在使用eksctl工具在AWS上创建EKS集群后,无法使用ssh来访问辅助计算机。怎么了?
Marcs-MBP:kubernetes tests marc$ eksctl create cluster --name=mycluster --ssh-public-key=~/.ssh/id_rsa.pub
2018-10-08T08:09:17+02:00 [ℹ] setting availability zones to [us-west-2c us-west-2b us-west-2a]
2018-10-08T08:09:17+02:00 [ℹ] using "ami-08cab282f9979fc7a" for nodes
2018-10-08T08:09:17+02:00 [ℹ] creating EKS cluster "mycluster" in "us-west-2" region
2018-10-08T08:09:17+02:00 [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
2018-10-08T08:09:17+02:00 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --name=mycluster'
2018-10-08T08:09:17+02:00 [ℹ] creating cluster stack "eksctl-mycluster-cluster"
2018-10-08T08:21:12+02:00 [ℹ] creating nodegroup stack "eksctl-mycluster-nodegroup-0"
2018-10-08T08:24:54+02:00 [✔] all EKS cluster resource for "mycluster" had been created
2018-10-08T08:24:54+02:00 [✔] saved kubeconfig as "/Users/marc/.kube/config"
2018-10-08T08:24:56+02:00 [ℹ] the cluster has 0 nodes
2018-10-08T08:24:56+02:00 [ℹ] waiting for at least 2 nodes to become ready
2018-10-08T08:25:29+02:00 [ℹ] the cluster has 2 nodes
2018-10-08T08:25:29+02:00 [ℹ] node "ip-192-168-121-173.us-west-2.compute.internal" is ready
2018-10-08T08:25:29+02:00 [ℹ] node "ip-192-168-228-63.us-west-2.compute.internal" is ready
2018-10-08T08:25:32+02:00 [ℹ] kubectl command should work with "/Users/marc/.kube/config", try 'kubectl get nodes'
2018-10-08T08:25:32+02:00 [✔] EKS cluster "mycluster" in "us-west-2" region is ready
现在将SSH访问从任何位置添加到安全组:sg-09a1acc782f2222cd,名称为eksctl-mycluster-nodegroup-0-SG-4KUHPKAY90D1。
Marcs-MBP:kubernetes tests marc$ ssh -i ~/.ssh/id_rsa.pub ec2-user@ec2-35-166-200-64.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2-35-166-200-64.us-west-2.compute.amazonaws.com (35.166.200.64)' can't be established.
ECDSA key fingerprint is SHA256:dDeYNRVqovc+pb3oEm271J4K+2OAcFvXSddUoZJTHRk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-35-166-200-64.us-west-2.compute.amazonaws.com,35.166.200.64' (ECDSA) to the list of known hosts.
ec2-user@ec2-35-166-200-64.us-west-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Marcs-MBP:kubernetes tests marc$
我不清楚如何使用ssh来访问我的工作机。知道怎么了吗?
使用eksctl版本
Marcs-MacBook-Pro:~ marc$ eksctl version
2018-10-08T08:44:49+02:00 [ℹ] versionInfo = map[string]string{"builtAt":"2018-09-12T14:57:03Z", "gitCommit":"2f553a2c54eb1390a7eb6746ccdc5da106fe518b", "gitTag":"0.1.2"}
答案 0 :(得分:3)
运行--ssh-access
时需要指定eksctl create cluster
选项。指定后,您可以在创建过程中看到以下日志消息:
[ℹ] importing SSH public key "/home/<USER_NAME>/.ssh/id_rsa.pub" as "eksctl-xxx-nodegroup-ng-a4cd5bb2-xx:xx:xx:xx:xx:xx:xx"
然后,您可以由ec2-user ssh进入主机:
ssh -i /home/<USER_NAME>/.ssh/id_rsa.pub ec2-user@ec2-xx-xx-xx-xx
答案 1 :(得分:0)
ssh
选项-i
接受对应于公共密钥的私有密钥,而您传递了包含公共密钥本身的文件名。
尝试
ssh -i ~/.ssh/id_rsa ec2-user@ec2-35-166-200-64.us-west-2.compute.amazonaws.com
顺便说一句,~/.ssh/id_rsa
通常是默认的私钥,因此很简单
ssh ec2-user@ec2-35-166-200-64.us-west-2.compute.amazonaws.com
也应该起作用。