Change any resource on Private AKS cluster

nirmalraj17 · October 9, 2022, 10:30am

I have created a private AKS cluster in Azure, and I am using the cloud shell to connect to the resources in AKS.

While connecting to the AKS, I see that we should use the commands to connect

az aks command invoke -g <resource_group> -n <aks_name> -c “Kubectl commands”

Now regular commands are working fine in this case, but how to edit any resource or get inside the created pod?

If it is not a private cluster, then kubectl edit commands or kubectl exec -it commands works seamlessly. But it seems not the case for private cluster.

Below are the errors while testing with private AKS cluster

unable to open vi editor
Unable to use a TTY - input is not a terminal or the right kind of file

Any pointers, how to connect and execute?

trung-kodekloud · October 11, 2022, 3:39am

Hello @nirmalraj17, please refer to this official guide from Microsoft for AKS cluster connecting.

I used below steps to connect to AKS cluster from CLOUD SHELL:

trung@Azure:~$ az account set --subscription {subscription_id}
trung@Azure:~$ az aks get-credentials --resource-group {resource-group-name} --name {cluster-name}

Then you can run kubectl command like below
trung@Azure:~$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
azure-ip-masq-agent-fd9jq 1/1 Running 0 2m44s
azure-ip-masq-agent-rmwdk 1/1 Running 0 2m56s
cloud-node-manager-7p5np 1/1 Running 0 2m44s
You can use vim to work with yaml file.
trung@Azure:~$ kubectl run nginx --image=nginx:alpine
pod/nginx created

trung@Azure:~$ kubectl get po nginx -o yaml > nginx.yaml
trung@Azure:~$ vi nginx.yaml

in VIM editor
press I to enter insert mode
press esc to exit insert mode
press :wq to save changes.

Happy learning,
Trung.

nirmalraj17 · October 15, 2022, 8:13am

Hello @trung-kodekloud , I understand that these commands will work only if you create a public AKS cluster. When you have a private cluster you cannot execute kubectl command directly to edit any resources or get inside container, this is what i observed. What I did to mitigate is to deploy a VM on the same vNet as the private AKS and then access the commands directly as kubectl.

trung-kodekloud · October 15, 2022, 9:18am

Hello @nirmalraj17

Can you let me know how you set up your AKS cluster?
Does your case fall to this case: Create a private Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service | Microsoft Learn?
And yes, deploying an additional VM in the same VNET with this private AKS cluster is the simplest way, there are also some options as below:

Use a VM in a separate network and set up Virtual network peering. See the section below for more information on this option.
Use an Express Route or VPN connection.
Use the AKS command invoke feature.
Use a private endpoint connection.

Happy learning,
Trung.