Version 1.2. This version is no longer supported. For more information see the version support policy.

Using SSH to connect to a cluster node

This page describes how to SSH into a GKE on-prem cluster node.

Getting the IP addresses of your cluster nodes

Get the IP addresses of your user cluster nodes:

kubectl --kubeconfig [USER_CLUSTER_KUBECONFIG] get nodes --output wide

where [USER_CLUSTER_KUBECONFIG] is the path of your user cluster's kubeconfig file.

Get the IP addresses of your admin cluster nodes:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get nodes --output wide

where [ADMIN_CLUSTER_KUBECONFIG] is the path of your admin cluster's kubeconfig file.

For either command, note the INTERNAL-IP field. These are the node IP addresses.

Using SSH to connect to a user cluster node

Get the SSH key for a user cluster:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get secrets -n [USER_CLUSTER_NAME] ssh-keys \
-o jsonpath='{.data.ssh\.key}' | base64 -d > \
~/.ssh/[USER_CLUSTER_NAME].key && chmod 600 ~/.ssh/[USER_CLUSTER_NAME].key

where:

[ADMIN_CLUSTER_KUBECONFIG] is the path of your admin cluster's kubeconfig file.
[USER_CLUSTER_NAME] is the name of your user cluster.

The preceding command performs the following steps:

From the admin cluster, get the ssh.key field of a Secret named ssh-keys in the [USER_CLUSTER_NAME] namespace.
Base64 decode the key.
Store the decoded key in the file ~/.ssh/[USER_CLUSTER_NAME].key.
Set appropriate access permissions for the key file.

Use the key to SSH into a user cluster node:

ssh -i ~/.ssh/[USER_CLUSTER_NAME].key ubuntu@[NODE_IP]

where [NODE_IP] is the internal IP address of a node in your user cluster, which you gathered previously.

Using SSH to connect to an admin cluster node

Get the SSH key for the admin cluster:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get secrets -n kube-system sshkeys \
-o jsonpath='{.data.vsphere_tmp}' | base64 -d > \
~/.ssh/admin-cluster.key && chmod 600 ~/.ssh/admin-cluster.key

where [ADMIN_CLUSTER_KUBECONFIG] is the path of the admin cluster's kubeconfig file.

The preceding command performs the following steps:

From the admin cluster, get the vsphere_tmp field of a Secret named sshkeys in the kube-system namespace.
Base64 decode the vsphere_tmp field, which is the key.
Store the decoded key in the file ~/.ssh/admin-cluster.key.
Set appropriate access permissions for the key file.

Use the key to SSH into an admin cluster node:

ssh -i ~/.ssh/admin-cluster.key ubuntu@[NODE_IP]

where [NODE_IP] is the internal IP address of a node in the admin cluster, which you gathered previously.