GitBook: [master] one page modified
This commit is contained in:
parent
2c77993d8b
commit
9a4e816308
@ -25,6 +25,49 @@ The following ports might be open in a Kubernetes cluster:
|
||||
| 9099/TCP | calico-felix | Health check server for Calico |
|
||||
| 6782-4/TCP | weave | Metrics and endpoints |
|
||||
|
||||
#### cAdvisor
|
||||
|
||||
```text
|
||||
curl -k https://<IP Address>:4194
|
||||
```
|
||||
|
||||
#### Insecure API server
|
||||
|
||||
```text
|
||||
curl -k https://<IP Address>:8080
|
||||
```
|
||||
|
||||
#### Secure API Server
|
||||
|
||||
```text
|
||||
curl -k https://<IP Address>:(8|6)443/swaggerapi
|
||||
curl -k https://<IP Address>:(8|6)443/healthz
|
||||
curl -k https://<IP Address>:(8|6)443/api/v1
|
||||
```
|
||||
|
||||
#### etcd API
|
||||
|
||||
```text
|
||||
curl -k https://<IP address>:2379
|
||||
curl -k https://<IP address>:2379/version
|
||||
etcdctl --endpoints=http://<MASTER-IP>:2379 get / --prefix --keys-only
|
||||
```
|
||||
|
||||
#### Kubelet API
|
||||
|
||||
```text
|
||||
curl -k https://<IP address>:10250
|
||||
curl -k https://<IP address>:10250/metrics
|
||||
curl -k https://<IP address>:10250/pods
|
||||
```
|
||||
|
||||
#### kubelet \(Read only\)
|
||||
|
||||
```text
|
||||
curl -k https://<IP Address>:10255
|
||||
http://<external-IP>:10255/pods
|
||||
```
|
||||
|
||||
### Remote Cluster Misconfigurations
|
||||
|
||||
By **default**, API endpoints are **forbidden** to **anonymous** access. But it’s always a good idea to check if there are any **insecure endpoints that expose sensitive information**:
|
||||
|
Loading…
Reference in New Issue
Block a user