通过向 DNS 服务发送 SRV 查询请求获取 kubernetes 集群内所有 Service 信息
source link: https://mozillazg.com/2021/11/security-use-dns-srv-to-get-all-service-info.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
通过向 DNS 服务发送 SRV 查询请求获取 kubernetes 集群内所有 Service 信息
2021-11-14
coredns 的 Wildcards 功能能够让我们通过一个简单的 SRV 查询就可以获取到整个 kubernetes 集群内的所有 service 信息。
获取 service 和对应的 service ip 和端口信息(其中 * 可以替换为 any ):
$ dig srv *.*.svc.cluster.local ; <<>> DiG 9.16.20 <<>> srv *.*.svc.cluster.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41570 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 54380f3a1b0cb590 (echoed) ;; QUESTION SECTION: ;*.*.svc.cluster.local. IN SRV ;; ANSWER SECTION: *.*.svc.cluster.local. 30 IN SRV 0 20 443 kubernetes.default.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 53 kube-dns.kube-system.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 9153 kube-dns.kube-system.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 80 my-service.ns-1.svc.cluster.local. ;; ADDITIONAL SECTION: my-service.ns-1.svc.cluster.local. 30 IN A 10.96.146.96 kube-dns.kube-system.svc.cluster.local. 30 IN A 10.96.0.10 kubernetes.default.svc.cluster.local. 30 IN A 10.96.0.1 ;; Query time: 2 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Sun Nov 14 07:08:27 UTC 2021 ;; MSG SIZE rcvd: 526
上面的 0 20 53 kube-dns.kube-system.svc.cluster.local. 记录中, 53 是端口信息, kube-dns.kube-system.svc.cluster.local 是 service 的域名其中包含了 service 名称、namspace 等信息:
$ kubectl -n kube-system get svc kube-dns NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 92m
获取 service 以及对应的 endpoints 信息:
$ dig srv *.*.*.svc.cluster.local ; <<>> DiG 9.16.20 <<>> srv *.*.*.svc.cluster.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55650 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8d5836f2b43e3675 (echoed) ;; QUESTION SECTION: ;*.*.*.svc.cluster.local. IN SRV ;; ANSWER SECTION: *.*.*.svc.cluster.local. 30 IN SRV 0 14 6443 172-18-0-3.kubernetes.default.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 53 10-244-0-3.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 9153 10-244-0-3.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 53 10-244-0-4.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 9153 10-244-0-4.kube-dns.kube-system.svc.cluster.local. ;; ADDITIONAL SECTION: 10-244-0-4.kube-dns.kube-system.svc.cluster.local. 30 IN A 10.244.0.4 10-244-0-3.kube-dns.kube-system.svc.cluster.local. 30 IN A 10.244.0.3 172-18-0-3.kubernetes.default.svc.cluster.local. 30 IN A 172.18.0.3 ;; Query time: 2 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Sun Nov 14 07:09:38 UTC 2021 ;; MSG SIZE rcvd: 715
上面的 0 14 53 10-244-0-3.kube-dns.kube-system.svc.cluster.local. 记录中 53 是其中一个 endpoint 的端口信息, 10-244-0-3 是 endpoint 的 ip 地址:
$ kubectl -n kube-system describe svc kube-dns Name: kube-dns Namespace: kube-system ... IP: 10.96.0.10 Port: dns 53/UDP TargetPort: 53/UDP Endpoints: 10.244.0.3:53,10.244.0.4:53 Port: dns-tcp 53/TCP TargetPort: 53/TCP Endpoints: 10.244.0.3:53,10.244.0.4:53 Port: metrics 9153/TCP TargetPort: 9153/TCP Endpoints: 10.244.0.3:9153,10.244.0.4:9153 ...
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK