Retrieve Admin Credential of Embedded Harbor Registry on Supervisor Cluster - vSphere with Tanzu

Below are few steps to retrieve username and credential of embedded harbor registry on supervisor cluster - vSphere with Tanzu

Step-1: Login to vCenter via SSH. Execute decryptK8Pwd.py script under /usr/lib/vmware-wcp/ directory. This will help us to obtain supervisor control VM VIP and login credential

Connected to service
    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell

Shell access is granted to root

[ ~ ]# cd /usr/lib/vmware-wcp/
[ /usr/lib/vmware-wcp ]# ./decryptK8Pwd.py
Read key from file
Connected to PSQL

Cluster: domain-cxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx

IP: 10.10.10.2

PWD: sadfjhsdifudnnxjzxcnAIJDIDJFKASD-=+ASDJASDNksdjfhkcbbcdcbk

------------------------------------------------------------

Step-2: Login to supervisor control VM with above obtained VIP and password

[ /usr/lib/vmware-wcp ]# ssh 10.10.10.2

Password:

Step-3: Retrieve the namespace, associated pods and secrets related to Harbor registry

Retrieve the namespace:

[ ~ ]# kubectl get namespace | grep -i registry 

vmware-system-registry                      Active   100d

vmware-system-registry-xxxxxxxx             Active   100d

Step-4: Retrieve the secret and associated properties related to harbor registry

Retrieve the secrets:

[ ~ ]# kubectl get secrets -n vmware-system-registry-xxxxxxxx

NAME                                  TYPE                                 DATA   AGE

default-token-ghcbt                   kubernetes.io/service-account-token  3      100d

harbor-xxxxxxxx-controller-registry   Opaque                                3      100d

harbor-xxxxxxxx-harbor-core           Opaque                                6      100d

harbor-xxxxxxxx-harbor-database       Opaque                                1      100d

harbor-xxxxxxxx-harbor-jobservice     Opaque                                1      100d

harbor-xxxxxxxx-harbor-registry       Opaque                                2      100d

harbor-xxxxxxxx-ssl                   Opaque                                3      100d

sh.helm.release.v1.harbor-xxxxxxxx.v1 helm.sh/release.v1                    1      100d

Check the secret and its properties:

[ ~ ]# kubectl describe secrets harbor-xxxxxxxx-controller-registry -n vmware-system-registry-xxxxxxxx

Name:         harbor-xxxxxxxx-controller-registry

Namespace:    vmware-system-registry-xxxxxxxx

Labels:       <none>

Annotations:  <none>

Type:  Opaque

Data

====

harborAdminPassword:     24 bytes

harborAdminUsername:     8 bytes

harborPostgresPassword:  24 bytes

Step-5: Retrieve the username by using the properties (harborAdminUsername) obtained from above secret. String values are base64 encoded, thus we need to decode this as well.

[ ~ ]# kubectl get secrets harbor-xxxxxxxx-controller-registry -nvmware-system-registry-xxxxxxxx --template={{.data.harborAdminUsername}} | base64 -d | base64 -d

admin

Step-6: Retrieve the password by using the properties (harborAdminPassword) obtained from above secret. String values are base64 encoded, thus we need to decode this as well.

[ ~ ]# kubectl get secrets harbor-xxxxxxxx-controller-registry -nvmware-system-registry-xxxxxxxx --template={{.data.harborAdminPassword}} | base64 -d | base64 -d

da7SMxx&v#ZZR@w2tPP

Step-7: Check login using username and password obtained from Step-5 and Step-6

voilà :-)