Certified Kubernetes Security Specialist Study Guide

• Certified Kubernetes Security Specialist Study Guide
  • CKS Overview
    • Repository Structure
    • Outline
    • Exam News and Overview
    • KubeCon Announcement and Preparation Tips
  • Curriculum
    • Cluster Setup - 10%
    • Cluster Hardening - 15%
    • System Hardening - 15%
    • Minimize Microservice Vulnerabilities - 20%
    • Supply Chain Security - 20%
    • Monitoring, Logging and Runtime Security - 20%
  • Extra Resources

CKS Overview

The CKS is the third Kubernetes based certification backed by the Cloud Native Computing Foundation (CNCF). CKS will join the existing Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) programs. All three certifications are online, proctored, performance-based exams that will require solving multiple Kubernetes security tasks from the command line. With the massive investment into Kubernetes over the last five years, these certifications continue to be highly sought after by many seeking out technical knowledge about Kubernetes.

This repository contains resources to build a Kubernetes cluster, and example questions and answers based on the Certified Kubernetes Security Specialist (CKS) exam curriculum.

Repository Structure

study_guide/
└ cluster_setup/
  └ Makefile
  └ gcp   -> Create a 1.19 cluster in GCP with RKE.
  └ aws   (coming soon)
  └ azure (coming soon)
└ img/
  └ all_images_used
└ walkthrough/
  └ p0_intro/
  └ p1_cluster_setup /
  └ p2_cluster_hardening/
  └ p3_system_hardening/
  └ p4_minimizing_vulnerabilities/
  └ p5_supply_chain_security/
  └ p6_monitoring_logging_runtime_security/
└ LICENSE
└ README.md

Outline

The CKS test will be online, proctored and performance-based, and candidates have 2 hours to complete the exam tasks. This information is currently based on the Linux Foundations release of the CKS outline.

From the CKS Exam Curriculum repository, The exam will test domains and competencies including:

• Cluster Setup (10%): Best practice configuration to control the environment's access, rights and platform conformity.
• Cluster Hardening (15%): Protecting K8s API and utilize RBAC.
• System Hardening (15%): Improve the security of OS & Network; restrict access through IAM.
• Minimize Microservice Vulnerabilities (20%): Utilizing on K8s various mechanisms to isolate, protect and control workload.
• Supply Chain Security (20%): Container oriented security, trusted resources, optimized container images, CVE scanning.
• Monitoring, Logging, and Runtime Security (20%): Analyse and detect threads.

Exam News and Overview

-> CNCF CKS Overview

KubeCon Announcement and Preparation Tips

-> KubeCon Announcement and Linux Foundation Update

Curriculum

Below is the CKS curriculum broken down by its six sections. Each section has its own folder in the repository, where you can walk through individual questions relating to their respective topic. Each section in the curriculum overview also contains external resources that you may find useful in your studying journey,

Cluster Setup - 10%

Cluster Hardening - 15%

System Hardening - 15%

Minimize Microservice Vulnerabilities - 20%

Supply Chain Security - 20%

Monitoring, Logging and Runtime Security - 20%

Extra Resources

• Linux Academy: CKA Training
• A Cloud Guru: CKAD Training
• A Cloud Guru: Kubernetes Security
• GitHub: walidshaari - CKSS
• GitHub: Madhu Akula's Kubernetes Goat
• GitHub: Abdennour