Certified Kubernetes Security Specialist (CKS) Preparation Part 1 — Getting Started
Instead of writing how I prepare for CKS certificate exam “after” I really pass the exam, I am just going to write down everything while I am still learning. An important thing to mention is that CKS certification exam is meant for people that already passed Certified Kubernetes Administrator (CKA) certification exam, meaning having the general knowledge and hands-on skills in this container orchestration service.
I guess the biggest trait of all Cloud Native Computing Foundation (CNCF) hosted Kubernetes exams is that they allow people to visit websites in certain domains and its subdomains during exams. If you have no idea what that means, it just means you could visit either https://kubernetes.io or https://<anything>.kubernetes.io. The <anything> could be literally anything. CNCF has published the information clearly on their website.
The reason why knowing about what websites people could visit during exams is important, because we would get some ideas what topics are considered important, which leads to the directions on how to prepare.
After knowing what websites people could access, knowing what are being tested in the exam is also crucial. This information could be easily found here. Finally, we would get into the actual preparation.
For me, I would start with searching comprehensive online courses. Of course, another way is to search everything and put them together yourself but it could take some time as everything is fairly new to the people that are learning. I picked this course created by Kim Wüstkamp and Killer Shell. The course itself already outlines all the important topics in each exam domains. Our only job is to fully understand everything in it.
As I have some general knowledge on how Kubernetes works, I quickly go through all the topics in each domain and see whether there is anything that would really require time on the side to have a thorough understanding. For CKS exam, surprisingly, there are a lot of components that are associated deeply with Linux administration. So, here are some I noted down from a quick glimpse,
- CIS Benchmark
- kube-bench
- strace and /proc
- AppArmor
- Seccomp
…
My way of learning is to go through each unfamiliar topic in the beginning and try my best to understand how they work in the high level. So, when I really go through the course or do hands-on lab, I could get what I am doing quicker and this applies to whatever material you are using.
I think this short article gives a good explaining how I “begin” preparing for the CKS exam. Later on, I would break down my learning in each exam domain into multiple short articles. In all these articles, I would provide my understanding on each topic and demonstrate a simple hands-on. On one side, I could double verify whether I really know what I am learning; on the other side, I could share how I pick up some complex concepts to the people that are on same learning route as I am. Enjoy!