DevOps

SSH login to supervisor node in Tanzu Kubernetes Grid

We might need to access supervisor node via ssh for troubleshooting or configuration need for Tanzu Kubernetes Grid as service configured in vSphere.

3 min read
#Kubernetes#Tanzu

Introduction

We might need to access the supervisor node via ssh for some extreme troubleshooting or configuration need for Tanzu Kubernetes Grid as service configured in vSphere7 and above. This blog illustrates the node access process in simple steps.

Initial Setup

We assume that Tanzu Kubernetes Grid as service is configured in vSphere7.

Step summary

  1. Login to vCenter
  2. Fetch the private key
  3. Access supervisor node via ssh

Login to vCenter

Need to get the FQDN or IP for the vCenter server. We would need to SSH as “root” user to the server.

 ssh root@vc01.lab.vmware.comVMware vCenter Server 7.0.3.00800Type: vCenter Server with an embedded Platform Services Controller(root@vc01.lab.vmware.com) Password:root@vc01 [ ~ ]#

Fetch private key

Since workload management is configured and supervisor cluster is configured in the current setup, so we can assume the private key would be stored securely in vCenter.

we can navigate and fetch the key as below :

root@vc01 [ ~ ]# cd /usr/lib/vmware-wcproot@vc01 [ /usr/lib/vmware-wcp ]# ls -l | grep decryptk8pwd -i-rwx------ 1 root root 3049 Jun 24 2022 decryptK8Pwd.pyroot@vc01 [ /usr/lib/vmware-wcp ]# python decryptK8Pwd.pyRead key from fileConnected to PSQLCluster: domain-c8:cd257b1e-3809-4457-82fd-a442ef17836cIP: 10.220.14.142PWD: 3sFzX0sqkZ4jejuW/YTYGLBx67sxS/gvVmmH9Wko6ygYC/iXrKY1PlaakwJacLdO+g7bwJQ2FO08hnMnYDdxRYqsZv6XzVF3cAn0RlcEn1vmpI/DJVJZ1z3DVzRVYwBIaioxaErBcW6aTDY353b4LXxwvTerzMpmWweG6fID2Xc=------------------------------------------------------------

Access supervisor node via ssh

Tanzu Kubernetes Grid configures the supervisor cluster with Photon OS based VMs. these VMs can be located in vCenter or fetched as kubernetes nodes for supervisor cluster.

The operator admin can ssh login as “root” user into the VM with node FQDN or IP.

 k config get-contexts | grep ns1CURRENT   NAME                                     CLUSTER                                  AUTHINFO                                                                 NAMESPACE*         ns1                                      10.220.14.162                            wcp:10.220.14.162:administrator@vsphere.local                            ns1 k get no -o wideNAME                               STATUS   ROLES                  AGE   VERSION                INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                 KERNEL-VERSION       CONTAINER-RUNTIME4231ae00446076f7bf7a9bc740cff80c   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.173   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.94231f0a60627f2912eb6e11e340c17a4   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.172   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.94231fef8f0b796154cf53e53133774f3   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.174   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.9 ssh root@10.220.14.173(root@10.220.14.173) Password:Last login: Tue Jan 17 08:12:28 2023 from 10.109.145.56 08:54:32 up 1 day,  4:09,  0 users,  load average: 0.68, 0.63, 0.6326 Security notice(s)Run 'tdnf updateinfo info' to see the details.root@4231ae00446076f7bf7a9bc740cff80c [ ~ ]#

NOTE: For ssh access to node, we would use the fetched private key from the vCenter

With above steps, admin user can login to the supervisor k8s node as root user and perform the required housekeeping or other operations check as required.

Comments

Join the discussion using GitHub.