# Kubernetes

<figure><img src="/files/oWMUWGowpaYvyW2xMbwj" alt=""><figcaption></figcaption></figure>

[Kubernetes](https://kubernetes.io/docs/concepts/overview/), also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.

It groups containers that make up an application into logical units for easy management and discovery.

***

### Kubectl

```bash
# Find out the subject for the current context of kubeconfig
kubectl whoami

# Check whether an action is allowed.
kubectl auth can-i <action>

# List all actions that are allowed
kubectl auth can-i --list

# Get pods
kubectl get pods

# Get specific pot
kubectl get pod <name> -o yaml
```

### Secrets

```bash
# Get secrets
kubectl get secrets

# Get secret
kubectl get secret <secret> -o yaml
```

### Crane

[Crane ](https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md)is a tool for managing container images.

```bash
# Auth to registry
crane auth login index.docker.io -u eksclustergames -p dckr_pat_YtncV-R85mG7m41lr45iYQj8FuCo

# Pull image
crane pull eksclustergames/base_ext_image /tmp/image.tar
```

### Inspect ECR ([Amazon Elastic Container Registry](https://aws.amazon.com/ecr/)) artifacts

```bash
# Get security credentials using link-local address
curl http://169.254.169.254/latest/meta-data/iam/security-credentials

# Store security creds in variable
TOKEN=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/eks-challenge-cluster-nodegroup-NodeInstanceRole)

# Store AWS_ACCESS_KEY_Id in env from TOKEN
export AWS_ACCESS_KEY_ID=$(echo $TOKEN | jq -r '.AccessKeyId')

# Store AWS_SECRET_ACCESS_KEY in env from TOKEN
export AWS_SECRET_ACCESS_KEY=$(echo $TOKEN | jq -r '.SecretAccessKey'

# Store AWS_SESSION_TOKEN in env from TOKEN
export AWS_SESSION_TOKEN=$(echo $TOKEN | jq -r '.SessionToken')

# Get AWS login password using env variables
aws ecr get-login-password

# Store pass in variable
PASSWORD=$(aws ecr get-login-password)

# Use crane to login
crane auth login 688625246681.dkr.ecr.us-west-1.amazonaws.com -u AWS -p $PASSWORD

# Get config and pipe to JSON
crane config 688625246681.dkr.ecr.us-west-1.amazonaws.com/central_repo-aaf4a7c@sha256:7486d05d33ecc1c6a1c796d59f63a336cfa8f54a3cbc5abf162f533508dd8b01 | jq
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.incendium.rocks/pentesting-notes/cloud/kubernetes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.