I obtained CKA, KCNA, CKAD, and KCSA between January 11th and February 6th, 2026.
Recently, I took the CKS—the final remaining Kubernetes certification for me—on March 13th and 17th (retake), and I am happy to share that I passed!
I have officially become a Kubestronaut.
Certified Kubernetes Security Specialist (CKS)
Exam Results
I passed with a score of 79 % (passing score is 67 %). I used the entire exam duration of 2 hours.
- Exam Date: March 17, 2026, 10:00 AM~
- Location: Private room in a co-working space
- Device: MacBook Air (2022, M2, 13.6-inch)
Thoughts and Difficulty
To be honest, I failed my first attempt on March 13th with a score of 44 %.
During the first try, I ran out of time and left 5 questions unanswered. Even if I had more time, there were about 3 questions I simply didn't know how to solve.
In my case, I was comfortable with Kubernetes and third-party tool operations, but Linux administration was my weakness.
After spending the four days between exams reviewing basic Linux commands, I managed to pass with 79%.
Among the five Kubernetes certifications, I felt CKS was as challenging as the CKA (considering I tackled CKA with zero practical experience and took CKS after earning the other four).
Study Resources
I used KodeKloud, Killercoda, and Killer Shell. I spent approximately 80 hours (5 weeks) in total.
KodeKloud
After completing the entire course, I did the three Mock Exams four times each. While the lab exercises in the course were helpful for understanding the tools, they didn't strictly follow the exam format. Therefore, I spent only two rounds on the labs and dedicated most of my time to the Mock Exams.
Killercoda
Since the Mock Exams had many overlapping questions, I used Killercoda to increase my practice volume. I repeatedly solved problems related to ImagePolicyWebhook and Audit Logs.
Killer Shell
Still feeling the need for more practice, I went through the two Killer Shell sessions (A and B) provided with the exam purchase three times each. Session A was around the level of KodeKloud's Mock Exams, but Session B was incredibly difficult and actually made me lose some confidence.
Tips
1. Do not underestimate OS and Linux administration basics
The CKS requires not only Kubernetes security but also security configurations for the nodes themselves. It is crucial to be able to execute basic Linux system management commands smoothly, not just kubectl (neglecting this is why I failed the first time).
- Checking daemon status (Docker, kubelet, etc.) using
systemctl, locating configuration files, and restarting services (daemon-reload,restart). - Managing user groups and socket file permissions using commands like
gpasswdandchgrp.
2. Speed up information extraction from logs (Master grep)
You will often need to find suspicious Pods or specific processes within massive logs like Falco, Audit Logs, or syslog.
- Practice using
grep -ionjournalctl -u <service>or raw logs like/var/log/syslogto quickly narrow down keywords (paths, process names, etc.). This will save you a lot of time during the exam.
3. Modifying the Control Plane (API Server)
Editing Static Pod manifests like kube-apiserver.yaml carries the risk of the API Server failing to start if you make a single mistake.
- When enabling Admission Plugins, don't forget to add the necessary
volumesandvolumeMountsfor certificates or configuration files, in addition to adding the flags.
4. Be mindful of SecurityContext hierarchy (Pod vs. Container level)
When fixing security settings for Deployments or Pods, you must know exactly where to place the directives.
- Settings like
runAsUserandfsGroupcan be set at the Pod level (pod.spec.securityContext). - However, directives like
allowPrivilegeEscalationandreadOnlyRootFilesystemmust be defined at the individual container level (pod.spec.containers[].securityContext).
Conclusion
Since I've come this far, I think I'll aim to become a Golden Kubestronaut next!
Top comments (0)