Capturing ssl keys for kubectl

Question

I want to decrypt kubectl requests to kubernetes api server (over tls) with wireshark (for exec -it subcommand). I found that there's SSLKEYLOGFILE variable that can be used by wireshark for decrypting tls packets but kubectl doesn't log tls session keys into that file. Is there any option for kubectl to log sslkeys into that file? or is there any other option for capturing and viewing exec raw network packets?

Thanks

I found this blog post about it: https://ahmet.im/blog/kubectl-man-in-the-middle/ — Babak, Jun 28 '22 at 03:30

score 0 · Answer 1 · answered Jun 25 '22 at 16:01

0

If you requirement is just to capture the requests betten apiserver & kubectl command. add --v=11 it will show all the requests that are happening between kubectl & apiserver.

Ex:

kubectl get nodes --v=11

answered Jun 25 '22 at 16:01

confused genius

2,876
2
16
29

This doesn't works for kubectl exec -it – Babak Jun 26 '22 at 06:50

Capturing ssl keys for kubectl

1 Answers1