K
Q

SSH into GKE private cluster node

3/19/2019

I need to install a plugin on every node in my private-cluster. I've tried to add an external IP with:

gcloud compute instances add-access-config gke-private-cluster-nodename

It works, but then SSH into the node
(IP registered in cluster Authorized networks)

 gcloud compute ssh gke-private-cluster

"I get: Operation timed out"

Same when I try in the Compute-engine console but with error:

"We are unable to connect to the VM on port 22"

Is it some firewall rule that has to be enabled? Any hint would be helpful!

-- Calle Engene
elasticsearch
google-cloud-platform
google-kubernetes-engine

Similar Questions

How to handle multiple environments with Google Cloud Build and Kubernetes
Update Kafka in Kubernetes causes downtime
Istio sidecar upstream pod reconnection issue
nginx-ingress controller wordpress big files upload issue
Query kubernetes pod (inside VM) from my local machine

1 Answer

3/19/2019

You cannot install things on GKE nodes.

GKE nodes use an OS image with a read-only filesystem that doesn't allow you to install things https://cloud.google.com/container-optimized-os/docs/.

Not only it's a bad idea, your nodes are "temporary". When GKE automatically upgrades your Kubernetes node versions, all your VMs will be replaced with new VMs so SSHing them and trying to install things to them one by one just going to work for a few days.

To answer your question, by definition, "private clusters" aren't accessible from the internet. You should have a "bastion node" in that VPC network which you can SSH in then to access the private nodes. https://cloud.google.com/solutions/connecting-securely#bastion

-- AhmetB - Google
Source: StackOverflow