K
Q

No such file or directory error on --audit-policy-file flag

12/12/2018

I'm trying to enable audit option on my kubeadm based k8s. (v1.11.2)

but after I added --audit-policy-file flag on /etc/kubernetes/manifests/kube-apiserver.yaml, It won't start and print no such file or directory error.

This is my kube-apiserver.yaml file.

apiVersion: v1
kind: Pod
metadata:
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
 ...
    - --audit-policy-file=/etc/kubernetes/audit-policy.yaml
    - --audit-log-path=/var/log/kubernetes
    image: k8s.gcr.io/kube-apise...
...

and my error printed.

error: loading audit policy file: failed to read file path "/etc/kubernetes/audit-policy.yaml": open /etc/kubernetes/audit-policy.yaml: no such file or directory

I double checked the path and it was all fine.

Is this some kind of bug of kubeadm? I need your help.

Thanks.

-- Yechan Kim
audit
kubeadm
kubernetes

Similar Questions

Specify different instant type for nodes in kubernetes with kops
Multiple kubernetes cluster
How to configure kubectl in kubernetes cluster
How to manage more than 200 microservice with Helm?

2 Answers

4/23/2020

Create a volume and mounts for your audit policy file location in your kube-api manifest. Something like this.

volumeMounts:
- mountPath: /var/lib/k8s_audit/
  name: data

volumes:
- hostPath:
  path: /var/lib/k8s_audit
  type: DirectoryOrCreate
  name: data
-- bujail
Source: StackOverflow
12/12/2018

Move your audit-policy.yaml file to the root path of the master node and then edit the given path in audit-policy-file also.

 - --audit-policy-file=audit-policy.yaml
-- Majid Rajabi
Source: StackOverflow