siteLogoTxConsole

KUBERNETES

SSH login to supervisor node in Tanzu Kubernetes Grid

17 January 2023

3 min read

Share
Author

Introduction

We might need to access the supervisor node via ssh for some extreme troubleshooting or configuration need for Tanzu Kubernetes Grid as service configured in vSphere7 and above. This blog illustrates the node access process in simple steps.

Initial Setup

We assume that Tanzu Kubernetes Grid as service is configured in vSphere7.

Step summary

  1. Login to vCenter
  2. Fetch the private key
  3. Access supervisor node via ssh

Login to vCenter

Need to get the FQDN or IP for the vCenter server. We would need to SSH as "root" user to the server.

 ssh root@vc01.lab.vmware.com
 
VMware vCenter Server 7.0.3.00800
 
Type: vCenter Server with an embedded Platform Services Controller
 
(root@vc01.lab.vmware.com) Password:
 
root@vc01 [ ~ ]#

Fetch private key

Since workload management is configured and supervisor cluster is configured in the current setup, so we can assume the private key would be stored securely in vCenter.

we can navigate and fetch the key as below :

root@vc01 [ ~ ]# cd /usr/lib/vmware-wcp
root@vc01 [ /usr/lib/vmware-wcp ]# ls -l | grep decryptk8pwd -i
-rwx------ 1 root root 3049 Jun 24 2022 decryptK8Pwd.py
 
root@vc01 [ /usr/lib/vmware-wcp ]# python decryptK8Pwd.py
Read key from file
Connected to PSQL
Cluster: domain-c8:cd257b1e-3809-4457-82fd-a442ef17836c
IP: 10.220.14.142
PWD: 3sFzX0sqkZ4jejuW/YTYGLBx67sxS/gvVmmH9Wko6ygYC/iXrKY1PlaakwJacLdO+g7bwJQ2FO08hnMnYDdxRYqsZv6XzVF3cAn0RlcEn1vmpI/DJVJZ1z3DVzRVYwBIaioxaErBcW6aTDY353b4LXxwvTerzMpmWweG6fID2Xc=
------------------------------------------------------------

Access supervisor node via ssh

Tanzu Kubernetes Grid configures the supervisor cluster with Photon OS based VMs. these VMs can be located in vCenter or fetched as kubernetes nodes for supervisor cluster.

The operator admin can ssh login as "root" user into the VM with node FQDN or IP.

 k config get-contexts | grep ns1
CURRENT   NAME                                     CLUSTER                                  AUTHINFO                                                                 NAMESPACE
*         ns1                                      10.220.14.162                            wcp:10.220.14.162:administrator@vsphere.local                            ns1
 
 k get no -o wide
NAME                               STATUS   ROLES                  AGE   VERSION                INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                 KERNEL-VERSION       CONTAINER-RUNTIME
4231ae00446076f7bf7a9bc740cff80c   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.173   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.9
4231f0a60627f2912eb6e11e340c17a4   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.172   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.9
4231fef8f0b796154cf53e53133774f3   Ready    control-plane,master   28h   v1.22.6+vmware.wcp.2   10.220.14.174   <none>        VMware Photon OS/Linux   4.19.229-2.ph3-esx   containerd://1.5.9
 
 ssh root@10.220.14.173
(root@10.220.14.173) Password:
Last login: Tue Jan 17 08:12:28 2023 from 10.109.145.56
 08:54:32 up 1 day,  4:09,  0 users,  load average: 0.68, 0.63, 0.63
 
26 Security notice(s)
Run 'tdnf updateinfo info' to see the details.
root@4231ae00446076f7bf7a9bc740cff80c [ ~ ]#

NOTE: For ssh access to node, we would use the fetched private key from the vCenter

With above steps, admin user can login to the supervisor k8s node as root user and perform the required housekeeping or other operations check as required.

Discuss on Twitter