Vulnerabilities in software and IT infrastructure pose a major threat to organizations. In response, the Cloud Native Computing Foundation (CNCF) developed the Certified Kubernetes Security Specialist (CKS) certification to verify an administrator's proficiency to protect Kubernetes clusters and the cloud native software they contain. This practical book helps you fully prepare for the certification exam by walking you through all of the topics covered.

Different from typical multiple-choice formats used by other certifications, this performance-based exam requires deep knowledge of the tasks it covers under intense time pressure. If you want to pass the CKS exam on the first go, author Benjamin Muschko shares his personal experience to help you learn the objectives, abilities, and tips and tricks you need to pass on the first attempt.

• Identify, mitigate, and/or minimize threats to cloud native applications and Kubernetes clusters
• Learn the ins and outs of Kubernetes's security features, and external tools for security detection and mitigation purposes
• Demonstrate competency to perform the responsibilities of a Kubernetes administrator or application developer with a security viewpoint
• Solve real-world Kubernetes problems in a hands-on, command-line environment
• Effectively navigate and solve questions during the CKS exam

Table of Contents

Chapter 1. Exam Details and Resources

Chapter 2. Cluster Setup

Chapter 3. Cluster Hardening

Chapter 4. System Hardening

Chapter 5. Minimizing Microservice Vulnerabilities

Chapter 6. Supply Chain Security

Chapter 7. Monitoring, Logging, and Runtime Security

The Kubernetes certification program has been around since 2018, or five years as of this writing. During this time, security has become more and more important everywhere, including the Kubernetes world. Recently, the role of Certified Kubernetes Security Specialist (CKS) has been added to the certification track to address the need. Security can have different facets, and the way you address those concerns can be very diverse. That’s where the Kubernetes ecosystem comes into play. Apart from Kubernetes built-in security features, many tools have evolved that help with identifying and fixing security risks. As a Kubernetes administrator, you need to be familiar with the wide range of concepts and tools to harden your clusters and applications.

The CKS certification program was created to verify competence on security-based topics, and it requires a successful pass of the Certified Kubernetes Administrator (CKA) exam before you can register. If you are completely new to the Kubernetes certification program, then I would recommend exploring the CKA or Certified Kubernetes Application Developer (CKAD) program first.

In this study guide, I will explore the topics covered in the CKS exam to fully prepare you to pass the certification exam. We’ll look at determining when and how you should apply the core concepts of Kubernetes and external tooling to secure cluster components, cluster configuration, and applications running in a Pod. I will also offer tips to help you better prepare for the exam and share my personal experience with getting ready for all aspects of it.

The CKS is different from the typical multiple-choice format of other certifications. It’s completely performance based and requires you to demonstrate deep knowledge of the tasks at hand under immense time pressure. Are you ready to pass the test on the first go?

Who This Book Is For

This book is for anyone who already passed the CKA exam and wants to broaden their knowledge in the realm of security. Given that you need to pass the CKA exam before signing up for the CKS, you should already be familiar with the format of the exam questions and environment. Chapter 1 only briefly recaps the general aspects of the exam curriculum, but it highlights the information specific to the CKS exam. If you have not taken the CKA exam yet, I recommend taking a step by reading the Certified Kubernetes Administrator (CKA) Study Guide (O’Reilly). The book will provide you with the foundation you need to get started with the CKS.

What You Will Learn

The content of the book condenses the most important aspects relevant to the CKS exam. Cloud-provider-specific Kubernetes implementations like AKS or GKE do not need to be considered. Given the plethora of configuration options available in Kubernetes, it’s almost impossible to cover all use cases and scenarios without duplicating the official documentation. Test takers are encouraged to reference the Kubernetes documentation as the go-to compendium for broader exposure. External tools relevant to the CKS exam, such as Trivy or Falco, are only covered on a high level. Refer to their documentation to explore more features, functionality, and configuration options.

Review

"Benjamin did a stellar job. This is a perfect CKS study guide - it's full of scenarios, examples, and exercises. I strongly recommend the study guide when preparing for the CKS certification exam."

-- Robin Smorenburg

Tech lead, architect, and engineer

"This is a great guide containing clear explanations and examples that will prepare you well for the CKS exam."

-- Michael Kehoe

Sr. Staff Engineer, Confluent, Coauthor of Cloud Native Infrastructure with Azure

About the Author

Benjamin Muschko is a software engineer, consultant, and trainer with more than 20 years of experience in the industry. He's passionate about project automation, testing, and continuous delivery. Ben is an author, a frequent speaker at conferences, and an avid open source advocate. He holds the CKAD, CKA, and CKS certifications and is a CNCF Ambassador Spring 2023

Software projects sometimes feel like climbing a mountain. In his free time, Ben loves hiking Colorado's 14ers and enjoys conquering long-distance trails.