Tanzu Kubernetes集群节点SSH登录

有时候需要SSH登录Tanzu Kubernetes集群节点进行排错的日常运维。

环境介绍：

NameSpace: tkc-cluster

Tanzu Kubernetes Cluster: tkc-guest-cluster

准备工作  

创建名为 NAMESPACE 的环境变量，其值为 主管命名空间的名称。

　　export NAMESPACE=tkc-cluster

将上下文切换到置备了 主管命名空间集群的 Tanzu Kubernetes。

　　kubectl config use-context $NAMESPACE

运行以下 kubectl 命令以查看 YOUR-CLUSTER-NAME-ssh 密钥对象。

$ kubectl get secrets
NAME                                    TYPE                                  DATA   AGE
default-token-qc2f8                     kubernetes.io/service-account-token   3      10d
tkc-cluster-default-image-pull-secret   kubernetes.io/dockerconfigjson        1      9d
tkc-cluster-default-image-push-secret   kubernetes.io/dockerconfigjson        1      9d
tkc-guest-cluster-ca                    Opaque                                2      8d
tkc-guest-cluster-ccm-token-kjw8d       kubernetes.io/service-account-token   3      8d
tkc-guest-cluster-encryption            Opaque                                1      8d
tkc-guest-cluster-etcd                  Opaque                                2      8d
tkc-guest-cluster-kubeconfig            Opaque                                1      8d
tkc-guest-cluster-proxy                 Opaque                                2      8d
tkc-guest-cluster-pvcsi-token-mcd5g     kubernetes.io/service-account-token   3      8d
tkc-guest-cluster-sa                    Opaque                                2      8d
tkc-guest-cluster-ssh                   kubernetes.io/ssh-auth                1      8d
tkc-guest-cluster-ssh-password          Opaque                                1      8d

编写jumpbox.yaml

apiVersion: v1
kind: Pod
metadata:
  name: jumpbox
  namespace: tkc-cluster                     #REPLACE YOUR-NAMESPACE
spec:
  containers:
  - image: "photon:3.0"
    name: jumpbox
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "yum install -y openssh-server openssh-clients; mkdir /root/.ssh; cp /root/ssh/ssh-privatekey /root/.ssh/id_rsa; chmod 600 /root/.ssh/id_rsa; while true; do sleep 30; done;" ]
    volumeMounts:
      - mountPath: "/root/ssh"
        name: ssh-key
        readOnly: true
  volumes:
    - name: ssh-key
      secret:
        secretName: tkc-guest-cluster-ssh        #REPLACE YOUR-CLUSTER-NAME

获取节点IP

$ kubectl get virtualmachine
NAME                                               AGE
tkc-guest-cluster-control-plane-6cfsf              8d
tkc-guest-cluster-control-plane-drlqp              8d
tkc-guest-cluster-control-plane-wmn2s              8d
tkc-guest-cluster-workers-8k9c8-5576b69b67-rcsvd   29h
tkc-guest-cluster-workers-8k9c8-5576b69b67-s7hch   8d
tkc-guest-cluster-workers-8k9c8-5576b69b67-sb6ss   29h
tkc-guest-cluster-workers-8k9c8-5576b69b67-tnxn2   8d
tkc-guest-cluster-workers-8k9c8-5576b69b67-vxgt9   8d

$ VMNAME=tkc-guest-cluster-control-plane-wmn2s

$ export VMIP=$(kubectl -n $NAMESPACE get virtualmachine/$VMNAME -o jsonpath='{.status.vmIp}')

执行SSH

$ kubectl apply -f jumpbox.yaml 
... (因为需要安装一些依赖工具，因此Pod Ready可能需要花费几分钟时间)
$ kubectl exec -it jumpbox  /usr/bin/ssh vmware-system-user@$VMIP
... 恭喜SSH登录成功