How to proxy Kubernetes services via the kube-api server by example | by Philippe Bogaerts | Medium

How to proxy Kubernetes services via the kube-api server by example
Philippe Bogaerts
·Follow
4 min read·
Jul 6, 2020
--
Kubernetes services are accessible via the kube-api proxy when correctly authenticated (via the control-plane)
Ever wondered what these URLs are? Well read on.
$ kubectl cluster-info
Kubernetes master is running at https://10.11.2.247:6443
KubeDNS is running at https://10.11.2.247:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy1. Create a SA (service account)$ kubectl create sa demo
2. Create a clusterrolebinding
$ kubectl create clusterrolebinding sa-demo — clusterrole=cluster-admin — serviceaccount=default:demo
3. Get the SA token
$ kubectl describe sa demo
Name: demo
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: demo-token-4nznm
Tokens: demo-token-4nznm
Events: <none>
4. Dump the token
$ kubectl describe secret demo-token-4nznm
Name: demo-token-4nznm
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: demo
 kubernetes.io/service-account.uid: 75b79864–3ead-4e9a-8213-ac0f4384b9c2Type…
--
--
Written by Philippe Bogaerts217 Followers
·328 Following
#BruCON co-founder, #OWASP supporter, Application Delivery and Web Application Security, #Kubernetes and #container, #pentesting enthousiast, BBQ & cocktails !!
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams