Discovery

The discovery section cover various techniques and procedures for discovering various components of a Kubernetes cluster. This primarily involves

  1. Ability to discover master node(s)
  2. Ability to discover worker node(s)

Network Discovery

Common ports for master node discovery

PortProtocolService
443, 6443, 8443TCPKubernetes API Server (kube-apiserver)
8080TCPKubernetes API Server insecure port (Listens on localhost only)
2379, 2380TCPetcd server

Common ports for worker node discovery

PortProtocolService
10250TCPKubelet
10255TCPKubelet read-only port
30000-32767TCPnodePort service port range (default)

Given the above network services information, Kubernetes master or worker nodes can be discovered by scanning a network CIDR for ports, for example:

To discover master nodes

nmap -Pn -sS -sV -p 443,6443,8443,8080,2379,2380 $CIDR

To discover worker nodes

nmap -Pn -sS -sV -p 10250,10255 $CIDR

To discover nodePort exposed services

nmap -Pn -sS -sV -p 30000-32767 $CIDR