:

$ gcloud compute ssh [USER@]INSTANCE \
  --zone ZONE --project PROJECT_ID

It will add your key to the project metadata automatically. To make it add it to instance metadata set block-project-ssh-keys = true first:

$ gcloud compute instances add-metadata INSTANCE \
  --metadata=block-project-ssh-keys=true \
  --zone ZONE --project PROJECT_ID

The OS Login way:

$ gcloud compute instances add-metadata INSTANCE \
  --metadata=enable-oslogin=true \
  --zone ZONE --project PROJECT_ID
$ gcloud compute ssh INSTANCE \
  --zone ZONE --project PROJECT_ID

Here are the results of me trying some of these ways.

In case you need to connect to a private GKE node, see this answer.

Upvotes: 0

Hasitha
Hasitha

Reputation: 795

I also faced same issue and after googling few houres founf this workaround.

add firewall rule as below:

Target Tags: tags of GKE nodes

Source IP range : 35.235.240.0/20 (Cloud IAP's TCP netblock see https://cloud.google.com/iap/docs/using-tcp-forwarding)

Port: 22

Then I tired below command

gcloud compute ssh [node name] --zone=[zone]

Upvotes: 0

username1366
username1366

Reputation: 571

You should use gcloud tool e.g:

gcloud compute ssh <NODE_NAME> --zone <ZONE>

Upvotes: 57

Related Questions