Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Create a CKS Cluster for studying and check Security Best Practices

This is the first…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Create a default deny NetworkPolicy and then allowlist more traffic

Test every of your…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Harden a given Docker Container

FROM ubuntu RUN apt-get…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC

  1. User…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: RBAC


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Control ServiceAccount Token Mounting in Pods


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

A bit of context before the task

CA = Certificate Authority…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Create an ImagePolicyWebhook (without the external service)

The idea is to…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Crash the Apiserver and check logs

You should be very…


Kubernetes CKS Example Exam Question Series

CKS Exam Series | CKA Exam Series | CKAD Exam Series

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

→ Check out the FULL CKS COURSE on Udemy ←

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Content

  1. Pods, Secrets and ServiceAccounts
  2. Immutable Pods
  3. Crash that Apiserver & check logs
  4. ImagePolicyWebhook / AdmissionController
  5. Users and CertificateSigningRequests
  6. ServiceAccount Token Mounting
  7. Role Based Access Control (RBAC)
  8. Role Based Access Control (RBAC) v2
  9. Container Hardening
  10. NetworkPolicies (Default Deny + Allowlist)
  11. (coming soon)

Rules!

  1. Use only kubernetes.io/docs for help.
  2. Check our solution after you did yours. You probably have a better one!

Todays Task: Make Pods immutable

Kim Wuestkamp

wuestkamp.com | killer.sh (CKS CKA CKAD Simulator) | Software Engineer, Infrastructure Architect, Certified Kubernetes, Certified Symfony

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store