Earlier this year CNCF announced an upcoming new Certified Kubernetes Security Specialist (CKS) Certification Exam, This new certification is for those who have passed the CKA exam and want third party validation for their working knowledge of container security.
If you don’t pass the CKA exam yet, I published an article on how I passed the CKA & CKAD + September Curriculum Update Tips
From the announcement of the CNCF, the CKS is described as:
CKS is similar in format to CKA and will consist of a performance-based certification exam — testing competence across best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
The certification is expected to be generally available before the KubeCon + CloudNativeCon North America Virtual event taking place on November 17–20.
The CKS test will be online, proctored, performance-based. the candidates have 2 hours to complete the exam tasks.
From the CKS Exam Curriculum repository, The exam will test domains and competencies including:
- Cluster Setup (10%): Best practice configuration to control the environment’s access, rights, and platform conformity.
- Cluster Hardening (15%): Protecting K8s API and utilize RBAC.
- System Hardening (15%): Improve the security of OS & Network; restrict access through IAM
- Minimize Microservice Vulnerabilities (20%): Utilizing on K8s various mechanisms to isolate, protect, and control workload.
- Supply Chain Security (20%): Container oriented security, trusted resources, optimized container images, CVE scanning.
- Monitoring, Logging, and Runtime Security (20%): Analyse and detect threads.
I have created a Github repository collecting References for CKS Exam Objectives.
The given references and links in the repository are assumptions and ideas around the CKSS curriculum.
PRs are always welcome so Star 🌟, fork 🍴 , and contribute