Tanzu Kubernetes集群節點SSH登錄

有時候需要SSH登錄Tanzu Kubernetes集群節點進行排錯的日常運維。

 

環境介紹：

NameSpace: tkc-cluster

Tanzu Kubernetes Cluster: tkc-guest-cluster

 

准備工作  

創建名為 NAMESPACE 的環境變量，其值為 主管命名空間的名稱。

　　export NAMESPACE=tkc-cluster

將上下文切換到置備了 主管命名空間集群的 Tanzu Kubernetes。

　　kubectl config use-context $NAMESPACE

運行以下 kubectl 命令以查看 YOUR-CLUSTER-NAME-ssh 密鑰對象。

$ kubectl get secrets
NAME                                    TYPE                                  DATA   AGE
default-token-qc2f8                     kubernetes.io/service-account-token   3      10d
tkc-cluster-default-image-pull-secret   kubernetes.io/dockerconfigjson        1      9d
tkc-cluster-default-image-push-secret   kubernetes.io/dockerconfigjson        1      9d
tkc-guest-cluster-ca                    Opaque                                2      8d
tkc-guest-cluster-ccm-token-kjw8d       kubernetes.io/service-account-token   3      8d
tkc-guest-cluster-encryption            Opaque                                1      8d
tkc-guest-cluster-etcd                  Opaque                                2      8d
tkc-guest-cluster-kubeconfig            Opaque                                1      8d
tkc-guest-cluster-proxy                 Opaque                                2      8d
tkc-guest-cluster-pvcsi-token-mcd5g     kubernetes.io/service-account-token   3      8d
tkc-guest-cluster-sa                    Opaque                                2      8d
tkc-guest-cluster-ssh                   kubernetes.io/ssh-auth                1      8d
tkc-guest-cluster-ssh-password          Opaque                                1      8d

 

編寫jumpbox.yaml

apiVersion: v1
kind: Pod
metadata:
  name: jumpbox
  namespace: tkc-cluster                     #REPLACE YOUR-NAMESPACE
spec:
  containers:
  - image: "photon:3.0"
    name: jumpbox
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "yum install -y openssh-server openssh-clients; mkdir /root/.ssh; cp /root/ssh/ssh-privatekey /root/.ssh/id_rsa; chmod 600 /root/.ssh/id_rsa; while true; do sleep 30; done;" ]
    volumeMounts:
      - mountPath: "/root/ssh"
        name: ssh-key
        readOnly: true
  volumes:
    - name: ssh-key
      secret:
        secretName: tkc-guest-cluster-ssh        #REPLACE YOUR-CLUSTER-NAME

 

獲取節點IP

$ kubectl get virtualmachine
NAME                                               AGE
tkc-guest-cluster-control-plane-6cfsf              8d
tkc-guest-cluster-control-plane-drlqp              8d
tkc-guest-cluster-control-plane-wmn2s 8d tkc-guest-cluster-workers-8k9c8-5576b69b67-rcsvd   29h
tkc-guest-cluster-workers-8k9c8-5576b69b67-s7hch   8d
tkc-guest-cluster-workers-8k9c8-5576b69b67-sb6ss   29h
tkc-guest-cluster-workers-8k9c8-5576b69b67-tnxn2   8d
tkc-guest-cluster-workers-8k9c8-5576b69b67-vxgt9   8d

$ VMNAME=tkc-guest-cluster-control-plane-wmn2s

$ export VMIP=$(kubectl -n $NAMESPACE get virtualmachine/$VMNAME -o jsonpath='{.status.vmIp}')

 

執行SSH

$ kubectl apply -f jumpbox.yaml 
... (因為需要安裝一些依賴工具，因此Pod Ready可能需要花費幾分鍾時間)
$ kubectl exec -it jumpbox  /usr/bin/ssh vmware-system-user@$VMIP
... 恭喜SSH登錄成功