-
Notifications
You must be signed in to change notification settings - Fork 4
Explore
If you want to ssh to instances with a public ip simply do
ssh <Instance IP>while being logged on to your Ansible server as the user ansible.
To ssh to a private instance you need to use the jumphost as a ssh proxy. The command for this is
ssh -o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p ansible@<public-jumphost ip>" ansible@<private-instance ip>To simplify that process, two scripts are generated for your convenience. Access the cluster via ssh to the k8smaster ip being logged in on your Ansible server with user ansible.
$ ./ssh_masterAlternatively by:
$ ssh -o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p ansible@<JUMPHOST PUBLIC IP>" ansible@<MASTER PRIVATE IP>Both variants are using the key material of your current environment located in ~/.ssh.
If you need to use alternative key material, e.g. if you're managing MOADSD-NG with the MOADSD-NG-SERVER but you're not inside the container, you can still ssh into your master by specifying the private key to use:
$ ssh -i <PATH>/id_rsa -o ProxyCommand="ssh -i <PATH>/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p ansible@<JUMPHOST PUBLIC IP>" ansible@<MASTER PRIVATE IP>For the jumphost use
$ ./ssh_jumphostRemember:
- SSH user is always ansible
- Workload user is either root (RedHat) or ubuntu (Ubuntu)
SSH to the kubernetes master and switch to user ubuntu.
ssh <Kubernetes Master Public IP>sudo su - ubuntuAfterwards you have admin privileges on the cluster.
Some basic queries:
kubectl get nodeswatch 'kubectl get pods --all-namespaces -o wide'watch 'kubectl get pods -n smartcheck -o wide && echo && kubectl get services -n smartcheck -o wide'kubectl get pods --all-namespaces -o wide --show-labels && \
echo && kubectl get services --all-namespaces -o wide && \
echo && kubectl get nodeskubectl -n jenkins get pod --no-headers -o custom-columns=":metadata.name" | grep jenkinsFrom any location do a curl with the following syntax:
- Username and Password as configured in your site_secrets.yml
- If the jumphost does own the public IP address 3.125.0.91
- Replace the dots with dashes (3-125-0-91)
The full curl command will then look like:
curl -X GET https://username:password@registry-3-125-0-91.nip.io/v2/_catalogWiki
About MOADSD-NG
Getting Started
MOADSD-NG Containerized
MOADSD-NG Manual Setup
- Configure your Server
- Preparing to work with Google GCP
- Preparing to work with Amazon AWS
- Preparing to work with VMware ESXi
Adapt MOADSD-NG to Your Needs
The MOADSD-NG Life-Cycle
- Setup the Environment
- Deploy the Software Stack
- Deploy the Endpoints
- Pause the Environment
- Resume the Environment
- Terminate the Environment
- Update the Environment
Software Components
- [Deep Security]
- [Deep Security Smart Check]
- Container Orchestration
- Container Registry
- Cluster Storage
- Jenkins
- GitLab
- Linkerd
- [Prometheus]
- [Grafana]
Tipps
Final Words
Deprecated Chapters