Bastion hosts

[ba1997]

Skip to content Enterprise Search or jump to… Pull requests Issues Explore

@Basavaraj-J-N https://github.ibm.com/NetworkTribe / ELBaaS-VPC Public Code Issues 1.3k Pull requests 92 Zenhub Wiki Security Insights Editing LBaaS IKS Clusters Bastion hosts LBaaS IKS Clusters Bastion hosts

Edit mode: Markdown

Production

Prod US-EAST

TSH Proxy: 294ee1a7aa124ba7aa16faa64c5f689a-pwvtcny8.bastionx.cloud.ibm.com:443

TSH Cluster Name: LBaaS-VPC-Prod-Washington-bastion

Prod US-SOUTH

TSH Proxy: lbaas-vpc-prod-da-780486-c3e60e9cf1501ba6a8891440499d5a05-i004.us-south.containers.appdomain.cloud:443

TSH Cluster Name: LBaaS-VPC-Prod-Dallas-bastion

Hawkeye Prod US-SOUTH

TSH Proxy: cch49rgd04n3ods3o6d0-50iy8kr70oi3f9oraxvw.bastionx.cloud.ibm.com:443

TSH Cluster Name: HawkEye-Prod-US-South-bastion

Hawkeye Prod EU-DE

TSH Proxy: cch55qff09p36qcn42mg-cavtn98b7daot0ez02wp.bastionx.cloud.ibm.com:443

TSH Cluster Name: HawkEye-Prod-EU-DE-bastion

Hawkeye Prod JP-TOK

TSH Proxy: cch58s9t0gmtlqqqv2og-suag3fsvtq7nagzo1j09.bastionx.cloud.ibm.com:443

TSH Cluster Name: HawkEye-Prod-JP-TOK-bastion

---

Staging

Staging US-EAST

TSH Proxy: lbaas-vpc-staging-washi-c64bf533c08cd1db7737821c733f7788-i005.us-east.containers.appdomain.cloud:443

TSH Cluster Name: LBaaS-VPC-Staging-Washington-bastion

Staging US-SOUTH

TSH Proxy: lbaas-vpc-staging-dallas-c64bf533c08cd1db7737821c733f7788-i013.us-south.containers.appdomain.cloud:443

TSH Cluster Name: LBaaS-VPC-Staging-Dallas-bastion

Hawkeye Staging US-SOUTH

TSH Proxy: cc7u54hd01vpn9fmunp0-phppf0abz1bym4bmjfx0.bastionx.cloud.ibm.com:443

TSH Cluster Name: hawkeye-staging-us-south-bastion

---

How to login?

tsh login --proxy <BASTION Host Name> --request-reason=<Change Request or Incident >
tsh kube login <Cluster Name>

---

Upgrade procedure

1. Install the pre-reqs for deployment

2. Get the required bastion bundle from bastion repo

3. Upgrade the bastion images

   a)  Unzip the iks_deploy.zip
   b) Execute deploy script with desired options, iks_deploy/scripts/iks_deploy.sh
   ./iks_deploy.sh -vr ${ROLE_ID} -vs ${SECRET_ID} -vn ${VAULT_ID} -sn is -n teleport  --private-lb --lb-ip ${IP_LIST}   --skip-check   --upgrade-image   -v latest  --oss-version  latest --audit-version latest

4. Verify the tsh login into the cluster after upgrade.

Update local /etc/hosts with static IPs for faster access to the bastion endpoints

10.191.89.173   lbaas-vpc-staging-washi-c64bf533c08cd1db7737821c733f7788-i005.us-east.containers.appdomain.cloud
10.220.134.82   lbaas-vpc-staging-dallas-c64bf533c08cd1db7737821c733f7788-i013.us-south.containers.appdomain.cloud
10.73.230.130   cc7u54hd01vpn9fmunp0-phppf0abz1bym4bmjfx0.bastionx.cloud.ibm.com
10.74.101.60    lbaas-vpc-prod-da-780486-c3e60e9cf1501ba6a8891440499d5a05-i004.us-south.containers.appdomain.cloud
10.188.137.44   294ee1a7aa124ba7aa16faa64c5f689a-pwvtcny8.bastionx.cloud.ibm.com
10.187.187.117  cch49rgd04n3ods3o6d0-50iy8kr70oi3f9oraxvw.bastionx.cloud.ibm.com
10.192.32.51    cch58s9t0gmtlqqqv2og-suag3fsvtq7nagzo1j09.bastionx.cloud.ibm.com
10.123.214.181  cch55qff09p36qcn42mg-cavtn98b7daot0ez02wp.bastionx.cloud.ibm.com

Bastion Login request reason

• During Deployments During deployment the CR will be used as --request-reason for logging to Bastion
• For any Debug or Data collection An incident has to be created under configuration item: is-load-balancer and the incident should be used with --request-reason for logging to Bastion No file chosen Attach files by dragging & dropping, selecting or pasting them. Styling with Markdown is supported Edit message Write a small message here explaining this change. (Optional) FooterIBM - Office of the CIO IBM - Office of the CIO IBM - Office of the CIO © 2024 GitHub, Inc. Footer navigation Help Support API Training Blog About GitHub Enterprise Server 3.8.15 Editing LBaaS IKS Clusters Bastion hosts · NetworkTribe/ELBaaS-VPC Wiki