Audit Policy Failure - Lab

Hi folks,

In the Auditing lab for CKS and I having this problem which I also experienced on the CKS Exam.

Here is the KodeKloud audit policy:

apiVersion: audit.k8s.io/v1
kind: Policy
rules:

• level: Metadata
  namespaces: [“prod”]
  verbs: [“delete”]
  resources:
  • group: “”
    resources: [“secrets”]

When I apply the file, I get the following results.

root@controlplane:/etc/kubernetes/manifests# k apply -f /etc/kubernetes/prod-audit.yaml
error: unable to recognize “/etc/kubernetes/prod-audit.yaml”: no matches for kind “Policy” in version “audit.k8s.io/v1”

Any guesses why?

Resolved: Indenting issues.

I have faced the same issue, and I referred the previous answer of the same issue: I can't seem to apply the audit policy and getting this error in the lab section . . .

We have to enable it in kube-apiserver config.
However, I couldn’t pass the last question after enabling it.

Hi,

A couple of mistakes that I made in the past:
1 - You don’t apply the /etc/kubernetes/prod-audit.yaml file, it is referenced in the kube-apiserver.yaml file.
2 - Indenting.
3 - I would modify the kube-apiserver.yaml after running sudo -i, then run kubectl get nodes, and it would fail. Pointing to wrong port number. It is best to run sudo vi kube-apiserver.yaml.
4. If you api server does not come up after 30 seconds or so, run “sudo journalctl -u kubelet | grep kuberuntime” You should see it trying to start the kube-apiserver and you will see an error if it is failing. That can give you some clues as to the misconfiguration.
5. Also, before modifing /etc/kubernetes/manifest/kube-apiserver.yaml, I copy the file to /tmp for a backup so if I need to start over for some reason, I can copy it back in place quickly to get the apiserver up and running.