Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan cara mengakses VM pengguna dari host dengan koneksi tunnel VPN.
Host di jaringan jarak jauh dengan koneksi tunnel VPN ke organisasi GDC dapat mengakses antarmuka utama VM pengguna organisasi, dengan asumsi traffic keluar dan masuk ke project yang berisi VM pengguna diizinkan.
Sebelum memulai
Untuk mengonfigurasi traffic masuk dan keluar untuk tunnel VPN, Anda harus memiliki hal berikut:
Tunnel VPN yang ada. Untuk mengetahui informasi selengkapnya, lihat Membuat tunnel VPN.
Telah mengaktifkan traffic keluar dan masuk ke project yang berisi VM. Untuk mengetahui informasi selengkapnya, lihat Mengontrol traffic ingress dan egress.
Peran akses dan identitas yang diperlukan:
Admin VPN: memiliki izin baca dan tulis pada semua resource terkait VPN. Minta Admin IAM Organisasi Anda untuk memberi Anda peran VPN Admin (vpn-admin).
Pelihat VPN: memiliki izin baca pada semua resource terkait VPN. Minta Admin IAM Organisasi Anda untuk memberi Anda peran VPN Viewer (vpn-viewer).
Project VirtualMachine Admin: mengelola VM di namespace project. Minta Admin IAM Organisasi Anda untuk memberi Anda peran Project VirtualMachine Admin (project-vm-admin).
Untuk mengetahui informasi selengkapnya, lihat Definisi peran.
Mengakses VM pengguna
Ikuti langkah-langkah berikut untuk mengakses antarmuka utama VM pengguna:
Dapatkan antarmuka VM pengguna dengan melihat objek VirtualMachine masing-masing
di cluster admin org:
MANAGEMENT_API_SERVER: jalur kubeconfig server
API zona. Jika Anda belum membuat file kubeconfig
untuk server API di zona target, lihat
Login untuk mengetahui detailnya.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[[["\u003cp\u003eHosts connected to a GDC organization via a VPN tunnel can access user VMs' primary interfaces.\u003c/p\u003e\n"],["\u003cp\u003eAccessing user VMs requires that both egress and ingress traffic are enabled for the project containing the VM.\u003c/p\u003e\n"],["\u003cp\u003eYou must have either the VPN Admin or VPN Viewer role, in addition to the Project VirtualMachine Admin role.\u003c/p\u003e\n"],["\u003cp\u003eThe primary interface details of a user VM, like the IP address, can be obtained by viewing its \u003ccode\u003eVirtualMachine\u003c/code\u003e object using a \u003ccode\u003ekubectl\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eOnce you obtain the IP of the primary interface, it is possible to connect to the user VM via \u003ccode\u003essh\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Access user VMs\n\nThis page describes how to access user VMs from a host with a VPN tunnel connection.\n\nHosts in the remote network with a VPN tunnel connection to a\nGDC organization can access the primary interface of\norganization user VMs, assuming egress and ingress traffic to the project containing the\nuser VM is allowed.\n\nBefore you begin\n----------------\n\nTo configure ingress and egress traffic for a VPN tunnel, you must have the following:\n\n- An existing VPN tunnel. For more information, see [Create a VPN tunnel](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/vpn/configure-the-tunnel).\n- Have enabled egress and ingress traffic to the project containing the VM. For more information, see [Control ingress and egress traffic](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/vpn/egress-and-ingress).\n- The necessary identity and access roles:\n\n - VPN Admin: has read and write permissions on all VPN-related resources. Ask your Organization IAM Admin to grant you the VPN Admin (`vpn-admin`) role.\n - VPN Viewer: has read permissions on all VPN-related resources. Ask your Organization IAM Admin to grant you the VPN Viewer (`vpn-viewer`) role.\n - Project VirtualMachine Admin: manages VMs in the project namespace. Ask your Organization IAM Admin to grant you the Project VirtualMachine Admin (`project-vm-admin`) role.\n - For more information, see [Role definitions](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/role-definitions).\n\nAccess the user VM\n------------------\n\nFollow these steps to access the primary interface of the user VM:\n\n1. Get the interfaces of the user VM by viewing its respective `VirtualMachine` object\n in the org admin cluster:\n\n kubectl --kubeconfig \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER\u003c/var\u003e get -n \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e gvm \u003cvar translate=\"no\"\u003eVM_NAME\u003c/var\u003e -ojson | jq '.status.network.interfaces'\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER\u003c/var\u003e: the zonal API server's kubeconfig path. If you have not yet generated a kubeconfig file for the API server in your targeted zone, see [Sign in](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/sign-in#cli) for details.\n - \u003cvar translate=\"no\"\u003eVM_NAME\u003c/var\u003e: the name of the `VirtualMachine` object.\n\n The output looks like the following example: \n\n [\n {\n \"ipAddresses\": [\n \"172.16.19.189\"\n ],\n \"macAddress\": \"8a:fc:81:0b:41:dc\",\n \"name\": \"net1\"\n }\n ]\n ```\n\n2. Hosts in the remote network with a VPN tunnel connection to a GDC organization\n can access user VMs through the primary `net1` interface:\n\n /home/ubuntu# ssh -i ~/vm-access user@172.16.19.189\n\n Note, for SSH access details including retrieving a key for a VM, see [Connect\n to a VM](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/vms/connect-to-vm/connect-to-a-vm)."]]