How to connect to OpenShift Container Platform 4.x Cluster nodes using ssh bastion pod?

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat OpenShift Container Platform
- 4.x

Issue

How to connect to OpenShift Container Platform 4.x Cluster nodes when they do not have external public IP?
How to connect to OpenShift Container Platform 4.x Cluster nodes from local machine?

Resolution

This method greatly utilizes the automation scripts present Content from github.com is not included.here. In order to connect to Openshift Container Platform 4 nodes, you need to follow given steps:
Login to Cluster
Create a file called 00-master-ssh-update-02.yaml with following content

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master
  name: 00-master-ssh-02
spec:
  config:
    passwd:
      users:
      - name: core
        sshAuthorizedKeys: |
          <<ssh-public rsa key goes here>>

Create the MachineConfig using command

oc create -f 00-master-ssh-update-02.yaml

Create bastion ssh pod

curl https://raw.githubusercontent.com/eparis/ssh-bastion/master/deploy/deploy.sh | bash

The status of machineconfiguration of nodes should be Done

$ oc describe node|grep machineconfig
                    machineconfiguration.openshift.io/currentConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/desiredConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/state: Done
                    machineconfiguration.openshift.io/currentConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/desiredConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/state: Done
                    machineconfiguration.openshift.io/currentConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/desiredConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/state: Done
                    machineconfiguration.openshift.io/currentConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/desiredConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/state: Done
                    machineconfiguration.openshift.io/currentConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/desiredConfig: rendered-worker-634a6b83277b055e4375b3c8b417fe06
                    machineconfiguration.openshift.io/state: Done
                    machineconfiguration.openshift.io/currentConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/desiredConfig: rendered-master-6531d86976435f6bffbec9593cf47f52
                    machineconfiguration.openshift.io/state: Done

Get the ssh.sh script locally to be able to connect to the nodes

curl -L -O https://raw.githubusercontent.com/eparis/ssh-bastion/master/ssh.sh &&
chmod +x ssh.sh

Connect to any of the nodes of your cluster using command

./ssh.sh ip-10-xyz.compute.internal

SBR

Shift

Product(s)

Red Hat OpenShift Container Platform

Components

cloud provider

Category

Troubleshoot

Tags

ocp_4
ssh

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.