Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Create a CKS Cluster for studying and check Security Best Practices

This is the first task of this series, hence it’ll…


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC

  1. User smoke should be allowed to create


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC

  1. Create ServiceAccount (SA) pipeline


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Control ServiceAccount Token Mounting in Pods

  1. Create a Pod pod1 image…


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

A bit of context before the task

CA = Certificate Authority CRT = Certificate CSR = Certificate…


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Create an ImagePolicyWebhook (without the external service)

The idea is to create an ImagePolicyWebhook Admission-Controller-Plugin which prevents…


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Crash the Apiserver and check logs

You should be very comfortable changing the Apiserver config. You…


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Make Pods immutable


Kubernetes CKS Example Exam Question Series

Image for post
Image for post

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. (coming next week)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Pod with ServiceAccount uses Secrets


Certified Kubernetes Security Specialist Exam Preparation

Image for post
Image for post

Hello fellow Kubernetes enthusiasts!

This is just an announcement that we released our CKS Full Course in combination with the CKS Simulator on Killer Shell.

The CKS (Certified Kubernetes Security Specialist) extends the CKA and combines various areas of Kubernetes security. Read more here about what it contains.

Course Structure

Kim Wuestkamp

wuestkamp.com | killer.sh (CKS CKA CKAD Simulator) | Software Engineer, Infrastructure Architect, Certified Kubernetes, Certified Symfony

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store