SteamCloud BOX - Pulling My Hair!

I beg you Kubernetes gods for a hand

General Box Info

SteamCloud is a box where Kubernetes is mostly at play through the manipulation of kubeletctl, kubectl, and a little curl.

The general goal is to gain a foothold into the more “admin-like” commands that are unaccessible by sheer kubeletctl command execs and curl. The bigger picture here is that of other similar boxes where mounting a directory is needed in order to read the contents of a container and execute its contents freely, instead of running commands on containers through a long and painful string of flags after kubeletctl or curl.


My problem is being able to authenticate through kubectl - I keep getting asked for a Username (WHY?). Despite a large number of attempts at inputting the correct certificate authority and token (both found within the same directory by running kubeletctl <IP> exec "token/cert location" -p pod name -c container name - I’m keeping it vague to avoid spoilers). I made sure to save the token as an environment variable and have the certificate as a file all within the same directory for order.

Having achieved the boiling point, I decided to see the official walkthrough and copy-paste the same command it was issuing. But nada, nothing! I kept being asked for a Username. At this point, I resorted to querying you almighty kubernetes masters.

This is the command I used to try and check the pods through the token and certificate:

kubectl --server= --token=$<token_name> --certificate-authority=<cert_name> get pods

Please enter Username: I love kubernetes :frowning:

Any help will be appreciated!


Instead of putting the token into an environment table I saved it as a file and ran the same command as a bove but now I get an error saying:

error: You must be logged in to the server (Unauthorized)

So weird!


ᵗʰᵃⁿᵏ ʸᵒᵘ ᶜʰᵃᵗᵍᵖᵗ

After poking around a bit more, BY MAGIC, I found out that the --token flag was interpreting strings very literally. Basically, it interpreted my ./token or $token AS THE TOKEN. It didn’t actually read the token’s contents.

The solution was as simple as telling the --token flag to use the cat command to read the token. Like this:

kubectl --token=$(cat ./token)

Instead of:

kubectl --token=$token) or kubectl --token=./token