Code Monkey home page Code Monkey logo

certified-kubernetes-security-specialist-cks-course's Introduction

Certified Kubernetes Security Specialist (CKS) Course

These are notes from the Certified Kubernetes Security Specialist (CKS) hosted on KodeKloud.

Please note that the CKS is an advanced level course. There are concepts within this course where some knowledge is assumed you know, and is not taught in bite-sized pieces. This includes:

  • You hold a valid (not expired) CKA certificate. You cannot take the exam without it.
  • Any concepts that were taught in the CKA will not necessarily be repeated here, including things like knowing when to edit or replace a running pod. In some lectures and lab solutions, it is assumed that you know these concepts already.
    On this basis and the fact that you should be reasonably confident with Kubernetes by now, we don't provide lab/mock exam solution walkthrough videos. All lab solutions may be found as text documents in this repo. These solutions also don't always provide detailed explanations as you should be able to see from what is given why it is the correct solution.
  • Reasonable proficiency with Linux, and the standard tools it provides such as find, grep, sed, cut, tr and the like. If you're not comfortable with these concepts, you should first take our Linux Basics course.
  • Proficiency with JSON, YAML, jsonpath and tools like jq. If you need a refresher on this, check our JSONPath course.

Sections

certified-kubernetes-security-specialist-cks-course's People

Contributors

akshayithape-devops avatar fireflycons avatar lacoski avatar m-ayman avatar mmumshad avatar nsvijay04b1 avatar pingtotgp avatar rivlinp avatar tej-singh-rana avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

m-ayman kalidask pacificdynamics purushothamkdr453 sanusatyadarshi chichiagha dara11691 biswarjena prajwalkabbinale pro-gramming vipulvv svmt ozbillwang srreddy2020 ogetysaisandeep injeti-manohar rameshmishra777 nishanthkumarpathi ibrahim00017 poladinesh msantoshnetha lerndevops crk-2020 guptamanoj61 rd1981 saurabhtandon13 trongtan124 pravatbhusan jguipi shkpk mehakgrg3 tgnco1218 sasi0606 raj13aug sasfar rbalusup vikas-anand-vst-au4 niharikagupta476 vamshi621 mahendra-js hammy00612 naren4b shanabdu mansong1 mbulkeley naveenkkoniki mandeepsharma007 kharbanda369 malayamanas suqcnn sinhatarak hinodeya69 chetanraga12 kriplanilakhan ahsokm07 srinivaskakarapalli gonzaloacosta kumardineshwar riz4ume splash7447 graywen24 jackc8 prakasha4devops tej-singh-rana consultnilay log1cb0mb ffoysal kharalk survivant moabukar git19112019 anantshri-clones knighthunter09 meetkushal blsrm barry-ar arun9theja raysaini19 azkaoru innonet17 shafisullya venkat8887 vish6760 prm239 artisticman leeadh imcuteani jagdishkumar14 ekozhin ducna96 jesusroval rafikhan29 florinen srsingh888 pgmodusbox jerryyang201616 sumeshkoppantakath romharutyunyan1986 ramanagali gongbangjia

certified-kubernetes-security-specialist-cks-course's Issues

Mock exam 1 : wrong Instructions

The instructions for Question 8 is unclear

Create the below admission-configuration inside /root/CKS/ImagePolicy directory in the controlplane

use this YAML file:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:

  • name: ImagePolicyWebhook
    configuration:
    imagePolicy:
    kubeConfigFile: /etc/admission-controllers/admission-kubeconfig.yaml. ## Does not exist
    allowTTL: 50
    denyTTL: 50
    retryBackoff: 500
    defaultAllow: false

#The /root/CKS/ImagePolicy is mounted at the path /etc/admission-controllers directory in the kube-apiserver. So, you can directly place the files under /root/CKS/ImagePolicy.
#---snippet of the volume and volumeMounts (already added to apiserver config)
containers:
.
.
.
volumeMounts:

  • mountPath: /etc/admission-controllers
    name: admission-controllers
    readOnly: true
    volumes:
  • hostPath:
    path: /root/CKS/ImagePolicy/
    type: DirectoryOrCreate
    name: admission-controllers

update the kube-apiserver command flags and add ImagePolicyWebhook to the enable-admission-plugins flag

  • --admission-control-config-file=/etc/admission-controllers/admission-configuration.yaml
  • --enable-admission-plugins=NodeRestriction,ImagePolicyWebhook

Seccomp in Kubernetes section refers to unavailable amicontained image

The Seccomp in Kubernetes section mentions to use the below amicontained image to check the status of Seccomp and syscalls.

References:
https://github.com/kodekloudhub/certified-kubernetes-security-specialist-cks-course/blob/main/docs/04-System-Hardening/20-Implement-Seccomp-in-Kubernetes.md
https://kodekloud.com/topic/implement-seccomp-in-kubernetes/

The image r.j3ss.co/amicontained is no longer available in the dockerhub.
docker run r.j3ss.co/amicontained amicontained

Unable to find image 'r.j3ss.co/amicontained:latest' locally
docker: Error response from daemon: Get "https://r.j3ss.co/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.

Instead the below image can be used:
jess/amicontained
https://hub.docker.com/r/jess/amicontained

You may consider updating the session documentation / video for this.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.