In late 2020, The Linux Foundation released a new security-focused Kubernetes certification, the Certified Kubernetes Security Specialist (CKS). In this post, we’ll talk about this new certification and provide you with some information that could help you decide whether this certification is for you.
How do I prepare for the Kubernetes Security Specialist Certification (CKS)?
The CKS certification, as the name suggests, is focused on security. It deals with nearly all aspects of security within the context of a Kubernetes environment. That means securing not only the Kubernetes cluster itself but also the applications running within the cluster.
CKS covers everything from secure cluster configuration to vulnerability scanning to runtime monitoring. This certification takes a layered approach to security, so you’ll need to learn how to secure many different components of Kubernetes applications and environments.
Watch: Kubernetes + Azure, the HashiCorp way
In this free, on-demand webinar, HashiCorp Developer Advocate Taylor Dolezal shows the potential of using Terraform, Vault, and Waypoint to supercharge your Kubernetes cluster!
CKS exam preparation
The CKS Curriculum provides a list of domains and topics covered by the CKS exam. These are the topics you will need to be familiar with if you want to earn your CKS certification.
Cluster Setup (10%)
This domain covers topics related to designing a cluster in a secure way. If you’re setting out to build a new cluster, the topics in this domain will help you make that cluster as secure as possible.
Cluster Hardening (15%)
Cluster Hardening refers to techniques you can use to increase security in an existing cluster, or to address bad security practices that may be in use. Things like keeping Kubernetes updated and fixing less-than-ideal RBAC setups are part of this domain.
System Hardening (15%)
This domain focuses on the host systems used to run Kubernetes. It covers a variety of topics and techniques that can help you protect the host and its operating system from attack.
Minimize Microservice Vulnerabilities (20%)
While the previous domains address security at the cluster level, this domain shifts focus to the applications running within Kubernetes. The topics included in this domain deal with securing microservice components and the communication between them, as well as securely running untrusted workloads.
Supply Chain Security (20%)
The data artifacts used to deploy applications and run code in Kubernetes can serve as a vector for vulnerabilities, bad security practices, and even malicious attacks. This domain focuses on tools and techniques which you can use to ensure these artifacts are secure before using them in your cluster.
Monitoring, Logging and Runtime Security (20%)
This domain covers security at runtime and after the fact. Monitoring what is going on your cluster in real-time, as well as keeping logs that can be used to analyze activity after it has occurred, are important parts of the overall security picture in a Kubernetes cluster. This domain deals closely with topics such as active monitoring and audit logging.
Considering Kubernetes certifications? Here’s how to pick which Kubernetes certification path is right for you.
Should I get the CKS?
The short answer is that if you are interested in Kubernetes security, CKS is a great certification!
It is hands-on, so you will be learning real Kubernetes skills as you pursue this certification — not just memorizing concepts and commands.
However, the CKS does have a prerequisite. You’re required to earn your Certified Kubernetes Administrator (CKA) before you can take the CKS exam. So, if you have your CKA and want to dive deeper and learn more about security in Kubernetes, check out the CKS!
The CKS is a great certification if you want to dive more deeply into Kubernetes. If you’re interested in this certification or just in learning more about Kubernetes security, check out ACG’s new Certified Kubernetes Security Specialist (CKS) course on A Cloud Guru! And if you need to get your CKA first, we have a CKA course as well!