To get access to the node’s disk, create a new Pod with a HostPath
volume targeting the root path /
.
sleep-with-hostpath.yaml uses a HostPath volume in the Pod spec.
Deploy the Pod:
kubectl apply -f labs/aks/persistentvolumes/solution
The Pod container mounts the root of the node’s disk to /node-root
inside the container, and it runs as root.
That means you can do pretty much anything on the disk:
kubectl exec pod/sleep -- ls /node-root
kubectl exec pod/sleep -- mkdir -p /node-root/secret/hacker/tools
kubectl exec pod/sleep -- ls -l /node-root/secret/hacker
That’s why its not secure :) If you do need access to the node’s disk you should use a hostPath with a more restrictive scope, not the entire root drive.
Back to the exercises.