How to enable password based ssh into nodes using KubeadmControlPlane and ytt overlays
search cancel

How to enable password based ssh into nodes using KubeadmControlPlane and ytt overlays

book

Article ID: 319320

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid

Issue/Introduction

Note: This article is for informational purposes and could be helpful during the troubleshooting process. This is not a recommended configuration for Tanzu Kubernetes Grid production clusters.

There may be a scenario during your TKG cluster creation when the control plane vms are not getting an IP address. From the vSphere web console, you can see the error but there is no way to ssh as there is no IP assigned to the VM and by default as TKG enables only key-based ssh login.

Environment

VMware Tanzu Kubernetes Grid 1.x

Resolution

To troubleshoot these sorts of scenarios you can add a user to the operating system using overlay files. This user can be used to log in to the VM via console.

This approach leverages the KubeadmControlPlane CRD spec and ytt overlays to add user and password. For additional modification refer to the linked spec. In this scenario, we have used the following parameters

  • name: Name of the user
  • lockPassword:  LockPassword specifies if password login should be disabled
  • passwd: Passwd specifies a hashed password for the user
  • sudo: sudo specifies a sudo role for the user
To generate a password you can use the command below. In the example overlay yaml, the password is changeme 
 

openssl passwd -6 -salt xyz changeme
$6$xyz$9vc9yeDgngEirzYEeLZqCay8YLhc7JHmd1t2UYrjdm7dD0M6raCXz.xtEXBL4.aaRf26S/aKagS36D1iH7E79

Write the overlay yaml add_user.yaml at the path below

cat << EOF >> ~/.tkg/providers/infrastructure-vsphere/ytt/add_user.yaml
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind":"KubeadmControlPlane"})
---
spec:
  kubeadmConfigSpec:
    users:
    #@overlay/match by=overlay.index(1)
    #@overlay/append
    - name: oom
      lockPassword: false
      passwd: '\$6\$xyz\$9vc9yeDgngEirzYEeLZqCay8YLhc7JHmd1t2UYrjdm7dD0M6raCXz.xtEXBL4.aaRf26S/aKagS36D1iH7E79.'
      sudo: ALL=(ALL) NOPASSWD:ALL
EOF

After the addition of this overlay any clusters that you create, its control plane will have a user oom with password changeme pre-configured.

Once the troubleshooting is completed please remove the overlay file

rm ~/.tkg/providers/infrastructure-vsphere/ytt/add_user.yaml


Powered by Wolken Software