k8s-backdoor-daemonset script fails

[greenhandatsjtu]

请详细描述你遇到的问题 (Please describe the issue in detail)

Note: 提交issue前，请检查你所使用的CDK是否是最新版，有些BUG我们新版本已经修复啦。
Before submitting an issue, please check whether the CDK you are using is the latest version, otherwise there may be some bugs that have been fixed in latest version.

Hi here, I failed to execute k8s-backdoor-daemonset script with the following output:

/ # ./cdk run k8s-backdoor-daemonset default ubuntu
2021/04/05 07:06:51 getting K8s api-server API addr.
        Find K8s api-server in ENV: https://10.233.0.1:443
2021/04/05 07:06:51 trying to deploy daemonset with image:kube-proxy to k8s-app:ubuntu
2021/04/05 07:06:51 api-server response:
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"the server could not find the requested resource","reason":"NotFound","details":{},"code":404}

Here's my k8s version:

root@node1:/home/ubuntu# kubectl version --short
Client Version: v1.20.5
Server Version: v1.20.5

I noticed that my daemonsets resource is in apps/v1 API version, while CDK sends request to extensions/v1beta1:

root@node1:/home/ubuntu# kubectl api-resources | grep daemonsets
daemonsets                        ds           apps/v1                                true         DaemonSet

CDK/pkg/exploit/k8s_backdoor_daemonset.go

Line 15 in ec5d7e6

var k8sDaemonsetApi = "/apis/extensions/v1beta1/namespaces/kube-system/daemonsets"

And according to this Kubernetes Blog, from v1.16 on, DaemonSet in the extensions/v1beta1 and apps/v1beta2 API versions is no longer served. Migrate to use the apps/v1 API version, available since v1.9.

I guess that's why I failed to execute k8s-backdoor-daemonset script. My solution to this problem is checking version of the sever first (this could be done by sending request to /version, example is below), and then choosing the correct API version based on the server version.

/ # curl -k https://10.233.0.1:443/version
{
  "major": "1",
  "minor": "20",
  "gitVersion": "v1.20.5",
  "gitCommit": "6b1d87acf3c8253c123756b9e61dac642678305f",
  "gitTreeState": "clean",
  "buildDate": "2021-03-18T01:02:01Z",
  "goVersion": "go1.15.8",
  "compiler": "gc",
  "platform": "linux/amd64"
}

By the way, CDK is a fantastic toolkit, thank you!

附加信息(Additional Information)

1、您执行 cdk evaluate --full 的返回结果是？(Full output of your execution of cdk evaluate --full)

$ ./cdk evaluate --full

[Information Gathering - System Info]
2021/04/05 07:13:16 current dir: /
2021/04/05 07:13:16 current user: root uid: 0 gid: 0 home: /root
2021/04/05 07:13:16 alpine alpine 3.13.4 kernel: 5.4.0-70-generic

[Information Gathering - Services]
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_SERVICE_PORT=443
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_PORT=tcp://10.233.0.1:443
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_PORT_443_TCP_ADDR=10.233.0.1
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_PORT_443_TCP_PORT=443
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_PORT_443_TCP_PROTO=tcp
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_PORT_443_TCP=tcp://10.233.0.1:443
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_SERVICE_PORT_HTTPS=443
2021/04/05 07:13:16 sensitive env found:
        KUBERNETES_SERVICE_HOST=10.233.0.1

[Information Gathering - Commands and Capabilities]
2021/04/05 07:13:16 available commands:
        curl,wget,nc,find,ps,vi,mount,fdisk
2021/04/05 07:13:16 Capabilities:
        CapEff: 00000000a80425fb


[Information Gathering - Mounts]

[Information Gathering - Net Namespace]
        container net namespace isolated.

[Information Gathering - Sysctl Variables]
2021/04/05 07:13:16 net.ipv4.conf.all.route_localnet = 1

2021/04/05 07:13:16 You may be able to access the localhost service of the current container node or other nodes.
2021/04/05 07:13:16 CVE-2020-8558: The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue
which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Node setting allows for neighboring hosts to bypass localhost boundary.

[Discovery - K8s API Server]
2021/04/05 07:13:16 checking if api-server allows system:anonymous request.
        api-server forbids anonymous request.
        response:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/\"","reason":"Forbidden","details":{},"code":403}


[Discovery - K8s Service Account]
        service-account is available
2021/04/05 07:13:16 trying to list namespaces
        success, the service-account have a high authority.
        now you can make your own request to takeover the entire k8s cluster with `./cdk kcurl` command
        good luck and have fun.

[Discovery - Cloud Provider Metadata API]
2021/04/05 07:13:17 failed to dial Alibaba Cloud API.
2021/04/05 07:13:18 failed to dial Azure API.
2021/04/05 07:13:18 failed to dial Google Cloud API.
2021/04/05 07:13:18 failed to dial Tencent Cloud API.

[Information Gathering - Sensitive Files]
        .dockerenv - /.dockerenv
        /serviceaccount - /run/secrets/kubernetes.io/serviceaccount

2、请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。(Please post the full error message, which can be command line output, software error message, screenshots, etc.)

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！Attention, please post the full error message, don't paste the last line of the error only!

Here's the screenshot of the error message: