In this tutorial, we will learn about how to connect to EKS worker nodes using 5 steps. In Kubernetes, workloads are deployed in containers and containers are deployed in pods. A pod can have one or more containers deployed. These can be combination of main containers, sidecar containers and init containers. All the workload pods are deployed in worker nodes and management of all these worker nodes are done by master nodes. Hence, we often need to SSH to the worker nodes for troubleshooting workload related bugs.
What are Worker Nodes
In Kubernetes, worker nodes are the nodes in cluster where actual workloads are running. In EKS, after provisioning the EKS cluster, we create one or more Node Groups. Each node group is a collection of worker nodes. Each worker node is a standard Amazon EC2 instance. A cluster can have multiple node groups depending on the requirements of an application.
How to Connect to EKS Worker Nodes [5 Steps]
Please follow below steps to learn how to connect to EKS worker nodes. Before starting on below steps, please make sure prerequisites are met.
Step-1: Verify SSH Enabled in Node Group
In this step, go to Amazon EKS service and click on your EKS cluster. Under compute tab, select node group name where you want to access nodes via SSH. Check if SSH connectivity is enabled for that node group. If Configure SSH access to nodes is set to on, it means SSH access is enabled for the current node group as shown below.
Step-2: Copy .pem file
In this step, copy .pem key file from your local machine to your current terminal. If you have kept the key file in windows machine, you can use tools like WinSCP to copy the file from local to current terminal. After copied, check if file is present in the machine using below command.
[ec2-user@linuxnasa~]$ ll -rwx------. 1 ec2-user ec2-user 1434 Mar 25 14:06 ec2-instance-key.pem
Step-3: List down Worker Nodes
In this step, list down all the worker nodes in your cluster using below command. -o wide flag will show the ip of each worker node.
[ec2-user@linuxnasa~]$ kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME ip-10-120-180-56.ap-south-1.compute.internal Ready <none> 40m v1.22.17-eks-a59e1f0 10.120.180.56 <none> Amazon Linux 2 5.4.238-148.346.amzn2.x86_64 docker://20.10.17 ip-10-120-180-44.ap-south-1.compute.internal Ready <none> 40m v1.22.17-eks-a59e1f0 10.120.180.44 <none> Amazon Linux 2 5.4.238-148.346.amzn2.x86_64 docker://20.10.17
Step-4: Change .pem Key file permission
In this step, give the .pem key file executable permission using below command. 700 file permission will give all the access to only the file owner. Groups and others will be restricted to access this key file.
[ec2-user@linuxnasa~]$ chmod 700 ec2-instance-key.pem
Step-5: Connect to a Worker Node
In this step after changing the permission of .pem file, try to connect to any of the worker node using .pem file using below command. For the first time login to any worker node, it will ask for connectivity confirmation as shown below.
[ec2-user@linuxnasa~]$ ssh -i ec2-instance-key.pem [email protected] The authenticity of host '10.120.180.44 (10.120.180.44)' can't be established. ED25519 key fingerprint is SHA256:sOSdewFpU3MRtWSWGUl4/HBpj3WpvkWQ3Ll0LAoxSoE. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.120.180.44' (ED25519) to the list of known hosts. Last login: Thu Apr 6 01:36:42 2023 from 22.214.171.124 __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-10-120-180-44 ~]$
In above command
ec2-user: user as which connect to worker node
10.120.180.44: Ip of the worker node
In this tutorial, we learnt about how we can connect to worker nodes Using SSH. Depending on the workload, nodes in node groups get scaled up or scaled down. The scaling takes place depending on the configuration that was done while creating the node group. You can explore more on how workload deployment works in EKS. Read more about workloads and its management here .