Developer Diary >_

Blog Home

About

Archive

author-pic

Amila Senadheera

Tech enthusiast

Amila Senadheera

Tech enthusiast
Blog HomeAboutArchive

Tags

Clearing the Certified Kubernetes Security Specialist (CKS) exam!


Published on July 19, 2023

I took the CKS exam on July 18th, a truly special day, and I am delighted to announce that I have successfully passed the exam. I would like to share some insights about my exam preparation and what to expect during the exam.

Exam Preparation

  • I purchased the exam bundle that included the LFS-260 course and diligently followed the labs provided.
  • I practiced configuring security-related options for components such as kube-apiserver, kubelet, and kube-controller-manager. During my practice, I paid close attention to troubleshooting issues with static pods by checking the logs at /var/log/pods. It is normal to encounter failures during practice, as it helps in understanding potential pitfalls during the exam.
  • I set up Apparmor on a node and observed the behavior of pods with those profiles. In the exam, you might be asked to load a profile and configure a pod accordingly. I found the AppArmor documentation helpful for configuring different profiles.
  • I familiarized myself with Falco, as there is a question related to runtime security. I experimented with composing new rules and validating their behavior.

Exam Experience

  • The exam environment was based on Kubernetes version v1.27. It does not include PodSecurityPolicy, which is now deprecated. Instead, the exam focuses on your knowledge of Pod Security Admission and Pod Security Standards.
  • Most of the time-consuming tasks are already set up for you. For example, if you are asked to set up auditing, the necessary volumes and volume mounts are already configured. You need to carefully inspect the configuration and add any missing bits as required.
  • Many of the required tools are pre-installed somewhere in the environment. You can expect to use tools like Trivy to scan images for vulnerabilities. Trivy was installed on the worker node rather than the root machine you log in to during the exam. If you cannot find it, you can try installing it using the provided documentation, but be aware that this may consume some of your time.

Wish you best of luck for your exam!

If you like it, share it!

Created by potrace 1.16, written by Peter Selinger 2001-2019 © 2024 Developer Diary.

Made withusing Gatsby, served to your browser from a home grown Raspberry Pi cluster.
contact-me@developerdiary.me