Grant access to a private network
In some cases, your cluster sits in a private network. Although this is a very good practice, it means additional steps needs to be taken in order to allow our products to connect to your cluster.
Before following this guide, make sure that there is a way to reach your private network from a machine that is publicly exposed. This machine is commonly called a bastion host and it controls all access to your private network.
We will walk you through the creation of a specific user on the bastion host that will be used by our products to reach your cluster.
๐ Prerequisites
Following content assumes that your bastion is a Linux machine and ssh-keygen
binary is installed on it.
Next commands needs to be executed on your bastion with superuser privileges. Make sure you have the permissions to perform such commands or use sudo
command if itโs available.
๐ค Create a new user
This command will create a new kubolabs
system user.
useradd --system --create-home kubolabs
๐ Generate SSH keys
This command will generate a SSH key pair that will be used by our products to authenticate on your bastion.
ssh-keygen -t rsa -b 4096 -C "kubolabs" -N "" -q -f kubolabs-key
If the command is successful, two files would have been generated in the current directory:
kubolabs-key
: private key filekubolabs-key.pub
: public key file
Make sure to store kubolabs-key
file somewhere safe and do not share it publicly nor without encryption.
๐ Authorize SSH key to authenticate
This command will add the SSH public key that we just created to the list of kubolabs
โs authorized SSH keys.
mkdir /home/kubolabs/.ssh/
cat kubolabs-key.pub | tee -a /home/kubolabs/.ssh/authorized_keys
chown -R kubolabs:kubolabs /home/kubolabs/.ssh
chmod 0700 /home/kubolabs/.ssh
chmod 0644 /home/kubolabs/.ssh/authorized_keys
Anyone in possession of the private key will be allowed to connect on your bastion as kubolabs
user.
โ
Check public key authentication is enabled
This command will make sure that the public key authentication is enabled.
grep -E '^PubkeyAuthentication' /etc/ssh/sshd_config
If public key authentication is enabled, command output will be the following:
PubkeyAuthentication yes
If the output is either:
#PubkeyAuthentication yes
Or:
PubkeyAuthentication no
You must enable it:
sed -i=backup 's/#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
๐ฎ Allow access from our products
Add the following IP to the list of authorized networks: 34.141.253.143.
Last updated