Created
January 6, 2022 01:23
-
-
Save marjamis/30d59445edc0efbb6ef0489ea73c3c74 to your computer and use it in GitHub Desktop.
Curled EKS endpoint with a Bearer Token and the appropriate public certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export CLUSTER="test" | |
| PAYLOAD=$(aws eks describe-cluster --name $CLUSTER --query 'cluster.{CA: certificateAuthority.data,Endpoint: endpoint}') | |
| echo $PAYLOAD | jq -rc .CA | base64 -D > /tmp/public_cert | |
| ENDPOINT=$(echo $PAYLOAD | jq -rc .Endpoint) | |
| curl -v --cacert /tmp/public_cert -H "Authorization: Bearer "$(aws eks get-token --cluster-name $CLUSTER | jq -rc .status.token) $ENDPOINT/api/v1/namespaces/default/pods/ | |
| ## Additional curl options | |
| curl -X GET --cacert /var/lib/kubelet/pods/<podId>/volumes/kubernetes.io~secret/<kube-proxy token secret>/ca.crt -H "Authorization: Bearer $(cat token)" https://<endpoint IP>:443/api/v1/endpoints | |
| kubectl -n kube-system create serviceaccount kube-dns | |
| kubectl -n kube-system describe sa kube-dns | |
| TOKEN="$(kubectl -n kube-system get secret <kube-dns secret token> -o jsonpath='{$.data.token}' | base64 -d)" | |
| curl -kDH "Authorization: Bearer $TOKEN" https://apiserver:6443/api/v1/services |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment