环境参数
| 项目 | 描述 | 备注 |
|---|---|---|
| vSphere | vSphere7.0u2a | 17867351 |
| vCenter | VCSA-.7.0.2 | 17920168 |
| NSX-T Datacenter | 3.1.2.1.0 | 17975795 |
| Tanzu | 1.3.1 |
官网方法无法成功
VMware的官方网站给出的方法如下:SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Password
在第四步就出错了
[root@hop ~]# kubectl get virtualmachines
error: the server doesn’t have a resource type “virtualmachines”
也找不到类似TKGS-CLUSTER-NAME-ssh-password 的secret:
[root@hop ~]# kubectl get secrets -A
NAMESPACE NAME TYPE DATA AGE
default default-token-zb6bf kubernetes.io/service-account-token 3 63d
default harbor-registry-secret kubernetes.io/dockerconfigjson 1 39d
kube-node-lease default-token-9pmhk kubernetes.io/service-account-token 3 63d
kube-public default-token-m2k7l kubernetes.io/service-account-token 3 63d
kube-system antctl-token-n9b2p kubernetes.io/service-account-token 3 63d
kube-system antrea-agent-token-5d2f7 kubernetes.io/service-account-token 3 63d
kube-system antrea-controller-tls Opaque 3 63d
kube-system antrea-controller-token-cdnfr kubernetes.io/service-account-token 3 63d
kube-system antrea-resource-init-token-d5lt5 kubernetes.io/service-account-token 3 63d
kube-system attachdetach-controller-token-7g75r kubernetes.io/service-account-token 3 63d
kube-system bootstrap-signer-token-tbz2g kubernetes.io/service-account-token 3 63d
kube-system certificate-controller-token-czs5b kubernetes.io/service-account-token 3 63d
kube-system clusterrole-aggregation-controller-token-rprdg kubernetes.io/service-account-token 3 63d
kube-system coredns-token-wx2hx kubernetes.io/service-account-token 3 63d
kube-system cronjob-controller-token-8mbxg kubernetes.io/service-account-token 3 63d
kube-system daemon-set-controller-token-ccc7m kubernetes.io/service-account-token 3 63d
kube-system default-token-v7b6k kubernetes.io/service-account-token 3 63d
kube-system deployment-controller-token-8k6vr kubernetes.io/service-account-token 3 63d
kube-system disruption-controller-token-dz4s8 kubernetes.io/service-account-token 3 63d
kube-system endpoint-controller-token-ck8th kubernetes.io/service-account-token 3 63d
kube-system endpointslice-controller-token-kmx2n kubernetes.io/service-account-token 3 63d
kube-system endpointslicemirroring-controller-token-nwq6f kubernetes.io/service-account-token 3 63d
kube-system expand-controller-token-5xkkh kubernetes.io/service-account-token 3 63d
kube-system generic-garbage-collector-token-v59dr kubernetes.io/service-account-token 3 63d
kube-system horizontal-pod-autoscaler-token-d7mcv kubernetes.io/service-account-token 3 63d
kube-system job-controller-token-bnddb kubernetes.io/service-account-token 3 63d
kube-system kube-proxy-token-lshb9 kubernetes.io/service-account-token 3 63d
kube-system namespace-controller-token-xvxk4 kubernetes.io/service-account-token 3 63d
kube-system node-controller-token-mgdrv kubernetes.io/service-account-token 3 63d
kube-system persistent-volume-binder-token-ftpxg kubernetes.io/service-account-token 3 63d
kube-system pod-garbage-collector-token-qjzbs kubernetes.io/service-account-token 3 63d
kube-system pv-protection-controller-token-zjdd4 kubernetes.io/service-account-token 3 63d
kube-system pvc-protection-controller-token-h9hw8 kubernetes.io/service-account-token 3 63d
kube-system replicaset-controller-token-qfzm4 kubernetes.io/service-account-token 3 63d
kube-system replication-controller-token-hrm94 kubernetes.io/service-account-token 3 63d
kube-system resourcequota-controller-token-xczgs kubernetes.io/service-account-token 3 63d
kube-system root-ca-cert-publisher-token-tcgxp kubernetes.io/service-account-token 3 63d
kube-system service-account-controller-token-77pdk kubernetes.io/service-account-token 3 63d
kube-system service-controller-token-pqtpd kubernetes.io/service-account-token 3 63d
kube-system statefulset-controller-token-6b4fr kubernetes.io/service-account-token 3 63d
kube-system token-cleaner-token-f2cgp kubernetes.io/service-account-token 3 63d
kube-system ttl-controller-token-jnckx kubernetes.io/service-account-token 3 63d
tkg-ns-a default-token-vsm8d kubernetes.io/service-account-token 3 40d
tkg-ns-b default-token-6sgqb kubernetes.io/service-account-token 3 40d
vmware-system-auth default-token-2rpdj kubernetes.io/service-account-token 3 63d
vmware-system-auth guest-cluster-auth-svc-key Opaque 1 63d
vmware-system-cloud-provider cloud-provider-creds Opaque 3 63d
vmware-system-cloud-provider cloud-provider-svc-account-token-k8mkw kubernetes.io/service-account-token 3 63d
vmware-system-cloud-provider default-token-gc6vr kubernetes.io/service-account-token 3 63d
vmware-system-csi default-token-xwbw5 kubernetes.io/service-account-token 3 63d
vmware-system-csi pvcsi-provider-creds Opaque 3 63d
vmware-system-csi vsphere-csi-controller-token-m5t5v kubernetes.io/service-account-token 3 63d
vmware-system-csi vsphere-csi-node-token-tld8d kubernetes.io/service-account-token 3 63d
通过VSCA一步步登录TKG Cluster Nodes
登录VCSA并拿到SupervisorControlPlane的登录密码
使用的用户名和密码为:root/xxxx,为初始化VSCA时配置
[root@hop ~]# ssh root@192.168.110.22
VMware vCenter Server 7.0.2.00100
Type: vCenter Server with an embedded Platform Services Controller
root@192.168.110.22’s password:
Last login: Thu Jul 29 09:25:10 2021 from 192.168.110.29
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"
Command> shell
Shell access is granted to root
root@vcsa-01a [ ~ ]# /usr/lib/vmware-wcp/decryptK8Pwd.py
Read key from file
Connected to PSQL
Cluster: domain-c8:7deb72ef-2abb-4cef-91bc-dd3d8cbbc060
IP: 192.168.110.91
PWD: zA5jRbZPNtGp14pJyRFQ+6wBdK7LkYcMt4J5M9EHaH/OqJlsQm3dmXS9rv+dyQGQRh04eNud3xFxnSaR7ZTgoTonoIyQZgnJfAAkan21SUhaQdQ4KR3WL/i8W8EB2VX46CXj39jFHvawVKDO+9mTyrEhrrPP7R+x0pITJ+oX/x8=
上面得到的IP地址和PWD就是Supervisor Control Plane的登录地址和密码。
登录Supervisor Control Plane拿到TKG node的登录密码
root@vcsa-01a [ ~ ]# ssh root@192.168.110.91
FIPS mode initialized
The authenticity of host ‘192.168.110.91 (192.168.110.91)’ can’t be established.
ECDSA key fingerprint is SHA256:wUgkBtgfaeYhA5SpDswwwF9+EJEXkObnmHHD0WEFlHc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.110.91’ (ECDSA) to the list of known hosts.
Password:
09:38:41 up 48 days, 4:31, 0 users, load average: 15.81, 8.24, 6.19
36 Security notice(s)
Run ‘tdnf updateinfo info’ to see the details.
root@42326254b49605f5fca490fd3ad3229e [ ~ ]# kubectl -n ns-dev get secrets tkg-cluster-01-ssh-password -o jsonpath={.data.ssh-passwordkey} | base64 -d
9vUa7/M1n2lyD/Wx6i7w3lzaOS/dPTHuJcd8cTeyjKg=
使用的命令kubectl -n ns-dev get secrets tkg-cluster-01-ssh-password -o jsonpath={.data.ssh-passwordkey} | base64 -d,其中tkg-cluster-01是tkg cluster 的名字ns-dev是tkg所在的namaspace的名字(VC上配置的)
登录Tanzu Kubernetes Cluster Nodes
root@42326254b49605f5fca490fd3ad3229e [ ~ ]# ssh vmware-system-user@172.211.0.71
FIPS mode initialized
The authenticity of host ‘172.211.0.71 (172.211.0.71)’ can’t be established.
ECDSA key fingerprint is SHA256:L8AeCNyTHr7/r49tXrIDGnqZQ8gaZgctgjSKoOCUVag.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.211.0.71’ (ECDSA) to the list of known hosts.
Welcome to Photon 3.0 (\m) - Kernel \r (\l)
vmware-system-user@172.211.0.71’s password:
09:42:12 up 47 days, 22:49, 0 users, load average: 2.14, 3.18, 3.57
36 Security notice(s)
Run ‘tdnf updateinfo info’ to see the details.
vmware-system-user@tkg-cluster-01-control-plane-hjns6 [ ~ ]$
成功!
注意:
- 用户名为vmware-system-user
- Cluster中所有VM的登录密码一致
root@42326254b49605f5fca490fd3ad3229e [ ~ ]# ssh vmware-system-user@172.211.0.68
FIPS mode initialized
The authenticity of host ‘172.211.0.68 (172.211.0.68)’ can’t be established.
ECDSA key fingerprint is SHA256:2Y/Z8dIpczA4nbQouDIMU1wTRcjX5oTWn+BoyQDPnb4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.211.0.68’ (ECDSA) to the list of known hosts.
Welcome to Photon 3.0 (\m) - Kernel \r (\l)
vmware-system-user@172.211.0.68’s password:
09:43:36 up 48 days, 4:35, 0 users, load average: 0.01, 0.28, 0.35
36 Security notice(s)
Run ‘tdnf updateinfo info’ to see the details.
vmware-system-user@tkg-cluster-01-workers-vqv9h-dfb456585-mg2g7 [ ~ ]$
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
