Amazon EKS Operations ssh Tunnel into an EKS NodePort Service: Difference between revisions
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
=Overview= | =Overview= | ||
You will need ssh access to one of the EC2 nodes running any of the EKS cluster nodes. | You will need ssh access to one of the EC2 nodes running any of the EKS cluster nodes. The service to access will need to be either a [[Kubernetes_Service_Concepts#NodePort_Service|NodePort]] service or a [[Kubernetes_Service_Concepts#LoadBalancer_Service|LoadBalancer]] service, so the service opens ports on all EC2 Kubernetes nodes. The port number is the same on all nodes. | ||
=Procedure= | |||
ssh into the node and figure out the port the service is exposed on: | |||
<syntaxhighlight lang='text'> | <syntaxhighlight lang='text'> | ||
> netstat -nl | grep 30421 | kubectl -n <namespace> get svc | ||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |||
myservice LoadBalancer 172.20.224.75 <pending> 8080:30421/TCP,80:31242/TCP,443:31743/TCP 8m34s | |||
... | |||
</syntaxhighlight> | |||
In this case, the port we're interested in is 30421, which forwards invocations to the port 8080 on the pods. | |||
The NodePort service listens on all network interfaces on the EC2 node: | |||
<syntaxhighlight lang='text'> | |||
netstat -nl | grep 30421 | |||
tcp 0 0 0.0.0.0:30421 0.0.0.0:* LISTEN | tcp 0 0 0.0.0.0:30421 0.0.0.0:* LISTEN | ||
</syntaxhighlight> | |||
Setup the tunnel: | |||
<syntaxhighlight lang='text'> | |||
ssh ec2-user@<ec2-node-ip> -N -L <local-port>:localhost:30421 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 05:33, 5 May 2021
Internal
Overview
You will need ssh access to one of the EC2 nodes running any of the EKS cluster nodes. The service to access will need to be either a NodePort service or a LoadBalancer service, so the service opens ports on all EC2 Kubernetes nodes. The port number is the same on all nodes.
Procedure
ssh into the node and figure out the port the service is exposed on:
kubectl -n <namespace> get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice LoadBalancer 172.20.224.75 <pending> 8080:30421/TCP,80:31242/TCP,443:31743/TCP 8m34s
...
In this case, the port we're interested in is 30421, which forwards invocations to the port 8080 on the pods.
The NodePort service listens on all network interfaces on the EC2 node:
netstat -nl | grep 30421
tcp 0 0 0.0.0.0:30421 0.0.0.0:* LISTEN
Setup the tunnel:
ssh ec2-user@<ec2-node-ip> -N -L <local-port>:localhost:30421