Health Check服务如下:
curl http://127.0.0.1:15021/healthz/ready -v
* Trying 127.0.0.1:15021…
- Connected to 127.0.0.1 (127.0.0.1) port 15021 (#0)
GET /healthz/ready HTTP/1.1
Host: 127.0.0.1:15021
User-Agent: curl/7.69.1
Accept: /
- Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Tue, 16 Mar 2021 05:31:43 GMT
< content-length: 0
< x-envoy-upstream-service-time: 0
< server: envoy
<
- Connection #0 to host 127.0.0.1 left intact
Debug 服务
========
15000端口提供了Envoy admin API,该端口绑定在本地环回地址上,只能在Pod内访问。当攻击者控制了某容器,即可请求该服务来获取敏感信息。
curl http://127.0.0.1:15000/help
admin commands are:
/: Admin home page
/certs: print certs on machine
/clusters: upstream cluster status
/config_dump: dump current Envoy configs (experimental)
/contention: dump current Envoy mutex contention stats (if enabled)
/cpuprofiler: enable/disable the CPU profiler
/drain_listeners: drain listeners
/healthcheck/fail: cause the server to fail health checks
/healthcheck/ok: cause the server to pass health checks
/heapprofiler: enable/disable the heap profiler
/help: print out list of admin commands
/hot_restart_version: print the hot restart compatibility version
/init_dump: dump current Envoy init manager information (experimental)
/listeners: print listener info
/logging: query/change logging levels
/memory: print current allocation/heap usage
/quitquitquit: exit the server
/ready: print server state, return 200 if LIVE, otherwise return 503
/reopen_logs: reopen access logs
/reset_counters: reset all counters to zero
/runtime: print runtime values
/runtime_modify: modify runtime values
/server_info: print server version/status information
/stats: print server stats
/stats/prometheus: print server stats in prometheus format
/stats/recentlookups: Show recent stat-name lookups
/stats/recentlookups/clear: clear list of stat-name lookups and counter
/stats/recentlookups/disable: disable recording of res
最低0.47元/天 解锁文章
扫一扫
371
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
