raesene
commented
5 years ago We've got this now. https://github.com/raesene/kube_security_lab/blob/master/ssrf-to-insecure-port.yml
This works moderately well as we can expose the insecure port on localhost only, and expose the web application more widely, then use a secret grabbed from the insecure port against the main API server.
Look at creating an application scenario with an SSRF issue allowing access to one or more of the k8s APIs