Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Create a CKS Cluster for studying and check Security Best Practices


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Create a default deny NetworkPolicy and then allowlist more traffic


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Harden a given Docker Container

FROM ubuntu
RUN apt-get update
RUN…


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC

  1. Create Namespace applications
  2. User…


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC

  1. Create two Namespaces ns1


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Control ServiceAccount Token Mounting in Pods

  1. Create a new ServiceAccount


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

A bit of context before the task

CA  = Certificate…


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Create an ImagePolicyWebhook (without the external service)


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Crash the Apiserver and check logs


Kubernetes CKS Example Exam Question Series

Content

  1. Create Cluster & Security Best Practices
  2. Pods, Secrets and ServiceAccounts
  3. Immutable Pods
  4. Crash that Apiserver & check logs
  5. ImagePolicyWebhook / AdmissionController
  6. Users and CertificateSigningRequests
  7. ServiceAccount Token Mounting
  8. Role Based Access Control (RBAC)
  9. Role Based Access Control (RBAC) v2
  10. Container Hardening
  11. NetworkPolicies (Default Deny + Allowlist)
  12. (coming soon)

Rules!

  1. Be fast, avoid creating yaml manually from scratch
  2. Use only kubernetes.io/docs for help.
  3. Check our solution after you did yours. You probably have a better one!

Todays Task: Make Pods immutable

  1. Create Pod holiday with…

Kim Wuestkamp

wuestkamp.com | killer.sh (CKS CKA CKAD Simulator) | Software Engineer, Infrastructure Architect, Certified Kubernetes, Certified Symfony

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store