How to access the private cluster using bastion server on Azure portal

Reading Time: 3 minutes

Hello readers, I’ll be covering about the details of How to access the private cluster using bastion server on Azure portal. This guide presupposes that you have a fundamental knowledge of cloud .

prerequisite :

  1. An Azure subscription-enabled account. Create one for free if you don’t already have one.
  2. Create a resource group
  3. Create a Virtual network and subnet
  4. Install Azure CLI version 2.28.0 and higher.

Firstly we need to create a private cluster and a Bastion server.

Creating private cluster

You may guarantee that network communication between your API server and your node pools only travels over the private network by utilising a private cluster.

so let’s start with the practical , In Search bar, type kubernetes service and select the create (create kubernetes cluster)option as shown in the below image of kubenetes service page.

  1. select the region .
  2. specify the name of the cluster .
  3. choose the region and availability zone .
  4. for networking select the Vnet from the dropdown of virtual network .
  5. tick out the field for enabling private cluster as shown in the security column .
  6. To perform validation, choose Review + create. After validation is successful, choose Create to set up the private cluster.

In cluster configration i have added 1 node cluster ,you can add your node as per your requirement .

or you can create a private cluster using cli

az aks create --resource-group <private-cluster-resource-group> --name <private-cluster-name> --load-balancer-sku standard --enable-private-cluster --network-plugin azure --vnet-subnet-id <subnet-id> --docker-bridge-address --dns-service-ip --service-cidr

The az aks get-credentials command lets you get the access credentials for an AKS cluster and merges them into the kubeconfig file.

az account set --subscription 0404aa10-4732-4901-9e9d-504e702fd529

az aks get-credentials --resource-group Devops1 --name Devops1_private_cluster

Creating bastion server

The Bastion Host or Bastion Server is any object that offers perimeter access control security. In actuality, a Bastion host, often referred to as a Jump Box, is a dedicated computer on a network that serves as a proxy server and enables client workstations to connect to the remote server. When a private network has to be accessed from an external network, like the Internet, Bastion hosts are utilised as a server.

In Search bar, type vitual machine and select the create option as shown in the below image of vitual instance page.

  1. select the region.
  2. specify the name of the virtual machine.
  3. select the region that you have selected for your private cluster.
  4. choose the image of
  5. generate a ssh public key
  6. Under Inbound port rules, choose Allow selected ports and then select ssh(22) .
  7. After validation runs, select the Create button at the bottom of this page.

Do ssh on your terminal using public ip of your server

ssh -i bastion-vm_key.pem azureuser@

now install kubectl and azure cli on your bastion server

as you can see we are able to access the private cluster from the bastion server.


In Conclusion:

The blog explained How to access the private cluster using bastion server on Azure portal where we have created a private cluster and bastion server and at last we are able to access the private cluster from our server.I hope you enjoyed this practical instruction.