SSH access to VKS Cluster Node in NSX-VPC environment
Article ID: 436548
Updated On:
Products
VMware vSphere Kubernetes Service
Issue/Introduction
In VKS NSX-VPC environments, the official troubleshooting procedure may fail due to some networking issues that prevent container image downloads.
For troubleshooting purposes, this KB provides an alternative method to SSH into target VKS nodes using the Avi Load Balancer.
Environment
vSphere Kubernetes Service in NSX-VPC
Resolution
Create a Virtual Service in AVI for SSH access
- Open the AVI Controller Web UI.
- Switch the Tenant view in the top-right corner, then navigate to Applications --> Virtual Services --> CREATE VIRTUAL SERVICE --> Basic Setup.
- Select Cloud: nsx-cloud --> Next
- Select VRF Context: "Select target vSphere Namespace VRF" --> Next
- Create a "New Virtual Service"
- Name: test-ssh
- Application Type: L4
- Service: 22
- VS VIP: Select Create VS VIP
- VIPs --> ADD
- Private IP: Auto-Allocate
- IP Protocol: V4 Only
- VIP Address Allocation Network: PUBLIC - 0.0.0.0/0
- SAVE
- SAVE
- Select Servers
- Select: "IP Address, Range, or DNS Name"
- Server IP Address: Enter the target VKS node IP (kubectl get vm -A -owide)
- Click "Add Server"
- SAVE
Check the SSH connection
Verify that the health status of the created Virtual Service is Green.
SSH to the target VIP. This sample tried to connect the VKS node in the VPC.
# Jumpserver
VSPHERE_NS=vsphere-ns-1 # vSphere Namespace
VKS_CLUSTER=test-1 # VKS Cluster name
AVI_VS_VIP=192.168.x.x # Virtual Service Address
# Switch to the target vsphere namespace
kubectl config use-context <TARGET VSPHERE_NAMESPACE>
# Generate a SSH key
kubectl -n "${VSPHERE_NS}" get secret "${VKS_CLUSTER}-ssh" -o jsonpath='{.data.ssh-privatekey}' | base64 -d > vks_ssh_key
chmod 600 vks_ssh_key
# SSH to the target vks cluster node
ssh -i vks_ssh_key vmware-system-user@"${AVI_VS_VIP}"
Once no longer needed, delete the Virtual Service.
Additional Information
Feedback
Yes
No
Powered by
