Run ddosify against Kubernetes API

ddosify-kubernetes.sh

#!/usr/bin/env bash
set -ue

# Resolve config to be used
export KUBECONFIG=${KUBECONFIG:-$HOME/.kube/config}
export CLUSTER=${1:-$(kubectl config current-context)}
echo "Running against ${CLUSTER}"

# Read auth command from the kubeconfig and use it to get the auth token
CMD_PATH=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.command' "${KUBECONFIG}")
CMD_ARGS=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.args | join(" ")' "${KUBECONFIG}")
export TOKEN=$($CMD_PATH $CMD_ARGS | jq -r '.status.token')
echo "Authentication succeeded"

# Read cluster certiticate from the config and set up temp pem file
export TMP_CERT=$(mktemp -p /tmp)
yq '.clusters | map(select(.name == env(CLUSTER))) | .[] | .cluster.certificate-authority-data' "${KUBECONFIG}" | base64 -d - > ${TMP_CERT}
echo "Using temporary file for the certificate: ${TMP_CERT}"

# Resolve API server address
SERVER_ADDR=$(yq '.clusters | map(select(.name == env(CLUSTER))) | .[] | .cluster.server' "${KUBECONFIG}")
echo "Server address: ${SERVER_ADDR}"

# Use Kubernetes REST API
ddosify -t ${SERVER_ADDR}/apis/apiextensions.k8s.io/v1/customresourcedefinitions \
 -d 180 -n 300 -l incremental  -h "Authorization: Bearer $TOKEN" --cert_path ${TMP_CERT}
 
 # Example curl usage:
 # curl -v ${SERVER_ADDR}/apis/apiextensions.k8s.io/v1/customresourcedefinitions --header "Authorization: Bearer $TOKEN" --cacert ${TMP_CERT}