diff --git a/pentesting/pentesting-kubernetes/README.md b/pentesting/pentesting-kubernetes/README.md index 030b8279..ea5219e0 100644 --- a/pentesting/pentesting-kubernetes/README.md +++ b/pentesting/pentesting-kubernetes/README.md @@ -48,7 +48,7 @@ When a pod creates data that shouldn't be lost when the pod disappear it should * **ConfigMap**: You can configure **URLs** to access services. The pod will obtain data from here to learn how to communicate with the rest of the services \(pods\). Not that this is not the recommended place to save credentials! * **Secret**: This is the place to **store secret data** like passwords, API keys... encoded in B64. The pod will be able to access this data to use the required credentials. -* **Deployments**: This is where the components to be run by kubernetes are declared. A user usually won't work directly with pods, but will declare the architecture of them here. Note that deployments are for **stateless** applications. +* **Deployments**: This is where the components to be run by kubernetes are indicated. A user usually won't work directly with pods, pods are abstracted in **ReplicaSets** \(number of same pods replicated\), which are run via deployments. Note that deployments are for **stateless** applications. The minimum configuration for a deployment is the name and the image to run. * **StatefulSet**: This component is meant specifically for applications like **databases** which needs to **access the same storage**. ### How pods communicate with each other. @@ -109,6 +109,27 @@ $ minikube delete ```bash kubectl version #Get client and server version +kubectl get pod +kubectl get services +kubectl get deployment +kubectl get replicaset + +#kubectl create deployment --image= +kubectl create deployment nginx-deployment --image=nginx +#Access the configuration of the deployment and modify it +#kubectl edit deployment +kubectl edit deployment nginx-deployment +#Get the logs of the pod for debbugging (the output of the docker container running) +#kubectl logs +kubectl logs nginx-deployment-84cd76b964 +#kubectl describe pod +kubectl describe pod mongo-depl-5fd6b7d4b4-kkt9q +#kubectl exec -it -- bash +kubectl exec -it mongo-depl-5fd6b7d4b4-kkt9q -- bash +#kubectl delete deployment +kubectl delete deployment mongo-depl +#Deploy from config file +kubectl apply -f deployment.yml ``` ## PART 2 - VULNERABILITIES and some fixes.