Hello readers, I’ll be covering about the details of How to access the private cluster using bastion server on Azure portal. This guide presupposes that you have a fundamental knowledge of cloud .
prerequisite :
- An Azure subscription-enabled account. Create one for free if you don’t already have one.
- Create a resource group
- Create a Virtual network and subnet
- Install Azure CLI version 2.28.0 and higher.
Firstly we need to create a private cluster and a Bastion server.
Creating private cluster
You may guarantee that network communication between your API server and your node pools only travels over the private network by utilising a private cluster.
so let’s start with the practical , In Search bar, type kubernetes service and select the create (create kubernetes cluster)option as shown in the below image of kubenetes service page.
- select the region .
- specify the name of the cluster .
- choose the region and availability zone .
- for networking select the Vnet from the dropdown of virtual network .
- tick out the field for enabling private cluster as shown in the security column .
- To perform validation, choose Review + create. After validation is successful, choose Create to set up the private cluster.
In cluster configration i have added 1 node cluster ,you can add your node as per your requirement .
or you can create a private cluster using cli
az aks create --resource-group <private-cluster-resource-group> --name <private-cluster-name> --load-balancer-sku standard --enable-private-cluster --network-plugin azure --vnet-subnet-id <subnet-id> --docker-bridge-address 172.17.0.1/16 --dns-service-ip 10.2.0.10 --service-cidr 10.2.0.0/24The az aks get-credentials command lets you get the access credentials for an AKS cluster and merges them into the kubeconfig file.
az account set --subscription 0404aa10-4732-4901-9e9d-504e702fd529
az aks get-credentials --resource-group Devops1 --name Devops1_private_cluster
Creating bastion server
The Bastion Host or Bastion Server is any object that offers perimeter access control security. In actuality, a Bastion host, often referred to as a Jump Box, is a dedicated computer on a network that serves as a proxy server and enables client workstations to connect to the remote server. When a private network has to be accessed from an external network, like the Internet, Bastion hosts are utilised as a server.
In Search bar, type vitual machine and select the create option as shown in the below image of vitual instance page.
- select the region.
- specify the name of the virtual machine.
- select the region that you have selected for your private cluster.
- choose the image of
- generate a ssh public key
- Under Inbound port rules, choose Allow selected ports and then select ssh(22) .
- After validation runs, select the Create button at the bottom of this page.
Do ssh on your terminal using public ip of your server
ssh -i bastion-vm_key.pem azureuser@20.118.32.224
now install kubectl and azure cli on your bastion server
as you can see we are able to access the private cluster from the bastion server.
Reference:
https://blog.knoldus.com/how-to-create-a-site-to-site-vpn-connection-in-the-azure-portal/
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal
In Conclusion:
The blog explained How to access the private cluster using bastion server on Azure portal where we have created a private cluster and bastion server and at last we are able to access the private cluster from our server.I hope you enjoyed this practical instruction.
