Grant access to a private network
In some cases, your cluster sits in a private network. Although this is a very good practice, it means additional steps needs to be taken in order to allow our products to connect to your cluster.
Before following this guide, make sure that there is a way to reach your private network from a machine that is publicly exposed. This machine is commonly called a bastion host and it controls all access to your private network.
We will walk you through the creation of a specific user on the bastion host that will be used by our products to reach your cluster.
Following content assumes that your bastion is a Linux machine and ssh-keygen
binary is installed on it.
Next commands needs to be executed on your bastion with superuser privileges. Make sure you have the permissions to perform such commands or use sudo
command if itโs available.
This command will create a new kubolabs
system user.
This command will generate a SSH key pair that will be used by our products to authenticate on your bastion.
If the command is successful, two files would have been generated in the current directory:
kubolabs-key
: private key filekubolabs-key.pub
: public key file
Make sure to store kubolabs-key
file somewhere safe and do not share it publicly nor without encryption.
This command will add the SSH public key that we just created to the list of kubolabs
โs authorized SSH keys.
Anyone in possession of the private key will be allowed to connect on your bastion as kubolabs
user.
This command will make sure that the public key authentication is enabled.
If public key authentication is enabled, command output will be the following:
If the output is either:
Or:
You must enable it:
If something went wrong with this command, a backup of the original file is available at /etc/ssh/sshd_config.backup
.
This step is only required if your bastion is filtering the allowed incoming IPs. If you are not sure, ask your administrator.
Add the following IP to the list of authorized networks: 34.141.253.143.
Last updated