Skip to content

Instantly share code, notes, and snippets.

@tanelmae
Created May 22, 2023 12:49
Show Gist options
  • Save tanelmae/9018d41b953c35a1956e286e844f498a to your computer and use it in GitHub Desktop.
Save tanelmae/9018d41b953c35a1956e286e844f498a to your computer and use it in GitHub Desktop.
Run ddosify against Kubernetes API
#!/usr/bin/env bash
set -ue
# Resolve config to be used
export KUBECONFIG=${KUBECONFIG:-$HOME/.kube/config}
export CLUSTER=${1:-$(kubectl config current-context)}
echo "Running against ${CLUSTER}"
# Read auth command from the kubeconfig and use it to get the auth token
CMD_PATH=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.command' "${KUBECONFIG}")
CMD_ARGS=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.args | join(" ")' "${KUBECONFIG}")
export TOKEN=$($CMD_PATH $CMD_ARGS | jq -r '.status.token')
echo "Authentication succeeded"
# Read cluster certiticate from the config and set up temp pem file
export TMP_CERT=$(mktemp -p /tmp)
yq '.clusters | map(select(.name == env(CLUSTER))) | .[] | .cluster.certificate-authority-data' "${KUBECONFIG}" | base64 -d - > ${TMP_CERT}
echo "Using temporary file for the certificate: ${TMP_CERT}"
# Resolve API server address
SERVER_ADDR=$(yq '.clusters | map(select(.name == env(CLUSTER))) | .[] | .cluster.server' "${KUBECONFIG}")
echo "Server address: ${SERVER_ADDR}"
# Use Kubernetes REST API
ddosify -t ${SERVER_ADDR}/apis/apiextensions.k8s.io/v1/customresourcedefinitions \
-d 180 -n 300 -l incremental -h "Authorization: Bearer $TOKEN" --cert_path ${TMP_CERT}
# Example curl usage:
# curl -v ${SERVER_ADDR}/apis/apiextensions.k8s.io/v1/customresourcedefinitions --header "Authorization: Bearer $TOKEN" --cacert ${TMP_CERT}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment