VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取
整体文章
VMware vSphere Tanzu部署_01_Tanzu架构设计
VMware vSphere Tanzu部署_02_ESXI系统安装
VMware vSphere Tanzu部署_03_vCenter部署
VMware vSphere Tanzu部署_04_vCenter管理esxi并迁移网卡到DSwitch
VMware vSphere Tanzu部署_05_vyos虚拟路由器部署
VMware vSphere Tanzu部署_06_haproxy部署
VMware vSphere Tanzu部署_07_tanzu存储策略配置
VMware vSphere Tanzu部署_08_配置tanzu为单节点
VMware vSphere Tanzu部署_09_配置tanzu内容库
VMware vSphere Tanzu部署_10_开启Tanzu功能
VMware vSphere Tanzu部署_11_创建TKC命名空间
VMware vSphere Tanzu部署_12_下载使用Tanzu-K8S工具
VMware vSphere Tanzu部署_13_创建TKC集群
VMware vSphere Tanzu部署_14_部署容器应用
VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token
VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取
SupervisorControlPlaneVM密码获取
通过SSH方式登录vcenter
- vcenter开启SSH服务
- 通过SSH工具登录vcenter
执行获取密码脚本
- 在vcenter shell模式下执行/usr/lib/vmware-wcp/decryptK8Pwd.py命令
WARNING! The remote SSH server rejected X11 forwarding request.
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"
Command> shell
Shell access is granted to root
root@localhost [ ~ ]#
root@localhost [ ~ ]# /usr/lib/vmware-wcp/decryptK8Pwd.py
Read key from file
Connected to PSQL
Cluster: domain-c1006:5faca4d7-1112-4fca-abe4-59c2c8e11d31
IP: 192.168.201.20
PWD: aHj64&m':U0Q>$;5
------------------------------------------------------------
root@localhost [ ~ ]#
- 登录节点
[C:\~]$ ssh root@192.168.201.20
Connecting to 192.168.201.20:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
06:34:35 up 2 days, 18:36, 0 users, load average: 5.26, 3.67, 3.33
18 Security notice(s)
Run 'tdnf updateinfo info' to see the details.
root@423d5427dfdd12d9b2d6c462d1d172d1 [ ~ ]#
Tanzu Kubernetes Cluster Nodes密码获取
- 登录tanzu集群
jianhua@napp:~/tkc$ kubectl vsphere login --server=192.168.203.194 \
--vsphere-username administrator@vsphere.local \
--insecure-skip-tls-verify
KUBECTL_VSPHERE_PASSWORD environment variable is not set. Please enter the password below
Password:
Logged in successfully.
You have access to the following contexts:
192.168.203.194
tkc-01
If the context you wish to use is not in this list, you may need to try
logging in again later, or contact your cluster administrator.
To change context, use `kubectl config use-context <workload name>`
jianhua@napp:~/tkc$
- 切换context
jianhua@napp:~/tkc$ kubectl config use-context tkc-01
Switched to context "tkc-01".
jianhua@napp:~/tkc$
- 获取节点信息
jianhua@napp:~/tkc$ kubectl get virtualmachine -o wide
NAME POWERSTATE CLASS IMAGE PRIMARY-IP AGE
tkc-dev-cluster-control-plane-jmrk5 poweredOn best-effort-xsmall ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1 192.168.202.101 40h
tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-fpq6d poweredOn best-effort-xsmall ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1 192.168.202.102 40h
tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-kl9tx poweredOn best-effort-xsmall ob-22748270-tkgs-ova-photon-3-v1.26.10---vmware.1-fips.1-tkg.1 192.168.202.103 40h
jianhua@napp:~/tkc$
- 获取secrets
jianhua@napp:~/tkc$ kubectl get secrets
NAME TYPE DATA AGE
tkc-dev-cluster-auth-svc-cert kubernetes.io/tls 3 38h
tkc-dev-cluster-ca cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-ccm-secret kubernetes.io/service-account-token 3 38h
tkc-dev-cluster-control-plane-h5d9h cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-encryption Opaque 1 38h
tkc-dev-cluster-etcd cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-extensions-ca kubernetes.io/tls 3 38h
tkc-dev-cluster-kubeconfig cluster.x-k8s.io/secret 1 38h
tkc-dev-cluster-metrics-server-cert kubernetes.io/tls 3 38h
tkc-dev-cluster-proxy cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-pvcsi-secret kubernetes.io/service-account-token 3 38h
tkc-dev-cluster-sa cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-ssh kubernetes.io/ssh-auth 1 38h
tkc-dev-cluster-ssh-password Opaque 1 38h
tkc-dev-cluster-tck-dev-worker-mrt8q-7zsp4 cluster.x-k8s.io/secret 2 38h
tkc-dev-cluster-tck-dev-worker-mrt8q-fnm9s cluster.x-k8s.io/secret 2 38h
jianhua@napp:~/tkc$
jianhua@napp:~/tkc$ kubectl get secrets tkc-dev-cluster-ssh-password -o yaml
apiVersion: v1
data:
ssh-passwordkey: VEVGQTFMMDV2YU5tWHh5YUczay9JcSt2cGRJbXdBbFFnc1pRa294TDBSQT0=
kind: Secret
metadata:
creationTimestamp: "2024-07-03T13:33:52Z"
name: tkc-dev-cluster-ssh-password
namespace: tkc-01
ownerReferences:
- apiVersion: run.tanzu.vmware.com/v1alpha2
kind: TanzuKubernetesCluster
name: tkc-dev-cluster
uid: 827649f0-84e9-40b7-afdf-df4f8406bb43
resourceVersion: "768450"
uid: 2bd82333-1643-4037-b2fc-aa6b33d730cf
type: Opaque
jianhua@napp:~/tkc$
- 解密secrets
jianhua@napp:~/tkc$ echo VEVGQTFMMDV2YU5tWHh5YUczay9JcSt2cGRJbXdBbFFnc1pRa294TDBSQT0= | base64 --decode
TEFA1L05vaNmXxyaG3k/Iq+vpdImwAlQgsZQkoxL0RA=jianhua@napp:~/tkc$
- 登录节点
节点上的用户名为vmware-system-user
jianhua@napp:~/tkc$ ssh vmware-system-user@192.168.202.101
The authenticity of host '192.168.202.101 (192.168.202.101)' can't be established.
ED25519 key fingerprint is SHA256:BH2AbB4Py+nRdt+zVX5j7YvbJkx5trZA7xqqKlzQmYc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.202.101' (ED25519) to the list of known hosts.
(vmware-system-user@192.168.202.101) Password:
03:53:33 up 1 day, 14:17, 0 users, load average: 2.50, 1.75, 1.87
tdnf update info not available yet!
-bash: TMOUT: readonly variable
vmware-system-user@tkc-dev-cluster-control-plane-jmrk5 [ ~ ]$
参考文章
- Supervisor Control Plane VM's: https://knowledge.broadcom.com/external/article?legacyId=90194
- SSH to Tanzu Kubernetes Cluster Nodes:https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-37DC1DF2-119B-4E9E-8CA6-C194F39DDEDA.html