coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] one page modified

Browse Source
This commit is contained in:
CPol 2021-04-24 16:00:22 +00:00 committed by gitbook-bot
parent f8b6abb826
commit 4e9a9ee47c
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pentesting/pentesting-kubernetes/README.md
View File

@ -36,7 +36,6 @@ Security tips for Kubernetes
* **Scheduler**: Scheduling refers to making sure that Pods are matched to Nodes so that Kubelet can run them. It has enough intelligence to decide which node has more available resources the assign the new pod to it. Note that the scheduler doesn't start new pods, it just communicate with the Kubelet process running inside the node, which will launch the new pod.
* **Kube Controller manager**: It checks resources like replica sets or deployments to check if, for example, the correct number of pods or nodes are running. In case a pod is missing, it will communicate with the scheduler to start a new one. It controls replication, tokens, and account services to the API.
* **etcd**: Data storage, persistent, consistent, and distributed. Is Kubernetess database and the key-value storage where it keeps the complete state of the clusters \(each change is logged here\). Components like the Scheduler or the Controller manager depends on this date to know which changes have occurred \(available resourced of the nodes, number of pods running...\)
* **Kubectl**: Kubernetess **CLI**, allows you to manage and deploy containers. You can inspect the clusters resources. Communications with API server
* **Cloud controller manager**: Is the specific controller for flow controls and applications, i.e: if you have clusters in AWS or OpenStack.
Note that as the might be several nodes \(running several pods\), there might also be several master processes which their access to the Api server load balanced and their etcd synchronized.
@ -69,6 +68,14 @@ When a pod creates data that shouldn't be lost when the pod disappear it should
* kubelet cert.
* scheduler cert.
### Minikube
Minikube can be used to perform some **quick tests** on kubernetes without needing to deploy a whole kubernetes environment. It will run the **master and node processes in one machine**. Minikube will use virtualbox to run the node.
### Kubectl Basics
**`Kubectl`** is the command line tool fro kubernetes clusters. It communicates with the Api serserver of the master process to perform actions in kubernetes or to ask for data.
## PART 2 - VULNERABILITIES and some fixes.
### Vulnerabilities - kubernetes secrets