Preparing the Bastion host

STEP 1 : Create Public Security List

Create Public Security List (bastion_public_sec_list) in same VCN as that of OKE Cluster for Bastion Node

  • Ingress Rules as: (where 10.0.22.0/24 is the CIDR planned to be used for bastion subnet) Bastion
  • Egress as: Bastion

STEP 2 : Create Private Security List

Create Private Security List (bastion_private_sec_list) in same VCN as that of OKE Cluster which will be added into Worker Node subnet.

  • Ingress Rules as: (where 10.0.22.0/24 is the CIDR planned to be used for bastion subnet) Bastion
  • Egress Rules as: Bastion

STEP 3 : Create Route Table

Create Route Table (oke-bastion-routetables) with below details which will be used for bastion subnet Bastion

STEP 4 : Create Bastion Subnet

Create Bastion Subnet with CIDR Block : 10.0.22.0/24 , RouteTable: oke-bastion-routetables (created in step 3) , Security List: bastion_public_sec_list ( created in Step 1) and DHCP Options : Default available Bastion

STEP 5 : Add Private Security to Worker Subnet for bastion access

Add the private security list (bastion_private_sec_list), created at Step 2 to Worker Subnet, so that bastion node can ssh to Worker Nodes Bastion

STEP 6 : Create Bastion Node

Create Bastion Node with Subnet as “bastion-subnet”, created at Step 4, Add the private security list (bastion_private_sec_list), created at Step 2 to Worker Subnet, so that bastion node can ssh to Worker Nodes

  • Update Name for the instance, Chose the Operating System Image, Availability Domain and Instance Type Bastion
  • Select the Compartment, VCN and Subnet Compartment where Cluster is created. Select the regional bastion-subnet created at Step4. Make sure to click on “Assign a public IP address”. Bastion
  • Once the bastion is created as shown below Bastion

STEP 7 : Access Worker Node from bastion host

a. Login to bastion host

scp -i id_rsa id_rsa opc@<bastion-host-address>:/home/opc
ssh -i id_rsa opc@<bastion-host-address>

b. Place a copy of id_rsa in bastion node to access worker node

ssh -i id_rsa opc@10.0.1.5

More details refer: https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/bastion-hosts.pdf