I have been lucky in my career to adopt containers and kubernetes early as a local Docker community leader; AWS Cloud community leader with a passion for all things modern-apps. Early on saw how containers technology bridge the gap between Dev and Ops; Enables communication, breaks silos with its unified API, especially with kubernetes. However, people's response to Kubernetes and its security stand varied over the years. When it comes to running Kubernetes in production, No one would like to run it without having enough guarantees of running a secure platform with sane defaults and configurations. Here, comes the value of the new Linux Foundation/Certified Kubernetes Security specialist CKS
Certifications are my game; hands-on performance-based exams are no stranger to me being a veteran Red Hat certified architect RHCA.
However, My first experience with vendor-neutral certification was the certified Kubernetes administrator CKA as a beta tester for the exam. Not to repeat answering fellow friends and followers in social media individually and keep repeating myself, I created the CKA resources repo that became very popular due to the lack of curated online free resources at the time. The same thing is happening again with the new mysterious CKS certification, so a couple of online friends and I are maintaining and discussing the content of a new CKS repo that follows feedback and Linux foundation curriculum and chats that happen in #CKS slack channels. without boring you with the details, you can head straight to the repo
https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
Or watch Saiyam Pathak and I discuss on youtube kubernetes certifications informal what is there and how to prepare, strategies to start and study for the exams, as well some gotchas, there is a timestamp index as well as links referenced in the talk. We would love to see you raise issues, concerns, or pull requests against any of these GitHub repos.
My near-future plans are to capture questions asked during the session and answer them in here and medium.
Q1) what sandbox or environment should I use to practice?
Online
There is always easy online for quick tasks and one-time use.
https://katacoda.com, e.g. Vulnerable Kubernetes environment training. A vulnerable kubernetes "Goat" environment to practice on for a maximum duration of two hours.
[Paid] Kodecloud and Mumshad UDEMY courses for CKA and CKAD have some tasks related to network policies, RBAC, and cluster upgrades.
Public Cloud
Any free cloud tier would do. or you can utilise the new CIVO k3s Kube100 offer
For CKS simulation labs specifically, the above-mentioned Katacoda Goatlab, as well the GKE, Secure Kubernetes Tutorial which was used in Kubecon 2019 attacking and defending tutorial with Brad Geesaman, Jimmy Mesta, Tabitha Sable and Peter Benjamin.
Local lab
Or if you wish, you can set up a local cluster environment:
Recently Dex/Ellen Korbes discussed the different option for local development which are almost the same if you think about the holistic security coverage from an end-to-end SDLC in Kubernetes.
I am leaning toward two solutions when it comes to local labs, Kind, and K3s.
Q2) if I would like to earn all three certificates, what would be the best order to study and take them, should I start with CKAD?
As in everything in IT, it depends. In my opinion, CKAD is not a bad choice to start with, as it really about using kubernetes and learning about Kubernetes resources/objects. Starting from the pod, deployments, configmaps, secrets; and how to ensure the health and reliability of your deployments via readiness, and liveness probes; among other things that swirl around the reliable application deployment subject.
I would say when you study, have a holistic plan in mind, always study for the three, however one week before any exam practise more for the exam in question with more labs, exercise and manage your time effectively. For example, when studying network policy, know it is a common task between all exams. In CKAD, it could be with the application pods themselves in a single namespace; in CKA it could be between namespaces; however, in CKS it might be one or more in-depth scenarios. same applies to RBAC.
All three exams are 2 hours exams, and time management is essential, CKA exam questions are direct and short and to the point, few 2-3 questions you might feel they are vague, in general, they are very clear, and CKA is needed for CKS. So one possible path is trying the CKA first, CKAD next, and then CKS last. Unless you are not ready yet with the CKA specific operations tasks (e.g. kubeadm upgrade, troubleshooting an installation, or backup/restore etcd), then maybe CKAD is better for you. However, for CKAD, read the question use-cases/scenarios carefully as the questions are not tricky, however, lengthy. Exam anxiety and shortness of time could get to you. A typo or misunderstanding of the problem might make you nervous and not the answer, leave the question if you spend more than 5-7 mins, note its number, and come back to it later; you will have a better fresh look and a better chance in solving it.
Wish you a successful Kubernetes and containers security journey
Top comments (1)
Hey thanks for putting all the resources together. They are really great. I've also found one which is this CKS practice test. It's pretty good. It has more tricky questions than killer.sh and the questioning style is quite similar to the actual exam. Although not free but definitely worth trying.