Mock exam 1 : wrong Instructions
eze2017 opened this issue · 1 comments
eze2017 commented
The instructions for Question 8 is unclear
Create the below admission-configuration inside /root/CKS/ImagePolicy directory in the controlplane
use this YAML file:
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: /etc/admission-controllers/admission-kubeconfig.yaml. ## Does not exist
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: false
#The /root/CKS/ImagePolicy is mounted at the path /etc/admission-controllers directory in the kube-apiserver. So, you can directly place the files under /root/CKS/ImagePolicy.
#---snippet of the volume and volumeMounts (already added to apiserver config)
containers:
.
.
.
volumeMounts:
- mountPath: /etc/admission-controllers
name: admission-controllers
readOnly: true
volumes: - hostPath:
path: /root/CKS/ImagePolicy/
type: DirectoryOrCreate
name: admission-controllers
update the kube-apiserver command flags and add ImagePolicyWebhook to the enable-admission-plugins flag
- --admission-control-config-file=/etc/admission-controllers/admission-configuration.yaml
- --enable-admission-plugins=NodeRestriction,ImagePolicyWebhook
marcindulak commented
If anybody wonders why the issue is closed, the hint is this: one thing is the directory on the host, another thing is its mount path in kube-apiserver
.