How to SSH to docker container in kubernetes cluster?

Question

I am fairly new to the Google Cloud Platform and Docker and set-up a cluster of nodes, made a Dockerfile that copies a repo and runs a Clojure REPL on a public port. I can connect to it from my IDE and play around with my code, awesome!

That REPL should however probably tunneled through SSH, but here is where my problem starts. I can't find a suitable place to SSH into for making changes to the repo that Docker runs the REPL on:

• The exposed IP just exposes the REPL service (correct kubernetes term?) and does not allow me to SSH in.
• Neither does the cluster master endpoint, it gives me a public key error even though I've followed the Adding or removing SSH keys for all of the instances in your project part here.

I would like to edit the source files via SSH but I would need to access the docker code repo. I don't know how to proceed.

I understand this isn't exactly a typical way to deploy applications so I am not even sure it's possible to have multiple nodes work with a modified docker codebase (do the nodes share the JVM somehow?).

Concretely my question is how do I SSH into the docker container to access the codebase?

Answer 1

In case of problems with a node of a Kubernetes cluster you probably want to read the log files on a node of the Kubernetes Cluster, as described here. This Kubernetes cluster is created with Azure Container Service (ACS).

 The following steps describe how to connect:

Here, I am using the Linux Bash Shell for Windows to do this.

 1. Ensure that the private ssh key is located in the .ssh directory with a name to find the cluster.

In bash copy the ssh file from your windows drive to the .ssh directory in bash:

 $ cp /mnt/c/repos/myproject/ssh/privatekeyopenssl .ssh/myproject-privatesshkey

(Don’t copy the file in Windows to C:\Users\ThisPC\AppData\Local\lxss\home\pascal\.ssh\ to make it available in Linux)

 2. You then have to create an ssh config file that looks like this (for a cluster with a master and 2 nodes):

Host Master

HostName mycluster.westeurope.cloudapp.azure.com

Port 22

User azureuser

IdentityFile /pascal/.ssh/myproject-privatesshkey

Host Node01

HostName 10.240.0.5

Port 22

User azureuser

ProxyCommand ssh -F /pascal/.ssh/config-myproject -q master -W %h:%p

IdentityFile /pascal/.ssh/myproject-privatesshkey

Host node02

HostName 10.240.0.4

Port 22

User azureuser

ProxyCommand ssh -F /pascal/.ssh/config-myproject -q master -W %h:%p

IdentityFile /pascal/.ssh/myproject-privatesshkey

You have to make sure that:

a) The HostName at the top is the name or the IP-address of your cluster

b) The HostName of the other sections (the nodes) is the IP-addresses of the nodes in your cluster. You can get the ip-addresses of the nodes with the Azure CLI:

az vm list-ip-addresses –resource-group “my-resourcegroup”

c) You can optionally add an extra alias to Host. Just separate with space. For example the VM name: Host node02 k8s-agent-E4126C94-1

d) The “User” (azureuser) is the name of the user which you used to provision the cluster

e) All paths (all paths with /pascal) are correct.

Type  $ pwd and in my case, it results in: /home/pascal

Use the last part in your config

f) All “IdentityFile” reference the ssh config file you have created in step 1. In this sample myproject-privatesshkey.

g) All “ProxyCommand” references the name of the file itself. So save the file with a name

to identify the config. In this sample:

config-myproject

h) This file is also located in the .ssh directory. In my case I had to copy it from Windows

to Linux:

$ cp /mnt/c/repos/myproject/ssh/config-myproject .ssh/config-myproject 

3. Now you can connect to the master, or any of the nodes easy.

To the master:

ssh -F ~/.ssh/config-myproject master 

Or to node02 for example:

ssh -F ~/.ssh/config-myproject node02 

You can copy files with this configuration also, like:

scp -F ~/.ssh/config-myproject node02:/var/log/* logs