SSH to Tanzu Kubernetes Cluster Nodes

In this blog post, I would like to talk about how you can can login to Tanzu Kubernetes Cluster Nodes running on Supervisor Cluster using SSH. I struggled little bit and hence, will make this easy for you.

First, lets talk a bit about Tanzu Kubernetes Cluster. Tanzu Kubernetes Cluster is also know as workload cluster where application workload will be deployed, There can be 1 or more clusters and there lifecycle is managed by Supervisor cluster. When you deploy Tanzu Kubernetes Cluster, there are set of master and worker nodes based on Photon OS.

Now, Lets talk about how to SSH into Tanzu Kubernetes Cluster Nodes:-
There are two ways:
1. SSH as system user using private key
2. SSH as system user using password

In this post, i will talk about first method in detail.


SSH as system user using private key

You can connect through SSH to any Tanzu Kubernetes cluster node as the vmware-system-user system user. The secret that contains the SSH private key is named <Your-Cluster-Name>-ssh. You can find the secret in supervisor cluster namespace where your Tanzu Kubernetes cluster is deployed.

Here is the command to find the secret:
a) Login to supervisor cluster

kubectl vsphere login --server=<supervisor control plane IP> --vsphere-username <your vsphere account> --insecure-skip-tls-verify

b) See the namespace context and switch using below command

kubectl config get-contexts
kubectl config use-context <namespace context where Tanzu Kubernetes Cluster is deployed>

c) After switching to the correct namespace, use below command to get the secrets

kubectl get secrets
(you will see the secret ending with -ssh, that’s the one we are interested in. Note the name of secret)

After getting the secret name, we need to deploy the vSphere Pod in same namespace and that will help us to take ssh connection to Tanzu Kubernetes Cluster nodes. Since vSphere Pod will be creating using yaml file, here is the one you can use to create:

https://gist.github.com/dineshtripathi30/c66021e868312c42ac33c3c76d91791c

d) Deploy the jumpbox pod using below command. Remember, vSphere pod will run on vSphere namespace and not on Tanzu kubernetes cluster namespace.

kubectl apply -f jumpbox.yaml

e) Validate the pod status and ensure it is running, Validate using below command.

kubectl get pods
NAME      READY   STATUS    RESTARTS   AGE 
jumpbox 1/1 Running 0 1m

f) Now, Get the Tanzu Kubernetes Cluster Node IP Address by running below command and note down the IP Address of any node where you want to login

kubectl get nodes -o wide

g) Run below command to ssh to node

kubectl exec -it jumpbox  /usr/bin/ssh vmware-system-user@$<Replace the IP address you noted in previous step>

Now, you are inside a node. you can also run commands using sudo. Once done, you can delete the jumpbox pod and recreate later when needed.

That’s all for this post. I Will talk about second option in later blog post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s