A step-by-step guide on using mitmproxy to intercept and observe HTTPS traffic between kubectl and the Kubernetes API server. The setup involves extracting client certificates from a Kubeconfig file using yq and base64, then launching mitmproxy with specific flags to disable HTTP/2, supply the client cert, and skip upstream TLS verification. kubectl is then run with HTTPS_PROXY pointing to the local mitmproxy instance. The technique is presented as useful for troubleshooting rather than as a learning tool.
Sort: