CKS Learning Path Certified Kubernetes Security Specialist
I am a Certified Kubernetes Security Expert CKS and have successfully completed the triad of Kubernetes certification. After learning how to use Kubernetes and how to administer it, the final piece was to understand security intricacies. CKS preparation will give you a deeper dive.
CKS focuses its security efforts on container-based applications and Kubernetes platforms.
CKS is more about hands-on experience. It is an open book test that allows you to access the Kubernetes documentation and some of the products documentation.
Contrary to AWS and GCP certifications you will need to provision, solve, and debug actual problems and provision resources on a Kubernetes Cluster.
It is an open-book test. However, you must know where the information is located and what to use it for.
CKS Exam Pattern
These general domains are included in the CKS exam curriculum and their weights on exam: Cluster Setup – 10%
Cluster Hardening – 15%
System Hardening – 15%
Minimize Microservice Vulnerabilities – 20%
Supply Chain Security – 20 %
Monitoring, Logging, and Runtime Security – 20 %
CKS requires that you solve 15 questions in less than 2 hours.
CKS was already upgraded for the k8s 1.22 edition.
You can open another tab in your browser. This can be from kubernetes.io, Falco documentation, or any other product documentation. Do not open other windows.
Exam questions can be attempted in any order. They don’t need to be in a specific order. You can always go ahead and come back later.CKS Exam Preparation Tips
I used the KodeKloud courses for practice and it was sufficient to cover the requirements for the exam.
Killer.sh offers 2 exam simulator sessions when you book your exam. These mock exams are very difficult compared to the real thing, but they provide a great learning experience. If you fail to complete this exam on time, don’t let that discourage you.
The exam was very time-consuming. I was able complete 15 questions in 15 minutes. I was unable to complete half of the questions because there was not enough time for review.
Each question on an exam carries weight. Be sure to attempt the higher weighted questions first, before you focus on the lower ones. You should focus on the heavier questions and find faster solutions, such as debugging.
Killer.sh provides the exam with 6-8 preconfigured K8s clusters. Each question is specific to a Kubernetes cluster and the context must be changed. You will need to execute the kubectl context command. It is included with every question.
To find resources or create resources, check the namespace in the question. Use the -n
Most of the interaction would be performed from the client node. Pay attention to the master or worker node that you are using to perform the exams. Also, make sure to return to the base node.
It is important to use CKS to move to the master Node for any changes to cluster kubeapiserver
If necessary, SSH to nodes is allowed and root access is granted.
Pay attention to the information provided in the questions marked with an i mark. These would be very helpful hints to address the question and save you time. For example, Namespaces to be looked into. You should look at what is already in place, such as configmap, secrets, and network policies, so you don’t create another.
You won’t be able to create or edit YAML files if you don’t know the imperative commands.
You can edit further using –dry-run –o yaml. This will give you a head start with the YAML spec file.
To avoid typing kubectlCKS Ressources, I use the alias kk=kubectl
Check out the CKS Curriculum
Linux Foundation CKS Course and CKS Certification Bundle
Mumshad Mannambeth classes at KodeKloud Certified Kubernetes Security Specialists (CKS), with P
