Verify binaries
How to verify the integrity of Kubernetes binaries by comparing SHA-512 checksums of running processes against officially released binaries.
One has to compare the binary version which is currently running at the Kubernetes master and later on find out the PID of kubelet process. At the very end, simply run sha512sum /proc/<PID>/root/bin/kubelet. Compare it with the official Kubernetes binary downloaded by wget.
The following commands download the official Kubernetes server binaries, compute the SHA-512 hash of the kubelet binary, find the PID of the running kubelet process, and compare the hashes to verify integrity.
1
2
3
4
5
6
7
8
9
10
kubectl get pods
kubectl get nodes
wget https://dl.k8s.io/v1.23.1/kubernetes-server-linux-amd64.tar.gz
tar -xvzf *.tar.gz
sha512sum kubernetes/server/bin/kubelet | cut -d" " -f1 > compare
ps -ef | grep kubelet
sha512sum /proc/23213/root/bin/kubelet | cut -d" " -f 1 >> compare
cat compare | uniq
echo DIFFERENT > /answer
This post is licensed under CC BY 4.0 by the author.