kodekloudhub/certified-kubernetes-security-specialist-cks-course

Mock exam 1 : wrong Instructions

eze2017 opened this issue · 1 comments

The instructions for Question 8 is unclear

Create the below admission-configuration inside /root/CKS/ImagePolicy directory in the controlplane

use this YAML file:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:

  • name: ImagePolicyWebhook
    configuration:
    imagePolicy:
    kubeConfigFile: /etc/admission-controllers/admission-kubeconfig.yaml. ## Does not exist
    allowTTL: 50
    denyTTL: 50
    retryBackoff: 500
    defaultAllow: false

#The /root/CKS/ImagePolicy is mounted at the path /etc/admission-controllers directory in the kube-apiserver. So, you can directly place the files under /root/CKS/ImagePolicy.
#---snippet of the volume and volumeMounts (already added to apiserver config)
containers:
.
.
.
volumeMounts:

  • mountPath: /etc/admission-controllers
    name: admission-controllers
    readOnly: true
    volumes:
  • hostPath:
    path: /root/CKS/ImagePolicy/
    type: DirectoryOrCreate
    name: admission-controllers

update the kube-apiserver command flags and add ImagePolicyWebhook to the enable-admission-plugins flag

  • --admission-control-config-file=/etc/admission-controllers/admission-configuration.yaml
  • --enable-admission-plugins=NodeRestriction,ImagePolicyWebhook

If anybody wonders why the issue is closed, the hint is this: one thing is the directory on the host, another thing is its mount path in kube-apiserver.