WilliamLam.com

How to SSH to Tanzu Kubernetes Grid (TKG) Cluster in vSphere with Tanzu?

by // 6 Comments

For troubleshooting your vSphere with Tanzu environment, you may have a need to SSH to the Control Plane of your Tanzu Kubernetes Grid (TKG) Cluster. This was something I had to do to verify some basic network connectivity. At a high level, we need to login to our Supervisor Cluster and retrieve the SSH secret to our TKG Cluster and since this question recently came up, below are the instructions.


UPDATE (10/10/20) - It looks like it is also possible to retrieve the TKG Cluster credentials without needing SSH directly to the Supervisor Control Plane VM, see Option 1 for the alternate solution.

Option 1:

Step 1 - Login to the Supervisor Control Plane using the following command:

kubectl vsphere login --server=172.17.31.129 -u *protected email* --insecure-skip-tls-verify

Step 2 - Next, we need to retrieve the SSH password secret for our TKG Cluster and perform a base64 decode to retrieve the plain text value. You will need two pieces of information and then substitute that into the command below

  • The name of your vSphere Namespace which was created in your vSphere with Tanzu environment, in my example it is called primp-industries
  • The name of your TKG Cluster, in my example it is called william-tkc-01 and the secret name will be [tkg-cluster-name]-ssh-password as shown in the example below

kubectl -n primp-industries get secrets william-tkc-01-ssh-password -o jsonpath={.data.ssh-passwordkey} | base64 -d

Step 3 - Finally, you can now SSH to TKG Cluster from a system which has network connectivity, this can be from the Supervisor Cluster Control Plane VM or another system. The SSH username for the TKG Cluster is vmware-system-user and use the credentials that was provided from the previous screen.

Option 2:

Step 1 - SSH to the VCSA and then run the following script to retrieve the Supervisor Cluster Control Plane VM credentials:

/usr/lib/vmware-wcp/decryptK8Pwd.py

Step 2 - SSH to the IP Address using root username and the password provided from the previous command

Step 3- Next, we need to retrieve the SSH password secret for our TKG Cluster and perform a base64 decode to retrieve the plain text value. You will need two pieces of information and then substitute that into the command below

  • The name of your vSphere Namespace which was created in your vSphere with Tanzu environment, in my example it is called primp-industries
  • The name of your TKG Cluster, in my example it is called william-tkc-01 and the secret name will be [tkg-cluster-name]-ssh-password as shown in the example below

kubectl -n primp-industries get secrets william-tkc-01-ssh-password -o jsonpath={.data.ssh-passwordkey} | base64 -d

Step 4 - Finally, you can now SSH to TKG Cluster from a system which has network connectivity, this can be from the Supervisor Cluster Control Plane VM or another system. The SSH username for the TKG Cluster is vmware-system-user and use the credentials that was provided from the previous screen.

Tanzu Kubernetes Grid (TKG) Demo Appliance 1.1.3

by // 1 Comment

It has been awhile since I have updated my Tanzu Kubernetes Grid (TKG) Demo Appliance Fling, which is a virtual appliance that enables anyone to go from zero to Kubernetes in less than 30 minutes with just an SSH client and a web browser. For VMware Cloud on AWS customers interested in running TKG, this is a great way to quickly get started on a proof of concept, demo or for development and testing purposes. One great benefit is that everything required for TKG is self contained within the appliance including an embedded Harbor registry and the respective TKG container images, great for air-gapped or non-internet accessible environments.

Here is a summary of what is new:

Support for latest TKG 1.1.3

There have been several of smaller releases to TKG since their 1.0.0 release but due to their short lifecycle, I decided to hold off. Behind the scenes, I have actually been working closely with TKG team on the latest TKG 1.1.3 release which was just release last week. One really cool feature that was introduced in TKG 1.1.2 is the ability to upgrade an existing TKG Workload Cluster to a newer version of Kubernetes.

With TKG 1.1.3, support for Kubernetes v1.18.6 and v1.17.9 is now possible and the latest version of the demo appliance will also support this workflow. In fact, I have also updated my TKG Workshop Guide to include all new updates including the upgrade workflow. To reduce the maintenance burden on myself, the TKG Demo Appliance 1.0.0 will be removed in the near future, for now it has been deprecated but all existing content is still available. I highly recommend checking out the latest version as you will get all the latest features of TKG.

[Read more...]

Is vSphere with Kubernetes available for evaluation? 

by // 1 Comment

Yes. Given the frequency that this question has come up, I thought it would be useful to share some more details on how you can start playing with the new vSphere with Kubernetes (K8s) capability which was introduced as part of the vSphere 7.0 release. vSphere w/K8s requires NSX-T and although vSphere (ESXi and vCenter Server Appliance) has supported a 60 day evaluation period, NSX-T historically did not support any self-service evaluation. In addition, there were also some confusion in how vSphere w/K8s was bundled today from a packaging standpoint which is offered as part of the VMware Cloud Foundation (VCF) 4.0 SKU.

Putting aside the pricing and packaging aspects, customers can indeed evaluate vSphere w/K8s using one of the following two options below:

Option 1: 60 Day Eval

Sign up for the vSphere 7.0 (ESXi & VCSA) evaluation (https://my.vmware.com/en/web/vmware/evalcenter?p=vsphere-eval-7) and NSX-T 3.0 evaluation (https://my.vmware.com/web/vmware/evalcenter?p=nsx-t-eval). After signing up you will receive evaluation keys that can be used when setting up vSphere w/K8s. If you want to quickly go from 0 to Kubernetes, be sure to check out my vSphere with K8s Automation Lab Deployment which can give you a running environment in under 30min!

Option 2: 365 Day Eval

Sign up for VMUG Advantage which includes VMUGEval that provides licenses for vSphere 7.0, NSX-T 3.0, VCF 4.0 and many other VMware products for an entire year for non-production usage. After signing up you will receive license keys that will be valid for 1 year which can then be used when setting up vSphere w/K8s. With VMUG Advantage, you can consume vSphere w/K8s the "manual" method, using my vSphere with K8s Automation Lab Deployment or using SDDC Manager which is part of VCF 4.0 to automatically deployed the required SDDC infrastructure so that can then enable vSphere w/K8s.

Here is a screenshot of my vSphere w/K8s environment which was deployed using my Sphere with K8s Automation Lab Deployment script and using the evaluation keys which I had just signed up!

Option 3: Infinite Day Eval

VMware Hands-on-Lab is another great option which is completely free and you only need a web browser! You can check out HOL-2113-01-SDC for more details.