Version 1.2. This version is no longer supported as outlined in the Anthos version support policy. For the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem), upgrade to a supported version. You can find the most recent version here.

Available versions

Using SSH to connect to a cluster node

This page describes how to SSH into a GKE on-prem cluster node.

Getting the IP addresses of your cluster nodes

Get the IP addresses of your user cluster nodes:

kubectl --kubeconfig [USER_CLUSTER_KUBECONFIG] get nodes --output wide

where [USER_CLUSTER_KUBECONFIG] is the path of your user cluster's kubeconfig file.

Get the IP addresses of your admin cluster nodes:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get nodes --output wide

where [ADMIN_CLUSTER_KUBECONFIG] is the path of your admin cluster's kubeconfig file.

For either command, note the INTERNAL-IP field. These are the node IP addresses.

Using SSH to connect to a user cluster node

Get the SSH key for a user cluster:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get secrets -n [USER_CLUSTER_NAME] ssh-keys \
-o jsonpath='{.data.ssh\.key}' | base64 -d > \
~/.ssh/[USER_CLUSTER_NAME].key && chmod 600 ~/.ssh/[USER_CLUSTER_NAME].key

where:

[ADMIN_CLUSTER_KUBECONFIG] is the path of your admin cluster's kubeconfig file.
[USER_CLUSTER_NAME] is the name of your user cluster.

The preceding command performs the following steps:

From the admin cluster, get the ssh.key field of a Secret named ssh-keys in the [USER_CLUSTER_NAME] namespace.
Base64 decode the key.
Store the decoded key in the file ~/.ssh/[USER_CLUSTER_NAME].key.
Set appropriate access permissions for the key file.

Use the key to SSH into a user cluster node:

ssh -i ~/.ssh/[USER_CLUSTER_NAME].key ubuntu@[NODE_IP]

where [NODE_IP] is the internal IP address of a node in your user cluster, which you gathered previously.

Using SSH to connect to an admin cluster node

Get the SSH key for the admin cluster:

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get secrets -n kube-system sshkeys \
-o jsonpath='{.data.vsphere_tmp}' | base64 -d > \
~/.ssh/admin-cluster.key && chmod 600 ~/.ssh/admin-cluster.key

where [ADMIN_CLUSTER_KUBECONFIG] is the path of the admin cluster's kubeconfig file.

The preceding command performs the following steps:

From the admin cluster, get the vsphere_tmp field of a Secret named sshkeys in the kube-system namespace.
Base64 decode the vsphere_tmp field, which is the key.
Store the decoded key in the file ~/.ssh/admin-cluster.key.
Set appropriate access permissions for the key file.

Use the key to SSH into an admin cluster node:

ssh -i ~/.ssh/admin-cluster.key ubuntu@[NODE_IP]

where [NODE_IP] is the internal IP address of a node in the admin cluster, which you gathered previously.