VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取

整体文章

VMware vSphere Tanzu部署_01_Tanzu架构设计

VMware vSphere Tanzu部署_02_ESXI系统安装

VMware vSphere Tanzu部署_03_vCenter部署

VMware vSphere Tanzu部署_04_vCenter管理esxi并迁移网卡到DSwitch

VMware vSphere Tanzu部署_05_vyos虚拟路由器部署

VMware vSphere Tanzu部署_06_haproxy部署

VMware vSphere Tanzu部署_07_tanzu存储策略配置

VMware vSphere Tanzu部署_08_配置tanzu为单节点

VMware vSphere Tanzu部署_09_配置tanzu内容库

VMware vSphere Tanzu部署_10_开启Tanzu功能

VMware vSphere Tanzu部署_11_创建TKC命名空间

VMware vSphere Tanzu部署_12_下载使用Tanzu-K8S工具

VMware vSphere Tanzu部署_13_创建TKC集群

VMware vSphere Tanzu部署_14_部署容器应用

VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取

SupervisorControlPlaneVM密码获取

通过SSH方式登录vcenter

  • vcenter开启SSH服务

  • 通过SSH工具登录vcenter

执行获取密码脚本

  • 在vcenter shell模式下执行/usr/lib/vmware-wcp/decryptK8Pwd.py命令
WARNING! The remote SSH server rejected X11 forwarding request.
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@localhost [ ~ ]# 

root@localhost [ ~ ]# /usr/lib/vmware-wcp/decryptK8Pwd.py
Read key from file

Connected to PSQL

Cluster: domain-c1006:5faca4d7-1112-4fca-abe4-59c2c8e11d31
IP: 192.168.201.20
PWD: aHj64&m':U0Q>$;5
------------------------------------------------------------

root@localhost [ ~ ]# 
  • 登录节点
[C:\~]$ ssh root@192.168.201.20


Connecting to 192.168.201.20:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.


WARNING! The remote SSH server rejected X11 forwarding request.
 06:34:35 up 2 days, 18:36,  0 users,  load average: 5.26, 3.67, 3.33

18 Security notice(s)
Run 'tdnf updateinfo info' to see the details.
root@423d5427dfdd12d9b2d6c462d1d172d1 [ ~ ]# 

Tanzu Kubernetes Cluster Nodes密码获取

  • 登录tanzu集群
jianhua@napp:~/tkc$ kubectl vsphere login --server=192.168.203.194 \
--vsphere-username administrator@vsphere.local \
--insecure-skip-tls-verify


KUBECTL_VSPHERE_PASSWORD environment variable is not set. Please enter the password below
Password: 
Logged in successfully.

You have access to the following contexts:
   192.168.203.194
   tkc-01

If the context you wish to use is not in this list, you may need to try
logging in again later, or contact your cluster administrator.

To change context, use `kubectl config use-context <workload name>`
jianhua@napp:~/tkc$ 
  • 切换context
jianhua@napp:~/tkc$ kubectl config use-context tkc-01
Switched to context "tkc-01".
jianhua@napp:~/tkc$ 
  • 获取节点信息
jianhua@napp:~/tkc$ kubectl get virtualmachine -o wide
NAME                                                          POWERSTATE   CLASS                IMAGE                                                            PRIMARY-IP        AGE
tkc-dev-cluster-control-plane-jmrk5                           poweredOn    best-effort-xsmall   ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1   192.168.202.101   40h
tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-fpq6d   poweredOn    best-effort-xsmall   ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1   192.168.202.102   40h
tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-kl9tx   poweredOn    best-effort-xsmall   ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1   192.168.202.103   40h
jianhua@napp:~/tkc$ 
  • 获取secrets
jianhua@napp:~/tkc$ kubectl get secrets
NAME                                         TYPE                                  DATA   AGE
tkc-dev-cluster-auth-svc-cert                kubernetes.io/tls                     3      38h
tkc-dev-cluster-ca                           cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-ccm-secret                   kubernetes.io/service-account-token   3      38h
tkc-dev-cluster-control-plane-h5d9h          cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-encryption                   Opaque                                1      38h
tkc-dev-cluster-etcd                         cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-extensions-ca                kubernetes.io/tls                     3      38h
tkc-dev-cluster-kubeconfig                   cluster.x-k8s.io/secret               1      38h
tkc-dev-cluster-metrics-server-cert          kubernetes.io/tls                     3      38h
tkc-dev-cluster-proxy                        cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-pvcsi-secret                 kubernetes.io/service-account-token   3      38h
tkc-dev-cluster-sa                           cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-ssh                          kubernetes.io/ssh-auth                1      38h
tkc-dev-cluster-ssh-password                 Opaque                                1      38h
tkc-dev-cluster-tck-dev-worker-mrt8q-7zsp4   cluster.x-k8s.io/secret               2      38h
tkc-dev-cluster-tck-dev-worker-mrt8q-fnm9s   cluster.x-k8s.io/secret               2      38h
jianhua@napp:~/tkc$ 


jianhua@napp:~/tkc$ kubectl get secrets tkc-dev-cluster-ssh-password -o yaml
apiVersion: v1
data:
  ssh-passwordkey: VEVGQTFMMDV2YU5tWHh5YUczay9JcSt2cGRJbXdBbFFnc1pRa294TDBSQT0=
kind: Secret
metadata:
  creationTimestamp: "2024-07-03T13:33:52Z"
  name: tkc-dev-cluster-ssh-password
  namespace: tkc-01
  ownerReferences:
  - apiVersion: run.tanzu.vmware.com/v1alpha2
    kind: TanzuKubernetesCluster
    name: tkc-dev-cluster
    uid: 827649f0-84e9-40b7-afdf-df4f8406bb43
  resourceVersion: "768450"
  uid: 2bd82333-1643-4037-b2fc-aa6b33d730cf
type: Opaque
jianhua@napp:~/tkc$ 
  • 解密secrets
jianhua@napp:~/tkc$ echo VEVGQTFMMDV2YU5tWHh5YUczay9JcSt2cGRJbXdBbFFnc1pRa294TDBSQT0= | base64 --decode
TEFA1L05vaNmXxyaG3k/Iq+vpdImwAlQgsZQkoxL0RA=jianhua@napp:~/tkc$ 
  • 登录节点

节点上的用户名为vmware-system-user

jianhua@napp:~/tkc$ ssh vmware-system-user@192.168.202.101
The authenticity of host '192.168.202.101 (192.168.202.101)' can't be established.
ED25519 key fingerprint is SHA256:BH2AbB4Py+nRdt+zVX5j7YvbJkx5trZA7xqqKlzQmYc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.202.101' (ED25519) to the list of known hosts.
(vmware-system-user@192.168.202.101) Password: 
 03:53:33 up 1 day, 14:17,  0 users,  load average: 2.50, 1.75, 1.87
tdnf update info not available yet!
-bash: TMOUT: readonly variable
vmware-system-user@tkc-dev-cluster-control-plane-jmrk5 [ ~ ]$ 

参考文章

posted @ 2024-07-05 14:39  二乘八是十六  阅读(58)  评论(0编辑  收藏  举报