How to prepare well for official Kubernetes certifications (CKA, CKAD, CKS)
We will teach you how to obtain certified Kubernetes certifications such as Certified Kubernetes Administrator (CKA), Kubernetes Certified Application Developer (CKAD), and Certified Kubernetes Security Specialist (CKS).
[Information] CKS Exam Content Changes (After October 15, 2024)
hello
The CKS exam, which has been gaining popularity recently, has changed.
So...you're saying that the content has already been changed? Unlike CKA...are you talking about this after it's over???
Anyway, I've looked at several links (one of them ) to see what's changed and summarized them as follows :)
First of all, the new additions are as follows:
Cilium : Used for Pod-to-Pod encryption and enhanced network security.
So ftware Bill of Materials (SBOM) : Helps manage and secure the supply chain, providing transparency into the software components.
Kubesec and KubeLinter : Tools for performing static analysis on Kubernetes resources and container images to detect security vulnerabilities.
Audit Logs : Leveraged to monitor access and security-related events in Kubernetes clusters.
But I think Audit was there originally... The other 1-3 are really... refreshing.
The explanation is as follows based on the syllabus.
1. Cluster Setup Domain Updates (Weightage Increased from 10% to 15%)
This is the part where red is excluded on the left and green is added on the right.
Therefore, I think it is safe to assume that ingress with TLS is a must in CKS... TLS settings are important. I think it would be good to look at the certificate issue as well.
2. Cluster Hardening Domain (15% Weightage, No Major Changes)
There is no change in importance here.
3. System Hardening Domain (Weightage Reduced from 15% to 10%)
Since you added privileges excluding IAM (RBAC part or related), I can see that it is for PS or baseline, etc. But I don't think there will be any RBAC issues at all?
Anyway, surprisingly, the importance of this part has decreased.
4. Minimizing Microservice Vulnerabilities (20% Weightage)
The importance is the same, but a lot of the content has changed.
This part seems to have changed very uniquely? Cilium (a specific tool) has been entered as is. It seems that you should know how to use cilium agent implemented with Linux capabilities. In addition, it is written more generally that you should know how to use sandbox containers (gvisor, kata, etc.), and multi-tenancy has been added, but... I think it might be related to Resource Quotas.
5. Supply Chain Security (20% Weightage)
This should be painted green, but it looks like it wasn't. Starting with SBOM, artifact repo management, etc. have been added. It seems like they're asking for more than just checking for vulnerabilities in images.
Also, since you stated that you need to look directly at tools like Kubesec and kubeLinter, it seems like you need to look at something better than the trivy kubebench you were using.
6. Monitoring, Logging, and Runtime Security (20% Weightage)
Um, there's no color here either?
Other than the audit log, it seems to be mainly about troubleshooting. It looks like securityContext-related stuff will be released here too. It seems simpler, but in reality, it seems like it's gotten more difficult.
In summary, it seems like the items that you should pay attention to in Kubernetes Security have been well updated.
There were rumors that it was a bit difficult... I think those rumors will turn out to be true after a while.
I hope this will be helpful to anyone interested in CKS.
Related Links:
1) https://training.linuxfoundation.org/cks-program-changes/
3) https://blog.techiescamp.com/cks-exam-update/
thank you
Cho Hoon Dream.
Free