There is documentation on how to SSH into AKS nodes (Microsoft docs). That process is long and quite manual. This script automates this.
Note: this script is currently in alpha and should not be used in a production environment.
Clone this git repo and use the az-aks-ssh.sh direction (see below for usage).
Dependencies:
- kubectl
- Azure CLI
Usage:
SSH into an AKS agent node (pass in -c to run a single command
or omit for an interactive session):
./az-aks-ssh.sh \
-g|--resource-group <resource_group> \
-n|--cluster-name <cluster> \
-d|--node-name <node_name|any> \
[-c|--command <command>] \
[-o|--output-file <file>]
Delete all locally generated SSH keys (~/.ssh/az_aks_*):
./az-aks-ssh.sh --clear-local-ssh-keys
Delete the SSH proxy pod:
./az-aks-ssh.sh --delete-ssh-pod
Cleanup SSH (delete SSH proxy pod and remove all keys):
./az-aks-ssh.sh --cleanup
SSH into any agent node in an interactive SSH session
$ ./az-aks-ssh.sh -g rg1 -n aks1 -d any
SSH into a specific agent node (get node name from kubectl get no)
$ ./az-aks-ssh.sh -g rg1 -n aks1 -d cluster_node
Run a single command non-interactively
$ ./az-aks-ssh.sh -g rg1 -n aks1 -d any -c "ps -aux"
Run a command non-interactively and save the output to a file
$ ./az-aks-ssh.sh -g rg1 -n aks1 -d any -c "ps -aux" -o ~/aks-ssh.out
Cleanup the environment (delete agent node SSH keys locally and remove the SSH proxy pod)
$ ./az-aks-ssh.sh --cleanup
Design
SSH keys
The SSH keys are generated for individual nodes. This ensures that keys are not being reused for multiple hosts. --cleanup removes all keys that match the prefix: ~/.ssh/az_aks*.
SSH proxy pod
This design uses a proxy pod that sleeps forever so that it can be reused. --cleanup deletes this pod from the Kubernetes cluster. To see this pod you can run kubectl get po aks-ssh-session.