Kodekloud CKS Challenge 3 kube-bench

Please find in above image it asked to set protect-kernel and after setting its still not accepting and saying error whereas in controlplane it accepted.

This would be a kubelet setting; I’d guess that you set it on the controlplane, but not on node01, judging by the message.

No @rob_kodekloud I did ssh to node01 and set the same. Please note when I did the same for controlplane it was sucessful but in worker node it isn’t

Having done this lab not too long ago, I’d guess that the grader is not the problem here, although I could be wrong. You might take a look at the solution of this challenge (Step 2) to make sure that you’re doing what the challenge is checking for.

@rob_kodekloud Thanks I have in service --protect-kernel-defaults. But from the solution it looks like in the config.yml we need to have this configured isn’t that 2 ways of doing not sure if I am missing something

The preferred way to add a parameter is to put it in the config.yml file, since kubelet has a lot of parameters, and it’s easier to read, maintain and track changes than putting it into the service file. So while both will work, the challenge’s grader prefers the config file.

@rob_kodekloud Thanks for the response. Btw in actual exam would both be accepted or preferrred is config.yml ?

They’d almost certainly expect an edit to config.yml. Really, the only time you should edit the system file in this case is where a parameter set by default in the system file needs to be changed. Best indication is the output of programs like kube-bench, which tell you to modify the config file.