Hacking Kubernetes etcd for (personal) profit

The Background

Kubernetes

affinity: {}
image:
pullPolicy: IfNotPresent
repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner
tag: v4.0.2
imagePullSecrets: []
labels: {}
leaderElection:
enabled: true
nfs:
mountOptions: null
path: /mnt/storage-secondary/k8s-pv
server: 192.168.1.72
volumeName: nfs-pv-root
mount | grep nfs
192.168.1.72:/mnt/storage-secondary/k8s-pv-test-cluster/default-hello1-pvc-5e649f65-a34e-45fe-aac3-1b7c774a3944 on /var/lib/kubelet/pods/72362a2a-c914-4e52-a549-f61e3c7416d4/volumes/kubernetes.io~nfs/pvc-5e649f65-a34e-45fe-aac3-1
b7c774a3944 type nfs4 (rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.30.70,local_lock=none,addr=192.168.1.72)
192.168.1.72:/mnt/storage-secondary/k8s-pv-test-cluster/default-hello2-pvc-b7d3421e-a24a-4525-95cf-295e0c190ba9 on /var/lib/kubelet/pods/72362a2a-c914-4e52-a549-f61e3c7416d4/volumes/kubernetes.io~nfs/pvc-b7d3421e-a24a-4525-95cf-2
95e0c190ba9 type nfs4 (rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.30.70,local_lock=none,addr=192.168.1.72)
apiVersion: v1
kind: PersistentVolume
metadata:
annotations:
pv.kubernetes.io/provisioned-by: cluster.local/nfs-provisioner-test-nfs-subdir-external-provisioner
creationTimestamp: "2021-09-24T16:16:23Z"
finalizers:
- kubernetes.io/pv-protection
managedFields:
- apiVersion: v1
manager: nfs-subdir-external-provisioner
operation: Update
time: "2021-09-24T16:16:23Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.: {}
v:"kubernetes.io/pv-protection": {}
f:status:
f:phase: {}
manager: kube-controller-manager
operation: Update
time: "2021-09-24T19:43:54Z"
name: pvc-5e649f65-a34e-45fe-aac3-1b7c774a3944
resourceVersion: "400447"
uid: 17eb6580-d672-4e33-926b-aefd63a40ed4
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
capacity:
storage: 1Gi
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: hello1
namespace: default
resourceVersion: "43088"
uid: 5e649f65-a34e-45fe-aac3-1b7c774a3944
nfs:
path: /mnt/storage-secondary/k8s-pv-test-cluster/default-hello1-pvc-5e649f65-a34e-45fe-aac3-1b7c774a3944
server: 192.168.1.72
persistentVolumeReclaimPolicy: Delete
storageClassName: nfs-client
volumeMode: Filesystem
spec.persistentvolumesource: Forbidden: spec.persistentvolumesource is immutable after creation

In the search for a solution

k8sv1PersistentVolume� �(pvc-5e649f65-a34e-45fe-aac3-1b7c774a3944"*$17eb6580-d672-4e33-926b-aefd63a40ed428B��bepv.kubernetes.io/provisioned-byBcluster.local/nfs-provisioner-test-nfs-subdir-external-provisionerrkubernetes.io/pv-protectionz��nfs-subdir-external-provisionerUpdatev1"��2FieldsV1:��{"f:metadata":{"f:annotations":{".":{},"f:pv.kubernetes.io/provisioned-by":{}}},"f:spec":{"f:accessModes":{},"f:capacity":{".":{},"f:storage":{}},"f:claimRef":{".":{},"f:apiVersion":{},"f:kind":{},"f:name":{},"f:namespace":{},"f:resourceVersion":{},"f:uid":{}},"f:nfs":{".":{},"f:path":{},"f:server":{}},"f:persistentVolumeReclaimPolicy":{},"f:storageClassName":{},"f:volumeMode":{}}}��kube-controller-managerUpdatev1"�Ը�2FieldsV1:ki{"f:metadata":{"f:finalizers":{".":{},"v:\"kubernetes.io/pv-protection\"":{}}},"f:status":{"f:phase":{}}}�storage1Giv*t 192.168.1.72b/mnt/storage-secondary/k8s-pv-test-cluster/default-hello1-pvc-5e649f65-a34e-45fe-aac3-1b7c774a3944ReadWriteOnceReadWriteMany"[PersistentVolumeClaimdefaulthello1"$5e649f65-a34e-45fe-aac3-1b7c774a3944*v1243088:*Delete2nfs-clientBFilesystem Bound"
pv.Spec.NFS != nil
pv.Spec.NFS.Server = newNFSServer
   protobuf.NewSerializer(scheme.Scheme, scheme.Scheme)
newObj := new(bytes.Buffer)
protoSerializer.Encode(obj, newObj)
clientv3.NewKV(client).Put(context.Background(), string(kv.Key), newObj.String())

Key take-aways

Git repo

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store