Last Friday, I successfully passed the CKS exam.
It was a challenging and enjoyable experience from taking practice tests to dealing with forensic-like scenarios during the actual exam. Even though I’m not a security expert, I enjoyed being a tech detective for a brief period.
It’s crucial to understand container security, especially for those using microservice architectures. For instance, Tesla’s Kubernetes cluster was hacked through open Kubernetes resources (source: Wired).
As someone who self-hosts services, it’s important to know how to protect them.
Compared to the CKA exam, the CKS exam is considered more challenging. This exam tests various Kubernetes concepts that you should have understood from taking the CKA exam, but now you’ll need to focus on how to secure the Kubernetes objects.
The exam consists of 15-20 dense questions that you need to complete in 2 hours. You’re required to perform these tasks via the CLI in a remote environment. In my exam, there were 16 questions, and I only had around 10 minutes left when I finished.
Credit is given based on the steps completed in a question. It’s best to attempt every question. As some concepts may not be covered by prep resources, you can still get credit for completing what you do know.
During the CKS exam, time management is crucial. To be efficient, make sure you are comfortable using kubectl
and have set up command line aliases for commonly used commands.
Being familiar with the Kubernetes official documentation, as well as documentation for Falco, etcd configuration, and static pod manifest manipulation, can also be helpful.
During the exam, it’s important to carefully read the questions and understand what is being asked. Focus on completing each question to the best of your ability, as partial credit is given based on the steps completed.
If you encounter a question on a topic you are not familiar with, don’t panic. Try to use the available documentation and resources to solve the problem. Remember to keep track of time and attempt every question, even if you are not sure of the answer.
Here’s how I prepped for the CKS exam:
- KodeKloud’s CKS course: This course was okay, but not as effective as the CKA course. Nonetheless, it’s a great starting point to understand CKS concepts. (affliate link)
- KodeKloud CKS challenges: These were fun CKS challenges. You’ll be acting as a security engineer tasked with fixing various Kubernetes security vulnerabilities.
- Killercoda CKS scenarios: This is a must-do and free interactive lab that walks through CKS concepts. For example, Admission controllers, image scanning, Auditing, etc.
- Deploy a Kubeadm Kubernetes cluster: It’s a good idea to deploy a fresh cluster to practice these concepts on.
- Reddit and Google: Reading other people’s experiences with the exam is a great way to prepare, and I found this FreeCodeCamp article helpful.
Overall, preparing for the CKS exam was a rewarding experience, and passing it was a great accomplishment. I would highly recommend it to anyone interested in Kubernetes security.