Grant access to a private network

In some cases, your cluster sits in a private network. Although this is a very good practice, it means additional steps needs to be taken in order to allow our products to connect to your cluster.

Before following this guide, make sure that there is a way to reach your private network from a machine that is publicly exposed. This machine is commonly called a bastion host and it controls all access to your private network.

We will walk you through the creation of a specific user on the bastion host that will be used by our products to reach your cluster.

📝 Prerequisites

Following content assumes that your bastion is a Linux machine and ssh-keygen binary is installed on it.

👤 Create a new user

This command will create a new kubolabs system user.

useradd --system --create-home kubolabs

useradd --disabled-password --system kubolabs

🔐 Generate SSH keys

This command will generate a SSH key pair that will be used by our products to authenticate on your bastion.

ssh-keygen -t rsa -b 4096 -C "kubolabs" -N "" -q -f kubolabs-key

If the command is successful, two files would have been generated in the current directory:

• kubolabs-key: private key file

• kubolabs-key.pub: public key file

🛂 Authorize SSH key to authenticate

This command will add the SSH public key that we just created to the list of kubolabs’s authorized SSH keys.

✅ Check public key authentication is enabled

This command will make sure that the public key authentication is enabled.

If public key authentication is enabled, command output will be the following:

If the output is either:

Or:

You must enable it:

👮 Allow access from our products

Add the following IP to the list of authorized networks: 34.141.253.143.