├── etcd-no-auth.yaml
├── ro-kubelet.yaml
├── unauthenticated-rw-kubelet.yaml
├── insecure-port.yaml
└── README.md


/etcd-no-auth.yaml:
--------------------------------------------------------------------------------
 1 | # this config file contains all config fields with comments
 2 | kind: Cluster
 3 | apiVersion: kind.sigs.k8s.io/v1alpha3
 4 | # patch the generated kubeadm config with some extra settings
 5 | kubeadmConfigPatches:
 6 | - |
 7 |   apiVersion: kubeadm.k8s.io/v1beta2
 8 |   kind: ClusterConfiguration
 9 |   metadata:
10 |     name: config
11 |   etcd:
12 |     local:
13 |       extraArgs:
14 |         # Don't forget quotes on values
15 |         client-cert-auth: "false"
16 | # 1 control plane node and 3 workers
17 | nodes:
18 | # the control plane node config
19 | - role: control-plane
20 | # the three workers
21 | - role: worker
22 | - role: worker
23 | - role: worker
24 | 


--------------------------------------------------------------------------------
/ro-kubelet.yaml:
--------------------------------------------------------------------------------
 1 | # this config file contains all config fields with comments
 2 | kind: Cluster
 3 | apiVersion: kind.sigs.k8s.io/v1alpha3
 4 | # patch the generated kubeadm config with some extra settings
 5 | kubeadmConfigPatches:
 6 | - |
 7 |   apiVersion: kubeadm.k8s.io/v1beta2
 8 |   kind: InitConfiguration
 9 |   metadata:
10 |     name: config
11 |   nodeRegistration:
12 |     kubeletExtraArgs:
13 |       read-only-port: "10255"
14 | # 1 control plane node and 3 workers
15 | nodes:
16 | # the control plane node config
17 | - role: control-plane
18 |   extraPortMappings:
19 |     - containerPort: 10255
20 |       hostPort: 10255
21 | # the three workers
22 | - role: worker
23 | - role: worker
24 | - role: worker
25 | 


--------------------------------------------------------------------------------
/unauthenticated-rw-kubelet.yaml:
--------------------------------------------------------------------------------
 1 | # this config file contains all config fields with comments
 2 | kind: Cluster
 3 | apiVersion: kind.sigs.k8s.io/v1alpha3
 4 | # patch the generated kubeadm config with some extra settings
 5 | kubeadmConfigPatches:
 6 | - |
 7 |   apiVersion: kubeadm.k8s.io/v1beta2
 8 |   kind: InitConfiguration
 9 |   metadata:
10 |     name: config
11 |   nodeRegistration:
12 |     kubeletExtraArgs:
13 |       # These two allow for unauthenticated kubelet access
14 |       authorization-mode: "AlwaysAllow"
15 |       anonymous-auth: "true"
16 | # 1 control plane node and 3 workers
17 | nodes:
18 | # the control plane node config
19 | - role: control-plane
20 | # the three workers
21 | - role: worker
22 | - role: worker
23 | - role: worker
24 | 


--------------------------------------------------------------------------------
/insecure-port.yaml:
--------------------------------------------------------------------------------
 1 | # this config file contains all config fields with comments
 2 | kind: Cluster
 3 | apiVersion: kind.sigs.k8s.io/v1alpha3
 4 | # patch the generated kubeadm config with some extra settings
 5 | kubeadmConfigPatches:
 6 | - |
 7 |   apiVersion: kubeadm.k8s.io/v1beta2
 8 |   kind: ClusterConfiguration
 9 |   metadata:
10 |     name: config
11 |   apiServer:
12 |     extraArgs:
13 |       # Don't forget quotes on the values
14 |       insecure-bind-address: "0.0.0.0"
15 |       insecure-port: "8080"
16 | # 1 control plane node and 3 workers
17 | nodes:
18 | # the control plane node config
19 | - role: control-plane
20 |   extraPortMappings:
21 |     - containerPort: 8080
22 |       hostPort: 8080
23 | # the three workers
24 | - role: worker
25 | - role: worker
26 | - role: worker
27 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Kind of Insecure
 2 | 
 3 | Collection of [kind](https://kind.sigs.k8s.io/) configuration files that can be used to create deliberately vulnerable clusters, for the purposes of security testing/training.
 4 | 
 5 | Each cluster has a single vulnerability which can be exploited.
 6 | 
 7 | | Config                            | Description |
 8 | | ------                            | ----------- |
 9 | | `insecure-port.yaml`              | Insecure port enabled on the API server |
10 | | `etcd.yaml`                       | Client authentication disabled on the ETCD server |
11 | | `unauthenticated-rw-kubelet.yaml` | Read/Write Kubelet port (10250/TCP) available without authentication |
12 | | `ro-kubelet.yaml`                 | Read-Only kubelet port (10255/TCP) available without authentication |
13 | 
14 | 
15 | * After installing kind,  each test cluster can be brought up using a command like: `kind --config insecure-port.yaml --name insecure create cluster`
16 | * You can then find out the IP address of the container on the `docker0` network with: `docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' insecure-control-plane`
17 | 
18 | 


--------------------------------------------------------------------------------