Open kubebn opened 2 days ago
Hello @kubebn why would you need the Bastion host ? Are you familiar with "Access a private AKS cluster using the command invoke or Run command feature" ?https://learn.microsoft.com/en-us/azure/aks/access-private-cluster?tabs=azure-cli
Hi @zioproto,
Yes, I am aware of this and have also tried it. However, we noticed that it’s not very practical from the operators’ perspective. Firstly, it takes longer to apply those commands because they create additional pods inside the cluster in order to invoke them. Secondly, cluster administrators prefer to use their own tools to debug and manage clusters when needed, such as k9s, istioctl for mesh debugging, fluxcd, etc. Thirdly, from an automation and security policy perspective, in some cases, we would not be able to have the az cli installed on the agents.
If you believe that the az command better suits those needs, that’s fine. Nevertheless, if you could share documentation, information, or a Terraform example showing how a private cluster can be used with a bastion, it would be greatly appreciated.
Check for previous/existing GitHub issues
Description
Hello,
It would be helpful to have an example of a private cluster with a bastion host in the “examples” subfolder. This would serve as a starting point for those unfamiliar with the Azure/AKS ecosystem. If we look at AWS/GKE modules, they provide examples of how this can be managed via Terraform. Thank you.