CKA preparation : admission controller lab 2025 update : question 7/8

benoit · March 2, 2026, 7:56am

Hello, I’ve been trying to solve the question about the admission controller lab and I get the check being false at : Reconfigure the API server to enable the ImagePolicyWebhook admission plugin and ensure it can access the configuration files.

I have modified the kube-apiserver definition file to add the admission control config file command, modified the enable admission plugin line to add imagepolicywebhook, added a volume and mounted it at /etc/kubernetes/imgvalidation as it should.

But the check gives me:
ImagePolicyWebhook admission plugin enabled on kube-apiserver? ok
admission-control-config-file flag set on kube-apiserver? ok
imgvalidation volume mounted in kube-apiserver? NOTOK

I don’t understand since the describe of the kube-apiserver shows that an imgvalidation volumes is mounted.

Is there an issue with what I’m doing?

Santosh_KodeKloud · March 2, 2026, 9:17am

Hi @benoit
Could you share the volumes and volumeMounts snippet from the kube-apiserver yaml manifest?

EDIT: I verified the lab, and it appears there’s a bug in this lab which expects the volumes and volumeMounts to be defined in a specific fashion. I’ll inform the team to fix this.
Thanks for reporting.

benoit · March 2, 2026, 11:41am

thank you.

I did write the volumes and volumeMounts as others were written, adding things in alphabetical order by their name.

Santosh_KodeKloud · March 2, 2026, 11:48am

Santosh_KodeKloud · March 2, 2026, 3:37pm

Hi @benoit

The issue has now been resolved, and the lab works as expected.